www.123greetings.com Open in urlscan Pro
184.72.244.154 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://www.maqors.com/cgi-bin/click.pl?cid=nl010952202102&lid=206852&uid=203601343
Effective URL:
https://www.123greetings.com/events/fall/?utm_source=Email2&utm_medium=Special_NL&utm_campaign=SNL_sep21_events
Submission: On September 04 via api (September 4th 2021, 4:42:29 am UTC) from US

Summary HTTP 510 Redirects Links 12 Behaviour Indicators

Summary

This website contacted 60 IPs in 12 countries across 63 domains to perform 510 HTTP transactions. The main IP is 184.72.244.154, located in Ashburn, United States and belongs to AMAZON-AES, US. The main domain is www.123greetings.com.
TLS certificate: Issued by Go Daddy Secure Certificate Authority... on April 29th 2020. Valid for: 2 years.

This is the only time www.123greetings.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	54.235.95.241 54.235.95.241	14618 (AMAZON-AES) (AMAZON-AES)
1	184.72.244.154 184.72.244.154	14618 (AMAZON-AES) (AMAZON-AES)
67	8.248.149.252 8.248.149.252	3356 (LEVEL3) (LEVEL3)
3	2a00:1450:400... 2a00:1450:4001:82a::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:829::2008	15169 (GOOGLE) (GOOGLE)
1 3	184.72.254.163 184.72.254.163	14618 (AMAZON-AES) (AMAZON-AES)
19 64	142.250.186.130 142.250.186.130	15169 (GOOGLE) (GOOGLE)
62	2a00:1450:400... 2a00:1450:4001:80f::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:810::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:829::200e	15169 (GOOGLE) (GOOGLE)
16	142.250.185.194 142.250.185.194	15169 (GOOGLE) (GOOGLE)
1	216.58.212.130 216.58.212.130	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82b::2002	15169 (GOOGLE) (GOOGLE)
10	2a00:1450:400... 2a00:1450:4001:800::2002	15169 (GOOGLE) (GOOGLE)
13	2a00:1450:400... 2a00:1450:4001:811::2002	15169 (GOOGLE) (GOOGLE)
9	2a00:1450:400... 2a00:1450:4001:812::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80e::200e	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400c:c08::9d	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400d:803::2002	15169 (GOOGLE) (GOOGLE)
41	2a00:1450:400... 2a00:1450:4001:82f::2001	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:827::2001	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:80f::2004	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:810::2001	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82f::200a	15169 (GOOGLE) (GOOGLE)
8	2600:9000:224... 2600:9000:2240:8a00:1c:38a0:8a40:93a1	16509 (AMAZON-02) (AMAZON-02)
2	2a00:1450:400... 2a00:1450:4001:82f::2003	15169 (GOOGLE) (GOOGLE)
4	2600:9000:223... 2600:9000:223f:cc00:8:9ed9:9c40:93a1	16509 (AMAZON-02) (AMAZON-02)
71	2a00:1450:400... 2a00:1450:4001:80f::2006	15169 (GOOGLE) (GOOGLE)
7 23	2.18.234.21 2.18.234.21	16625 (AKAMAI-AS) (AKAMAI-AS)
7 12	185.33.221.15 185.33.221.15	29990 (ASN-APPNEX) (ASN-APPNEX)
2 3	34.98.64.218 34.98.64.218	15169 (GOOGLE) (GOOGLE)
1 2	104.111.242.245 104.111.242.245	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2600:1f18:612... 2600:1f18:612b:4200:3aa:8894:1069:c551	14618 (AMAZON-AES) (AMAZON-AES)
4 6	185.94.180.126 185.94.180.126	35220 (SPOTX-AMS) (SPOTX-AMS)
2	2a00:1288:80:... 2a00:1288:80:800::7001	203220 (YAHOO-DEB) (YAHOO-DEB)
5 8	3.126.56.137 3.126.56.137	16509 (AMAZON-02) (AMAZON-02)
5 6	2.21.142.210 2.21.142.210	16625 (AKAMAI-AS) (AKAMAI-AS)
1 1	18.134.84.26 18.134.84.26	16509 (AMAZON-02) (AMAZON-02)
4 7	13.248.242.197 13.248.242.197	16509 (AMAZON-02) (AMAZON-02)
2 3	2a00:1288:110... 2a00:1288:110:c305::8000	34010 (YAHOO-IRD) (YAHOO-IRD)
12	142.250.186.34 142.250.186.34	15169 (GOOGLE) (GOOGLE)
8	2600:9000:223... 2600:9000:223c:7800:3:748e:7940:93a1	16509 (AMAZON-02) (AMAZON-02)
4 7	2001:678:cb4:... 2001:678:cb4:bbbb::11	56396 (TURN) (TURN)
3 3	169.50.137.190 169.50.137.190	36351 (SOFTLAYER) (SOFTLAYER)
4 4	72.251.244.142 72.251.244.142	29791 (VOXEL-DOT...) (VOXEL-DOT-NET)
2 2	193.232.148.146 193.232.148.146	48061 (UMA-TECH-AS) (UMA-TECH-AS)
4 4	217.66.147.162 217.66.147.162	29209 (SPBMTS-AS...) (SPBMTS-AS Malaya Monetnaya Street 2-A)
2 2	213.87.44.187 213.87.44.187	13174 (MTSNET Mo...) (MTSNET Moscow)
4 5	18.185.140.232 18.185.140.232	16509 (AMAZON-02) (AMAZON-02)
2 2	54.170.158.38 54.170.158.38	16509 (AMAZON-02) (AMAZON-02)
2 2	69.173.144.139 69.173.144.139	26667 (RUBICONPR...) (RUBICONPROJECT)
2 2	213.19.147.44 213.19.147.44	26120 (RHYTHMONE) (RHYTHMONE)
1 1	193.0.160.128 193.0.160.128	54312 (ROCKETFUEL) (ROCKETFUEL)
1	2a02:fa8:8806... 2a02:fa8:8806:12::1370	41041 (VCLK-EU-SE) (VCLK-EU-SE)
2 2	3.127.92.82 3.127.92.82	16509 (AMAZON-02) (AMAZON-02)
1 1	52.208.100.147 52.208.100.147	16509 (AMAZON-02) (AMAZON-02)
4 4	18.156.99.44 18.156.99.44	16509 (AMAZON-02) (AMAZON-02)
2 2	13.248.245.213 13.248.245.213	16509 (AMAZON-02) (AMAZON-02)
2 2	213.155.156.168 213.155.156.168	1299 (TELIANET ...) (TELIANET Telia Carrier)
4 4	37.157.3.29 37.157.3.29	198622 (ADFORM) (ADFORM)
1 1	35.227.252.103 35.227.252.103	15169 (GOOGLE) (GOOGLE)
1 1	18.184.122.71 18.184.122.71	16509 (AMAZON-02) (AMAZON-02)
1 1	172.105.221.29 172.105.221.29	63949 (LINODE-AP...) (LINODE-AP Linode)
1	2620:116:800d... 2620:116:800d:21:f916:5049:f87f:108e	16509 (AMAZON-02) (AMAZON-02)
1 1	99.80.199.35 99.80.199.35	16509 (AMAZON-02) (AMAZON-02)
1 1	35.157.140.213 35.157.140.213	16509 (AMAZON-02) (AMAZON-02)
2 2	35.244.174.68 35.244.174.68	15169 (GOOGLE) (GOOGLE)
1 1	40.124.130.12 40.124.130.12	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2 2	185.64.189.115 185.64.189.115	62713 (AS-PUBMATIC) (AS-PUBMATIC)
7	35.82.37.37 35.82.37.37	16509 (AMAZON-02) (AMAZON-02)
6	2a02:26f0:6c0... 2a02:26f0:6c00:2ab::2c79	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
12	34.239.92.103 34.239.92.103	14618 (AMAZON-AES) (AMAZON-AES)
2	52.1.46.74 52.1.46.74	14618 (AMAZON-AES) (AMAZON-AES)
2	34.196.245.189 34.196.245.189	14618 (AMAZON-AES) (AMAZON-AES)
4	52.203.102.176 52.203.102.176	14618 (AMAZON-AES) (AMAZON-AES)
4	185.94.180.124 185.94.180.124	35220 (SPOTX-AMS) (SPOTX-AMS)
4	23.37.38.181 23.37.38.181	16625 (AKAMAI-AS) (AKAMAI-AS)
4	18.195.69.184 18.195.69.184	16509 (AMAZON-02) (AMAZON-02)
16	2a00:1450:400... 2a00:1450:4001:82a::200a	15169 (GOOGLE) (GOOGLE)
4 4	35.157.177.200 35.157.177.200	16509 (AMAZON-02) (AMAZON-02)
2 2	151.101.14.49 151.101.14.49	54113 (FASTLY) (FASTLY)
2 4	209.54.177.54 209.54.177.54	16509 (AMAZON-02) (AMAZON-02)
2 4	52.17.54.18 52.17.54.18	16509 (AMAZON-02) (AMAZON-02)
1	192.132.33.46 192.132.33.46	18568 (BIDTELLECT) (BIDTELLECT)
1 1	34.224.231.148 34.224.231.148	14618 (AMAZON-AES) (AMAZON-AES)
2 2	135.125.160.77 135.125.160.77	16276 (OVH) (OVH)
1 2	52.70.17.21 52.70.17.21	14618 (AMAZON-AES) (AMAZON-AES)
6	142.250.185.162 142.250.185.162	15169 (GOOGLE) (GOOGLE)
510	60

1 54.235.95.241 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-235-95-241.compute-1.amazonaws.com

www.maqors.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 184.72.244.154 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: www.123greetings.com

www.123greetings.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

67 8.248.149.252 (United States)

ASN3356 (LEVEL3, US)

c.123g.us	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
i.123g.us	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
x.123g.us	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:82a::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:829::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 184.72.254.163 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-184-72-254-163.compute-1.amazonaws.com

trkn.us	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

64 142.250.186.130 (United States) 19 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s07-in-f2.1e100.net

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

62 2a00:1450:4001:80f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:810::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:829::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 142.250.185.194 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s52-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 216.58.212.130 (Mountain View, United States)

ASN15169 (GOOGLE, US)
PTR: fra16s46-in-f2.1e100.net

partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a00:1450:4001:800::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 2a00:1450:4001:811::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a00:1450:4001:812::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80e::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c08::9d (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400d:803::2002 (Ireland)

ASN15169 (GOOGLE, US)

adservice.google.ch	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

41 2a00:1450:4001:82f::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:827::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:80f::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:810::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

cdn.ampproject.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82f::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2600:9000:2240:8a00:1c:38a0:8a40:93a1 (United States)

ASN16509 (AMAZON-02, US)

cdn.avantisvideo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdn1.avantisvideo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82f::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2600:9000:223f:cc00:8:9ed9:9c40:93a1 (United States)

ASN16509 (AMAZON-02, US)

static.avantisvideo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

71 2a00:1450:4001:80f::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

23 2.18.234.21 (Frankfurt am Main, Germany) 7 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-234-21.deploy.static.akamaitechnologies.com

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
js-sec.indexww.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ssum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 185.33.221.15 (Amsterdam, Netherlands) 7 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 720.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 34.98.64.218 (Kansas City, United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: 218.64.98.34.bc.googleusercontent.com

us-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.111.242.245 (Frankfurt am Main, Germany) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-242-245.deploy.static.akamaitechnologies.com

sync.teads.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:1f18:612b:4200:3aa:8894:1069:c551 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

partners.tremorhub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 185.94.180.126 (Amsterdam, Netherlands) 4 redirects

ASN35220 (SPOTX-AMS, US)

sync.search.spotxchange.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1288:80:800::7001 (Frankfurt am Main, Germany)

ASN203220 (YAHOO-DEB, GB)

ads.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 3.126.56.137 (Frankfurt am Main, Germany) 5 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-126-56-137.eu-central-1.compute.amazonaws.com

ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2.21.142.210 (Frankfurt am Main, Germany) 5 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a2-21-142-210.deploy.static.akamaitechnologies.com

ads.stickyadstv.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.134.84.26 (London, United Kingdom) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-134-84-26.eu-west-2.compute.amazonaws.com

1f2e7.v.fwmrm.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 13.248.242.197 (United States) 4 redirects

ASN16509 (AMAZON-02, US)
PTR: a97adde81b00f2ca4.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1288:110:c305::8000 (Dublin, Ireland) 2 redirects

ASN34010 (YAHOO-IRD, GB)

pr-bh.ybp.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 142.250.186.34 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s04-in-f2.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2600:9000:223c:7800:3:748e:7940:93a1 (United States)

ASN16509 (AMAZON-02, US)

avm.avantisvideo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2001:678:cb4:bbbb::11 (United Kingdom) 4 redirects

ASN56396 (TURN, GB)

ad.turn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
r.turn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 169.50.137.190 (United States) 3 redirects

ASN36351 (SOFTLAYER, US)
PTR: be.89.32a9.ip4.static.sl-reverse.com

um.simpli.fi	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 72.251.244.142 (Amsterdam, Netherlands) 4 redirects

ASN29791 (VOXEL-DOT-NET, US)
PTR: tracking-failover-03.ams2.m6r.eu

tracking.m6r.eu	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 193.232.148.146 (Russian Federation) 2 redirects

ASN48061 (UMA-TECH-AS, RU)
PTR: smtp7.sender.ltmse.com

px.adhigh.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 217.66.147.162 (St Petersburg, Russian Federation) 4 redirects

ASN29209 (SPBMTS-AS Malaya Monetnaya Street 2-A, RU)
PTR: host-162-147-66-217.spbmts.ru

sm.rtb.mts.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 213.87.44.187 (Moscow, Russian Federation) 2 redirects

ASN13174 (MTSNET Moscow, Russia, RU)
PTR: infrastructure-187-44.mts.ru

tech.rtb.mts.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 18.185.140.232 (Frankfurt am Main, Germany) 4 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-185-140-232.eu-central-1.compute.amazonaws.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.170.158.38 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-54-170-158-38.eu-west-1.compute.amazonaws.com

ads.avct.cloud	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 69.173.144.139 (Frankfurt am Main, Germany) 2 redirects

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 213.19.147.44 (United Kingdom) 2 redirects

ASN26120 (RHYTHMONE, US)

sync.1rx.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
sync.targeting.unrulymedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 193.0.160.128 (United States) 1 redirects

ASN54312 (ROCKETFUEL, US)

a.rfihub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:fa8:8806:12::1370 (Singapore)

ASN41041 (VCLK-EU-SE, US)

dclk-match.dotomi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.127.92.82 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-127-92-82.eu-central-1.compute.amazonaws.com

pm.w55c.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.208.100.147 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-208-100-147.eu-west-1.compute.amazonaws.com

ads.yieldmo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 18.156.99.44 (Frankfurt am Main, Germany) 4 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-156-99-44.eu-central-1.compute.amazonaws.com

match.360yield.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.248.245.213 (United States) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: a0f671730127a0812.awsglobalaccelerator.com

eb2.3lift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 213.155.156.168 (Uppsala, Sweden) 2 redirects

ASN1299 (TELIANET Telia Carrier, SE)
PTR: 213-155-156-168.teliacarrier-cust.com

d5p.de17a.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 37.157.3.29 (Denmark) 4 redirects

ASN198622 (ADFORM, DK)

c1.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.227.252.103 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 103.252.227.35.bc.googleusercontent.com

rtb.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.184.122.71 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-184-122-71.eu-central-1.compute.amazonaws.com

match.sharethrough.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.105.221.29 (Tokyo, Japan) 1 redirects

ASN63949 (LINODE-AP Linode, LLC, US)
PTR: li1875-29.members.linode.com

a.c.appier.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:116:800d:21:f916:5049:f87f:108e (United States)

ASN16509 (AMAZON-02, US)

cms.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 99.80.199.35 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-99-80-199-35.eu-west-1.compute.amazonaws.com

pixel.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.157.140.213 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-35-157-140-213.eu-central-1.compute.amazonaws.com

d.agkn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.244.174.68 (Kansas City, United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: 68.174.244.35.bc.googleusercontent.com

id.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 40.124.130.12 (San Antonio, United States) 1 redirects

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

beacon.walmart.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.64.189.115 (United Kingdom) 2 redirects

ASN62713 (AS-PUBMATIC, US)

image6.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 35.82.37.37 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-35-82-37-37.us-west-2.compute.amazonaws.com

events1.avantisvideo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a02:26f0:6c00:2ab::2c79 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

play.aniview.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
player.aniview.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 34.239.92.103 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-239-92-103.compute-1.amazonaws.com

track1.aniview.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.1.46.74 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-1-46-74.compute-1.amazonaws.com

go1.aniview.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.196.245.189 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-196-245-189.compute-1.amazonaws.com

sync.aniview.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 52.203.102.176 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-203-102-176.compute-1.amazonaws.com

s2s.aniview.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 185.94.180.124 (Amsterdam, Netherlands)

ASN35220 (SPOTX-AMS, US)

search.spotxchange.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 23.37.38.181 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-37-38-181.deploy.static.akamaitechnologies.com

htlb.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 18.195.69.184 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-195-69-184.eu-central-1.compute.amazonaws.com

ads.adaptv.advertising.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 2a00:1450:4001:82a::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

imasdk.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 35.157.177.200 (Frankfurt am Main, Germany) 4 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-35-157-177-200.eu-central-1.compute.amazonaws.com

pixel.advertising.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.14.49 (Frankfurt am Main, Germany) 2 redirects

ASN54113 (FASTLY, US)

sync-tm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 209.54.177.54 (Ashburn, United States) 2 redirects

ASN16509 (AMAZON-02, US)

s.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 52.17.54.18 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-17-54-18.eu-west-1.compute.amazonaws.com

dpm.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.132.33.46 (United States)

ASN18568 (BIDTELLECT, US)
PTR: 46.bidtellect.com

bttrack.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.224.231.148 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-224-231-148.compute-1.amazonaws.com

sync.extend.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 135.125.160.77 (France) 2 redirects

ASN16276 (OVH, FR)
PTR: ns3195934.ip-135-125-160.eu

gu.dyntrk.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.70.17.21 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-70-17-21.compute-1.amazonaws.com

um2.eqads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 142.250.185.162 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s51-in-f2.1e100.net

ade.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
113	googlesyndication.com pagead2.googlesyndication.com 8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com tpc.googlesyndication.com ade.googlesyndication.com	795 KB
106	doubleclick.net 19 redirects googleads.g.doubleclick.net securepubads.g.doubleclick.net stats.g.doubleclick.net cm.g.doubleclick.net googleads4.g.doubleclick.net pubads.g.doubleclick.net	353 KB
71	2mdn.net s0.2mdn.net	13 MB
67	123g.us c.123g.us i.123g.us x.123g.us	972 KB
27	avantisvideo.com cdn.avantisvideo.com static.avantisvideo.com cdn1.avantisvideo.com avm.avantisvideo.com events1.avantisvideo.com	210 KB
26	aniview.com play.aniview.com player.aniview.com track1.aniview.com go1.aniview.com sync.aniview.com s2s.aniview.com	393 KB
23	casalemedia.com 7 redirects dsum-sec.casalemedia.com htlb.casalemedia.com ssum-sec.casalemedia.com	22 KB
17	googleapis.com fonts.googleapis.com imasdk.googleapis.com	2 MB
14	google.com adservice.google.com www.google.com	2 KB
13	yahoo.com 7 redirects ads.yahoo.com ups.analytics.yahoo.com pr-bh.ybp.yahoo.com	9 KB
12	adnxs.com 7 redirects ib.adnxs.com secure.adnxs.com	11 KB
10	spotxchange.com 4 redirects sync.search.spotxchange.com search.spotxchange.com	8 KB
10	googletagservices.com www.googletagservices.com	347 KB
8	advertising.com 4 redirects ads.adaptv.advertising.com pixel.advertising.com	2 KB
7	turn.com 4 redirects ad.turn.com r.turn.com	3 KB
7	adsrvr.org 4 redirects match.adsrvr.org	3 KB
6	mts.ru 6 redirects sm.rtb.mts.ru tech.rtb.mts.ru	5 KB
6	stickyadstv.com 5 redirects ads.stickyadstv.com	5 KB
5	bidswitch.net 4 redirects x.bidswitch.net	2 KB
5	ampproject.org cdn.ampproject.org	102 KB
4	demdex.net 2 redirects dpm.demdex.net	3 KB
4	amazon-adsystem.com 2 redirects s.amazon-adsystem.com	4 KB
4	indexww.com js-sec.indexww.com	4 KB
4	adform.net 4 redirects c1.adform.net	2 KB
4	360yield.com 4 redirects match.360yield.com	2 KB
4	m6r.eu 4 redirects tracking.m6r.eu	3 KB
4	openx.net 3 redirects us-u.openx.net rtb.openx.net	925 B
3	everesttech.net 3 redirects pixel.everesttech.net sync-tm.everesttech.net	1 KB
3	simpli.fi 3 redirects um.simpli.fi	2 KB
3	trkn.us 1 redirects trkn.us	3 KB
2	eqads.com 1 redirects um2.eqads.com	562 B
2	dyntrk.com 2 redirects gu.dyntrk.com	1 KB
2	pubmatic.com 2 redirects image6.pubmatic.com	976 B
2	rlcdn.com 2 redirects id.rlcdn.com	769 B
2	de17a.com 2 redirects d5p.de17a.com	718 B
2	3lift.com 2 redirects eb2.3lift.com	935 B
2	w55c.net 2 redirects pm.w55c.net	2 KB
2	rubiconproject.com 2 redirects pixel.rubiconproject.com	912 B
2	avct.cloud 2 redirects ads.avct.cloud	890 B
2	adhigh.net 2 redirects px.adhigh.net	962 B
2	teads.tv 1 redirects sync.teads.tv	636 B
2	gstatic.com fonts.gstatic.com	31 KB
2	google-analytics.com www.google-analytics.com	19 KB
1	extend.tv 1 redirects sync.extend.tv	546 B
1	bttrack.com bttrack.com	380 B
1	walmart.com 1 redirects beacon.walmart.com	579 B
1	agkn.com 1 redirects d.agkn.com	760 B
1	quantserve.com cms.quantserve.com	462 B
1	appier.net 1 redirects a.c.appier.net	555 B
1	sharethrough.com 1 redirects match.sharethrough.com	357 B
1	yieldmo.com 1 redirects ads.yieldmo.com	461 B
1	dotomi.com dclk-match.dotomi.com	104 B
1	rfihub.com 1 redirects a.rfihub.com	1 KB
1	unrulymedia.com 1 redirects sync.targeting.unrulymedia.com	581 B
1	1rx.io 1 redirects sync.1rx.io	696 B
1	fwmrm.net 1 redirects 1f2e7.v.fwmrm.net	511 B
1	tremorhub.com partners.tremorhub.com	183 B
1	google.ch adservice.google.ch	853 B
1	google.de adservice.google.de	165 B
1	googleadservices.com partner.googleadservices.com	265 B
1	googletagmanager.com www.googletagmanager.com	40 KB
1	123greetings.com www.123greetings.com	15 KB
1	maqors.com 1 redirects www.maqors.com	304 B
510	63

	Domain	Requested by
71	s0.2mdn.net	www.123greetings.com s0.2mdn.net 8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com imasdk.googleapis.com
65	pagead2.googlesyndication.com	www.123greetings.com pagead2.googlesyndication.com tpc.googlesyndication.com 8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com googleads.g.doubleclick.net s0.2mdn.net www.googletagservices.com srcdoc
63	cm.g.doubleclick.net	19 redirects googleads.g.doubleclick.net 8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com
42	i.123g.us	www.123greetings.com c.123g.us
35	tpc.googlesyndication.com	pagead2.googlesyndication.com tpc.googlesyndication.com www.123greetings.com 8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com s0.2mdn.net
24	c.123g.us	www.123greetings.com c.123g.us
16	imasdk.googleapis.com	player.aniview.com imasdk.googleapis.com
14	googleads.g.doubleclick.net	pagead2.googlesyndication.com 8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com www.123greetings.com
13	dsum-sec.casalemedia.com	5 redirects googleads.g.doubleclick.net ssum-sec.casalemedia.com um2.eqads.com
12	track1.aniview.com	player.aniview.com
12	googleads4.g.doubleclick.net	www.123greetings.com
10	adservice.google.com	pagead2.googlesyndication.com securepubads.g.doubleclick.net imasdk.googleapis.com
10	www.googletagservices.com	c.123g.us pagead2.googlesyndication.com securepubads.g.doubleclick.net 8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com
8	pubads.g.doubleclick.net	imasdk.googleapis.com
8	avm.avantisvideo.com	cdn1.avantisvideo.com cdn.avantisvideo.com
8	ups.analytics.yahoo.com	5 redirects
8	ib.adnxs.com	3 redirects googleads.g.doubleclick.net player.aniview.com
8	securepubads.g.doubleclick.net	www.googletagservices.com securepubads.g.doubleclick.net www.123greetings.com
7	events1.avantisvideo.com	cdn.avantisvideo.com
7	match.adsrvr.org	4 redirects 8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com ssum-sec.casalemedia.com
7	8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
6	ade.googlesyndication.com
6	ssum-sec.casalemedia.com	2 redirects js-sec.indexww.com ssum-sec.casalemedia.com
6	ads.stickyadstv.com	5 redirects googleads.g.doubleclick.net
6	sync.search.spotxchange.com	4 redirects googleads.g.doubleclick.net
5	player.aniview.com	cdn.avantisvideo.com player.aniview.com
5	x.bidswitch.net	4 redirects
5	cdn.avantisvideo.com	securepubads.g.doubleclick.net cdn.avantisvideo.com
5	cdn.ampproject.org	securepubads.g.doubleclick.net
4	dpm.demdex.net	2 redirects ssum-sec.casalemedia.com
4	s.amazon-adsystem.com	2 redirects ssum-sec.casalemedia.com
4	pixel.advertising.com	4 redirects
4	js-sec.indexww.com	player.aniview.com ssum-sec.casalemedia.com
4	ads.adaptv.advertising.com	player.aniview.com
4	htlb.casalemedia.com	player.aniview.com
4	search.spotxchange.com	player.aniview.com
4	s2s.aniview.com	player.aniview.com
4	secure.adnxs.com	4 redirects
4	c1.adform.net	4 redirects
4	match.360yield.com	4 redirects
4	sm.rtb.mts.ru	4 redirects
4	tracking.m6r.eu	4 redirects
4	ad.turn.com	4 redirects
4	static.avantisvideo.com	cdn.avantisvideo.com
4	www.google.com	tpc.googlesyndication.com www.123greetings.com 8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com
3	um.simpli.fi	3 redirects
3	r.turn.com	8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com
3	pr-bh.ybp.yahoo.com	2 redirects ssum-sec.casalemedia.com
3	us-u.openx.net	2 redirects googleads.g.doubleclick.net
3	cdn1.avantisvideo.com	cdn.avantisvideo.com
3	trkn.us	1 redirects www.123greetings.com
2	um2.eqads.com	1 redirects ssum-sec.casalemedia.com
2	gu.dyntrk.com	2 redirects
2	sync-tm.everesttech.net	2 redirects
2	sync.aniview.com	player.aniview.com
2	go1.aniview.com	player.aniview.com
2	image6.pubmatic.com	2 redirects
2	id.rlcdn.com	2 redirects
2	d5p.de17a.com	2 redirects
2	eb2.3lift.com	2 redirects
2	pm.w55c.net	2 redirects
2	pixel.rubiconproject.com	2 redirects
2	ads.avct.cloud	2 redirects
2	tech.rtb.mts.ru	2 redirects
2	px.adhigh.net	2 redirects
2	ads.yahoo.com	googleads.g.doubleclick.net
2	sync.teads.tv	1 redirects googleads.g.doubleclick.net
2	fonts.gstatic.com	fonts.googleapis.com
2	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
1	sync.extend.tv	1 redirects
1	bttrack.com	ssum-sec.casalemedia.com
1	play.aniview.com	cdn.avantisvideo.com
1	beacon.walmart.com	1 redirects
1	d.agkn.com	1 redirects
1	pixel.everesttech.net	1 redirects
1	cms.quantserve.com	8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com
1	a.c.appier.net	1 redirects
1	match.sharethrough.com	1 redirects
1	rtb.openx.net	1 redirects
1	ads.yieldmo.com	1 redirects
1	dclk-match.dotomi.com	8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com
1	a.rfihub.com	1 redirects
1	sync.targeting.unrulymedia.com	1 redirects
1	sync.1rx.io	1 redirects
1	1f2e7.v.fwmrm.net	1 redirects
1	partners.tremorhub.com	googleads.g.doubleclick.net
1	fonts.googleapis.com	securepubads.g.doubleclick.net
1	adservice.google.ch	securepubads.g.doubleclick.net
1	stats.g.doubleclick.net	www.google-analytics.com
1	adservice.google.de	pagead2.googlesyndication.com
1	partner.googleadservices.com	pagead2.googlesyndication.com
1	x.123g.us	c.123g.us
1	www.googletagmanager.com	www.123greetings.com
1	www.123greetings.com
1	www.maqors.com	1 redirects
510	95

This site contains links to these domains. Also see Links.

Domain
studio.123greetings.com
itunes.apple.com
play.google.com
nl.123greetings.com
www.addthis.com
info.123greetings.com
blog.123greetings.com
widgets.123greetings.com
help.123greetings.com

Subject Issuer	Validity	Valid
*.123greetings.com Go Daddy Secure Certificate Authority - G2	`2020-04-29` - `2022-04-29`	2 years	crt.sh
*.123g.us Go Daddy Secure Certificate Authority - G2	`2021-08-11` - `2022-09-12`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-08-16` - `2021-11-08`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-08-16` - `2021-11-08`	3 months	crt.sh
trkn.us Go Daddy Secure Certificate Authority - G2	`2021-01-19` - `2022-02-20`	a year	crt.sh
*.googleadservices.com GTS CA 1C3	`2021-08-16` - `2021-11-08`	3 months	crt.sh
*.google.de GTS CA 1C3	`2021-08-16` - `2021-11-08`	3 months	crt.sh
*.google.com GTS CA 1C3	`2021-08-16` - `2021-11-08`	3 months	crt.sh
*.google.ch GTS CA 1C3	`2021-08-16` - `2021-11-08`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2021-08-16` - `2021-11-08`	3 months	crt.sh
www.google.com GTS CA 1C3	`2021-08-16` - `2021-11-08`	3 months	crt.sh
misc-sni.google.com GTS CA 1C3	`2021-08-16` - `2021-11-08`	3 months	crt.sh
upload.video.google.com GTS CA 1O1	`2021-08-16` - `2021-11-08`	3 months	crt.sh
*.avantisvideo.com Amazon	`2020-12-24` - `2022-01-22`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2021-08-16` - `2021-11-08`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2021-08-16` - `2021-11-08`	3 months	crt.sh
san.casalemedia.com GeoTrust RSA CA 2018	`2021-02-05` - `2022-02-09`	a year	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2021-03-05` - `2022-02-19`	a year	crt.sh
*.openx.net GeoTrust RSA CA 2018	`2021-07-08` - `2022-08-08`	a year	crt.sh
teads.tv R3	`2021-08-23` - `2021-11-21`	3 months	crt.sh
*.tremorhub.com Amazon	`2021-06-27` - `2022-07-26`	a year	crt.sh
*.search.spotxchange.com GeoTrust RSA CA 2018	`2021-04-08` - `2022-05-09`	a year	crt.sh
*.ads.yahoo.com DigiCert SHA2 High Assurance Server CA	`2021-08-16` - `2021-10-06`	2 months	crt.sh
ads.stickyadstv.com DigiCert TLS RSA SHA256 2020 CA1	`2020-11-13` - `2021-11-17`	a year	crt.sh
*.turn.com RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1	`2021-03-31` - `2022-03-31`	a year	crt.sh
*.bidswitch.net Sectigo RSA Domain Validation Secure Server CA	`2020-04-23` - `2022-05-04`	2 years	crt.sh
*.dotomi.com GlobalSign RSA OV SSL CA 2018	`2021-08-10` - `2022-09-11`	a year	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2021-03-18` - `2022-04-19`	a year	crt.sh
*.quantserve.com DigiCert SHA2 High Assurance Server CA	`2020-10-02` - `2021-10-07`	a year	crt.sh
*.aniview.com DigiCert SHA2 Secure Server CA	`2021-02-23` - `2022-02-27`	a year	crt.sh
*.spotxchange.com GeoTrust RSA CA 2018	`2021-03-10` - `2022-03-29`	a year	crt.sh
*.v.ssp.yahoo.com DigiCert SHA2 High Assurance Server CA	`2021-05-24` - `2021-11-17`	6 months	crt.sh
ups.analytics.yahoo.com DigiCert SHA2 High Assurance Server CA	`2021-08-17` - `2022-02-09`	6 months	crt.sh
s.amazon-adsystem.com Amazon	`2021-07-14` - `2022-06-27`	a year	crt.sh
*.demdex.net DigiCert TLS RSA SHA256 2020 CA1	`2020-12-02` - `2022-01-02`	a year	crt.sh
*.bttrack.com Sectigo RSA Domain Validation Secure Server CA	`2021-03-29` - `2022-03-29`	a year	crt.sh
*.pbp.bf2.yahoo.com DigiCert SHA2 High Assurance Server CA	`2021-08-18` - `2021-11-17`	3 months	crt.sh
um3.eqads.com Amazon	`2021-06-26` - `2022-07-25`	a year	crt.sh

This page contains 81 frames:

Primary Page: https://www.123greetings.com/events/fall/?utm_source=Email2&utm_medium=Special_NL&utm_campaign=SNL_sep21_events
Frame ID: 97BC433FDB1828D1C4C3C7357A50CED3
Requests: 138 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20210831/r20190131/zrt_lookup.html
Frame ID: 0D3437ECA272DFE956322DB6A91C5963
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8275302107693664&output=html&adk=1812271804&adf=3025194257&lmt=1630729043&plat=1%3A16777216%2C8%3A134217728%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fwww.123greetings.com%2Fevents%2Ffall%2F%3Futm_source%3DEmail2%26utm_medium%3DSpecial_NL%26utm_campaign%3DSNL_sep21_events&ea=0&flash=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1630730531336&bpp=3&bdt=390&idt=124&shv=r20210831&mjsv=m202109010101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=3713485947411&frm=20&pv=2&ga_vid=18072530.1630730531&ga_sid=1630730531&ga_hid=97299285&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530671%2C31062297&oid=3&pvsid=4182262459636998&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=150
Frame ID: 03E7466BBEF5BFDF35B4E1EC36CEA345
Requests: 1 HTTP requests in this frame

Frame: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 2230B5745CAE60A8FCC48EFE23318171
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html
Frame ID: 017F88A465730DCF100C19F246EB256A
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: DF5C7A8862A91740B6058CEE7236477E
Requests: 1 HTTP requests in this frame

Frame: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 1AE196F8F55F4012C151DFD8E57C75FD
Requests: 16 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012108170213000/amp4ads-v0.mjs
Frame ID: 9FBC1E4D85B2B284B3ABC85BB8E9D837
Requests: 16 HTTP requests in this frame

Frame: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: A7DBD9F9747C3E0ECE42E273D9F4775A
Requests: 16 HTTP requests in this frame

Frame: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 7214B9AB7F07B5608EAF6B334D96FC7E
Requests: 14 HTTP requests in this frame

Frame: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 01C4B63F135924CB22DB6A56B16B075D
Requests: 14 HTTP requests in this frame

Frame: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: A44E8FF55CD105FE93FD18876E02BA79
Requests: 14 HTTP requests in this frame

Frame: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 9097DD2930F5C43C66D0C4945583664E
Requests: 14 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvXtUafc-FEcFTvI98XuELU7BZifwXClneK9u7KuhFNLTwcWsr5x9zhXKP_E7gAxacjPI8FXT0n18EuKkXhWG94r3d4CclXADCL7NSE-7DC-xBPWAN12CIUfaUYyRMBz8wTdM39K44MoHz7E8BchXS5tuIQi--uN1-sJXDpYRAWRfpNoLGubSaqX7x65knyMh0ROvAUHNF26vzv-3ACVov6weJCkkDbjH6ZanJRinicEDaBXBESCqIqBy0PwDe7277KKMRzu3eDpn8dzUGsSogNxf5TG0_yynxbjCZWKAvyBAoRckWh9aGZpCet1KxkFYjumlld-5Uo4FghMQ&sai=AMfl-YSCZyBChjHa3JjKvN06QYyU29gQbtfsN0l_JrN-oijSnpdALTmRKdeZPrQizid-lJwZ3xvlEmi_gIFaxAR-k_NxAq6dwXqkcW7WID74yxYC8arIKfPs38Ajc36AK1A&sig=Cg0ArKJSzKGMp-LrxmBEEAE&urlfix=1&adurl=
Frame ID: 9D724597E4E76CA6FF881EDA556F41CC
Requests: 8 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvONIsK8rL8K5uA1iWU1X2AegIgSvUhGo6cWFgGUZBKeh9sLMiDPIFuRiADCp_Cd2kdyT-N8eXWJbk_HadaQ8cr9MDt5ZwXyMYzEC0xdA2VlCUKXkGg7ygDecWEf7ca4z-RBXeXvnqpjujej6C2FOlBU_KJiVadRJ0qvi4LGG-dn1nN-Sw7n7v58f0pxSjKXfS62buIl7QmljVMiE1ougDIfWggaAdeQwf849we163vd1PtelHzy9zkhWmCQ0rhY5iUsFJfF4dVpcRmH4zHJPG6yYNshmEb5NfyVfEvVF4bAq5sV-3AO8q66OaPrhBqD9gRpitbUtmzxRwsP5g5SCH6JZbeWg&sai=AMfl-YQGKbqt8t1UrHoDhoax9LF_6fYFZcuQ6iSTq62yZk4DkJKQ2huBKQXB9WfR9NIFIz8CTKfOAF2PvQmtSQ5M-SLs4UY-GZ7SfXl6EGNGyTjSdB7CQhDMFJpapNF7emA&sig=Cg0ArKJSzMU4re_h5rM5EAE&urlfix=1&adurl=
Frame ID: 2DEB21EA24020755B4DE214EBDDC7CF5
Requests: 8 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLS7QxDXu7cBGJTo2ngwAQ&v=APEucNVA_jcOkqFBR50mKv0VT3dCVBmEjYsPE12-C_fS9eDAylylwtlmVO9apa_e6z2TXIgf1ZVId3fY-4lKzf_OiYbC7m-32g
Frame ID: F3CC1D4DCCD8E0C8D4FE17186CDF0F96
Requests: 4 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLS7QxDXu7cBGJTo2ngwAQ&v=APEucNVLN_97Fv8eGAyVy2Xui8YPs0rVNnZLTM1-_Dnt9--DVmSyZG-FPcqPrDeWYwfC2aqsVWFPpZRiT-k86BBxRn76-IsehA
Frame ID: 53C69857D620A40759A02FD5A4FF6019
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLS7QxDXu7cBGJTo2ngwAQ&v=APEucNWoxBq-217CgSkGBILAq89S-ROA6CbN8cpEsM89lmg1AF9LsGJxqjFCJazQ7lDUfVKC5j-rFo7w4aeY2O4Y4Th57DgINQ
Frame ID: B7C62ACD525FA405237EE7C21AB67EA0
Requests: 4 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLS7QxDXu7cBGJTo2ngwAQ&v=APEucNW2r5x6eS_3JCWn8eJ17rqo1h3jQ5AiTdeS4S6dU-pHOgZN21q66g3aLleMlt0TkwXqAJo38IU-KgHzLcQ_5cNCoD_d-g
Frame ID: E93079B0BDE7417C95F9D4DE47574E2D
Requests: 4 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLS7QxDXu7cBGJTo2ngwAQ&v=APEucNVpxgLpl0Tsaek-thMHYTAWE225dDjKzoHAyD1Kmnk7ca0b1ndj19fNVVGmxBLPsLVepNMQM4BihlJl0wKUrHe2uEMnLw
Frame ID: C991AA2CFCB16F9A49F71754768890EC
Requests: 4 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLS7QxDXu7cBGJTo2ngwAQ&v=APEucNU_RWBtQLvuaPOQv43JOXiFx_oQBZmv8gkMtE9qT3lwpl1PONU2lPx7u7fPSdaMWwoQIf3GLC1yQBlx32lFFe2c12kCvQ
Frame ID: C8771E2E957E681D4F2F73A52B3A9EE0
Requests: 4 HTTP requests in this frame

Frame: https://cdn1.avantisvideo.com/connect/u_d.html
Frame ID: 88B3205418CCCE0999350B7BFDC7A51D
Requests: 2 HTTP requests in this frame

Frame: https://cdn1.avantisvideo.com/connect/u_d.html
Frame ID: C2BF280D7E359F30683541FC120730D1
Requests: 2 HTTP requests in this frame

Frame: https://s0.2mdn.net/ads/richmedia/studio/pv2/61498410/20210621060710917/index.html?e=69&leftOffset=0&topOffset=0&c=hy6FaEB8gn&t=1&renderingType=2
Frame ID: 1DC23E18D445CE285A1BF5EBAE019FFB
Requests: 11 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 4B0D8232879A400C7981A2C5E517B9DB
Requests: 9 HTTP requests in this frame

Frame: https://s0.2mdn.net/ads/richmedia/studio/pv2/61498371/20210621060725476/index.html?e=69&leftOffset=0&topOffset=0&c=2WsNqxjH0W&t=1&renderingType=2
Frame ID: D6BF718BFD5E6A54574DD1B9C17D38A0
Requests: 11 HTTP requests in this frame

Frame: https://s0.2mdn.net/ads/richmedia/studio/pv2/61498371/20210621060725476/index.html?e=69&leftOffset=0&topOffset=0&c=e8IV7Uynpf&t=1&renderingType=2
Frame ID: 90BDF6193C866650A52BD716A3E401B1
Requests: 11 HTTP requests in this frame

Frame: https://s0.2mdn.net/ads/richmedia/studio/pv2/61498371/20210621060725476/index.html?e=69&leftOffset=0&topOffset=0&c=UK2o4yXblG&t=1&renderingType=2
Frame ID: 523E8A5B477EFC63569B2A1B313FC182
Requests: 11 HTTP requests in this frame

Frame: https://s0.2mdn.net/ads/richmedia/studio/pv2/61490714/20210621060706056/index.html?e=69&leftOffset=0&topOffset=0&c=sAEUSHBSQE&t=1&renderingType=2
Frame ID: D722DDA3C86849A2A96D8A015DAFC42D
Requests: 11 HTTP requests in this frame

Frame: https://s0.2mdn.net/ads/richmedia/studio/pv2/61498371/20210621060725476/index.html?e=69&leftOffset=0&topOffset=0&c=aSGvZtuX20&t=1&renderingType=2
Frame ID: 441BC98F5C51B5B2365AF6811774283D
Requests: 11 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 4FC0F078370809DD005C5A428F15360F
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: E767886BB33EEC91F8D5D65D571C1367
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 42472C4918CED98A79A46B94A4CAD897
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 9A0CA287777FEA039BF9E7C9E91BC48C
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 5FD6FD98744F09EC8AE3B1649DF0628B
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 10E54D0D0783019ECA99B6EDCC397D21
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 28BB529C16A699C148B5F75F04F1FDAE
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: AB9E9EF6B06CE0F12343BEB2126D39C2
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: DB3E3C6B104E9A3DE0291C60D02C5F87
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: E72658F4F210B78531C030A2B9F3DC2A
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 82DDF21092D8E75BFF7C11A920E53BA7
Requests: 3 HTTP requests in this frame

Frame: https://cdn1.avantisvideo.com/connect/u_d.html
Frame ID: 0338EA3B921A987DBFBC68D79F79FC26
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/4M_hU0z2aGWsE6Fh5g73T3aOvXi4a4lK__VWYOQ1wYI.js
Frame ID: 35BC81CC6E880F586B1C54271B8CD7C1
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/4M_hU0z2aGWsE6Fh5g73T3aOvXi4a4lK__VWYOQ1wYI.js
Frame ID: 965083F694ACF421A5B246455977CBB9
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/4M_hU0z2aGWsE6Fh5g73T3aOvXi4a4lK__VWYOQ1wYI.js
Frame ID: B91B5CA0525BF970FDABC05451E38B43
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/4M_hU0z2aGWsE6Fh5g73T3aOvXi4a4lK__VWYOQ1wYI.js
Frame ID: 592ED28759FEB457D9DF200F2D02178A
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/4M_hU0z2aGWsE6Fh5g73T3aOvXi4a4lK__VWYOQ1wYI.js
Frame ID: BF621E0622DA34C0B18B527B4E2FFC2B
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/4M_hU0z2aGWsE6Fh5g73T3aOvXi4a4lK__VWYOQ1wYI.js
Frame ID: 2331BA1CB9D7FDD4D0782FC6D0D96081
Requests: 1 HTTP requests in this frame

Frame: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=5e5bd02728a06124e30d85c3
Frame ID: 5C9C1BAD44B4A5D81CD2456BD074024C
Requests: 2 HTTP requests in this frame

Frame: https://player.aniview.com/script/6.1/ab5/AVmanager.js?v=1.0&type=s&pid=5e5bd02728a06124e30d85c3
Frame ID: 7EDE41CD16EB62D8999AB35BB83EBD9D
Requests: 2 HTTP requests in this frame

Frame: https://sync.aniview.com/cookiesyncendpoint?auid=1630730536592-919282496603-008741-015-006420&biddername=55&key=7687085539858020377
Frame ID: 207F7A75E4930AE7E0C4704A580B808B
Requests: 1 HTTP requests in this frame

Frame: https://sync.aniview.com/cookiesyncendpoint?auid=1630730536591-964452496603-008575-011-002896&biddername=55&key=4739656639353668120
Frame ID: C5B1D4BFD688E18633D412E348FB41F4
Requests: 1 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/sdkloader/ima3.js
Frame ID: 8CC8ED3CF04E7648EB97B56590730C68
Requests: 3 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/sdkloader/ima3.js
Frame ID: 6D176261EEAEF0F45998C196A0282579
Requests: 3 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/sdkloader/ima3.js
Frame ID: 1B275A2D91BD13B0308E525450BCF807
Requests: 3 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/sdkloader/ima3.js
Frame ID: 88728299A61D5C746E9247068D907451
Requests: 3 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.478.2_en.html
Frame ID: D3D5A9F210D512FE98EB5EBC9F09808C
Requests: 2 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.478.2_en.html
Frame ID: 5B129C1E353AB056F1D027BA21ACD1D3
Requests: 2 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.478.2_en.html
Frame ID: C4B377EF72D300B0CB3149BE8A0F4D35
Requests: 2 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.478.2_en.html
Frame ID: A3A96B5A7F0C69E718ADFD63713D1439
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Frame ID: 8FFF9E994F0AB89311D7C28D60A6ADDF
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Frame ID: 05DFCA6E325EFF5CEE5B5B955E17D774
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Frame ID: 3D6852E1FC6FB4653B16F4B262476714
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Frame ID: 5BB9BE78322219626B2640038E0859DA
Requests: 1 HTTP requests in this frame

Frame: https://js-sec.indexww.com/um/ixmatch.html
Frame ID: 6EB9EF3C76942CB71693A88558B1A560
Requests: 1 HTTP requests in this frame

Frame: https://js-sec.indexww.com/um/ixmatch.html
Frame ID: 0C2CD8DAD439272184A5A5A9574ED621
Requests: 1 HTTP requests in this frame

Frame: https://ssum-sec.casalemedia.com/usermatch?d=https://www.123greetings.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Frame ID: BA0BE094F7DC74D745CF427968530FE6
Requests: 9 HTTP requests in this frame

Frame: https://ssum-sec.casalemedia.com/usermatch?d=https://www.123greetings.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Frame ID: F7973679D7131AB99A6AA41D02DE2820
Requests: 10 HTTP requests in this frame

Frame: https://um2.eqads.com/um/cs&eq_cc=1
Frame ID: 0ED9A64AD8BB117B76B8EACD89175ED5
Requests: 2 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/sdkloader/ima3.js
Frame ID: 1582D1006D1A1A5D199B966D2733AB11
Requests: 3 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/sdkloader/ima3.js
Frame ID: 2837A9AEF5E7D0F6A918FE0579E874EC
Requests: 3 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/sdkloader/ima3.js
Frame ID: CEFBE49FA2EDB33DB73B5FBE1619A6FA
Requests: 3 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/sdkloader/ima3.js
Frame ID: EC9C01633A1ABBB798CEBC8B864DEAFB
Requests: 3 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.478.2_en.html
Frame ID: 04A96C080B7AF0537065C875011C2E43
Requests: 2 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.478.2_en.html
Frame ID: 71407ACF033B259510FE8FE61E4929D6
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Frame ID: EACC0CAA5FF6464ADAC25DC96D67D3C1
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Frame ID: D10D2DB8059F500AA4C563AB37EB9F40
Requests: 1 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.478.2_en.html
Frame ID: 70DD6E49F901F7F791DAEB03906AE397
Requests: 2 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.478.2_en.html
Frame ID: A1526DAFDB59B94D213D4A798644D654
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Frame ID: 52A8984FCC2E2848043ECDDA5B386331
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Frame ID: AEC0142DADCB926A8ED6D66325D6709C
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Autumn Cards, Free Autumn Wishes, Greeting Cards | 123 Greetings

Page URL History Show full URLs

http://www.maqors.com/cgi-bin/click.pl?cid=nl010952202102&lid=206852&uid=203601343 HTTP 302
https://www.123greetings.com/events/fall/?utm_source=Email2&utm_medium=Special_NL&utm_campaign=SNL_sep21_... Page URL

Detected technologies

CentOS (Operating Systems) Expand

Overall confidence: 100%
Detected patterns

headers server /CentOS/i

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i

DoubleClick for Publishers (DFP) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

script /googletagservices\.com\/tag\/js\/gpt(?:_mobile)?\.js/i

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

script /googlesyndication\.com\//i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Page Statistics

510
Requests

100 %
HTTPS

34 %
IPv6

63
Domains

95
Subdomains

60
IPs

12
Countries

18697 kB
Transfer

30250 kB
Size

7
Cookies

12 Outgoing links

These are links going to different origins than the main page.

URL: https://studio.123greetings.com/
Title: Studio

Search URL Search Domain Scan URL

URL: https://itunes.apple.com/in/app/123greetings/id718873921?mt=8

Search URL Search Domain Scan URL

URL: https://play.google.com/store/apps/details?id=com.g123

Search URL Search Domain Scan URL

URL: https://nl.123greetings.com/

Search URL Search Domain Scan URL

URL: https://nl.123greetings.com/blog/
Title: Blog

Search URL Search Domain Scan URL

URL: https://www.addthis.com/bookmark.php

Search URL Search Domain Scan URL

URL: https://info.123greetings.com/company/pressroom/
Title: Press Room

Search URL Search Domain Scan URL

URL: https://blog.123greetings.com/
Title: Blog

Search URL Search Domain Scan URL

URL: https://widgets.123greetings.com/
Title: Widgets

Search URL Search Domain Scan URL

URL: https://nl.123greetings.com/tell-a-friend
Title: Recommend Us

Search URL Search Domain Scan URL

URL: https://help.123greetings.com/
Title: Help

Search URL Search Domain Scan URL

URL: https://help.123greetings.com/contact_us.html
Title: Contact Us

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://www.maqors.com/cgi-bin/click.pl?cid=nl010952202102&lid=206852&uid=203601343 HTTP 302
https://www.123greetings.com/events/fall/?utm_source=Email2&utm_medium=Special_NL&utm_campaign=SNL_sep21_events Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 87

https://trkn.us/info/?sid=1efbd474-f6d6-4c7a-ab0e-0a28232c817d&ord=2206586702.118953&ref=https%3A%2F%2Fwww.123greetings.com%2Fevents%2Ffall%2F%3Futm_source%3DEmail2%26utm_medium%3DSpecial_NL%26utm_campaign%3DSNL_sep21_events&dvis=visible HTTP 302
https://trkn.us/info/?sid=1efbd474-f6d6-4c7a-ab0e-0a28232c817d&ord=2206586702.118953&ref=https%3A%2F%2Fwww.123greetings.com%2Fevents%2Ffall%2F%3Futm_source%3DEmail2%26utm_medium%3DSpecial_NL%26utm_campaign%3DSNL_sep21_events&dvis=visible&ip=185.236.201.228&cuidchk=1

Request Chain 180

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMhPOVCehTw7MrvLXR7PrbI&google_cver=1 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMhPOVCehTw7MrvLXR7PrbI&google_cver=1&C=1

Request Chain 181

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YTL5JYWbhem9VtXZP-sMpwAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMhPOVCehTw7MrvLXR7PrbI&google_cver=1

Request Chain 191

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESELsvvBFK7IQKNonbry8ENRI&google_cver=1

Request Chain 192

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTc2ODYzNTgxMzMxMzMyNjI0Mg%3D%3D

Request Chain 193

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEPzxAgFFFka_IidWodTb-ak&google_cver=1

Request Chain 194

https://us-u.openx.net/w/1.0/cm?id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D HTTP 302
https://us-u.openx.net/w/1.0/cm?cc=1&id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=NWI3YjgzZWUtNjBjMS0yYTU0LWNiNTMtOTM1ZTMwYmU5N2Ex

Request Chain 195

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm HTTP 302
https://sync.teads.tv/um?eid=3&uid=CAESEFgdSfwVP1SdktHiaCVbApE&google_cver=1

Request Chain 196

https://sync.teads.tv/um?eid=3&uid=&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_dbm%26google_hm%3D%5BVID_B64%5D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_hm=ZGVlZmYwODctMmU5MS00YWM1LWI2MDktZTY1MThhN2I5YTkz

Request Chain 197

https://cm.g.doubleclick.net/pixel?google_nid=tremor_video_dbm&google_cm&google_dbm HTTP 302
https://partners.tremorhub.com/sync?UIGL=CAESELf1UG6-Dqb_NluAu0yizKE&google_cver=1

Request Chain 198

https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_cm&google_dbm HTTP 302
https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESELD_GN945el3UHey8N9f6T4&google_cver=1

Request Chain 199

https://sync.search.spotxchange.com/partner?adv_id=7025&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dspotxchange_dbm%26google_hm%3D%24SPOTX_BASE64_USER_ID HTTP 302
https://sync.search.spotxchange.com/partner?adv_id=7025&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dspotxchange_dbm%26google_hm%3D%24SPOTX_BASE64_USER_ID&__user_check__=1&sync_id=7919e8a5-0d3a-11ec-9b22-160292010106 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_hm=NzkxYTFjYzgtMGQzYS0xMWVjLWE5MDAtMTg2MGYwNzEwMTA2

Request Chain 201

https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_cm&google_dbm HTTP 302
https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESELD_GN945el3UHey8N9f6T4&google_cver=1

Request Chain 202

https://sync.search.spotxchange.com/partner?adv_id=7025&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dspotxchange_dbm%26google_hm%3D%24SPOTX_BASE64_USER_ID HTTP 302
https://sync.search.spotxchange.com/partner?adv_id=7025&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dspotxchange_dbm%26google_hm%3D%24SPOTX_BASE64_USER_ID&__user_check__=1&sync_id=791a1cff-0d3a-11ec-a900-1860f0710106 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_hm=NzkxYTFjYzgtMGQzYS0xMWVjLWE5MDAtMTg2MGYwNzEwMTA2

Request Chain 204

https://ups.analytics.yahoo.com/ups/58269/sync?_origin=1&redir=true HTTP 302
https://ups.analytics.yahoo.com/ups/58269/sync?_origin=1&redir=true&verify=true HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=oath_dbm&google_hm=eS1UV3RuNUc1RTJ1SDJaMmxZejk4OFBCWGl0QUxNYjZSX35B

Request Chain 205

https://cm.g.doubleclick.net/pixel?google_nid=stickyxchange_dbm&google_cm&google_dbm HTTP 302
https://ads.stickyadstv.com/user-registering?dataProviderId=141&userId=CAESEK2HkrZpctKysqtZjJle4z8&google_cver=1 HTTP 302
https://1f2e7.v.fwmrm.net/ad/u?_dv=2&dsp_user_mapping=true&127719=8a4a4a1ce74572b39a7ae2f33469689b&rdU=https%3A%2F%2Fads.stickyadstv.com%2Fuser-registering%3FdataProviderId%3D1169%26userId%3d%23%7buser.id%7d HTTP 302
https://ads.stickyadstv.com/user-registering?dataProviderId=1169&userId=l1c8a_7003934307824407468 HTTP 302
https://match.adsrvr.org/track/cmf/generic?ttd_pid=stickyads&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP 302
https://match.adsrvr.org/track/cmb/generic?ttd_pid=stickyads&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP 302
https://ads.stickyadstv.com/user-registering?dataProviderId=208&userId=4f1cde68-0489-4c67-8a82-93c18d8bd5fc HTTP 302
https://ib.adnxs.com/getuid?https%3A%2F%2Fads.stickyadstv.com%2Fuser-registering%3FdataProviderId%3D209&gdpr=0&gdpr_consent=%26userId%3D$UID HTTP 302
https://ads.stickyadstv.com/user-registering?dataProviderId=209&gdpr=0&gdpr_consent=&userId=5768635813313326242 HTTP 302
https://pr-bh.ybp.yahoo.com/sync/stickyads/8a4a4a1ce74572b39a7ae2f33469689b&gdpr=0&gdpr_consent=?gdpr=0&gdpr_consent= HTTP 302
https://ads.stickyadstv.com/user-registering?dataProviderId=199&userId=y-fUyxvA1E2oPKBFVReP7BYHpXKEpRfFL9us6xMi5P~A

Request Chain 206

https://ads.stickyadstv.com/user-matching?id=11 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=stickyxchange_dbm&google_hm=OGE0YTRhMWNlNzQ1NzJiMzlhN2FlMmYzMzQ2OTY4OWI=&gdpr=0&gdpr_consent=

Request Chain 259

https://ad.turn.com/r/cs?pid=3&google_gid=CAESEGC3s3KaWEsoxXbUkHytR4k&google_cver=1&google_push=AYg5qPLHoTuAMcqG-pw7fLoi5YA4kSTfhCeR_zgUrG1Jq64WF2daOnW9mSa-XadcJe5y8pKvx0Pg39bjtuCaTdetSCaCPwPCm4b5 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=MzQ4MDkxMDY0OTY1MDI2NjczNQ== HTTP 302
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?google_gid=CAESENnjRICCMyUWKBg9jidmuC0&google_cver=1

Request Chain 260

https://um.simpli.fi/gp_match?google_gid=CAESEE-E3QqaQnCKTb0tkhkm5r0&google_cver=1&google_push=AYg5qPI1QxF9cK9JidK0LVOR4kQvgYDfbMALEEw7_FHzBEQlkiQh9Ilqr-3R-1FcYuI2ai92CmfvvoUwK3Gg14t6HM7Q1subskuT HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=B85789AC9C904FDE90DF83420E65AC78&google_push=AYg5qPI1QxF9cK9JidK0LVOR4kQvgYDfbMALEEw7_FHzBEQlkiQh9Ilqr-3R-1FcYuI2ai92CmfvvoUwK3Gg14t6HM7Q1subskuT

Request Chain 261

https://tracking.m6r.eu/sync/adxRedirect?gdprFallback=true&google_gid=&google_gid=CAESEBog9SGdBln9UdYI6XN886A&google_cver=1&google_push=AYg5qPLQHAzkdaD0BpZgg7HzlbsfbRYy9hqexSAQILd6w8p2aIh5b1lG54GgfEo65h0_likw9nucG4VyNk9Qp3raN2hDT007fR3u HTTP 302
https://tracking.m6r.eu/sync/adxRedirect?gdprFallback=true&google_gid=&google_gid=CAESEBog9SGdBln9UdYI6XN886A&google_cver=1&google_push=AYg5qPLQHAzkdaD0BpZgg7HzlbsfbRYy9hqexSAQILd6w8p2aIh5b1lG54GgfEo65h0_likw9nucG4VyNk9Qp3raN2hDT007fR3u&checkcookies=true HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=m6r&google_ula=158217889&google_hm=At_TB_mVJNUMBz3oFmyoQw&google_push=AYg5qPLQHAzkdaD0BpZgg7HzlbsfbRYy9hqexSAQILd6w8p2aIh5b1lG54GgfEo65h0_likw9nucG4VyNk9Qp3raN2hDT007fR3u

Request Chain 262

https://px.adhigh.net/p/gm/rub?google_gid=CAESEFetlJ_DcdkD-0oc5qS2LNo&google_cver=1&google_push=AYg5qPKoGuGca0EoYKOHkGdGFLHWdeuuc2RLiNqPCIKsfQFoKr66YKGp_FWO1Ih6Dqy4uur8OhCv8BODDZirtSjNFLvxKhUxNIyM HTTP 302
https://px.adhigh.net/p/gm/rub?google_gid=CAESEFetlJ_DcdkD-0oc5qS2LNo&google_cver=1&google_push=AYg5qPKoGuGca0EoYKOHkGdGFLHWdeuuc2RLiNqPCIKsfQFoKr66YKGp_FWO1Ih6Dqy4uur8OhCv8BODDZirtSjNFLvxKhUxNIyM&bounced=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=gint&google_push=AYg5qPKoGuGca0EoYKOHkGdGFLHWdeuuc2RLiNqPCIKsfQFoKr66YKGp_FWO1Ih6Dqy4uur8OhCv8BODDZirtSjNFLvxKhUxNIyM&google_hm=v0gTmtRqEWUAAikABlF7rx08Ag%3D%3D

Request Chain 263

https://sm.rtb.mts.ru/p?ssp=googleban&pm=1&google_gid=CAESEOCY92UwdNzFYZAzb78FUKc&google_cver=1&google_push=AYg5qPLz8mksoUJxPHFXHNYwJnT5e5-L0FUla8zJumi3bRvoOV3935Zq4SJ4bcvCL1G6K6R8yWDMzVGZgs7YwUyeaX6x0lPi64dPLg HTTP 301
https://sm.rtb.mts.ru/match/second?r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dstream_llc%26id%3D012ea528-71de-4c93-96ba-4672730ae1ed%26google_push%3DAYg5qPLz8mksoUJxPHFXHNYwJnT5e5-L0FUla8zJumi3bRvoOV3935Zq4SJ4bcvCL1G6K6R8yWDMzVGZgs7YwUyeaX6x0lPi64dPLg&ssp=googleban&exu=CAESEOCY92UwdNzFYZAzb78FUKc HTTP 301
https://tech.rtb.mts.ru/?dsp_uid=6862e65b-9253-4583-8f23-c3cec6294de0&return_url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dstream_llc%26id%3D012ea528-71de-4c93-96ba-4672730ae1ed%26google_push%3DAYg5qPLz8mksoUJxPHFXHNYwJnT5e5-L0FUla8zJumi3bRvoOV3935Zq4SJ4bcvCL1G6K6R8yWDMzVGZgs7YwUyeaX6x0lPi64dPLg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=stream_llc&id=012ea528-71de-4c93-96ba-4672730ae1ed&google_push=AYg5qPLz8mksoUJxPHFXHNYwJnT5e5-L0FUla8zJumi3bRvoOV3935Zq4SJ4bcvCL1G6K6R8yWDMzVGZgs7YwUyeaX6x0lPi64dPLg

Request Chain 264

https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEBTIF-oqSxsQkmNkPcOw1QY&google_cver=1&google_push=AYg5qPISgSzKdGJFMMKUqMifTUB5ib8AnbrxjVbyflRCo-XmTPaRXY31XTAOE79mXkwMdZmO0k8BMpDU5RcQK7Mie0K9d7QnpYh9 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS0wUkhzOXBWRTJ1R0hEMlVGVDJweDlnNzF6anVkSEhVWn5B&google_push=AYg5qPISgSzKdGJFMMKUqMifTUB5ib8AnbrxjVbyflRCo-XmTPaRXY31XTAOE79mXkwMdZmO0k8BMpDU5RcQK7Mie0K9d7QnpYh9

Request Chain 265

https://sm.rtb.mts.ru/p?ssp=googlevid&pm=1&google_gid=CAESEP5L51YeFDZE0RCrysGAsOg&google_cver=1&google_push=AYg5qPILExZibZRxuBFhNoVbZkCo42WnJsgG4JYom8a2kPV4rSYTIzNz4HnGzsS5bgXUiWrr6Y-MtT8YvQLgNqAywQh_hY190En5pg HTTP 301
https://sm.rtb.mts.ru/match/second?r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dstream_llc_2%26id%3D6862e65b-9253-4583-8f23-c3cec6294de0%26google_push%3DAYg5qPILExZibZRxuBFhNoVbZkCo42WnJsgG4JYom8a2kPV4rSYTIzNz4HnGzsS5bgXUiWrr6Y-MtT8YvQLgNqAywQh_hY190En5pg&ssp=googlevid&exu=CAESEP5L51YeFDZE0RCrysGAsOg HTTP 301
https://tech.rtb.mts.ru/?dsp_uid=6862e65b-9253-4583-8f23-c3cec6294de0&return_url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dstream_llc_2%26id%3D6862e65b-9253-4583-8f23-c3cec6294de0%26google_push%3DAYg5qPILExZibZRxuBFhNoVbZkCo42WnJsgG4JYom8a2kPV4rSYTIzNz4HnGzsS5bgXUiWrr6Y-MtT8YvQLgNqAywQh_hY190En5pg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=stream_llc_2&id=6862e65b-9253-4583-8f23-c3cec6294de0&google_push=AYg5qPILExZibZRxuBFhNoVbZkCo42WnJsgG4JYom8a2kPV4rSYTIzNz4HnGzsS5bgXUiWrr6Y-MtT8YvQLgNqAywQh_hY190En5pg

Request Chain 269

https://ad.turn.com/r/cs?pid=3&google_gid=CAESEGC3s3KaWEsoxXbUkHytR4k&google_cver=1&google_push=AYg5qPJ89bR1UT6aocnwM8CNSDBKHe5LUPAG6XOD4c9gH8Sl0CsucaX0_tpoFrITGiraBqwPSi8-MlA9wz9gpMWHE0vD7nyTFZU HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=Mzk4NTMxMzgwNzkxNTc2MjI4Nw== HTTP 302
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?google_gid=CAESENnjRICCMyUWKBg9jidmuC0&google_cver=1

Request Chain 270

https://x.bidswitch.net/sync?ssp=google&google_gid=CAESEPTTpHWzULUG0VNjCazSWJ4&google_cver=1&google_push=AYg5qPIdQEhtKbr7E2m_tTXe5VDXIU59sZ3WoVGbSwFseJXvzA4M-BaZmBT4PWhkd88vhOHhLbXy-gpeZ3ri_CP8dM9dWypQSIo HTTP 302
https://x.bidswitch.net/ul_cb/sync?ssp=google&google_gid=CAESEPTTpHWzULUG0VNjCazSWJ4&google_cver=1&google_push=AYg5qPIdQEhtKbr7E2m_tTXe5VDXIU59sZ3WoVGbSwFseJXvzA4M-BaZmBT4PWhkd88vhOHhLbXy-gpeZ3ri_CP8dM9dWypQSIo HTTP 302
https://ads.avct.cloud/getuid?url=%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D59%26user_id%3D%7B%7BUUID%7D%7D%26ssp%3Dgoogle HTTP 307
https://ads.avct.cloud/getuid?bounce=true&url=%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D59%26user_id%3D%7B%7BUUID%7D%7D%26ssp%3Dgoogle HTTP 302
https://x.bidswitch.net/sync?dsp_id=59&user_id=cd5195b6-59c1-484e-83fe-97f40eb93db3&ssp=google HTTP 302
https://x.bidswitch.net/ul_cb/sync?dsp_id=59&user_id=cd5195b6-59c1-484e-83fe-97f40eb93db3&ssp=google HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_cm=1&google_hm=8lwOJoCUR2qOoDU4bGacbQ== HTTP 302
https://x.bidswitch.net/google_sync_status?ssp_name=google&google_gid=CAESEFgGpgaCCo5E4eyXoxZmcsI&google_cver=1

Request Chain 271

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEEqhUFsY3OeRfsPkZ1-lQzk&google_cver=1&google_push=AYg5qPI6xnrqQAnBL_4jTt3NH_H305JLOZGiqaf3QI5ppfpct9v4CWMeXsBK7a8Qtz7ORWqJ7VUGgOc4H5Cv5N_oYeoEuY5HKA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1Q1QVVTVkktWC0yWDJV&google_push=AYg5qPI6xnrqQAnBL_4jTt3NH_H305JLOZGiqaf3QI5ppfpct9v4CWMeXsBK7a8Qtz7ORWqJ7VUGgOc4H5Cv5N_oYeoEuY5HKA

Request Chain 272

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESECYvurN_xnIfEz71lsji0Xk&google_cver=1&google_push=AYg5qPLHmbXTFS_hcf2UF0loVClSUOvooeX3uOSy04zSELjvXTlCW3fxj_P-b9ZENHYh-We2LsDrg3dn9eax4I-ZsUIBJi_bAUI HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTL5JYWbhem9VtXZP_sMpwAABJQAAAAB&google_push=AYg5qPLHmbXTFS_hcf2UF0loVClSUOvooeX3uOSy04zSELjvXTlCW3fxj_P-b9ZENHYh-We2LsDrg3dn9eax4I-ZsUIBJi_bAUI&google_gid=CAESECYvurN_xnIfEz71lsji0Xk&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTL5JYWbhem9VtXZP_sMpwAABJQAAAAB&google_push=AYg5qPLHmbXTFS_hcf2UF0loVClSUOvooeX3uOSy04zSELjvXTlCW3fxj_P-b9ZENHYh-We2LsDrg3dn9eax4I-ZsUIBJi_bAUI&google_gid=CAESECYvurN_xnIfEz71lsji0Xk&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTL5JYWbhem9VtXZP_sMpwAABJQAAAAB&google_push=AYg5qPLHmbXTFS_hcf2UF0loVClSUOvooeX3uOSy04zSELjvXTlCW3fxj_P-b9ZENHYh-We2LsDrg3dn9eax4I-ZsUIBJi_bAUI&google_gid=CAESECYvurN_xnIfEz71lsji0Xk&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTL5JYWbhem9VtXZP_sMpwAABJQAAAAB&google_push=AYg5qPLHmbXTFS_hcf2UF0loVClSUOvooeX3uOSy04zSELjvXTlCW3fxj_P-b9ZENHYh-We2LsDrg3dn9eax4I-ZsUIBJi_bAUI&google_gid=CAESECYvurN_xnIfEz71lsji0Xk&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTL5JYWbhem9VtXZP_sMpwAABJQAAAAB&google_push=AYg5qPLHmbXTFS_hcf2UF0loVClSUOvooeX3uOSy04zSELjvXTlCW3fxj_P-b9ZENHYh-We2LsDrg3dn9eax4I-ZsUIBJi_bAUI&google_gid=CAESECYvurN_xnIfEz71lsji0Xk&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTL5JYWbhem9VtXZP_sMpwAABJQAAAAB&google_push=AYg5qPLHmbXTFS_hcf2UF0loVClSUOvooeX3uOSy04zSELjvXTlCW3fxj_P-b9ZENHYh-We2LsDrg3dn9eax4I-ZsUIBJi_bAUI&google_gid=CAESECYvurN_xnIfEz71lsji0Xk&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTL5JYWbhem9VtXZP_sMpwAABJQAAAAB&google_push=AYg5qPLHmbXTFS_hcf2UF0loVClSUOvooeX3uOSy04zSELjvXTlCW3fxj_P-b9ZENHYh-We2LsDrg3dn9eax4I-ZsUIBJi_bAUI&google_gid=CAESECYvurN_xnIfEz71lsji0Xk&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTL5JYWbhem9VtXZP_sMpwAABJQAAAAB&google_push=AYg5qPLHmbXTFS_hcf2UF0loVClSUOvooeX3uOSy04zSELjvXTlCW3fxj_P-b9ZENHYh-We2LsDrg3dn9eax4I-ZsUIBJi_bAUI&google_gid=CAESECYvurN_xnIfEz71lsji0Xk&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTL5JYWbhem9VtXZP_sMpwAABJQAAAAB&google_push=AYg5qPLHmbXTFS_hcf2UF0loVClSUOvooeX3uOSy04zSELjvXTlCW3fxj_P-b9ZENHYh-We2LsDrg3dn9eax4I-ZsUIBJi_bAUI&google_gid=CAESECYvurN_xnIfEz71lsji0Xk&google_cver=1&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTL5JYWbhem9VtXZP_sMpwAABJQAAAAB&google_push=AYg5qPLHmbXTFS_hcf2UF0loVClSUOvooeX3uOSy04zSELjvXTlCW3fxj_P-b9ZENHYh-We2LsDrg3dn9eax4I-ZsUIBJi_bAUI&google_gid=CAESECYvurN_xnIfEz71lsji0Xk&google_cver=1&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTL5JYWbhem9VtXZP_sMpwAABJQAAAAB&google_push=AYg5qPLHmbXTFS_hcf2UF0loVClSUOvooeX3uOSy04zSELjvXTlCW3fxj_P-b9ZENHYh-We2LsDrg3dn9eax4I-ZsUIBJi_bAUI&google_gid=CAESECYvurN_xnIfEz71lsji0Xk&google_cver=1&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTL5JYWbhem9VtXZP_sMpwAABJQAAAAB&google_push=AYg5qPLHmbXTFS_hcf2UF0loVClSUOvooeX3uOSy04zSELjvXTlCW3fxj_P-b9ZENHYh-We2LsDrg3dn9eax4I-ZsUIBJi_bAUI&google_gid=CAESECYvurN_xnIfEz71lsji0Xk&google_cver=1&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTL5JYWbhem9VtXZP_sMpwAABJQAAAAB&google_push=AYg5qPLHmbXTFS_hcf2UF0loVClSUOvooeX3uOSy04zSELjvXTlCW3fxj_P-b9ZENHYh-We2LsDrg3dn9eax4I-ZsUIBJi_bAUI&google_gid=CAESECYvurN_xnIfEz71lsji0Xk&google_cver=1&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTL5JYWbhem9VtXZP_sMpwAABJQAAAAB&google_push=AYg5qPLHmbXTFS_hcf2UF0loVClSUOvooeX3uOSy04zSELjvXTlCW3fxj_P-b9ZENHYh-We2LsDrg3dn9eax4I-ZsUIBJi_bAUI&google_gid=CAESECYvurN_xnIfEz71lsji0Xk&google_cver=1&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTL5JYWbhem9VtXZP_sMpwAABJQAAAAB&google_push=AYg5qPLHmbXTFS_hcf2UF0loVClSUOvooeX3uOSy04zSELjvXTlCW3fxj_P-b9ZENHYh-We2LsDrg3dn9eax4I-ZsUIBJi_bAUI&google_gid=CAESECYvurN_xnIfEz71lsji0Xk&google_cver=1&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTL5JYWbhem9VtXZP_sMpwAABJQAAAAB&google_push=AYg5qPLHmbXTFS_hcf2UF0loVClSUOvooeX3uOSy04zSELjvXTlCW3fxj_P-b9ZENHYh-We2LsDrg3dn9eax4I-ZsUIBJi_bAUI&google_gid=CAESECYvurN_xnIfEz71lsji0Xk&google_cver=1&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTL5JYWbhem9VtXZP_sMpwAABJQAAAAB&google_push=AYg5qPLHmbXTFS_hcf2UF0loVClSUOvooeX3uOSy04zSELjvXTlCW3fxj_P-b9ZENHYh-We2LsDrg3dn9eax4I-ZsUIBJi_bAUI&google_gid=CAESECYvurN_xnIfEz71lsji0Xk&google_cver=1&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTL5JYWbhem9VtXZP_sMpwAABJQAAAAB&google_push=AYg5qPLHmbXTFS_hcf2UF0loVClSUOvooeX3uOSy04zSELjvXTlCW3fxj_P-b9ZENHYh-We2LsDrg3dn9eax4I-ZsUIBJi_bAUI&google_gid=CAESECYvurN_xnIfEz71lsji0Xk&google_cver=1&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTL5JYWbhem9VtXZP_sMpwAABJQAAAAB&google_push=AYg5qPLHmbXTFS_hcf2UF0loVClSUOvooeX3uOSy04zSELjvXTlCW3fxj_P-b9ZENHYh-We2LsDrg3dn9eax4I-ZsUIBJi_bAUI&google_gid=CAESECYvurN_xnIfEz71lsji0Xk&google_cver=1&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTL5JYWbhem9VtXZP_sMpwAABJQAAAAB&google_push=AYg5qPLHmbXTFS_hcf2UF0loVClSUOvooeX3uOSy04zSELjvXTlCW3fxj_P-b9ZENHYh-We2LsDrg3dn9eax4I-ZsUIBJi_bAUI&google_gid=CAESECYvurN_xnIfEz71lsji0Xk&google_cver=1&google_tc=

Request Chain 273

https://sync.1rx.io/usersync2/rmpssp?sub=google&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3D%5BRX_SPD%5D%26google_hm%3D%5BRX_UUID_B64_BIN%5D&google_gid=CAESEI0n7Ml1OFIdgz27CJsfT5k&google_cver=1&google_push=AYg5qPI5G9gfXDWI7qTzwhiE0qF_Uf6BGHhEMTSDoZvDjHbocFLgFr-O4tJ0WFiGIDrFf5jk-wc_VTDr9nHZAHFD5GYSCQCwYv8 HTTP 302
https://sync.targeting.unrulymedia.com/csync/RX-024c2ae3-e0e2-4def-bb6b-14a66f4ace5d-003?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3DAYg5qPI5G9gfXDWI7qTzwhiE0qF_Uf6BGHhEMTSDoZvDjHbocFLgFr-O4tJ0WFiGIDrFf5jk-wc_VTDr9nHZAHFD5GYSCQCwYv8%26google_hm%3DAwJMKuPg4k3vu2sUpm9Kzl0 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AYg5qPI5G9gfXDWI7qTzwhiE0qF_Uf6BGHhEMTSDoZvDjHbocFLgFr-O4tJ0WFiGIDrFf5jk-wc_VTDr9nHZAHFD5GYSCQCwYv8&google_hm=AwJMKuPg4k3vu2sUpm9Kzl0

Request Chain 274

https://cs.chocolateplatform.com/pub?pid=ebda&google_gid=CAESEIdFuH5Q8qUJePtdm0c-xHo&google_cver=1&google_push=AYg5qPLAE1XXhO-0g4KFsc4OXUoQmlTudFOplRYx2cFh_IfqH2d_Hg6zCc2GHlGZxcWWjvbhq6DFZN9TmSo4opRG0_gyxm_oMw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=chocolateplatform&google_hm=Y3AtZDc5YWM4MmMxZDU5NGMyMzVjNGNiNDU2MTFhOTRjNzk=&google_push=AYg5qPLAE1XXhO-0g4KFsc4OXUoQmlTudFOplRYx2cFh_IfqH2d_Hg6zCc2GHlGZxcWWjvbhq6DFZN9TmSo4opRG0_gyxm_oMw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=chocolateplatform&google_hm=Y3AtZDc5YWM4MmMxZDU5NGMyMzVjNGNiNDU2MTFhOTRjNzk=&google_push=AYg5qPLAE1XXhO-0g4KFsc4OXUoQmlTudFOplRYx2cFh_IfqH2d_Hg6zCc2GHlGZxcWWjvbhq6DFZN9TmSo4opRG0_gyxm_oMw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=chocolateplatform&google_hm=Y3AtZDc5YWM4MmMxZDU5NGMyMzVjNGNiNDU2MTFhOTRjNzk=&google_push=AYg5qPLAE1XXhO-0g4KFsc4OXUoQmlTudFOplRYx2cFh_IfqH2d_Hg6zCc2GHlGZxcWWjvbhq6DFZN9TmSo4opRG0_gyxm_oMw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=chocolateplatform&google_hm=Y3AtZDc5YWM4MmMxZDU5NGMyMzVjNGNiNDU2MTFhOTRjNzk=&google_push=AYg5qPLAE1XXhO-0g4KFsc4OXUoQmlTudFOplRYx2cFh_IfqH2d_Hg6zCc2GHlGZxcWWjvbhq6DFZN9TmSo4opRG0_gyxm_oMw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=chocolateplatform&google_hm=Y3AtZDc5YWM4MmMxZDU5NGMyMzVjNGNiNDU2MTFhOTRjNzk=&google_push=AYg5qPLAE1XXhO-0g4KFsc4OXUoQmlTudFOplRYx2cFh_IfqH2d_Hg6zCc2GHlGZxcWWjvbhq6DFZN9TmSo4opRG0_gyxm_oMw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=chocolateplatform&google_hm=Y3AtZDc5YWM4MmMxZDU5NGMyMzVjNGNiNDU2MTFhOTRjNzk=&google_push=AYg5qPLAE1XXhO-0g4KFsc4OXUoQmlTudFOplRYx2cFh_IfqH2d_Hg6zCc2GHlGZxcWWjvbhq6DFZN9TmSo4opRG0_gyxm_oMw&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=chocolateplatform&google_hm=Y3AtZDc5YWM4MmMxZDU5NGMyMzVjNGNiNDU2MTFhOTRjNzk=&google_push=AYg5qPLAE1XXhO-0g4KFsc4OXUoQmlTudFOplRYx2cFh_IfqH2d_Hg6zCc2GHlGZxcWWjvbhq6DFZN9TmSo4opRG0_gyxm_oMw&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=chocolateplatform&google_hm=Y3AtZDc5YWM4MmMxZDU5NGMyMzVjNGNiNDU2MTFhOTRjNzk=&google_push=AYg5qPLAE1XXhO-0g4KFsc4OXUoQmlTudFOplRYx2cFh_IfqH2d_Hg6zCc2GHlGZxcWWjvbhq6DFZN9TmSo4opRG0_gyxm_oMw&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=chocolateplatform&google_hm=Y3AtZDc5YWM4MmMxZDU5NGMyMzVjNGNiNDU2MTFhOTRjNzk=&google_push=AYg5qPLAE1XXhO-0g4KFsc4OXUoQmlTudFOplRYx2cFh_IfqH2d_Hg6zCc2GHlGZxcWWjvbhq6DFZN9TmSo4opRG0_gyxm_oMw&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=chocolateplatform&google_hm=Y3AtZDc5YWM4MmMxZDU5NGMyMzVjNGNiNDU2MTFhOTRjNzk=&google_push=AYg5qPLAE1XXhO-0g4KFsc4OXUoQmlTudFOplRYx2cFh_IfqH2d_Hg6zCc2GHlGZxcWWjvbhq6DFZN9TmSo4opRG0_gyxm_oMw&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=chocolateplatform&google_hm=Y3AtZDc5YWM4MmMxZDU5NGMyMzVjNGNiNDU2MTFhOTRjNzk=&google_push=AYg5qPLAE1XXhO-0g4KFsc4OXUoQmlTudFOplRYx2cFh_IfqH2d_Hg6zCc2GHlGZxcWWjvbhq6DFZN9TmSo4opRG0_gyxm_oMw&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=chocolateplatform&google_hm=Y3AtZDc5YWM4MmMxZDU5NGMyMzVjNGNiNDU2MTFhOTRjNzk=&google_push=AYg5qPLAE1XXhO-0g4KFsc4OXUoQmlTudFOplRYx2cFh_IfqH2d_Hg6zCc2GHlGZxcWWjvbhq6DFZN9TmSo4opRG0_gyxm_oMw&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=chocolateplatform&google_hm=Y3AtZDc5YWM4MmMxZDU5NGMyMzVjNGNiNDU2MTFhOTRjNzk=&google_push=AYg5qPLAE1XXhO-0g4KFsc4OXUoQmlTudFOplRYx2cFh_IfqH2d_Hg6zCc2GHlGZxcWWjvbhq6DFZN9TmSo4opRG0_gyxm_oMw&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=chocolateplatform&google_hm=Y3AtZDc5YWM4MmMxZDU5NGMyMzVjNGNiNDU2MTFhOTRjNzk=&google_push=AYg5qPLAE1XXhO-0g4KFsc4OXUoQmlTudFOplRYx2cFh_IfqH2d_Hg6zCc2GHlGZxcWWjvbhq6DFZN9TmSo4opRG0_gyxm_oMw&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=chocolateplatform&google_hm=Y3AtZDc5YWM4MmMxZDU5NGMyMzVjNGNiNDU2MTFhOTRjNzk=&google_push=AYg5qPLAE1XXhO-0g4KFsc4OXUoQmlTudFOplRYx2cFh_IfqH2d_Hg6zCc2GHlGZxcWWjvbhq6DFZN9TmSo4opRG0_gyxm_oMw&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=chocolateplatform&google_hm=Y3AtZDc5YWM4MmMxZDU5NGMyMzVjNGNiNDU2MTFhOTRjNzk=&google_push=AYg5qPLAE1XXhO-0g4KFsc4OXUoQmlTudFOplRYx2cFh_IfqH2d_Hg6zCc2GHlGZxcWWjvbhq6DFZN9TmSo4opRG0_gyxm_oMw&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=chocolateplatform&google_hm=Y3AtZDc5YWM4MmMxZDU5NGMyMzVjNGNiNDU2MTFhOTRjNzk=&google_push=AYg5qPLAE1XXhO-0g4KFsc4OXUoQmlTudFOplRYx2cFh_IfqH2d_Hg6zCc2GHlGZxcWWjvbhq6DFZN9TmSo4opRG0_gyxm_oMw&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=chocolateplatform&google_hm=Y3AtZDc5YWM4MmMxZDU5NGMyMzVjNGNiNDU2MTFhOTRjNzk=&google_push=AYg5qPLAE1XXhO-0g4KFsc4OXUoQmlTudFOplRYx2cFh_IfqH2d_Hg6zCc2GHlGZxcWWjvbhq6DFZN9TmSo4opRG0_gyxm_oMw&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=chocolateplatform&google_hm=Y3AtZDc5YWM4MmMxZDU5NGMyMzVjNGNiNDU2MTFhOTRjNzk=&google_push=AYg5qPLAE1XXhO-0g4KFsc4OXUoQmlTudFOplRYx2cFh_IfqH2d_Hg6zCc2GHlGZxcWWjvbhq6DFZN9TmSo4opRG0_gyxm_oMw&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=chocolateplatform&google_hm=Y3AtZDc5YWM4MmMxZDU5NGMyMzVjNGNiNDU2MTFhOTRjNzk=&google_push=AYg5qPLAE1XXhO-0g4KFsc4OXUoQmlTudFOplRYx2cFh_IfqH2d_Hg6zCc2GHlGZxcWWjvbhq6DFZN9TmSo4opRG0_gyxm_oMw&google_tc=

Request Chain 275

https://a.rfihub.com/cm?pub=445&in=1&google_gid=CAESELmE_2fzIMp1gWKXEwKX0uc&google_cver=1&google_push=AYg5qPIalBuRb5CcG46Qbs45Nalzn-z_TL4Ru8xA63R7FBp5whEMBXlaYvCEpcyMYd_w33SBLgomVCRwuljxuD2KzDacdfAnaOPQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=zeta_interactive&google_push=AYg5qPIalBuRb5CcG46Qbs45Nalzn-z_TL4Ru8xA63R7FBp5whEMBXlaYvCEpcyMYd_w33SBLgomVCRwuljxuD2KzDacdfAnaOPQ&google_hm=NDkwODUyMDYyNTkyODkzNzc1OA==

Request Chain 277

https://ad.turn.com/r/cs?pid=3&google_gid=CAESEGC3s3KaWEsoxXbUkHytR4k&google_cver=1&google_push=AYg5qPL7I8-suKEZer0T_2OfjPQhvttODHWoh5AOKlrIb5kfOECQislVGUYOGX20ckuzEovn1Y865vw--K_Cf6opbkrQgWoRuKk HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=MzQ4MDkxMDY0OTY1MDI2NjczNQ== HTTP 302
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?google_gid=CAESENnjRICCMyUWKBg9jidmuC0&google_cver=1

Request Chain 279

https://pm.w55c.net/ping_match.gif?ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEAwZORLHaVxuMk2eGusCg4g&google_cver=1&google_push=AYg5qPLx-RaOZ6yrgc7T7ctdVasDOu_ZtSwoUI261rqpD3ZAmgbXvZpXUDeRmmsY_8spc0TLJy2ni78dxXE2J4K4ekZvYxporQ HTTP 302
https://pm.w55c.net/ping_match.gif?scc=1&ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEAwZORLHaVxuMk2eGusCg4g&google_cver=1&google_push=AYg5qPLx-RaOZ6yrgc7T7ctdVasDOu_ZtSwoUI261rqpD3ZAmgbXvZpXUDeRmmsY_8spc0TLJy2ni78dxXE2J4K4ekZvYxporQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=SFg4WXNnZk8xTW1udm41&google_gid=CAESEAwZORLHaVxuMk2eGusCg4g&google_cver=1&google_push=AYg5qPLx-RaOZ6yrgc7T7ctdVasDOu_ZtSwoUI261rqpD3ZAmgbXvZpXUDeRmmsY_8spc0TLJy2ni78dxXE2J4K4ekZvYxporQ

Request Chain 280

https://um.simpli.fi/gp_match?google_gid=CAESEE-E3QqaQnCKTb0tkhkm5r0&google_cver=1&google_push=AYg5qPILLQEdzH7ydnBR1CtteajFwbmTEypKtm9A2RMxDRo-NsiB293u-6RUKpnb-Lw5ULyvPvjkN0xbtu8nTsmTO7jp2WOwZeo HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=B6674678E55243A79BC0B846DF83923D&google_push=AYg5qPILLQEdzH7ydnBR1CtteajFwbmTEypKtm9A2RMxDRo-NsiB293u-6RUKpnb-Lw5ULyvPvjkN0xbtu8nTsmTO7jp2WOwZeo

Request Chain 281

https://ads.yieldmo.com/exptsync?google_gid=CAESEIjelZDUONyd-4gwXw18DvE&google_cver=1&google_push=AYg5qPIzvJzt2bkO9K1Sf2gY2_FhiLzgsrlJkEJWQ00YssBNLnIkBXFL9X7tEcWTobQUQ8ZbTrIz9K3t_kduVC3o1oCNm-nUTi0 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=yieldmo&google_push=AYg5qPIzvJzt2bkO9K1Sf2gY2_FhiLzgsrlJkEJWQ00YssBNLnIkBXFL9X7tEcWTobQUQ8ZbTrIz9K3t_kduVC3o1oCNm-nUTi0&google_hm=ZzkyY2QwYWU1NDZhNTY0NjIxM2U=

Request Chain 282

https://match.360yield.com/match/ebda?google_gid=CAESEI-skVBig90SXqRAgushmv4&google_cver=1&google_push=AYg5qPKoHPU7e-iE7zukTjsviK_ik9f9PRWbUm1NR5rn-WQQ55tC8l-oEY1_dVqK3rVuKpnirNOlExpSJiVKj7CFGIJTFDmIsw HTTP 302
https://match.360yield.com/ul_cb/match/ebda?google_gid=CAESEI-skVBig90SXqRAgushmv4&google_cver=1&google_push=AYg5qPKoHPU7e-iE7zukTjsviK_ik9f9PRWbUm1NR5rn-WQQ55tC8l-oEY1_dVqK3rVuKpnirNOlExpSJiVKj7CFGIJTFDmIsw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=tqhbKS22TrWTEP_RmkNHeQ&google_push=AYg5qPKoHPU7e-iE7zukTjsviK_ik9f9PRWbUm1NR5rn-WQQ55tC8l-oEY1_dVqK3rVuKpnirNOlExpSJiVKj7CFGIJTFDmIsw

Request Chain 283

https://eb2.3lift.com/ebda?sync=1&google_gid=CAESEHyItM4IDC5xq1zzUYd2-u4&google_cver=1&google_push=AYg5qPLDhtX4GWpv6uLow7GeAwuC_A6ZtoODSvYdgKAcbAnYPDprUDz4haQu5KJTeRx0_rwLcLV8pPwZbBHTvxZGo0ryjL55BcE HTTP 302
https://eb2.3lift.com/sync/google/supply?ld=1&gdpr=1&cmp_cs=&us_privacy=&sync=1&google_push=AYg5qPLDhtX4GWpv6uLow7GeAwuC_A6ZtoODSvYdgKAcbAnYPDprUDz4haQu5KJTeRx0_rwLcLV8pPwZbBHTvxZGo0ryjL55BcE&google_gid=CAESEHyItM4IDC5xq1zzUYd2-u4 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=NTM1NDAzODAxMTY1NzUwNDQz&google_push=AYg5qPLDhtX4GWpv6uLow7GeAwuC_A6ZtoODSvYdgKAcbAnYPDprUDz4haQu5KJTeRx0_rwLcLV8pPwZbBHTvxZGo0ryjL55BcE

Request Chain 285

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEOl3HNClPdCPdoSJ9jnWy6c&google_cver=1&google_push=AYg5qPIEETkywIeGQoA0uAyGbonqFIe_FwwD8DncIO-hCJtQKngMAB4zg308u5yAY5qW88KEjmHRQt7tyS7EIbHievQxAucZ_9I HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AYg5qPIEETkywIeGQoA0uAyGbonqFIe_FwwD8DncIO-hCJtQKngMAB4zg308u5yAY5qW88KEjmHRQt7tyS7EIbHievQxAucZ_9I&google_hm=MzUxOTMwNTA1MjkyNDM1NjE4Mw%3D%3D

Request Chain 286

https://d5p.de17a.com/cookies/google?google_gid=CAESELRCMOD_yT1xez9AM5wtDvQ&google_cver=1&google_push=AYg5qPKz-iZmJLrHhxxDFStwrIr7tAZZF_NJA9vzf0RLt7nIxlnZRgi_NodGiA3pPanTboEaJ-gPYQtsrzKWJxWZ96Tl3_mK4K4 HTTP 302
https://d5p.de17a.com/cookies/google;c?google_gid=CAESELRCMOD_yT1xez9AM5wtDvQ&google_cver=1&google_push=AYg5qPKz-iZmJLrHhxxDFStwrIr7tAZZF_NJA9vzf0RLt7nIxlnZRgi_NodGiA3pPanTboEaJ-gPYQtsrzKWJxWZ96Tl3_mK4K4 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=AYg5qPKz-iZmJLrHhxxDFStwrIr7tAZZF_NJA9vzf0RLt7nIxlnZRgi_NodGiA3pPanTboEaJ-gPYQtsrzKWJxWZ96Tl3_mK4K4

Request Chain 287

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESELp-5BC8IuufrtLdhfp-SiI&google_cver=1&google_push=AYg5qPJY55z2FVMLlMQlHYWkbgmTMAO3-M2qlJVF6Mc8vlm5bsaOdY5B5uX_DELO1DMpi_SevoPGODC730FlXxBBerF11aGaXFk HTTP 302
https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESELp-5BC8IuufrtLdhfp-SiI&google_cver=1&google_push=AYg5qPJY55z2FVMLlMQlHYWkbgmTMAO3-M2qlJVF6Mc8vlm5bsaOdY5B5uX_DELO1DMpi_SevoPGODC730FlXxBBerF11aGaXFk HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MzAwMDAzNzUyMDM2NjQ0NTk5Ng&google_push=AYg5qPJY55z2FVMLlMQlHYWkbgmTMAO3-M2qlJVF6Mc8vlm5bsaOdY5B5uX_DELO1DMpi_SevoPGODC730FlXxBBerF11aGaXFk

Request Chain 288

https://rtb.openx.net/sync/dds?google_gid=CAESEAwt67nexLuV_n5eFEo6c3A&google_cver=1&google_push=AYg5qPLTMfmmVBZZSDqTraJb9R8wDsKstSxeIi-Euz-zhsVXnSNqwXYeC1MIFv-HhZvX22ldqRC-bZSjyL6WHM-Cp2GORjqsGRp3 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPLTMfmmVBZZSDqTraJb9R8wDsKstSxeIi-Euz-zhsVXnSNqwXYeC1MIFv-HhZvX22ldqRC-bZSjyL6WHM-Cp2GORjqsGRp3&google_hm=qELaGAAwzd44x4VQKUVjew==

Request Chain 289

https://match.360yield.com/match/ebda?google_gid=CAESEI-skVBig90SXqRAgushmv4&google_cver=1&google_push=AYg5qPIgmOBvCaDmnRoxSwultC0tExhx2UOlFQLzwJSZC6_V80z_l1LktWsvJgMKZHjv32TEIzgevz9VjIk96E3IPw10rGu4VXMf HTTP 302
https://match.360yield.com/ul_cb/match/ebda?google_gid=CAESEI-skVBig90SXqRAgushmv4&google_cver=1&google_push=AYg5qPIgmOBvCaDmnRoxSwultC0tExhx2UOlFQLzwJSZC6_V80z_l1LktWsvJgMKZHjv32TEIzgevz9VjIk96E3IPw10rGu4VXMf HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=tqhbKS22TrWTEP_RmkNHeQ&google_push=AYg5qPIgmOBvCaDmnRoxSwultC0tExhx2UOlFQLzwJSZC6_V80z_l1LktWsvJgMKZHjv32TEIzgevz9VjIk96E3IPw10rGu4VXMf

Request Chain 290

https://match.sharethrough.com/E4rooAtA/v1?google_gid=CAESEEcmUCJERZRcQ1KcwZBY8Kg&google_cver=1&google_push=AYg5qPLJCRutL5NDygjTX3ObdzxhTTENTKZDc46IGbj6BvwzVU3TwcrLdFeJBosKuBEm8i-qzT1Jval1EVNDG9_VEsqqFwtLa3Lk2A HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=sharethrough_ob&google_hm=NWVhOWVkNTAtM2FlYy00ZjE2LTgyYmQtOTY1Njg5ODhhZjkz&google_push=AYg5qPLJCRutL5NDygjTX3ObdzxhTTENTKZDc46IGbj6BvwzVU3TwcrLdFeJBosKuBEm8i-qzT1Jval1EVNDG9_VEsqqFwtLa3Lk2A

Request Chain 297

https://um.simpli.fi/gp_match?google_gid=CAESEE-E3QqaQnCKTb0tkhkm5r0&google_cver=1&google_push=AYg5qPLkEw2fmzvHPV19yMLi_hqj49vISEV7oGOtTnR8xN_DdOjH5Dbehk0yNFbvQuSMhO_C0WW26lMy0uAv2Y0u7uC8m3M0qSHD HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=04F28727F3064FEA9D38DB3C95DD1396&google_push=AYg5qPLkEw2fmzvHPV19yMLi_hqj49vISEV7oGOtTnR8xN_DdOjH5Dbehk0yNFbvQuSMhO_C0WW26lMy0uAv2Y0u7uC8m3M0qSHD

Request Chain 299

https://a.c.appier.net/gcm?google_gid=CAESENO-6UNBK9OviSPqPbKslac&google_cver=1&google_push=AYg5qPJDews0yG8P65suMJJpQFJfWmGTi65xCmYJnxqs3LdYRoW6Bl72u_DxSUk-IMR9Bep6-vRT7Npv3Ensx36J0H990C1DvEce HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appier&google_hm=eXc1QjRVR1JBLW1Rc2hDMkp2a3lZUQ%3D%3D&google_push=AYg5qPJDews0yG8P65suMJJpQFJfWmGTi65xCmYJnxqs3LdYRoW6Bl72u_DxSUk-IMR9Bep6-vRT7Npv3Ensx36J0H990C1DvEce

Request Chain 300

https://tracking.m6r.eu/sync/adxRedirect?gdprFallback=true&google_gid=&google_gid=CAESEBog9SGdBln9UdYI6XN886A&google_cver=1&google_push=AYg5qPKvIWgPTS0azvQX9gijIXV4tUGLtfWA_ZXcdPK0AKBkJ2X5mafIglwCzPolKksoXYzVGgpNna-hosgi5Ub9D2F0zyJDZ0xF HTTP 302
https://tracking.m6r.eu/sync/adxRedirect?gdprFallback=true&google_gid=&google_gid=CAESEBog9SGdBln9UdYI6XN886A&google_cver=1&google_push=AYg5qPKvIWgPTS0azvQX9gijIXV4tUGLtfWA_ZXcdPK0AKBkJ2X5mafIglwCzPolKksoXYzVGgpNna-hosgi5Ub9D2F0zyJDZ0xF&checkcookies=true HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=m6r&google_ula=158217889&google_hm=uC7lTrJ0Y5RubW-gn1pkdQ&google_push=AYg5qPKvIWgPTS0azvQX9gijIXV4tUGLtfWA_ZXcdPK0AKBkJ2X5mafIglwCzPolKksoXYzVGgpNna-hosgi5Ub9D2F0zyJDZ0xF

Request Chain 302

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESELp-5BC8IuufrtLdhfp-SiI&google_cver=1&google_push=AYg5qPKrsVfpXVKzEk9PX346oe_lI9G3o1RkkXk6LVw1n6XIeOuOuXaGoMGoED77llUs432fp35jVU6vmbqqSpjnn5Pmu6ybB-GH HTTP 302
https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESELp-5BC8IuufrtLdhfp-SiI&google_cver=1&google_push=AYg5qPKrsVfpXVKzEk9PX346oe_lI9G3o1RkkXk6LVw1n6XIeOuOuXaGoMGoED77llUs432fp35jVU6vmbqqSpjnn5Pmu6ybB-GH HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=ODgyNTM3Mjc4MjI4MzY5OTExOQ&google_push=AYg5qPKrsVfpXVKzEk9PX346oe_lI9G3o1RkkXk6LVw1n6XIeOuOuXaGoMGoED77llUs432fp35jVU6vmbqqSpjnn5Pmu6ybB-GH

Request Chain 306

https://pixel.everesttech.net/1/m?url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Deverest%26google_hm%3D__EFGSURFER_USB64__%26google_push%3DAYg5qPKmXgnHoOw0twxldNI1w5bUMFfv7EV3NcRCgss5nmjtWFt_2i39zfooHVVR3rTmi3guHg0FCAiuPYzsGtEYeEIC2XQqGL_0&google_gid=CAESEExsPvQyWPS-c18ezBLZhPQ&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WVRMNUpRQUFBYmVScG10cQ&google_push=AYg5qPKmXgnHoOw0twxldNI1w5bUMFfv7EV3NcRCgss5nmjtWFt_2i39zfooHVVR3rTmi3guHg0FCAiuPYzsGtEYeEIC2XQqGL_0

Request Chain 307

https://d.agkn.com/pixel/2175/?google_gid=CAESEBuTdw7SiXb2LTWOmgCxDPg&google_cver=1&google_push=AYg5qPKMsHapNzJLsmcDcrWoGBPyroABNk4_q8239oqR_IojVsnfuCVXhHRPAUYnsRsWeez2j2RFwm0YWT9SrYoxekEzbjjqr6A HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=ak_dmp&google_push=AYg5qPKMsHapNzJLsmcDcrWoGBPyroABNk4_q8239oqR_IojVsnfuCVXhHRPAUYnsRsWeez2j2RFwm0YWT9SrYoxekEzbjjqr6A&google_hm=Q0FFU0VCdVRkdzdTaVhiMkxUV09tZ0N4RFBn

Request Chain 308

https://id.rlcdn.com/466606.gif?cparams=google_push%3DAYg5qPKndwPe4J-dIBbjHrrjpgCoVQ827RFp6NIchTpRebwgqhrlPF3arUY0G1o5q3vAsr2rqgJjh17ezDYPrWa-BJoALJ3qG2bi&google_gid=CAESELXm9ynAQkvhFp17r9MjFTU&google_cver=1 HTTP 307
https://id.rlcdn.com/1000.gif?memo=CK69HBoNCKXyy4kGEgUI6AcQAEIASnBnb29nbGVfcHVzaD1BWWc1cVBLbmR3UGU0Si1kSUJiakhycmpwZ0NvVlE4MjdSRnA2TkljaFRwUmVid2dxaHJsUEYzYXJVWTBHMW81cTN2QXNyMnJxZ0pqaDE3ZXpEWVByV2EtQkpvQUxKM3FHMmJp HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=liveramp&google_hm=WGMzMDcwWXdJY0szam5VbEp4djJTZ0ZQVU9BakZubm93Q0wySk9qVWF1dzJjeEJGcw==&google_push

Request Chain 309

https://beacon.walmart.com/etap.gif?tap=gAds&google_gid=CAESEEwrJNZnoIprXulzZ0Gj3zk&google_cver=1&google_push=AYg5qPJZLfXSisCrXUKuPbr3LK37jZAc1K8vBn-xTIUvKH2a_lElLOiKt7E15cTp0GxJJlMenWGrjzLhhZtXVUydmdSmrXzs4LI HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=walmart&google_hm=TljTh2LPeRRVG4nPZTf3mA&tap=gAds&google_gid=CAESEEwrJNZnoIprXulzZ0Gj3zk&google_cver=1&google_push=AYg5qPJZLfXSisCrXUKuPbr3LK37jZAc1K8vBn-xTIUvKH2a_lElLOiKt7E15cTp0GxJJlMenWGrjzLhhZtXVUydmdSmrXzs4LI

Request Chain 310

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEEOgCAkZrGhWApJSgjHm-Xc&google_cver=1&google_push=AYg5qPKLXRZj9RSwLD_9BGuuHdobp37ffVBQfqJ_lzNpJNGHQG1y28ckoY4UXe-vvWL3y4g5MAS6jNQVTEf25h8TWXAfech2mPQW HTTP 302
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEEOgCAkZrGhWApJSgjHm-Xc&google_cver=1&google_push=AYg5qPKLXRZj9RSwLD_9BGuuHdobp37ffVBQfqJ_lzNpJNGHQG1y28ckoY4UXe-vvWL3y4g5MAS6jNQVTEf25h8TWXAfech2mPQW&rdf=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=4DeX6iM9RZmn3xzbPXDKJw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPKLXRZj9RSwLD_9BGuuHdobp37ffVBQfqJ_lzNpJNGHQG1y28ckoY4UXe-vvWL3y4g5MAS6jNQVTEf25h8TWXAfech2mPQW

Request Chain 311

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEEqhUFsY3OeRfsPkZ1-lQzk&google_cver=1&google_push=AYg5qPK00oPYtMmpFyxvGzsPvFdx7VoM4DoByy9qFkxRFLXLSonzk3_Mm1NcFM1JRPnw_DZ96hPkE3Gxa9pkP48__ff7uo1OGHc0 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1Q1QVVTWFAtVC00WVNO&google_push=AYg5qPK00oPYtMmpFyxvGzsPvFdx7VoM4DoByy9qFkxRFLXLSonzk3_Mm1NcFM1JRPnw_DZ96hPkE3Gxa9pkP48__ff7uo1OGHc0

Request Chain 401

https://secure.adnxs.com/getuid?https%3A%2F%2Fsync.aniview.com%2Fcookiesyncendpoint%3Fauid%3D1630730536592-919282496603-008741-015-006420%26biddername%3D55%26key%3D%24UID HTTP 307
https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fsync.aniview.com%252Fcookiesyncendpoint%253Fauid%253D1630730536592-919282496603-008741-015-006420%2526biddername%253D55%2526key%253D%2524UID HTTP 302
https://sync.aniview.com/cookiesyncendpoint?auid=1630730536592-919282496603-008741-015-006420&biddername=55&key=7687085539858020377

Request Chain 406

https://secure.adnxs.com/getuid?https%3A%2F%2Fsync.aniview.com%2Fcookiesyncendpoint%3Fauid%3D1630730536591-964452496603-008575-011-002896%26biddername%3D55%26key%3D%24UID HTTP 307
https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fsync.aniview.com%252Fcookiesyncendpoint%253Fauid%253D1630730536591-964452496603-008575-011-002896%2526biddername%253D55%2526key%253D%2524UID HTTP 302
https://sync.aniview.com/cookiesyncendpoint?auid=1630730536591-964452496603-008575-011-002896&biddername=55&key=4739656639353668120

Request Chain 440

https://pixel.advertising.com/ups/57304/sync?gdpr=&gdpr_consent=&_origin=0&redir=true HTTP 302
https://pixel.advertising.com/ups/57304/sync?gdpr=&gdpr_consent=&_origin=0&redir=true&verify=true HTTP 302
https://ups.analytics.yahoo.com/ups/57304/sync?gdpr=&gdpr_consent=&_origin=0&redir=true&apid=UP7bad6c9e-0d3a-11ec-8f0b-06a17173c662 HTTP 302
https://ups.analytics.yahoo.com/ups/57304/sync?gdpr=&gdpr_consent=&_origin=0&redir=true&apid=UP7bad6c9e-0d3a-11ec-8f0b-06a17173c662&verify=true HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=adaptv_dbm&google_cm&google_hm=VVA3YmFkNmM5ZS0wZDNhLTExZWMtOGYwYi0wNmExNzE3M2M2NjI%3D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=adaptv_dbm&google_cm=&google_hm=VVA3YmFkNmM5ZS0wZDNhLTExZWMtOGYwYi0wNmExNzE3M2M2NjI%3D&google_tc= HTTP 302
https://pixel.advertising.com/ups/57304/sync?uid=CAESEBhIX6PJfl8rjkpwqOu8Dho&google_cver=1 HTTP 302
https://ups.analytics.yahoo.com/ups/57304/sync?uid=CAESEBhIX6PJfl8rjkpwqOu8Dho&google_cver=1&apid=UP7bad6c9e-0d3a-11ec-8f0b-06a17173c662

Request Chain 441

https://match.adsrvr.org/track/cmf/generic?ttd_pid=adaptv&ttd_tpi=1 HTTP 302
https://match.adsrvr.org/track/cmb/generic?ttd_pid=adaptv&ttd_tpi=1 HTTP 302
https://ups.analytics.yahoo.com/ups/55953/sync?uid=ee22a6f8-9000-4b3b-81cc-4a50eac0bc79&_origin=1&gdpr=1&gdpr_consent=

Request Chain 442

https://sync-tm.everesttech.net/upi/pid/m7y5t93k?gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fpixel.advertising.com%2Fups%2F55986%2Fsync%3Fuid%3D%24%7BUSER_ID%7D%26_origin%3D0&gdpr=0&gdpr_consent= HTTP 302
https://sync-tm.everesttech.net/ct/upi/pid/m7y5t93k?gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fpixel.advertising.com%2Fups%2F55986%2Fsync%3Fuid%3D%24%7BUSER_ID%7D%26_origin%3D0&gdpr=0&gdpr_consent=&_test=YTL5KQAEROLC6gBg HTTP 302
https://pixel.advertising.com/ups/55986/sync?uid=YTL5KQAEROLC6gBg&_origin=0&gdpr=0&gdpr_consent=&_test=YTL5KQAEROLC6gBg HTTP 302
https://ups.analytics.yahoo.com/ups/55986/sync?uid=YTL5KQAEROLC6gBg&_origin=0&gdpr=0&gdpr_consent=&_test=YTL5KQAEROLC6gBg&apid=UP7bad6c9e-0d3a-11ec-8f0b-06a17173c662

Request Chain 444

https://ssum-sec.casalemedia.com/usermatch?d=https://www.123greetings.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F HTTP 302
https://ssum-sec.casalemedia.com/usermatch?d=https://www.123greetings.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1

Request Chain 445

https://ssum-sec.casalemedia.com/usermatch?d=https://www.123greetings.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F HTTP 302
https://ssum-sec.casalemedia.com/usermatch?d=https://www.123greetings.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1

Request Chain 451

https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=YTL5KUCPj-kFTncwdEIu-wAABIsAAAAB HTTP 302
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=YTL5KUCPj-kFTncwdEIu-wAABIsAAAAB&dcc=t

Request Chain 452

https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=YTL5KUCPj.kFTncwdEIu.wAA HTTP 302
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEHFuowNWKwCF1vUqdIXA9v0&google_cver=1&google_hm=2

Request Chain 453

https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=YTL5KUCPj-kFTncwdEIu-wAABIsAAAAB&gdpr_consent=&us_privacy=&gdpr= HTTP 302
https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=&google_gid=CAESEIwc7CsNisgaEXYJZMJEjxc&google_cver=1

Request Chain 454

https://dpm.demdex.net/ibs:dpid=23728&dpuuid=YTL5KUCPj.kFTncwdEIu.wAA%261163?gdpr_consent=&us_privacy=&gdpr= HTTP 302
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=23728&dpuuid=YTL5KUCPj.kFTncwdEIu.wAA%261163

Request Chain 457

https://sync.extend.tv/r.gif?exchange=index HTTP 302
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=152&external_user_id=4a9d0084-b8c2-404c-8283-aefbbe18a0e8

Request Chain 460

https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=YTL5KUCPj-kFTncwdEIu-wAABIsAAAAB HTTP 302
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=YTL5KUCPj-kFTncwdEIu-wAABIsAAAAB&dcc=t

Request Chain 461

https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=YTL5KUCPj-kFTncwdEIu-wAABIsAAAAB&gdpr_consent=&us_privacy=&gdpr= HTTP 302
https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=&google_gid=CAESEAAKiPIBKRrq7dWbSleCf38&google_cver=1

Request Chain 462

https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=YTL5KUCPj.kFTncwdEIu.wAA HTTP 302
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEHFuowNWKwCF1vUqdIXA9v0&google_cver=1&google_hm=2

Request Chain 463

https://ad.turn.com/r/cs?pid=21 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=4&external_user_id=4258626010301809263

Request Chain 464

https://dpm.demdex.net/ibs:dpid=23728&dpuuid=YTL5KUCPj.kFTncwdEIu.wAA%261163?gdpr_consent=&us_privacy=&gdpr= HTTP 302
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=23728&dpuuid=YTL5KUCPj.kFTncwdEIu.wAA%261163

Request Chain 465

https://gu.dyntrk.com/adx/ie/us.php?dynk=1nd3xx6ch1 HTTP 302
https://gu.dyntrk.com/adx/ie/us.php?dynk=1nd3xx6ch1&prevuid=05030002_6132f929ed31c&knw=0 HTTP 302
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=196&external_user_id=05030002_6132f929ed31c

Request Chain 467

https://um2.eqads.com/um/cs HTTP 302
https://um2.eqads.com/um/cs&eq_cc=1

510 HTTP transactions
10 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request

Cookie set / Show response
www.123greetings.com/events/fall/
Redirect Chain

http://www.maqors.com/cgi-bin/click.pl?cid=nl010952202102&lid=206852&uid=203601343
https://www.123greetings.com/events/fall/?utm_source=Email2&utm_medium=Special_NL&utm_campaign=SNL_sep21_events

85 KB
15 KB

458ms
116ms

Document
text/html

184.72.244.154
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://www.123greetings.com/events/fall/?utm_source=Email2&utm_medium=Special_NL&utm_campaign=SNL_sep21_events

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

184.72.244.154 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

www.123greetings.com

Software

Apache/2.2.15 (CentOS) /

Resource Hash

bf40687a1f2f1ade8e2cc851107f622288ca1f802d82c8f53517a794165d3a7d

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Host: www.123greetings.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Sat, 04 Sep 2021 04:29:46 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 14431
Connection: close
Cache-Control: max-age=900
Content-Encoding: gzip
ETag: "154e9-5cb23b1553ac0"
Last-Modified: Sat, 04 Sep 2021 04:17:23 GMT
Server: Apache/2.2.15 (CentOS)
Vary: Accept-Encoding
x-frame-options: SAMEORIGIN
Expires: Sat, 04 Sep 2021 04:44:46 GMT
Age: 744
Accept-Ranges: bytes
Set-Cookie: SERVERID=; Expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/

Redirect headers

Content-Type: text/html; charset=iso-8859-1
Date: Sat, 04 Sep 2021 04:42:09 GMT
Location: https://www.123greetings.com/events/fall/?utm_source=Email2&utm_medium=Special_NL&utm_campaign=SNL_sep21_events
Server: Apache/2.2.15 (CentOS)
Content-Length: 383
Connection: keep-alive

GET
H/1.1 200
OK categories_R1.css
c.123g.us/css/ 13 KB
4 KB 108ms
20ms Stylesheet
text/css 8.248.149.252
LEVEL3

General

Check archive.org

Show headers Download Go to

Full URL: https://c.123g.us/css/categories_R1.css
Requested by: Host: www.123greetings.com
URL: https://www.123greetings.com/events/fall/?utm_source=Email2&utm_medium=Special_NL&utm_campaign=SNL_sep21_events
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 8.248.149.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: e66724b7284c1cb011a5594f5af03602189da837569e74cd5511249572f9b83c

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Wed, 11 Aug 2021 18:11:13 GMT
Content-Encoding: gzip
Last-Modified: Thu, 19 Jul 2018 11:22:16 GMT
Server: Apache/2.2.15 (CentOS)
Age: 2025058
ETag: "2485b-325e-571586437ea00"
Vary: Accept-Encoding
Content-Type: text/css
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3302
jake_test: Test_Pass

GET
H/1.1 200
OK 119069_th.gif
i.123g.us/c/esep_fall_happy/th/ 7 KB
8 KB 115ms
23ms Image
image/gif 8.248.149.252
LEVEL3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.123g.us/c/esep_fall_happy/th/119069_th.gif
Requested by: Host: www.123greetings.com
URL: https://www.123greetings.com/events/fall/?utm_source=Email2&utm_medium=Special_NL&utm_campaign=SNL_sep21_events
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 8.248.149.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: ce641364790c6eeca1a9d7939ba220fd148f7eac3cc7c0038aa8cee1dcad9dc1

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Wed, 25 Aug 2021 17:47:25 GMT
Last-Modified: Tue, 12 Sep 2017 07:08:37 GMT
Server: Apache/2.2.15 (CentOS)
Age: 816886
ETag: "1dbe-558f8b64a2740"
Content-Type: image/gif
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 7614
jake_test: Test_Pass
Expires: Wed, 25 Aug 2021 18:02:25 GMT

GET
H/1.1 200
OK 104599_th.gif
i.123g.us/c/esep_fall_happy/th/ 6 KB
7 KB 114ms
22ms Image
image/gif 8.248.149.252
LEVEL3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.123g.us/c/esep_fall_happy/th/104599_th.gif
Requested by: Host: www.123greetings.com
URL: https://www.123greetings.com/events/fall/?utm_source=Email2&utm_medium=Special_NL&utm_campaign=SNL_sep21_events
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 8.248.149.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 3c0c73a1de384be91df7b91b149c28248c0fea534c3d445f159ca7ac4fc6f7c3

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Sat, 14 Aug 2021 14:10:52 GMT
Last-Modified: Mon, 24 Feb 2014 09:39:34 GMT
Server: Apache/2.2.15 (CentOS)
Age: 1780279
ETag: "18c1-4f323bfcb0180"
Content-Type: image/gif
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 6337
jake_test: Test_Pass
Expires: Mon, 30 Aug 2021 14:29:22 GMT

GET
H/1.1 200
OK 106076_th.gif
i.123g.us/c/esep_fall_happy/th/ 7 KB
7 KB 114ms
23ms Image
image/gif 8.248.149.252
LEVEL3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.123g.us/c/esep_fall_happy/th/106076_th.gif
Requested by: Host: www.123greetings.com
URL: https://www.123greetings.com/events/fall/?utm_source=Email2&utm_medium=Special_NL&utm_campaign=SNL_sep21_events
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 8.248.149.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 00b4606b9ef239cfe2f782966ae7b51010357b122fd83998db5d213fafbae142

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Fri, 27 Aug 2021 17:43:30 GMT
Last-Modified: Mon, 24 Feb 2014 09:39:34 GMT
Server: Apache/2.2.15 (CentOS)
Age: 644321
ETag: "1bbc-4f323bfcb0180"
Content-Type: image/gif
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 7100
jake_test: Test_Pass
Expires: Fri, 27 Aug 2021 20:08:55 GMT

GET
H/1.1 200
OK 106120_th.gif
i.123g.us/c/esep_fall_love/th/ 4 KB
4 KB 114ms
22ms Image
image/gif 8.248.149.252
LEVEL3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.123g.us/c/esep_fall_love/th/106120_th.gif
Requested by: Host: www.123greetings.com
URL: https://www.123greetings.com/events/fall/?utm_source=Email2&utm_medium=Special_NL&utm_campaign=SNL_sep21_events
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 8.248.149.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: f6d0fbc88097468e92dd911acb6c3815679d077c0d7ffd0466cb3d19a79c3fd7

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Mon, 09 Aug 2021 20:54:23 GMT
Last-Modified: Mon, 24 Feb 2014 09:37:34 GMT
Server: Apache/2.2.15 (CentOS)
Age: 2188068
ETag: "1017-4f323b8a3f380"
Content-Type: image/gif
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 4119
jake_test: Test_Pass
Expires: Sun, 15 Aug 2021 07:55:53 GMT

GET
H/1.1 200
OK 106117_th.gif
i.123g.us/c/esep_fall_love/th/ 8 KB
8 KB 112ms
20ms Image
image/gif 8.248.149.252
LEVEL3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.123g.us/c/esep_fall_love/th/106117_th.gif
Requested by: Host: www.123greetings.com
URL: https://www.123greetings.com/events/fall/?utm_source=Email2&utm_medium=Special_NL&utm_campaign=SNL_sep21_events
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 8.248.149.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 6eb31b2fd0be94a39f5e7d36317f17e99c84c22f3287cdd18455f9833de9ab38

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Mon, 09 Aug 2021 13:45:50 GMT
Last-Modified: Mon, 24 Feb 2014 08:14:19 GMT
Server: Apache/2.2.15 (CentOS)
Age: 2213781
ETag: "1f9f-4f3228eea4cc0"
Content-Type: image/gif
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 8095
jake_test: Test_Pass
Expires: Mon, 09 Aug 2021 14:00:50 GMT

GET
H/1.1 200
OK 111542_th.gif
i.123g.us/c/esep_fall_love/th/ 8 KB
8 KB 127ms
21ms Image
image/gif 8.248.149.252
LEVEL3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.123g.us/c/esep_fall_love/th/111542_th.gif
Requested by: Host: www.123greetings.com
URL: https://www.123greetings.com/events/fall/?utm_source=Email2&utm_medium=Special_NL&utm_campaign=SNL_sep21_events
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 8.248.149.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 1eb26cfacccd63a2ba28dccde662bdcea27e12835dd3ec8b82b97abf8ab03bb5

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Tue, 10 Aug 2021 22:53:46 GMT
Last-Modified: Mon, 24 Feb 2014 09:37:34 GMT
Server: Apache/2.2.15 (CentOS)
Age: 2094505
ETag: "1fc4-4f323b8a3f380"
Content-Type: image/gif
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 8132
jake_test: Test_Pass
Expires: Sun, 15 Aug 2021 07:55:53 GMT

GET
H/1.1 200
OK 106168_th.gif
i.123g.us/c/esep_fall_poem/th/ 6 KB
6 KB 23ms
21ms Image
image/gif 8.248.149.252
LEVEL3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.123g.us/c/esep_fall_poem/th/106168_th.gif
Requested by: Host: www.123greetings.com
URL: https://www.123greetings.com/events/fall/?utm_source=Email2&utm_medium=Special_NL&utm_campaign=SNL_sep21_events
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 8.248.149.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: efca3cc27d852f839975a9cbb42fa4683a14c3f9c36f038dec1c782ebba3fea7

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Wed, 18 Aug 2021 23:35:45 GMT
Last-Modified: Mon, 24 Feb 2014 09:50:14 GMT
Server: Apache/2.2.15 (CentOS)
Age: 1400786
ETag: "1758-4f323e5f0a180"
Content-Type: image/gif
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 5976
jake_test: Test_Pass
Expires: Wed, 25 Aug 2021 18:02:26 GMT

GET
H/1.1 200
OK 104663_th.gif
i.123g.us/c/esep_fall_poem/th/ 8 KB
8 KB 21ms
20ms Image
image/gif 8.248.149.252
LEVEL3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.123g.us/c/esep_fall_poem/th/104663_th.gif
Requested by: Host: www.123greetings.com
URL: https://www.123greetings.com/events/fall/?utm_source=Email2&utm_medium=Special_NL&utm_campaign=SNL_sep21_events
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 8.248.149.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 185d961a00faa1b2be124c66b7a619eca6a2cf1c1859ba73103e07f125b5d6a6

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Wed, 25 Aug 2021 14:24:49 GMT
Last-Modified: Mon, 24 Feb 2014 08:30:46 GMT
Server: Apache/2.2.15 (CentOS)
Age: 829042
ETag: "2002-4f322c9beb980"
Content-Type: image/gif
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 8194
jake_test: Test_Pass
Expires: Sat, 28 Aug 2021 17:50:24 GMT

GET
H/1.1 200
OK 119126_th.gif
i.123g.us/c/esep_fall_poem/th/ 8 KB
8 KB 21ms
20ms Image
image/gif 8.248.149.252
LEVEL3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.123g.us/c/esep_fall_poem/th/119126_th.gif
Requested by: Host: www.123greetings.com
URL: https://www.123greetings.com/events/fall/?utm_source=Email2&utm_medium=Special_NL&utm_campaign=SNL_sep21_events
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 8.248.149.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 8c516a0ca4968638bc06124102ce57555afcb2646cfe7d214a08bdbaacc81a43

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Mon, 09 Aug 2021 08:17:37 GMT
Last-Modified: Mon, 24 Feb 2014 09:50:13 GMT
Server: Apache/2.2.15 (CentOS)
Age: 2233474
ETag: "1fa0-4f323e5e15f40"
Content-Type: image/gif
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 8096
jake_test: Test_Pass
Expires: Sun, 15 Aug 2021 07:55:54 GMT

GET
H/1.1 200
OK 104692_th.gif
i.123g.us/c/esep_fall_specials/th/ 7 KB
7 KB 21ms
21ms Image
image/gif 8.248.149.252
LEVEL3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.123g.us/c/esep_fall_specials/th/104692_th.gif
Requested by: Host: www.123greetings.com
URL: https://www.123greetings.com/events/fall/?utm_source=Email2&utm_medium=Special_NL&utm_campaign=SNL_sep21_events
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 8.248.149.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 2d9908eaa228bcc16675ea1ed79b67d1fbe2fc170f1a65db2f4acd056ef0a69d

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Mon, 09 Aug 2021 13:45:50 GMT
Last-Modified: Mon, 24 Feb 2014 09:34:50 GMT
Server: Apache/2.2.15 (CentOS)
Age: 2213781
ETag: "1bb3-4f323aedd8280"
Content-Type: image/gif
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 7091
jake_test: Test_Pass
Expires: Sat, 28 Aug 2021 12:40:14 GMT

GET
H/1.1 200
OK 112814_th.gif
i.123g.us/c/esep_fall_specials/th/ 6 KB
6 KB 21ms
20ms Image
image/gif 8.248.149.252
LEVEL3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.123g.us/c/esep_fall_specials/th/112814_th.gif
Requested by: Host: www.123greetings.com
URL: https://www.123greetings.com/events/fall/?utm_source=Email2&utm_medium=Special_NL&utm_campaign=SNL_sep21_events
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 8.248.149.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 0a799d4080a6dbfffbe127b65a354db44e2e6ad6f22b9c59178d98b359df9454

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Sat, 14 Aug 2021 13:57:16 GMT
Last-Modified: Mon, 24 Feb 2014 09:34:50 GMT
Server: Apache/2.2.15 (CentOS)
Age: 1781095
ETag: "16f5-4f323aedd8280"
Content-Type: image/gif
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 5877
jake_test: Test_Pass
Expires: Tue, 24 Aug 2021 10:10:10 GMT

GET
H/1.1 200
OK 309943_th.jpg
i.123g.us/c/esep_fall_specials/th/ 6 KB
7 KB 21ms
20ms Image
image/jpeg 8.248.149.252
LEVEL3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.123g.us/c/esep_fall_specials/th/309943_th.jpg
Requested by: Host: www.123greetings.com
URL: https://www.123greetings.com/events/fall/?utm_source=Email2&utm_medium=Special_NL&utm_campaign=SNL_sep21_events
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 8.248.149.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 2ca5941b9c15fd99101457606a3caa97dce6a7bf434345a3b99f92a73333f4f1

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Sun, 22 Aug 2021 20:33:54 GMT
Last-Modified: Mon, 24 Feb 2014 08:10:51 GMT
Server: Apache/2.2.15 (CentOS)
Age: 1066097
ETag: "18c7-4f322828478c0"
Content-Type: image/jpeg
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 6343
jake_test: Test_Pass
Expires: Mon, 30 Aug 2021 08:12:23 GMT

GET
H/1.1 200
OK 115546_th.gif
i.123g.us/c/esep_fall_thanku/th/ 8 KB
8 KB 22ms
21ms Image
image/gif 8.248.149.252
LEVEL3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.123g.us/c/esep_fall_thanku/th/115546_th.gif
Requested by: Host: www.123greetings.com
URL: https://www.123greetings.com/events/fall/?utm_source=Email2&utm_medium=Special_NL&utm_campaign=SNL_sep21_events
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 8.248.149.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 467b9deb4eec0157bf9ba5eaa14e133f5216e6f2e3883d9f59a31eedaab315b3

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Fri, 27 Aug 2021 10:14:15 GMT
Last-Modified: Mon, 24 Feb 2014 09:44:05 GMT
Server: Apache/2.2.15 (CentOS)
Age: 671276
ETag: "1fdf-4f323cff22340"
Content-Type: image/gif
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 8159
jake_test: Test_Pass
Expires: Mon, 30 Aug 2021 15:59:29 GMT

GET
H/1.1 200
OK 104702_th.gif
i.123g.us/c/esep_fall_thanku/th/ 7 KB
7 KB 23ms
22ms Image
image/gif 8.248.149.252
LEVEL3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.123g.us/c/esep_fall_thanku/th/104702_th.gif
Requested by: Host: www.123greetings.com
URL: https://www.123greetings.com/events/fall/?utm_source=Email2&utm_medium=Special_NL&utm_campaign=SNL_sep21_events
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 8.248.149.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 3c7183c4de043ccc6a810792aa695847e316969d59069dfa9f014c8fd9a2e04b

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Fri, 20 Aug 2021 13:56:46 GMT
Last-Modified: Wed, 05 Aug 2015 17:23:29 GMT
Server: Apache/2.2.15 (CentOS)
Age: 1262725
ETag: "1b32-51c93a9420640"
Content-Type: image/gif
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 6962
jake_test: Test_Pass
Expires: Wed, 25 Aug 2021 14:39:49 GMT

GET
H/1.1 200
OK 104705_th.gif
i.123g.us/c/esep_fall_thanku/th/ 5 KB
5 KB 23ms
21ms Image
image/gif 8.248.149.252
LEVEL3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.123g.us/c/esep_fall_thanku/th/104705_th.gif
Requested by: Host: www.123greetings.com
URL: https://www.123greetings.com/events/fall/?utm_source=Email2&utm_medium=Special_NL&utm_campaign=SNL_sep21_events
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 8.248.149.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 21cc852b9403de27f0365e24f9424d97eaabb55f4405f998f7c5a1d330c66fac

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Sun, 15 Aug 2021 07:40:53 GMT
Last-Modified: Mon, 24 Feb 2014 08:22:57 GMT
Server: Apache/2.2.15 (CentOS)
Age: 1717278
ETag: "13c7-4f322adca5a40"
Content-Type: image/gif
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 5063
jake_test: Test_Pass
Expires: Sun, 15 Aug 2021 07:55:53 GMT

GET
H/1.1 200
OK 104680_th.gif
i.123g.us/c/esep_fall_missing/th/ 5 KB
5 KB 22ms
21ms Image
image/gif 8.248.149.252
LEVEL3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.123g.us/c/esep_fall_missing/th/104680_th.gif
Requested by: Host: www.123greetings.com
URL: https://www.123greetings.com/events/fall/?utm_source=Email2&utm_medium=Special_NL&utm_campaign=SNL_sep21_events
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 8.248.149.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: efa057ea04dd22d35f041563a01808a82244d6b8972478983b17ba9ee5161deb

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Sat, 28 Aug 2021 09:49:23 GMT
Last-Modified: Mon, 24 Feb 2014 09:35:49 GMT
Server: Apache/2.2.15 (CentOS)
Age: 586368
ETag: "128b-4f323b261c740"
Content-Type: image/gif
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 4747
jake_test: Test_Pass
Expires: Wed, 01 Sep 2021 16:14:22 GMT

GET
H/1.1 200
OK 106128_th.gif
i.123g.us/c/esep_fall_missing/th/ 5 KB
5 KB 22ms
22ms Image
image/gif 8.248.149.252
LEVEL3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.123g.us/c/esep_fall_missing/th/106128_th.gif
Requested by: Host: www.123greetings.com
URL: https://www.123greetings.com/events/fall/?utm_source=Email2&utm_medium=Special_NL&utm_campaign=SNL_sep21_events
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 8.248.149.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 5a8f31073172900f31fd3d4846e4c4882317510fe834f1f8b4479ac1709377d9

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Sun, 08 Aug 2021 07:43:04 GMT
Last-Modified: Mon, 24 Feb 2014 09:35:49 GMT
Server: Apache/2.2.15 (CentOS)
Age: 2321947
ETag: "120a-4f323b261c740"
Content-Type: image/gif
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 4618
jake_test: Test_Pass
Expires: Thu, 12 Aug 2021 16:58:13 GMT

GET
H/1.1 200
OK 106125_th.gif
i.123g.us/c/esep_fall_missing/th/ 6 KB
6 KB 22ms
21ms Image
image/gif 8.248.149.252
LEVEL3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.123g.us/c/esep_fall_missing/th/106125_th.gif
Requested by: Host: www.123greetings.com
URL: https://www.123greetings.com/events/fall/?utm_source=Email2&utm_medium=Special_NL&utm_campaign=SNL_sep21_events
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 8.248.149.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 6b69d3e8cfca6fe61ca962b3a6454050a8f49cdf976a89fab32845425fb088a1

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Sun, 08 Aug 2021 07:43:04 GMT
Last-Modified: Mon, 24 Feb 2014 09:35:49 GMT
Server: Apache/2.2.15 (CentOS)
Age: 2321947
ETag: "16b0-4f323b261c740"
Content-Type: image/gif
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 5808
jake_test: Test_Pass
Expires: Tue, 10 Aug 2021 07:13:04 GMT

GET
H/1.1 200
OK 115425_th.gif
i.123g.us/c/esep_fall_friends/th/ 8 KB
8 KB 22ms
21ms Image
image/gif 8.248.149.252
LEVEL3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.123g.us/c/esep_fall_friends/th/115425_th.gif
Requested by: Host: www.123greetings.com
URL: https://www.123greetings.com/events/fall/?utm_source=Email2&utm_medium=Special_NL&utm_campaign=SNL_sep21_events
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 8.248.149.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: ce780ce3a0e733e4802151f8e36fed91117d10ca236edae8bf10915ffa9a1931

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Wed, 25 Aug 2021 01:38:27 GMT
Last-Modified: Mon, 24 Feb 2014 08:17:32 GMT
Server: Apache/2.2.15 (CentOS)
Age: 875024
ETag: "1e84-4f3229a6b3f00"
Content-Type: image/gif
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 7812
jake_test: Test_Pass
Expires: Wed, 25 Aug 2021 14:39:49 GMT

GET
H/1.1 200
OK 104564_th.gif
i.123g.us/c/esep_fall_friends/th/ 7 KB
8 KB 23ms
22ms Image
image/gif 8.248.149.252
LEVEL3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.123g.us/c/esep_fall_friends/th/104564_th.gif
Requested by: Host: www.123greetings.com
URL: https://www.123greetings.com/events/fall/?utm_source=Email2&utm_medium=Special_NL&utm_campaign=SNL_sep21_events
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 8.248.149.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: bb7ac578b3a44f14bb081020aaadd876a144c276842c9f8112d1b2efa45af947

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Tue, 10 Aug 2021 21:50:56 GMT
Last-Modified: Mon, 24 Feb 2014 08:17:32 GMT
Server: Apache/2.2.15 (CentOS)
Age: 2098275
ETag: "1dac-4f3229a6b3f00"
Content-Type: image/gif
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 7596
jake_test: Test_Pass
Expires: Sun, 22 Aug 2021 04:50:03 GMT

GET
H/1.1 200
OK 106068_th.gif
i.123g.us/c/esep_fall_friends/th/ 8 KB
8 KB 22ms
21ms Image
image/gif 8.248.149.252
LEVEL3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.123g.us/c/esep_fall_friends/th/106068_th.gif
Requested by: Host: www.123greetings.com
URL: https://www.123greetings.com/events/fall/?utm_source=Email2&utm_medium=Special_NL&utm_campaign=SNL_sep21_events
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 8.248.149.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: b389c3373b35c43d555f22fff4b401371dd5190f2f01cbff08b7e439fc5b2bd4

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Mon, 23 Aug 2021 15:08:28 GMT
Last-Modified: Tue, 27 Sep 2016 12:11:28 GMT
Server: Apache/2.2.15 (CentOS)
Age: 999223
ETag: "1f9f-53d7c24e85c00"
Content-Type: image/gif
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 8095
jake_test: Test_Pass
Expires: Wed, 25 Aug 2021 14:39:49 GMT

GET
H/1.1 200
OK 104556_th.gif
i.123g.us/c/esep_fall_flowers/th/ 7 KB
7 KB 29ms
21ms Image
image/gif 8.248.149.252
LEVEL3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.123g.us/c/esep_fall_flowers/th/104556_th.gif
Requested by: Host: www.123greetings.com
URL: https://www.123greetings.com/events/fall/?utm_source=Email2&utm_medium=Special_NL&utm_campaign=SNL_sep21_events
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 8.248.149.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 49012a03034751182bec7d9d13f321f6870622af0fac77e7eb1fd49dfc164d4a

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Mon, 09 Aug 2021 14:08:36 GMT
Last-Modified: Mon, 24 Feb 2014 08:30:44 GMT
Server: Apache/2.2.15 (CentOS)
Age: 2212415
ETag: "1b9f-4f322c9a03500"
Content-Type: image/gif
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 7071
jake_test: Test_Pass
Expires: Sun, 15 Aug 2021 08:00:54 GMT

GET
H/1.1 200
OK 104554_th.gif
i.123g.us/c/esep_fall_flowers/th/ 6 KB
6 KB 26ms
20ms Image
image/gif 8.248.149.252
LEVEL3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.123g.us/c/esep_fall_flowers/th/104554_th.gif
Requested by: Host: www.123greetings.com
URL: https://www.123greetings.com/events/fall/?utm_source=Email2&utm_medium=Special_NL&utm_campaign=SNL_sep21_events
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 8.248.149.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 701fb83bf8bc8b07dbb24c8caac66b8106df94943c890754d7f08532ab3050da

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Thu, 19 Aug 2021 22:54:00 GMT
Last-Modified: Mon, 24 Feb 2014 09:50:12 GMT
Server: Apache/2.2.15 (CentOS)
Age: 1316891
ETag: "1839-4f323e5d21d00"
Content-Type: image/gif
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 6201
jake_test: Test_Pass
Expires: Wed, 01 Sep 2021 16:14:22 GMT

GET
H/1.1 200
OK 106056_th.gif
i.123g.us/c/esep_fall_flowers/th/ 8 KB
8 KB 23ms
21ms Image
image/gif 8.248.149.252
LEVEL3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.123g.us/c/esep_fall_flowers/th/106056_th.gif
Requested by: Host: www.123greetings.com
URL: https://www.123greetings.com/events/fall/?utm_source=Email2&utm_medium=Special_NL&utm_campaign=SNL_sep21_events
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 8.248.149.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 8ecc5152f7343777baea83373a5007e3a570322842552f886d68072dfa9c7324

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Mon, 09 Aug 2021 14:08:36 GMT
Last-Modified: Mon, 24 Feb 2014 09:50:12 GMT
Server: Apache/2.2.15 (CentOS)
Age: 2212415
ETag: "1ee3-4f323e5d21d00"
Content-Type: image/gif
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 7907
jake_test: Test_Pass
Expires: Fri, 20 Aug 2021 10:31:50 GMT

GET
H/1.1 200
OK cal_block1.gif
i.123g.us/images/special_block/ 43 KB
43 KB 25ms
24ms Image
image/gif 8.248.149.252
LEVEL3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.123g.us/images/special_block/cal_block1.gif
Requested by: Host: www.123greetings.com
URL: https://www.123greetings.com/events/fall/?utm_source=Email2&utm_medium=Special_NL&utm_campaign=SNL_sep21_events
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 8.248.149.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: c202f71f67589c6ea3b4fad81228a743f963bea617033a4645b1a74a8e2776f1

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Sun, 22 Aug 2021 13:08:44 GMT
Last-Modified: Mon, 05 Jul 2021 06:17:07 GMT
Server: Apache/2.2.15 (CentOS)
Age: 1092807
ETag: "abcf-5c65a41367ec0"
Content-Type: image/gif
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 43983
jake_test: Test_Pass
Expires: Fri, 27 Aug 2021 07:17:47 GMT

GET
H/1.1 200
OK 119069_ic.gif
i.123g.us/c/esep_fall_happy/ic/ 4 KB
4 KB 21ms
20ms Image
image/gif 8.248.149.252
LEVEL3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.123g.us/c/esep_fall_happy/ic/119069_ic.gif
Requested by: Host: www.123greetings.com
URL: https://www.123greetings.com/events/fall/?utm_source=Email2&utm_medium=Special_NL&utm_campaign=SNL_sep21_events
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 8.248.149.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: de6b1569f10d67682062caaa40c437ba7710fc5f9fc601169f0be9fc1fc4eb44

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Mon, 23 Aug 2021 15:08:28 GMT
Last-Modified: Tue, 12 Sep 2017 07:08:58 GMT
Server: Apache/2.2.15 (CentOS)
Age: 999223
ETag: "ecf-558f8b78a9680"
Content-Type: image/gif
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3791
jake_test: Test_Pass
Expires: Sat, 28 Aug 2021 05:50:31 GMT

GET
H/1.1 200
OK 106120_ic.gif
i.123g.us/c/esep_fall_love/ic/ 3 KB
3 KB 22ms
21ms Image
image/gif 8.248.149.252
LEVEL3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.123g.us/c/esep_fall_love/ic/106120_ic.gif
Requested by: Host: www.123greetings.com
URL: https://www.123greetings.com/events/fall/?utm_source=Email2&utm_medium=Special_NL&utm_campaign=SNL_sep21_events
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 8.248.149.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: ac98f80abb0ecf69b2eac3d98a7896daa62bb223084c5073ddd56fd77541febb

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Sat, 14 Aug 2021 13:26:01 GMT
Last-Modified: Mon, 24 Feb 2014 09:37:34 GMT
Server: Apache/2.2.15 (CentOS)
Age: 1782970
ETag: "b32-4f323b8a3f380"
Content-Type: image/gif
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2866
jake_test: Test_Pass
Expires: Sat, 28 Aug 2021 12:40:18 GMT

GET
H/1.1 200
OK 106117_ic.gif
i.123g.us/c/esep_fall_love/ic/ 3 KB
4 KB 40ms
39ms Image
image/gif 8.248.149.252
LEVEL3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.123g.us/c/esep_fall_love/ic/106117_ic.gif
Requested by: Host: www.123greetings.com
URL: https://www.123greetings.com/events/fall/?utm_source=Email2&utm_medium=Special_NL&utm_campaign=SNL_sep21_events
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 8.248.149.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 9e9fd99987af15246e14306757980986239d79241971767883173787fefc636a

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Fri, 27 Aug 2021 22:37:34 GMT
Last-Modified: Mon, 24 Feb 2014 09:37:34 GMT
Server: Apache/2.2.15 (CentOS)
Age: 626677
ETag: "d8c-4f323b8a3f380"
Content-Type: image/gif
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3468
jake_test: Test_Pass
Expires: Sat, 28 Aug 2021 12:40:18 GMT

GET
H/1.1 200
OK 104599_ic.gif
i.123g.us/c/esep_fall_happy/ic/ 4 KB
4 KB 38ms
35ms Image
image/gif 8.248.149.252
LEVEL3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.123g.us/c/esep_fall_happy/ic/104599_ic.gif
Requested by: Host: www.123greetings.com
URL: https://www.123greetings.com/events/fall/?utm_source=Email2&utm_medium=Special_NL&utm_campaign=SNL_sep21_events
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 8.248.149.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 4842d520e08464045d716e75eb1779ad28f7e13814835e3f3576611b9feab7df

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Sun, 22 Aug 2021 01:41:26 GMT
Last-Modified: Mon, 24 Feb 2014 09:39:33 GMT
Server: Apache/2.2.15 (CentOS)
Age: 1134045
ETag: "e59-4f323bfbbbf40"
Content-Type: image/gif
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3673
jake_test: Test_Pass
Expires: Mon, 30 Aug 2021 21:22:49 GMT

GET
H/1.1 200
OK 106076_ic.gif
i.123g.us/c/esep_fall_happy/ic/ 3 KB
4 KB 40ms
38ms Image
image/gif 8.248.149.252
LEVEL3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.123g.us/c/esep_fall_happy/ic/106076_ic.gif
Requested by: Host: www.123greetings.com
URL: https://www.123greetings.com/events/fall/?utm_source=Email2&utm_medium=Special_NL&utm_campaign=SNL_sep21_events
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 8.248.149.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: b861cfb1905d4d7c84059d9bdc98d4b3f318f5cd0ed3a02f7d85b4ea3caa6ec5

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Fri, 27 Aug 2021 22:37:34 GMT
Last-Modified: Mon, 24 Feb 2014 09:39:33 GMT
Server: Apache/2.2.15 (CentOS)
Age: 626677
ETag: "c9f-4f323bfbbbf40"
Content-Type: image/gif
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3231
jake_test: Test_Pass
Expires: Mon, 30 Aug 2021 10:47:05 GMT

GET
H/1.1 200
OK 106168_ic.gif
i.123g.us/c/esep_fall_poem/ic/ 4 KB
4 KB 37ms
34ms Image
image/gif 8.248.149.252
LEVEL3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.123g.us/c/esep_fall_poem/ic/106168_ic.gif
Requested by: Host: www.123greetings.com
URL: https://www.123greetings.com/events/fall/?utm_source=Email2&utm_medium=Special_NL&utm_campaign=SNL_sep21_events
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 8.248.149.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 7907550d56b3bc99a272e14a3f59df2d09cbca431a64b1f5692d09b6c181f8b3

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Sat, 28 Aug 2021 17:35:25 GMT
Last-Modified: Mon, 24 Feb 2014 09:50:12 GMT
Server: Apache/2.2.15 (CentOS)
Age: 558406
ETag: "ef5-4f323e5d21d00"
Content-Type: image/gif
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3829
jake_test: Test_Pass
Expires: Sat, 28 Aug 2021 17:50:25 GMT

GET
H/1.1 200
OK 123915_ic.gif
i.123g.us/c/esep_fall_happy/ic/ 4 KB
4 KB 38ms
36ms Image
image/gif 8.248.149.252
LEVEL3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.123g.us/c/esep_fall_happy/ic/123915_ic.gif
Requested by: Host: www.123greetings.com
URL: https://www.123greetings.com/events/fall/?utm_source=Email2&utm_medium=Special_NL&utm_campaign=SNL_sep21_events
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 8.248.149.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 02d67caea88317886c195472fb9f5d38cb91c565ea96494204cab51d10c8db0e

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Thu, 26 Aug 2021 20:02:35 GMT
Last-Modified: Mon, 24 Feb 2014 09:39:33 GMT
Server: Apache/2.2.15 (CentOS)
Age: 722376
ETag: "fc4-4f323bfbbbf40"
Content-Type: image/gif
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 4036
jake_test: Test_Pass
Expires: Fri, 03 Sep 2021 11:00:44 GMT

GET
H/1.1 200
OK 104692_ic.gif
i.123g.us/c/esep_fall_specials/ic/ 3 KB
4 KB 35ms
35ms Image
image/gif 8.248.149.252
LEVEL3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.123g.us/c/esep_fall_specials/ic/104692_ic.gif
Requested by: Host: www.123greetings.com
URL: https://www.123greetings.com/events/fall/?utm_source=Email2&utm_medium=Special_NL&utm_campaign=SNL_sep21_events
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 8.248.149.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 3ed79e3ac08968102787cbf6064b0bc103e886b15360946315708a95f88b86d0

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Tue, 17 Aug 2021 14:53:25 GMT
Last-Modified: Mon, 24 Feb 2014 09:34:49 GMT
Server: Apache/2.2.15 (CentOS)
Age: 1518526
ETag: "d8a-4f323aece4040"
Content-Type: image/gif
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3466
jake_test: Test_Pass
Expires: Sun, 22 Aug 2021 02:49:03 GMT

GET
H/1.1 200
OK 330582_ic.gif
i.123g.us/c/esep_fall_happy/ic/ 3 KB
3 KB 27ms
23ms Image
image/gif 8.248.149.252
LEVEL3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.123g.us/c/esep_fall_happy/ic/330582_ic.gif
Requested by: Host: www.123greetings.com
URL: https://www.123greetings.com/events/fall/?utm_source=Email2&utm_medium=Special_NL&utm_campaign=SNL_sep21_events
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 8.248.149.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 6bafdc8a6b2f45c69726d91008ce98744ec49146ba44107d9e35e5eb7b1e9da2

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Sun, 22 Aug 2021 20:34:34 GMT
Last-Modified: Fri, 08 Sep 2017 13:43:25 GMT
Server: Apache/2.2.15 (CentOS)
Age: 1066057
ETag: "afc-558adc2d6d940"
Content-Type: image/gif
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2812
jake_test: Test_Pass
Expires: Wed, 01 Sep 2021 15:32:21 GMT

GET
H/1.1 200
OK 309810_ic.gif
i.123g.us/c/esep_fall_happy/ic/ 3 KB
3 KB 26ms
23ms Image
image/gif 8.248.149.252
LEVEL3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.123g.us/c/esep_fall_happy/ic/309810_ic.gif
Requested by: Host: www.123greetings.com
URL: https://www.123greetings.com/events/fall/?utm_source=Email2&utm_medium=Special_NL&utm_campaign=SNL_sep21_events
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 8.248.149.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: a19c83274d8c3c10554c7444c1982cd229d7d1552f599da1c52d466d18fa5247

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Fri, 20 Aug 2021 11:37:01 GMT
Last-Modified: Fri, 18 Sep 2015 05:32:48 GMT
Server: Apache/2.2.15 (CentOS)
Age: 1271110
ETag: "a7d-51ffedcac8000"
Content-Type: image/gif
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2685
jake_test: Test_Pass
Expires: Wed, 25 Aug 2021 09:34:52 GMT

GET
H/1.1 200
OK 112659_ic.gif
i.123g.us/c/esep_fall_happy/ic/ 3 KB
3 KB 27ms
24ms Image
image/gif 8.248.149.252
LEVEL3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.123g.us/c/esep_fall_happy/ic/112659_ic.gif
Requested by: Host: www.123greetings.com
URL: https://www.123greetings.com/events/fall/?utm_source=Email2&utm_medium=Special_NL&utm_campaign=SNL_sep21_events
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 8.248.149.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 1495669716c7292ef54bbc4ab4a07a81eaf9f1c6b6a697362b6feb75d4d974b1

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Mon, 09 Aug 2021 12:56:14 GMT
Last-Modified: Mon, 24 Feb 2014 08:17:04 GMT
Server: Apache/2.2.15 (CentOS)
Age: 2216757
ETag: "b76-4f32298c00000"
Content-Type: image/gif
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2934
jake_test: Test_Pass
Expires: Sun, 15 Aug 2021 04:52:08 GMT

GET
H/1.1 200
OK 111542_ic.gif
i.123g.us/c/esep_fall_love/ic/ 3 KB
3 KB 26ms
23ms Image
image/gif 8.248.149.252
LEVEL3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.123g.us/c/esep_fall_love/ic/111542_ic.gif
Requested by: Host: www.123greetings.com
URL: https://www.123greetings.com/events/fall/?utm_source=Email2&utm_medium=Special_NL&utm_campaign=SNL_sep21_events
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 8.248.149.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: a7653c0894ff81630bf0c6670945fad9283c95b5fa4cb68776de02b1941ccb4e

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Fri, 20 Aug 2021 12:01:20 GMT
Last-Modified: Mon, 24 Feb 2014 09:37:34 GMT
Server: Apache/2.2.15 (CentOS)
Age: 1269651
ETag: "b75-4f323b8a3f380"
Content-Type: image/gif
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2933
jake_test: Test_Pass
Expires: Tue, 24 Aug 2021 10:12:48 GMT

GET
H/1.1 200
OK 112814_ic.gif
i.123g.us/c/esep_fall_specials/ic/ 2 KB
3 KB 22ms
20ms Image
image/gif 8.248.149.252
LEVEL3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.123g.us/c/esep_fall_specials/ic/112814_ic.gif
Requested by: Host: www.123greetings.com
URL: https://www.123greetings.com/events/fall/?utm_source=Email2&utm_medium=Special_NL&utm_campaign=SNL_sep21_events
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 8.248.149.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 8b2ae633ac080271dc61d3b612168791b70664548097d76d90f65b9d8ab6a94a

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Thu, 19 Aug 2021 21:06:28 GMT
Last-Modified: Mon, 24 Feb 2014 09:34:49 GMT
Server: Apache/2.2.15 (CentOS)
Age: 1323343
ETag: "9af-4f323aece4040"
Content-Type: image/gif
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2479
jake_test: Test_Pass
Expires: Thu, 19 Aug 2021 21:21:28 GMT

GET
H/1.1 200
OK 104680_ic.gif
i.123g.us/c/esep_fall_missing/ic/ 3 KB
3 KB 26ms
24ms Image
image/gif 8.248.149.252
LEVEL3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.123g.us/c/esep_fall_missing/ic/104680_ic.gif
Requested by: Host: www.123greetings.com
URL: https://www.123greetings.com/events/fall/?utm_source=Email2&utm_medium=Special_NL&utm_campaign=SNL_sep21_events
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 8.248.149.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: a34d7888784392bc2af4c5dfaeaf0758292841396e14a4aaeba2f00962cdc660

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Sun, 15 Aug 2021 07:40:54 GMT
Last-Modified: Mon, 24 Feb 2014 09:35:49 GMT
Server: Apache/2.2.15 (CentOS)
Age: 1717277
ETag: "bff-4f323b261c740"
Content-Type: image/gif
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3071
jake_test: Test_Pass
Expires: Thu, 02 Sep 2021 11:19:15 GMT

GET
H/1.1 200
OK 119055_ic.gif
i.123g.us/c/esep_fall_happy/ic/ 3 KB
3 KB 25ms
23ms Image
image/gif 8.248.149.252
LEVEL3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.123g.us/c/esep_fall_happy/ic/119055_ic.gif
Requested by: Host: www.123greetings.com
URL: https://www.123greetings.com/events/fall/?utm_source=Email2&utm_medium=Special_NL&utm_campaign=SNL_sep21_events
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 8.248.149.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: afff8b457f58eff10d6c36cc20fa2b30479d1ac83c1ccc32f4d83b44b2ba922e

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Sat, 28 Aug 2021 17:35:26 GMT
Last-Modified: Mon, 24 Feb 2014 09:39:33 GMT
Server: Apache/2.2.15 (CentOS)
Age: 558405
ETag: "a50-4f323bfbbbf40"
Content-Type: image/gif
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2640
jake_test: Test_Pass
Expires: Thu, 02 Sep 2021 21:28:16 GMT

GET
H/1.1 200
OK jquery-1.11.1.js Show response
c.123g.us/js2/ 94 KB
33 KB 26ms
21ms Script
text/javascript 8.248.149.252
LEVEL3

General

Check archive.org

Show headers Download Go to

Full URL: https://c.123g.us/js2/jquery-1.11.1.js
Requested by: Host: www.123greetings.com
URL: https://www.123greetings.com/events/fall/?utm_source=Email2&utm_medium=Special_NL&utm_campaign=SNL_sep21_events
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 8.248.149.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 91222f96f34735ebc88df208017e54d4329b9202e3e52367fb8b149698a1a5ef

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Thu, 26 Aug 2021 21:34:02 GMT
Content-Encoding: gzip
Last-Modified: Tue, 07 Mar 2017 11:41:22 GMT
Server: Apache/2.2.15 (CentOS)
Age: 716889
ETag: "2c463-1762e-54a227db65c80"
Vary: Accept-Encoding
Content-Type: text/javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 33234
jake_test: Test_Pass

GET
H/1.1 200
OK jquery-migrate-1.2.1.min.js Show response
c.123g.us/js2/ 7 KB
3 KB 80ms
20ms Script
text/javascript 8.248.149.252
LEVEL3

General

Check archive.org

Show headers Download Go to

Full URL: https://c.123g.us/js2/jquery-migrate-1.2.1.min.js
Requested by: Host: www.123greetings.com
URL: https://www.123greetings.com/events/fall/?utm_source=Email2&utm_medium=Special_NL&utm_campaign=SNL_sep21_events
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 8.248.149.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 5336fb757df91e343cca414c112da532ff47f3d40b0d6e1b3c39ea00c8e24ab6

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Thu, 26 Aug 2021 21:34:02 GMT
Content-Encoding: gzip
Last-Modified: Tue, 07 Mar 2017 11:41:22 GMT
Server: Apache/2.2.15 (CentOS)
Age: 716889
ETag: "2c442-1cb3-54a227db65c80"
Vary: Accept-Encoding
Content-Type: text/javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3152
jake_test: Test_Pass

GET
H/1.1 200
OK swfobject.js Show response
c.123g.us/js2/ 10 KB
4 KB 80ms
20ms Script
text/javascript 8.248.149.252
LEVEL3

General

Check archive.org

Show headers Download Go to

Full URL: https://c.123g.us/js2/swfobject.js
Requested by: Host: www.123greetings.com
URL: https://www.123greetings.com/events/fall/?utm_source=Email2&utm_medium=Special_NL&utm_campaign=SNL_sep21_events
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 8.248.149.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: cafd612ebd6bc497a7a05d3dfef133a0b793f1e04e277b31c424d6d8892a1d48

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Tue, 24 Aug 2021 18:35:56 GMT
Content-Encoding: gzip
Last-Modified: Fri, 21 Apr 2017 06:58:31 GMT
Server: Apache/2.2.15 (CentOS)
Age: 900375
ETag: "261f-54da7c90553c0"
Vary: Accept-Encoding
Content-Type: text/javascript
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3868
jake_test: Test_Pass
Expires: Wed, 25 Aug 2021 07:33:04 GMT

GET
H/1.1 200
OK swfupload.js Show response
c.123g.us/js2/ 20 KB
5 KB 84ms
20ms Script
text/javascript 8.248.149.252
LEVEL3

General

Check archive.org

Show headers Download Go to

Full URL: https://c.123g.us/js2/swfupload.js
Requested by: Host: www.123greetings.com
URL: https://www.123greetings.com/events/fall/?utm_source=Email2&utm_medium=Special_NL&utm_campaign=SNL_sep21_events
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 8.248.149.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 22428f9093ad269f49827ae21c713dfbad293be5816f50b68fcf2e2527b05d9b

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Sat, 28 Aug 2021 21:58:01 GMT
Content-Encoding: gzip
Last-Modified: Fri, 21 Apr 2017 06:58:31 GMT
Server: Apache/2.2.15 (CentOS)
Age: 542650
ETag: "4f77-54da7c90553c0"
Vary: Accept-Encoding
Content-Type: text/javascript
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 4833
jake_test: Test_Pass
Expires: Tue, 31 Aug 2021 02:03:29 GMT

GET
H/1.1 200
OK 123g_utils_v1.js Show response
c.123g.us/js2/ 123 KB
30 KB 56ms
21ms Script
text/javascript 8.248.149.252
LEVEL3

General

Check archive.org

Show headers Download Go to

Full URL: https://c.123g.us/js2/123g_utils_v1.js
Requested by: Host: www.123greetings.com
URL: https://www.123greetings.com/events/fall/?utm_source=Email2&utm_medium=Special_NL&utm_campaign=SNL_sep21_events
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 8.248.149.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 0fbe8ac90edf1af5508d89417ab916da0892806ca5259c435ef897160dca6daa

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Fri, 06 Aug 2021 06:10:59 GMT
Content-Encoding: gzip
Last-Modified: Fri, 04 Jun 2021 12:51:22 GMT
Server: Apache/2.2.15 (CentOS)
Age: 2500272
ETag: "2c3d8-1ed3a-5c3f026148680"
Vary: Accept-Encoding
Content-Type: text/javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 30667
jake_test: Test_Pass

GET
H/1.1 200
OK utilsopt.js Show response
c.123g.us/js2/ 22 KB
7 KB 30ms
20ms Script
text/javascript 8.248.149.252
LEVEL3

General

Check archive.org

Show headers Download Go to

Full URL: https://c.123g.us/js2/utilsopt.js
Requested by: Host: www.123greetings.com
URL: https://www.123greetings.com/events/fall/?utm_source=Email2&utm_medium=Special_NL&utm_campaign=SNL_sep21_events
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 8.248.149.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 0ae485367eb0862700624f4b18563586fe0fd2ecd7abd1efb8a4896ead71fdd3

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Thu, 26 Aug 2021 18:39:58 GMT
Content-Encoding: gzip
Last-Modified: Wed, 04 Nov 2020 10:41:25 GMT
Server: Apache/2.2.15 (CentOS)
Age: 727333
ETag: "57b2-5b3459efc3f40"
Vary: Accept-Encoding
Content-Type: text/javascript
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 6801
jake_test: Test_Pass
Expires: Thu, 26 Aug 2021 18:55:00 GMT

GET
H/1.1 200
OK 123g_category.js Show response
c.123g.us/js2/ 4 KB
2 KB 23ms
20ms Script
text/javascript 8.248.149.252
LEVEL3

General

Check archive.org

Show headers Download Go to

Full URL: https://c.123g.us/js2/123g_category.js
Requested by: Host: www.123greetings.com
URL: https://www.123greetings.com/events/fall/?utm_source=Email2&utm_medium=Special_NL&utm_campaign=SNL_sep21_events
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 8.248.149.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 70d0aa1a7429573e8d63a5d732a2bc27150ac345ca82e3550d5d3a4a148508df

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Thu, 12 Aug 2021 07:45:16 GMT
Content-Encoding: gzip
Last-Modified: Tue, 22 Sep 2020 12:15:48 GMT
Server: Apache/2.2.15 (CentOS)
Age: 1976215
ETag: "1165-5afe5ed59a500"
Vary: Accept-Encoding
Content-Type: text/javascript
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1801
jake_test: Test_Pass
Expires: Thu, 12 Aug 2021 08:00:16 GMT

GET
H/1.1 200
OK rakpanel.js Show response
c.123g.us/js2/ 3 KB
2 KB 24ms
19ms Script
text/javascript 8.248.149.252
LEVEL3

General

Check archive.org

Show headers Download Go to

Full URL: https://c.123g.us/js2/rakpanel.js
Requested by: Host: www.123greetings.com
URL: https://www.123greetings.com/events/fall/?utm_source=Email2&utm_medium=Special_NL&utm_campaign=SNL_sep21_events
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 8.248.149.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: f48f1b088976f2de3bb46a5c5bc609160ef0a6f919109e08f784596b0a93b7d8

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Mon, 30 Aug 2021 00:05:51 GMT
Content-Encoding: gzip
Last-Modified: Thu, 09 Aug 2018 13:50:01 GMT
Server: Apache/2.2.15 (CentOS)
Age: 448580
ETag: "d4c-57300e747f440"
Vary: Accept-Encoding
Content-Type: text/javascript
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1626
jake_test: Test_Pass
Expires: Mon, 30 Aug 2021 11:15:29 GMT

GET
H/1.1 200
OK jquery.bxslider_new.js Show response
c.123g.us/js2/ 20 KB
5 KB 25ms
20ms Script
text/javascript 8.248.149.252
LEVEL3

General

Check archive.org

Show headers Download Go to

Full URL: https://c.123g.us/js2/jquery.bxslider_new.js
Requested by: Host: www.123greetings.com
URL: https://www.123greetings.com/events/fall/?utm_source=Email2&utm_medium=Special_NL&utm_campaign=SNL_sep21_events
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 8.248.149.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 8528e6f56a5fbfa15ce727fee044cc8cb3f859689aa35a43691819981fc73cbb

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Tue, 17 Aug 2021 14:49:17 GMT
Content-Encoding: gzip
Last-Modified: Fri, 21 Apr 2017 06:58:31 GMT
Server: Apache/2.2.15 (CentOS)
Age: 1518774
ETag: "50ba-54da7c90553c0"
Vary: Accept-Encoding
Content-Type: text/javascript
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 5210
jake_test: Test_Pass
Expires: Tue, 17 Aug 2021 15:10:38 GMT

GET
H/1.1 200
OK jquery.ajax_autocomplete.js Show response
c.123g.us/js2/ 32 KB
10 KB 54ms
52ms Script
text/javascript 8.248.149.252
LEVEL3

General

Check archive.org

Show headers Download Go to

Full URL: https://c.123g.us/js2/jquery.ajax_autocomplete.js
Requested by: Host: www.123greetings.com
URL: https://www.123greetings.com/events/fall/?utm_source=Email2&utm_medium=Special_NL&utm_campaign=SNL_sep21_events
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 8.248.149.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 969cfdee4bd0977fdc16895cc9f97e342e7f722518333f2145a0ea47f8662944

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Thu, 12 Aug 2021 02:48:33 GMT
Content-Encoding: gzip
Last-Modified: Wed, 14 Oct 2020 08:18:53 GMT
Server: Apache/2.2.15 (CentOS)
Age: 1994018
ETag: "7f11-5b19d2e943540"
Vary: Accept-Encoding
Content-Type: text/javascript
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 9770
jake_test: Test_Pass
Expires: Thu, 12 Aug 2021 08:00:16 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 138 KB
48 KB 60ms
59ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: www.123greetings.com
URL: https://www.123greetings.com/events/fall/?utm_source=Email2&utm_medium=Special_NL&utm_campaign=SNL_sep21_events

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d42551b36f344c14cbab00492d682f78ff716f25436e56f2ec19605017f49071

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:42:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 49509
x-xss-protection: 0
server: cafe
etag: 7468415767210843005
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Sat, 04 Sep 2021 04:42:11 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 101 KB
40 KB 20ms
19ms Script
application/javascript 2a00:1450:4001:829::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-5085183-1

Requested by

Host: www.123greetings.com
URL: https://www.123greetings.com/events/fall/?utm_source=Email2&utm_medium=Special_NL&utm_campaign=SNL_sep21_events

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

07a40e887b2d93433ae2629f7cdcc1b2277d880e0a402926d8c537915768628b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:42:11 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 41194
x-xss-protection: 0
last-modified: Sat, 04 Sep 2021 03:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sat, 04 Sep 2021 04:42:11 GMT

GET
H/1.1 200
OK styleopt_R1.css
c.123g.us/css/ 80 KB
16 KB 43ms
21ms Stylesheet
text/css 8.248.149.252
LEVEL3

General

Check archive.org

Show headers Download Go to

Full URL: https://c.123g.us/css/styleopt_R1.css
Requested by: Host: c.123g.us
URL: https://c.123g.us/css/categories_R1.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 8.248.149.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: f1e39db75b34ff4da77fbb5d728ae7278c79ab84cd41553cbe757463d8a38796

Request headers

Referer: https://c.123g.us/css/categories_R1.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Wed, 25 Aug 2021 21:40:47 GMT
Content-Encoding: gzip
Last-Modified: Fri, 28 May 2021 11:38:55 GMT
Server: Apache/2.2.15 (CentOS)
Age: 802884
ETag: "13f87-5c3625216f1c0"
Vary: Accept-Encoding
Content-Type: text/css
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 16152
jake_test: Test_Pass
Expires: Wed, 25 Aug 2021 21:55:55 GMT

GET
H/1.1 200
OK modal_window_R1.css
c.123g.us/css/ 33 KB
7 KB 63ms
20ms Stylesheet
text/css 8.248.149.252
LEVEL3

General

Check archive.org

Show headers Download Go to

Full URL: https://c.123g.us/css/modal_window_R1.css
Requested by: Host: c.123g.us
URL: https://c.123g.us/css/categories_R1.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 8.248.149.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: c40c9c0117af4abd3ab87c81eb1725c442ec682095d29cc8bc2206e3e5ac1c23

Request headers

Referer: https://c.123g.us/css/categories_R1.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Wed, 11 Aug 2021 08:16:17 GMT
Content-Encoding: gzip
Last-Modified: Wed, 10 Jun 2020 09:39:02 GMT
Server: Apache/2.2.15 (CentOS)
Age: 2060754
ETag: "8220-5a7b79d367980"
Vary: Accept-Encoding
Content-Type: text/css
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 6727
jake_test: Test_Pass
Expires: Sun, 22 Aug 2021 07:33:17 GMT

GET
H/1.1 200
OK 123g_master_bg.png
c.123g.us/images/ 145 B
501 B 36ms
36ms Image
image/png 8.248.149.252
LEVEL3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.123g.us/images/123g_master_bg.png
Requested by: Host: c.123g.us
URL: https://c.123g.us/css/styleopt_R1.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 8.248.149.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: abfaa28e509b104c2edc0bd048809340d5e006ec872e1966baff8383ff8a0e22

Request headers

Referer: https://c.123g.us/css/styleopt_R1.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Sat, 07 Aug 2021 13:30:21 GMT
Last-Modified: Fri, 21 Apr 2017 06:58:09 GMT
Server: Apache/2.2.15 (CentOS)
Age: 2387510
ETag: "91-54da7c7b5a240"
Content-Type: image/png
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 145
jake_test: Test_Pass
Expires: Tue, 17 Aug 2021 21:32:38 GMT

GET
H/1.1 200
OK master_img_menu.png
c.123g.us/images/ 6 KB
6 KB 40ms
39ms Image
image/png 8.248.149.252
LEVEL3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.123g.us/images/master_img_menu.png
Requested by: Host: c.123g.us
URL: https://c.123g.us/css/styleopt_R1.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 8.248.149.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 12ba93c7b0114439929f7ac0efcdc60e6eee9da57a2fe6ce68bb969f00f4a54e

Request headers

Referer: https://c.123g.us/css/styleopt_R1.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Sat, 21 Aug 2021 12:06:49 GMT
Last-Modified: Fri, 21 Apr 2017 06:58:09 GMT
Server: Apache/2.2.15 (CentOS)
Age: 1182922
ETag: "1861-54da7c7b5a240"
Content-Type: image/png
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 6241
jake_test: Test_Pass
Expires: Sat, 21 Aug 2021 12:22:23 GMT

GET
H/1.1 200
OK icon_set_R1.png
c.123g.us/images/ 140 KB
141 KB 26ms
26ms Image
image/png 8.248.149.252
LEVEL3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.123g.us/images/icon_set_R1.png
Requested by: Host: c.123g.us
URL: https://c.123g.us/css/styleopt_R1.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 8.248.149.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 00d2454ee3db7d2a389c0e7cefd7a4b84c26a983af51e38fa9a7621c9be5f66c

Request headers

Referer: https://c.123g.us/css/styleopt_R1.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Wed, 18 Aug 2021 14:04:28 GMT
Last-Modified: Mon, 18 Nov 2019 12:30:19 GMT
Server: Apache/2.2.15 (CentOS)
Age: 1435063
ETag: "230cb-5979e1c4d2cc0"
Content-Type: image/png
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 143563
jake_test: Test_Pass
Expires: Wed, 18 Aug 2021 14:19:30 GMT

GET
H/1.1 200
OK big_img_sprite.png
c.123g.us/images/ 134 KB
134 KB 23ms
23ms Image
image/png 8.248.149.252
LEVEL3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.123g.us/images/big_img_sprite.png
Requested by: Host: c.123g.us
URL: https://c.123g.us/css/styleopt_R1.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 8.248.149.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 69303f97bf43e5d9fd7a0c8e6b5f4b49de4466684c7e2b8e2108de98e5c98483

Request headers

Referer: https://c.123g.us/css/styleopt_R1.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Fri, 27 Aug 2021 15:00:09 GMT
Last-Modified: Wed, 11 Sep 2019 08:42:36 GMT
Server: Apache/2.2.15 (CentOS)
Age: 654122
ETag: "9cd35-21653-5924300b6d700"
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 136787
jake_test: Test_Pass

GET
H/1.1 200
OK master_icon_set_2.png
c.123g.us/images/ 88 KB
88 KB 38ms
22ms Image
image/png 8.248.149.252
LEVEL3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.123g.us/images/master_icon_set_2.png
Requested by: Host: c.123g.us
URL: https://c.123g.us/css/styleopt_R1.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 8.248.149.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 89b03d4a2f2ca3d04df1fda63a5247ef31cea689a0ca553e353122ab3d22b646

Request headers

Referer: https://c.123g.us/css/styleopt_R1.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Mon, 09 Aug 2021 06:34:22 GMT
Last-Modified: Tue, 16 Feb 2021 07:04:35 GMT
Server: Apache/2.2.15 (CentOS)
Age: 2239669
ETag: "15fce-5bb6eb70666c0"
Content-Type: image/png
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 90062
jake_test: Test_Pass
Expires: Mon, 09 Aug 2021 06:50:10 GMT

GET
H/1.1 200
OK 123g_master_strip.png
c.123g.us/images/ 17 KB
17 KB 23ms
22ms Image
image/png 8.248.149.252
LEVEL3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.123g.us/images/123g_master_strip.png
Requested by: Host: c.123g.us
URL: https://c.123g.us/css/categories_R1.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 8.248.149.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: ed72690522a553c2800b9b742ddcc58fe9c221ec9047d9b27596a774908f859a

Request headers

Referer: https://c.123g.us/css/categories_R1.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Thu, 26 Aug 2021 13:33:11 GMT
Last-Modified: Tue, 07 Mar 2017 11:40:43 GMT
Server: Apache/2.2.15 (CentOS)
Age: 745740
ETag: "9cf10-4302-54a227b6344c0"
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 17154
jake_test: Test_Pass

GET
H/1.1 200
OK 123g_master_icon_set_2.png
c.123g.us/images/ 60 KB
61 KB 22ms
21ms Image
image/png 8.248.149.252
LEVEL3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.123g.us/images/123g_master_icon_set_2.png
Requested by: Host: c.123g.us
URL: https://c.123g.us/css/styleopt_R1.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 8.248.149.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 4330d4072d013510b91ca5648f210b614c2e4e8ecbea94a1f8a8373aa6068532

Request headers

Referer: https://c.123g.us/css/styleopt_R1.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Thu, 12 Aug 2021 11:32:56 GMT
Last-Modified: Tue, 16 Feb 2021 07:04:27 GMT
Server: Apache/2.2.15 (CentOS)
Age: 1962555
ETag: "9d037-f1d2-5bb6eb68c54c0"
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 61906
jake_test: Test_Pass

GET
H/1.1 200
OK request.js Show response
trkn.us/info/ 2 KB
1 KB 464ms
126ms Script
application/javascript 184.72.254.163
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://trkn.us/info/request.js?sid=1efbd474-f6d6-4c7a-ab0e-0a28232c817d&ord=2206586702.118953

Requested by

Host: www.123greetings.com
URL: https://www.123greetings.com/events/fall/?utm_source=Email2&utm_medium=Special_NL&utm_campaign=SNL_sep21_events

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

184.72.254.163 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-184-72-254-163.compute-1.amazonaws.com

Software

Apache /

Resource Hash

e60c3a63fabfeb15807369b2310092ec16fa0b72a548d1fdf08f9eb644d80beb

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 04 Sep 2021 04:42:11 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: Apache
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: keep-alive
Content-Length: 732
Expires: Sun, 01 Jan 2014 00:00:00 GMT

GET
H/1.1 200
OK addressbook.js Show response
c.123g.us/js2/ 401 KB
76 KB 43ms
42ms Script
text/javascript 8.248.149.252
LEVEL3

General

Check archive.org

Show headers Download Go to

Full URL: https://c.123g.us/js2/addressbook.js
Requested by: Host: c.123g.us
URL: https://c.123g.us/js2/jquery-1.11.1.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 8.248.149.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 82bd02cee2c77b75a28a94f51c1163035315c09ef8eafe6fa5f79f35b97424e5

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Tue, 31 Aug 2021 08:44:53 GMT
Content-Encoding: gzip
Last-Modified: Tue, 31 Aug 2021 08:44:13 GMT
Server: Apache/2.2.15 (CentOS)
Age: 331038
ETag: "2c7ab-6427b-5cad6f43cf140"
Vary: Accept-Encoding
Content-Type: text/javascript
Transfer-Encoding: chunked
Connection: keep-alive
jake_test: Test_Pass

GET
H2 200 gpt.js Show response
www.googletagservices.com/tag/js/ 70 KB
25 KB 30ms
30ms Script
text/javascript 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: c.123g.us
URL: https://c.123g.us/js2/123g_utils_v1.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

sffe /

Resource Hash

9853c133d6f835a0ff8aac88e36834c5b71e8b0ef2734979388817eb0f4097cc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:42:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "977 / 62 of 1000 / last-modified: 1630706924"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 24937
x-xss-protection: 0
expires: Sat, 04 Sep 2021 04:42:11 GMT

GET
H/1.1 200
OK esep_fall_mantle.json Show response
x.123g.us/json/ 2 KB
2 KB 95ms
22ms XHR
application/json 8.248.149.252
LEVEL3

General

Check archive.org

Show headers Download Go to

Full URL: https://x.123g.us/json/esep_fall_mantle.json
Requested by: Host: c.123g.us
URL: https://c.123g.us/js2/jquery-1.11.1.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 8.248.149.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 02813684c6f3aad1e6083b92703bf14c0c5a61cdf6a11253c6582fa93ed2fa71

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Sat, 04 Sep 2021 04:29:47 GMT
Last-Modified: Sat, 04 Sep 2021 04:19:02 GMT
Server: Apache/2.2.15 (CentOS)
Age: 744
ETag: "6dd-5cb23b73bd980"
Content-Type: application/json
Access-Control-Allow-Origin: *
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1757
jake_test: Test_Pass
Expires: Sat, 04 Sep 2021 04:44:47 GMT

GET
H/1.1 200
OK closeBtn_h.png
c.123g.us/images/ 1 KB
1 KB 20ms
19ms Image
image/png 8.248.149.252
LEVEL3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.123g.us/images/closeBtn_h.png
Requested by: Host: www.123greetings.com
URL: https://www.123greetings.com/events/fall/?utm_source=Email2&utm_medium=Special_NL&utm_campaign=SNL_sep21_events
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 8.248.149.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 1e66c06ab180f7bf3da83626313d8c1b45efa2ddd191b430ffec9993a3f9675f

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Fri, 20 Aug 2021 09:17:28 GMT
Last-Modified: Tue, 07 Mar 2017 11:40:43 GMT
Server: Apache/2.2.15 (CentOS)
Age: 1279483
ETag: "9cf1d-42a-54a227b6344c0"
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1066
jake_test: Test_Pass

GET
H/1.1 200
OK mantle_loader.gif
c.123g.us/images/ 2 KB
2 KB 22ms
22ms Image
image/gif 8.248.149.252
LEVEL3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.123g.us/images/mantle_loader.gif
Requested by: Host: www.123greetings.com
URL: https://www.123greetings.com/events/fall/?utm_source=Email2&utm_medium=Special_NL&utm_campaign=SNL_sep21_events
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 8.248.149.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 1b91d59c4bdd90f11c17f875ae27b15c1efe83d42182702f51570fcc2063fd24

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Sat, 14 Aug 2021 19:00:50 GMT
Last-Modified: Fri, 21 Apr 2017 06:58:09 GMT
Server: Apache/2.2.15 (CentOS)
Age: 1762881
ETag: "855-54da7c7b5a240"
Content-Type: image/gif
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2133
jake_test: Test_Pass
Expires: Sat, 14 Aug 2021 19:16:01 GMT

GET
H3-29 200 show_ads_impl_with_ama_fy2019.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202109010101/ 250 KB
93 KB 41ms
40ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202109010101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-8275302107693664&plah=www.123greetings.com

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

cb658d8af264091d320d32e952cb1756ea0145c2f6497b182a39e7ce4e466653

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:42:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 95178
x-xss-protection: 0
server: cafe
etag: 9330497266985682447
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Sat, 04 Sep 2021 04:42:11 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20210831/r20190131/ Frame 0D34 10 KB
5 KB 6ms
6ms Document
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20210831/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

bf5230ffb8745d28c11ae8b743868364f9be8379300bd59d235f402a53ea96ee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/html/r20210831/r20190131/zrt_lookup.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.123greetings.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://www.123greetings.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Fri, 03 Sep 2021 16:02:37 GMT
expires: Fri, 17 Sep 2021 16:02:37 GMT
content-type: text/html; charset=UTF-8
etag: 13836150016441684253
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 4591
x-xss-protection: 0
age: 45574
cache-control: public, max-age=1209600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 48 KB
19 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:829::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-5085183-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

fd222137f245c06ddb4c4d44db41f12138dad6cf8ef5d4d4a5e500f38f0c8c62

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 11 Aug 2021 00:32:57 GMT
server: Golfe2
age: 6611
date: Sat, 04 Sep 2021 02:52:00 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19747
expires: Sat, 04 Sep 2021 04:52:00 GMT

GET
H2 200 pubads_impl_2021083101.js Show response
securepubads.g.doubleclick.net/gpt/ 333 KB
117 KB 93ms
35ms Script
text/javascript 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021083101.js

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

sffe /

Resource Hash

821bdc4f69b0d71c8ee65e9e97c232e0a127004991b92133da9019dbe8f90047

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:42:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 31 Aug 2021 08:39:05 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, immutable, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 119248
x-xss-protection: 0
expires: Sat, 04 Sep 2021 04:42:11 GMT

GET
H2 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 414 B
844 B 112ms
65ms XHR
application/json 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=www.123greetings.com

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

e91e7d4b434bf577e8f9f0fef4a45ab94c41fd0493ff9e760bcd398732f6fdc4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 04 Sep 2021 04:42:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 186
x-xss-protection: 0
expires: Sat, 04 Sep 2021 04:42:11 GMT

GET
H/1.1 200
OK connect_config.js Show response
c.123g.us/js2/ 201 B
466 B 20ms
19ms Script
text/javascript 8.248.149.252
LEVEL3

General

Check archive.org

Show headers Download Go to

Full URL: https://c.123g.us/js2/connect_config.js
Requested by: Host: c.123g.us
URL: https://c.123g.us/js2/jquery-1.11.1.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 8.248.149.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 8a4a4dfac1d187a4eeaf1f9d90fae93ab7d76f1ff885b43ef1edab642f4a5c9a

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Tue, 24 Aug 2021 05:58:13 GMT
Content-Encoding: gzip
Last-Modified: Tue, 07 Mar 2017 11:41:22 GMT
Server: Apache/2.2.15 (CentOS)
Age: 945838
ETag: "2c454-c9-54a227db65c80"
Vary: Accept-Encoding
Content-Type: text/javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 120
jake_test: Test_Pass

GET
H/1.1 200
OK esep_fall_happy_mtl_01.jpg
i.123g.us/c/esep_fall_happy/mtl/ 25 KB
25 KB 25ms
24ms Image
image/jpeg 8.248.149.252
LEVEL3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.123g.us/c/esep_fall_happy/mtl/esep_fall_happy_mtl_01.jpg
Requested by: Host: www.123greetings.com
URL: https://www.123greetings.com/events/fall/?utm_source=Email2&utm_medium=Special_NL&utm_campaign=SNL_sep21_events
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 8.248.149.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Footprint Distributor V6.1.1162 /
Resource Hash: 98c0955bc640820323c4f30c88793f402e05aa2124a614bcb460f3eafbceace8

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Sun, 29 Aug 2021 13:40:56 GMT
Last-Modified: Tue, 03 Oct 2017 07:35:00 GMT
Server: Footprint Distributor V6.1.1162
Age: 486075
ETag: "6343-55a9f874fb100"
Content-Type: image/jpeg
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 25411
jake_test: Test_Pass
Expires: Thu, 02 Sep 2021 21:28:17 GMT

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 206 B
265 B 29ms
29ms Script
text/javascript 216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=www.123greetings.com&callback=_gfp_s_&client=ca-pub-8275302107693664

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202109010101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-8275302107693664&plah=www.123greetings.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.212.130 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s46-in-f2.1e100.net

Software

cafe /

Resource Hash

f7a4f2070df726492de4c3e47b46a78b77c56fe7dfc4613ff744ca0dfc11e131

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:42:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 196
x-xss-protection: 0

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 27ms
27ms Image
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=ach_evt&url=https%3A%2F%2Fwww.123greetings.com%2Fevents%2Ffall%2F%3Futm_source%3DEmail2%26utm_medium%3DSpecial_NL%26utm_campaign%3DSNL_sep21_events&tn=DIV&id=cookie_bar&cls=cookie_bar&ign=false&pw=1600&ph=1200&x=1575&y=1175

Requested by

Host: www.123greetings.com
URL: https://www.123greetings.com/events/fall/?utm_source=Email2&utm_medium=Special_NL&utm_campaign=SNL_sep21_events

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:42:11 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
165 B 20ms
19ms Script
application/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.123greetings.com

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 04 Sep 2021 04:42:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
165 B 19ms
19ms Script
application/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.123greetings.com

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 04 Sep 2021 04:42:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 03E7 0
19 B 92ms
90ms Document
text/html 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8275302107693664&output=html&adk=1812271804&adf=3025194257&lmt=1630729043&plat=1%3A16777216%2C8%3A134217728%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fwww.123greetings.com%2Fevents%2Ffall%2F%3Futm_source%3DEmail2%26utm_medium%3DSpecial_NL%26utm_campaign%3DSNL_sep21_events&ea=0&flash=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1630730531336&bpp=3&bdt=390&idt=124&shv=r20210831&mjsv=m202109010101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=3713485947411&frm=20&pv=2&ga_vid=18072530.1630730531&ga_sid=1630730531&ga_hid=97299285&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530671%2C31062297&oid=3&pvsid=4182262459636998&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=150

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-8275302107693664&output=html&adk=1812271804&adf=3025194257&lmt=1630729043&plat=1%3A16777216%2C8%3A134217728%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fwww.123greetings.com%2Fevents%2Ffall%2F%3Futm_source%3DEmail2%26utm_medium%3DSpecial_NL%26utm_campaign%3DSNL_sep21_events&ea=0&flash=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1630730531336&bpp=3&bdt=390&idt=124&shv=r20210831&mjsv=m202109010101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=3713485947411&frm=20&pv=2&ga_vid=18072530.1630730531&ga_sid=1630730531&ga_hid=97299285&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530671%2C31062297&oid=3&pvsid=4182262459636998&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=150
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.123greetings.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://www.123greetings.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Sat, 04 Sep 2021 04:42:11 GMT
server: cafe
content-length: 0
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Sat, 04-Sep-2021 04:57:11 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sat, 04 Sep 2021 04:42:11 GMT
cache-control: private

GET
H3-29 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ 72 KB
27 KB 346ms
344ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bd3a2482b7b952b621e16a05c3bb1847829d057fb1384f4c32d1362b8153e967

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:42:11 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1630496339498273"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27562
x-xss-protection: 0
expires: Sat, 04 Sep 2021 04:42:11 GMT

POST
H3-29 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 27ms
13ms XHR
text/plain 2a00:1450:4001:80e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j93&a=97299285&t=pageview&_s=1&dl=https%3A%2F%2Fwww.123greetings.com%2Fevents%2Ffall%2F%3Futm_source%3DEmail2%26utm_medium%3DSpecial_NL%26utm_campaign%3DSNL_sep21_events&ul=en-us&de=UTF-8&dt=Autumn%20Cards%2C%20Free%20Autumn%20Wishes%2C%20Greeting%20Cards%20%7C%20123%20Greetings&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YAhAAUABAAAAAC~&jid=788474353&gjid=3718746&cid=18072530.1630730531&tid=UA-5085183-1&_gid=50023498.1630730532&_r=1&gtm=2ou910&z=1731565531

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:42:11 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.123greetings.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 1 B
88 B 14ms
14ms XHR
text/plain 2a00:1450:400c:c08::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j93&tid=UA-5085183-1&cid=18072530.1630730531&jid=788474353&gjid=3718746&_gid=50023498.1630730532&_u=YAhAAUAAAAAAAC~&z=1758198667

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c08::9d Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Sat, 04 Sep 2021 04:42:11 GMT
content-type: text/plain
access-control-allow-origin: https://www.123greetings.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 integrator.js Show response
adservice.google.ch/adsid/ 107 B
853 B 112ms
42ms Script
application/javascript 2a00:1450:400d:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.ch/adsid/integrator.js?domain=www.123greetings.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021083101.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:803::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 04 Sep 2021 04:42:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 24ms
23ms Script
application/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.123greetings.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021083101.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 04 Sep 2021 04:42:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 168 KB
49 KB 940ms
940ms XHR
text/plain 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=4182262459636998&correlator=1776850524674116&output=ldjh&impl=fifs&eid=31062297&vrg=2021083101&ptt=17&sc=1&sfv=1-0-38&ecs=20210904&iu_parts=46400095%2CDesktopWeb_Category_LB%2CDesktopWeb_Category_Mrec%2CDesktopWeb_Category_SecondMrec%2CDesktopWeb_Category_LowerMrec%2CDesktopWeb_Category_BottomLrec%2CDesktopWeb_Category_BottomSecondLrec%2CDesktopWeb_Category_LowerLB%2CDesktopWeb_Category_Video%2CDesktopWeb_Category_VideoInContent&enc_prev_ius=%2F0%2F1%2C%2F0%2F2%2C%2F0%2F3%2C%2F0%2F4%2C%2F0%2F5%2C%2F0%2F6%2C%2F0%2F7%2C%2F0%2F8%2C%2F0%2F9&prev_iu_szs=728x90%2C300x250%2C300x250%2C300x250%2C300x250%2C300x250%2C970x90%7C728x90%7C970x250%2C1x1%2C1x1&cust_params=site%3D123greetings.com%26section%3Desep_fall%26page%3Dcategory&cookie=ID%3D41b49f7f71172e27-22175a89f3c8006b%3AT%3D1630730531%3ART%3D1630730531%3AS%3DALNI_MbjT1AMfzB8dEMyXW3ml_MTj395qQ&bc=31&abxe=1&lmt=1630729043&dt=1630730531613&dlt=1630730530946&idt=633&frm=20&biw=1600&bih=1200&oid=3&adxs=560%2C970%2C970%2C970%2C970%2C970%2C310%2C0%2C320&adys=47%2C236%2C518%2C1847%2C2129%2C2411%2C3003%2C3197%2C1126&adks=2102598028%2C3104929529%2C2048228011%2C264746416%2C3926258554%2C889247620%2C770952433%2C1661069843%2C1067160403&ucis=1%7C2%7C3%7C4%7C5%7C6%7C7%7C8%7C9&ifi=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=120&u_java=false&flash=0&url=https%3A%2F%2Fwww.123greetings.com%2Fevents%2Ffall%2F%3Futm_source%3DEmail2%26utm_medium%3DSpecial_NL%26utm_campaign%3DSNL_sep21_events&vis=1&dmc=8&scr_x=0&scr_y=0&psz=980x90%7C320x262%7C320x262%7C320x262%7C320x262%7C320x262%7C980x37%7C1600x3177%7C630x0&msz=728x90%7C300x250%7C300x250%7C300x250%7C300x250%7C300x250%7C980x0%7C1600x0%7C630x0&ga_vid=18072530.1630730531&ga_sid=1630730531&ga_hid=97299285&ga_fc=false&fws=4%2C4%2C4%2C4%2C4%2C4%2C0%2C0%2C0&ohw=728%2C300%2C300%2C300%2C300%2C300%2C0%2C0%2C0&btvi=0%7C0%7C0%7C1%7C2%7C3%7C4%7C5%7C0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021083101.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

5de01c7b6d59f6d285ae1e13501ca4b84b473fbfff26febd3497e5a6b42cb6f0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:42:12 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2,-2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 49900
x-xss-protection: 0
google-lineitem-id: -1,-1,-1,-1,-1,-1,-1,5501288042,5461263814
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -1,-1,-1,-1,-1,-1,-1,138326033967,138321279906
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.123greetings.com
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 2230 6 KB
3 KB 48ms
13ms Document
text/html 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021083101.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.123greetings.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://www.123greetings.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 3108
date: Sat, 04 Sep 2021 04:42:11 GMT
expires: Sun, 04 Sep 2022 04:42:11 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H/1.1

200
OK

/
trkn.us/info/
Redirect Chain

https://trkn.us/info/?sid=1efbd474-f6d6-4c7a-ab0e-0a28232c817d&ord=2206586702.118953&ref=https%3A%2F%2Fwww.123greetings.com%2Fevents%2Ffall%2F%3Futm_source%3DEmail2%26utm_medium%3DSpecial_NL%26utm_...
https://trkn.us/info/?sid=1efbd474-f6d6-4c7a-ab0e-0a28232c817d&ord=2206586702.118953&ref=https%3A%2F%2Fwww.123greetings.com%2Fevents%2Ffall%2F%3Futm_source%3DEmail2%26utm_medium%3DSpecial_NL%26utm_...

42 B
780 B

115ms
114ms

Image
image/gif

184.72.254.163
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://trkn.us/info/?sid=1efbd474-f6d6-4c7a-ab0e-0a28232c817d&ord=2206586702.118953&ref=https%3A%2F%2Fwww.123greetings.com%2Fevents%2Ffall%2F%3Futm_source%3DEmail2%26utm_medium%3DSpecial_NL%26utm_campaign%3DSNL_sep21_events&dvis=visible&ip=185.236.201.228&cuidchk=1

Requested by

Host: www.123greetings.com
URL: https://www.123greetings.com/events/fall/?utm_source=Email2&utm_medium=Special_NL&utm_campaign=SNL_sep21_events

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

184.72.254.163 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-184-72-254-163.compute-1.amazonaws.com

Software

Apache /

Resource Hash

b2c78c910f5ea29e3a9d223dabc203c055c8708b1fe7d83788b490638126db4d

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 04 Sep 2021 04:42:11 GMT
X-Content-Type-Options: nosniff
Last-Modified: Sun, 9 Nov 1980 12:59:00 GMT
Server: Apache
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Cache-Control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Connection: keep-alive
Content-Type: image/gif
Content-Length: 42
Expires: Sun, 9 Nov 1980 12:58:00 GMT

Redirect headers

Date: Sat, 04 Sep 2021 04:42:11 GMT
X-Content-Type-Options: nosniff
Server: Apache
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Location: /info/?sid=1efbd474-f6d6-4c7a-ab0e-0a28232c817d&ord=2206586702.118953&ref=https%3A%2F%2Fwww.123greetings.com%2Fevents%2Ffall%2F%3Futm_source%3DEmail2%26utm_medium%3DSpecial_NL%26utm_campaign%3DSNL_sep21_events&dvis=visible&ip=185.236.201.228&cuidchk=1
Connection: keep-alive
Content-Type: text/html; charset=UTF-8
Content-Length: 0

GET
H3-29 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 11 KB
8 KB 27ms
26ms XHR
application/json 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20210831&st=env

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2a5e25cc7cea44b987ce36defc4759391213ef24d0b01f00bf02c6900689bdc2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 04 Sep 2021 04:42:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8472
x-xss-protection: 0

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 27ms
27ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:42:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1624308425655142"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6467
x-xss-protection: 0
expires: Sat, 04 Sep 2021 04:42:12 GMT

GET
H/1.1 200
OK esep_fall_happy_mtl_01.jpg
i.123g.us/c/esep_fall_happy/mtl/ 25 KB
25 KB 22ms
22ms Image
image/jpeg 8.248.149.252
LEVEL3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.123g.us/c/esep_fall_happy/mtl/esep_fall_happy_mtl_01.jpg
Requested by: Host: c.123g.us
URL: https://c.123g.us/js2/jquery-1.11.1.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 8.248.149.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Footprint Distributor V6.1.1162 /
Resource Hash: 98c0955bc640820323c4f30c88793f402e05aa2124a614bcb460f3eafbceace8

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Sun, 29 Aug 2021 13:40:56 GMT
Last-Modified: Tue, 03 Oct 2017 07:35:00 GMT
Server: Footprint Distributor V6.1.1162
Age: 486076
ETag: "6343-55a9f874fb100"
Content-Type: image/jpeg
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 25411
jake_test: Test_Pass
Expires: Thu, 02 Sep 2021 21:28:17 GMT

GET
H3-29 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/224/ Frame 017F 12 KB
5 KB 15ms
13ms Document
text/html 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/224/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.123greetings.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://www.123greetings.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 5029
date: Fri, 03 Sep 2021 19:11:08 GMT
expires: Sat, 03 Sep 2022 19:11:08 GMT
last-modified: Wed, 02 Jun 2021 17:09:45 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 34264
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame DF5C 783 B
763 B 15ms
14ms Document
text/html 2a00:1450:4001:80f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

29c73bf81e47583e58c823034a73f76ee5aa258f218ddebf92749698d208f4a8

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-kpi65W+85x4P3DviJF9Htw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /recaptcha/api2/aframe
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.123greetings.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://www.123greetings.com/

Response headers

expires: Sat, 04 Sep 2021 04:42:12 GMT
date: Sat, 04 Sep 2021 04:42:12 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-kpi65W+85x4P3DviJF9Htw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 514
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 4M_hU0z2aGWsE6Fh5g73T3aOvXi4a4lK__VWYOQ1wYI.js Show response
pagead2.googlesyndication.com/bg/ Frame 017F 35 KB
13 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/4M_hU0z2aGWsE6Fh5g73T3aOvXi4a4lK__VWYOQ1wYI.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e0cfe1534cf66865ac13a161e60ef74f768ebd78b86b894afff55660e435c182

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 03 Sep 2021 05:01:25 GMT
content-encoding: br
x-content-type-options: nosniff
age: 85247
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13264
x-xss-protection: 0
last-modified: Mon, 30 Aug 2021 12:58:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 03 Sep 2022 05:01:25 GMT

GET
H3-29 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 31ms
31ms Image
text/html 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=224&t=2&li=gda_r20210831&jk=4182262459636998&bg=!zc6lzorNAAYJpm41CaY7ACkAdvg8Wkw6DFNgSPI0gPEWu7_eQq88LK4eIGf7Pm_h0rPXRP4OTjuX5gIAAABkUgAAAA1oAQcKAE8kY5V0cSeBwoL7UiJQ92oPQfnudyNZoUmla3qGWhUTB3sveJiBF3WwqtmSnTZv8TBli7Y_3MEIsTbZb4teIKS0wAfZeF_k3_o9a28-rM51mQKBCqMXzXbNrK3RqBub293J99MAMldvVGUomYRbiJ360l2_YXvDpyWRhKpVWGVrrfJxG0x3oLUQzh1PqX9F9ECKGzRr7VV2IHLqJ1hAMoJs9yJMUh4cm7LZT8VhR4sDVdi2BB3oRhZUxet9u0hEvkzVzU5_q_VBrr0eh3jMW2TXEE_68Ujhmzw8N0ofMRR_HAv3FFwosTLkIay_S6uaGAOYXwDVgkc6Fn1EuTXbeenrDgH7_yMnCf6b7YyPw1yjVI9j1-tutBwYjmwIVcmNv8wqvaipfvHKJxT1AptZaoPtYUhyOxBsSxDgZqKpdafrHZgq0wf4av33VOFmZaSl0233tYTmZsozeHjWs2-WKiVOv22dZ2rPazYhycGUwqemB5xbNk98GRDdgzA8DYdHoUfUVlmdUCuNm9ew9yz2A8NkuFvZUmLQUG_FecT72A_2jM77PpEubYhI4DsIU8Cn6CL22vHHIwLFSjEKYeyNpjWbUBlVFV8o4U-lgbD3J-MkPgWvAdhMX_BdOVXU8A4AGF5h7X7BWDU6iycert9G44UHcf4AVhauQvbXKhAwDTsHEEKYBY4XmyTXSEVqwm5LpNhsyNCLbU1Z_mogBcAzF9mYUy8fUpRUkLJf6t1U2KIKSm6pP2m-kcl0T4qZ4Ipz0T_rvVplkEUi3NrASCj9YSiFV8KEGid3bn-CzvrB02FGYT27P4xdpooLfs1WUc6HgkvLSIedaQOdX5ydpIYz_3C5vuiJWMKDWMdEv6toY0OVT1-z7KIyrqllHx7hQp9hnHWVQqe4oiB1HnI-H4KkcfuoValRQitlP1CKUekBltRGncdZpF_p2VKaUDMQVRESt9mn0jI
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

GET
H3-29 200 container.html Show response
8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 1AE1 6 KB
3 KB 6ms
6ms Document
text/html 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021083101.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.123greetings.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://www.123greetings.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 3108
date: Sat, 04 Sep 2021 04:42:11 GMT
expires: Sun, 04 Sep 2022 04:42:11 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 amp4ads-v0.mjs Show response
cdn.ampproject.org/rtv/012108170213000/ Frame 9FBC 188 KB
55 KB 28ms
6ms Script
text/javascript 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012108170213000/amp4ads-v0.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021083101.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c76cc68adbbc958993e23bf9ad18979f7aeaab6274b1f2322afb581d22eb855f

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 199627
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 55333
x-xss-protection: 0
server: sffe
date: Wed, 01 Sep 2021 21:15:05 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "55ff93a1040e5c38"
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 01 Sep 2022 21:15:05 GMT

GET
H2 200 amp-ad-exit-0.1.mjs Show response
cdn.ampproject.org/rtv/012108170213000/v0/ Frame 9FBC 13 KB
5 KB 37ms
15ms Script
text/javascript 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012108170213000/v0/amp-ad-exit-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021083101.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fae2773cd95cb857866b4b3a54777c88f6c03e0167bf323c2a1f431985887b61

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 200536
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4999
x-xss-protection: 0
server: sffe
date: Wed, 01 Sep 2021 20:59:56 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "6b551ff8c0a78d7e"
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 01 Sep 2022 20:59:56 GMT

GET
H2 200 amp-analytics-0.1.mjs Show response
cdn.ampproject.org/rtv/012108170213000/v0/ Frame 9FBC 89 KB
28 KB 38ms
17ms Script
text/javascript 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012108170213000/v0/amp-analytics-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021083101.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

48bb89434a42b4fb519f27e9272e018e8151383b4b7f46f26260f5fd29e5f05e

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 200536
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28538
x-xss-protection: 0
server: sffe
date: Wed, 01 Sep 2021 20:59:56 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "523ca413d5eb4bb0"
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 01 Sep 2022 20:59:56 GMT

GET
H2 200 amp-fit-text-0.1.mjs Show response
cdn.ampproject.org/rtv/012108170213000/v0/ Frame 9FBC 4 KB
2 KB 38ms
16ms Script
text/javascript 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012108170213000/v0/amp-fit-text-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021083101.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f4a74fe2cef1d4e3ca293944e20763b350954439d0966a662691d304d9e1aac3

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 200536
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1653
x-xss-protection: 0
server: sffe
date: Wed, 01 Sep 2021 20:59:56 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "a4d9605fb26cf0ce"
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 01 Sep 2022 20:59:56 GMT

GET
H2 200 amp-form-0.1.mjs Show response
cdn.ampproject.org/rtv/012108170213000/v0/ Frame 9FBC 40 KB
13 KB 39ms
18ms Script
text/javascript 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012108170213000/v0/amp-form-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021083101.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9158e53d7052a6df65c12e3a59a8c77a8be353425523e4eff057fa5578e654ad

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 200536
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12821
x-xss-protection: 0
server: sffe
date: Wed, 01 Sep 2021 20:59:56 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "bd81b3ba02634f28"
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 01 Sep 2022 20:59:56 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 9FBC 6 KB
765 B 16ms
15ms Stylesheet
text/css 2a00:1450:4001:82f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021083101.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

fbe1583d8642d89d0c349b00c0125e485dd55976282165a6b5f2d29ea9d44549

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Sat, 04 Sep 2021 03:33:30 GMT
server: ESF
date: Sat, 04 Sep 2021 04:42:12 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sat, 04 Sep 2021 04:42:12 GMT

GET
H3-29 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/17200039540232363866/ Frame 9FBC 16 KB
16 KB 7ms
6ms Image
image/jpeg 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/17200039540232363866/downsize_200k_v1?w=400&h=209

Requested by

Host: www.123greetings.com
URL: https://www.123greetings.com/events/fall/?utm_source=Email2&utm_medium=Special_NL&utm_campaign=SNL_sep21_events

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

458519182911aee4143b2a09549c8b275964816dc350d9ec9430df03425178fb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 01 Sep 2021 22:16:50 GMT
x-content-type-options: nosniff
age: 195922
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15986
x-xss-protection: 0
last-modified: Tue, 17 Mar 2020 09:33:13 GMT
server: sffe
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 01 Sep 2022 22:16:50 GMT

GET
DATA 200
OK truncated
/ Frame 9FBC 221 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 613603afe8c5203c59d7f9df1cbac87109df7ffdf245fd20becfa6bd95b92155

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame 9FBC 209 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6f45cca4a2cf3da6b4e2d74ba6f0803d462ea516157130bb5d6d3b67f98fc8cf

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-29 200 container.html Show response
8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame A7DB 6 KB
3 KB 6ms
5ms Document
text/html 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021083101.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.123greetings.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://www.123greetings.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 3108
date: Sat, 04 Sep 2021 04:42:11 GMT
expires: Sun, 04 Sep 2022 04:42:11 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 container.html Show response
8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 7214 6 KB
3 KB 6ms
5ms Document
text/html 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021083101.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.123greetings.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://www.123greetings.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 3108
date: Sat, 04 Sep 2021 04:42:11 GMT
expires: Sun, 04 Sep 2022 04:42:11 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 container.html Show response
8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 01C4 6 KB
3 KB 6ms
6ms Document
text/html 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021083101.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.123greetings.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://www.123greetings.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 3108
date: Sat, 04 Sep 2021 04:42:11 GMT
expires: Sun, 04 Sep 2022 04:42:11 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 container.html Show response
8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame A44E 6 KB
3 KB 6ms
6ms Document
text/html 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021083101.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.123greetings.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://www.123greetings.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 3108
date: Sat, 04 Sep 2021 04:42:11 GMT
expires: Sun, 04 Sep 2022 04:42:11 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 container.html Show response
8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 9097 6 KB
3 KB 6ms
6ms Document
text/html 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021083101.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.123greetings.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://www.123greetings.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 3108
date: Sat, 04 Sep 2021 04:42:11 GMT
expires: Sun, 04 Sep 2022 04:42:11 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 view
securepubads.g.doubleclick.net/pcs/ Frame 9D72 0
0 44ms
44ms Fetch
image/gif 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvXtUafc-FEcFTvI98XuELU7BZifwXClneK9u7KuhFNLTwcWsr5x9zhXKP_E7gAxacjPI8FXT0n18EuKkXhWG94r3d4CclXADCL7NSE-7DC-xBPWAN12CIUfaUYyRMBz8wTdM39K44MoHz7E8BchXS5tuIQi--uN1-sJXDpYRAWRfpNoLGubSaqX7x65knyMh0ROvAUHNF26vzv-3ACVov6weJCkkDbjH6ZanJRinicEDaBXBESCqIqBy0PwDe7277KKMRzu3eDpn8dzUGsSogNxf5TG0_yynxbjCZWKAvyBAoRckWh9aGZpCet1KxkFYjumlld-5Uo4FghMQ&sai=AMfl-YSCZyBChjHa3JjKvN06QYyU29gQbtfsN0l_JrN-oijSnpdALTmRKdeZPrQizid-lJwZ3xvlEmi_gIFaxAR-k_NxAq6dwXqkcW7WID74yxYC8arIKfPs38Ajc36AK1A&sig=Cg0ArKJSzKGMp-LrxmBEEAE&urlfix=1&adurl=

Requested by

Host: www.123greetings.com
URL: https://www.123greetings.com/events/fall/?utm_source=Email2&utm_medium=Special_NL&utm_campaign=SNL_sep21_events

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 04 Sep 2021 04:42:12 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H2 200 video-loader.js Show response
cdn.avantisvideo.com/avm/js/ Frame 9D72 31 KB
11 KB 21ms
6ms Script
application/javascript 2600:9000:2240:8a00:1c:38a0:8a40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.avantisvideo.com/avm/js/video-loader.js?id=1c35f5e5-f7c0-4c97-8283-6c9f94ba8c53&tagId=1
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021083101.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2240:8a00:1c:38a0:8a40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: c8aba5a821df184d25014d3dda38619d690d340b154bb2d7725187e074c3c542

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

x-amz-version-id: 0DrLkH_Ns8jDuJ7reO0cQzOfMbQ5KPOT
content-encoding: gzip
last-modified: Tue, 20 Apr 2021 09:58:31 GMT
server: AmazonS3
age: 113263
etag: W/"cb2b3e45ae50a1cfc9646f528ea92b50"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 814952d19d560b49ff15ad2f71e400d3.cloudfront.net (CloudFront)
date: Fri, 03 Sep 2021 09:26:48 GMT
x-amz-cf-pop: FRA60-P1
x-amz-cf-id: k3-nWtXC9wbYiSqa6iN2AjOrxGASvJ-4S8dJNLTXhdkEQRXZvPrIdA==

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 9D72 122 KB
37 KB 35ms
34ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021083101.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0299ce766df424b69a25530d8afe7c2352cb6240c7510fe7be67d8cd53bd3467

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:42:12 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1630496346997469"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37796
x-xss-protection: 0
expires: Sat, 04 Sep 2021 04:42:12 GMT

GET
H3-29 200 view
securepubads.g.doubleclick.net/pcs/ Frame 2DEB 0
0 44ms
43ms Fetch
image/gif 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvONIsK8rL8K5uA1iWU1X2AegIgSvUhGo6cWFgGUZBKeh9sLMiDPIFuRiADCp_Cd2kdyT-N8eXWJbk_HadaQ8cr9MDt5ZwXyMYzEC0xdA2VlCUKXkGg7ygDecWEf7ca4z-RBXeXvnqpjujej6C2FOlBU_KJiVadRJ0qvi4LGG-dn1nN-Sw7n7v58f0pxSjKXfS62buIl7QmljVMiE1ougDIfWggaAdeQwf849we163vd1PtelHzy9zkhWmCQ0rhY5iUsFJfF4dVpcRmH4zHJPG6yYNshmEb5NfyVfEvVF4bAq5sV-3AO8q66OaPrhBqD9gRpitbUtmzxRwsP5g5SCH6JZbeWg&sai=AMfl-YQGKbqt8t1UrHoDhoax9LF_6fYFZcuQ6iSTq62yZk4DkJKQ2huBKQXB9WfR9NIFIz8CTKfOAF2PvQmtSQ5M-SLs4UY-GZ7SfXl6EGNGyTjSdB7CQhDMFJpapNF7emA&sig=Cg0ArKJSzMU4re_h5rM5EAE&urlfix=1&adurl=

Requested by

Host: www.123greetings.com
URL: https://www.123greetings.com/events/fall/?utm_source=Email2&utm_medium=Special_NL&utm_campaign=SNL_sep21_events

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 04 Sep 2021 04:42:12 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H2 200 video-loader.js Show response
cdn.avantisvideo.com/avm/js/ Frame 2DEB 31 KB
11 KB 18ms
7ms Script
application/javascript 2600:9000:2240:8a00:1c:38a0:8a40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.avantisvideo.com/avm/js/video-loader.js?id=1c35f5e5-f7c0-4c97-8283-6c9f94ba8c53&tagId=1
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021083101.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2240:8a00:1c:38a0:8a40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: c8aba5a821df184d25014d3dda38619d690d340b154bb2d7725187e074c3c542

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

x-amz-version-id: 0DrLkH_Ns8jDuJ7reO0cQzOfMbQ5KPOT
content-encoding: gzip
last-modified: Tue, 20 Apr 2021 09:58:31 GMT
server: AmazonS3
age: 113263
etag: W/"cb2b3e45ae50a1cfc9646f528ea92b50"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 814952d19d560b49ff15ad2f71e400d3.cloudfront.net (CloudFront)
date: Fri, 03 Sep 2021 09:26:48 GMT
x-amz-cf-pop: FRA60-P1
x-amz-cf-id: gWriYPLREvnG3zD-ibotIxxu789CkWOxlM8TZOc2Plygh5bNBw277w==

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 2DEB 122 KB
37 KB 41ms
41ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021083101.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0299ce766df424b69a25530d8afe7c2352cb6240c7510fe7be67d8cd53bd3467

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:42:12 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1630496346997469"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37796
x-xss-protection: 0
expires: Sat, 04 Sep 2021 04:42:12 GMT

GET
H3-29 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 9FBC 2 KB
2 KB 6ms
6ms Image
image/png 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: www.123greetings.com
URL: https://www.123greetings.com/events/fall/?utm_source=Email2&utm_medium=Special_NL&utm_campaign=SNL_sep21_events

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 03 Sep 2021 22:28:52 GMT
x-content-type-options: nosniff
server: cafe
age: 22400
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Sat, 04 Sep 2021 22:28:52 GMT

GET
H3-29 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 9FBC 295 B
319 B 7ms
6ms Image
image/png 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: www.123greetings.com
URL: https://www.123greetings.com/events/fall/?utm_source=Email2&utm_medium=Special_NL&utm_campaign=SNL_sep21_events

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 03 Sep 2021 14:25:46 GMT
x-content-type-options: nosniff
server: cafe
age: 51386
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Sat, 04 Sep 2021 14:25:46 GMT

GET
H3-29 204 l
www.google.com/ads/measurement/ Frame 9FBC 0
0 14ms
13ms Image
text/html 2a00:1450:4001:80f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaReY3P3Kn2mEQKqqKPmokzv7vCwfWI2ozT3ZWc5tXWTBMtzHW95lFtt0MHvYJAcw6WrgyLMXOZ_vxVcNViFWTHO3E75HQ
Requested by: Host: www.123greetings.com
URL: https://www.123greetings.com/events/fall/?utm_source=Email2&utm_medium=Special_NL&utm_campaign=SNL_sep21_events
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

GET
H3-29 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 9FBC 0
0 33ms
32ms Image
text/html 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=C906CI_kyYYyBNpyL3wOuzjaVgefGYvW_9pfNDcCNtwEQASDv9pAhYPWVzoHgBKAB3a7migPIAQmpArfO9ogf7rM-4AIAqAMByAMKqgTdAU_Q7pVv2l7FZEisCd3aW2CI7TyTn0hsyTeMAL8_KxynzXbBKdsofMAoMdcPP9bsh0fsD1_IaeS9A4uI3K-0QD73AaCrauc-J62nGOmWxrYm-eOBv6N_1k5an1c52Mnn42S1ytL1Bb6GdNHxQJXC4uxzhQfTpDPOxdI5fxLHxuL1ChQOOUwN1GLgIrX4JhYVN0HkoCgwJj6vLQcw21lCdOE4S-mLc4JpXVz1cyUhz9tZdvmEqBLf5_BoGAK5BgR2ZzRMS2iE-7JHC6lfqKq16Lax7RDazo1-y1A-2i1NwATvycL00gPgBAGSBQQIBBgBkgUECAUYBKAGLoAHi9GZdagH1ckbqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAfulrECqAemvhvYBwDyBwQQuMQw0ggHCIBhEAEYHYAKA8gLAdgTDIgUAdAVAYAXAbIXHgocCAASFHB1Yi00NjI3NTE3NjgwMjQ5NjcwGP_XFw&sigh=A5z1cDPI5uo&template_id=484
Requested by: Host: www.123greetings.com
URL: https://www.123greetings.com/events/fall/?utm_source=Email2&utm_medium=Special_NL&utm_campaign=SNL_sep21_events
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 142.250.185.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s52-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

GET
H2 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v27/ Frame 9FBC 15 KB
16 KB 6ms
5ms Font
font/woff2 2a00:1450:4001:82f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.123greetings.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 31 Aug 2021 19:05:05 GMT
x-content-type-options: nosniff
age: 293827
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15828
x-xss-protection: 0
last-modified: Mon, 05 Apr 2021 21:10:46 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 31 Aug 2022 19:05:05 GMT

GET
H2 200 KFOlCnqEu92Fr1MmSU5fBBc4.woff2
fonts.gstatic.com/s/roboto/v27/ Frame 9FBC 15 KB
15 KB 6ms
5ms Font
font/woff2 2a00:1450:4001:82f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmSU5fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

33530b007071281a97e79baab13ddf7cc4b9de942ebd3e212224857335f7cb97

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.123greetings.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Thu, 02 Sep 2021 04:50:50 GMT
x-content-type-options: nosniff
age: 172282
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15732
x-xss-protection: 0
last-modified: Mon, 05 Apr 2021 21:10:39 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 02 Sep 2022 04:50:50 GMT

GET
H3-29 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame F3CC 478 B
251 B 18ms
16ms Document
text/html 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CLS7QxDXu7cBGJTo2ngwAQ&v=APEucNVA_jcOkqFBR50mKv0VT3dCVBmEjYsPE12-C_fS9eDAylylwtlmVO9apa_e6z2TXIgf1ZVId3fY-4lKzf_OiYbC7m-32g

Requested by

Host: 8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com
URL: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0414d0221112224b4c926de91a6e316f9d9aba685aa8b05fd0654848d8fcdf55

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /xbbe/pixel?d=CLS7QxDXu7cBGJTo2ngwAQ&v=APEucNVA_jcOkqFBR50mKv0VT3dCVBmEjYsPE12-C_fS9eDAylylwtlmVO9apa_e6z2TXIgf1ZVId3fY-4lKzf_OiYbC7m-32g
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUlb555oO5Ok7gtYpteMcQyD-F-OYdkabMK3_CQgf0O0GOo6MFCYEFcN_KWQ-VI
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Sat, 04 Sep 2021 04:42:12 GMT
server: cafe
cache-control: private
content-length: 230
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 1AE1 71 KB
28 KB 47ms
45ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-Ak5SprU_tZjC5EwirCy7eyL3tyh3e4CZq5EP6r20ePwl2zbf2AlrosYJhzR3zsYRqFJIRVLRiRZABEDywz18kitlkrrxoNunC0aMLUARs4rRSZZrPFcjCToFTxfuhSVh36CwjoGLFjRjEds0W0z7qhokYqoA&dbm_d=AKAmf-CL8hofJ43iNHJl51cmjHydAVUFG84E430H6zwCSseTw_R_jpXz3CvfHowMHWceEgKnPGjlL_1HKEYbXEJTbfNHLdJYaHT2vvr3y9dxUUV18lu3NWrJLE0whkM_8V1HfoQlmxyEkyD1SmSU5_RMJahsqPGNIMX-8JZNnpu-yHWzdsaSAD13VtRXfAKEpb5f437HoIHVTWvzEEjmEcJO3zcQIOq951eRfHc6ApbkwUwH2m6bSwFpCCMh1ZCLaoYMA4Ji8-2ocesxiked2EnS6rGujx8yUSw9uU0Nhssdg8SsCaxsdGp3WJqo0_ePF0UQ7zhmwC31aF7JWiE_OyssbNN8Kf0cwoXZ_GewMKnUrEN1_ZgMgjiHi4JA96zrO40ocBLmGLO_7c7ucmZEjv0aV9eS4dHU7jM4Y4Ri76166bGkW4EgAKkdsoBTRRYLDFumUJs1DRh0gQRwe-wEXYUA06xfE2B-kl8yG3EppHWHUN0elz5wBG-3uBPl00lehunaz_8GcKU6h-cy2Gd7Hbgz1DsXwmORflbxioI7lz9lIbMtuuKNiBX1Y3YGFbtfu8DxmZhUM3BZIUt7SZPONyRqKk_YyCQvt4UqIB-OfbTHJahrIbwF0E6ZD9MyF1jtL9aIeAGAuDg5zVMaCouvbuKev8dCCYnjhjF2tgbMut9j_GlbWFQ63Tfk5tZTSaajr3yvaxV78iNQsEbx4u8Q7RX8SdAs7-IWbZMKeILA7Sq6aImj7FD8X1SdbXJnpntVfICpVQWXJ-ufVBlx7vM9YMn_Z2dNisYqyL1N1XmMbIZDTSdltBpe11RIpRlqQV7swowg6yFNO_lk4CvfsgRN1APU6eugE-zuDy7EW-h2xK5ieJ-vjguLtVHxHEaMeD-cOSJ4vC8mMkiyJSeqc3FI18oJj7mlF_x4j6edfEeMoV9ibIleQPKJE6Xj3YlFZhEf6M_eHEtZLak7PhGScUdgv4XM30cjuGO55FhXnauuhsAA4vx23hySA-aWLxY2K2Zm6lB-LYfnEWDmOQy-IZgAG4OHvIJt023eZYGjMcgXkl8iudlYgWfF1LQmMnjbGs0bTSPJ02SwxS3gl5RlRysWNRCI8V91KI4udCmQsxHp7O21Fv-Y6ZOHvb2snb21a0jJ8Kyxh7d67TGg42BuSLOdMogqYnXmKI7gRrJqFtlS8lZs7Zqbvy-KMp9BU_giTL7Paia0lF52lmrNF5Jhq_9dnSxXCCHKG8B8Q9u8rHNxyqoD47Jih3FG3g_koDwJWq0Pen_AU6DCI1BsOw5_diH4WMkyBy1TFSHok063p0wlpZtOP6e7_KXDhBgYnBXl9RmtJjTWcoGsqhHJgjXJj6TVRmCko9gvGzPqc0kKPqro32noGu_6f-wFDO-E0SMmnluV-IF6yw4ELbN96ChAArl4QOT_KTiuuqoPiFPn1-pE115-St3KcVpKwc1WrME-3zW-u5OEfk4tFPYGVRAgYnDhRfDrGA4JJCvO1XIH8uUF8jI-MjS7RzEcKXN4CFBbSzALFQkIRdxvTzdLHnz8rsO6JNhi-yUQ2U6RDmcXPKjXZiHen93oSLMjOekmHX5HuWQI3T64Cl2eNt4Wcrbc0nHtNohSH5kF45olxrzUJbcQt0YBmMY7BC2-5fH8dbgQRsszmmDeTPf8iRhWWube2cnIHEZWnhn4tauzv2vjDZ5WUS299kmFjsilbz3o835751HkkcFKpsWas_RrUBu-oBlBLzNib7La6QgYG9o6WKXN_wdkXBSOWJcq4NdpfK9AmTSPDUYKeWApM86f4RlQZgLWio4CG1sfGIwIDIR27zMh135UVIiF916pHDQxdrFw2quZpDB9vkOv_7JUvOEn0eNMlLcSUd5065AUfGRFpG790u550SpltmL9QkL-KjRzUc4Ovwh2a-ZHYBlZ3ar90jSJlpc2Sf_VQhVgg7PlkPrMjUVtXTyFNFtV2_OgYS-sbh87Rsxi8ZSQCBMBU4VI_nNbeqXRfIqnphtpu3fcywBFket0FOkaAEnC1ocxx0a0LgghKeJf-90QtOWtQql6yjwHo55iMmBAaqVdN7T-I6h_xfeGAM2Ud93IOPpzgKQ7BbIyd8XNzNM9n45k612Rk74TJFdd2UT4xPDLtLda7LB1X9VhEZ8DxhnbI3MrGMb1Tk5mvoOS4bQPaFW8c_-3r6jWOtHDAmleKHRDM1AAbjYQFVL4P_By6ur_wkPE7_kiC-camYyE6bbJJgoEHrE9OyGNs6h7z8DoPsvWQZtFP7hnQWwlCNY9xPvuQ9fM4MsjdsRSlzPqateB9YLzNzfAxba7VvmBIKHWXmpmeXfd5VJSxB5pZlya7sHYDeyJk2FykXiTFpp1OqnG_s_PrtGewZEgfrsE_5hq6slShgsCCTBTmi4XolSAGzFyySgeYw0SX5FXmqrn4JCJlj5JDm2eXjbWdGkElo5LFWWXcGazZJgu5TC-PxCNDVewXclXqLM-W_y7tBrY0apfeRMEiWG5ghntUAitMbDqBURSVs2CtDJGqI2IkzmB0BzZYgsPUstITQfHNqwGn8Yjn2hEZbTFPqS2ADR0AeTr4YhR7iaH18l8MHw7cCfDGg11T-tsmp-R8xwqLCcoDLViK3G3hf3Mj9VmcaR7Fs8SZmI_JgEKGCEJuSSiMAUbw3rH4yAKUrh75F7BnM7WKwQC4hX8Irb3p2wmoH5pfwaUHpHcZH1bxyTv1EyGCm-G6tHzcDeLYaiknKD7vv53ufjKCz7kBQuGnqowa8IBfstAqLRLXN1b-jeqgMPqjZwaKF1Lly_PVvGDyb3ce9MiOvgjNWPFAq5xIxeEnx-B45QbmGkRpw6jDaU3wjlb4I1DJvEixT4hQiyHnF2hfUOSIo2v6TVYZ1VzKBRO0GatW-813G5vPVqG52G6pUf4k-LFh7InYfe9a5gm1-W7W-xLdEcWc9gSPoNhgd7kS1enX3_tCwsI0cFAdHsneOoouwBoL_jbAJ6YEZ9iZaxDdpqfKz7_XD1K3dm936zAebNk7m8vqTlj6eAMDHc7eUHonDvmqTK-EGSedkKE1C0SyzO_gaBbzUK7r4yULp45ya1Bw_qYKP0LYzC3e94TBD6_6_PJCdTqz-jYSVJ5C3pZpOdKuPlRrbcxuTexrnpTeHOQ-_8env-PekXBAeOXPh3euj9XHgzoUd8&cid=CAASFeRob-qYwbOydzhuJYKYR_uGCj3DeA&rfl=1%2Chttps%253A%252F%252Fwww.123greetings.com%252F%240

Requested by

Host: www.123greetings.com
URL: https://www.123greetings.com/events/fall/?utm_source=Email2&utm_medium=Special_NL&utm_campaign=SNL_sep21_events

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

efd196d6e60dc30833072e3a288e9711d00be623554d81198d9cbd127af761f3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:42:12 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28933
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 1AE1 42 B
63 B 28ms
26ms Image
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-BIryj7vzpEy3ozMMLS-mHMjbJV48w50Ykc0uMT4wjvpt8o7tE6z1dR5Sefmv3Z-XE8z3PzfY_0EtZIWYcDxaXrBrMehFVYYOMbRPYOBJK-DPxMoGc

Requested by

Host: 8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com
URL: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:42:12 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210830/r20110914/client/ Frame 1AE1 2 KB
1 KB 8ms
6ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210830/r20110914/client/window_focus_fy2019.js

Requested by

Host: 8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com
URL: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b6f6d0902ff385f68ec17c4c059d4fe89a0a08f1c022ab70580ea8552dfc0a11

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 01:21:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 12056
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1339
x-xss-protection: 0
server: cafe
etag: 2275704724217174249
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 18 Sep 2021 01:21:16 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 1AE1 122 KB
37 KB 33ms
32ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com
URL: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0299ce766df424b69a25530d8afe7c2352cb6240c7510fe7be67d8cd53bd3467

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:42:12 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1630496346997469"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37796
x-xss-protection: 0
expires: Sat, 04 Sep 2021 04:42:12 GMT

GET
H3-29 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210830/r20110914/client/ Frame 1AE1 14 KB
6 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210830/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com
URL: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

114dabe187311ee2e303549831223ef80d06385cb854e2aa1647ec1e0ca148f5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:35:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 396
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6183
x-xss-protection: 0
server: cafe
etag: 901432759052127119
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 18 Sep 2021 04:35:36 GMT

GET
H3-29 204 l
www.google.com/ads/measurement/ Frame 1AE1 0
0 15ms
14ms Image
text/html 2a00:1450:4001:80f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaTRai0ozTJrCODlCOiuAkV2nqiGA8YjKOAWXvXjVxhpnMrcdpsU9incM1WMorrFCQ4Ahn8L8KifRiMelM1otdOmxOmzzA
Requested by: Host: 8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com
URL: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

GET
DATA 200
OK truncated
/ Frame 9D72 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 74784da9efde9ee8d897233962fa4f3970312ca244dfa921dd38bec421d27dee

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 2DEB 208 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 3d91efa8e674bee80063a1aa0340dfe1e70157e7ac0f93aae0f3e67f69145838

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 abc.txt Show response
static.avantisvideo.com/data/ Frame 9D72 20 KB
5 KB 25ms
7ms XHR
text/plain 2600:9000:223f:cc00:8:9ed9:9c40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.avantisvideo.com/data/abc.txt
Requested by: Host: cdn.avantisvideo.com
URL: https://cdn.avantisvideo.com/avm/js/video-loader.js?id=1c35f5e5-f7c0-4c97-8283-6c9f94ba8c53&tagId=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223f:cc00:8:9ed9:9c40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 2468d8defc10a0ab4f1c4cdfdb085d486de1d1190998cc1b0ef86f0540da2d34

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain

Response headers

date: Fri, 03 Sep 2021 14:33:58 GMT
content-encoding: gzip
last-modified: Thu, 02 Sep 2021 14:33:35 GMT
server: AmazonS3
age: 50895
etag: W/"f23827029dd04ecae86e39a98fd24430"
vary: Origin
access-control-allow-methods: GET
content-type: text/plain
access-control-allow-origin: https://www.123greetings.com
access-control-allow-credentials: true
x-cache: Hit from cloudfront
x-amz-cf-pop: FRA56-P5
x-amz-cf-id: JQoXF1Ikp2w_rj4UBe3H6Tq5cP0GWv_FPQ0OMELq30i74XbQ9gW7_Q==
via: 1.1 0341da327f4c4c49034aa07ebeeab1f1.cloudfront.net (CloudFront)

GET
H2 200 abc.txt Show response
static.avantisvideo.com/data/ Frame 9D72 20 KB
5 KB 24ms
8ms XHR
text/plain 2600:9000:223f:cc00:8:9ed9:9c40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.avantisvideo.com/data/abc.txt
Requested by: Host: cdn.avantisvideo.com
URL: https://cdn.avantisvideo.com/avm/js/video-loader.js?id=1c35f5e5-f7c0-4c97-8283-6c9f94ba8c53&tagId=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223f:cc00:8:9ed9:9c40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 2468d8defc10a0ab4f1c4cdfdb085d486de1d1190998cc1b0ef86f0540da2d34

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain

Response headers

date: Fri, 03 Sep 2021 14:33:58 GMT
content-encoding: gzip
last-modified: Thu, 02 Sep 2021 14:33:35 GMT
server: AmazonS3
age: 50895
etag: W/"f23827029dd04ecae86e39a98fd24430"
vary: Origin
access-control-allow-methods: GET
content-type: text/plain
access-control-allow-origin: https://www.123greetings.com
access-control-allow-credentials: true
x-cache: Hit from cloudfront
x-amz-cf-pop: FRA56-P5
x-amz-cf-id: QEca1alFufV4oZqFSqrftFSmtTwa1iTfZFOA1OOEypIblkNk5-NCCg==
via: 1.1 0341da327f4c4c49034aa07ebeeab1f1.cloudfront.net (CloudFront)

GET
H2 200 abc.txt Show response
static.avantisvideo.com/data/ Frame 2DEB 20 KB
5 KB 17ms
9ms XHR
text/plain 2600:9000:223f:cc00:8:9ed9:9c40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.avantisvideo.com/data/abc.txt
Requested by: Host: cdn.avantisvideo.com
URL: https://cdn.avantisvideo.com/avm/js/video-loader.js?id=1c35f5e5-f7c0-4c97-8283-6c9f94ba8c53&tagId=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223f:cc00:8:9ed9:9c40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 2468d8defc10a0ab4f1c4cdfdb085d486de1d1190998cc1b0ef86f0540da2d34

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain

Response headers

date: Sat, 04 Sep 2021 04:42:12 GMT
content-encoding: gzip
last-modified: Thu, 02 Sep 2021 14:33:35 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P5
etag: W/"f23827029dd04ecae86e39a98fd24430"
vary: Origin
access-control-allow-methods: GET
content-type: text/plain
access-control-allow-origin: https://www.123greetings.com
access-control-allow-credentials: true
x-cache: Hit from cloudfront
x-amz-cf-id: GMzSBqgE3ju5NLCqDmw6QCJ2f43VuLZ8MPK39936N1z19fD-_WFbgA==
via: 1.1 0341da327f4c4c49034aa07ebeeab1f1.cloudfront.net (CloudFront)

GET
H2 200 abc.txt Show response
static.avantisvideo.com/data/ Frame 2DEB 20 KB
5 KB 16ms
8ms XHR
text/plain 2600:9000:223f:cc00:8:9ed9:9c40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.avantisvideo.com/data/abc.txt
Requested by: Host: cdn.avantisvideo.com
URL: https://cdn.avantisvideo.com/avm/js/video-loader.js?id=1c35f5e5-f7c0-4c97-8283-6c9f94ba8c53&tagId=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223f:cc00:8:9ed9:9c40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 2468d8defc10a0ab4f1c4cdfdb085d486de1d1190998cc1b0ef86f0540da2d34

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain

Response headers

date: Sat, 04 Sep 2021 04:42:12 GMT
content-encoding: gzip
last-modified: Thu, 02 Sep 2021 14:33:35 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P5
etag: W/"f23827029dd04ecae86e39a98fd24430"
vary: Origin
access-control-allow-methods: GET
content-type: text/plain
access-control-allow-origin: https://www.123greetings.com
access-control-allow-credentials: true
x-cache: Hit from cloudfront
x-amz-cf-id: LMTbl2jq4XwUbY8graruKbe3vuHrpodQ8npZ0ic3XuR1t69p8AQ98w==
via: 1.1 0341da327f4c4c49034aa07ebeeab1f1.cloudfront.net (CloudFront)

GET
H3-29 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 53C6 611 B
316 B 18ms
17ms Document
text/html 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CLS7QxDXu7cBGJTo2ngwAQ&v=APEucNVLN_97Fv8eGAyVy2Xui8YPs0rVNnZLTM1-_Dnt9--DVmSyZG-FPcqPrDeWYwfC2aqsVWFPpZRiT-k86BBxRn76-IsehA

Requested by

Host: 8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com
URL: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

55b198b5ed1bd02e77f84c6971a69d5c2160c0c32fd770ce33405e194750f5fd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /xbbe/pixel?d=CLS7QxDXu7cBGJTo2ngwAQ&v=APEucNVLN_97Fv8eGAyVy2Xui8YPs0rVNnZLTM1-_Dnt9--DVmSyZG-FPcqPrDeWYwfC2aqsVWFPpZRiT-k86BBxRn76-IsehA
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUlb555oO5Ok7gtYpteMcQyD-F-OYdkabMK3_CQgf0O0GOo6MFCYEFcN_KWQ-VI
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Sat, 04 Sep 2021 04:42:12 GMT
server: cafe
cache-control: private
content-length: 295
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame A7DB 71 KB
28 KB 45ms
45ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-ByPikWbFtyHVyaC5aQJp6_ATMjbdDMs_8M1Yy0gjfIoBEM9CwuIQRl5SvJPXILI8BLS4FTSSAW1V1-K7DtfM62VJntXcfBDuyQrKmuugmqOHUPulN8_UMWGDbu01YccbToHXQ6dJElZu2jwRHsQLzkIsMGmg&dbm_d=AKAmf-BxLVzg_AbJDxeHkl6NIPE5g7xqXy1dwgrqr8K_G8jB8kf5qKanAurtGpX7c9jRds3xcLz7SkgPBCW7-WEVr5NZzHErbDoFyFCLjYFxvt6n9nAtvt24XVxc6sfKjqZ6ZAq7rIja-hhqz8TM8vq7hpwK09KLzEpec12aOtHvCCGTrnBebCuGMzpq11Nbq8iua7VPTVIV9DLQ4Gf13ltWj-yMwJ0R17Q4821Bpi5rCUf5Dtd84dM5RFXr-8bNRPecM33NGUr_HkEjMlknVe3x-pmJrg8Cbk6U_lLevt0DQEzziHnCdmEMg_3LN1EgqVJXQXYtYq6_1SimpZ2oabhVOjMSh9iiKEli_0nnimApmK71TLRXuEZjmTBU8LDUfLlSnywnNZyHeOvY19iNtTXyeuW3E3OWTqQcVy3AOeJo4hX6AcY9bN9Vtq4kM48W4hOAkJUR3_AMj6qI_6yqkW8AFfMLzdDojqVnw-o6OKOKXSFNZ86nooN_gXoP9onwRKv-ZCqfX3PsfvfEdMUWoQFIK_gjvYkefCxL7-IQg5BXOzxvLxkJizcJE1QGv5RR2qCGHjZqQtvX_7J5Ep_g0jMC8NeuKPgMjDgLuRUDRGSxAxLWJBi_O7Et9moogilSGUZIRBBM0-5NEANIEKGxlBdyC8qZ9F8Kg8PrY3gknSnlJ1CRZvwMtoAk7hgfeeSH8_-eSdfpo-HZNvrQNj1-YOHD_K57v3OZBAahMXpW-n4XQndW25Jaq0rp8tbifM7g8znafx2HK8ns1bSyHCRocYaS254bMKen_OaYlZlVczGNjr2sDif1ldlPfExefSTLqqXG6fPQBptlujqh3LII6t4NgAFYqER_En4V5RYpFw-vekdjCLrEIuWWxVKMBM53aV75nIYPxPVp_maq2FP4rgwvIVMTt-gR9coFrbMw50DJpM5g9czA5TBSaAci4-5SXhcLc1eT7-gwV4qJ3GYK-QissfemcyN1YIUpcS0Yy5gnsXTt3Px5EUefEha_aM5jKkpOdBSb-4gSTUskSnreOI91JQXHpMpfsyPsNFv634gnE2oiYRCwtX2zfc5N7Y3OPRK7PsP_kkMRIOKHmZLMgtstGp4N2qaO3Oav1qfKFtq91JDcgzz2GUSS2pKJLYRoLvI2FrX9pusB3q1oGBxg_F17cnOQeA52q5ldd9WZF8wNfgFAvEH8ka1q6zrjuvt2_y_2PfbNJjgxHTZ5cgw6h40GLnCOlzsRyggBM5Xsmhsv_Nm2RArLu5kcR9Dm482JlSU1wAESSLaZ_uNs3o5A2cSfnz10gfdhom1ynnNFrkXx1uOUTVYeUvhLfF44-VyalM4lsnXXMJfFs0xIE-inqqcelM9ddYrB6_TA3tLyMPiYKGKWzwg7dNR3BtIgsR45Y_Ir60Puf6iv-eGl32ZlMYAx90-xxF_oEo63wNbSK8NkT24JRoLNc8_9P-fgOkPF6-H2My-ImGb7AQlQC106sZCv-RL4iFMpE02Qs05xOENVaMf0-KPkRD4tg4TjoQtFLE4DjRsgkOEVbnzz8OWd_LoeyS0e_GSAP6Vx3-CNm_51c74tg7JsfWgE7C1NcSqz1_5HEvC_TvadAopmmln_7V3p5gUAFV0dMXiUXZEj7yuUcD4ebtyF8MpUsbYrOAifMdLrrL7WaUuXKMCagQSF6EGjCCGZOsNUADlkDiNwqZNcqD8ukg-m_YawIbtB5l-j7s37LoqrmXG_3bNeoc4Vtcec1Hi9KzY9VPmAf8pUSdrq8eMgm9UmlCvLYF5g5lZb0vUU7I9DIwI1iEhv80DF1isT4epZi0u6SzqpMaBkg0v16vTBjdyE7zyx-Aq-7v3ashvAdn-6EgIrSH2irIG3vMcYnOJYJ1Nax77Pm4EPyLpWx3XxR8sikz3Nz5IFpSo03aOZBqVu8xutSDBsgSLoCMteWb_e9ATxSgg2uSf0XuW1mbw1qKK-zz9DuHH6VSedQWD_f5rXbRalsdTJjzmy60k_mTwkYc620rSK7XKd3oawBwGnLL5mio6Jb0kORSp__FbYaw0wg7DuuqOPdGFCfU024728Dt4mwvKf47omszZnp16ItfGyyDG8pLgYMRF7mjEbEK7RquXKwDKXpNK_pzjS5vlqeyZvNKgbsAP9F7FNu12bGJ4caLARAQ-A-0MDOysm4gg7iy3dtIdkeysxROsin-eHHib9qbuNiCECrkKLCdefX6CFf1vzpp2VpozjTUD444jq5qrEu7LSfLq9WefSfJJEvFZxJW3WVNoQ1UPquAt5XwWLU0s6a17vSwr8MQe7jVhO-qQTBdtUvJUhIkHhvyaFyqGkhDuib21Ze3jeNOq1I_ujCYEeyJU7DhuoA9ypI8iTdz6iPYAa-dxEHmw4MnTTqlYNlh1ZBsBslno968LamRd0rqsfEIfhUUKH3zZfHmgif_yy-mHLedEgWfSEaHUtjK9b814Rd6G9mNSwAzBtsKwT32fR9PYRI8wrwam6STuPlRGFLazoGi_36qRKYZAkiHtrCeD61gibcGdYUy047xEgq209y7vvIPQvwlycfQGJuysDnG0an2HKZFcbD7K0gTToLZUcOc6-4TAORw5YkSIXfqRROmDhpNdmtP2ESeaWhlPbYXlv4Ikqmrems8D32IZa72ujvxizECj5ODgThayiFP7zUhdkdMt-aE2PxMmns26nvvBzYapgef34g568vy7ZXM3oyGgirFys3w5m2oBDDMUv3Cj3FNdykRAXLIwWP2UbJZGH7nRCJvDRT537ty3uQfDBDpeFLTg5GQiEnHP0vW_nd2HbaLcw9oBWsaORb6OVi0XQXlgig4aoJWdH1tfRvu6eUEaLE6geESrA4rVu34DTQXlYeyxw2MYzNozG5JWWv1MgbRAadz52yksB0eK07SuUx4A4-PR56rmoDGzfCl28r06joQ5jCreOWoV-Rbb-5uom5ZTinSXrUOoSRV3hG2I5wBU6GWqXHdsPwtPGh_-ov4k2LQt6iPE5Zz3_1D__WUTJCbPJ90eXa_Izi6wN1MY4f2654j-N3k8Ob-iQdtKIpvV6tpDSuM_Mrahv51aMeYLq6U8GflUrOt7wGYyHBzVTqY8q3T9bpnVkWcqdhIQQTQ89mvMIFE1dgF2FaD-hdJ9Pix9BRn2pJ_xFvbICsjsdK6SB-KFbExpC-Jn9JANysTrl_1JM9GWcpZTK6WCZ&cid=CAASFeRoZOWs1v5I0qaLPnyBO3yEojYZlQ&rfl=1%2Chttps%253A%252F%252Fwww.123greetings.com%252F%240

Requested by

Host: www.123greetings.com
URL: https://www.123greetings.com/events/fall/?utm_source=Email2&utm_medium=Special_NL&utm_campaign=SNL_sep21_events

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

22cd7cf9363d99f98450e69326c33d9062c1595985b2de4452413c369079b416

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:42:12 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28823
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame A7DB 42 B
63 B 30ms
29ms Image
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-B_WqU8UwXeGkottk_bUGqfgAohYi4bXZ0zNoaV59xj6KAY-Wc5yeWW3i7yImC0efmSKDWgM0p89kOnBW9AuQmAcAofpbq3S5c2samrpd60_5SRiiw

Requested by

Host: 8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com
URL: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:42:12 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210830/r20110914/client/ Frame A7DB 2 KB
1 KB 17ms
15ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210830/r20110914/client/window_focus_fy2019.js

Requested by

Host: 8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com
URL: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b6f6d0902ff385f68ec17c4c059d4fe89a0a08f1c022ab70580ea8552dfc0a11

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 01:21:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 12056
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1339
x-xss-protection: 0
server: cafe
etag: 2275704724217174249
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 18 Sep 2021 01:21:16 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame A7DB 122 KB
37 KB 17ms
16ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com
URL: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0299ce766df424b69a25530d8afe7c2352cb6240c7510fe7be67d8cd53bd3467

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:42:12 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1630496346997469"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37796
x-xss-protection: 0
expires: Sat, 04 Sep 2021 04:42:12 GMT

GET
H3-29 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210830/r20110914/client/ Frame A7DB 14 KB
6 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210830/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com
URL: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

114dabe187311ee2e303549831223ef80d06385cb854e2aa1647ec1e0ca148f5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:35:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 396
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6183
x-xss-protection: 0
server: cafe
etag: 901432759052127119
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 18 Sep 2021 04:35:36 GMT

GET
H3-29 204 l
www.google.com/ads/measurement/ Frame A7DB 0
0 17ms
16ms Image
text/html 2a00:1450:4001:80f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQjXGSWfLLNbXF55VGKrTRLxI2K8-3xeQIOqjX4OWD9V0KAg0lB8EFmQArF7HNUHy3d8gH_OGfJCptszO4iAwAmgu2frQ
Requested by: Host: 8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com
URL: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

GET
H3-29 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame B7C6 441 B
248 B 20ms
19ms Document
text/html 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CLS7QxDXu7cBGJTo2ngwAQ&v=APEucNWoxBq-217CgSkGBILAq89S-ROA6CbN8cpEsM89lmg1AF9LsGJxqjFCJazQ7lDUfVKC5j-rFo7w4aeY2O4Y4Th57DgINQ

Requested by

Host: 8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com
URL: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

bf051f3ee7aa85b70fbdb5a9c4dbe61dc57372814f700b1b23ecb4f7dfb9ce63

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /xbbe/pixel?d=CLS7QxDXu7cBGJTo2ngwAQ&v=APEucNWoxBq-217CgSkGBILAq89S-ROA6CbN8cpEsM89lmg1AF9LsGJxqjFCJazQ7lDUfVKC5j-rFo7w4aeY2O4Y4Th57DgINQ
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUlb555oO5Ok7gtYpteMcQyD-F-OYdkabMK3_CQgf0O0GOo6MFCYEFcN_KWQ-VI
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Sat, 04 Sep 2021 04:42:12 GMT
server: cafe
cache-control: private
content-length: 227
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 7214 71 KB
28 KB 48ms
46ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CW-z0FiRwCTGMYop51O91YwPjgNSi48aVGVkwce4mGjLSzHNVcnQj-3ZQKLzxYF09mm1J6Q1MHSdWazDjNynOElB3DjTCGiZHGhWVo34SaogvJqB7JoCE1UeLfWoGGXDSj9XPE8G8ld0Vh1cJPvkG1ZTHCMw&dbm_d=AKAmf-BJKB03hA8PEbyy03TbyO4T8caNpiJtKA8v3pX36MbO7GiiMVZkrOhDV7JaF7B5iQxGmdyV3vnRhWsdJvXvOYpgK28VkKIcXG3g8_ZK1DNYZk5qCAHE23Uu3SkuOqzAliuQ8_IMUP25x4IA5gEVwmuRYEq6nxj6IGmRBEuZ_QyA9bpCpPIbekoL7n6n1Uo513TLoLDM8-zrU0m3ZdWXtiTh3bkwZob47Q6bicm6FPZfifjHvxyMxCDB5iXYQuBEKywwuGhoPvF5834KAsauEphmrWhMmovuO3SnZyGHr4-O4SHI_IJS5attmT_jlp6x4UfikwuDrTR5mev_GrzYybqh6-TVfgIHVjhIXsTqF7xTIqnxDAzNmC-Dy6WnYWY1iYY4StDj26X4CVZJ3P5NKtVvf3V_66KHjZ3TcoC1qo2EniI1ItRiWYEEEyP1c2gKVPv8-nHI7hounL64ojq3XNJn6QATd847bgVGQSb45tVWj50F02Rx9KeiuLZ67enirt534y3G-4DZN9nZrfDxl6EE4eD11nV5mmNsumYrSLL6EDitU0EHbhcifi91akb8lTmULfSfGfKY9On5Qsd5glXV2VyKUa51SsZI20b4tIzeQNY1GO2RQfvIe_aXx0_JRyOB3QRuiggQybplqWxscnLjWXguFku3mTEXgm53_Cnj1MeIvEkx_zHeOMOV82pHcPQAa33KkYF4e7tYYDqM5L2hJqxk178SlNIfYVVZWG6MI2G27wb8EG_JmQq9s9v6vTBsyY-jxo8VQ2va4ZCRyf1YwtmuhPvoCHNe1lAb3JBzQW7O11icgEXFMSIPcd_qZdW3N-z36xyOvm0vAMcZi2xNdlD8v-zXq-mHPTIpLlpqtn7KsSlqwZSV1cL3q9k6qaXLWqPqHPhtR2iT7yV_n0qaRrAAB7KHyc-G6SpEsWyJzhtcuEbMsGsw1btEE9eXRsRqyJeD8SUIPstTFu3FLoCR4hUedxqr9wLJ8rWkgFGCWJghzk_0Q9eIYobj4fUm4gm3SMMbYfcbmUz4drNwTcu0mhpD93WZBhIlmK0NP4tYCcqO56GZfSgkUuAm2db2qjzBHtJtXkDO1KR8For1pj_lfocj4VLaA_-e6lOAjTOTbDGgHxKuG2ep_BqgUqQLG1v8Cvcul2uj85A2uOw6jmJNfGgj6vop8o_mYxDC4bYf2WPICi6VBsutZHe9dJoHHI1aks42v9M53Z-gGJ1WINXpZTVtt_DmbtKca78gXLaw_KzXvPI5mBZCwyGK16dcBj-ywnuw3syLZlOfpQydV50nglNN5eXMIPdDiXrj0bxI-cWtXgIHjLJOa689xmTrCsf6fctjSQ-n2WsN2V0u29P-IU_Q45p3f2iuqY4rg1QxEiPZLrQ1KIuEbGf805JvJvh4nMrG8GDyE8NUfZ8cKSIDzJ3zV1OxDwImj0QfKD4UI0YCEsNWWGRsJDRrftxpbFUSWeWL9TNT_beII_5TIFRNUjQrSJVswty4_UbMqS3lZk6aL4-JU3gF3OSIy3y618TLulAOTZpcaBKOAnZadK47KIMHXlcatER2h1864qyuegLENP1e9hjvSyrep8844p8ETdm6rKFU-3v-aRAY6G3alNDCWY7MbD-bZF91L0xOQ2LYvUY1j5cCXxUN4D6ApXFtVjj_H9morMGTGsxkxfOZ5jErM-85fkOub63cpKILJCJxd4QciRc41Pxlp3vrdPpp-7K66y_8FDqq6_AhOvRlf300okmva1LkFYUkuHFpCsD_sJlttjgd6bEptF9CtfHZAROLdoUPwn_HlGiorNMLZp3wKIZdDL1gFZ14-FaM8k0J28myWabySOCOSbEEpzfONxz72iajANwbprO0rIYfECYw4qbeoa3RPEzqU93DOdjjsQ5l5_o6yuqHnUUOOjISngzjMx2c6o5n2tHXb4tOaKbUeJ_e5SKnKJHJjx6qA4Hu3ugsaN74qlHE3n63keCOfiil_DK7Zul7S_mVr0iTptsCVzSp3hu5jMteS7ctN8dlyvAkTE_vrkgFJz2jFvo9EjSur7xIi_aoK7bZDjZ-8ETkIsWcGx3I9L23iAWSkKEFGCCL06M9saMthWNYLmFI9NgQSrSOB-33DVDtn5p5Zoc1U04US8iwMoZcx4p_PdX5P4JnaMNcBVtw4xBDD9H8Dz7AVYNCZd9b6O1qmRMddNUj-vlILqmHVgjSq6nqwd06qhFjCxv19IqGqaWxGbh3R2zLlqpWoLRzM9w7f4FnBda4avS5qLi1G2o1TSvT7M_oayAvNh2HyYqh7en81VJn9OTw8-AoZ0KahxllqxL_QYj3NVWKYD-7k0RJ5Rtas9cW1b6HG3QouAGQcsoz1dIBPTa6gMDa-7Xkf9HsIjA-rgxXNmq2dhpoPskZ4B8DldTuB43CjMwvXzbM7oyN6Gw6FvylPDcj4DY0Wcn37L9Pmy1d3XgpExh8EyD4fhgebVgdpg5yI-_gAK2OxwKjtx5gyAuL6mYgFjQdrCr1qI36e6nlhUgtKXESfbqXArVq8nLTcFKdtM3yDZIy4wT-RGlMOU4yNGsMGVqhg3e8iL0FbRyv7mTh2IcR6lHEfnvAG65Zni4hm4bTilkJ7s49IcqibAB6sN1S6DpWrwZG-WFTZ0kKKnZaQ4kBP13sB3ZDzReZWt61kDbuQh8vzyAXV2_mA8hWXrutXJkgK0R5tuyOF5lang4ExQKNsx-pO9EoPp7q2fXXLmjzO5Ug8-SWmulShHPmpVa7sQ676zNpCkVBLxeePi8qcxPuJ5q7XCLSc_tLE1N58GsRAAWXph8h-rCvcg9ZM3nfkPACUYWteh_SkTaoJaQBUVI5jiqP0GV2O8HrktRbqmZfJSrZwk0UIG03qV2oyIy5_CP3KiqiNWPvYXSyPkia5gjsF0cdQjpBp4GAGtp6RiS1pw_vEpBSeF6-jdcYKlN3G4deWuDffouz2MuGPji9OBLFpz_fI3CPBHrm2Vi7VkEb5_aaxAPra5QNhIcBfKdKpKvOXgnXxwGNSt6ztj9--osYAh45-kvKAlEKrAUybDzA8FLCB6eQ6QYTg2aYB2L0RHik6bhlZ3DwV8CvDLui3fQd3QDsFaAHTkK_BiZvq5kfrQjMEeMkxTAh7r3dDLXr-ya1t5kf0r0ANIyhkNRh0UBqCHv_b26X-yCCBP1RHbEpducoC23FaAalMnTZ&cid=CAASFeRo0yfUqNCCzIKnfyjnKXKFD2LjLA&rfl=1%2Chttps%253A%252F%252Fwww.123greetings.com%252F%240

Requested by

Host: www.123greetings.com
URL: https://www.123greetings.com/events/fall/?utm_source=Email2&utm_medium=Special_NL&utm_campaign=SNL_sep21_events

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5ab46139be655a9bfc68802082f5b8952fa56210d418f8f32755661ba32196d8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:42:12 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28986
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 7214 42 B
63 B 35ms
28ms Image
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-ApsP990CUVLj3gBNELPILrcI1w734BzJIs53IqA-0Yc0kxdJBB4XZKJGctupC3zTfzyunZAkw1hmSzWawG0YgYnSeA6gkvdTrKvTi_NC4vDglFUEI

Requested by

Host: 8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com
URL: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:42:12 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210830/r20110914/client/ Frame 7214 2 KB
1 KB 21ms
16ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210830/r20110914/client/window_focus_fy2019.js

Requested by

Host: 8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com
URL: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b6f6d0902ff385f68ec17c4c059d4fe89a0a08f1c022ab70580ea8552dfc0a11

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 01:21:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 12056
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1339
x-xss-protection: 0
server: cafe
etag: 2275704724217174249
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 18 Sep 2021 01:21:16 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 7214 122 KB
37 KB 20ms
15ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com
URL: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0299ce766df424b69a25530d8afe7c2352cb6240c7510fe7be67d8cd53bd3467

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:42:12 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1630496346997469"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37796
x-xss-protection: 0
expires: Sat, 04 Sep 2021 04:42:12 GMT

GET
H3-29 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210830/r20110914/client/ Frame 7214 14 KB
6 KB 12ms
7ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210830/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com
URL: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

114dabe187311ee2e303549831223ef80d06385cb854e2aa1647ec1e0ca148f5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:35:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 396
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6183
x-xss-protection: 0
server: cafe
etag: 901432759052127119
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 18 Sep 2021 04:35:36 GMT

GET
H3-29 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame E930 499 B
334 B 21ms
16ms Document
text/html 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CLS7QxDXu7cBGJTo2ngwAQ&v=APEucNW2r5x6eS_3JCWn8eJ17rqo1h3jQ5AiTdeS4S6dU-pHOgZN21q66g3aLleMlt0TkwXqAJo38IU-KgHzLcQ_5cNCoD_d-g

Requested by

Host: 8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com
URL: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

583eda12fed77c078f7391866e53eedd80aec5b9b178a3537a3c4c3b09575485

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /xbbe/pixel?d=CLS7QxDXu7cBGJTo2ngwAQ&v=APEucNW2r5x6eS_3JCWn8eJ17rqo1h3jQ5AiTdeS4S6dU-pHOgZN21q66g3aLleMlt0TkwXqAJo38IU-KgHzLcQ_5cNCoD_d-g
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUlb555oO5Ok7gtYpteMcQyD-F-OYdkabMK3_CQgf0O0GOo6MFCYEFcN_KWQ-VI
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Sat, 04 Sep 2021 04:42:12 GMT
server: cafe
cache-control: private
content-length: 313
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 01C4 72 KB
28 KB 63ms
57ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CDqb0FZUtNicvsT1lP8AyVa_4VVa0MgfQQP9nR0ka-XJww7x1UQh_aBnDCvC8SV47PWdOpq5FcHelZ7IxjXz1VXJST3K8mXhSjH3psHZqiqPDqfLsiqn1N4Di98wOTBZvZSmcvaBbJMeN_mxAc_ci9AJhklg&dbm_d=AKAmf-AJgRABKDMyHbu8wv5KPZgSfGfTYerc_IG15Le9u-9xg02D385xBim9bffP_I3dVPIkOJrr5c6dxOvrH1_fUjS2FMn-PDSr3NRenkdyjcxrH-_BxRbPRC4YfocbaDYKhQumFZ5Rm4AC-0lGuuWZLj4K3AfM95j0o-_SQL-Giz7frPZDEvpy9LmOHxr3u2TLrSGb8vh-gpI5cV_BcvITgVmRQwEopioGTNJ7VdXKqKIuVXGY3MOEjJN6aCNSX15GbKC4J5U4mCcHf_d21xdrhMAR2YOfS10W_iuu22eIPT3Y1ANH7QaOJNLXKQTJv7B_D4PW96xxaN2uH_XQ-FEI9c0ROJW1B2YXBYefPqi5Gzxk6Xi3SUXYKIv7LJZMrCFZ5VVk72RrE99CmebIKYmT5GQh9HyuynUFCv5cyN8CZHShmqUAnAeu9Z4PYQwvoN9s36JsBVrHo9WOAuHMjJY3_z2b5D0ebb1KM4QxsvTcNqGThfxQwIEa83XAo771NkUbk_7WmgA7yTol5gwNd5_G8Aai3gQP9ncSxjV00mS06m5RW0vVWqgMsmyT2fOcR6SONoP2vbpeDHzUOGs_3uATdvAmnXuD_JAeMZf63zMCvQit8SR8gLqlJzlHil8A5cLxfUuf_OPezQcPt3NB9gA2eUPdBtSfH7F0u-CB0htDEch_tXgs6zIfyadHZkGVPXV0bRRF1BrUEq-BM_p1hSackDa0rU9eXhB8tuus4bCedSf4PyzUVK3y7Xe6mqDxhdbbxnwDydAZXebrLz4j6R2M37zL76s-kcu4xa15bkMkHXvvhdTVGCzehdSZJ35kJA-TkzaEXVFYIH2Rvvs-Piv2RJVLM4DEBxSSg7yAmxjMFagKZbg53kgiXpgbNAL2rey0pxYVixoytAWizO84-QbxNWF3uGDzadN2ZU2JrkolsAD7ldJudxGgOh7CgI5LzKMisuysBiNJd2a40mb5hVkMgJ-SakN1KTOz2zVbfMBQcCZER18pvjGKTPFhuA0i-dTuf-Ov8jG_NJR7uq5HBB1kPBuBsq2WZQPzAPs64fB0gbnUvIUSLLiIHaOO6GTFCapWqpVYfkm5zxiIc1oNWiBYoG697_kE7qEfcf2i1HgSmbl2bvGb07X4ugTudGPX7QHs1QEh0weGZF2XTZv4zmkDcE3R3mvYMjvNzi5e65TMEWPq-jbuisDhB-HuqZ153FUnXJk3JOCxTQxxtmGuRzC2BAdCMW6hTrv9cMYSXaXUtlArDVj8KJla8WU4DFSE2IePS1dJ6KWwtVDMUmntgIoQE6-1QR-1M-m8aN-4txi3M40J6pe1pln_ozkC-VXurHZgX_kHdZqxJV_E6S1172i-A8RHj2OfR_xTA_kckmJzqC0SYNg8algirZRum8gT6D5wUibl0BfjEdCcBMfJygXehhvxDpynKAu7_Gel56CzpvfaTLG7sLqwuPPQAmLK5C6RFGhtG7iqGlCNoaPCAxkRorvdr6h4YUO0nbizipXTEeKnrMA7AFqgrtj1ZRr8_KDkmeDhGO99zdhTQBZF8CSbcD_5XKqUNDL_OB81kYb0gFIS3hgvNdtOcZnwxYryjhvVFte3Pfk7Q9OTD1kUWbEkuCyw2lYHPyGhQaYboMAadGxCfT7yd3s_tHPNIBYnbKDIC7QH_uTVcYphgV0Q0Kqdeh9-skYye739vR58Y0YQtWutVMya3a8hrVBjHROnVcre4Spyg6NyYIQe6S4_G-w4oNNDvwXCPOYoV4FiOuST7HX20Lyyv2e7gAgSPyHLjaSigu1HJDjBspjrmNKSobrGhBecewmFpbdbGe9DysSJWyqxAR52L5rn-cgG7aFXZZeoR7hC9B3Bs2PjGhamU1n3yr8r39iOuslWPjSKRUhT6HYHWqWzr-yhsBnR4BDDPepdlNONFI80wDGT2JTUiMNJinwUIyiaosZsnRPm5yrVyidSMpzOsT9er_Q0Cw1wBgkMQ6WDcWUjFgHcXOdQv5zZglDWtRtpoGOpw905FtmG5rkhIshCi6RyOTY2wSzep-anyxUgQ0uVQR78ByGtOzIJeY0I50S5c3cPfwAo8oSmhkNYTrhoSFK4c3-kbxNupPkgollTT-QLPY7xtSgRgf3-58haajfF17gYsLA6nDK2FeugqHSB-jh1icB1IiBbBt0qVj120If86kmSMfXjg-Fa71aMY6p6H3bekek1W-s-gGoEO3m9Z84Iczff2xWe8j_di5TPGXj_oO9QLxfRs9rONU7bGeZo1rRsTIQmzBaKwAbhYFQZekJ2hqh0WLytclsKxgCnV6XbnlPIELrsN-T4sYdSH89o1_KUK_XqagtP8IZ5vC_xJqIW3fDIbBed8Ous5fdZ41nh6nX0At95fRPyFd6_9kW26n0E1vMXjwi3R7ptHNoj3mK9M5lG9XSEsqrVyIZwDSlbvqmg4nbOtyQFqyn-YBbTR4v8bUbKKlPg0r0SORrTO3l8r0AaB1E0dpBOpJgkR6iyLTeEVH5RaUub-3f8c812HNuW9wEI9CVjK7jUeKy-xzzYz8hVUyO3PdyWZ-z_HYp-B98qDVQL5b0dPaBkHyWuV-lCGuWinSUFHt_sI3GL0JphCbfFVFDkOGjtLLAis583N0Y_KYS9RZSaFByBmFSqcaGfBabauWto-NCZjHq5kwq-M-dtSA8KqPBXOuQxF2d3LnAYA555H9LFC8bvXiCTVbgrQ0yiqmlVkZ34_aCAA2Ntm0e8rEJOzyllAgAOkQ6ErcqC6fKn9kk55lSLGDVGTW8JlCETMUTpUPB8n7T_0Xe_4f9_L8Y2f3PpJtZWgbcQ4zscvnwu5FCYP1WfGYTrNYA_uf6rye3Op1cmbBwnHKevTGYRXCt8t26PsVZXQW2jCfGL2RwnfqxhM0TtCMsa8qSQCxHxHej5I8XHLPn9xzSeP-fWDLo7TDOqaP_wvl-vlTCroJVhfnJQYK6c5lHvd0e1SoUrP2iUv1zmXFInaVriGKWEDCXDAU3TIZg0R7lIkceLnLz5cGv2kq46J8rjs1OG0Q1vQ32WOHD9WzBO5MbsI9qZzc7YucfQ-Z5PEUVah0H-eRcB95Jts0rclt9nWwU5cCiUDyIC06EyKj8Z9wpKFViDY0UbQ042Y7nbNJb1KHXBwDqkwhasr52zlytEbKeuLLNk_ds7fGiFQAHNul8rGke2KwG8eWPUT1WuY-hb&cid=CAASFeRoiQzQQWwvrruVeI6KDQziwo4-qw&rfl=1%2Chttps%253A%252F%252Fwww.123greetings.com%252F%240

Requested by

Host: www.123greetings.com
URL: https://www.123greetings.com/events/fall/?utm_source=Email2&utm_medium=Special_NL&utm_campaign=SNL_sep21_events

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f954e3714ac118e43c8dd23cf49cb3fb0ed00bb9bdda3b15f31346e91e4da5c2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:42:12 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29045
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 01C4 42 B
63 B 44ms
27ms Image
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-D_JoKiWQwIZO-jA1doU_7b1iCKvJ5FmL3S31agBU-Vs_oA_hsedf_iKgksCjDaIXVUBVJOjnDVi7yFNForWufXbVIxNEqggWbJPhYb0CWJHPNH6lE

Requested by

Host: 8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com
URL: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:42:12 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210830/r20110914/client/ Frame 01C4 2 KB
1 KB 17ms
11ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210830/r20110914/client/window_focus_fy2019.js

Requested by

Host: 8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com
URL: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b6f6d0902ff385f68ec17c4c059d4fe89a0a08f1c022ab70580ea8552dfc0a11

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 01:21:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 12056
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1339
x-xss-protection: 0
server: cafe
etag: 2275704724217174249
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 18 Sep 2021 01:21:16 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 01C4 122 KB
37 KB 20ms
19ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com
URL: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0299ce766df424b69a25530d8afe7c2352cb6240c7510fe7be67d8cd53bd3467

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:42:12 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1630496346997469"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37796
x-xss-protection: 0
expires: Sat, 04 Sep 2021 04:42:12 GMT

GET
H3-29 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210830/r20110914/client/ Frame 01C4 14 KB
6 KB 10ms
8ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210830/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com
URL: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

114dabe187311ee2e303549831223ef80d06385cb854e2aa1647ec1e0ca148f5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:35:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 396
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6183
x-xss-protection: 0
server: cafe
etag: 901432759052127119
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 18 Sep 2021 04:35:36 GMT

GET
H3-29 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame C991 499 B
334 B 21ms
16ms Document
text/html 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CLS7QxDXu7cBGJTo2ngwAQ&v=APEucNVpxgLpl0Tsaek-thMHYTAWE225dDjKzoHAyD1Kmnk7ca0b1ndj19fNVVGmxBLPsLVepNMQM4BihlJl0wKUrHe2uEMnLw

Requested by

Host: 8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com
URL: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

583eda12fed77c078f7391866e53eedd80aec5b9b178a3537a3c4c3b09575485

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /xbbe/pixel?d=CLS7QxDXu7cBGJTo2ngwAQ&v=APEucNVpxgLpl0Tsaek-thMHYTAWE225dDjKzoHAyD1Kmnk7ca0b1ndj19fNVVGmxBLPsLVepNMQM4BihlJl0wKUrHe2uEMnLw
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUlb555oO5Ok7gtYpteMcQyD-F-OYdkabMK3_CQgf0O0GOo6MFCYEFcN_KWQ-VI
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Sat, 04 Sep 2021 04:42:12 GMT
server: cafe
cache-control: private
content-length: 313
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame A44E 71 KB
28 KB 77ms
70ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DEV9igi4UlzWq0shfrn0Zw-f0gJgNgW7YIZAQpOFQnW0Z_0FVrhNwbqtz2d_vXAoB_9ySNzXyM6ZBwt7oxz3OxNmL1RpGhR2Siy7w3JrXM4bDfloNbbvWwkCHuz7_tbTypKoQh4ld4YBqVsDkKvlVXOYsvtw&dbm_d=AKAmf-BBsVphl-pum4uenmLMrsD0HOh7g4rmzURrCxDicLKDgnoEi6t_mLK5Nh7U3_zAx_HsgO3auBazPYm11ieitpEywbCELYJzwtAO15IJXlNXZti9Vtn692mr3V4JL2ZPfaAMRueDhrMwJ26GHZPiytDANlQOqAcUUQvIv7nC3z_dtUr7DXfY-83XVmlRMhIqAsuhb2pP2C-irNtQ79u0yED25kLT4sMHz3HSHzmEyIIo5exKNakkdlbmsPs_R7UynEptznJreJW2vnKDYcN9Ckd9CIFUHA6CiLanjwgHQkCHnMdCjhjTT43B7yqvPRJ1IDYW9287D6lNYk92Nkmt7y3ZL28VInVusWacgFNNOKaQ7VqmnSqF_d36iYROBXj3fu2vSTyNPgO0gTK32kI_9vtZWKAyxIS5ZLpiHpmuTZfweuvVqRf06S-LlQVXUWcEAJq58EY_PW3ZdU7Rk5piU3hVIJgw0sadcMTEvPBpd34-XA5BoxiuXKeKrTsIY1cOOLPNaQikAR43TD1ausmwsxaTjGk1PhmJ4YoNvGIJJdfAp52ndqAlc0hqzXTv3nVi1VryvxT6MfoRBGxHXDebxHyH_6hOJE10fdR12iC_TOhAdV3EtXzkU5wKWeggjMuvMQXLXKw2vdjiSJhyizpk0wepHd7krS2oYpFS1BsqEQOP1yqIddcN17sEpFaJwSI1SOkWkO8iUspJ5FoQ40djlHwEMUcZMlyTZVbz2TUW-COgqYdjDJilKldBLUwWPwqvxgzNhvEpJdR88_favOK9Szd6H5Gj9SgmMdr-4urhlWG6RIDLFwlEO4KzReR-yjbZMDvblKK2uOZcaZOr88vVqhNcHssN4F_nmKR95B8cM_KdwWyb_CV2S22hmEibrkj8zHGyvvqTnB7hEOEUGGWhVDAPXE0s5sV3FOhByC1bvPWQM76I0lWKvMAhLuZo1YM68qDD3koc8RN6q9VvAoi5DWtevyvbabYWClqVaZq_CsV4mkXuINFdi_bOQvBGRHBCUhfUvkZFZ2BPfM1ptL2B-vaKAoxXbDYe6cpxe8NNUs8z4BiBT7Ci8uYorKiG69MeIiNmfQIIsIizcZAg7khdz8crsiOY9kvQyawo_FRKqqYea-d78h1yOMatWUqFD8dwewAt4Rc9z9lbilcxvs8Jkqt9NYcD6cedlybSsTzphkOkc-qdQvaX4nbva-hAdY9lzH8M15zzSc7MV9nmYnucuzD4EzEQV25GAsz7RYN-Gl0O9bR2XgLulCTmSfejl7NmcLNqJ8wFAmfTiKxTFCT2KLXlTH5GVL46nmnzfYSUQyeUVz-fJ6LC9vExqw_jgDnbHJNK0huwwmfMDMVlSxUtP5xJlAT2kErGofvkrYxRD-8lKlunVhKFwcdOaVgnJIlqwUCHVuLuxqgkXj6wovKHlxE7QfqrxaxqWZ8CusG_YEhzQhdM4ECW9qb5JSxPxrI9L_pbbueBZkF3kq5KTFWOpgXx8LxSYcMuX4rNUKlmnHCcJPDciyF28xjJtrg5lyTltcn8eclk394Fw503xzWD0slGepFPKHvjEFB_Pp32q7Ca13L3rNtyr678r2lu7eb4AKx2VpIfMllKYN5d52xKtODYAE3jUf9gms4Tpjfyt8lKv5ug-DmhEjCFrwbBdHyaIpyTZ8N0XiJAqquRPzO3bLXWqkvW05wXtsYKdEq33rpQmR4g_lovQ6VxhMW4zmUjbBKmtox5H89AZNEH1qJmE72xrmF6N6rm0sHceUKMR5c4lqWCIt5LAQyu-I60RiK_FswjxHNxwtlXiGCkraDB2BBMuREMEBSBPBCQEysYiSSKzqzSCLqNeqLnGrF5yZnqptnIRe5vtnwwCnKe5alG20wqC2CzESD8qA_nlNF1YoJ2pIPNaFtDsvlIQSKtBXBi0rf8D-ZxL3Hu3uWEt5RPvh_7V_J0TZjS-BJefFMqPE-W23uKs4MD5pCHF92JuuUOomYBtyk_POmPYxId9uW4FzjEIsbQ7XsGqfjhcWeNcg6Z5ml78Iu1bSwQrG-SYp8CGx255e-_3RojPpRBsia2HuKJ3Zw_SJr3jZsBrkEUB1W4oPcwBtqVWqn0mtTi3ykDJDmMyaQbAXHV5smyrq1jh8-JsFh7MpTZ6bfx0z32lPuUlu80wmL1n8D_57idfRKwl9FP6jqb4q15zu1Mpxk0hySCmPHsOthk0pzmJFOeEnUCL8mVFoETLHEjGeyVH45YhEkrzoQ--Lp7MyV-iXx5khcDZXdqeNMvG66PSgFOlYirhdYMXfbR_M1yxsJEw7aNaGiYKt0dr-Zsqklz1TtMgvDoNK4RpMdmrE85pFjhRC_NSjt0Grz16ZBeJpcURk1qk64HUs3oiZyRnMMKe7_Xs3Smlk3mGBr3BvwHiYMecY9QbD9z8G1orr6rMPPxcY3__2wXWPIvao3CgTACGYRYtd7SndE_n02_oUzacgRI8PCTYdGJ-xFIZKlUe41YVIbTRYAIhSO9Ivkx7MM9w-9JyAiGBi1FgWu_p0ysTMUBC2_VO768AcZoPPTUJNhKdzwwgXzumZKRefowlwtr5N2V7W2cPH6DFZSH6ITSynkI6iUCpc7UdMwbbOit9wjP8gc8If9aCDDarulOM0C7HutzU1OM0GZTAQGZXEh6iafHEqNjqPKqUqemIBUxIgQbDZaj7z5EGqd-Gv3Zv4Y5eGa7zbGnNpGBMSNkZ7SlMFlAU-9yG-vMf_gqswQbfDAbK1phwEUGVjSk9xiqPo4l_xiB6lbA44U1XPMD7s-uEi3bXXs1aNkiNCVFG-8o02lFeoNYWeciDAZUhm6JXIj7OmMbUVZErRTv9idz5Gdl9uD6-tghRgL00F0KgXwyP5ySqYqtf6GXhlaGGNH7ynDg6-k_SAvgdipnpQSkdS89a_01EY4A7vGnAnx4jTMZk6uwe5QLY7ogdX-BgVxpYZgxDR7b8d2zw1ajgvjAJosMM106orrFZ_tzMjSEWV_A4JupcDTUSc1Q3OXfqOOJbCTyIz6d6RJ3P8uGLbM1779kOmmMvPLJRbT1yCCj_yOQy8EIYQs6YydoZMNjN9U97va3np9BTNACLEm26WeVLeYvTe9x66BL5h41aHlVfzaNmoKAPddAOVTFqk4LLuF1zJwlQND6Bx2uoUkYma4qL_JWUER0ZM2NbPcGFC03qFsq__gM8pPL8HOod7Hq&cid=CAASFeRoZZuswbSXvvHCyoYtHFHfWJXCnQ&rfl=1%2Chttps%253A%252F%252Fwww.123greetings.com%252F%240

Requested by

Host: www.123greetings.com
URL: https://www.123greetings.com/events/fall/?utm_source=Email2&utm_medium=Special_NL&utm_campaign=SNL_sep21_events

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

48ec775d3d3c7c54194e7f4d82b1dbc256819da796c9b43b3fb3a8a9de61ce15

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:42:12 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28867
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame A44E 42 B
63 B 44ms
27ms Image
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-ACUyWdSNopAJiENBN-FamH1AZMaIoBJhkAD1iisARQG74YBUg16N2L5zD2OS1o6BtQjWHLbazk_3bvdS_wXB1Zb9UxIrqoym98BkY9GjrfwFpKvWY

Requested by

Host: 8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com
URL: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:42:12 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210830/r20110914/client/ Frame A44E 2 KB
1 KB 19ms
6ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210830/r20110914/client/window_focus_fy2019.js

Requested by

Host: 8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com
URL: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b6f6d0902ff385f68ec17c4c059d4fe89a0a08f1c022ab70580ea8552dfc0a11

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 01:21:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 12056
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1339
x-xss-protection: 0
server: cafe
etag: 2275704724217174249
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 18 Sep 2021 01:21:16 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame A44E 122 KB
37 KB 26ms
20ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com
URL: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0299ce766df424b69a25530d8afe7c2352cb6240c7510fe7be67d8cd53bd3467

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:42:12 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1630496346997469"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37796
x-xss-protection: 0
expires: Sat, 04 Sep 2021 04:42:12 GMT

GET
H3-29 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210830/r20110914/client/ Frame A44E 14 KB
6 KB 12ms
6ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210830/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com
URL: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

114dabe187311ee2e303549831223ef80d06385cb854e2aa1647ec1e0ca148f5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:35:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 396
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6183
x-xss-protection: 0
server: cafe
etag: 901432759052127119
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 18 Sep 2021 04:35:36 GMT

GET
H3-29 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame C877 342 B
236 B 25ms
18ms Document
text/html 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CLS7QxDXu7cBGJTo2ngwAQ&v=APEucNU_RWBtQLvuaPOQv43JOXiFx_oQBZmv8gkMtE9qT3lwpl1PONU2lPx7u7fPSdaMWwoQIf3GLC1yQBlx32lFFe2c12kCvQ

Requested by

Host: 8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com
URL: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5d6b864869c19ea1f500174a8dc3f327fd5fdc7e8f92f569788a6744341e4f27

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /xbbe/pixel?d=CLS7QxDXu7cBGJTo2ngwAQ&v=APEucNU_RWBtQLvuaPOQv43JOXiFx_oQBZmv8gkMtE9qT3lwpl1PONU2lPx7u7fPSdaMWwoQIf3GLC1yQBlx32lFFe2c12kCvQ
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUlb555oO5Ok7gtYpteMcQyD-F-OYdkabMK3_CQgf0O0GOo6MFCYEFcN_KWQ-VI
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Sat, 04 Sep 2021 04:42:12 GMT
server: cafe
cache-control: private
content-length: 215
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 9097 71 KB
28 KB 59ms
50ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CPGndLnJMr_B7dU_-V34tmVM4fjWbX1M9lJ7yWtEw0XkhKtOXnJiidYsjM2LFaIR2feb2h96J-HG9NagsP5bNh2BzJVYUEyDI-xhVuZysgf5ahzE00gqgOIuBqt1fwZ9Il-YS7ClYMDBnNiwh_mzovpOVKkg&dbm_d=AKAmf-DY11yF6zp85mE32-TWCcxOJG-v7oKLn6HQNOVfds_EcSypEtnB9zurv8Vt8Ozs7ZAaCceF5ZdLO-ztgMwCtKCbKYzyH41fT6ogwxp1tw4tFZy7HO0PquFlkDH-vYBn8txglPGHUBepukYAfh7tiIfapWKKnMreuDMyO8uU7MDX6e1haxMk5NndAAEe-tE_WHWPLY22wLS53qZmzgsz1a_eEeze3HKqQsSCVpW4V3p7qHikfzCpUChzsPLaINCEcMnd-JFGkKK4eity0e_yIpre3_XaBmwIUjxSt85RC-u8cuYjrxw4t92jcy7HknUrxMvka8HXM0H1eeu8iW8GNz8HkBNneMxJxolYFGDKd_PzX8LPax7RtTyWkxkgPRLty8mB0KfLEjPQmmzR9j37HIqK5o4VavDemhlIMdahQlMkPfuLT3EfP5rS_o6Om58uOvXEXV7m3Yn0Uj0JgqgqA8P_gFFfP3nq5NA6ePzOtUn0jnl22d-G9H7MgQUFEp-0__zhw1W3QMNMvkyW7zFmHjvxG5ELF6Ayz_9sGyFderiCKaPMl8I6tD7y4cyi7_Hw1u6peULYR8yC73f3O7sF7gBgS7SCC4sPHrOxyaUarxYMAhAuIca143SsbQGZHUHI-nZZIwHVN5XueZuIbMncgbTm5R142upRdgahZ3QeYBbqPYj1oa1yK4nD1ycWanyhSapSDT8Og7EjU31DkjCU4IeMKAbkmDV4coHJbW3XYXb09OWuU--VKgXYrGba_-HKt1SOVdJI4sCWRbcqhXhjX3He9zH9X4y6eVFJedLrYCPc2lDmrp81RAsLTuUdt6uEAq3f6XC3ca99jW3IWkd9uirMUBzhm5iYU9O-zLuLySHM3SdOosCMYLvYYUYzG6zdeilVuoCNgv6t4QQA9hdEqAkqVS_vPZMRCDzIfMqXH70-XuCnPogGiO02_pm8yz0rj53CvqckwNhL_roTjREZXKjHymPLdnr3_32k7y7q7zmxWdVfKBwR0yJRd9J_RQwhlawgiMZZTycXNPfN-KiEVksXDgbumn5TmjG0VI6Pr9CZOP2lD_-XcShoTx_on-e_xvDGZnBQM8jdXxuVmsSPsqVOQkdzV545i-k7K91ta-EDHn3FovyE7S0P6340arFVlcRX8c_EClMAWQsZxxSNs1QYPagHTSQ3qu8zaZjl51oQsSXJDHuW3C0vzIgTD9Ag0DHDWtPmVMdB_JkIJx8JGz630a3jCm2T-tom-6IuXPjItjwRW32JTGY4-rXrUVXOuCgqILaQG2P8w-eF30IvmYu_FXCFvvX0HXxd3_TdpuL8cMjzznHzOOdAm_INMAlH4jBezywVCbth__rJ9STM8xeYECYBfLYZubwGFdi3cpYV2XOA72ZQclnIhdTCiB0UBIVdOlzDS36oFZp4ykA6qli2GUbwcmCiAMrbRh2z35i-hYoy9SKwJhHIaqw8-RGSZAR3TkDfaCGnMQZD_GtWkZvPfIQm7atiLl45c2V3SZ9Cd1VWhNXIji42K6dye3cl1Bpj49aZw24_-PXUxAN9Ho8XIfmvNXd5WLTBJjHMI4x6pqwo8Bx22BS9S_FoKfqDLW-dhlRMBmrnEpaiA2VcJNYkmY9VYbCWQhE84Ppq-lhTCaaGVJHEf_fRZS2-wEE12qLzHDya_vqFv6G2F3hqQYnCumlSppdLmNWZ6kxZ1WgMLr5bAab3fA7JjysZl00tMCDkl_H-jRcPpo78lQdg8MCbBz-WPKXQUYW8Kbsa7i0uM89gC_b19V-2SkHEv9s7vFBJwcDbLrRHTwdIBM3CAcnovQ0M4-OXxHKpOAOvPtDpzSAZWzeRSp1ujbBNO19Etxd0baAH7xBXpkLe_PyUNoUqWwPw1c47r_Letel2rcsBG67lyYjjd_0aBzsjf1kgvD4Mu6Cn8r06qPVePo2kfQQSjDDe_dxZHx9XO9sy06yIkvuwJFWJId_UXRHH9UEe3CanNvZHo8cEE1qD-VAhMyGiqdgQfzrs0Dtd2hFHq-d0NN-HRK3zQlng5lFRE2jwTl_cXD-yQyE9x9qBggyt8q2-qe4r-ds8hURQ1rS8a9lXZTz-1LS5XnOnjorpH_0EWEd0Ex1o0vfS71FITQTt5G0pIudsPm9LxaeE2AspM07r1Z3AGh0VCx6BN4kB7Uqo18Vez78mg9uxLq5tKibGKFGSt_DGBny5VEqEWHegsWxO5HXZ8kwMWHbK7h6FTRpYOFDmOykLwH_zYvxtUyKgIXWPUs2KxgDRxa92Nh_uYLbB_msKnnE1n-4DxLmSWvMXKubIDwdCAKCQ6BTC-wCznd9aLtpeL0vb_NV4uDKHQTsY3ByJtOD69SKed2nl2a3axyZRvZjiQAa2hfDTkyEW2SyCFyEBPxMFYpU609uK0bPM4wVoPfaJB3dDirxNlPSzlyy1L9-lEX9WV7b_GaRQOgHTkT3oUCp__LV57bk2m3lSPAXLsCt_0k0ruLWK0DyN3QXYA1PoRMxKjXhS_GFVVh2_zo4Q1eJsUkCXBL_8EZxhQipPUjPFfHkyeAk0VwomCVNoAnEpJqsmECxj0cXU6hHaFUWZZyi670guNe4wYBf0WqD2zSX6uCBEirkqy_fs7fxS9eJVMHeYGbBq3mLTz4bQGrzJSxes9KUF_gOLLHYO_H89n9CerjwEs1SsGRh1mQjgG1qs987rgkWY4dahUZdx-VO39wZFQ_qQQVbBnd90ia72yIOZRwIY-bbz9toiwzDmlX8FtumpakjhXHcko1-emAd9eDwGj7ugdRs4BX2qcihipcuNKmLgtgnQM9SkVlsdTpXzZfG9NVo6NTeHoncVyDmf_CjIFdwOT3K_gajSF2s3kjMl9op3mdvmMMCrVHiy11t15FUIyt7kNgkMK_Xwq6GB283gnNy_3kFv7ENsGwhNR9HBKIRBi_3kFd7hitiGmu6QL7ml_35IvR07g1iXdbOjd06H2rc9NsYNKd3ZrG4Wsg5RcDsTUWtRsiWIQ9W8Scf1cqEDsTm5fvvVlhmc3fYjEusHTfOw8aaF9prEaMqdY8q93BmQDw7Lrtxk0mCOs3uNAHaHUSz_JFYpMk9p9dWMGJXD2067qjflHUI2-dgb0o-s6R3r5ntr6WEjvCW9Ni21P3ggcfrk_nUTq7twYt4vjcwSnLFmxTcrnc7jlxGfnxs8uHam4_N9ZWlmANNajDpO&cid=CAASFeRobsNR0CNOVG_o7t8IS8K5bblBVQ&rfl=1%2Chttps%253A%252F%252Fwww.123greetings.com%252F%240

Requested by

Host: www.123greetings.com
URL: https://www.123greetings.com/events/fall/?utm_source=Email2&utm_medium=Special_NL&utm_campaign=SNL_sep21_events

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d43839c30999b2062fe54c833b00067c5589af3b0fb0734c34709eb09b6014e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:42:12 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28861
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 9097 42 B
63 B 39ms
27ms Image
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-CH-trP9rTkDSRno_uIglaZn9Pz9ap9-yEYbU4qq2nrRJGjG0_7afBjVseHCtrXjdJ0QCpZq3io1vdldOR24u_q7IL4AwcuGC42AoARvc4mj9yhGKk

Requested by

Host: 8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com
URL: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:42:12 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210830/r20110914/client/ Frame 9097 2 KB
1 KB 16ms
5ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210830/r20110914/client/window_focus_fy2019.js

Requested by

Host: 8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com
URL: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b6f6d0902ff385f68ec17c4c059d4fe89a0a08f1c022ab70580ea8552dfc0a11

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 01:21:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 12056
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1339
x-xss-protection: 0
server: cafe
etag: 2275704724217174249
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 18 Sep 2021 01:21:16 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 9097 122 KB
37 KB 37ms
32ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com
URL: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0299ce766df424b69a25530d8afe7c2352cb6240c7510fe7be67d8cd53bd3467

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:42:12 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1630496346997469"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37796
x-xss-protection: 0
expires: Sat, 04 Sep 2021 04:42:12 GMT

GET
H3-29 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210830/r20110914/client/ Frame 9097 14 KB
6 KB 11ms
6ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210830/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com
URL: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

114dabe187311ee2e303549831223ef80d06385cb854e2aa1647ec1e0ca148f5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:35:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 396
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6183
x-xss-protection: 0
server: cafe
etag: 901432759052127119
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 18 Sep 2021 04:35:36 GMT

GET
H3-29 200 view
securepubads.g.doubleclick.net/pcs/ Frame 9D72 0
0 54ms
51ms Fetch
image/gif 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvff89FAcj5FPK7yQH5cbTMGMYVp2BjYm8iUkOV9CQiuip0evOB3GsZHjXDpfPjTkFzgjKKtz-cbJyETkL7uefeSJUPXyCpO21LYC6MdnhQHVntrXJ16Q9hT7AXFYNpsKgQVFT2JlmL2jje3iVtP-DWAp5hlneam_vnvrURLJKKZ2aL7oEcIu62_v2m9cou_dYBpmQQK_auXUr0xD-0yMVfThC15FkZyOtuBhrWndXydlxHkT363w1hR8fvfe8QwpFyGsDCgwOZTGzRmMmRXHbKCXztdGm6MJHQ4B7VTJhjvsr9llCCS4MPGpVA70uYPz9QoTm27RuLQX6pq6Nw&sai=AMfl-YQeNJ2VVb8d7DX0J5FypMgzimqvRwNnTDQ9yeZ74uMEViUcpM10BnbE05IWl2q8uyx6mHsY-9RXmg4YF47w3OvC3DaaplYwqYwxA5Xvy0xGjy1K9LwY-ZwoUn5MInQ&sig=Cg0ArKJSzCpxZ1wrzYYHEAE&urlfix=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ%3D%3D&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 04 Sep 2021 04:42:13 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Sat, 04 Sep 2021 04:42:13 GMT

GET
H3-29 200 view
securepubads.g.doubleclick.net/pcs/ Frame 2DEB 0
0 45ms
45ms Fetch
image/gif 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssYOa30RPl3sZhU49jryV7bn2GEktzyDPVEyPL0sVO5LfB3O0fTaC5yZNVmbz90Tifxn26RgAioweI3SwEGXraJMaDEHYCZA33PJeS270oloKvXIfbrgzPvPTMRFCIM9EibUiRvtyWhESOmlxWiUed0eWJCycFy4pi_hgKxz2LBaV-tcOT-1BdieNHyPF-_85Je5VQQIUfj_9AIBvHHvmzd0AHBHDM5P8kr8dJDG7TmrY1Ez3MzNncuY-vVPruqGlR8OAv-UDpWHaB92qjMVMujGPj1xGT0hpTNnVvie2y0Ugfy58KzbQ-bIl0oERVl_rsQf1l14f_YmA8DxStNAYLu0IgHw7ZF&sai=AMfl-YTfzhAE7Py7zS8hwGsKDPFU2Uol5NPMLq6VBtbwc9WgOxaFcQ4t8ZIV626mRji0Y9AS1ahcUubXgdN4DIj4eXvOO1lRhleJp0iHInpWf8QFKBudcAu_HwM6zowvr3E&sig=Cg0ArKJSzMp0dgxcuypAEAE&urlfix=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ%3D%3D&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 04 Sep 2021 04:42:13 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Sat, 04 Sep 2021 04:42:13 GMT

GET
H2 200 u_d.html Show response
cdn1.avantisvideo.com/connect/ Frame 88B3 42 KB
15 KB 8ms
7ms Document
text/html 2600:9000:2240:8a00:1c:38a0:8a40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn1.avantisvideo.com/connect/u_d.html
Requested by: Host: cdn.avantisvideo.com
URL: https://cdn.avantisvideo.com/avm/js/video-loader.js?id=1c35f5e5-f7c0-4c97-8283-6c9f94ba8c53&tagId=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2240:8a00:1c:38a0:8a40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 3fac6fcea268523d827b4512f268a9bb1df0479b8a4603d118c9e4df7489a038

Request headers

:method: GET
:authority: cdn1.avantisvideo.com
:scheme: https
:path: /connect/u_d.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.123greetings.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://www.123greetings.com/

Response headers

content-type: text/html
date: Fri, 03 Sep 2021 05:41:35 GMT
last-modified: Tue, 30 Mar 2021 10:01:49 GMT
etag: W/"f5694815436f3e426c35d9ae8274ad04"
x-amz-version-id: Ftlos22uEwPvOcBw5odXpMxKfkl_0T1Q
server: AmazonS3
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 814952d19d560b49ff15ad2f71e400d3.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P1
x-amz-cf-id: Ix5v64Hch6FZhuyuF_37-f4RZhD7ZLf028PBjBd6wWcfn5zz4gnnIQ==
age: 82839

GET
H2 200 u_d.html Show response
cdn1.avantisvideo.com/connect/ Frame C2BF 42 KB
15 KB 7ms
7ms Document
text/html 2600:9000:2240:8a00:1c:38a0:8a40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn1.avantisvideo.com/connect/u_d.html
Requested by: Host: cdn.avantisvideo.com
URL: https://cdn.avantisvideo.com/avm/js/video-loader.js?id=1c35f5e5-f7c0-4c97-8283-6c9f94ba8c53&tagId=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2240:8a00:1c:38a0:8a40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 3fac6fcea268523d827b4512f268a9bb1df0479b8a4603d118c9e4df7489a038

Request headers

:method: GET
:authority: cdn1.avantisvideo.com
:scheme: https
:path: /connect/u_d.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.123greetings.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://www.123greetings.com/

Response headers

content-type: text/html
date: Fri, 03 Sep 2021 05:41:35 GMT
last-modified: Tue, 30 Mar 2021 10:01:49 GMT
etag: W/"f5694815436f3e426c35d9ae8274ad04"
x-amz-version-id: Ftlos22uEwPvOcBw5odXpMxKfkl_0T1Q
server: AmazonS3
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 814952d19d560b49ff15ad2f71e400d3.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P1
x-amz-cf-id: 2J_R2pJq0oepFqftBiZOH3acRt6AlnyUAwjxIsVoo87gnscGxhG6lA==
age: 82839

GET
H2 200 html_inpage_rendering_lib_200_273.js Show response
s0.2mdn.net/879366/ Frame 1AE1 169 KB
59 KB 28ms
7ms Script
text/javascript 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_273.js

Requested by

Host: www.123greetings.com
URL: https://www.123greetings.com/events/fall/?utm_source=Email2&utm_medium=Special_NL&utm_campaign=SNL_sep21_events

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2cff7ab03cb4e476b49ea05511c6cfcc71af6d5ed20d40e9b40ee31062149e77

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com
Referer: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 03 Sep 2021 10:43:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 64735
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 59842
x-xss-protection: 0
last-modified: Wed, 30 Jun 2021 20:54:49 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 04 Sep 2021 10:43:18 GMT

GET
H3-29 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20210831/r20110914/elements/html/ Frame 1AE1 8 KB
3 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210831/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-Ak5SprU_tZjC5EwirCy7eyL3tyh3e4CZq5EP6r20ePwl2zbf2AlrosYJhzR3zsYRqFJIRVLRiRZABEDywz18kitlkrrxoNunC0aMLUARs4rRSZZrPFcjCToFTxfuhSVh36CwjoGLFjRjEds0W0z7qhokYqoA&dbm_d=AKAmf-CL8hofJ43iNHJl51cmjHydAVUFG84E430H6zwCSseTw_R_jpXz3CvfHowMHWceEgKnPGjlL_1HKEYbXEJTbfNHLdJYaHT2vvr3y9dxUUV18lu3NWrJLE0whkM_8V1HfoQlmxyEkyD1SmSU5_RMJahsqPGNIMX-8JZNnpu-yHWzdsaSAD13VtRXfAKEpb5f437HoIHVTWvzEEjmEcJO3zcQIOq951eRfHc6ApbkwUwH2m6bSwFpCCMh1ZCLaoYMA4Ji8-2ocesxiked2EnS6rGujx8yUSw9uU0Nhssdg8SsCaxsdGp3WJqo0_ePF0UQ7zhmwC31aF7JWiE_OyssbNN8Kf0cwoXZ_GewMKnUrEN1_ZgMgjiHi4JA96zrO40ocBLmGLO_7c7ucmZEjv0aV9eS4dHU7jM4Y4Ri76166bGkW4EgAKkdsoBTRRYLDFumUJs1DRh0gQRwe-wEXYUA06xfE2B-kl8yG3EppHWHUN0elz5wBG-3uBPl00lehunaz_8GcKU6h-cy2Gd7Hbgz1DsXwmORflbxioI7lz9lIbMtuuKNiBX1Y3YGFbtfu8DxmZhUM3BZIUt7SZPONyRqKk_YyCQvt4UqIB-OfbTHJahrIbwF0E6ZD9MyF1jtL9aIeAGAuDg5zVMaCouvbuKev8dCCYnjhjF2tgbMut9j_GlbWFQ63Tfk5tZTSaajr3yvaxV78iNQsEbx4u8Q7RX8SdAs7-IWbZMKeILA7Sq6aImj7FD8X1SdbXJnpntVfICpVQWXJ-ufVBlx7vM9YMn_Z2dNisYqyL1N1XmMbIZDTSdltBpe11RIpRlqQV7swowg6yFNO_lk4CvfsgRN1APU6eugE-zuDy7EW-h2xK5ieJ-vjguLtVHxHEaMeD-cOSJ4vC8mMkiyJSeqc3FI18oJj7mlF_x4j6edfEeMoV9ibIleQPKJE6Xj3YlFZhEf6M_eHEtZLak7PhGScUdgv4XM30cjuGO55FhXnauuhsAA4vx23hySA-aWLxY2K2Zm6lB-LYfnEWDmOQy-IZgAG4OHvIJt023eZYGjMcgXkl8iudlYgWfF1LQmMnjbGs0bTSPJ02SwxS3gl5RlRysWNRCI8V91KI4udCmQsxHp7O21Fv-Y6ZOHvb2snb21a0jJ8Kyxh7d67TGg42BuSLOdMogqYnXmKI7gRrJqFtlS8lZs7Zqbvy-KMp9BU_giTL7Paia0lF52lmrNF5Jhq_9dnSxXCCHKG8B8Q9u8rHNxyqoD47Jih3FG3g_koDwJWq0Pen_AU6DCI1BsOw5_diH4WMkyBy1TFSHok063p0wlpZtOP6e7_KXDhBgYnBXl9RmtJjTWcoGsqhHJgjXJj6TVRmCko9gvGzPqc0kKPqro32noGu_6f-wFDO-E0SMmnluV-IF6yw4ELbN96ChAArl4QOT_KTiuuqoPiFPn1-pE115-St3KcVpKwc1WrME-3zW-u5OEfk4tFPYGVRAgYnDhRfDrGA4JJCvO1XIH8uUF8jI-MjS7RzEcKXN4CFBbSzALFQkIRdxvTzdLHnz8rsO6JNhi-yUQ2U6RDmcXPKjXZiHen93oSLMjOekmHX5HuWQI3T64Cl2eNt4Wcrbc0nHtNohSH5kF45olxrzUJbcQt0YBmMY7BC2-5fH8dbgQRsszmmDeTPf8iRhWWube2cnIHEZWnhn4tauzv2vjDZ5WUS299kmFjsilbz3o835751HkkcFKpsWas_RrUBu-oBlBLzNib7La6QgYG9o6WKXN_wdkXBSOWJcq4NdpfK9AmTSPDUYKeWApM86f4RlQZgLWio4CG1sfGIwIDIR27zMh135UVIiF916pHDQxdrFw2quZpDB9vkOv_7JUvOEn0eNMlLcSUd5065AUfGRFpG790u550SpltmL9QkL-KjRzUc4Ovwh2a-ZHYBlZ3ar90jSJlpc2Sf_VQhVgg7PlkPrMjUVtXTyFNFtV2_OgYS-sbh87Rsxi8ZSQCBMBU4VI_nNbeqXRfIqnphtpu3fcywBFket0FOkaAEnC1ocxx0a0LgghKeJf-90QtOWtQql6yjwHo55iMmBAaqVdN7T-I6h_xfeGAM2Ud93IOPpzgKQ7BbIyd8XNzNM9n45k612Rk74TJFdd2UT4xPDLtLda7LB1X9VhEZ8DxhnbI3MrGMb1Tk5mvoOS4bQPaFW8c_-3r6jWOtHDAmleKHRDM1AAbjYQFVL4P_By6ur_wkPE7_kiC-camYyE6bbJJgoEHrE9OyGNs6h7z8DoPsvWQZtFP7hnQWwlCNY9xPvuQ9fM4MsjdsRSlzPqateB9YLzNzfAxba7VvmBIKHWXmpmeXfd5VJSxB5pZlya7sHYDeyJk2FykXiTFpp1OqnG_s_PrtGewZEgfrsE_5hq6slShgsCCTBTmi4XolSAGzFyySgeYw0SX5FXmqrn4JCJlj5JDm2eXjbWdGkElo5LFWWXcGazZJgu5TC-PxCNDVewXclXqLM-W_y7tBrY0apfeRMEiWG5ghntUAitMbDqBURSVs2CtDJGqI2IkzmB0BzZYgsPUstITQfHNqwGn8Yjn2hEZbTFPqS2ADR0AeTr4YhR7iaH18l8MHw7cCfDGg11T-tsmp-R8xwqLCcoDLViK3G3hf3Mj9VmcaR7Fs8SZmI_JgEKGCEJuSSiMAUbw3rH4yAKUrh75F7BnM7WKwQC4hX8Irb3p2wmoH5pfwaUHpHcZH1bxyTv1EyGCm-G6tHzcDeLYaiknKD7vv53ufjKCz7kBQuGnqowa8IBfstAqLRLXN1b-jeqgMPqjZwaKF1Lly_PVvGDyb3ce9MiOvgjNWPFAq5xIxeEnx-B45QbmGkRpw6jDaU3wjlb4I1DJvEixT4hQiyHnF2hfUOSIo2v6TVYZ1VzKBRO0GatW-813G5vPVqG52G6pUf4k-LFh7InYfe9a5gm1-W7W-xLdEcWc9gSPoNhgd7kS1enX3_tCwsI0cFAdHsneOoouwBoL_jbAJ6YEZ9iZaxDdpqfKz7_XD1K3dm936zAebNk7m8vqTlj6eAMDHc7eUHonDvmqTK-EGSedkKE1C0SyzO_gaBbzUK7r4yULp45ya1Bw_qYKP0LYzC3e94TBD6_6_PJCdTqz-jYSVJ5C3pZpOdKuPlRrbcxuTexrnpTeHOQ-_8env-PekXBAeOXPh3euj9XHgzoUd8&cid=CAASFeRob-qYwbOydzhuJYKYR_uGCj3DeA&rfl=1%2Chttps%253A%252F%252Fwww.123greetings.com%252F%240

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

966ee1486939f4b7c9815a6ce8dd42420c5859a42efdbbd5b91aff45e0b1cc38

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:14:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1668
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3124
x-xss-protection: 0
server: cafe
etag: 4537136162986801320
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 18 Sep 2021 04:14:25 GMT

GET
H3-29 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20210831/r20110914/ Frame 1AE1 23 KB
9 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210831/r20110914/abg_lite.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5738c733f2f7b04e67edebebb67f01a2022d611ce73cbbf9ac15aa8186c6613e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:42:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 9
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9263
x-xss-protection: 0
server: cafe
etag: 16747441857000454541
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 18 Sep 2021 04:42:04 GMT

GET
H3-29 200 html_inpage_rendering_lib_200_273.js Show response
s0.2mdn.net/879366/ Frame A7DB 169 KB
58 KB 15ms
13ms Script
text/javascript 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_273.js

Requested by

Host: www.123greetings.com
URL: https://www.123greetings.com/events/fall/?utm_source=Email2&utm_medium=Special_NL&utm_campaign=SNL_sep21_events

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2cff7ab03cb4e476b49ea05511c6cfcc71af6d5ed20d40e9b40ee31062149e77

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com
Referer: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 03 Sep 2021 10:43:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 64735
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 59842
x-xss-protection: 0
last-modified: Wed, 30 Jun 2021 20:54:49 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 04 Sep 2021 10:43:18 GMT

GET
H3-29 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20210831/r20110914/elements/html/ Frame A7DB 8 KB
3 KB 9ms
6ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210831/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-ByPikWbFtyHVyaC5aQJp6_ATMjbdDMs_8M1Yy0gjfIoBEM9CwuIQRl5SvJPXILI8BLS4FTSSAW1V1-K7DtfM62VJntXcfBDuyQrKmuugmqOHUPulN8_UMWGDbu01YccbToHXQ6dJElZu2jwRHsQLzkIsMGmg&dbm_d=AKAmf-BxLVzg_AbJDxeHkl6NIPE5g7xqXy1dwgrqr8K_G8jB8kf5qKanAurtGpX7c9jRds3xcLz7SkgPBCW7-WEVr5NZzHErbDoFyFCLjYFxvt6n9nAtvt24XVxc6sfKjqZ6ZAq7rIja-hhqz8TM8vq7hpwK09KLzEpec12aOtHvCCGTrnBebCuGMzpq11Nbq8iua7VPTVIV9DLQ4Gf13ltWj-yMwJ0R17Q4821Bpi5rCUf5Dtd84dM5RFXr-8bNRPecM33NGUr_HkEjMlknVe3x-pmJrg8Cbk6U_lLevt0DQEzziHnCdmEMg_3LN1EgqVJXQXYtYq6_1SimpZ2oabhVOjMSh9iiKEli_0nnimApmK71TLRXuEZjmTBU8LDUfLlSnywnNZyHeOvY19iNtTXyeuW3E3OWTqQcVy3AOeJo4hX6AcY9bN9Vtq4kM48W4hOAkJUR3_AMj6qI_6yqkW8AFfMLzdDojqVnw-o6OKOKXSFNZ86nooN_gXoP9onwRKv-ZCqfX3PsfvfEdMUWoQFIK_gjvYkefCxL7-IQg5BXOzxvLxkJizcJE1QGv5RR2qCGHjZqQtvX_7J5Ep_g0jMC8NeuKPgMjDgLuRUDRGSxAxLWJBi_O7Et9moogilSGUZIRBBM0-5NEANIEKGxlBdyC8qZ9F8Kg8PrY3gknSnlJ1CRZvwMtoAk7hgfeeSH8_-eSdfpo-HZNvrQNj1-YOHD_K57v3OZBAahMXpW-n4XQndW25Jaq0rp8tbifM7g8znafx2HK8ns1bSyHCRocYaS254bMKen_OaYlZlVczGNjr2sDif1ldlPfExefSTLqqXG6fPQBptlujqh3LII6t4NgAFYqER_En4V5RYpFw-vekdjCLrEIuWWxVKMBM53aV75nIYPxPVp_maq2FP4rgwvIVMTt-gR9coFrbMw50DJpM5g9czA5TBSaAci4-5SXhcLc1eT7-gwV4qJ3GYK-QissfemcyN1YIUpcS0Yy5gnsXTt3Px5EUefEha_aM5jKkpOdBSb-4gSTUskSnreOI91JQXHpMpfsyPsNFv634gnE2oiYRCwtX2zfc5N7Y3OPRK7PsP_kkMRIOKHmZLMgtstGp4N2qaO3Oav1qfKFtq91JDcgzz2GUSS2pKJLYRoLvI2FrX9pusB3q1oGBxg_F17cnOQeA52q5ldd9WZF8wNfgFAvEH8ka1q6zrjuvt2_y_2PfbNJjgxHTZ5cgw6h40GLnCOlzsRyggBM5Xsmhsv_Nm2RArLu5kcR9Dm482JlSU1wAESSLaZ_uNs3o5A2cSfnz10gfdhom1ynnNFrkXx1uOUTVYeUvhLfF44-VyalM4lsnXXMJfFs0xIE-inqqcelM9ddYrB6_TA3tLyMPiYKGKWzwg7dNR3BtIgsR45Y_Ir60Puf6iv-eGl32ZlMYAx90-xxF_oEo63wNbSK8NkT24JRoLNc8_9P-fgOkPF6-H2My-ImGb7AQlQC106sZCv-RL4iFMpE02Qs05xOENVaMf0-KPkRD4tg4TjoQtFLE4DjRsgkOEVbnzz8OWd_LoeyS0e_GSAP6Vx3-CNm_51c74tg7JsfWgE7C1NcSqz1_5HEvC_TvadAopmmln_7V3p5gUAFV0dMXiUXZEj7yuUcD4ebtyF8MpUsbYrOAifMdLrrL7WaUuXKMCagQSF6EGjCCGZOsNUADlkDiNwqZNcqD8ukg-m_YawIbtB5l-j7s37LoqrmXG_3bNeoc4Vtcec1Hi9KzY9VPmAf8pUSdrq8eMgm9UmlCvLYF5g5lZb0vUU7I9DIwI1iEhv80DF1isT4epZi0u6SzqpMaBkg0v16vTBjdyE7zyx-Aq-7v3ashvAdn-6EgIrSH2irIG3vMcYnOJYJ1Nax77Pm4EPyLpWx3XxR8sikz3Nz5IFpSo03aOZBqVu8xutSDBsgSLoCMteWb_e9ATxSgg2uSf0XuW1mbw1qKK-zz9DuHH6VSedQWD_f5rXbRalsdTJjzmy60k_mTwkYc620rSK7XKd3oawBwGnLL5mio6Jb0kORSp__FbYaw0wg7DuuqOPdGFCfU024728Dt4mwvKf47omszZnp16ItfGyyDG8pLgYMRF7mjEbEK7RquXKwDKXpNK_pzjS5vlqeyZvNKgbsAP9F7FNu12bGJ4caLARAQ-A-0MDOysm4gg7iy3dtIdkeysxROsin-eHHib9qbuNiCECrkKLCdefX6CFf1vzpp2VpozjTUD444jq5qrEu7LSfLq9WefSfJJEvFZxJW3WVNoQ1UPquAt5XwWLU0s6a17vSwr8MQe7jVhO-qQTBdtUvJUhIkHhvyaFyqGkhDuib21Ze3jeNOq1I_ujCYEeyJU7DhuoA9ypI8iTdz6iPYAa-dxEHmw4MnTTqlYNlh1ZBsBslno968LamRd0rqsfEIfhUUKH3zZfHmgif_yy-mHLedEgWfSEaHUtjK9b814Rd6G9mNSwAzBtsKwT32fR9PYRI8wrwam6STuPlRGFLazoGi_36qRKYZAkiHtrCeD61gibcGdYUy047xEgq209y7vvIPQvwlycfQGJuysDnG0an2HKZFcbD7K0gTToLZUcOc6-4TAORw5YkSIXfqRROmDhpNdmtP2ESeaWhlPbYXlv4Ikqmrems8D32IZa72ujvxizECj5ODgThayiFP7zUhdkdMt-aE2PxMmns26nvvBzYapgef34g568vy7ZXM3oyGgirFys3w5m2oBDDMUv3Cj3FNdykRAXLIwWP2UbJZGH7nRCJvDRT537ty3uQfDBDpeFLTg5GQiEnHP0vW_nd2HbaLcw9oBWsaORb6OVi0XQXlgig4aoJWdH1tfRvu6eUEaLE6geESrA4rVu34DTQXlYeyxw2MYzNozG5JWWv1MgbRAadz52yksB0eK07SuUx4A4-PR56rmoDGzfCl28r06joQ5jCreOWoV-Rbb-5uom5ZTinSXrUOoSRV3hG2I5wBU6GWqXHdsPwtPGh_-ov4k2LQt6iPE5Zz3_1D__WUTJCbPJ90eXa_Izi6wN1MY4f2654j-N3k8Ob-iQdtKIpvV6tpDSuM_Mrahv51aMeYLq6U8GflUrOt7wGYyHBzVTqY8q3T9bpnVkWcqdhIQQTQ89mvMIFE1dgF2FaD-hdJ9Pix9BRn2pJ_xFvbICsjsdK6SB-KFbExpC-Jn9JANysTrl_1JM9GWcpZTK6WCZ&cid=CAASFeRoZOWs1v5I0qaLPnyBO3yEojYZlQ&rfl=1%2Chttps%253A%252F%252Fwww.123greetings.com%252F%240

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

966ee1486939f4b7c9815a6ce8dd42420c5859a42efdbbd5b91aff45e0b1cc38

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:14:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1668
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3124
x-xss-protection: 0
server: cafe
etag: 4537136162986801320
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 18 Sep 2021 04:14:25 GMT

GET
H3-29 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20210831/r20110914/ Frame A7DB 23 KB
9 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210831/r20110914/abg_lite.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5738c733f2f7b04e67edebebb67f01a2022d611ce73cbbf9ac15aa8186c6613e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:42:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 9
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9263
x-xss-protection: 0
server: cafe
etag: 16747441857000454541
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 18 Sep 2021 04:42:04 GMT

GET
H3-29 200 html_inpage_rendering_lib_200_273.js Show response
s0.2mdn.net/879366/ Frame 7214 169 KB
58 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_273.js

Requested by

Host: www.123greetings.com
URL: https://www.123greetings.com/events/fall/?utm_source=Email2&utm_medium=Special_NL&utm_campaign=SNL_sep21_events

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2cff7ab03cb4e476b49ea05511c6cfcc71af6d5ed20d40e9b40ee31062149e77

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com
Referer: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 03 Sep 2021 10:43:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 64735
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 59842
x-xss-protection: 0
last-modified: Wed, 30 Jun 2021 20:54:49 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 04 Sep 2021 10:43:18 GMT

GET
H3-29 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20210831/r20110914/elements/html/ Frame 7214 8 KB
3 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210831/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CW-z0FiRwCTGMYop51O91YwPjgNSi48aVGVkwce4mGjLSzHNVcnQj-3ZQKLzxYF09mm1J6Q1MHSdWazDjNynOElB3DjTCGiZHGhWVo34SaogvJqB7JoCE1UeLfWoGGXDSj9XPE8G8ld0Vh1cJPvkG1ZTHCMw&dbm_d=AKAmf-BJKB03hA8PEbyy03TbyO4T8caNpiJtKA8v3pX36MbO7GiiMVZkrOhDV7JaF7B5iQxGmdyV3vnRhWsdJvXvOYpgK28VkKIcXG3g8_ZK1DNYZk5qCAHE23Uu3SkuOqzAliuQ8_IMUP25x4IA5gEVwmuRYEq6nxj6IGmRBEuZ_QyA9bpCpPIbekoL7n6n1Uo513TLoLDM8-zrU0m3ZdWXtiTh3bkwZob47Q6bicm6FPZfifjHvxyMxCDB5iXYQuBEKywwuGhoPvF5834KAsauEphmrWhMmovuO3SnZyGHr4-O4SHI_IJS5attmT_jlp6x4UfikwuDrTR5mev_GrzYybqh6-TVfgIHVjhIXsTqF7xTIqnxDAzNmC-Dy6WnYWY1iYY4StDj26X4CVZJ3P5NKtVvf3V_66KHjZ3TcoC1qo2EniI1ItRiWYEEEyP1c2gKVPv8-nHI7hounL64ojq3XNJn6QATd847bgVGQSb45tVWj50F02Rx9KeiuLZ67enirt534y3G-4DZN9nZrfDxl6EE4eD11nV5mmNsumYrSLL6EDitU0EHbhcifi91akb8lTmULfSfGfKY9On5Qsd5glXV2VyKUa51SsZI20b4tIzeQNY1GO2RQfvIe_aXx0_JRyOB3QRuiggQybplqWxscnLjWXguFku3mTEXgm53_Cnj1MeIvEkx_zHeOMOV82pHcPQAa33KkYF4e7tYYDqM5L2hJqxk178SlNIfYVVZWG6MI2G27wb8EG_JmQq9s9v6vTBsyY-jxo8VQ2va4ZCRyf1YwtmuhPvoCHNe1lAb3JBzQW7O11icgEXFMSIPcd_qZdW3N-z36xyOvm0vAMcZi2xNdlD8v-zXq-mHPTIpLlpqtn7KsSlqwZSV1cL3q9k6qaXLWqPqHPhtR2iT7yV_n0qaRrAAB7KHyc-G6SpEsWyJzhtcuEbMsGsw1btEE9eXRsRqyJeD8SUIPstTFu3FLoCR4hUedxqr9wLJ8rWkgFGCWJghzk_0Q9eIYobj4fUm4gm3SMMbYfcbmUz4drNwTcu0mhpD93WZBhIlmK0NP4tYCcqO56GZfSgkUuAm2db2qjzBHtJtXkDO1KR8For1pj_lfocj4VLaA_-e6lOAjTOTbDGgHxKuG2ep_BqgUqQLG1v8Cvcul2uj85A2uOw6jmJNfGgj6vop8o_mYxDC4bYf2WPICi6VBsutZHe9dJoHHI1aks42v9M53Z-gGJ1WINXpZTVtt_DmbtKca78gXLaw_KzXvPI5mBZCwyGK16dcBj-ywnuw3syLZlOfpQydV50nglNN5eXMIPdDiXrj0bxI-cWtXgIHjLJOa689xmTrCsf6fctjSQ-n2WsN2V0u29P-IU_Q45p3f2iuqY4rg1QxEiPZLrQ1KIuEbGf805JvJvh4nMrG8GDyE8NUfZ8cKSIDzJ3zV1OxDwImj0QfKD4UI0YCEsNWWGRsJDRrftxpbFUSWeWL9TNT_beII_5TIFRNUjQrSJVswty4_UbMqS3lZk6aL4-JU3gF3OSIy3y618TLulAOTZpcaBKOAnZadK47KIMHXlcatER2h1864qyuegLENP1e9hjvSyrep8844p8ETdm6rKFU-3v-aRAY6G3alNDCWY7MbD-bZF91L0xOQ2LYvUY1j5cCXxUN4D6ApXFtVjj_H9morMGTGsxkxfOZ5jErM-85fkOub63cpKILJCJxd4QciRc41Pxlp3vrdPpp-7K66y_8FDqq6_AhOvRlf300okmva1LkFYUkuHFpCsD_sJlttjgd6bEptF9CtfHZAROLdoUPwn_HlGiorNMLZp3wKIZdDL1gFZ14-FaM8k0J28myWabySOCOSbEEpzfONxz72iajANwbprO0rIYfECYw4qbeoa3RPEzqU93DOdjjsQ5l5_o6yuqHnUUOOjISngzjMx2c6o5n2tHXb4tOaKbUeJ_e5SKnKJHJjx6qA4Hu3ugsaN74qlHE3n63keCOfiil_DK7Zul7S_mVr0iTptsCVzSp3hu5jMteS7ctN8dlyvAkTE_vrkgFJz2jFvo9EjSur7xIi_aoK7bZDjZ-8ETkIsWcGx3I9L23iAWSkKEFGCCL06M9saMthWNYLmFI9NgQSrSOB-33DVDtn5p5Zoc1U04US8iwMoZcx4p_PdX5P4JnaMNcBVtw4xBDD9H8Dz7AVYNCZd9b6O1qmRMddNUj-vlILqmHVgjSq6nqwd06qhFjCxv19IqGqaWxGbh3R2zLlqpWoLRzM9w7f4FnBda4avS5qLi1G2o1TSvT7M_oayAvNh2HyYqh7en81VJn9OTw8-AoZ0KahxllqxL_QYj3NVWKYD-7k0RJ5Rtas9cW1b6HG3QouAGQcsoz1dIBPTa6gMDa-7Xkf9HsIjA-rgxXNmq2dhpoPskZ4B8DldTuB43CjMwvXzbM7oyN6Gw6FvylPDcj4DY0Wcn37L9Pmy1d3XgpExh8EyD4fhgebVgdpg5yI-_gAK2OxwKjtx5gyAuL6mYgFjQdrCr1qI36e6nlhUgtKXESfbqXArVq8nLTcFKdtM3yDZIy4wT-RGlMOU4yNGsMGVqhg3e8iL0FbRyv7mTh2IcR6lHEfnvAG65Zni4hm4bTilkJ7s49IcqibAB6sN1S6DpWrwZG-WFTZ0kKKnZaQ4kBP13sB3ZDzReZWt61kDbuQh8vzyAXV2_mA8hWXrutXJkgK0R5tuyOF5lang4ExQKNsx-pO9EoPp7q2fXXLmjzO5Ug8-SWmulShHPmpVa7sQ676zNpCkVBLxeePi8qcxPuJ5q7XCLSc_tLE1N58GsRAAWXph8h-rCvcg9ZM3nfkPACUYWteh_SkTaoJaQBUVI5jiqP0GV2O8HrktRbqmZfJSrZwk0UIG03qV2oyIy5_CP3KiqiNWPvYXSyPkia5gjsF0cdQjpBp4GAGtp6RiS1pw_vEpBSeF6-jdcYKlN3G4deWuDffouz2MuGPji9OBLFpz_fI3CPBHrm2Vi7VkEb5_aaxAPra5QNhIcBfKdKpKvOXgnXxwGNSt6ztj9--osYAh45-kvKAlEKrAUybDzA8FLCB6eQ6QYTg2aYB2L0RHik6bhlZ3DwV8CvDLui3fQd3QDsFaAHTkK_BiZvq5kfrQjMEeMkxTAh7r3dDLXr-ya1t5kf0r0ANIyhkNRh0UBqCHv_b26X-yCCBP1RHbEpducoC23FaAalMnTZ&cid=CAASFeRo0yfUqNCCzIKnfyjnKXKFD2LjLA&rfl=1%2Chttps%253A%252F%252Fwww.123greetings.com%252F%240

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

966ee1486939f4b7c9815a6ce8dd42420c5859a42efdbbd5b91aff45e0b1cc38

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:14:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1668
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3124
x-xss-protection: 0
server: cafe
etag: 4537136162986801320
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 18 Sep 2021 04:14:25 GMT

GET
H3-29 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20210831/r20110914/ Frame 7214 23 KB
9 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210831/r20110914/abg_lite.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5738c733f2f7b04e67edebebb67f01a2022d611ce73cbbf9ac15aa8186c6613e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:42:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 9
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9263
x-xss-protection: 0
server: cafe
etag: 16747441857000454541
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 18 Sep 2021 04:42:04 GMT

GET
H2 200 pixel
cm.g.doubleclick.net/ Frame F3CC 170 B
243 B 35ms
32ms Image
image/png 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=adscale&google_cm&google_dbm

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLS7QxDXu7cBGJTo2ngwAQ&v=APEucNVA_jcOkqFBR50mKv0VT3dCVBmEjYsPE12-C_fS9eDAylylwtlmVO9apa_e6z2TXIgf1ZVId3fY-4lKzf_OiYbC7m-32g

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:42:13 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame F3CC
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMhPOVCehTw7MrvLXR7PrbI&google_cver=1
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMhPOVCehTw7MrvLXR7PrbI&google_cver=1&C=1

43 B
894 B

34ms
34ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMhPOVCehTw7MrvLXR7PrbI&google_cver=1&C=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLS7QxDXu7cBGJTo2ngwAQ&v=APEucNVA_jcOkqFBR50mKv0VT3dCVBmEjYsPE12-C_fS9eDAylylwtlmVO9apa_e6z2TXIgf1ZVId3fY-4lKzf_OiYbC7m-32g
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 04 Sep 2021 04:42:13 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Sat, 04 Sep 2021 04:42:13 GMT

Redirect headers

Pragma: no-cache
Date: Sat, 04 Sep 2021 04:42:13 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMhPOVCehTw7MrvLXR7PrbI&google_cver=1&C=1
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: text/html; charset=iso-8859-1
Content-Length: 308
Expires: Sat, 04 Sep 2021 04:42:13 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame F3CC
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YTL5JYWbhem9VtXZP-sMpwAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMhPOVCehTw7MrvLXR7PrbI&google_cver=1

43 B
894 B

36ms
35ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMhPOVCehTw7MrvLXR7PrbI&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLS7QxDXu7cBGJTo2ngwAQ&v=APEucNVA_jcOkqFBR50mKv0VT3dCVBmEjYsPE12-C_fS9eDAylylwtlmVO9apa_e6z2TXIgf1ZVId3fY-4lKzf_OiYbC7m-32g
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 04 Sep 2021 04:42:13 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Sat, 04 Sep 2021 04:42:13 GMT

Redirect headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:42:13 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMhPOVCehTw7MrvLXR7PrbI&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 html_inpage_rendering_lib_200_273.js Show response
s0.2mdn.net/879366/ Frame 01C4 169 KB
58 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_273.js

Requested by

Host: www.123greetings.com
URL: https://www.123greetings.com/events/fall/?utm_source=Email2&utm_medium=Special_NL&utm_campaign=SNL_sep21_events

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2cff7ab03cb4e476b49ea05511c6cfcc71af6d5ed20d40e9b40ee31062149e77

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com
Referer: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 03 Sep 2021 10:43:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 64735
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 59842
x-xss-protection: 0
last-modified: Wed, 30 Jun 2021 20:54:49 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 04 Sep 2021 10:43:18 GMT

GET
H3-29 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20210831/r20110914/elements/html/ Frame 01C4 8 KB
3 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210831/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CDqb0FZUtNicvsT1lP8AyVa_4VVa0MgfQQP9nR0ka-XJww7x1UQh_aBnDCvC8SV47PWdOpq5FcHelZ7IxjXz1VXJST3K8mXhSjH3psHZqiqPDqfLsiqn1N4Di98wOTBZvZSmcvaBbJMeN_mxAc_ci9AJhklg&dbm_d=AKAmf-AJgRABKDMyHbu8wv5KPZgSfGfTYerc_IG15Le9u-9xg02D385xBim9bffP_I3dVPIkOJrr5c6dxOvrH1_fUjS2FMn-PDSr3NRenkdyjcxrH-_BxRbPRC4YfocbaDYKhQumFZ5Rm4AC-0lGuuWZLj4K3AfM95j0o-_SQL-Giz7frPZDEvpy9LmOHxr3u2TLrSGb8vh-gpI5cV_BcvITgVmRQwEopioGTNJ7VdXKqKIuVXGY3MOEjJN6aCNSX15GbKC4J5U4mCcHf_d21xdrhMAR2YOfS10W_iuu22eIPT3Y1ANH7QaOJNLXKQTJv7B_D4PW96xxaN2uH_XQ-FEI9c0ROJW1B2YXBYefPqi5Gzxk6Xi3SUXYKIv7LJZMrCFZ5VVk72RrE99CmebIKYmT5GQh9HyuynUFCv5cyN8CZHShmqUAnAeu9Z4PYQwvoN9s36JsBVrHo9WOAuHMjJY3_z2b5D0ebb1KM4QxsvTcNqGThfxQwIEa83XAo771NkUbk_7WmgA7yTol5gwNd5_G8Aai3gQP9ncSxjV00mS06m5RW0vVWqgMsmyT2fOcR6SONoP2vbpeDHzUOGs_3uATdvAmnXuD_JAeMZf63zMCvQit8SR8gLqlJzlHil8A5cLxfUuf_OPezQcPt3NB9gA2eUPdBtSfH7F0u-CB0htDEch_tXgs6zIfyadHZkGVPXV0bRRF1BrUEq-BM_p1hSackDa0rU9eXhB8tuus4bCedSf4PyzUVK3y7Xe6mqDxhdbbxnwDydAZXebrLz4j6R2M37zL76s-kcu4xa15bkMkHXvvhdTVGCzehdSZJ35kJA-TkzaEXVFYIH2Rvvs-Piv2RJVLM4DEBxSSg7yAmxjMFagKZbg53kgiXpgbNAL2rey0pxYVixoytAWizO84-QbxNWF3uGDzadN2ZU2JrkolsAD7ldJudxGgOh7CgI5LzKMisuysBiNJd2a40mb5hVkMgJ-SakN1KTOz2zVbfMBQcCZER18pvjGKTPFhuA0i-dTuf-Ov8jG_NJR7uq5HBB1kPBuBsq2WZQPzAPs64fB0gbnUvIUSLLiIHaOO6GTFCapWqpVYfkm5zxiIc1oNWiBYoG697_kE7qEfcf2i1HgSmbl2bvGb07X4ugTudGPX7QHs1QEh0weGZF2XTZv4zmkDcE3R3mvYMjvNzi5e65TMEWPq-jbuisDhB-HuqZ153FUnXJk3JOCxTQxxtmGuRzC2BAdCMW6hTrv9cMYSXaXUtlArDVj8KJla8WU4DFSE2IePS1dJ6KWwtVDMUmntgIoQE6-1QR-1M-m8aN-4txi3M40J6pe1pln_ozkC-VXurHZgX_kHdZqxJV_E6S1172i-A8RHj2OfR_xTA_kckmJzqC0SYNg8algirZRum8gT6D5wUibl0BfjEdCcBMfJygXehhvxDpynKAu7_Gel56CzpvfaTLG7sLqwuPPQAmLK5C6RFGhtG7iqGlCNoaPCAxkRorvdr6h4YUO0nbizipXTEeKnrMA7AFqgrtj1ZRr8_KDkmeDhGO99zdhTQBZF8CSbcD_5XKqUNDL_OB81kYb0gFIS3hgvNdtOcZnwxYryjhvVFte3Pfk7Q9OTD1kUWbEkuCyw2lYHPyGhQaYboMAadGxCfT7yd3s_tHPNIBYnbKDIC7QH_uTVcYphgV0Q0Kqdeh9-skYye739vR58Y0YQtWutVMya3a8hrVBjHROnVcre4Spyg6NyYIQe6S4_G-w4oNNDvwXCPOYoV4FiOuST7HX20Lyyv2e7gAgSPyHLjaSigu1HJDjBspjrmNKSobrGhBecewmFpbdbGe9DysSJWyqxAR52L5rn-cgG7aFXZZeoR7hC9B3Bs2PjGhamU1n3yr8r39iOuslWPjSKRUhT6HYHWqWzr-yhsBnR4BDDPepdlNONFI80wDGT2JTUiMNJinwUIyiaosZsnRPm5yrVyidSMpzOsT9er_Q0Cw1wBgkMQ6WDcWUjFgHcXOdQv5zZglDWtRtpoGOpw905FtmG5rkhIshCi6RyOTY2wSzep-anyxUgQ0uVQR78ByGtOzIJeY0I50S5c3cPfwAo8oSmhkNYTrhoSFK4c3-kbxNupPkgollTT-QLPY7xtSgRgf3-58haajfF17gYsLA6nDK2FeugqHSB-jh1icB1IiBbBt0qVj120If86kmSMfXjg-Fa71aMY6p6H3bekek1W-s-gGoEO3m9Z84Iczff2xWe8j_di5TPGXj_oO9QLxfRs9rONU7bGeZo1rRsTIQmzBaKwAbhYFQZekJ2hqh0WLytclsKxgCnV6XbnlPIELrsN-T4sYdSH89o1_KUK_XqagtP8IZ5vC_xJqIW3fDIbBed8Ous5fdZ41nh6nX0At95fRPyFd6_9kW26n0E1vMXjwi3R7ptHNoj3mK9M5lG9XSEsqrVyIZwDSlbvqmg4nbOtyQFqyn-YBbTR4v8bUbKKlPg0r0SORrTO3l8r0AaB1E0dpBOpJgkR6iyLTeEVH5RaUub-3f8c812HNuW9wEI9CVjK7jUeKy-xzzYz8hVUyO3PdyWZ-z_HYp-B98qDVQL5b0dPaBkHyWuV-lCGuWinSUFHt_sI3GL0JphCbfFVFDkOGjtLLAis583N0Y_KYS9RZSaFByBmFSqcaGfBabauWto-NCZjHq5kwq-M-dtSA8KqPBXOuQxF2d3LnAYA555H9LFC8bvXiCTVbgrQ0yiqmlVkZ34_aCAA2Ntm0e8rEJOzyllAgAOkQ6ErcqC6fKn9kk55lSLGDVGTW8JlCETMUTpUPB8n7T_0Xe_4f9_L8Y2f3PpJtZWgbcQ4zscvnwu5FCYP1WfGYTrNYA_uf6rye3Op1cmbBwnHKevTGYRXCt8t26PsVZXQW2jCfGL2RwnfqxhM0TtCMsa8qSQCxHxHej5I8XHLPn9xzSeP-fWDLo7TDOqaP_wvl-vlTCroJVhfnJQYK6c5lHvd0e1SoUrP2iUv1zmXFInaVriGKWEDCXDAU3TIZg0R7lIkceLnLz5cGv2kq46J8rjs1OG0Q1vQ32WOHD9WzBO5MbsI9qZzc7YucfQ-Z5PEUVah0H-eRcB95Jts0rclt9nWwU5cCiUDyIC06EyKj8Z9wpKFViDY0UbQ042Y7nbNJb1KHXBwDqkwhasr52zlytEbKeuLLNk_ds7fGiFQAHNul8rGke2KwG8eWPUT1WuY-hb&cid=CAASFeRoiQzQQWwvrruVeI6KDQziwo4-qw&rfl=1%2Chttps%253A%252F%252Fwww.123greetings.com%252F%240

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

966ee1486939f4b7c9815a6ce8dd42420c5859a42efdbbd5b91aff45e0b1cc38

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:14:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1668
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3124
x-xss-protection: 0
server: cafe
etag: 4537136162986801320
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 18 Sep 2021 04:14:25 GMT

GET
H3-29 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20210831/r20110914/ Frame 01C4 23 KB
9 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210831/r20110914/abg_lite.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5738c733f2f7b04e67edebebb67f01a2022d611ce73cbbf9ac15aa8186c6613e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:42:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 9
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9263
x-xss-protection: 0
server: cafe
etag: 16747441857000454541
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 18 Sep 2021 04:42:04 GMT

GET
H3-29 200 html_inpage_rendering_lib_200_273.js Show response
s0.2mdn.net/879366/ Frame 9097 169 KB
58 KB 8ms
6ms Script
text/javascript 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_273.js

Requested by

Host: www.123greetings.com
URL: https://www.123greetings.com/events/fall/?utm_source=Email2&utm_medium=Special_NL&utm_campaign=SNL_sep21_events

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2cff7ab03cb4e476b49ea05511c6cfcc71af6d5ed20d40e9b40ee31062149e77

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com
Referer: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 03 Sep 2021 10:43:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 64735
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 59842
x-xss-protection: 0
last-modified: Wed, 30 Jun 2021 20:54:49 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 04 Sep 2021 10:43:18 GMT

GET
H3-29 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20210831/r20110914/elements/html/ Frame 9097 8 KB
3 KB 8ms
6ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210831/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CPGndLnJMr_B7dU_-V34tmVM4fjWbX1M9lJ7yWtEw0XkhKtOXnJiidYsjM2LFaIR2feb2h96J-HG9NagsP5bNh2BzJVYUEyDI-xhVuZysgf5ahzE00gqgOIuBqt1fwZ9Il-YS7ClYMDBnNiwh_mzovpOVKkg&dbm_d=AKAmf-DY11yF6zp85mE32-TWCcxOJG-v7oKLn6HQNOVfds_EcSypEtnB9zurv8Vt8Ozs7ZAaCceF5ZdLO-ztgMwCtKCbKYzyH41fT6ogwxp1tw4tFZy7HO0PquFlkDH-vYBn8txglPGHUBepukYAfh7tiIfapWKKnMreuDMyO8uU7MDX6e1haxMk5NndAAEe-tE_WHWPLY22wLS53qZmzgsz1a_eEeze3HKqQsSCVpW4V3p7qHikfzCpUChzsPLaINCEcMnd-JFGkKK4eity0e_yIpre3_XaBmwIUjxSt85RC-u8cuYjrxw4t92jcy7HknUrxMvka8HXM0H1eeu8iW8GNz8HkBNneMxJxolYFGDKd_PzX8LPax7RtTyWkxkgPRLty8mB0KfLEjPQmmzR9j37HIqK5o4VavDemhlIMdahQlMkPfuLT3EfP5rS_o6Om58uOvXEXV7m3Yn0Uj0JgqgqA8P_gFFfP3nq5NA6ePzOtUn0jnl22d-G9H7MgQUFEp-0__zhw1W3QMNMvkyW7zFmHjvxG5ELF6Ayz_9sGyFderiCKaPMl8I6tD7y4cyi7_Hw1u6peULYR8yC73f3O7sF7gBgS7SCC4sPHrOxyaUarxYMAhAuIca143SsbQGZHUHI-nZZIwHVN5XueZuIbMncgbTm5R142upRdgahZ3QeYBbqPYj1oa1yK4nD1ycWanyhSapSDT8Og7EjU31DkjCU4IeMKAbkmDV4coHJbW3XYXb09OWuU--VKgXYrGba_-HKt1SOVdJI4sCWRbcqhXhjX3He9zH9X4y6eVFJedLrYCPc2lDmrp81RAsLTuUdt6uEAq3f6XC3ca99jW3IWkd9uirMUBzhm5iYU9O-zLuLySHM3SdOosCMYLvYYUYzG6zdeilVuoCNgv6t4QQA9hdEqAkqVS_vPZMRCDzIfMqXH70-XuCnPogGiO02_pm8yz0rj53CvqckwNhL_roTjREZXKjHymPLdnr3_32k7y7q7zmxWdVfKBwR0yJRd9J_RQwhlawgiMZZTycXNPfN-KiEVksXDgbumn5TmjG0VI6Pr9CZOP2lD_-XcShoTx_on-e_xvDGZnBQM8jdXxuVmsSPsqVOQkdzV545i-k7K91ta-EDHn3FovyE7S0P6340arFVlcRX8c_EClMAWQsZxxSNs1QYPagHTSQ3qu8zaZjl51oQsSXJDHuW3C0vzIgTD9Ag0DHDWtPmVMdB_JkIJx8JGz630a3jCm2T-tom-6IuXPjItjwRW32JTGY4-rXrUVXOuCgqILaQG2P8w-eF30IvmYu_FXCFvvX0HXxd3_TdpuL8cMjzznHzOOdAm_INMAlH4jBezywVCbth__rJ9STM8xeYECYBfLYZubwGFdi3cpYV2XOA72ZQclnIhdTCiB0UBIVdOlzDS36oFZp4ykA6qli2GUbwcmCiAMrbRh2z35i-hYoy9SKwJhHIaqw8-RGSZAR3TkDfaCGnMQZD_GtWkZvPfIQm7atiLl45c2V3SZ9Cd1VWhNXIji42K6dye3cl1Bpj49aZw24_-PXUxAN9Ho8XIfmvNXd5WLTBJjHMI4x6pqwo8Bx22BS9S_FoKfqDLW-dhlRMBmrnEpaiA2VcJNYkmY9VYbCWQhE84Ppq-lhTCaaGVJHEf_fRZS2-wEE12qLzHDya_vqFv6G2F3hqQYnCumlSppdLmNWZ6kxZ1WgMLr5bAab3fA7JjysZl00tMCDkl_H-jRcPpo78lQdg8MCbBz-WPKXQUYW8Kbsa7i0uM89gC_b19V-2SkHEv9s7vFBJwcDbLrRHTwdIBM3CAcnovQ0M4-OXxHKpOAOvPtDpzSAZWzeRSp1ujbBNO19Etxd0baAH7xBXpkLe_PyUNoUqWwPw1c47r_Letel2rcsBG67lyYjjd_0aBzsjf1kgvD4Mu6Cn8r06qPVePo2kfQQSjDDe_dxZHx9XO9sy06yIkvuwJFWJId_UXRHH9UEe3CanNvZHo8cEE1qD-VAhMyGiqdgQfzrs0Dtd2hFHq-d0NN-HRK3zQlng5lFRE2jwTl_cXD-yQyE9x9qBggyt8q2-qe4r-ds8hURQ1rS8a9lXZTz-1LS5XnOnjorpH_0EWEd0Ex1o0vfS71FITQTt5G0pIudsPm9LxaeE2AspM07r1Z3AGh0VCx6BN4kB7Uqo18Vez78mg9uxLq5tKibGKFGSt_DGBny5VEqEWHegsWxO5HXZ8kwMWHbK7h6FTRpYOFDmOykLwH_zYvxtUyKgIXWPUs2KxgDRxa92Nh_uYLbB_msKnnE1n-4DxLmSWvMXKubIDwdCAKCQ6BTC-wCznd9aLtpeL0vb_NV4uDKHQTsY3ByJtOD69SKed2nl2a3axyZRvZjiQAa2hfDTkyEW2SyCFyEBPxMFYpU609uK0bPM4wVoPfaJB3dDirxNlPSzlyy1L9-lEX9WV7b_GaRQOgHTkT3oUCp__LV57bk2m3lSPAXLsCt_0k0ruLWK0DyN3QXYA1PoRMxKjXhS_GFVVh2_zo4Q1eJsUkCXBL_8EZxhQipPUjPFfHkyeAk0VwomCVNoAnEpJqsmECxj0cXU6hHaFUWZZyi670guNe4wYBf0WqD2zSX6uCBEirkqy_fs7fxS9eJVMHeYGbBq3mLTz4bQGrzJSxes9KUF_gOLLHYO_H89n9CerjwEs1SsGRh1mQjgG1qs987rgkWY4dahUZdx-VO39wZFQ_qQQVbBnd90ia72yIOZRwIY-bbz9toiwzDmlX8FtumpakjhXHcko1-emAd9eDwGj7ugdRs4BX2qcihipcuNKmLgtgnQM9SkVlsdTpXzZfG9NVo6NTeHoncVyDmf_CjIFdwOT3K_gajSF2s3kjMl9op3mdvmMMCrVHiy11t15FUIyt7kNgkMK_Xwq6GB283gnNy_3kFv7ENsGwhNR9HBKIRBi_3kFd7hitiGmu6QL7ml_35IvR07g1iXdbOjd06H2rc9NsYNKd3ZrG4Wsg5RcDsTUWtRsiWIQ9W8Scf1cqEDsTm5fvvVlhmc3fYjEusHTfOw8aaF9prEaMqdY8q93BmQDw7Lrtxk0mCOs3uNAHaHUSz_JFYpMk9p9dWMGJXD2067qjflHUI2-dgb0o-s6R3r5ntr6WEjvCW9Ni21P3ggcfrk_nUTq7twYt4vjcwSnLFmxTcrnc7jlxGfnxs8uHam4_N9ZWlmANNajDpO&cid=CAASFeRobsNR0CNOVG_o7t8IS8K5bblBVQ&rfl=1%2Chttps%253A%252F%252Fwww.123greetings.com%252F%240

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

966ee1486939f4b7c9815a6ce8dd42420c5859a42efdbbd5b91aff45e0b1cc38

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:14:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1668
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3124
x-xss-protection: 0
server: cafe
etag: 4537136162986801320
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 18 Sep 2021 04:14:25 GMT

GET
H3-29 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20210831/r20110914/ Frame 9097 23 KB
9 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210831/r20110914/abg_lite.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5738c733f2f7b04e67edebebb67f01a2022d611ce73cbbf9ac15aa8186c6613e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:42:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 9
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9263
x-xss-protection: 0
server: cafe
etag: 16747441857000454541
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 18 Sep 2021 04:42:04 GMT

GET
H3-29 200 html_inpage_rendering_lib_200_273.js Show response
s0.2mdn.net/879366/ Frame A44E 169 KB
58 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_273.js

Requested by

Host: www.123greetings.com
URL: https://www.123greetings.com/events/fall/?utm_source=Email2&utm_medium=Special_NL&utm_campaign=SNL_sep21_events

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2cff7ab03cb4e476b49ea05511c6cfcc71af6d5ed20d40e9b40ee31062149e77

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com
Referer: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 03 Sep 2021 10:43:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 64735
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 59842
x-xss-protection: 0
last-modified: Wed, 30 Jun 2021 20:54:49 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 04 Sep 2021 10:43:18 GMT

GET
H3-29 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20210831/r20110914/elements/html/ Frame A44E 8 KB
3 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210831/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DEV9igi4UlzWq0shfrn0Zw-f0gJgNgW7YIZAQpOFQnW0Z_0FVrhNwbqtz2d_vXAoB_9ySNzXyM6ZBwt7oxz3OxNmL1RpGhR2Siy7w3JrXM4bDfloNbbvWwkCHuz7_tbTypKoQh4ld4YBqVsDkKvlVXOYsvtw&dbm_d=AKAmf-BBsVphl-pum4uenmLMrsD0HOh7g4rmzURrCxDicLKDgnoEi6t_mLK5Nh7U3_zAx_HsgO3auBazPYm11ieitpEywbCELYJzwtAO15IJXlNXZti9Vtn692mr3V4JL2ZPfaAMRueDhrMwJ26GHZPiytDANlQOqAcUUQvIv7nC3z_dtUr7DXfY-83XVmlRMhIqAsuhb2pP2C-irNtQ79u0yED25kLT4sMHz3HSHzmEyIIo5exKNakkdlbmsPs_R7UynEptznJreJW2vnKDYcN9Ckd9CIFUHA6CiLanjwgHQkCHnMdCjhjTT43B7yqvPRJ1IDYW9287D6lNYk92Nkmt7y3ZL28VInVusWacgFNNOKaQ7VqmnSqF_d36iYROBXj3fu2vSTyNPgO0gTK32kI_9vtZWKAyxIS5ZLpiHpmuTZfweuvVqRf06S-LlQVXUWcEAJq58EY_PW3ZdU7Rk5piU3hVIJgw0sadcMTEvPBpd34-XA5BoxiuXKeKrTsIY1cOOLPNaQikAR43TD1ausmwsxaTjGk1PhmJ4YoNvGIJJdfAp52ndqAlc0hqzXTv3nVi1VryvxT6MfoRBGxHXDebxHyH_6hOJE10fdR12iC_TOhAdV3EtXzkU5wKWeggjMuvMQXLXKw2vdjiSJhyizpk0wepHd7krS2oYpFS1BsqEQOP1yqIddcN17sEpFaJwSI1SOkWkO8iUspJ5FoQ40djlHwEMUcZMlyTZVbz2TUW-COgqYdjDJilKldBLUwWPwqvxgzNhvEpJdR88_favOK9Szd6H5Gj9SgmMdr-4urhlWG6RIDLFwlEO4KzReR-yjbZMDvblKK2uOZcaZOr88vVqhNcHssN4F_nmKR95B8cM_KdwWyb_CV2S22hmEibrkj8zHGyvvqTnB7hEOEUGGWhVDAPXE0s5sV3FOhByC1bvPWQM76I0lWKvMAhLuZo1YM68qDD3koc8RN6q9VvAoi5DWtevyvbabYWClqVaZq_CsV4mkXuINFdi_bOQvBGRHBCUhfUvkZFZ2BPfM1ptL2B-vaKAoxXbDYe6cpxe8NNUs8z4BiBT7Ci8uYorKiG69MeIiNmfQIIsIizcZAg7khdz8crsiOY9kvQyawo_FRKqqYea-d78h1yOMatWUqFD8dwewAt4Rc9z9lbilcxvs8Jkqt9NYcD6cedlybSsTzphkOkc-qdQvaX4nbva-hAdY9lzH8M15zzSc7MV9nmYnucuzD4EzEQV25GAsz7RYN-Gl0O9bR2XgLulCTmSfejl7NmcLNqJ8wFAmfTiKxTFCT2KLXlTH5GVL46nmnzfYSUQyeUVz-fJ6LC9vExqw_jgDnbHJNK0huwwmfMDMVlSxUtP5xJlAT2kErGofvkrYxRD-8lKlunVhKFwcdOaVgnJIlqwUCHVuLuxqgkXj6wovKHlxE7QfqrxaxqWZ8CusG_YEhzQhdM4ECW9qb5JSxPxrI9L_pbbueBZkF3kq5KTFWOpgXx8LxSYcMuX4rNUKlmnHCcJPDciyF28xjJtrg5lyTltcn8eclk394Fw503xzWD0slGepFPKHvjEFB_Pp32q7Ca13L3rNtyr678r2lu7eb4AKx2VpIfMllKYN5d52xKtODYAE3jUf9gms4Tpjfyt8lKv5ug-DmhEjCFrwbBdHyaIpyTZ8N0XiJAqquRPzO3bLXWqkvW05wXtsYKdEq33rpQmR4g_lovQ6VxhMW4zmUjbBKmtox5H89AZNEH1qJmE72xrmF6N6rm0sHceUKMR5c4lqWCIt5LAQyu-I60RiK_FswjxHNxwtlXiGCkraDB2BBMuREMEBSBPBCQEysYiSSKzqzSCLqNeqLnGrF5yZnqptnIRe5vtnwwCnKe5alG20wqC2CzESD8qA_nlNF1YoJ2pIPNaFtDsvlIQSKtBXBi0rf8D-ZxL3Hu3uWEt5RPvh_7V_J0TZjS-BJefFMqPE-W23uKs4MD5pCHF92JuuUOomYBtyk_POmPYxId9uW4FzjEIsbQ7XsGqfjhcWeNcg6Z5ml78Iu1bSwQrG-SYp8CGx255e-_3RojPpRBsia2HuKJ3Zw_SJr3jZsBrkEUB1W4oPcwBtqVWqn0mtTi3ykDJDmMyaQbAXHV5smyrq1jh8-JsFh7MpTZ6bfx0z32lPuUlu80wmL1n8D_57idfRKwl9FP6jqb4q15zu1Mpxk0hySCmPHsOthk0pzmJFOeEnUCL8mVFoETLHEjGeyVH45YhEkrzoQ--Lp7MyV-iXx5khcDZXdqeNMvG66PSgFOlYirhdYMXfbR_M1yxsJEw7aNaGiYKt0dr-Zsqklz1TtMgvDoNK4RpMdmrE85pFjhRC_NSjt0Grz16ZBeJpcURk1qk64HUs3oiZyRnMMKe7_Xs3Smlk3mGBr3BvwHiYMecY9QbD9z8G1orr6rMPPxcY3__2wXWPIvao3CgTACGYRYtd7SndE_n02_oUzacgRI8PCTYdGJ-xFIZKlUe41YVIbTRYAIhSO9Ivkx7MM9w-9JyAiGBi1FgWu_p0ysTMUBC2_VO768AcZoPPTUJNhKdzwwgXzumZKRefowlwtr5N2V7W2cPH6DFZSH6ITSynkI6iUCpc7UdMwbbOit9wjP8gc8If9aCDDarulOM0C7HutzU1OM0GZTAQGZXEh6iafHEqNjqPKqUqemIBUxIgQbDZaj7z5EGqd-Gv3Zv4Y5eGa7zbGnNpGBMSNkZ7SlMFlAU-9yG-vMf_gqswQbfDAbK1phwEUGVjSk9xiqPo4l_xiB6lbA44U1XPMD7s-uEi3bXXs1aNkiNCVFG-8o02lFeoNYWeciDAZUhm6JXIj7OmMbUVZErRTv9idz5Gdl9uD6-tghRgL00F0KgXwyP5ySqYqtf6GXhlaGGNH7ynDg6-k_SAvgdipnpQSkdS89a_01EY4A7vGnAnx4jTMZk6uwe5QLY7ogdX-BgVxpYZgxDR7b8d2zw1ajgvjAJosMM106orrFZ_tzMjSEWV_A4JupcDTUSc1Q3OXfqOOJbCTyIz6d6RJ3P8uGLbM1779kOmmMvPLJRbT1yCCj_yOQy8EIYQs6YydoZMNjN9U97va3np9BTNACLEm26WeVLeYvTe9x66BL5h41aHlVfzaNmoKAPddAOVTFqk4LLuF1zJwlQND6Bx2uoUkYma4qL_JWUER0ZM2NbPcGFC03qFsq__gM8pPL8HOod7Hq&cid=CAASFeRoZZuswbSXvvHCyoYtHFHfWJXCnQ&rfl=1%2Chttps%253A%252F%252Fwww.123greetings.com%252F%240

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

966ee1486939f4b7c9815a6ce8dd42420c5859a42efdbbd5b91aff45e0b1cc38

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:14:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1668
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3124
x-xss-protection: 0
server: cafe
etag: 4537136162986801320
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 18 Sep 2021 04:14:25 GMT

GET
H3-29 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20210831/r20110914/ Frame A44E 23 KB
9 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210831/r20110914/abg_lite.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5738c733f2f7b04e67edebebb67f01a2022d611ce73cbbf9ac15aa8186c6613e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:42:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 9
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9263
x-xss-protection: 0
server: cafe
etag: 16747441857000454541
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 18 Sep 2021 04:42:04 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame 53C6
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESELsvvBFK7IQKNonbry8ENRI&google_cver=1

43 B
1008 B

68ms
32ms

Image
image/gif

185.33.221.15
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESELsvvBFK7IQKNonbry8ENRI&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLS7QxDXu7cBGJTo2ngwAQ&v=APEucNVLN_97Fv8eGAyVy2Xui8YPs0rVNnZLTM1-_Dnt9--DVmSyZG-FPcqPrDeWYwfC2aqsVWFPpZRiT-k86BBxRn76-IsehA

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.15 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

720.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 04 Sep 2021 04:42:13 GMT
X-Proxy-Origin: 185.236.201.228; 185.236.201.228; 720.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 46abd298-c67f-45a1-89f4-148c9ac198ab
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:42:13 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ib.adnxs.com/setuid?entity=101&code=CAESELsvvBFK7IQKNonbry8ENRI&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 53C6
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTc2ODYzNTgxMzMxMzMyNjI0Mg%3D%3D

170 B
188 B

31ms
30ms

Image
image/png

142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTc2ODYzNTgxMzMxMzMyNjI0Mg%3D%3D

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:42:13 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Sat, 04 Sep 2021 04:42:13 GMT
X-Proxy-Origin: 185.236.201.228; 185.236.201.228; 720.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 19b64c49-8ace-4bd7-a2bb-347c3df845e5
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTc2ODYzNTgxMzMxMzMyNjI0Mg%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

sd
us-u.openx.net/w/1.0/ Frame 53C6
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEPzxAgFFFka_IidWodTb-ak&google_cver=1

43 B
106 B

33ms
33ms

Image
image/gif

34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEPzxAgFFFka_IidWodTb-ak&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLS7QxDXu7cBGJTo2ngwAQ&v=APEucNVLN_97Fv8eGAyVy2Xui8YPs0rVNnZLTM1-_Dnt9--DVmSyZG-FPcqPrDeWYwfC2aqsVWFPpZRiT-k86BBxRn76-IsehA
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/16.214.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:42:13 GMT
via: 1.1 google
server: OXGW/16.214.0
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: clear
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:42:13 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEPzxAgFFFka_IidWodTb-ak&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 53C6
Redirect Chain

https://us-u.openx.net/w/1.0/cm?id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D
https://us-u.openx.net/w/1.0/cm?cc=1&id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D
https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=NWI3YjgzZWUtNjBjMS0yYTU0LWNiNTMtOTM1ZTMwYmU5N2Ex

170 B
188 B

30ms
29ms

Image
image/png

142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=NWI3YjgzZWUtNjBjMS0yYTU0LWNiNTMtOTM1ZTMwYmU5N2Ex

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:42:13 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Sat, 04 Sep 2021 04:42:13 GMT
content-encoding: gzip
server: OXGW/16.214.0
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
location: https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=NWI3YjgzZWUtNjBjMS0yYTU0LWNiNTMtOTM1ZTMwYmU5N2Ex
content-type: image/gif
alt-svc: clear
content-length: 0
via: 1.1 google

GET
H2

200

um
sync.teads.tv/ Frame B7C6
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm
https://sync.teads.tv/um?eid=3&uid=CAESEFgdSfwVP1SdktHiaCVbApE&google_cver=1

23 B
286 B

55ms
55ms

Image
image/gif

104.111.242.245
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um?eid=3&uid=CAESEFgdSfwVP1SdktHiaCVbApE&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLS7QxDXu7cBGJTo2ngwAQ&v=APEucNWoxBq-217CgSkGBILAq89S-ROA6CbN8cpEsM89lmg1AF9LsGJxqjFCJazQ7lDUfVKC5j-rFo7w4aeY2O4Y4Th57DgINQ
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.111.242.245 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-242-245.deploy.static.akamaitechnologies.com
Software: akka-http/10.2.3 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:42:13 GMT
cache-control: max-age=0, no-cache, no-store
expires: Sat, 04 Sep 2021 04:42:13 GMT
server: akka-http/10.2.3
content-length: 23
content-type: image/gif

Redirect headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:42:13 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://sync.teads.tv/um?eid=3&uid=CAESEFgdSfwVP1SdktHiaCVbApE&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 281
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame B7C6
Redirect Chain

https://sync.teads.tv/um?eid=3&uid=&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_dbm%26google_hm%3D%5BVID_B64%5D
https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_hm=ZGVlZmYwODctMmU5MS00YWM1LWI2MDktZTY1MThhN2I5YTkz

170 B
188 B

30ms
30ms

Image
image/png

142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_hm=ZGVlZmYwODctMmU5MS00YWM1LWI2MDktZTY1MThhN2I5YTkz

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLS7QxDXu7cBGJTo2ngwAQ&v=APEucNWoxBq-217CgSkGBILAq89S-ROA6CbN8cpEsM89lmg1AF9LsGJxqjFCJazQ7lDUfVKC5j-rFo7w4aeY2O4Y4Th57DgINQ

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:42:13 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:42:13 GMT
server: akka-http/10.2.3
content-type: text/html; charset=UTF-8
location: https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_hm=ZGVlZmYwODctMmU5MS00YWM1LWI2MDktZTY1MThhN2I5YTkz
cache-control: max-age=0, no-cache, no-store
content-length: 189
expires: Sat, 04 Sep 2021 04:42:13 GMT

GET
H2

200

sync
partners.tremorhub.com/ Frame B7C6
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=tremor_video_dbm&google_cm&google_dbm
https://partners.tremorhub.com/sync?UIGL=CAESELf1UG6-Dqb_NluAu0yizKE&google_cver=1

43 B
183 B

289ms
93ms

Image
image/gif

2600:1f18:612b:4200:3aa:8894:1069:c551
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://partners.tremorhub.com/sync?UIGL=CAESELf1UG6-Dqb_NluAu0yizKE&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLS7QxDXu7cBGJTo2ngwAQ&v=APEucNWoxBq-217CgSkGBILAq89S-ROA6CbN8cpEsM89lmg1AF9LsGJxqjFCJazQ7lDUfVKC5j-rFo7w4aeY2O4Y4Th57DgINQ
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:612b:4200:3aa:8894:1069:c551 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: Apache-Coyote/1.1 /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:42:13 GMT
server: Apache-Coyote/1.1
p3p: CP='This is not a P3P policy. See https://telaria.com/privacy-policy/'
content-type: image/gif

Redirect headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:42:13 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://partners.tremorhub.com/sync?UIGL=CAESELf1UG6-Dqb_NluAu0yizKE&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 283
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200

partner
sync.search.spotxchange.com/ Frame E930
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_cm&google_dbm
https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESELD_GN945el3UHey8N9f6T4&google_cver=1

43 B
548 B

62ms
28ms

Image
image/gif

185.94.180.126
SPOTX-AMS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESELD_GN945el3UHey8N9f6T4&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLS7QxDXu7cBGJTo2ngwAQ&v=APEucNW2r5x6eS_3JCWn8eJ17rqo1h3jQ5AiTdeS4S6dU-pHOgZN21q66g3aLleMlt0TkwXqAJo38IU-KgHzLcQ_5cNCoD_d-g
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.94.180.126 Amsterdam, Netherlands, ASN35220 (SPOTX-AMS, US),
Reverse DNS
Software: nginx /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Sat, 04 Sep 2021 04:42:13 GMT
Server: nginx
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: image/gif
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials: false
X-fe: 85
Connection: keep-alive
Content-Length: 43

Redirect headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:42:13 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESELD_GN945el3UHey8N9f6T4&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 306
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame E930
Redirect Chain

https://sync.search.spotxchange.com/partner?adv_id=7025&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dspotxchange_dbm%26google_hm%3D%24SPOTX_BASE64_USER_ID
https://sync.search.spotxchange.com/partner?adv_id=7025&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dspotxchange_dbm%26google_hm%3D%24SPOTX_BASE64_USER_ID&__user_check__=1&sync_i...
https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_hm=NzkxYTFjYzgtMGQzYS0xMWVjLWE5MDAtMTg2MGYwNzEwMTA2

170 B
188 B

30ms
29ms

Image
image/png

142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_hm=NzkxYTFjYzgtMGQzYS0xMWVjLWE5MDAtMTg2MGYwNzEwMTA2

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLS7QxDXu7cBGJTo2ngwAQ&v=APEucNW2r5x6eS_3JCWn8eJ17rqo1h3jQ5AiTdeS4S6dU-pHOgZN21q66g3aLleMlt0TkwXqAJo38IU-KgHzLcQ_5cNCoD_d-g

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:42:13 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Sat, 04 Sep 2021 04:42:13 GMT
Server: nginx
Location: https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_hm=NzkxYTFjYzgtMGQzYS0xMWVjLWE5MDAtMTg2MGYwNzEwMTA2
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/plain
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials: false
X-fe: 133
Connection: keep-alive
Content-Length: 0

GET
H2 204 v1
ads.yahoo.com/cms/ Frame E930 0
446 B 25ms
7ms Image
text/plain 2a00:1288:80:800::7001
YAHOO-DEB

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ads.yahoo.com/cms/v1?esig=1~b04e41039133c73fafd60e0ed8cb49a70ecfb061&nwid=10000483131&sigv=1

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1288:80:800::7001 Frankfurt am Main, Germany, ASN203220 (YAHOO-DEB, GB),

Reverse DNS

Software

ATS /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:42:13 GMT
cache-control: no-store
x-content-type-options: nosniff
server: ATS
strict-transport-security: max-age=15552000
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-xss-protection: 1; mode=block

GET
H/1.1

200

partner
sync.search.spotxchange.com/ Frame C991
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_cm&google_dbm
https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESELD_GN945el3UHey8N9f6T4&google_cver=1

43 B
548 B

41ms
28ms

Image
image/gif

185.94.180.126
SPOTX-AMS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESELD_GN945el3UHey8N9f6T4&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLS7QxDXu7cBGJTo2ngwAQ&v=APEucNVpxgLpl0Tsaek-thMHYTAWE225dDjKzoHAyD1Kmnk7ca0b1ndj19fNVVGmxBLPsLVepNMQM4BihlJl0wKUrHe2uEMnLw
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.94.180.126 Amsterdam, Netherlands, ASN35220 (SPOTX-AMS, US),
Reverse DNS
Software: nginx /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Sat, 04 Sep 2021 04:42:13 GMT
Server: nginx
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: image/gif
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials: false
X-fe: 98
Connection: keep-alive
Content-Length: 43

Redirect headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:42:13 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESELD_GN945el3UHey8N9f6T4&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 306
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame C991
Redirect Chain

https://sync.search.spotxchange.com/partner?adv_id=7025&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dspotxchange_dbm%26google_hm%3D%24SPOTX_BASE64_USER_ID
https://sync.search.spotxchange.com/partner?adv_id=7025&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dspotxchange_dbm%26google_hm%3D%24SPOTX_BASE64_USER_ID&__user_check__=1&sync_i...
https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_hm=NzkxYTFjYzgtMGQzYS0xMWVjLWE5MDAtMTg2MGYwNzEwMTA2

170 B
188 B

30ms
29ms

Image
image/png

142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_hm=NzkxYTFjYzgtMGQzYS0xMWVjLWE5MDAtMTg2MGYwNzEwMTA2

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLS7QxDXu7cBGJTo2ngwAQ&v=APEucNVpxgLpl0Tsaek-thMHYTAWE225dDjKzoHAyD1Kmnk7ca0b1ndj19fNVVGmxBLPsLVepNMQM4BihlJl0wKUrHe2uEMnLw

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:42:13 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Sat, 04 Sep 2021 04:42:13 GMT
Server: nginx
Location: https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_hm=NzkxYTFjYzgtMGQzYS0xMWVjLWE5MDAtMTg2MGYwNzEwMTA2
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/plain
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials: false
X-fe: 116
Connection: keep-alive
Content-Length: 0

GET
H2 204 v1
ads.yahoo.com/cms/ Frame C991 0
267 B 21ms
8ms Image
text/plain 2a00:1288:80:800::7001
YAHOO-DEB

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ads.yahoo.com/cms/v1?esig=1~b04e41039133c73fafd60e0ed8cb49a70ecfb061&nwid=10000483131&sigv=1

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1288:80:800::7001 Frankfurt am Main, Germany, ASN203220 (YAHOO-DEB, GB),

Reverse DNS

Software

ATS /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:42:13 GMT
cache-control: no-store
x-content-type-options: nosniff
server: ATS
strict-transport-security: max-age=15552000
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-xss-protection: 1; mode=block

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame C877
Redirect Chain

https://ups.analytics.yahoo.com/ups/58269/sync?_origin=1&redir=true
https://ups.analytics.yahoo.com/ups/58269/sync?_origin=1&redir=true&verify=true
https://cm.g.doubleclick.net/pixel?google_nid=oath_dbm&google_hm=eS1UV3RuNUc1RTJ1SDJaMmxZejk4OFBCWGl0QUxNYjZSX35B

170 B
188 B

29ms
29ms

Image
image/png

142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=oath_dbm&google_hm=eS1UV3RuNUc1RTJ1SDJaMmxZejk4OFBCWGl0QUxNYjZSX35B

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLS7QxDXu7cBGJTo2ngwAQ&v=APEucNU_RWBtQLvuaPOQv43JOXiFx_oQBZmv8gkMtE9qT3lwpl1PONU2lPx7u7fPSdaMWwoQIf3GLC1yQBlx32lFFe2c12kCvQ

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:42:13 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Sat, 04 Sep 2021 04:42:13 GMT
Server: ATS/7.1.2.138
Age: 0
Strict-Transport-Security: max-age=31536000
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Location: https://cm.g.doubleclick.net/pixel?google_nid=oath_dbm&google_hm=eS1UV3RuNUc1RTJ1SDJaMmxZejk4OFBCWGl0QUxNYjZSX35B
Connection: keep-alive
Content-Length: 0

GET
H/1.1

200
OK

user-registering
ads.stickyadstv.com/ Frame C877
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=stickyxchange_dbm&google_cm&google_dbm
https://ads.stickyadstv.com/user-registering?dataProviderId=141&userId=CAESEK2HkrZpctKysqtZjJle4z8&google_cver=1
https://1f2e7.v.fwmrm.net/ad/u?_dv=2&dsp_user_mapping=true&127719=8a4a4a1ce74572b39a7ae2f33469689b&rdU=https%3A%2F%2Fads.stickyadstv.com%2Fuser-registering%3FdataProviderId%3D1169%26userId%3d%23%7b...
https://ads.stickyadstv.com/user-registering?dataProviderId=1169&userId=l1c8a_7003934307824407468
https://match.adsrvr.org/track/cmf/generic?ttd_pid=stickyads&ttd_tpi=1&gdpr=0&gdpr_consent=
https://match.adsrvr.org/track/cmb/generic?ttd_pid=stickyads&ttd_tpi=1&gdpr=0&gdpr_consent=
https://ads.stickyadstv.com/user-registering?dataProviderId=208&userId=4f1cde68-0489-4c67-8a82-93c18d8bd5fc
https://ib.adnxs.com/getuid?https%3A%2F%2Fads.stickyadstv.com%2Fuser-registering%3FdataProviderId%3D209&gdpr=0&gdpr_consent=%26userId%3D$UID
https://ads.stickyadstv.com/user-registering?dataProviderId=209&gdpr=0&gdpr_consent=&userId=5768635813313326242
https://pr-bh.ybp.yahoo.com/sync/stickyads/8a4a4a1ce74572b39a7ae2f33469689b&gdpr=0&gdpr_consent=?gdpr=0&gdpr_consent=
https://ads.stickyadstv.com/user-registering?dataProviderId=199&userId=y-fUyxvA1E2oPKBFVReP7BYHpXKEpRfFL9us6xMi5P~A

43 B
739 B

31ms
30ms

Image
image/gif

2.21.142.210
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.stickyadstv.com/user-registering?dataProviderId=199&userId=y-fUyxvA1E2oPKBFVReP7BYHpXKEpRfFL9us6xMi5P~A
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLS7QxDXu7cBGJTo2ngwAQ&v=APEucNU_RWBtQLvuaPOQv43JOXiFx_oQBZmv8gkMtE9qT3lwpl1PONU2lPx7u7fPSdaMWwoQIf3GLC1yQBlx32lFFe2c12kCvQ
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.21.142.210 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-21-142-210.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 04 Sep 2021 04:42:14 GMT
Server: nginx
Content-Type: image/gif
Access-Control-Allow-Origin: *
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 43
x-sticky-vk: 1630730534125078-368
Expires: Sat, 04 Sep 2021 04:42:14 GMT

Redirect headers

date: Sat, 04 Sep 2021 04:42:14 GMT
referrer-policy: strict-origin-when-cross-origin
server: ATS
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=31536000
location: https://ads.stickyadstv.com/user-registering?dataProviderId=199&userId=y-fUyxvA1E2oPKBFVReP7BYHpXKEpRfFL9us6xMi5P~A
x-xss-protection: 1; mode=block
content-length: 0
x-content-type-options: nosniff
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame C877
Redirect Chain

https://ads.stickyadstv.com/user-matching?id=11
https://cm.g.doubleclick.net/pixel?google_nid=stickyxchange_dbm&google_hm=OGE0YTRhMWNlNzQ1NzJiMzlhN2FlMmYzMzQ2OTY4OWI=&gdpr=0&gdpr_consent=

170 B
188 B

30ms
29ms

Image
image/png

142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=stickyxchange_dbm&google_hm=OGE0YTRhMWNlNzQ1NzJiMzlhN2FlMmYzMzQ2OTY4OWI=&gdpr=0&gdpr_consent=

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:42:13 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Sat, 04 Sep 2021 04:42:13 GMT
Server: nginx
Access-Control-Allow-Origin: *
Location: https://cm.g.doubleclick.net/pixel?google_nid=stickyxchange_dbm&google_hm=OGE0YTRhMWNlNzQ1NzJiMzlhN2FlMmYzMzQ2OTY4OWI=&gdpr=0&gdpr_consent=
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 0
x-sticky-vk: 1630730532980049-356
Expires: Sat, 04 Sep 2021 04:42:13 GMT

GET
H3-29 200 index.html Show response
s0.2mdn.net/ads/richmedia/studio/pv2/61498410/20210621060710917/ Frame 1DC2 32 KB
8 KB 24ms
23ms Document
text/html 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/richmedia/studio/pv2/61498410/20210621060710917/index.html?e=69&leftOffset=0&topOffset=0&c=hy6FaEB8gn&t=1&renderingType=2

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_273.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

dcef18b9bfa5ba585a335832c5d5dfce3c74aabfd40479273413e2bd9e7bf38c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: s0.2mdn.net
:scheme: https
:path: /ads/richmedia/studio/pv2/61498410/20210621060710917/index.html?e=69&leftOffset=0&topOffset=0&c=hy6FaEB8gn&t=1&renderingType=2
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 7690
date: Sat, 04 Sep 2021 04:42:13 GMT
expires: Sun, 05 Sep 2021 04:42:13 GMT
cache-control: public, max-age=86400
last-modified: Mon, 21 Jun 2021 13:07:10 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 1AE1 0
592 B 87ms
39ms Ping
image/gif 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsv2_lPkWlLCYWHK5fZMSBbW-_spaMQ9u32yvuv6UihLCeTfCY7nrg994Vz41RFvvPizaVPBWKOxpdWda3SKE94E5qSGTGfLcQLN4_jdS_A0dyHgQUlDIe9sFBmt8PyiPEGeWyHWVCk7QSVx9gbfRGBN8jPdUNJhAaKdu97DmVqmFRNfDAzkSSTv5fIQujL8EediDG3iV684BDjpEmQ1RXngFHtLdRg9-EKKkQ33qIZKd6fepViCu9rMXIsio4P_geWWRN808gYEOBRi4U4DFiXksERYOz5X8IAmmXrbPwn-1WXgHSj9-FY_OpdHd6b4AJf9bl5-rdVyJdR2nbVmxqfi3UofVEwmSZDJqQy-q4vMiCHCCG1gR8WS5u3lzJgjgkkwLGZf6A6kakqKqxxorODue0fUTXngBxVToByXkxBVyY-3sqbn7GERuT1ZiYOSaNztDL-dlhNsX86MCTwSz1AZQUL5Z_3k-InwQWyeT5_tzZy0i3pUOEpHJtra82TarS65UTWGN6qJUTwEoG3xaRz34StpUtIf5GNr_H2JieysXmFzUPX5qQ3-f9-dtRZ_oFhbbEskcvGVbmFZwTQihQhZHkOP2d8ZAeXKoIKgzr4AoFzkOLoOpKRbar0aKhIeO7BRmitPX9cp86RNgOdXE4a2dLsXorkXMYkVdTkaVTLIs-g0Kt407U9Fn1trD40UjW5Aurh6Z7FQylSzPNY0CZXxBScxwQ6qfOWd_emS0zeuoQynf4pxqHg2n43H9Wpi_o502tLwObG96JoQIGeDIDTgovhbt8wcEfuz8hmbSzF5Gc9Mb3DFsvNd9V4LcSR9QJs0uHEEOQpNWl0f8EPPgs-gTahTExV4Sn2W5rntK05fIYDAATnxyCBso_tJ-wsQHFu5l0wC-rpii_SbQk3JnyZMfW1OvLBWecqs2o7Q6knHRQef0hKQFiLaup_M-O0Tt5xlk2OTusYcC1rzbLjS2Eo6Myff6a_3dgWDC0xWUSYMwb9ERBLn0vfFJRPyfPanAhk5Mn1zwRse-vVWUIqnEZOdcybS8s5aBfwhBUDJXMkU4o948VWBnffQRZU7n-U_gR1WmnkTlN4QE355tyLeva-wLB31egYLbMtwJejriYHZhV6WPfEpBovXJWAeJJqvHf8-Hac29k_B1aMD7H_6TVYP3F3F5qYrOdxLsJtzwrs6Iw&sai=AMfl-YQ72_uyeUGp_O5IUUeV98l72ubAQ_DLqKF6lEg3IjLU0CATcU7yIQlJ2pa-dV9eQXbMNCgpfrK9lDeHsbDOZtC4v33dtlgBniSuGVIiaEDSZW3LjSUXRZVNh2JqmfMn9ABSJ_tKXLjmk-ULR3qIzCHngH24qSxnAEhpaT7w-F1Z2wMmK8XmwKB4z5mTNl8&sig=Cg0ArKJSzBurYFKru3jwEAE&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=197&cbvp=1&cstd=189&cisv=r20210831.27653&adurl=

Requested by

Host: www.123greetings.com
URL: https://www.123greetings.com/events/fall/?utm_source=Email2&utm_medium=Special_NL&utm_campaign=SNL_sep21_events

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
date: Sat, 04 Sep 2021 04:42:13 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H2 200 geoip Show response
avm.avantisvideo.com/api/v1/ Frame 88B3 116 B
870 B 153ms
153ms XHR
application/json 2600:9000:223c:7800:3:748e:7940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://avm.avantisvideo.com/api/v1/geoip

Requested by

Host: cdn1.avantisvideo.com
URL: https://cdn1.avantisvideo.com/connect/u_d.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223c:7800:3:748e:7940:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

d81386cb76a2f803a6a7674bab45293bde918693a683a583ccd20f85619df9ef

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://cdn1.avantisvideo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: application/json

Response headers

content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
via: 1.1 b9d2ce196c8a711fb15d92175d58476e.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-permitted-cross-domain-policies: none
x-amz-cf-pop: FRA56-P2
x-dns-prefetch-control: off
x-cache: Miss from cloudfront
vary: Origin
content-length: 116
x-xss-protection: 0
referrer-policy: no-referrer
x-frame-options: SAMEORIGIN
date: Sat, 04 Sep 2021 04:42:13 GMT
expect-ct: max-age=0
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
content-type: application/json; charset=utf-8
access-control-allow-origin: https://cdn1.avantisvideo.com
access-control-allow-credentials: true
x-amz-cf-id: cREBmu249ykXJsopHcgFU4LOpeXWtl2m2Dvy14Vx53MddCCDbOEI-g==

OPTIONS
H2 204 geoip
avm.avantisvideo.com/api/v1/ Frame 0
0 191ms
154ms Preflight 2600:9000:223c:7800:3:748e:7940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://avm.avantisvideo.com/api/v1/geoip

Protocol

Server

2600:9000:223c:7800:3:748e:7940:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Origin: https://cdn1.avantisvideo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Sat, 04 Sep 2021 04:42:13 GMT
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-dns-prefetch-control: off
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
vary: Origin
access-control-allow-origin: https://cdn1.avantisvideo.com
access-control-allow-credentials: true
access-control-allow-methods: GET,HEAD,PUT,POST,DELETE,PATCH
access-control-allow-headers: content-type
x-cache: Miss from cloudfront
via: 1.1 b9d2ce196c8a711fb15d92175d58476e.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P2
x-amz-cf-id: hTjffkI1PmmhmrQrJY90Wh6FKufYQ0o3hj9iJx8QFQH49qkVor3ing==

GET
H3-29 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 1AE1 41 KB
15 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: 8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com
URL: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 03 Sep 2021 19:06:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 34524
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 03 Sep 2022 19:06:49 GMT

GET
H3-29 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 4B0D 1 KB
749 B 7ms
6ms Document
text/html 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com
URL: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: pagead2.googlesyndication.com
:scheme: https
:path: /pagead/s/cookie_push_onload.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Fri, 03 Sep 2021 12:12:35 GMT
expires: Sat, 04 Sep 2021 12:12:35 GMT
content-type: text/html; charset=UTF-8
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
age: 59378
cache-control: public, max-age=86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame 1AE1 208 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a3558aefa4ead85a45ecbf71fe842572e0293a87472936bcc65972ac335cb5cc

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 geoip Show response
avm.avantisvideo.com/api/v1/ Frame C2BF 116 B
871 B 151ms
151ms XHR
application/json 2600:9000:223c:7800:3:748e:7940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://avm.avantisvideo.com/api/v1/geoip

Requested by

Host: cdn1.avantisvideo.com
URL: https://cdn1.avantisvideo.com/connect/u_d.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223c:7800:3:748e:7940:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

d81386cb76a2f803a6a7674bab45293bde918693a683a583ccd20f85619df9ef

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://cdn1.avantisvideo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: application/json

Response headers

content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
via: 1.1 b9d2ce196c8a711fb15d92175d58476e.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-permitted-cross-domain-policies: none
x-amz-cf-pop: FRA56-P2
x-dns-prefetch-control: off
x-cache: Miss from cloudfront
vary: Origin
content-length: 116
x-xss-protection: 0
referrer-policy: no-referrer
x-frame-options: SAMEORIGIN
date: Sat, 04 Sep 2021 04:42:13 GMT
expect-ct: max-age=0
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
content-type: application/json; charset=utf-8
access-control-allow-origin: https://cdn1.avantisvideo.com
access-control-allow-credentials: true
x-amz-cf-id: 5plAcRxAR6hUeEDKFVUZjw9G_eL7yx_-UICFMUVqwI7BuJorQiIzbQ==

OPTIONS
H2 204 geoip
avm.avantisvideo.com/api/v1/ Frame 0
0 147ms
147ms Preflight 2600:9000:223c:7800:3:748e:7940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://avm.avantisvideo.com/api/v1/geoip

Protocol

Server

2600:9000:223c:7800:3:748e:7940:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Origin: https://cdn1.avantisvideo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Sat, 04 Sep 2021 04:42:13 GMT
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-dns-prefetch-control: off
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
vary: Origin
access-control-allow-origin: https://cdn1.avantisvideo.com
access-control-allow-credentials: true
access-control-allow-methods: GET,HEAD,PUT,POST,DELETE,PATCH
access-control-allow-headers: content-type
x-cache: Miss from cloudfront
via: 1.1 b9d2ce196c8a711fb15d92175d58476e.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P2
x-amz-cf-id: tOCKLlUVyJD0TwJq-0g-MApMVdEc5sh4b3zSpUtKHmp4ubRHPWD2Gw==

GET
H3-29 200 index.html Show response
s0.2mdn.net/ads/richmedia/studio/pv2/61498371/20210621060725476/ Frame D6BF 33 KB
8 KB 15ms
14ms Document
text/html 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/richmedia/studio/pv2/61498371/20210621060725476/index.html?e=69&leftOffset=0&topOffset=0&c=2WsNqxjH0W&t=1&renderingType=2

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_273.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

772e8255135bd44cc27bc57038f7d1a773cbbfddac68a63fcb7f6a7ec21ee87b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: s0.2mdn.net
:scheme: https
:path: /ads/richmedia/studio/pv2/61498371/20210621060725476/index.html?e=69&leftOffset=0&topOffset=0&c=2WsNqxjH0W&t=1&renderingType=2
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 7677
date: Sat, 04 Sep 2021 04:42:13 GMT
expires: Sun, 05 Sep 2021 04:42:13 GMT
cache-control: public, max-age=86400
last-modified: Mon, 21 Jun 2021 13:07:25 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame A7DB 0
61 B 37ms
37ms Ping
image/gif 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstmoPFYK6IUvbAxf8sYY7dE3aTH92nuMDAxZliuFoEoPYICeQiesjPDIM_nagyXtPAkIEhUXS4ExTYNnNpGDtxd3yQAv0PPg3f2QNeyZpa45mleCT8F5vKKOG2CUxuiNaj9gSiIgQ-qJ_xyurVPQ2qudZyW-_hTMUd4_ePSA5N-0asZy34--KPrIGnA9Ss-ux7F-H9zQoi5ZKKdo-hoBTyeGOByor2ipmAbfzHfjzE5IQDOLiIyyIHzaI8guk1GoyuhTtkbmlgu1jip5Oq1L-wk9rf441CPW0Oe49yIy69Jssg0BfKatuK1-Pd3Z6WZbrbXlZ_uie4LFBSFgaIAVLm5m61GUTF6Qs8U14_0_-6F4847q7lcm5I0_JkFlFKji0V48GC9ycpnnpJlSchWrhkzbq7PaBVq4OdExFzV76Clk8HImGT32FoO0jA0Irdgxvucb_BChxa_S79HMKm_JBRUrpF6jNLVM2SNb5Y3JQHZqQwz4NMOpld8RsyVFtQDmuGQG8ZJbuPd0BrD7xmZQ0LXzN7qISYEjluEPYwVly1f6hqFHzlnf4lghPb0lam1CBC-61InmL_g9rG7RKQvy8aebLIivq40hABIoGPS7UI3LO08FDBtPtVFb9AuPEuH220e9_sM5pYiFWV1ivv14Z4Swnc9RqRerL9dhnue5vG0BQwyXFTuugvzGtu9lLAaalSY3S5FxmFAcr7PnQZlOEgD-EkFJ6LTb0XPv19VyFdTFVDK83f71tQBo-4jUhkXXXAutmgA1H9ghegoW9dm8sVRYgwOm7BNUUL9oheaP62bDg5SBzSJsw80DK1yGzkljNwkkxrLwqw3K1tq4vqrc7k9knZyguUwY2mYXyIr41I6Tg1Z1DSGiwp1bortpGRJ_yZnb4Qlk7Nx6aFdO6WDS27CYyRywL2FKbNg7TMZVxC5cmiUmfvhx19VH4WSZCSdGPKtvZeL9hZzN0C7pOVntKFvOqVxIClnbZI6geAjQYhbRRWhfAKgVpgSH7xhN-uNT8fkiBY8Yx8wp-bikc-NnsAgtQK8mx9wh7OOcGILGnZ7NsSseW-V_0T__sd6SG00zkem5UY6EPNjGX75YdkDDANGMWE-cBxDJK0WrLE2bgVPL2HFkwXdGzn0XAHaUo-tahOzP6TtV0eG69HYT9RJRuQTnB-aLqD49EoeLsAWr5X4fWiBBeW8Kr62Zg&sai=AMfl-YTm2HF4g2RNFaPPouOhWiNBSEaFPBSiZ96u_YyARuhcJyeQVzjlleONqaficDgzua5QSZDUR6bZxpaKPZDyg9cxIxFJz-i2aV1Rv_ZXp-JNb3SqHFucE6fA_j4Z5mOf3IfM3_3pt3WLva-TurRpfKdmDFf1AKWtWfcRQFZc0hccuCGTKWZYgKj-3jzFCjg&sig=Cg0ArKJSzCxihcxuWmDNEAE&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=215&cbvp=1&cstd=210&cisv=r20210831.78125&adurl=

Requested by

Host: www.123greetings.com
URL: https://www.123greetings.com/events/fall/?utm_source=Email2&utm_medium=Special_NL&utm_campaign=SNL_sep21_events

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
date: Sat, 04 Sep 2021 04:42:13 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3-29 200 index.html Show response
s0.2mdn.net/ads/richmedia/studio/pv2/61498371/20210621060725476/ Frame 90BD 33 KB
8 KB 14ms
14ms Document
text/html 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/richmedia/studio/pv2/61498371/20210621060725476/index.html?e=69&leftOffset=0&topOffset=0&c=e8IV7Uynpf&t=1&renderingType=2

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_273.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

772e8255135bd44cc27bc57038f7d1a773cbbfddac68a63fcb7f6a7ec21ee87b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: s0.2mdn.net
:scheme: https
:path: /ads/richmedia/studio/pv2/61498371/20210621060725476/index.html?e=69&leftOffset=0&topOffset=0&c=e8IV7Uynpf&t=1&renderingType=2
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 7677
date: Sat, 04 Sep 2021 04:42:13 GMT
expires: Sun, 05 Sep 2021 04:42:13 GMT
cache-control: public, max-age=86400
last-modified: Mon, 21 Jun 2021 13:07:25 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H3-29 200 view
googleads4.g.doubleclick.net/pcs/ Frame 7214 0
24 B 67ms
39ms Ping
image/gif 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsuBvzpdfki-Aa9JEVnQq-4sN7lJUaynzc-WNdY5v3zhQdb6TvFRsZBrYCmO6CZGOc3NNbO7ZWTS4_fNugLKjVB340MuvkQhKCBMaiYBP1jEzyg72-e7JssbPY6K2HyDzSS2wPMmLp9I3rexwuCIztwaoqFm66CTN71tRVxMcWwvG_yE82lJj5KmAhgxoOFGs4NwDzddPTLNYGjpD6a3AnJPfxg4geHNvoIGDYmhP8_71ir-xjlpIXyic5KEsdQFPjEUIrveAWCw8vs7TjKdLUz86BKtPvOl9xNOtJd069YfmC2y-x79VzT39-TRISBZkO-yzemSHvfstcq1FtxcKJYI9xQt_GN1n4xqpWRvc51YJPuFi1Jla6CP5r9Kddc8QxFOJSSX_q5rjGE0DPiBhdjp8-ksOHjg1HaYiGcU2JL0oufXtOHkXtH8_aO13qcWt9bXK1KQuCrxOgc4p1TG1Obrcvt7kbVYczmtjZq_r1ulFIztJYd3BrqmdiymOXm7q3VP2GYpoyNxTGgyp3I0SBFERLejoTiNMsZrgkz4u4cOP9fm6U6LTxc_bCu0rj36_ud52ZGpVqMb4XY5K4p9Bcc_QrOudFpGOt0fJe-DBBt_jn09Vr1aDIeu6J6cXCqPHk_-L1Qf5GjfDEoYlIdE1As2jJYBKbopvV2ILCED3rvdwxdpl2Mt2vEPhr-irzESIurqlOEhZDPc1gyd__M4LpohclXkWm3W_LoG8azJVEkHkYsIn0XCJSSXKkqZ70euGJOBtC1ffjBI1bX_wo2oawptnzDKgcjpDNv19D9JAgjCF7JsOm77BhTerg9n_Ao-3b4kcbClztoHBEwaLx5u6hRhiRwwOe5El5n9ZHxpy2LPFQwHcy2qiDTyofNq0DS9W7lh8-HNGenHdQC0wFOrx8PtsoaE9fSZrAzknxxWGVaPxFNFulv6t4Rpvaf0A0RK6MP_p7-WkC_rPphzzf2gKnz5tchZnpJxObXZ-8QlvDVB8YOF8GnXhV4fzTfUf7j7IigToTLWI8Uh-fc2kqdu6k3OXaVq4ufygfhV_JjkVmxCwPhWxM8MJSrtmhV4HKksZ56QUbg8cLxA7efNDG6E3g4VihcHGL6YegM2fBuate4PRs5o5fBmeoqH10CErnk8WRA1h_lmR4o9brzAh-1owu289Nk593eDOn9xfAvWTNGy0uI4TIF_HF-WMQ&sai=AMfl-YQ2Gme_vUhSWFbbbf3_DAWbftCx5yQ85g19RxiqFy8olY-uOrgvK7h2frJ2EUjZ24nZBiNa9PwyBaknXmrszNs4Ol8bylxEwyJBJdTL6TVZHjvCT9FGdnqbqQGTdwbZcJlpxRgsA9d1pCEmAoKc6FaTqSL0krjomtXhvHsiFYh0L1Kd1Aqz8E6ENEj_kIA&sig=Cg0ArKJSzDhi1UWFj8FeEAE&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=217&cbvp=1&cstd=213&cisv=r20210831.05767&adurl=

Requested by

Host: www.123greetings.com
URL: https://www.123greetings.com/events/fall/?utm_source=Email2&utm_medium=Special_NL&utm_campaign=SNL_sep21_events

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
date: Sat, 04 Sep 2021 04:42:13 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3-29 200 index.html Show response
s0.2mdn.net/ads/richmedia/studio/pv2/61498371/20210621060725476/ Frame 523E 33 KB
8 KB 14ms
14ms Document
text/html 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/richmedia/studio/pv2/61498371/20210621060725476/index.html?e=69&leftOffset=0&topOffset=0&c=UK2o4yXblG&t=1&renderingType=2

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_273.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

772e8255135bd44cc27bc57038f7d1a773cbbfddac68a63fcb7f6a7ec21ee87b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: s0.2mdn.net
:scheme: https
:path: /ads/richmedia/studio/pv2/61498371/20210621060725476/index.html?e=69&leftOffset=0&topOffset=0&c=UK2o4yXblG&t=1&renderingType=2
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 7677
date: Sat, 04 Sep 2021 04:42:13 GMT
expires: Sun, 05 Sep 2021 04:42:13 GMT
cache-control: public, max-age=86400
last-modified: Mon, 21 Jun 2021 13:07:25 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H3-29 200 view
googleads4.g.doubleclick.net/pcs/ Frame 01C4 0
24 B 39ms
38ms Ping
image/gif 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsu3lL_DI_fXdiZy6kYws86p8pgz56YbpO4q3hyVXfKDjkHZDsGT7OBEqe-uED5feSqudf6__pJ1KsjM-fpUOz_dxCIxadWfe7YmReIUGEornJX9VFhvpX3GDx159XO-V2Q6dQ9Foe7DuYvRxU2LVLnIK0FTH7qhVCLG1TMuCdfUWus4wjYkM-BPSPuemiL5dRe1nKEhWsFlPLccrfCuoitAfOpD1WFtm775lDqshnxuve224PzPc0g4KIptMJfCCYL1f7uR4yMxa6vPum7ZXCFt7WpDtZ9x7JeJFKXOKsTf7qpb2Q-RlQM7FJesXGT_SIP9TCvYNXv50bgAJPk1ylFnEqo7fD9DEQBPeAn5twmcyFsKJDygi_6JymPsSAiFBHHRIkui2O39PwqknAtHk2_ivAJ_gPiiJKClxJqOf0ASwFppuRF4BcOSyPZArNusyfqN10Vz_nsWvuczPxDBHDe05wHgjpxCltCXP81f5zHkW6RZRdX0pcBwlnpsDoFEaoezIpxXX6as4EGNE4ISS9oO7_7Bmaw3KEzZkJzG2xk_bfAcEy10EaaeV-tbyAepgVB4Zy82VQWOBsWMVvSAhd92xAcjSwMMmOguaKwHQcgjpfoN9Qp09HoATQN6dJD19x8gTQhBpKiCQBrGXs3lHy2wWoKRQDfcSSFt6i3eenFPfH08-c2aOHG0FdaoDgRmGxSVXhayUozuTqmpxPi_FyNj37sFuUaIDMmn5KKqd52wHmd8i5XCIhqhYuHBUasUKTyDghozu_6Ba2qppfMMDr025D3A5tCfeYkuCwTmuwNxQEITRIq3IqqIgZULZdcrCMTUdacFAqzmyHI_2UsQLvrkyj2xco6gm1pmZTnyrJIj_UBuOr7-bdsbLntWoxZVoh9dArLat13RTeCuDbXMxZkKJ2HGGRAxTqYccV8SEEbllqVaK0qA1fQBPp637jTFJaQR3nxLidF2FJauW0vMXAXddEPez70vgtjvnx5cdJU-XIJSw-3vr29Ymm6MS_gAlm__atdupCI05qS4io17pX3l05h0KyP5sauS9eXNaA3o6nshVonYbgWAewHORWfxRzfJFL8tMJrOGVCjOYbh26kAnluOnr4VlG6A2ZUu4J7rcbyK6sa1KG59nGdqzk1Qm6v1mpfOUr_fy7A8dNVIrAc_z9ivM5TTSR4FTkHEzOSPHksneutydJ2AjQ&sai=AMfl-YT42OcGLpnINW0aBK2fyF9Gbh83_3tos9PyjSI21A_iL9BcD-5XmUD5zNBS4SfQK27T5L9UObGEK3y4wFV6i4rS0QJWcgycyljrt7j035hx7cpEnNOizf6ayOmBR3bhUN6k5hJDZI5Epz9IRqHqyV4O8hvAQtIYHEClGW3-jLzIylkscr4uA-DOzft5nyU&sig=Cg0ArKJSzH9QF0mmhGlnEAE&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=233&cbvp=1&cstd=227&cisv=r20210831.65687&adurl=

Requested by

Host: www.123greetings.com
URL: https://www.123greetings.com/events/fall/?utm_source=Email2&utm_medium=Special_NL&utm_campaign=SNL_sep21_events

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
date: Sat, 04 Sep 2021 04:42:13 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3-29 200 index.html Show response
s0.2mdn.net/ads/richmedia/studio/pv2/61490714/20210621060706056/ Frame D722 32 KB
7 KB 14ms
14ms Document
text/html 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/richmedia/studio/pv2/61490714/20210621060706056/index.html?e=69&leftOffset=0&topOffset=0&c=sAEUSHBSQE&t=1&renderingType=2

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_273.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8cb3a5beb55d80016c612fa6b48eb44b7c06eea49eedb6ef9f905ee2aca9cb19

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: s0.2mdn.net
:scheme: https
:path: /ads/richmedia/studio/pv2/61490714/20210621060706056/index.html?e=69&leftOffset=0&topOffset=0&c=sAEUSHBSQE&t=1&renderingType=2
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 7583
date: Sat, 04 Sep 2021 04:42:13 GMT
expires: Sun, 05 Sep 2021 04:42:13 GMT
cache-control: public, max-age=86400
last-modified: Mon, 21 Jun 2021 13:07:06 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H3-29 200 view
googleads4.g.doubleclick.net/pcs/ Frame 9097 0
24 B 40ms
40ms Ping
image/gif 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssFRu3ftOOVM5PW8k7ZJw2YhcjwfmahI9e-qYBuEer29X1jWgQwgJhHrbGMdkFGaYrsYq_xomDb9IMGNPK3sGx-EnhMzGItHe0lHwVlVnbSDKPQNcu8Wr-FShDlsboa6NM_YcGtEMq66zly5NvTaxyvNE6-1WmWmUQs7PtXDxBLeB3-4QJ39Sae68k__CKz_YCio7x4OgL87NIiehyL8GzMS4MmuB53rFqx6fcBs5o7q9DJQl1HROC3SPo9Ea46oYoW1B6X-1toF7FdcJwATDpcLxYmeUGMzOEz5aqTomJUnB7Q127WjwkNrj5Ma0fkLvFsW--OVmTki0vzIOz8hRHx8HRGauW-0eCZLed_SRoVuqNbo3HsvdMhMsc2iFhJ3JjbyoBzGitJWFBeU67jsmDApRmGEL8qTR_5UWlGTRMlTROSUhRP-XFh8LIlV4JczQeG0dHgr1beONzxWc-1bjRlfuUaesN5GTuyxLN9BM6iRigEYVFwyLD_iQbLSaegF8lY9JRAiFB2RAWv_L1lUaOHgsURQkEXf1Q_7ZXwcQVJWMG0yvtHcnHitoGhZiW8OTg0u716qeJTwQ9xwNmkzaRPcJDI1wpTq3LVO-psUbuYwlXACmVo1KwSNBhrfto4YJ6W6JK7VSZGKT56SbqWYzs_NeB3pcW6m7OeQTf-NpHzePYj6pH00TFzGwWbguokh68RJVW78xVq18MC_I0Jw9x_2mMAV1Ghfkt8AHFwDryn_HilCDYgOg0aU6PX3gHjyhrI4fb8KqHYPDVlJxX95ao1f7VTgstD9hvFdLC-0I0UsxGs4yRI5NiyRbVnYONpfEAwgkOkhCIQnbuXusEAptySxJnRGnL1tKCfsdM4xeLmTDY9f9vPq9FwhogvgEWsIoli7YxAwv2i3BBpjXNWzMI6klLgrAC5kMnPAELDEK2BNAlDRu1cpAb2Lfq7WEN42-1FAT021z5USi9NHZqmaXamgAUttX-Y_ymEjrKPR5KL7tSfYpX13_jVRnDgS8HZhFimFP21Rgi__EYJ-FyVRj9ntMH4DbE_agwwiyvZQb_UZ0VhfQhsSs1t8Q9I4EhFHdvzxcbi-x6tk7oVZyD9Dj5RywPAzHFD8XVphVmxXaoY052T9QoPlKgFRbj5V-JOS_TAR9sj1aEUuSF6bcHvSueon-OzMBr9rr5RhLbPVA5-AeEGhsSy&sai=AMfl-YS6sjGqVX0GgIlPe8yKbJRCKUF-DOgxvlszaR3Z5xIAI14u19B0tjs1tGqwZnl9vYAxoivyZw0IDclIjjhORUoFO1WP96Z9-2hoJWP-vargExnvDrWsMV3NowBYSNIp-MEiZYTTZv6s-9ZoQJ3MbzrV-OQhNntDXHuz1XI3hvdt0VFLcFXW6ypbwxnMfys&sig=Cg0ArKJSzPVGXc1pM9_FEAE&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=232&cbvp=1&cstd=228&cisv=r20210831.21744&adurl=

Requested by

Host: www.123greetings.com
URL: https://www.123greetings.com/events/fall/?utm_source=Email2&utm_medium=Special_NL&utm_campaign=SNL_sep21_events

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
date: Sat, 04 Sep 2021 04:42:13 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3-29 200 index.html Show response
s0.2mdn.net/ads/richmedia/studio/pv2/61498371/20210621060725476/ Frame 441B 33 KB
8 KB 15ms
14ms Document
text/html 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/richmedia/studio/pv2/61498371/20210621060725476/index.html?e=69&leftOffset=0&topOffset=0&c=aSGvZtuX20&t=1&renderingType=2

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_273.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

772e8255135bd44cc27bc57038f7d1a773cbbfddac68a63fcb7f6a7ec21ee87b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: s0.2mdn.net
:scheme: https
:path: /ads/richmedia/studio/pv2/61498371/20210621060725476/index.html?e=69&leftOffset=0&topOffset=0&c=aSGvZtuX20&t=1&renderingType=2
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 7677
date: Sat, 04 Sep 2021 04:42:13 GMT
expires: Sun, 05 Sep 2021 04:42:13 GMT
cache-control: public, max-age=86400
last-modified: Mon, 21 Jun 2021 13:07:25 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H3-29 200 view
googleads4.g.doubleclick.net/pcs/ Frame A44E 0
24 B 37ms
36ms Ping
image/gif 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssRUbxXhvrunmL9YLTxghkB0cWP5tsGMRIXUf_8Pn4ukUxya2xTZhDWZrLlaiEq1meUaUFYK02JL6vd-OddTqOCRVq9mLUECFO-iE69Me7w5Oknj45tbh1GwbNTqThsC_U38tReLnwZ_v01UDgpz3j2wiUjYI16NKzwiWtawo-htnvlrlYDK7mf8Lho75MDWfPFEiTIoFWM04cGn57VZaQtD4O8CWi4eT7wzIOVVugn6_eeiF18Inyvg439Fb3s9XQEkum-es2_xdBivRXXQYW7K0Ggz0SozpP_kYTVQ9pAYjcIkOSlwl6Cp8JpB__pdQk_sZ2khAa77aklpQ-HfOuunZN3fOT920dC1wQL0U9l8P8FNvq6cp510015J6xRAYCvC52M4BLUvwG-36AAWM2DCD2PDSGoP3trVC_KDfJAl6Td7qnnJ0TDiFgh33N0GHF73szyOPYLZ1XRbXPEiuxOWMZQxbm8mMFl_vt458cj7o89mlyY24dYHGzf81W3JVjKLcjoDmHYXeA0XLIsKzuMQnUoVVAQSChic1tNqgR-7ENYpS-SiCXymdB8kp_-dkl-X_R-3JlH4edHhKPycxuMYhOdz6EPokDm4HaBLkiLxBmK3mwLK_IHtkaoBgjm4aZbAG30GQJJ-EkimMAjdRJRffgYm9nfAbo4hrVwb0pPrg93F8OwnLFgTec-G2FSM9D0zxVxXRwOhZHJP6IomptAcM33hrNIin5Ru6IaevYEvjLVeTWkOQOFsl9-9LjjzXKksbArDLtn4VBI3ZnKxvattbQJPmQPRbxhh57GN3iAImIv6LR3po-YcS5Onmv0QzkIPNAn_DL2VvoQTcbK9J1Iy88izGQqWrD7rzMIJsNLumee4tzSCJ-8xUflNj6wWghU6rkF0J3_9nz67VE5LhDMiAsUq8Bg_9OnMCKkcNjNMq3guz-K6LLOZlS1Z1msk2vuSEYiahHjtMvKik3pv8pv-zrnuY4w0JE7trWfMU67xLBybYhjZaMmhoTzbQD-Ss-TPjgdMd8ukqHgrwqvTbAvVroprYQHDNux7_TGsH7ycMEo0QfjT6Ye2nmMgT3XuHP5EbEeOt3ze8oQz7k-mFGc6tp3fxcmayQh1cMD2XHDtrqBUrLEDdhP8L1asYko54uNqE2aAE6_mCuClt9TxcWtQ58yrfrZA4sc85XGkzoFaBAMWxnMlqL_tw&sai=AMfl-YRkqF-UpyRe9dmfn-6JmmzfYA1Of0HRKrMTs2NZ_IANHC650DQ5wt_gPHS3KwFD5u92cSsP_CltAQ6S--uVEHvN_S4w-gntP0dpMSy-0D2EvrFHzY25iACvnAEtabg7QTKOSLV95bmhReAVfo6FLlpuzBIqp8YP93q6xmOP035BJ-sKMVHuWTuLXhPHVdY&sig=Cg0ArKJSzHX1R6IDDGw6EAE&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=283&cbvp=1&cstd=278&cisv=r20210831.36686&adurl=

Requested by

Host: www.123greetings.com
URL: https://www.123greetings.com/events/fall/?utm_source=Email2&utm_medium=Special_NL&utm_campaign=SNL_sep21_events

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
date: Sat, 04 Sep 2021 04:42:13 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3-29 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame A7DB 41 KB
15 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: 8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com
URL: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 03 Sep 2021 19:06:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 34524
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 03 Sep 2022 19:06:49 GMT

GET
H3-29 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 4FC0 1 KB
749 B 8ms
7ms Document
text/html 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com
URL: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: pagead2.googlesyndication.com
:scheme: https
:path: /pagead/s/cookie_push_onload.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Fri, 03 Sep 2021 12:12:35 GMT
expires: Sat, 04 Sep 2021 12:12:35 GMT
content-type: text/html; charset=UTF-8
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
age: 59378
cache-control: public, max-age=86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame A7DB 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5ac034e9f6cf98b1c7b6e258c90ae1065b75217670f008acd061220eda391ba1

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-29 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 7214 41 KB
15 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: 8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com
URL: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 03 Sep 2021 19:06:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 34524
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 03 Sep 2022 19:06:49 GMT

GET
H3-29 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame E767 1 KB
749 B 6ms
6ms Document
text/html 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com
URL: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: pagead2.googlesyndication.com
:scheme: https
:path: /pagead/s/cookie_push_onload.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Fri, 03 Sep 2021 12:12:35 GMT
expires: Sat, 04 Sep 2021 12:12:35 GMT
content-type: text/html; charset=UTF-8
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
age: 59378
cache-control: public, max-age=86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame 7214 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 3eda48b86c56427adbcb08902de61084b5e425b951645ed27d0e6669391ba4b1

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-29 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 01C4 41 KB
15 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: 8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com
URL: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 03 Sep 2021 19:06:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 34524
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 03 Sep 2022 19:06:49 GMT

GET
H3-29 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 4247 1 KB
749 B 6ms
6ms Document
text/html 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com
URL: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: pagead2.googlesyndication.com
:scheme: https
:path: /pagead/s/cookie_push_onload.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Fri, 03 Sep 2021 12:12:35 GMT
expires: Sat, 04 Sep 2021 12:12:35 GMT
content-type: text/html; charset=UTF-8
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
age: 59378
cache-control: public, max-age=86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame 01C4 209 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6b148df37d08fab8ca2bad1603d8480656d668df7f1258ef3ace8bb60a3b5bf4

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-29 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 9097 41 KB
15 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: 8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com
URL: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 03 Sep 2021 19:06:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 34524
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 03 Sep 2022 19:06:49 GMT

GET
H3-29 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 9A0C 1 KB
749 B 6ms
6ms Document
text/html 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com
URL: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: pagead2.googlesyndication.com
:scheme: https
:path: /pagead/s/cookie_push_onload.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Fri, 03 Sep 2021 12:12:35 GMT
expires: Sat, 04 Sep 2021 12:12:35 GMT
content-type: text/html; charset=UTF-8
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
age: 59378
cache-control: public, max-age=86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame 9097 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8acdf2e765acbcc04c02865695b036240a398eaba3634556f22cfd2437e85358

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-29 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame A44E 41 KB
15 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: 8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com
URL: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 03 Sep 2021 19:06:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 34524
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 03 Sep 2022 19:06:49 GMT

GET
H3-29 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 5FD6 1 KB
749 B 6ms
6ms Document
text/html 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com
URL: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: pagead2.googlesyndication.com
:scheme: https
:path: /pagead/s/cookie_push_onload.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Fri, 03 Sep 2021 12:12:35 GMT
expires: Sat, 04 Sep 2021 12:12:35 GMT
content-type: text/html; charset=UTF-8
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
age: 59378
cache-control: public, max-age=86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame A44E 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c1857f12739ff327ab20e4a22206df42b7c292e40b403d9b0507c60781e0cd6f

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-29 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 10E5 22 KB
8 KB 6ms
6ms Document
text/html 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/Enqz_20U.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 8395
date: Wed, 01 Sep 2021 10:04:50 GMT
expires: Thu, 01 Sep 2022 10:04:50 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 239843
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 gsap_3.2.4_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame 1DC2 57 KB
23 KB 14ms
14ms Script
text/javascript 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.2.4_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61498410/20210621060710917/index.html?e=69&leftOffset=0&topOffset=0&c=hy6FaEB8gn&t=1&renderingType=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e8403779d45a9590b43c0ecf984ebe11e75fd2982630d658390a6001a6768770

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61498410/20210621060710917/index.html?e=69&leftOffset=0&topOffset=0&c=hy6FaEB8gn&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:42:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23276
x-xss-protection: 0
last-modified: Thu, 05 Mar 2020 03:53:22 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 04 Sep 2021 04:42:13 GMT

GET
H3-29 200 Enabler_01_245.js Show response
s0.2mdn.net/879366/ Frame 1DC2 110 KB
38 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_245.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61498410/20210621060710917/index.html?e=69&leftOffset=0&topOffset=0&c=hy6FaEB8gn&t=1&renderingType=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4642568b405b3750fb18df621889e27def95e8162c1cdd256a21b319c9a4e24b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61498410/20210621060710917/index.html?e=69&leftOffset=0&topOffset=0&c=hy6FaEB8gn&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 03 Sep 2021 10:43:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 64735
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38568
x-xss-protection: 0
last-modified: Wed, 14 Oct 2020 19:32:54 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 04 Sep 2021 10:43:18 GMT

GET
H3-29 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 28BB 22 KB
8 KB 6ms
6ms Document
text/html 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/Enqz_20U.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 8395
date: Wed, 01 Sep 2021 10:04:50 GMT
expires: Thu, 01 Sep 2022 10:04:50 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 239843
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame AB9E 22 KB
8 KB 6ms
6ms Document
text/html 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/Enqz_20U.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 8395
date: Wed, 01 Sep 2021 10:04:50 GMT
expires: Thu, 01 Sep 2022 10:04:50 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 239843
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame DB3E 22 KB
8 KB 7ms
6ms Document
text/html 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/Enqz_20U.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 8395
date: Wed, 01 Sep 2021 10:04:50 GMT
expires: Thu, 01 Sep 2022 10:04:50 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 239843
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 gsap_3.2.4_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame D6BF 57 KB
23 KB 14ms
13ms Script
text/javascript 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.2.4_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61498371/20210621060725476/index.html?e=69&leftOffset=0&topOffset=0&c=2WsNqxjH0W&t=1&renderingType=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e8403779d45a9590b43c0ecf984ebe11e75fd2982630d658390a6001a6768770

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61498371/20210621060725476/index.html?e=69&leftOffset=0&topOffset=0&c=2WsNqxjH0W&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:42:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23276
x-xss-protection: 0
last-modified: Thu, 05 Mar 2020 03:53:22 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 04 Sep 2021 04:42:13 GMT

GET
H3-29 200 Enabler_01_245.js Show response
s0.2mdn.net/879366/ Frame D6BF 110 KB
38 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_245.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61498371/20210621060725476/index.html?e=69&leftOffset=0&topOffset=0&c=2WsNqxjH0W&t=1&renderingType=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4642568b405b3750fb18df621889e27def95e8162c1cdd256a21b319c9a4e24b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61498371/20210621060725476/index.html?e=69&leftOffset=0&topOffset=0&c=2WsNqxjH0W&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 03 Sep 2021 10:43:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 64735
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38568
x-xss-protection: 0
last-modified: Wed, 14 Oct 2020 19:32:54 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 04 Sep 2021 10:43:18 GMT

GET
H3-29 200 gsap_3.2.4_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame 90BD 57 KB
23 KB 26ms
25ms Script
text/javascript 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.2.4_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61498371/20210621060725476/index.html?e=69&leftOffset=0&topOffset=0&c=e8IV7Uynpf&t=1&renderingType=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e8403779d45a9590b43c0ecf984ebe11e75fd2982630d658390a6001a6768770

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61498371/20210621060725476/index.html?e=69&leftOffset=0&topOffset=0&c=e8IV7Uynpf&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:42:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23276
x-xss-protection: 0
last-modified: Thu, 05 Mar 2020 03:53:22 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 04 Sep 2021 04:42:13 GMT

GET
H3-29 200 Enabler_01_245.js Show response
s0.2mdn.net/879366/ Frame 90BD 110 KB
38 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_245.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61498371/20210621060725476/index.html?e=69&leftOffset=0&topOffset=0&c=e8IV7Uynpf&t=1&renderingType=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4642568b405b3750fb18df621889e27def95e8162c1cdd256a21b319c9a4e24b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61498371/20210621060725476/index.html?e=69&leftOffset=0&topOffset=0&c=e8IV7Uynpf&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 03 Sep 2021 10:43:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 64735
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38568
x-xss-protection: 0
last-modified: Wed, 14 Oct 2020 19:32:54 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 04 Sep 2021 10:43:18 GMT

GET
H3-29 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame E726 22 KB
8 KB 8ms
6ms Document
text/html 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/Enqz_20U.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 8395
date: Wed, 01 Sep 2021 10:04:50 GMT
expires: Thu, 01 Sep 2022 10:04:50 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 239843
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 82DD 22 KB
8 KB 6ms
5ms Document
text/html 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/Enqz_20U.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 8395
date: Wed, 01 Sep 2021 10:04:50 GMT
expires: Thu, 01 Sep 2022 10:04:50 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 239843
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 gsap_3.2.4_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame 523E 57 KB
23 KB 15ms
15ms Script
text/javascript 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.2.4_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61498371/20210621060725476/index.html?e=69&leftOffset=0&topOffset=0&c=UK2o4yXblG&t=1&renderingType=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e8403779d45a9590b43c0ecf984ebe11e75fd2982630d658390a6001a6768770

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61498371/20210621060725476/index.html?e=69&leftOffset=0&topOffset=0&c=UK2o4yXblG&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:42:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23276
x-xss-protection: 0
last-modified: Thu, 05 Mar 2020 03:53:22 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 04 Sep 2021 04:42:13 GMT

GET
H3-29 200 Enabler_01_245.js Show response
s0.2mdn.net/879366/ Frame 523E 110 KB
38 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_245.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61498371/20210621060725476/index.html?e=69&leftOffset=0&topOffset=0&c=UK2o4yXblG&t=1&renderingType=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4642568b405b3750fb18df621889e27def95e8162c1cdd256a21b319c9a4e24b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61498371/20210621060725476/index.html?e=69&leftOffset=0&topOffset=0&c=UK2o4yXblG&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 03 Sep 2021 10:43:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 64735
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38568
x-xss-protection: 0
last-modified: Wed, 14 Oct 2020 19:32:54 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 04 Sep 2021 10:43:18 GMT

GET
H3-29 200 gsap_3.2.4_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame D722 57 KB
23 KB 20ms
19ms Script
text/javascript 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.2.4_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61490714/20210621060706056/index.html?e=69&leftOffset=0&topOffset=0&c=sAEUSHBSQE&t=1&renderingType=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e8403779d45a9590b43c0ecf984ebe11e75fd2982630d658390a6001a6768770

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61490714/20210621060706056/index.html?e=69&leftOffset=0&topOffset=0&c=sAEUSHBSQE&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:42:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23276
x-xss-protection: 0
last-modified: Thu, 05 Mar 2020 03:53:22 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 04 Sep 2021 04:42:13 GMT

GET
H3-29 200 Enabler_01_245.js Show response
s0.2mdn.net/879366/ Frame D722 110 KB
38 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_245.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61490714/20210621060706056/index.html?e=69&leftOffset=0&topOffset=0&c=sAEUSHBSQE&t=1&renderingType=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4642568b405b3750fb18df621889e27def95e8162c1cdd256a21b319c9a4e24b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61490714/20210621060706056/index.html?e=69&leftOffset=0&topOffset=0&c=sAEUSHBSQE&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 03 Sep 2021 10:43:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 64735
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38568
x-xss-protection: 0
last-modified: Wed, 14 Oct 2020 19:32:54 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 04 Sep 2021 10:43:18 GMT

GET
H3-29 200 gsap_3.2.4_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame 441B 57 KB
23 KB 26ms
26ms Script
text/javascript 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.2.4_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61498371/20210621060725476/index.html?e=69&leftOffset=0&topOffset=0&c=aSGvZtuX20&t=1&renderingType=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e8403779d45a9590b43c0ecf984ebe11e75fd2982630d658390a6001a6768770

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61498371/20210621060725476/index.html?e=69&leftOffset=0&topOffset=0&c=aSGvZtuX20&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:42:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23276
x-xss-protection: 0
last-modified: Thu, 05 Mar 2020 03:53:22 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 04 Sep 2021 04:42:13 GMT

GET
H3-29 200 Enabler_01_245.js Show response
s0.2mdn.net/879366/ Frame 441B 110 KB
38 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_245.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61498371/20210621060725476/index.html?e=69&leftOffset=0&topOffset=0&c=aSGvZtuX20&t=1&renderingType=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4642568b405b3750fb18df621889e27def95e8162c1cdd256a21b319c9a4e24b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61498371/20210621060725476/index.html?e=69&leftOffset=0&topOffset=0&c=aSGvZtuX20&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 03 Sep 2021 10:43:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 64735
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38568
x-xss-protection: 0
last-modified: Wed, 14 Oct 2020 19:32:54 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 04 Sep 2021 10:43:18 GMT

GET
H2

200

/
r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/ Frame 4B0D
Redirect Chain

https://ad.turn.com/r/cs?pid=3&google_gid=CAESEGC3s3KaWEsoxXbUkHytR4k&google_cver=1&google_push=AYg5qPLHoTuAMcqG-pw7fLoi5YA4kSTfhCeR_zgUrG1Jq64WF2daOnW9mSa-XadcJe5y8pKvx0Pg39bjtuCaTdetSCaCPwPCm4b5
https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=MzQ4MDkxMDY0OTY1MDI2NjczNQ==
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?google_gid=CAESENnjRICCMyUWKBg9jidmuC0&google_cver=1

43 B
407 B

17ms
16ms

Image
image/gif

2001:678:cb4:bbbb::11
TURN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?google_gid=CAESENnjRICCMyUWKBg9jidmuC0&google_cver=1
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2001:678:cb4:bbbb::11 , United Kingdom, ASN56396 (TURN, GB),
Reverse DNS
Software: /
Resource Hash: 48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:42:13 GMT
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-type: image/gif
content-length: 43
p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

Redirect headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:42:13 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?google_gid=CAESENnjRICCMyUWKBg9jidmuC0&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 301
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 4B0D
Redirect Chain

https://um.simpli.fi/gp_match?google_gid=CAESEE-E3QqaQnCKTb0tkhkm5r0&google_cver=1&google_push=AYg5qPI1QxF9cK9JidK0LVOR4kQvgYDfbMALEEw7_FHzBEQlkiQh9Ilqr-3R-1FcYuI2ai92CmfvvoUwK3Gg14t6HM7Q1subskuT
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=B85789AC9C904FDE90DF83420E65AC78&google_push=AYg5qPI1QxF9cK9JidK0LVOR4kQvgYDfbMALEEw7_FHzBEQlkiQh9Ilqr-3R-1FcYuI2ai92CmfvvoUwK3Gg14t...

170 B
188 B

30ms
30ms

Image
image/png

142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=B85789AC9C904FDE90DF83420E65AC78&google_push=AYg5qPI1QxF9cK9JidK0LVOR4kQvgYDfbMALEEw7_FHzBEQlkiQh9Ilqr-3R-1FcYuI2ai92CmfvvoUwK3Gg14t6HM7Q1subskuT

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:42:13 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Sat, 04 Sep 2021 04:42:13 GMT
x-content-type-options: nosniff
server: nginx
location: https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=B85789AC9C904FDE90DF83420E65AC78&google_push=AYg5qPI1QxF9cK9JidK0LVOR4kQvgYDfbMALEEw7_FHzBEQlkiQh9Ilqr-3R-1FcYuI2ai92CmfvvoUwK3Gg14t6HM7Q1subskuT
strict-transport-security: max-age=63072000; includeSubdomains; preload
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 154
expires: Fri, 03 Sep 2021 04:42:13 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 4B0D
Redirect Chain

https://tracking.m6r.eu/sync/adxRedirect?gdprFallback=true&google_gid=&google_gid=CAESEBog9SGdBln9UdYI6XN886A&google_cver=1&google_push=AYg5qPLQHAzkdaD0BpZgg7HzlbsfbRYy9hqexSAQILd6w8p2aIh5b1lG54Ggf...
https://tracking.m6r.eu/sync/adxRedirect?gdprFallback=true&google_gid=&google_gid=CAESEBog9SGdBln9UdYI6XN886A&google_cver=1&google_push=AYg5qPLQHAzkdaD0BpZgg7HzlbsfbRYy9hqexSAQILd6w8p2aIh5b1lG54Ggf...
https://cm.g.doubleclick.net/pixel?google_nid=m6r&google_ula=158217889&google_hm=At_TB_mVJNUMBz3oFmyoQw&google_push=AYg5qPLQHAzkdaD0BpZgg7HzlbsfbRYy9hqexSAQILd6w8p2aIh5b1lG54GgfEo65h0_likw9nucG4VyN...

170 B
188 B

55ms
55ms

Image
image/png

142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=m6r&google_ula=158217889&google_hm=At_TB_mVJNUMBz3oFmyoQw&google_push=AYg5qPLQHAzkdaD0BpZgg7HzlbsfbRYy9hqexSAQILd6w8p2aIh5b1lG54GgfEo65h0_likw9nucG4VyNk9Qp3raN2hDT007fR3u

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:42:15 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Sat, 04 Sep 2021 04:42:15 GMT
Server: nginx
Vary: Accept
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=m6r&google_ula=158217889&google_hm=At_TB_mVJNUMBz3oFmyoQw&google_push=AYg5qPLQHAzkdaD0BpZgg7HzlbsfbRYy9hqexSAQILd6w8p2aIh5b1lG54GgfEo65h0_likw9nucG4VyNk9Qp3raN2hDT007fR3u
Connection: close
Content-Type: text/plain; charset=utf-8
Content-Length: 238

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 4B0D
Redirect Chain

https://px.adhigh.net/p/gm/rub?google_gid=CAESEFetlJ_DcdkD-0oc5qS2LNo&google_cver=1&google_push=AYg5qPKoGuGca0EoYKOHkGdGFLHWdeuuc2RLiNqPCIKsfQFoKr66YKGp_FWO1Ih6Dqy4uur8OhCv8BODDZirtSjNFLvxKhUxNIyM
https://px.adhigh.net/p/gm/rub?google_gid=CAESEFetlJ_DcdkD-0oc5qS2LNo&google_cver=1&google_push=AYg5qPKoGuGca0EoYKOHkGdGFLHWdeuuc2RLiNqPCIKsfQFoKr66YKGp_FWO1Ih6Dqy4uur8OhCv8BODDZirtSjNFLvxKhUxNIyM&...
https://cm.g.doubleclick.net/pixel?google_nid=gint&google_push=AYg5qPKoGuGca0EoYKOHkGdGFLHWdeuuc2RLiNqPCIKsfQFoKr66YKGp_FWO1Ih6Dqy4uur8OhCv8BODDZirtSjNFLvxKhUxNIyM&google_hm=v0gTmtRqEWUAAikABlF7rx0...

170 B
188 B

35ms
32ms

Image
image/png

142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=gint&google_push=AYg5qPKoGuGca0EoYKOHkGdGFLHWdeuuc2RLiNqPCIKsfQFoKr66YKGp_FWO1Ih6Dqy4uur8OhCv8BODDZirtSjNFLvxKhUxNIyM&google_hm=v0gTmtRqEWUAAikABlF7rx08Ag%3D%3D

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:42:14 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:42:14 GMT
server: nginx
access-control-allow-origin: *
x-backend-id: f7-ru
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://cm.g.doubleclick.net/pixel?google_nid=gint&google_push=AYg5qPKoGuGca0EoYKOHkGdGFLHWdeuuc2RLiNqPCIKsfQFoKr66YKGp_FWO1Ih6Dqy4uur8OhCv8BODDZirtSjNFLvxKhUxNIyM&google_hm=v0gTmtRqEWUAAikABlF7rx08Ag%3D%3D
cache-control: no-cache, no-store
access-control-allow-credentials: true
content-length: 0
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 4B0D
Redirect Chain

https://sm.rtb.mts.ru/p?ssp=googleban&pm=1&google_gid=CAESEOCY92UwdNzFYZAzb78FUKc&google_cver=1&google_push=AYg5qPLz8mksoUJxPHFXHNYwJnT5e5-L0FUla8zJumi3bRvoOV3935Zq4SJ4bcvCL1G6K6R8yWDMzVGZgs7YwUyea...
https://sm.rtb.mts.ru/match/second?r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dstream_llc%26id%3D012ea528-71de-4c93-96ba-4672730ae1ed%26google_push%3DAYg5qPLz8mksoUJxPHFXHNYwJnT5e5-...
https://tech.rtb.mts.ru/?dsp_uid=6862e65b-9253-4583-8f23-c3cec6294de0&return_url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dstream_llc%26id%3D012ea528-71de-4c93-96ba-4672730ae1ed%26g...
https://cm.g.doubleclick.net/pixel?google_nid=stream_llc&id=012ea528-71de-4c93-96ba-4672730ae1ed&google_push=AYg5qPLz8mksoUJxPHFXHNYwJnT5e5-L0FUla8zJumi3bRvoOV3935Zq4SJ4bcvCL1G6K6R8yWDMzVGZgs7YwUye...

170 B
188 B

30ms
30ms

Image
image/png

142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=stream_llc&id=012ea528-71de-4c93-96ba-4672730ae1ed&google_push=AYg5qPLz8mksoUJxPHFXHNYwJnT5e5-L0FUla8zJumi3bRvoOV3935Zq4SJ4bcvCL1G6K6R8yWDMzVGZgs7YwUyeaX6x0lPi64dPLg

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:42:14 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Sat, 04 Sep 2021 04:42:14 GMT
Server: nginx/1.13.12
Transfer-Encoding: chunked
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
Content-Type: text/html; charset=utf-8
Location: https://cm.g.doubleclick.net/pixel?google_nid=stream_llc&id=012ea528-71de-4c93-96ba-4672730ae1ed&google_push=AYg5qPLz8mksoUJxPHFXHNYwJnT5e5-L0FUla8zJumi3bRvoOV3935Zq4SJ4bcvCL1G6K6R8yWDMzVGZgs7YwUyeaX6x0lPi64dPLg
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 4B0D
Redirect Chain

https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEBTIF-oqSxsQkmNkPcOw1QY&google_cver=1&google_push=AYg5qPISgSzKdGJFMMKUqMifTUB5ib8AnbrxjVbyflRCo-XmTPaRXY31XTAOE79mXkwMdZmO0k...
https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS0wUkhzOXBWRTJ1R0hEMlVGVDJweDlnNzF6anVkSEhVWn5B&google_push=AYg5qPISgSzKdGJFMMKUqMifTUB5ib8AnbrxjVbyflRCo-XmTPaRXY31X...

170 B
188 B

32ms
31ms

Image
image/png

142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS0wUkhzOXBWRTJ1R0hEMlVGVDJweDlnNzF6anVkSEhVWn5B&google_push=AYg5qPISgSzKdGJFMMKUqMifTUB5ib8AnbrxjVbyflRCo-XmTPaRXY31XTAOE79mXkwMdZmO0k8BMpDU5RcQK7Mie0K9d7QnpYh9

Requested by

Host: 8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com
URL: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:42:13 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Sat, 04 Sep 2021 04:42:13 GMT
Server: ATS/7.1.2.138
Age: 0
Strict-Transport-Security: max-age=31536000
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Location: https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS0wUkhzOXBWRTJ1R0hEMlVGVDJweDlnNzF6anVkSEhVWn5B&google_push=AYg5qPISgSzKdGJFMMKUqMifTUB5ib8AnbrxjVbyflRCo-XmTPaRXY31XTAOE79mXkwMdZmO0k8BMpDU5RcQK7Mie0K9d7QnpYh9
Connection: keep-alive
Content-Length: 0

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 4B0D
Redirect Chain

https://sm.rtb.mts.ru/p?ssp=googlevid&pm=1&google_gid=CAESEP5L51YeFDZE0RCrysGAsOg&google_cver=1&google_push=AYg5qPILExZibZRxuBFhNoVbZkCo42WnJsgG4JYom8a2kPV4rSYTIzNz4HnGzsS5bgXUiWrr6Y-MtT8YvQLgNqAyw...
https://sm.rtb.mts.ru/match/second?r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dstream_llc_2%26id%3D6862e65b-9253-4583-8f23-c3cec6294de0%26google_push%3DAYg5qPILExZibZRxuBFhNoVbZkCo4...
https://tech.rtb.mts.ru/?dsp_uid=6862e65b-9253-4583-8f23-c3cec6294de0&return_url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dstream_llc_2%26id%3D6862e65b-9253-4583-8f23-c3cec6294de0%2...
https://cm.g.doubleclick.net/pixel?google_nid=stream_llc_2&id=6862e65b-9253-4583-8f23-c3cec6294de0&google_push=AYg5qPILExZibZRxuBFhNoVbZkCo42WnJsgG4JYom8a2kPV4rSYTIzNz4HnGzsS5bgXUiWrr6Y-MtT8YvQLgNq...

170 B
188 B

29ms
29ms

Image
image/png

142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=stream_llc_2&id=6862e65b-9253-4583-8f23-c3cec6294de0&google_push=AYg5qPILExZibZRxuBFhNoVbZkCo42WnJsgG4JYom8a2kPV4rSYTIzNz4HnGzsS5bgXUiWrr6Y-MtT8YvQLgNqAywQh_hY190En5pg

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:42:14 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Sat, 04 Sep 2021 04:42:14 GMT
Server: nginx/1.13.12
Transfer-Encoding: chunked
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
Content-Type: text/html; charset=utf-8
Location: https://cm.g.doubleclick.net/pixel?google_nid=stream_llc_2&id=6862e65b-9253-4583-8f23-c3cec6294de0&google_push=AYg5qPILExZibZRxuBFhNoVbZkCo42WnJsgG4JYom8a2kPV4rSYTIzNz4HnGzsS5bgXUiWrr6Y-MtT8YvQLgNqAywQh_hY190En5pg
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With

GET
H3-29 204 attr
cm.g.doubleclick.net/pixel/ Frame 4B0D 0
12 B 30ms
28ms Image
text/html 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13LOAXuKZmpQArJsgktUgQ64uLHPNOFXzRJMHI4JPfTBhY854I3u_sybC_c8ZWml82FoQmy3Km3o

Requested by

Host: 8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com
URL: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:42:13 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H2 200 video-loader2-cr.js Show response
cdn.avantisvideo.com/js/ Frame 9D72 132 KB
39 KB 9ms
7ms Script
application/javascript 2600:9000:2240:8a00:1c:38a0:8a40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.avantisvideo.com/js/video-loader2-cr.js?id=1c35f5e5-f7c0-4c97-8283-6c9f94ba8c53&tagId=1
Requested by: Host: cdn.avantisvideo.com
URL: https://cdn.avantisvideo.com/avm/js/video-loader.js?id=1c35f5e5-f7c0-4c97-8283-6c9f94ba8c53&tagId=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2240:8a00:1c:38a0:8a40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: b5dc7ad3b3d9dffc2b9c95809de7a9ef6b5d9da3fd729c7cc5b116516ea7e6d4

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

x-amz-version-id: kJMT9meJGpUB0zEsyDn5cumlXI8dkxWH
content-encoding: gzip
last-modified: Wed, 25 Aug 2021 07:51:50 GMT
server: AmazonS3
age: 47013
etag: W/"6fd5a7225ddda220c0191533314e34e9"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 814952d19d560b49ff15ad2f71e400d3.cloudfront.net (CloudFront)
date: Fri, 03 Sep 2021 15:38:41 GMT
x-amz-cf-pop: FRA60-P1
x-amz-cf-id: VLEloOJIaHhEwRSB8m4wAXgPuTaX9tFB6vJSOaITKKJbZ7IdhstRjA==

GET
H2 200 video-loader2-cr.js Show response
cdn.avantisvideo.com/js/ Frame 2DEB 132 KB
39 KB 9ms
9ms Script
application/javascript 2600:9000:2240:8a00:1c:38a0:8a40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.avantisvideo.com/js/video-loader2-cr.js?id=1c35f5e5-f7c0-4c97-8283-6c9f94ba8c53&tagId=1
Requested by: Host: cdn.avantisvideo.com
URL: https://cdn.avantisvideo.com/avm/js/video-loader.js?id=1c35f5e5-f7c0-4c97-8283-6c9f94ba8c53&tagId=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2240:8a00:1c:38a0:8a40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: b5dc7ad3b3d9dffc2b9c95809de7a9ef6b5d9da3fd729c7cc5b116516ea7e6d4

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

x-amz-version-id: kJMT9meJGpUB0zEsyDn5cumlXI8dkxWH
content-encoding: gzip
last-modified: Wed, 25 Aug 2021 07:51:50 GMT
server: AmazonS3
age: 47013
etag: W/"6fd5a7225ddda220c0191533314e34e9"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 814952d19d560b49ff15ad2f71e400d3.cloudfront.net (CloudFront)
date: Fri, 03 Sep 2021 15:38:41 GMT
x-amz-cf-pop: FRA60-P1
x-amz-cf-id: L1SydXNzXgFhjMLnTvUf66TPN0hUQzYdmkJG1uIP6N550-v1nvgE9A==

GET
H2

200

/
r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/ Frame 4FC0
Redirect Chain

https://ad.turn.com/r/cs?pid=3&google_gid=CAESEGC3s3KaWEsoxXbUkHytR4k&google_cver=1&google_push=AYg5qPJ89bR1UT6aocnwM8CNSDBKHe5LUPAG6XOD4c9gH8Sl0CsucaX0_tpoFrITGiraBqwPSi8-MlA9wz9gpMWHE0vD7nyTFZU
https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=Mzk4NTMxMzgwNzkxNTc2MjI4Nw==
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?google_gid=CAESENnjRICCMyUWKBg9jidmuC0&google_cver=1

43 B
407 B

16ms
16ms

Image
image/gif

2001:678:cb4:bbbb::11
TURN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?google_gid=CAESENnjRICCMyUWKBg9jidmuC0&google_cver=1
Requested by: Host: 8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com
URL: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2001:678:cb4:bbbb::11 , United Kingdom, ASN56396 (TURN, GB),
Reverse DNS
Software: /
Resource Hash: 48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:42:13 GMT
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-type: image/gif
content-length: 43
p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

Redirect headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:42:13 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?google_gid=CAESENnjRICCMyUWKBg9jidmuC0&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 301
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

google_sync_status
x.bidswitch.net/ Frame 4FC0
Redirect Chain

https://x.bidswitch.net/sync?ssp=google&google_gid=CAESEPTTpHWzULUG0VNjCazSWJ4&google_cver=1&google_push=AYg5qPIdQEhtKbr7E2m_tTXe5VDXIU59sZ3WoVGbSwFseJXvzA4M-BaZmBT4PWhkd88vhOHhLbXy-gpeZ3ri_CP8dM9d...
https://x.bidswitch.net/ul_cb/sync?ssp=google&google_gid=CAESEPTTpHWzULUG0VNjCazSWJ4&google_cver=1&google_push=AYg5qPIdQEhtKbr7E2m_tTXe5VDXIU59sZ3WoVGbSwFseJXvzA4M-BaZmBT4PWhkd88vhOHhLbXy-gpeZ3ri_C...
https://ads.avct.cloud/getuid?url=%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D59%26user_id%3D%7B%7BUUID%7D%7D%26ssp%3Dgoogle
https://ads.avct.cloud/getuid?bounce=true&url=%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D59%26user_id%3D%7B%7BUUID%7D%7D%26ssp%3Dgoogle
https://x.bidswitch.net/sync?dsp_id=59&user_id=cd5195b6-59c1-484e-83fe-97f40eb93db3&ssp=google
https://x.bidswitch.net/ul_cb/sync?dsp_id=59&user_id=cd5195b6-59c1-484e-83fe-97f40eb93db3&ssp=google
https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_cm=1&google_hm=8lwOJoCUR2qOoDU4bGacbQ==
https://x.bidswitch.net/google_sync_status?ssp_name=google&google_gid=CAESEFgGpgaCCo5E4eyXoxZmcsI&google_cver=1

43 B
145 B

22ms
22ms

Image
image/gif

18.185.140.232
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://x.bidswitch.net/google_sync_status?ssp_name=google&google_gid=CAESEFgGpgaCCo5E4eyXoxZmcsI&google_cver=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.185.140.232 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-185-140-232.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:42:14 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 43
content-type: image/gif

Redirect headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:42:14 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://x.bidswitch.net/google_sync_status?ssp_name=google&google_gid=CAESEFgGpgaCCo5E4eyXoxZmcsI&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 316
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 4FC0
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEEqhUFsY3OeRfsPkZ1-lQzk&google_cver=1&google_push=AYg5qPI6xnrqQAnBL_4jTt3NH_H305JLOZGiqaf3QI5ppfpct9v4CWMeXsBK7a8Qtz7ORWqJ7VU...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1Q1QVVTVkktWC0yWDJV&google_push=AYg5qPI6xnrqQAnBL_4jTt3NH_H305JLOZGiqaf3QI5ppfpct9v4CWMeXsBK7a8Qtz7ORWqJ7VUGgOc4H5Cv5N_oYeoEuY5HKA

170 B
188 B

31ms
30ms

Image
image/png

142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1Q1QVVTVkktWC0yWDJV&google_push=AYg5qPI6xnrqQAnBL_4jTt3NH_H305JLOZGiqaf3QI5ppfpct9v4CWMeXsBK7a8Qtz7ORWqJ7VUGgOc4H5Cv5N_oYeoEuY5HKA

Requested by

Host: 8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com
URL: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:42:13 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1Q1QVVTVkktWC0yWDJV&google_push=AYg5qPI6xnrqQAnBL_4jTt3NH_H305JLOZGiqaf3QI5ppfpct9v4CWMeXsBK7a8Qtz7ORWqJ7VUGgOc4H5Cv5N_oYeoEuY5HKA
Cache-Control: no-cache,no-store,must-revalidate
Content-Type: text/html
content-length: 0
X-RPHost: 37b22a0c36bd84993dd2cda4a5e04b1d
Expires: 0

GET

pixel
cm.g.doubleclick.net/ Frame 4FC0
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESECYvurN_xnIfEz71lsji0Xk&google_cver=1&googl...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTL5JYWbhem9VtXZP_sMpwAABJQAAAAB&google_push=AYg5qPLHmbXTFS_hcf2UF0loVClSUOvooeX3uOSy04zSELjvXTlCW3fxj_P-b9ZENHYh-We2LsDrg3dn9eax4I-ZsU...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTL5JYWbhem9VtXZP_sMpwAABJQAAAAB&google_push=AYg5qPLHmbXTFS_hcf2UF0loVClSUOvooeX3uOSy04zSELjvXTlCW3fxj_P-b9ZENHYh-We2LsDrg3dn9eax4I-ZsU...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTL5JYWbhem9VtXZP_sMpwAABJQAAAAB&google_push=AYg5qPLHmbXTFS_hcf2UF0loVClSUOvooeX3uOSy04zSELjvXTlCW3fxj_P-b9ZENHYh-We2LsDrg3dn9eax4I-ZsU...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTL5JYWbhem9VtXZP_sMpwAABJQAAAAB&google_push=AYg5qPLHmbXTFS_hcf2UF0loVClSUOvooeX3uOSy04zSELjvXTlCW3fxj_P-b9ZENHYh-We2LsDrg3dn9eax4I-ZsU...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTL5JYWbhem9VtXZP_sMpwAABJQAAAAB&google_push=AYg5qPLHmbXTFS_hcf2UF0loVClSUOvooeX3uOSy04zSELjvXTlCW3fxj_P-b9ZENHYh-We2LsDrg3dn9eax4I-ZsU...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTL5JYWbhem9VtXZP_sMpwAABJQAAAAB&google_push=AYg5qPLHmbXTFS_hcf2UF0loVClSUOvooeX3uOSy04zSELjvXTlCW3fxj_P-b9ZENHYh-We2LsDrg3dn9eax4I-ZsU...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTL5JYWbhem9VtXZP_sMpwAABJQAAAAB&google_push=AYg5qPLHmbXTFS_hcf2UF0loVClSUOvooeX3uOSy04zSELjvXTlCW3fxj_P-b9ZENHYh-We2LsDrg3dn9eax4I-ZsU...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTL5JYWbhem9VtXZP_sMpwAABJQAAAAB&google_push=AYg5qPLHmbXTFS_hcf2UF0loVClSUOvooeX3uOSy04zSELjvXTlCW3fxj_P-b9ZENHYh-We2LsDrg3dn9eax4I-ZsU...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTL5JYWbhem9VtXZP_sMpwAABJQAAAAB&google_push=AYg5qPLHmbXTFS_hcf2UF0loVClSUOvooeX3uOSy04zSELjvXTlCW3fxj_P-b9ZENHYh-We2LsDrg3dn9eax4I-ZsU...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTL5JYWbhem9VtXZP_sMpwAABJQAAAAB&google_push=AYg5qPLHmbXTFS_hcf2UF0loVClSUOvooeX3uOSy04zSELjvXTlCW3fxj_P-b9ZENHYh-We2LsDrg3dn9eax4I-ZsU...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTL5JYWbhem9VtXZP_sMpwAABJQAAAAB&google_push=AYg5qPLHmbXTFS_hcf2UF0loVClSUOvooeX3uOSy04zSELjvXTlCW3fxj_P-b9ZENHYh-We2LsDrg3dn9eax4I-ZsU...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTL5JYWbhem9VtXZP_sMpwAABJQAAAAB&google_push=AYg5qPLHmbXTFS_hcf2UF0loVClSUOvooeX3uOSy04zSELjvXTlCW3fxj_P-b9ZENHYh-We2LsDrg3dn9eax4I-ZsU...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTL5JYWbhem9VtXZP_sMpwAABJQAAAAB&google_push=AYg5qPLHmbXTFS_hcf2UF0loVClSUOvooeX3uOSy04zSELjvXTlCW3fxj_P-b9ZENHYh-We2LsDrg3dn9eax4I-ZsU...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTL5JYWbhem9VtXZP_sMpwAABJQAAAAB&google_push=AYg5qPLHmbXTFS_hcf2UF0loVClSUOvooeX3uOSy04zSELjvXTlCW3fxj_P-b9ZENHYh-We2LsDrg3dn9eax4I-ZsU...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTL5JYWbhem9VtXZP_sMpwAABJQAAAAB&google_push=AYg5qPLHmbXTFS_hcf2UF0loVClSUOvooeX3uOSy04zSELjvXTlCW3fxj_P-b9ZENHYh-We2LsDrg3dn9eax4I-ZsU...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTL5JYWbhem9VtXZP_sMpwAABJQAAAAB&google_push=AYg5qPLHmbXTFS_hcf2UF0loVClSUOvooeX3uOSy04zSELjvXTlCW3fxj_P-b9ZENHYh-We2LsDrg3dn9eax4I-ZsU...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTL5JYWbhem9VtXZP_sMpwAABJQAAAAB&google_push=AYg5qPLHmbXTFS_hcf2UF0loVClSUOvooeX3uOSy04zSELjvXTlCW3fxj_P-b9ZENHYh-We2LsDrg3dn9eax4I-ZsU...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTL5JYWbhem9VtXZP_sMpwAABJQAAAAB&google_push=AYg5qPLHmbXTFS_hcf2UF0loVClSUOvooeX3uOSy04zSELjvXTlCW3fxj_P-b9ZENHYh-We2LsDrg3dn9eax4I-ZsU...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTL5JYWbhem9VtXZP_sMpwAABJQAAAAB&google_push=AYg5qPLHmbXTFS_hcf2UF0loVClSUOvooeX3uOSy04zSELjvXTlCW3fxj_P-b9ZENHYh-We2LsDrg3dn9eax4I-ZsU...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTL5JYWbhem9VtXZP_sMpwAABJQAAAAB&google_push=AYg5qPLHmbXTFS_hcf2UF0loVClSUOvooeX3uOSy04zSELjvXTlCW3fxj_P-b9ZENHYh-We2LsDrg3dn9eax4I-ZsU...

0
0

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 4FC0
Redirect Chain

https://sync.1rx.io/usersync2/rmpssp?sub=google&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3D%5BRX_SPD%5D%26google_hm%3D%5BRX_UUID_B64_BIN%5D&google_gid=CAESEI...
https://sync.targeting.unrulymedia.com/csync/RX-024c2ae3-e0e2-4def-bb6b-14a66f4ace5d-003?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3DAYg5qPI5G9gfXDWI7qTzwhiE0...
https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AYg5qPI5G9gfXDWI7qTzwhiE0qF_Uf6BGHhEMTSDoZvDjHbocFLgFr-O4tJ0WFiGIDrFf5jk-wc_VTDr9nHZAHFD5GYSCQCwYv8&google_hm=AwJMKuPg4k3vu2sUpm9Kzl0

170 B
188 B

30ms
29ms

Image
image/png

142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AYg5qPI5G9gfXDWI7qTzwhiE0qF_Uf6BGHhEMTSDoZvDjHbocFLgFr-O4tJ0WFiGIDrFf5jk-wc_VTDr9nHZAHFD5GYSCQCwYv8&google_hm=AwJMKuPg4k3vu2sUpm9Kzl0

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:42:14 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AYg5qPI5G9gfXDWI7qTzwhiE0qF_Uf6BGHhEMTSDoZvDjHbocFLgFr-O4tJ0WFiGIDrFf5jk-wc_VTDr9nHZAHFD5GYSCQCwYv8&google_hm=AwJMKuPg4k3vu2sUpm9Kzl0
date: Sat, 04 Sep 2021 04:42:14 GMT
server: Tengine
p3p: CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
etag: RX024c2ae3e0e24defbb6b14a66f4ace5d003
content-type: text/html

GET

pixel
cm.g.doubleclick.net/ Frame 4FC0
Redirect Chain

https://cs.chocolateplatform.com/pub?pid=ebda&google_gid=CAESEIdFuH5Q8qUJePtdm0c-xHo&google_cver=1&google_push=AYg5qPLAE1XXhO-0g4KFsc4OXUoQmlTudFOplRYx2cFh_IfqH2d_Hg6zCc2GHlGZxcWWjvbhq6DFZN9TmSo4op...
https://cm.g.doubleclick.net/pixel?google_nid=chocolateplatform&google_hm=Y3AtZDc5YWM4MmMxZDU5NGMyMzVjNGNiNDU2MTFhOTRjNzk=&google_push=AYg5qPLAE1XXhO-0g4KFsc4OXUoQmlTudFOplRYx2cFh_IfqH2d_Hg6zCc2GHl...
https://cm.g.doubleclick.net/pixel?google_nid=chocolateplatform&google_hm=Y3AtZDc5YWM4MmMxZDU5NGMyMzVjNGNiNDU2MTFhOTRjNzk=&google_push=AYg5qPLAE1XXhO-0g4KFsc4OXUoQmlTudFOplRYx2cFh_IfqH2d_Hg6zCc2GHl...
https://cm.g.doubleclick.net/pixel?google_nid=chocolateplatform&google_hm=Y3AtZDc5YWM4MmMxZDU5NGMyMzVjNGNiNDU2MTFhOTRjNzk=&google_push=AYg5qPLAE1XXhO-0g4KFsc4OXUoQmlTudFOplRYx2cFh_IfqH2d_Hg6zCc2GHl...
https://cm.g.doubleclick.net/pixel?google_nid=chocolateplatform&google_hm=Y3AtZDc5YWM4MmMxZDU5NGMyMzVjNGNiNDU2MTFhOTRjNzk=&google_push=AYg5qPLAE1XXhO-0g4KFsc4OXUoQmlTudFOplRYx2cFh_IfqH2d_Hg6zCc2GHl...
https://cm.g.doubleclick.net/pixel?google_nid=chocolateplatform&google_hm=Y3AtZDc5YWM4MmMxZDU5NGMyMzVjNGNiNDU2MTFhOTRjNzk=&google_push=AYg5qPLAE1XXhO-0g4KFsc4OXUoQmlTudFOplRYx2cFh_IfqH2d_Hg6zCc2GHl...
https://cm.g.doubleclick.net/pixel?google_nid=chocolateplatform&google_hm=Y3AtZDc5YWM4MmMxZDU5NGMyMzVjNGNiNDU2MTFhOTRjNzk=&google_push=AYg5qPLAE1XXhO-0g4KFsc4OXUoQmlTudFOplRYx2cFh_IfqH2d_Hg6zCc2GHl...
https://cm.g.doubleclick.net/pixel?google_nid=chocolateplatform&google_hm=Y3AtZDc5YWM4MmMxZDU5NGMyMzVjNGNiNDU2MTFhOTRjNzk=&google_push=AYg5qPLAE1XXhO-0g4KFsc4OXUoQmlTudFOplRYx2cFh_IfqH2d_Hg6zCc2GHl...
https://cm.g.doubleclick.net/pixel?google_nid=chocolateplatform&google_hm=Y3AtZDc5YWM4MmMxZDU5NGMyMzVjNGNiNDU2MTFhOTRjNzk=&google_push=AYg5qPLAE1XXhO-0g4KFsc4OXUoQmlTudFOplRYx2cFh_IfqH2d_Hg6zCc2GHl...
https://cm.g.doubleclick.net/pixel?google_nid=chocolateplatform&google_hm=Y3AtZDc5YWM4MmMxZDU5NGMyMzVjNGNiNDU2MTFhOTRjNzk=&google_push=AYg5qPLAE1XXhO-0g4KFsc4OXUoQmlTudFOplRYx2cFh_IfqH2d_Hg6zCc2GHl...
https://cm.g.doubleclick.net/pixel?google_nid=chocolateplatform&google_hm=Y3AtZDc5YWM4MmMxZDU5NGMyMzVjNGNiNDU2MTFhOTRjNzk=&google_push=AYg5qPLAE1XXhO-0g4KFsc4OXUoQmlTudFOplRYx2cFh_IfqH2d_Hg6zCc2GHl...
https://cm.g.doubleclick.net/pixel?google_nid=chocolateplatform&google_hm=Y3AtZDc5YWM4MmMxZDU5NGMyMzVjNGNiNDU2MTFhOTRjNzk=&google_push=AYg5qPLAE1XXhO-0g4KFsc4OXUoQmlTudFOplRYx2cFh_IfqH2d_Hg6zCc2GHl...
https://cm.g.doubleclick.net/pixel?google_nid=chocolateplatform&google_hm=Y3AtZDc5YWM4MmMxZDU5NGMyMzVjNGNiNDU2MTFhOTRjNzk=&google_push=AYg5qPLAE1XXhO-0g4KFsc4OXUoQmlTudFOplRYx2cFh_IfqH2d_Hg6zCc2GHl...
https://cm.g.doubleclick.net/pixel?google_nid=chocolateplatform&google_hm=Y3AtZDc5YWM4MmMxZDU5NGMyMzVjNGNiNDU2MTFhOTRjNzk=&google_push=AYg5qPLAE1XXhO-0g4KFsc4OXUoQmlTudFOplRYx2cFh_IfqH2d_Hg6zCc2GHl...
https://cm.g.doubleclick.net/pixel?google_nid=chocolateplatform&google_hm=Y3AtZDc5YWM4MmMxZDU5NGMyMzVjNGNiNDU2MTFhOTRjNzk=&google_push=AYg5qPLAE1XXhO-0g4KFsc4OXUoQmlTudFOplRYx2cFh_IfqH2d_Hg6zCc2GHl...
https://cm.g.doubleclick.net/pixel?google_nid=chocolateplatform&google_hm=Y3AtZDc5YWM4MmMxZDU5NGMyMzVjNGNiNDU2MTFhOTRjNzk=&google_push=AYg5qPLAE1XXhO-0g4KFsc4OXUoQmlTudFOplRYx2cFh_IfqH2d_Hg6zCc2GHl...
https://cm.g.doubleclick.net/pixel?google_nid=chocolateplatform&google_hm=Y3AtZDc5YWM4MmMxZDU5NGMyMzVjNGNiNDU2MTFhOTRjNzk=&google_push=AYg5qPLAE1XXhO-0g4KFsc4OXUoQmlTudFOplRYx2cFh_IfqH2d_Hg6zCc2GHl...
https://cm.g.doubleclick.net/pixel?google_nid=chocolateplatform&google_hm=Y3AtZDc5YWM4MmMxZDU5NGMyMzVjNGNiNDU2MTFhOTRjNzk=&google_push=AYg5qPLAE1XXhO-0g4KFsc4OXUoQmlTudFOplRYx2cFh_IfqH2d_Hg6zCc2GHl...
https://cm.g.doubleclick.net/pixel?google_nid=chocolateplatform&google_hm=Y3AtZDc5YWM4MmMxZDU5NGMyMzVjNGNiNDU2MTFhOTRjNzk=&google_push=AYg5qPLAE1XXhO-0g4KFsc4OXUoQmlTudFOplRYx2cFh_IfqH2d_Hg6zCc2GHl...
https://cm.g.doubleclick.net/pixel?google_nid=chocolateplatform&google_hm=Y3AtZDc5YWM4MmMxZDU5NGMyMzVjNGNiNDU2MTFhOTRjNzk=&google_push=AYg5qPLAE1XXhO-0g4KFsc4OXUoQmlTudFOplRYx2cFh_IfqH2d_Hg6zCc2GHl...
https://cm.g.doubleclick.net/pixel?google_nid=chocolateplatform&google_hm=Y3AtZDc5YWM4MmMxZDU5NGMyMzVjNGNiNDU2MTFhOTRjNzk=&google_push=AYg5qPLAE1XXhO-0g4KFsc4OXUoQmlTudFOplRYx2cFh_IfqH2d_Hg6zCc2GHl...

0
0

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 4FC0
Redirect Chain

https://a.rfihub.com/cm?pub=445&in=1&google_gid=CAESELmE_2fzIMp1gWKXEwKX0uc&google_cver=1&google_push=AYg5qPIalBuRb5CcG46Qbs45Nalzn-z_TL4Ru8xA63R7FBp5whEMBXlaYvCEpcyMYd_w33SBLgomVCRwuljxuD2KzDacdfA...
https://cm.g.doubleclick.net/pixel?google_nid=zeta_interactive&google_push=AYg5qPIalBuRb5CcG46Qbs45Nalzn-z_TL4Ru8xA63R7FBp5whEMBXlaYvCEpcyMYd_w33SBLgomVCRwuljxuD2KzDacdfAnaOPQ&google_hm=NDkwODUyMDY...

170 B
188 B

34ms
33ms

Image
image/png

142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=zeta_interactive&google_push=AYg5qPIalBuRb5CcG46Qbs45Nalzn-z_TL4Ru8xA63R7FBp5whEMBXlaYvCEpcyMYd_w33SBLgomVCRwuljxuD2KzDacdfAnaOPQ&google_hm=NDkwODUyMDYyNTkyODkzNzc1OA==

Requested by

Host: 8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com
URL: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:42:14 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=zeta_interactive&google_push=AYg5qPIalBuRb5CcG46Qbs45Nalzn-z_TL4Ru8xA63R7FBp5whEMBXlaYvCEpcyMYd_w33SBLgomVCRwuljxuD2KzDacdfAnaOPQ&google_hm=NDkwODUyMDYyNTkyODkzNzc1OA==
Date: Sat, 04 Sep 2021 04:42:13 GMT
Server: Jetty(9.3.29.v20201019)
Content-Length: 0
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H3-29 204 attr
cm.g.doubleclick.net/pixel/ Frame 4FC0 0
12 B 31ms
29ms Image
text/html 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13IAOIa3AKVXRvK-FdHUttdMtKLXX2cxaJd-tl_iM_CXfmgkBIoWmGphhY2sBWgP2N135GesBg

Requested by

Host: 8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com
URL: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:42:13 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H2

200

/
r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/ Frame E767
Redirect Chain

https://ad.turn.com/r/cs?pid=3&google_gid=CAESEGC3s3KaWEsoxXbUkHytR4k&google_cver=1&google_push=AYg5qPL7I8-suKEZer0T_2OfjPQhvttODHWoh5AOKlrIb5kfOECQislVGUYOGX20ckuzEovn1Y865vw--K_Cf6opbkrQgWoRuKk
https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=MzQ4MDkxMDY0OTY1MDI2NjczNQ==
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?google_gid=CAESENnjRICCMyUWKBg9jidmuC0&google_cver=1

43 B
407 B

16ms
16ms

Image
image/gif

2001:678:cb4:bbbb::11
TURN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?google_gid=CAESENnjRICCMyUWKBg9jidmuC0&google_cver=1
Requested by: Host: 8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com
URL: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2001:678:cb4:bbbb::11 , United Kingdom, ASN56396 (TURN, GB),
Reverse DNS
Software: /
Resource Hash: 48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:42:13 GMT
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-type: image/gif
content-length: 43
p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

Redirect headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:42:13 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?google_gid=CAESENnjRICCMyUWKBg9jidmuC0&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 301
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 current
dclk-match.dotomi.com/match/bounce/ Frame E767 0
104 B 96ms
63ms Image
text/plain 2a02:fa8:8806:12::1370
VCLK-EU-SE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dclk-match.dotomi.com/match/bounce/current?networkId=14000&version=1&google_gid=CAESEHK73pqb1PSU-j1hHY7boM8&google_cver=1&google_push=AYg5qPIt4Kr2t6MYSvYUqjrdUavc6_XswAgJi7pzzvpAJZ_1e4oAaZ7iZkyiXx_4_e2VkH9HqUsgUZ0fovc90T3oEWjVAXz4Rg
Requested by: Host: 8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com
URL: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:fa8:8806:12::1370 , Singapore, ASN41041 (VCLK-EU-SE, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:42:13 GMT
cache-control: no-cache, private, max-age=0, no-store
server: nginx
expires: 0

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame E767
Redirect Chain

https://pm.w55c.net/ping_match.gif?ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEAwZORLHaVxuMk2eGusCg4g&google_cve...
https://pm.w55c.net/ping_match.gif?scc=1&ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEAwZORLHaVxuMk2eGusCg4g&goog...
https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=SFg4WXNnZk8xTW1udm41&google_gid=CAESEAwZORLHaVxuMk2eGusCg4g&google_cver=1&google_push=AYg5qPLx-RaOZ6yrgc7T7ctdVasDOu_ZtSwoUI261rqpD3Z...

170 B
188 B

31ms
31ms

Image
image/png

142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=SFg4WXNnZk8xTW1udm41&google_gid=CAESEAwZORLHaVxuMk2eGusCg4g&google_cver=1&google_push=AYg5qPLx-RaOZ6yrgc7T7ctdVasDOu_ZtSwoUI261rqpD3ZAmgbXvZpXUDeRmmsY_8spc0TLJy2ni78dxXE2J4K4ekZvYxporQ

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:42:14 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Sat, 04 Sep 2021 04:42:13 GMT
Server: PingMatch/v2.0.30-675-ga433434#rel-ec2-master i-09e6655a93481077c@eu-central-1a@dxedge-app-eu-central-1-prod-asg
Strict-Transport-Security: max-age=2592000; includeSubDomains
P3P: policyref="https://cts.w55c.net/ct/p3p_policy_ref.xml", CP="UNI PUR COM INT STA OTC STP OUR CUR TAIo COR DSP NOI"
Location: https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=SFg4WXNnZk8xTW1udm41&google_gid=CAESEAwZORLHaVxuMk2eGusCg4g&google_cver=1&google_push=AYg5qPLx-RaOZ6yrgc7T7ctdVasDOu_ZtSwoUI261rqpD3ZAmgbXvZpXUDeRmmsY_8spc0TLJy2ni78dxXE2J4K4ekZvYxporQ
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame E767
Redirect Chain

https://um.simpli.fi/gp_match?google_gid=CAESEE-E3QqaQnCKTb0tkhkm5r0&google_cver=1&google_push=AYg5qPILLQEdzH7ydnBR1CtteajFwbmTEypKtm9A2RMxDRo-NsiB293u-6RUKpnb-Lw5ULyvPvjkN0xbtu8nTsmTO7jp2WOwZeo
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=B6674678E55243A79BC0B846DF83923D&google_push=AYg5qPILLQEdzH7ydnBR1CtteajFwbmTEypKtm9A2RMxDRo-NsiB293u-6RUKpnb-Lw5ULyvPvjkN0xbtu8nTsm...

170 B
188 B

30ms
30ms

Image
image/png

142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=B6674678E55243A79BC0B846DF83923D&google_push=AYg5qPILLQEdzH7ydnBR1CtteajFwbmTEypKtm9A2RMxDRo-NsiB293u-6RUKpnb-Lw5ULyvPvjkN0xbtu8nTsmTO7jp2WOwZeo

Requested by

Host: 8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com
URL: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:42:13 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Sat, 04 Sep 2021 04:42:13 GMT
x-content-type-options: nosniff
server: nginx
location: https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=B6674678E55243A79BC0B846DF83923D&google_push=AYg5qPILLQEdzH7ydnBR1CtteajFwbmTEypKtm9A2RMxDRo-NsiB293u-6RUKpnb-Lw5ULyvPvjkN0xbtu8nTsmTO7jp2WOwZeo
strict-transport-security: max-age=63072000; includeSubdomains; preload
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 154
expires: Fri, 03 Sep 2021 04:42:13 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame E767
Redirect Chain

https://ads.yieldmo.com/exptsync?google_gid=CAESEIjelZDUONyd-4gwXw18DvE&google_cver=1&google_push=AYg5qPIzvJzt2bkO9K1Sf2gY2_FhiLzgsrlJkEJWQ00YssBNLnIkBXFL9X7tEcWTobQUQ8ZbTrIz9K3t_kduVC3o1oCNm-nUTi0
https://cm.g.doubleclick.net/pixel?google_nid=yieldmo&google_push=AYg5qPIzvJzt2bkO9K1Sf2gY2_FhiLzgsrlJkEJWQ00YssBNLnIkBXFL9X7tEcWTobQUQ8ZbTrIz9K3t_kduVC3o1oCNm-nUTi0&google_hm=ZzkyY2QwYWU1NDZhNTY0N...

170 B
188 B

35ms
34ms

Image
image/png

142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=yieldmo&google_push=AYg5qPIzvJzt2bkO9K1Sf2gY2_FhiLzgsrlJkEJWQ00YssBNLnIkBXFL9X7tEcWTobQUQ8ZbTrIz9K3t_kduVC3o1oCNm-nUTi0&google_hm=ZzkyY2QwYWU1NDZhNTY0NjIxM2U=

Requested by

Host: 8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com
URL: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:42:14 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:42:13 GMT
location: https://cm.g.doubleclick.net/pixel?google_nid=yieldmo&google_push=AYg5qPIzvJzt2bkO9K1Sf2gY2_FhiLzgsrlJkEJWQ00YssBNLnIkBXFL9X7tEcWTobQUQ8ZbTrIz9K3t_kduVC3o1oCNm-nUTi0&google_hm=ZzkyY2QwYWU1NDZhNTY0NjIxM2U=
access-control-allow-methods: POST, GET, OPTIONS
content-type: application/json;charset=utf-8
access-control-allow-origin: *
access-control-allow-headers: Cache-Control, Pragma, *
content-length: 0

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame E767
Redirect Chain

https://match.360yield.com/match/ebda?google_gid=CAESEI-skVBig90SXqRAgushmv4&google_cver=1&google_push=AYg5qPKoHPU7e-iE7zukTjsviK_ik9f9PRWbUm1NR5rn-WQQ55tC8l-oEY1_dVqK3rVuKpnirNOlExpSJiVKj7CFGIJTFD...
https://match.360yield.com/ul_cb/match/ebda?google_gid=CAESEI-skVBig90SXqRAgushmv4&google_cver=1&google_push=AYg5qPKoHPU7e-iE7zukTjsviK_ik9f9PRWbUm1NR5rn-WQQ55tC8l-oEY1_dVqK3rVuKpnirNOlExpSJiVKj7CF...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=tqhbKS22TrWTEP_RmkNHeQ&google_push=AYg5qPKoHPU7e-iE7zukTjsviK_ik9f9PRWbUm1NR5rn-WQQ55tC8l-oEY1_dVqK3rVuKpnirNOlExpSJiVKj7C...

170 B
188 B

38ms
29ms

Image
image/png

142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=tqhbKS22TrWTEP_RmkNHeQ&google_push=AYg5qPKoHPU7e-iE7zukTjsviK_ik9f9PRWbUm1NR5rn-WQQ55tC8l-oEY1_dVqK3rVuKpnirNOlExpSJiVKj7CFGIJTFDmIsw

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:42:14 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=tqhbKS22TrWTEP_RmkNHeQ&google_push=AYg5qPKoHPU7e-iE7zukTjsviK_ik9f9PRWbUm1NR5rn-WQQ55tC8l-oEY1_dVqK3rVuKpnirNOlExpSJiVKj7CFGIJTFDmIsw
date: Sat, 04 Sep 2021 04:42:14 GMT
access-control-allow-origin: *
content-type: text/plain
content-length: 0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame E767
Redirect Chain

https://eb2.3lift.com/ebda?sync=1&google_gid=CAESEHyItM4IDC5xq1zzUYd2-u4&google_cver=1&google_push=AYg5qPLDhtX4GWpv6uLow7GeAwuC_A6ZtoODSvYdgKAcbAnYPDprUDz4haQu5KJTeRx0_rwLcLV8pPwZbBHTvxZGo0ryjL55BcE
https://eb2.3lift.com/sync/google/supply?ld=1&gdpr=1&cmp_cs=&us_privacy=&sync=1&google_push=AYg5qPLDhtX4GWpv6uLow7GeAwuC_A6ZtoODSvYdgKAcbAnYPDprUDz4haQu5KJTeRx0_rwLcLV8pPwZbBHTvxZGo0ryjL55BcE&googl...
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=NTM1NDAzODAxMTY1NzUwNDQz&google_push=AYg5qPLDhtX4GWpv6uLow7GeAwuC_A6ZtoODSvYdgKAcbAnYPDprUDz4haQu5KJTeRx0...

170 B
188 B

31ms
30ms

Image
image/png

142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=NTM1NDAzODAxMTY1NzUwNDQz&google_push=AYg5qPLDhtX4GWpv6uLow7GeAwuC_A6ZtoODSvYdgKAcbAnYPDprUDz4haQu5KJTeRx0_rwLcLV8pPwZbBHTvxZGo0ryjL55BcE

Requested by

Host: 8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com
URL: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:42:14 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=NTM1NDAzODAxMTY1NzUwNDQz&google_push=AYg5qPLDhtX4GWpv6uLow7GeAwuC_A6ZtoODSvYdgKAcbAnYPDprUDz4haQu5KJTeRx0_rwLcLV8pPwZbBHTvxZGo0ryjL55BcE
date: Sat, 04 Sep 2021 04:42:13 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H3-29 204 attr
cm.g.doubleclick.net/pixel/ Frame E767 0
12 B 28ms
27ms Image
text/html 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13LXsGoolWheq2ixfA_AftHLuzad27F4-wm5zoT-tYCTNMfSSaRrLd64aCNA79GGiPEoX_OC

Requested by

Host: 8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com
URL: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:42:13 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 4247
Redirect Chain

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEOl3HNClPdCPdoSJ9jnWy6c&google_cver=1&google_push=AYg5qPIEETkywIeGQoA0uAyGbonqFIe_FwwD8DncIO-hCJtQKngMAB4zg308u5yAY5qW88KEjmHRQt7tyS7EIbHievQxAuc...
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AYg5qPIEETkywIeGQoA0uAyGbonqFIe_FwwD8DncIO-hCJtQKngMAB4zg308u5yAY5qW88KEjmHRQt7tyS7EIbHievQxAucZ_9I&google_hm=MzUxOTMwNTA1MjkyNDM1NjE...

170 B
188 B

30ms
29ms

Image
image/png

142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AYg5qPIEETkywIeGQoA0uAyGbonqFIe_FwwD8DncIO-hCJtQKngMAB4zg308u5yAY5qW88KEjmHRQt7tyS7EIbHievQxAucZ_9I&google_hm=MzUxOTMwNTA1MjkyNDM1NjE4Mw%3D%3D

Requested by

Host: 8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com
URL: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:42:14 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Sat, 04 Sep 2021 04:42:13 GMT
referrer-policy: strict-origin-when-cross-origin
server: ATS
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=31536000
location: https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AYg5qPIEETkywIeGQoA0uAyGbonqFIe_FwwD8DncIO-hCJtQKngMAB4zg308u5yAY5qW88KEjmHRQt7tyS7EIbHievQxAucZ_9I&google_hm=MzUxOTMwNTA1MjkyNDM1NjE4Mw%3D%3D
x-xss-protection: 1; mode=block
content-length: 0
x-content-type-options: nosniff
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 4247
Redirect Chain

https://d5p.de17a.com/cookies/google?google_gid=CAESELRCMOD_yT1xez9AM5wtDvQ&google_cver=1&google_push=AYg5qPKz-iZmJLrHhxxDFStwrIr7tAZZF_NJA9vzf0RLt7nIxlnZRgi_NodGiA3pPanTboEaJ-gPYQtsrzKWJxWZ96Tl3_m...
https://d5p.de17a.com/cookies/google;c?google_gid=CAESELRCMOD_yT1xez9AM5wtDvQ&google_cver=1&google_push=AYg5qPKz-iZmJLrHhxxDFStwrIr7tAZZF_NJA9vzf0RLt7nIxlnZRgi_NodGiA3pPanTboEaJ-gPYQtsrzKWJxWZ96Tl3...
https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=AYg5qPKz-iZmJLrHhxxDFStwrIr7tAZZF_NJA9vzf0RLt7nIxlnZRgi_NodGiA3pPanTboEaJ-gPYQtsrzKWJxWZ96Tl3_mK4K4

170 B
188 B

33ms
30ms

Image
image/png

142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=AYg5qPKz-iZmJLrHhxxDFStwrIr7tAZZF_NJA9vzf0RLt7nIxlnZRgi_NodGiA3pPanTboEaJ-gPYQtsrzKWJxWZ96Tl3_mK4K4

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:42:14 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=AYg5qPKz-iZmJLrHhxxDFStwrIr7tAZZF_NJA9vzf0RLt7nIxlnZRgi_NodGiA3pPanTboEaJ-gPYQtsrzKWJxWZ96Tl3_mK4K4
content-length: 0
p3p: CP=NON CURa ADMa DEVa TAIa OUR STP IND UNI COM NAV

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 4247
Redirect Chain

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESELp-5BC8IuufrtLdhfp-SiI&google_cver=1&google_push=AYg5qPJY55z2FVMLlMQlHYWkbgmTMAO3-M2qlJVF6Mc8vlm5bsaOdY5B5uX_DELO1DMpi_SevoPGODC7...
https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESELp-5BC8IuufrtLdhfp-SiI&google_cver=1&google_push=AYg5qPJY55z2FVMLlMQlHYWkbgmTMAO3-M2qlJVF6Mc8vlm5bsaOdY5B5uX_DELO1DMpi_SevoP...
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MzAwMDAzNzUyMDM2NjQ0NTk5Ng&google_push=AYg5qPJY55z2FVMLlMQlHYWkbgmTMAO3-M2qlJVF6Mc8vlm5bsaOdY5B5uX_DELO1DMpi_SevoPGOD...

170 B
188 B

34ms
30ms

Image
image/png

142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MzAwMDAzNzUyMDM2NjQ0NTk5Ng&google_push=AYg5qPJY55z2FVMLlMQlHYWkbgmTMAO3-M2qlJVF6Mc8vlm5bsaOdY5B5uX_DELO1DMpi_SevoPGODC730FlXxBBerF11aGaXFk

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:42:14 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:42:14 GMT
server: nginx
location: https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MzAwMDAzNzUyMDM2NjQ0NTk5Ng&google_push=AYg5qPJY55z2FVMLlMQlHYWkbgmTMAO3-M2qlJVF6Mc8vlm5bsaOdY5B5uX_DELO1DMpi_SevoPGODC730FlXxBBerF11aGaXFk
access-control-max-age: 86400
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 4247
Redirect Chain

https://rtb.openx.net/sync/dds?google_gid=CAESEAwt67nexLuV_n5eFEo6c3A&google_cver=1&google_push=AYg5qPLTMfmmVBZZSDqTraJb9R8wDsKstSxeIi-Euz-zhsVXnSNqwXYeC1MIFv-HhZvX22ldqRC-bZSjyL6WHM-Cp2GORjqsGRp3
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPLTMfmmVBZZSDqTraJb9R8wDsKstSxeIi-Euz-zhsVXnSNqwXYeC1MIFv-HhZvX22ldqRC-bZSjyL6WHM-Cp2GORjqsGRp3&google_hm=qELaGAAwzd44x4VQKUVjew==

170 B
188 B

30ms
29ms

Image
image/png

142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPLTMfmmVBZZSDqTraJb9R8wDsKstSxeIi-Euz-zhsVXnSNqwXYeC1MIFv-HhZvX22ldqRC-bZSjyL6WHM-Cp2GORjqsGRp3&google_hm=qELaGAAwzd44x4VQKUVjew==

Requested by

Host: 8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com
URL: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:42:13 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:42:13 GMT
via: 1.1 google
server: Cowboy
access-control-allow-origin: null
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
location: https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPLTMfmmVBZZSDqTraJb9R8wDsKstSxeIi-Euz-zhsVXnSNqwXYeC1MIFv-HhZvX22ldqRC-bZSjyL6WHM-Cp2GORjqsGRp3&google_hm=qELaGAAwzd44x4VQKUVjew==
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
alt-svc: clear
content-length: 0
x-request-id: j4tis28bpkontd5eigisk29sirg2bo0e

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 4247
Redirect Chain

https://match.360yield.com/match/ebda?google_gid=CAESEI-skVBig90SXqRAgushmv4&google_cver=1&google_push=AYg5qPIgmOBvCaDmnRoxSwultC0tExhx2UOlFQLzwJSZC6_V80z_l1LktWsvJgMKZHjv32TEIzgevz9VjIk96E3IPw10rG...
https://match.360yield.com/ul_cb/match/ebda?google_gid=CAESEI-skVBig90SXqRAgushmv4&google_cver=1&google_push=AYg5qPIgmOBvCaDmnRoxSwultC0tExhx2UOlFQLzwJSZC6_V80z_l1LktWsvJgMKZHjv32TEIzgevz9VjIk96E3I...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=tqhbKS22TrWTEP_RmkNHeQ&google_push=AYg5qPIgmOBvCaDmnRoxSwultC0tExhx2UOlFQLzwJSZC6_V80z_l1LktWsvJgMKZHjv32TEIzgevz9VjIk96E3...

170 B
188 B

40ms
32ms

Image
image/png

142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=tqhbKS22TrWTEP_RmkNHeQ&google_push=AYg5qPIgmOBvCaDmnRoxSwultC0tExhx2UOlFQLzwJSZC6_V80z_l1LktWsvJgMKZHjv32TEIzgevz9VjIk96E3IPw10rGu4VXMf

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:42:14 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=tqhbKS22TrWTEP_RmkNHeQ&google_push=AYg5qPIgmOBvCaDmnRoxSwultC0tExhx2UOlFQLzwJSZC6_V80z_l1LktWsvJgMKZHjv32TEIzgevz9VjIk96E3IPw10rGu4VXMf
date: Sat, 04 Sep 2021 04:42:14 GMT
access-control-allow-origin: *
content-type: text/plain
content-length: 0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 4247
Redirect Chain

https://match.sharethrough.com/E4rooAtA/v1?google_gid=CAESEEcmUCJERZRcQ1KcwZBY8Kg&google_cver=1&google_push=AYg5qPLJCRutL5NDygjTX3ObdzxhTTENTKZDc46IGbj6BvwzVU3TwcrLdFeJBosKuBEm8i-qzT1Jval1EVNDG9_VE...
https://cm.g.doubleclick.net/pixel?google_nid=sharethrough_ob&google_hm=NWVhOWVkNTAtM2FlYy00ZjE2LTgyYmQtOTY1Njg5ODhhZjkz&google_push=AYg5qPLJCRutL5NDygjTX3ObdzxhTTENTKZDc46IGbj6BvwzVU3TwcrLdFeJBosK...

170 B
188 B

30ms
29ms

Image
image/png

142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=sharethrough_ob&google_hm=NWVhOWVkNTAtM2FlYy00ZjE2LTgyYmQtOTY1Njg5ODhhZjkz&google_push=AYg5qPLJCRutL5NDygjTX3ObdzxhTTENTKZDc46IGbj6BvwzVU3TwcrLdFeJBosKuBEm8i-qzT1Jval1EVNDG9_VEsqqFwtLa3Lk2A

Requested by

Host: 8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com
URL: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:42:14 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=sharethrough_ob&google_hm=NWVhOWVkNTAtM2FlYy00ZjE2LTgyYmQtOTY1Njg5ODhhZjkz&google_push=AYg5qPLJCRutL5NDygjTX3ObdzxhTTENTKZDc46IGbj6BvwzVU3TwcrLdFeJBosKuBEm8i-qzT1Jval1EVNDG9_VEsqqFwtLa3Lk2A
date: Sat, 04 Sep 2021 04:42:13 GMT
content-length: 0

GET
H3-29 200 dot.gif
s0.2mdn.net/ Frame 4247 43 B
63 B 16ms
14ms Image
image/gif 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/dot.gif?google_gid=CAESECBttN18Zpjnv5DkNIKzRsw&google_cver=1&google_push=AYg5qPLtk0BObNWI8fNKsWUAUugNFclBErWl73qIusWqtYg4X6Kmtk4ewkgAuoNHnSc-gENnm6TwuIC9Ige_CBvWXCswYZcp6loiUw

Requested by

Host: 8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com
URL: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:42:13 GMT
x-content-type-options: nosniff
last-modified: Sun, 01 Feb 2009 08:00:00 GMT
server: sffe
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 43
x-xss-protection: 0
expires: Sun, 05 Sep 2021 04:42:13 GMT

GET
H3-29 204 attr
cm.g.doubleclick.net/pixel/ Frame 4247 0
12 B 30ms
28ms Image
text/html 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13JcOtrBKPc0367OcwZAqX6kOKh1A9Bm88_2O5jICwkqyEV7tfFDisfhliBYtZp0RCdMcN2Gt3I

Requested by

Host: 8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com
URL: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:42:13 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3-29 200 MuseoSans_100-webfont.woff2
s0.2mdn.net/creatives/assets/3757674/ Frame 1DC2 17 KB
17 KB 7ms
7ms Font
font/woff2 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/3757674/MuseoSans_100-webfont.woff2

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61498410/20210621060710917/index.html?e=69&leftOffset=0&topOffset=0&c=hy6FaEB8gn&t=1&renderingType=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

80517662352655810cd94d92070d02d75b231c2159cb5b92e6c9b6ceb1bea2d5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://s0.2mdn.net
Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61498410/20210621060710917/index.html?e=69&leftOffset=0&topOffset=0&c=hy6FaEB8gn&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:37:57 GMT
x-content-type-options: nosniff
last-modified: Thu, 28 May 2020 11:34:15 GMT
server: sffe
age: 256
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=900
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17148
x-xss-protection: 0
expires: Sat, 04 Sep 2021 04:52:57 GMT

GET
H3-29 200 MuseoSans_500-webfont.woff2
s0.2mdn.net/creatives/assets/3757674/ Frame 1DC2 17 KB
17 KB 8ms
8ms Font
font/woff2 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/3757674/MuseoSans_500-webfont.woff2

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61498410/20210621060710917/index.html?e=69&leftOffset=0&topOffset=0&c=hy6FaEB8gn&t=1&renderingType=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

26d51505332c23d6cbda9334670d7311bbb034572931905ecd97e7783a15c3db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://s0.2mdn.net
Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61498410/20210621060710917/index.html?e=69&leftOffset=0&topOffset=0&c=hy6FaEB8gn&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:37:57 GMT
x-content-type-options: nosniff
last-modified: Tue, 02 Jun 2020 11:59:20 GMT
server: sffe
age: 256
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=900
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17620
x-xss-protection: 0
expires: Sat, 04 Sep 2021 04:52:57 GMT

GET
H3-29 200 MuseoSans_100-webfont.woff2
s0.2mdn.net/creatives/assets/3757674/ Frame D6BF 17 KB
17 KB 7ms
6ms Font
font/woff2 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/3757674/MuseoSans_100-webfont.woff2

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61498371/20210621060725476/index.html?e=69&leftOffset=0&topOffset=0&c=2WsNqxjH0W&t=1&renderingType=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

80517662352655810cd94d92070d02d75b231c2159cb5b92e6c9b6ceb1bea2d5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://s0.2mdn.net
Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61498371/20210621060725476/index.html?e=69&leftOffset=0&topOffset=0&c=2WsNqxjH0W&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:37:57 GMT
x-content-type-options: nosniff
last-modified: Thu, 28 May 2020 11:34:15 GMT
server: sffe
age: 256
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=900
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17148
x-xss-protection: 0
expires: Sat, 04 Sep 2021 04:52:57 GMT

GET
H3-29 200 MuseoSans_500-webfont.woff2
s0.2mdn.net/creatives/assets/3757674/ Frame D6BF 17 KB
17 KB 7ms
6ms Font
font/woff2 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/3757674/MuseoSans_500-webfont.woff2

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61498371/20210621060725476/index.html?e=69&leftOffset=0&topOffset=0&c=2WsNqxjH0W&t=1&renderingType=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

26d51505332c23d6cbda9334670d7311bbb034572931905ecd97e7783a15c3db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://s0.2mdn.net
Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61498371/20210621060725476/index.html?e=69&leftOffset=0&topOffset=0&c=2WsNqxjH0W&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:37:57 GMT
x-content-type-options: nosniff
last-modified: Tue, 02 Jun 2020 11:59:20 GMT
server: sffe
age: 256
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=900
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17620
x-xss-protection: 0
expires: Sat, 04 Sep 2021 04:52:57 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 9A0C
Redirect Chain

https://um.simpli.fi/gp_match?google_gid=CAESEE-E3QqaQnCKTb0tkhkm5r0&google_cver=1&google_push=AYg5qPLkEw2fmzvHPV19yMLi_hqj49vISEV7oGOtTnR8xN_DdOjH5Dbehk0yNFbvQuSMhO_C0WW26lMy0uAv2Y0u7uC8m3M0qSHD
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=04F28727F3064FEA9D38DB3C95DD1396&google_push=AYg5qPLkEw2fmzvHPV19yMLi_hqj49vISEV7oGOtTnR8xN_DdOjH5Dbehk0yNFbvQuSMhO_C0WW26lMy0uAv2Y0...

170 B
188 B

31ms
31ms

Image
image/png

142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=04F28727F3064FEA9D38DB3C95DD1396&google_push=AYg5qPLkEw2fmzvHPV19yMLi_hqj49vISEV7oGOtTnR8xN_DdOjH5Dbehk0yNFbvQuSMhO_C0WW26lMy0uAv2Y0u7uC8m3M0qSHD

Requested by

Host: 8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com
URL: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:42:13 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Sat, 04 Sep 2021 04:42:13 GMT
x-content-type-options: nosniff
server: nginx
location: https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=04F28727F3064FEA9D38DB3C95DD1396&google_push=AYg5qPLkEw2fmzvHPV19yMLi_hqj49vISEV7oGOtTnR8xN_DdOjH5Dbehk0yNFbvQuSMhO_C0WW26lMy0uAv2Y0u7uC8m3M0qSHD
strict-transport-security: max-age=63072000; includeSubdomains; preload
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 154
expires: Fri, 03 Sep 2021 04:42:13 GMT

GET
H2 200 google
match.adsrvr.org/track/cmf/ Frame 9A0C 70 B
265 B 126ms
40ms Image
image/gif 13.248.242.197
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/google?google_gid=CAESEKplwwixvwmbJ4_wgIM6e44&google_cver=1&google_push=AYg5qPJiM8JLAq7AfoGrasVxeS8qU-vsYX7D9HEt63RpHfcHbrCmRKWiwaZdfbC8JHbkYkaXFmpSuS8axNVA9MIT40uoQpx3R-ZH
Requested by: Host: 8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com
URL: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.248.242.197 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a97adde81b00f2ca4.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:42:13 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 9A0C
Redirect Chain

https://a.c.appier.net/gcm?google_gid=CAESENO-6UNBK9OviSPqPbKslac&google_cver=1&google_push=AYg5qPJDews0yG8P65suMJJpQFJfWmGTi65xCmYJnxqs3LdYRoW6Bl72u_DxSUk-IMR9Bep6-vRT7Npv3Ensx36J0H990C1DvEce
https://cm.g.doubleclick.net/pixel?google_nid=appier&google_hm=eXc1QjRVR1JBLW1Rc2hDMkp2a3lZUQ%3D%3D&google_push=AYg5qPJDews0yG8P65suMJJpQFJfWmGTi65xCmYJnxqs3LdYRoW6Bl72u_DxSUk-IMR9Bep6-vRT7Npv3Ensx...

170 B
188 B

29ms
29ms

Image
image/png

142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appier&google_hm=eXc1QjRVR1JBLW1Rc2hDMkp2a3lZUQ%3D%3D&google_push=AYg5qPJDews0yG8P65suMJJpQFJfWmGTi65xCmYJnxqs3LdYRoW6Bl72u_DxSUk-IMR9Bep6-vRT7Npv3Ensx36J0H990C1DvEce

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:42:14 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=appier&google_hm=eXc1QjRVR1JBLW1Rc2hDMkp2a3lZUQ%3D%3D&google_push=AYg5qPJDews0yG8P65suMJJpQFJfWmGTi65xCmYJnxqs3LdYRoW6Bl72u_DxSUk-IMR9Bep6-vRT7Npv3Ensx36J0H990C1DvEce
date: Sat, 04 Sep 2021 04:42:14 GMT
cache-control: no-store
server: nginx
content-type: text/html; charset=utf-8
content-length: 243
p3p: CP="CUR ADM DEV TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 9A0C
Redirect Chain

https://tracking.m6r.eu/sync/adxRedirect?gdprFallback=true&google_gid=&google_gid=CAESEBog9SGdBln9UdYI6XN886A&google_cver=1&google_push=AYg5qPKvIWgPTS0azvQX9gijIXV4tUGLtfWA_ZXcdPK0AKBkJ2X5mafIglwCz...
https://tracking.m6r.eu/sync/adxRedirect?gdprFallback=true&google_gid=&google_gid=CAESEBog9SGdBln9UdYI6XN886A&google_cver=1&google_push=AYg5qPKvIWgPTS0azvQX9gijIXV4tUGLtfWA_ZXcdPK0AKBkJ2X5mafIglwCz...
https://cm.g.doubleclick.net/pixel?google_nid=m6r&google_ula=158217889&google_hm=uC7lTrJ0Y5RubW-gn1pkdQ&google_push=AYg5qPKvIWgPTS0azvQX9gijIXV4tUGLtfWA_ZXcdPK0AKBkJ2X5mafIglwCzPolKksoXYzVGgpNna-ho...

170 B
188 B

30ms
28ms

Image
image/png

142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=m6r&google_ula=158217889&google_hm=uC7lTrJ0Y5RubW-gn1pkdQ&google_push=AYg5qPKvIWgPTS0azvQX9gijIXV4tUGLtfWA_ZXcdPK0AKBkJ2X5mafIglwCzPolKksoXYzVGgpNna-hosgi5Ub9D2F0zyJDZ0xF

Requested by

Host: 8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com
URL: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:42:14 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Sat, 04 Sep 2021 04:42:14 GMT
Server: nginx
Vary: Accept
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=m6r&google_ula=158217889&google_hm=uC7lTrJ0Y5RubW-gn1pkdQ&google_push=AYg5qPKvIWgPTS0azvQX9gijIXV4tUGLtfWA_ZXcdPK0AKBkJ2X5mafIglwCzPolKksoXYzVGgpNna-hosgi5Ub9D2F0zyJDZ0xF
Connection: close
Content-Type: text/plain; charset=utf-8
Content-Length: 238

GET
H3-29 200 dot.gif
s0.2mdn.net/ Frame 9A0C 43 B
63 B 15ms
13ms Image
image/gif 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/dot.gif?google_gid=CAESEFR6naXFuzUxnHdwbCGd170&google_cver=1&google_push=AYg5qPK5Br2mN_wyRGczgaaFoqz2YK1pl8h6HdNqTx79WP6Uxrl1-LS-V8erjtRXfz4ybn4I7TCN2ABk4ple1zxdv4FWoB37yOCd

Requested by

Host: 8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com
URL: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:42:13 GMT
x-content-type-options: nosniff
last-modified: Sun, 01 Feb 2009 08:00:00 GMT
server: sffe
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 43
x-xss-protection: 0
expires: Sun, 05 Sep 2021 04:42:13 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 9A0C
Redirect Chain

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESELp-5BC8IuufrtLdhfp-SiI&google_cver=1&google_push=AYg5qPKrsVfpXVKzEk9PX346oe_lI9G3o1RkkXk6LVw1n6XIeOuOuXaGoMGoED77llUs432fp35jVU6v...
https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESELp-5BC8IuufrtLdhfp-SiI&google_cver=1&google_push=AYg5qPKrsVfpXVKzEk9PX346oe_lI9G3o1RkkXk6LVw1n6XIeOuOuXaGoMGoED77llUs432fp35...
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=ODgyNTM3Mjc4MjI4MzY5OTExOQ&google_push=AYg5qPKrsVfpXVKzEk9PX346oe_lI9G3o1RkkXk6LVw1n6XIeOuOuXaGoMGoED77llUs432fp35jVU...

170 B
188 B

36ms
32ms

Image
image/png

142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=ODgyNTM3Mjc4MjI4MzY5OTExOQ&google_push=AYg5qPKrsVfpXVKzEk9PX346oe_lI9G3o1RkkXk6LVw1n6XIeOuOuXaGoMGoED77llUs432fp35jVU6vmbqqSpjnn5Pmu6ybB-GH

Requested by

Host: 8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com
URL: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:42:14 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:42:14 GMT
server: nginx
location: https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=ODgyNTM3Mjc4MjI4MzY5OTExOQ&google_push=AYg5qPKrsVfpXVKzEk9PX346oe_lI9G3o1RkkXk6LVw1n6XIeOuOuXaGoMGoED77llUs432fp35jVU6vmbqqSpjnn5Pmu6ybB-GH
access-control-max-age: 86400
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H3-29 200 dot.gif
s0.2mdn.net/ Frame 9A0C 43 B
63 B 16ms
15ms Image
image/gif 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/dot.gif?google_gid=CAESECBttN18Zpjnv5DkNIKzRsw&google_cver=1&google_push=AYg5qPIkbylyCqfXifCXOo4RoY-ZcDRJNBJFpU4HMIQX4EGbB_sPix0hysjI8WYuHkuUNy8xsOopgQ4sjEwDvFUIJ8JtndI2MdLz4Q

Requested by

Host: 8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com
URL: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:42:13 GMT
x-content-type-options: nosniff
last-modified: Sun, 01 Feb 2009 08:00:00 GMT
server: sffe
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 43
x-xss-protection: 0
expires: Sun, 05 Sep 2021 04:42:13 GMT

GET
H3-29 204 attr
cm.g.doubleclick.net/pixel/ Frame 9A0C 0
12 B 30ms
28ms Image
text/html 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13JKd65bZMMgALKg-uKq14VTFFYjtMTvlOONdz_zF7vz9BIsAR4OZ_74x0SoXcuANJ9-f3mU7g

Requested by

Host: 8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com
URL: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:42:13 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H2 200 dpixel
cms.quantserve.com/ Frame 5FD6 35 B
462 B 9ms
7ms Image
image/gif 2620:116:800d:21:f916:5049:f87f:108e
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEOLIAX6XBAXlhIbtbjR3Joo&google_cver=1&google_push=AYg5qPLG9NBz_ipZVCh0v9rqg0s8ubXKiOb1KeJij3hlYBaV5MwV0nl0djS3hf6CVt6fok7KqaOfUQ1-VKdnpx85hyJPPRESILOj

Requested by

Host: 8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com
URL: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:f916:5049:f87f:108e , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:42:13 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
cache-control: private, no-cache, no-store, proxy-revalidate
content-type: image/gif
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 5FD6
Redirect Chain

https://pixel.everesttech.net/1/m?url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Deverest%26google_hm%3D__EFGSURFER_USB64__%26google_push%3DAYg5qPKmXgnHoOw0twxldNI1w5bUMFfv7EV3NcRCgss...
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WVRMNUpRQUFBYmVScG10cQ&google_push=AYg5qPKmXgnHoOw0twxldNI1w5bUMFfv7EV3NcRCgss5nmjtWFt_2i39zfooHVVR3rTmi3guHg0FCAiuPYzsGtEYeEIC2XQqGL_0

170 B
188 B

32ms
31ms

Image
image/png

142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WVRMNUpRQUFBYmVScG10cQ&google_push=AYg5qPKmXgnHoOw0twxldNI1w5bUMFfv7EV3NcRCgss5nmjtWFt_2i39zfooHVVR3rTmi3guHg0FCAiuPYzsGtEYeEIC2XQqGL_0

Requested by

Host: 8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com
URL: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:42:14 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WVRMNUpRQUFBYmVScG10cQ&google_push=AYg5qPKmXgnHoOw0twxldNI1w5bUMFfv7EV3NcRCgss5nmjtWFt_2i39zfooHVVR3rTmi3guHg0FCAiuPYzsGtEYeEIC2XQqGL_0
Date: Sat, 04 Sep 2021 04:42:13 GMT
Server: Apache
Connection: keep-alive
Content-Length: 391
Content-Type: text/html; charset=iso-8859-1

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 5FD6
Redirect Chain

https://d.agkn.com/pixel/2175/?google_gid=CAESEBuTdw7SiXb2LTWOmgCxDPg&google_cver=1&google_push=AYg5qPKMsHapNzJLsmcDcrWoGBPyroABNk4_q8239oqR_IojVsnfuCVXhHRPAUYnsRsWeez2j2RFwm0YWT9SrYoxekEzbjjqr6A
https://cm.g.doubleclick.net/pixel?google_nid=ak_dmp&google_push=AYg5qPKMsHapNzJLsmcDcrWoGBPyroABNk4_q8239oqR_IojVsnfuCVXhHRPAUYnsRsWeez2j2RFwm0YWT9SrYoxekEzbjjqr6A&google_hm=Q0FFU0VCdVRkdzdTaVhiMk...

170 B
188 B

34ms
33ms

Image
image/png

142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=ak_dmp&google_push=AYg5qPKMsHapNzJLsmcDcrWoGBPyroABNk4_q8239oqR_IojVsnfuCVXhHRPAUYnsRsWeez2j2RFwm0YWT9SrYoxekEzbjjqr6A&google_hm=Q0FFU0VCdVRkdzdTaVhiMkxUV09tZ0N4RFBn

Requested by

Host: 8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com
URL: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:42:14 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Sat, 04 Sep 2021 04:42:13 GMT
Server: Apache-Coyote/1.1
P3P: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=ak_dmp&google_push=AYg5qPKMsHapNzJLsmcDcrWoGBPyroABNk4_q8239oqR_IojVsnfuCVXhHRPAUYnsRsWeez2j2RFwm0YWT9SrYoxekEzbjjqr6A&google_hm=Q0FFU0VCdVRkdzdTaVhiMkxUV09tZ0N4RFBn
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 5FD6
Redirect Chain

https://id.rlcdn.com/466606.gif?cparams=google_push%3DAYg5qPKndwPe4J-dIBbjHrrjpgCoVQ827RFp6NIchTpRebwgqhrlPF3arUY0G1o5q3vAsr2rqgJjh17ezDYPrWa-BJoALJ3qG2bi&google_gid=CAESELXm9ynAQkvhFp17r9MjFTU&goo...
https://id.rlcdn.com/1000.gif?memo=CK69HBoNCKXyy4kGEgUI6AcQAEIASnBnb29nbGVfcHVzaD1BWWc1cVBLbmR3UGU0Si1kSUJiakhycmpwZ0NvVlE4MjdSRnA2TkljaFRwUmVid2dxaHJsUEYzYXJVWTBHMW81cTN2QXNyMnJxZ0pqaDE3ZXpEWVByV2...
https://cm.g.doubleclick.net/pixel?google_nid=liveramp&google_hm=WGMzMDcwWXdJY0szam5VbEp4djJTZ0ZQVU9BakZubm93Q0wySk9qVWF1dzJjeEJGcw==&google_push

170 B
188 B

32ms
32ms

Image
image/png

142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=liveramp&google_hm=WGMzMDcwWXdJY0szam5VbEp4djJTZ0ZQVU9BakZubm93Q0wySk9qVWF1dzJjeEJGcw==&google_push

Requested by

Host: 8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com
URL: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:42:14 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Sat, 04 Sep 2021 04:42:13 GMT
via: 1.1 google
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://cm.g.doubleclick.net/pixel?google_nid=liveramp&google_hm=WGMzMDcwWXdJY0szam5VbEp4djJTZ0ZQVU9BakZubm93Q0wySk9qVWF1dzJjeEJGcw==&google_push
cache-control: no-cache, no-store
timing-allow-origin: *
alt-svc: clear
content-length: 0

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 5FD6
Redirect Chain

https://beacon.walmart.com/etap.gif?tap=gAds&google_gid=CAESEEwrJNZnoIprXulzZ0Gj3zk&google_cver=1&google_push=AYg5qPJZLfXSisCrXUKuPbr3LK37jZAc1K8vBn-xTIUvKH2a_lElLOiKt7E15cTp0GxJJlMenWGrjzLhhZtXVUy...
https://cm.g.doubleclick.net/pixel?google_nid=walmart&google_hm=TljTh2LPeRRVG4nPZTf3mA&tap=gAds&google_gid=CAESEEwrJNZnoIprXulzZ0Gj3zk&google_cver=1&google_push=AYg5qPJZLfXSisCrXUKuPbr3LK37jZAc1K8v...

170 B
188 B

31ms
31ms

Image
image/png

142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=walmart&google_hm=TljTh2LPeRRVG4nPZTf3mA&tap=gAds&google_gid=CAESEEwrJNZnoIprXulzZ0Gj3zk&google_cver=1&google_push=AYg5qPJZLfXSisCrXUKuPbr3LK37jZAc1K8vBn-xTIUvKH2a_lElLOiKt7E15cTp0GxJJlMenWGrjzLhhZtXVUydmdSmrXzs4LI

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:42:15 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

strict-transport-security: max-age=7884000; includeSubDomains
via: HTTP/2.0 odnd
last-modified: Wed, 01 Sep 2021 18:36:17 GMT
date: Sat, 04 Sep 2021 04:42:15 GMT
content-type: text/plain; charset=utf-8
location: https://cm.g.doubleclick.net/pixel?google_nid=walmart&google_hm=TljTh2LPeRRVG4nPZTf3mA&tap=gAds&google_gid=CAESEEwrJNZnoIprXulzZ0Gj3zk&google_cver=1&google_push=AYg5qPJZLfXSisCrXUKuPbr3LK37jZAc1K8vBn-xTIUvKH2a_lElLOiKt7E15cTp0GxJJlMenWGrjzLhhZtXVUydmdSmrXzs4LI
cache-control: no-store, no-cache, must-revalidate
accept-ranges: bytes
timing-allow-origin: *
content-length: 0
x-tb: 0
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 5FD6
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=4DeX6iM9RZmn3xzbPXDKJw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

30ms
30ms

Image
image/png

142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=4DeX6iM9RZmn3xzbPXDKJw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPKLXRZj9RSwLD_9BGuuHdobp37ffVBQfqJ_lzNpJNGHQG1y28ckoY4UXe-vvWL3y4g5MAS6jNQVTEf25h8TWXAfech2mPQW

Requested by

Host: 8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com
URL: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:42:14 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=4DeX6iM9RZmn3xzbPXDKJw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPKLXRZj9RSwLD_9BGuuHdobp37ffVBQfqJ_lzNpJNGHQG1y28ckoY4UXe-vvWL3y4g5MAS6jNQVTEf25h8TWXAfech2mPQW
date: Sat, 04 Sep 2021 04:42:12 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 5FD6
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEEqhUFsY3OeRfsPkZ1-lQzk&google_cver=1&google_push=AYg5qPK00oPYtMmpFyxvGzsPvFdx7VoM4DoByy9qFkxRFLXLSonzk3_Mm1NcFM1JRPnw_DZ96hP...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1Q1QVVTWFAtVC00WVNO&google_push=AYg5qPK00oPYtMmpFyxvGzsPvFdx7VoM4DoByy9qFkxRFLXLSonzk3_Mm1NcFM1JRPnw_DZ96hPkE3Gxa9pkP48__ff7uo1OGHc0

170 B
188 B

30ms
30ms

Image
image/png

142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1Q1QVVTWFAtVC00WVNO&google_push=AYg5qPK00oPYtMmpFyxvGzsPvFdx7VoM4DoByy9qFkxRFLXLSonzk3_Mm1NcFM1JRPnw_DZ96hPkE3Gxa9pkP48__ff7uo1OGHc0

Requested by

Host: 8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com
URL: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:42:14 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1Q1QVVTWFAtVC00WVNO&google_push=AYg5qPK00oPYtMmpFyxvGzsPvFdx7VoM4DoByy9qFkxRFLXLSonzk3_Mm1NcFM1JRPnw_DZ96hPkE3Gxa9pkP48__ff7uo1OGHc0
Cache-Control: no-cache,no-store,must-revalidate
Content-Type: text/html
content-length: 0
X-RPHost: 37b22a0c36bd84993dd2cda4a5e04b1d
Expires: 0

GET
H3-29 204 attr
cm.g.doubleclick.net/pixel/ Frame 5FD6 0
12 B 29ms
28ms Image
text/html 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13IzzRGCniXbIMxyDumbK_GkJqeIFBSDhEr9vMuuIuRF9WAhAomJx7rYqOJXbBn1_vLcW5Bo

Requested by

Host: 8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com
URL: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:42:13 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

POST
H3-29 200 view
googleads4.g.doubleclick.net/pcs/ Frame 1AE1 0
23 B 31ms
30ms Ping
image/gif 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: www.123greetings.com
URL: https://www.123greetings.com/events/fall/?utm_source=Email2&utm_medium=Special_NL&utm_campaign=SNL_sep21_events

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Sat, 04 Sep 2021 04:42:13 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3-29 200 MuseoSans_100-webfont.woff2
s0.2mdn.net/creatives/assets/3757674/ Frame 90BD 17 KB
17 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/3757674/MuseoSans_100-webfont.woff2

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61498371/20210621060725476/index.html?e=69&leftOffset=0&topOffset=0&c=e8IV7Uynpf&t=1&renderingType=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

80517662352655810cd94d92070d02d75b231c2159cb5b92e6c9b6ceb1bea2d5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://s0.2mdn.net
Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61498371/20210621060725476/index.html?e=69&leftOffset=0&topOffset=0&c=e8IV7Uynpf&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:37:57 GMT
x-content-type-options: nosniff
last-modified: Thu, 28 May 2020 11:34:15 GMT
server: sffe
age: 256
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=900
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17148
x-xss-protection: 0
expires: Sat, 04 Sep 2021 04:52:57 GMT

GET
H3-29 200 MuseoSans_500-webfont.woff2
s0.2mdn.net/creatives/assets/3757674/ Frame 90BD 17 KB
17 KB 7ms
7ms Font
font/woff2 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/3757674/MuseoSans_500-webfont.woff2

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61498371/20210621060725476/index.html?e=69&leftOffset=0&topOffset=0&c=e8IV7Uynpf&t=1&renderingType=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

26d51505332c23d6cbda9334670d7311bbb034572931905ecd97e7783a15c3db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://s0.2mdn.net
Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61498371/20210621060725476/index.html?e=69&leftOffset=0&topOffset=0&c=e8IV7Uynpf&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:37:57 GMT
x-content-type-options: nosniff
last-modified: Tue, 02 Jun 2020 11:59:20 GMT
server: sffe
age: 256
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=900
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17620
x-xss-protection: 0
expires: Sat, 04 Sep 2021 04:52:57 GMT

GET
H3-29 200 MuseoSans_100-webfont.woff2
s0.2mdn.net/creatives/assets/3757674/ Frame 523E 17 KB
17 KB 9ms
8ms Font
font/woff2 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/3757674/MuseoSans_100-webfont.woff2

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61498371/20210621060725476/index.html?e=69&leftOffset=0&topOffset=0&c=UK2o4yXblG&t=1&renderingType=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

80517662352655810cd94d92070d02d75b231c2159cb5b92e6c9b6ceb1bea2d5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://s0.2mdn.net
Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61498371/20210621060725476/index.html?e=69&leftOffset=0&topOffset=0&c=UK2o4yXblG&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:37:57 GMT
x-content-type-options: nosniff
last-modified: Thu, 28 May 2020 11:34:15 GMT
server: sffe
age: 256
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=900
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17148
x-xss-protection: 0
expires: Sat, 04 Sep 2021 04:52:57 GMT

GET
H3-29 200 MuseoSans_500-webfont.woff2
s0.2mdn.net/creatives/assets/3757674/ Frame 523E 17 KB
17 KB 9ms
8ms Font
font/woff2 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/3757674/MuseoSans_500-webfont.woff2

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61498371/20210621060725476/index.html?e=69&leftOffset=0&topOffset=0&c=UK2o4yXblG&t=1&renderingType=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

26d51505332c23d6cbda9334670d7311bbb034572931905ecd97e7783a15c3db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://s0.2mdn.net
Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61498371/20210621060725476/index.html?e=69&leftOffset=0&topOffset=0&c=UK2o4yXblG&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:37:57 GMT
x-content-type-options: nosniff
last-modified: Tue, 02 Jun 2020 11:59:20 GMT
server: sffe
age: 256
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=900
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17620
x-xss-protection: 0
expires: Sat, 04 Sep 2021 04:52:57 GMT

GET
H3-29 200 MuseoSans_100-webfont.woff2
s0.2mdn.net/creatives/assets/3757674/ Frame 441B 17 KB
17 KB 10ms
9ms Font
font/woff2 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/3757674/MuseoSans_100-webfont.woff2

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61498371/20210621060725476/index.html?e=69&leftOffset=0&topOffset=0&c=aSGvZtuX20&t=1&renderingType=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

80517662352655810cd94d92070d02d75b231c2159cb5b92e6c9b6ceb1bea2d5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://s0.2mdn.net
Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61498371/20210621060725476/index.html?e=69&leftOffset=0&topOffset=0&c=aSGvZtuX20&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:37:57 GMT
x-content-type-options: nosniff
last-modified: Thu, 28 May 2020 11:34:15 GMT
server: sffe
age: 256
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=900
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17148
x-xss-protection: 0
expires: Sat, 04 Sep 2021 04:52:57 GMT

GET
H3-29 200 MuseoSans_500-webfont.woff2
s0.2mdn.net/creatives/assets/3757674/ Frame 441B 17 KB
17 KB 10ms
8ms Font
font/woff2 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/3757674/MuseoSans_500-webfont.woff2

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61498371/20210621060725476/index.html?e=69&leftOffset=0&topOffset=0&c=aSGvZtuX20&t=1&renderingType=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

26d51505332c23d6cbda9334670d7311bbb034572931905ecd97e7783a15c3db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://s0.2mdn.net
Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61498371/20210621060725476/index.html?e=69&leftOffset=0&topOffset=0&c=aSGvZtuX20&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:37:57 GMT
x-content-type-options: nosniff
last-modified: Tue, 02 Jun 2020 11:59:20 GMT
server: sffe
age: 256
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=900
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17620
x-xss-protection: 0
expires: Sat, 04 Sep 2021 04:52:57 GMT

GET
H3-29 200 MuseoSans_100-webfont.woff2
s0.2mdn.net/creatives/assets/3757674/ Frame D722 17 KB
17 KB 11ms
10ms Font
font/woff2 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/3757674/MuseoSans_100-webfont.woff2

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61490714/20210621060706056/index.html?e=69&leftOffset=0&topOffset=0&c=sAEUSHBSQE&t=1&renderingType=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

80517662352655810cd94d92070d02d75b231c2159cb5b92e6c9b6ceb1bea2d5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://s0.2mdn.net
Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61490714/20210621060706056/index.html?e=69&leftOffset=0&topOffset=0&c=sAEUSHBSQE&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:37:57 GMT
x-content-type-options: nosniff
last-modified: Thu, 28 May 2020 11:34:15 GMT
server: sffe
age: 256
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=900
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17148
x-xss-protection: 0
expires: Sat, 04 Sep 2021 04:52:57 GMT

GET
H3-29 200 MuseoSans_500-webfont.woff2
s0.2mdn.net/creatives/assets/3757674/ Frame D722 17 KB
17 KB 11ms
10ms Font
font/woff2 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/3757674/MuseoSans_500-webfont.woff2

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61490714/20210621060706056/index.html?e=69&leftOffset=0&topOffset=0&c=sAEUSHBSQE&t=1&renderingType=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

26d51505332c23d6cbda9334670d7311bbb034572931905ecd97e7783a15c3db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://s0.2mdn.net
Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61490714/20210621060706056/index.html?e=69&leftOffset=0&topOffset=0&c=sAEUSHBSQE&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:37:57 GMT
x-content-type-options: nosniff
last-modified: Tue, 02 Jun 2020 11:59:20 GMT
server: sffe
age: 256
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=900
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17620
x-xss-protection: 0
expires: Sat, 04 Sep 2021 04:52:57 GMT

POST
H3-29 200 view
googleads4.g.doubleclick.net/pcs/ Frame A7DB 0
23 B 32ms
31ms Ping
image/gif 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: www.123greetings.com
URL: https://www.123greetings.com/events/fall/?utm_source=Email2&utm_medium=Special_NL&utm_campaign=SNL_sep21_events

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Sat, 04 Sep 2021 04:42:13 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H2 200 video-loader2-cr.js Show response
cdn.avantisvideo.com/js/ 132 KB
39 KB 7ms
6ms Script
application/javascript 2600:9000:2240:8a00:1c:38a0:8a40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.avantisvideo.com/js/video-loader2-cr.js?id=1c35f5e5-f7c0-4c97-8283-6c9f94ba8c53&tagId=1
Requested by: Host: cdn.avantisvideo.com
URL: https://cdn.avantisvideo.com/js/video-loader2-cr.js?id=1c35f5e5-f7c0-4c97-8283-6c9f94ba8c53&tagId=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2240:8a00:1c:38a0:8a40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: b5dc7ad3b3d9dffc2b9c95809de7a9ef6b5d9da3fd729c7cc5b116516ea7e6d4

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

x-amz-version-id: kJMT9meJGpUB0zEsyDn5cumlXI8dkxWH
content-encoding: gzip
last-modified: Wed, 25 Aug 2021 07:51:50 GMT
server: AmazonS3
age: 47013
etag: W/"6fd5a7225ddda220c0191533314e34e9"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 814952d19d560b49ff15ad2f71e400d3.cloudfront.net (CloudFront)
date: Fri, 03 Sep 2021 15:38:41 GMT
x-amz-cf-pop: FRA60-P1
x-amz-cf-id: vjbdRXVj6KbI0dQAEkfaxKawyW0RL2O8twtiI4YYEeb11jW5U0ZAsA==

POST
H3-29 200 view
googleads4.g.doubleclick.net/pcs/ Frame 7214 0
23 B 31ms
30ms Ping
image/gif 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: www.123greetings.com
URL: https://www.123greetings.com/events/fall/?utm_source=Email2&utm_medium=Special_NL&utm_campaign=SNL_sep21_events

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Sat, 04 Sep 2021 04:42:13 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

POST
H3-29 200 view
googleads4.g.doubleclick.net/pcs/ Frame 01C4 0
23 B 31ms
30ms Ping
image/gif 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: www.123greetings.com
URL: https://www.123greetings.com/events/fall/?utm_source=Email2&utm_medium=Special_NL&utm_campaign=SNL_sep21_events

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Sat, 04 Sep 2021 04:42:13 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

POST
H3-29 200 view
googleads4.g.doubleclick.net/pcs/ Frame A44E 0
23 B 31ms
31ms Ping
image/gif 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: www.123greetings.com
URL: https://www.123greetings.com/events/fall/?utm_source=Email2&utm_medium=Special_NL&utm_campaign=SNL_sep21_events

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Sat, 04 Sep 2021 04:42:14 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

POST
H3-29 200 view
googleads4.g.doubleclick.net/pcs/ Frame 9097 0
23 B 31ms
31ms Ping
image/gif 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: www.123greetings.com
URL: https://www.123greetings.com/events/fall/?utm_source=Email2&utm_medium=Special_NL&utm_campaign=SNL_sep21_events

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Sat, 04 Sep 2021 04:42:14 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3-29 200 4M_hU0z2aGWsE6Fh5g73T3aOvXi4a4lK__VWYOQ1wYI.js Show response
pagead2.googlesyndication.com/bg/ Frame 10E5 35 KB
13 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/4M_hU0z2aGWsE6Fh5g73T3aOvXi4a4lK__VWYOQ1wYI.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e0cfe1534cf66865ac13a161e60ef74f768ebd78b86b894afff55660e435c182

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 03 Sep 2021 05:01:25 GMT
content-encoding: br
x-content-type-options: nosniff
age: 85248
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13264
x-xss-protection: 0
last-modified: Mon, 30 Aug 2021 12:58:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 03 Sep 2022 05:01:25 GMT

GET
H3-29 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 1DC2 6 KB
4 KB 19ms
18ms XHR
application/json 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_245&st=int

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_245.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

634dbb1649db1ae0603f3b13ef07a93d56275471e449e48103209a93b208a3d3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 04 Sep 2021 04:42:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4322
x-xss-protection: 0

GET
H3-29 200 vertrauen-fuer300x600$324x274$parallax.png_1630307610036_vertrauen-fuer300x600$324x274$parallax.png
s0.2mdn.net/dynamic/2/10829622/noc-css-images.s3-eu-west-1.amazonaws.com/output/MOTIVES/ Frame 1DC2 1006 KB
1007 KB 8ms
7ms Image
image/png 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/dynamic/2/10829622/noc-css-images.s3-eu-west-1.amazonaws.com/output/MOTIVES/vertrauen-fuer300x600$324x274$parallax.png_1630307610036_vertrauen-fuer300x600$324x274$parallax.png

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a53ad5839d2890be1e594d6342a5102444769c7a89fd15ffd2f3e78aa5c3ea69

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61498410/20210621060710917/index.html?e=69&leftOffset=0&topOffset=0&c=hy6FaEB8gn&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 30 Aug 2021 21:25:49 GMT
x-content-type-options: nosniff
last-modified: Mon, 30 Aug 2021 07:13:37 GMT
server: sffe
age: 371785
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-programmable
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1030572
x-xss-protection: 0
expires: Tue, 30 Aug 2022 21:25:49 GMT

GET
H3-29 200 blank.png_1623765585596_blank.png
s0.2mdn.net/dynamic/2/10829622/noc-css-images.s3-eu-west-1.amazonaws.com/output/ Frame 1DC2 103 B
126 B 6ms
6ms Image
image/png 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/dynamic/2/10829622/noc-css-images.s3-eu-west-1.amazonaws.com/output/blank.png_1623765585596_blank.png

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3a5b0a6b847d483604ac9518456136660537cba5ef51720975f910e1238d4ea2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61498410/20210621060710917/index.html?e=69&leftOffset=0&topOffset=0&c=hy6FaEB8gn&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 31 Aug 2021 15:30:19 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Jun 2021 13:59:48 GMT
server: sffe
age: 306715
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-programmable
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 103
x-xss-protection: 0
expires: Wed, 31 Aug 2022 15:30:19 GMT

GET
H3-29 200 728x90_de.min.png
s0.2mdn.net/creatives/assets/3765751/ Frame 1DC2 2 KB
2 KB 40ms
23ms Image
image/png 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/creatives/assets/3765751/728x90_de.min.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61498410/20210621060710917/index.html?e=69&leftOffset=0&topOffset=0&c=hy6FaEB8gn&t=1&renderingType=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

58187730459a02d430a9e3d602a257729971f2dee6b7c718007e9d7c8b5e7a30

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61498410/20210621060710917/index.html?e=69&leftOffset=0&topOffset=0&c=hy6FaEB8gn&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:42:14 GMT
x-content-type-options: nosniff
last-modified: Wed, 17 Jun 2020 12:05:46 GMT
server: sffe
age: 0
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=900
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2468
x-xss-protection: 0
expires: Sat, 04 Sep 2021 04:57:14 GMT

GET
H3-29 200 4M_hU0z2aGWsE6Fh5g73T3aOvXi4a4lK__VWYOQ1wYI.js Show response
pagead2.googlesyndication.com/bg/ Frame 28BB 35 KB
13 KB 16ms
7ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/4M_hU0z2aGWsE6Fh5g73T3aOvXi4a4lK__VWYOQ1wYI.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e0cfe1534cf66865ac13a161e60ef74f768ebd78b86b894afff55660e435c182

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 03 Sep 2021 05:01:25 GMT
content-encoding: br
x-content-type-options: nosniff
age: 85249
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13264
x-xss-protection: 0
last-modified: Mon, 30 Aug 2021 12:58:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 03 Sep 2022 05:01:25 GMT

GET
H3-29 200 4M_hU0z2aGWsE6Fh5g73T3aOvXi4a4lK__VWYOQ1wYI.js Show response
pagead2.googlesyndication.com/bg/ Frame AB9E 35 KB
13 KB 17ms
8ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/4M_hU0z2aGWsE6Fh5g73T3aOvXi4a4lK__VWYOQ1wYI.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e0cfe1534cf66865ac13a161e60ef74f768ebd78b86b894afff55660e435c182

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 03 Sep 2021 05:01:25 GMT
content-encoding: br
x-content-type-options: nosniff
age: 85249
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13264
x-xss-protection: 0
last-modified: Mon, 30 Aug 2021 12:58:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 03 Sep 2022 05:01:25 GMT

GET
H3-29 200 blank.png_1623765585596_blank.png
s0.2mdn.net/dynamic/2/10829622/noc-css-images.s3-eu-west-1.amazonaws.com/output/ Frame D6BF 103 B
126 B 24ms
12ms Image
image/png 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/dynamic/2/10829622/noc-css-images.s3-eu-west-1.amazonaws.com/output/blank.png_1623765585596_blank.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61498371/20210621060725476/index.html?e=69&leftOffset=0&topOffset=0&c=2WsNqxjH0W&t=1&renderingType=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3a5b0a6b847d483604ac9518456136660537cba5ef51720975f910e1238d4ea2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61498371/20210621060725476/index.html?e=69&leftOffset=0&topOffset=0&c=2WsNqxjH0W&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 31 Aug 2021 15:30:19 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Jun 2021 13:59:48 GMT
server: sffe
age: 306715
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-programmable
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 103
x-xss-protection: 0
expires: Wed, 31 Aug 2022 15:30:19 GMT

GET
H3-29 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame D6BF 6 KB
4 KB 27ms
18ms XHR
application/json 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_245&st=int

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_245.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5bf14325d405b1a79f657e4986f29e89f5d01a531b4d77ec457bb48d8a6aedbc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 04 Sep 2021 04:42:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4517
x-xss-protection: 0

GET
H3-29 200 vertrauen$673x250$parallax.png_1630307610036_vertrauen$673x250$parallax.png
s0.2mdn.net/dynamic/2/10829622/noc-css-images.s3-eu-west-1.amazonaws.com/output/MOTIVES/ Frame D6BF 1 MB
1 MB 29ms
18ms Image
image/png 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/dynamic/2/10829622/noc-css-images.s3-eu-west-1.amazonaws.com/output/MOTIVES/vertrauen$673x250$parallax.png_1630307610036_vertrauen$673x250$parallax.png

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2aceca191f44f57b792abd0dda19c82f408c200a704ef58c770216208d673137

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61498371/20210621060725476/index.html?e=69&leftOffset=0&topOffset=0&c=2WsNqxjH0W&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 31 Aug 2021 13:47:41 GMT
x-content-type-options: nosniff
last-modified: Mon, 30 Aug 2021 07:13:32 GMT
server: sffe
age: 312873
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-programmable
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1305782
x-xss-protection: 0
expires: Wed, 31 Aug 2022 13:47:41 GMT

GET
H3-29 200 vertrauen-fuer300x600$324x274$parallax.png_1630307610036_vertrauen-fuer300x600$324x274$parallax.png
s0.2mdn.net/dynamic/2/10829622/noc-css-images.s3-eu-west-1.amazonaws.com/output/MOTIVES/ Frame 90BD 1006 KB
1007 KB 15ms
9ms Image
image/png 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/dynamic/2/10829622/noc-css-images.s3-eu-west-1.amazonaws.com/output/MOTIVES/vertrauen-fuer300x600$324x274$parallax.png_1630307610036_vertrauen-fuer300x600$324x274$parallax.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61498371/20210621060725476/index.html?e=69&leftOffset=0&topOffset=0&c=e8IV7Uynpf&t=1&renderingType=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a53ad5839d2890be1e594d6342a5102444769c7a89fd15ffd2f3e78aa5c3ea69

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61498371/20210621060725476/index.html?e=69&leftOffset=0&topOffset=0&c=e8IV7Uynpf&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 30 Aug 2021 21:25:49 GMT
x-content-type-options: nosniff
last-modified: Mon, 30 Aug 2021 07:13:37 GMT
server: sffe
age: 371785
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-programmable
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1030572
x-xss-protection: 0
expires: Tue, 30 Aug 2022 21:25:49 GMT

GET
H3-29 200 blank.png_1623765585596_blank.png
s0.2mdn.net/dynamic/2/10829622/noc-css-images.s3-eu-west-1.amazonaws.com/output/ Frame 90BD 103 B
126 B 17ms
13ms Image
image/png 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/dynamic/2/10829622/noc-css-images.s3-eu-west-1.amazonaws.com/output/blank.png_1623765585596_blank.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61498371/20210621060725476/index.html?e=69&leftOffset=0&topOffset=0&c=e8IV7Uynpf&t=1&renderingType=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3a5b0a6b847d483604ac9518456136660537cba5ef51720975f910e1238d4ea2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61498371/20210621060725476/index.html?e=69&leftOffset=0&topOffset=0&c=e8IV7Uynpf&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 31 Aug 2021 15:30:19 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Jun 2021 13:59:48 GMT
server: sffe
age: 306715
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-programmable
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 103
x-xss-protection: 0
expires: Wed, 31 Aug 2022 15:30:19 GMT

GET
H3-29 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 90BD 6 KB
4 KB 25ms
21ms XHR
application/json 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_245&st=int

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_245.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c693e913914f4394b8ab57cda7c788490024405ce57f4480a233ad2c84a7cfd2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 04 Sep 2021 04:42:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4378
x-xss-protection: 0

GET
H3-29 200 4M_hU0z2aGWsE6Fh5g73T3aOvXi4a4lK__VWYOQ1wYI.js Show response
pagead2.googlesyndication.com/bg/ Frame DB3E 35 KB
13 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/4M_hU0z2aGWsE6Fh5g73T3aOvXi4a4lK__VWYOQ1wYI.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e0cfe1534cf66865ac13a161e60ef74f768ebd78b86b894afff55660e435c182

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 03 Sep 2021 05:01:25 GMT
content-encoding: br
x-content-type-options: nosniff
age: 85249
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13264
x-xss-protection: 0
last-modified: Mon, 30 Aug 2021 12:58:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 03 Sep 2022 05:01:25 GMT

GET
H3-29 200 4M_hU0z2aGWsE6Fh5g73T3aOvXi4a4lK__VWYOQ1wYI.js Show response
pagead2.googlesyndication.com/bg/ Frame E726 35 KB
13 KB 12ms
9ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/4M_hU0z2aGWsE6Fh5g73T3aOvXi4a4lK__VWYOQ1wYI.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e0cfe1534cf66865ac13a161e60ef74f768ebd78b86b894afff55660e435c182

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 03 Sep 2021 05:01:25 GMT
content-encoding: br
x-content-type-options: nosniff
age: 85249
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13264
x-xss-protection: 0
last-modified: Mon, 30 Aug 2021 12:58:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 03 Sep 2022 05:01:25 GMT

GET
H3-29 200 blank.png_1623765585596_blank.png
s0.2mdn.net/dynamic/2/10829622/noc-css-images.s3-eu-west-1.amazonaws.com/output/ Frame 523E 103 B
126 B 25ms
21ms Image
image/png 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/dynamic/2/10829622/noc-css-images.s3-eu-west-1.amazonaws.com/output/blank.png_1623765585596_blank.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61498371/20210621060725476/index.html?e=69&leftOffset=0&topOffset=0&c=UK2o4yXblG&t=1&renderingType=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3a5b0a6b847d483604ac9518456136660537cba5ef51720975f910e1238d4ea2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61498371/20210621060725476/index.html?e=69&leftOffset=0&topOffset=0&c=UK2o4yXblG&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 31 Aug 2021 15:30:19 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Jun 2021 13:59:48 GMT
server: sffe
age: 306715
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-programmable
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 103
x-xss-protection: 0
expires: Wed, 31 Aug 2022 15:30:19 GMT

GET
H3-29 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 523E 6 KB
4 KB 19ms
17ms XHR
application/json 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_245&st=int

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_245.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f7ae826e9eb5b1dd4b358119ad6b64131ee78b4ed5c337ead7897165563f3d30

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 04 Sep 2021 04:42:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4507
x-xss-protection: 0

GET
H3-29 200 vertrauen$324x274$parallax.png_1630307610036_vertrauen$324x274$parallax.png
s0.2mdn.net/dynamic/2/10829622/noc-css-images.s3-eu-west-1.amazonaws.com/output/MOTIVES/ Frame 523E 890 KB
891 KB 18ms
13ms Image
image/png 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/dynamic/2/10829622/noc-css-images.s3-eu-west-1.amazonaws.com/output/MOTIVES/vertrauen$324x274$parallax.png_1630307610036_vertrauen$324x274$parallax.png

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e55e40533aba29bfd3a7109277ca52b8fc76a800027502632589556dfcbbaeca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61498371/20210621060725476/index.html?e=69&leftOffset=0&topOffset=0&c=UK2o4yXblG&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 30 Aug 2021 22:02:07 GMT
x-content-type-options: nosniff
last-modified: Mon, 30 Aug 2021 07:13:34 GMT
server: sffe
age: 369607
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-programmable
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 911779
x-xss-protection: 0
expires: Tue, 30 Aug 2022 22:02:07 GMT

GET
H3-29 200 4M_hU0z2aGWsE6Fh5g73T3aOvXi4a4lK__VWYOQ1wYI.js Show response
pagead2.googlesyndication.com/bg/ Frame 82DD 35 KB
13 KB 12ms
9ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/4M_hU0z2aGWsE6Fh5g73T3aOvXi4a4lK__VWYOQ1wYI.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e0cfe1534cf66865ac13a161e60ef74f768ebd78b86b894afff55660e435c182

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 03 Sep 2021 05:01:25 GMT
content-encoding: br
x-content-type-options: nosniff
age: 85249
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13264
x-xss-protection: 0
last-modified: Mon, 30 Aug 2021 12:58:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 03 Sep 2022 05:01:25 GMT

GET
H3-29 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame D722 6 KB
4 KB 18ms
16ms XHR
application/json 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_245&st=int

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_245.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6a6e90cb081a4d6f3deca7b0c05c32d01615159e631b68bfa7542166dd8526ea

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 04 Sep 2021 04:42:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4358
x-xss-protection: 0

GET
H3-29 200 300x250_de.min.png
s0.2mdn.net/creatives/assets/3765751/ Frame D6BF 2 KB
2 KB 11ms
7ms Image
image/png 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/creatives/assets/3765751/300x250_de.min.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61498371/20210621060725476/index.html?e=69&leftOffset=0&topOffset=0&c=2WsNqxjH0W&t=1&renderingType=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

80f27d378b4c7cf8bb75946013a68f4787b4c88b484e36c409ddcb4ee21ca5df

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61498371/20210621060725476/index.html?e=69&leftOffset=0&topOffset=0&c=2WsNqxjH0W&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:41:15 GMT
x-content-type-options: nosniff
last-modified: Wed, 17 Jun 2020 11:57:46 GMT
server: sffe
age: 59
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=900
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2000
x-xss-protection: 0
expires: Sat, 04 Sep 2021 04:56:15 GMT

GET
H3-29 200 300x250_de.min.png
s0.2mdn.net/creatives/assets/3765751/ Frame 90BD 2 KB
2 KB 13ms
11ms Image
image/png 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/creatives/assets/3765751/300x250_de.min.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61498371/20210621060725476/index.html?e=69&leftOffset=0&topOffset=0&c=e8IV7Uynpf&t=1&renderingType=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

80f27d378b4c7cf8bb75946013a68f4787b4c88b484e36c409ddcb4ee21ca5df

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61498371/20210621060725476/index.html?e=69&leftOffset=0&topOffset=0&c=e8IV7Uynpf&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:41:15 GMT
x-content-type-options: nosniff
last-modified: Wed, 17 Jun 2020 11:57:46 GMT
server: sffe
age: 59
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=900
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2000
x-xss-protection: 0
expires: Sat, 04 Sep 2021 04:56:15 GMT

GET
H3-29 200 300x250_de.min.png
s0.2mdn.net/creatives/assets/3765751/ Frame 523E 2 KB
2 KB 11ms
11ms Image
image/png 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/creatives/assets/3765751/300x250_de.min.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61498371/20210621060725476/index.html?e=69&leftOffset=0&topOffset=0&c=UK2o4yXblG&t=1&renderingType=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

80f27d378b4c7cf8bb75946013a68f4787b4c88b484e36c409ddcb4ee21ca5df

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61498371/20210621060725476/index.html?e=69&leftOffset=0&topOffset=0&c=UK2o4yXblG&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:41:15 GMT
x-content-type-options: nosniff
last-modified: Wed, 17 Jun 2020 11:57:46 GMT
server: sffe
age: 59
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=900
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2000
x-xss-protection: 0
expires: Sat, 04 Sep 2021 04:56:15 GMT

GET
H3-29 200 vertrauen$324x274$parallax.png_1630307610036_vertrauen$324x274$parallax.png
s0.2mdn.net/dynamic/2/10829622/noc-css-images.s3-eu-west-1.amazonaws.com/output/MOTIVES/ Frame 441B 890 KB
891 KB 10ms
9ms Image
image/png 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/dynamic/2/10829622/noc-css-images.s3-eu-west-1.amazonaws.com/output/MOTIVES/vertrauen$324x274$parallax.png_1630307610036_vertrauen$324x274$parallax.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61498371/20210621060725476/index.html?e=69&leftOffset=0&topOffset=0&c=aSGvZtuX20&t=1&renderingType=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e55e40533aba29bfd3a7109277ca52b8fc76a800027502632589556dfcbbaeca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61498371/20210621060725476/index.html?e=69&leftOffset=0&topOffset=0&c=aSGvZtuX20&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 30 Aug 2021 22:02:07 GMT
x-content-type-options: nosniff
last-modified: Mon, 30 Aug 2021 07:13:34 GMT
server: sffe
age: 369607
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-programmable
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 911779
x-xss-protection: 0
expires: Tue, 30 Aug 2022 22:02:07 GMT

GET
H3-29 200 blank.png_1623765585596_blank.png
s0.2mdn.net/dynamic/2/10829622/noc-css-images.s3-eu-west-1.amazonaws.com/output/ Frame 441B 103 B
126 B 11ms
10ms Image
image/png 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/dynamic/2/10829622/noc-css-images.s3-eu-west-1.amazonaws.com/output/blank.png_1623765585596_blank.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61498371/20210621060725476/index.html?e=69&leftOffset=0&topOffset=0&c=aSGvZtuX20&t=1&renderingType=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3a5b0a6b847d483604ac9518456136660537cba5ef51720975f910e1238d4ea2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61498371/20210621060725476/index.html?e=69&leftOffset=0&topOffset=0&c=aSGvZtuX20&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 31 Aug 2021 15:30:19 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Jun 2021 13:59:48 GMT
server: sffe
age: 306715
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-programmable
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 103
x-xss-protection: 0
expires: Wed, 31 Aug 2022 15:30:19 GMT

GET
H3-29 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 441B 6 KB
4 KB 21ms
20ms XHR
application/json 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_245&st=int

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_245.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e7e9879e57f8e78354f4ec91a338351b8d97d63914b7762ef79504f7b727b273

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 04 Sep 2021 04:42:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4430
x-xss-protection: 0

GET
H2 200 u_d.html Show response
cdn1.avantisvideo.com/connect/ Frame 0338 42 KB
15 KB 10ms
7ms Document
text/html 2600:9000:2240:8a00:1c:38a0:8a40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn1.avantisvideo.com/connect/u_d.html
Requested by: Host: cdn.avantisvideo.com
URL: https://cdn.avantisvideo.com/js/video-loader2-cr.js?id=1c35f5e5-f7c0-4c97-8283-6c9f94ba8c53&tagId=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2240:8a00:1c:38a0:8a40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 3fac6fcea268523d827b4512f268a9bb1df0479b8a4603d118c9e4df7489a038

Request headers

:method: GET
:authority: cdn1.avantisvideo.com
:scheme: https
:path: /connect/u_d.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.123greetings.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://www.123greetings.com/

Response headers

content-type: text/html
date: Fri, 03 Sep 2021 05:41:35 GMT
last-modified: Tue, 30 Mar 2021 10:01:49 GMT
etag: W/"f5694815436f3e426c35d9ae8274ad04"
x-amz-version-id: Ftlos22uEwPvOcBw5odXpMxKfkl_0T1Q
server: AmazonS3
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 814952d19d560b49ff15ad2f71e400d3.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P1
x-amz-cf-id: V1MgaI8DYsydkSHPI5KGiZEMTsa9p7RhpS3yJ3Gcz3kV10q_NPMwwA==
age: 82840

GET
H3-29 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 1DC2 17 KB
6 KB 31ms
28ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_245.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:42:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1624308425655142"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6467
x-xss-protection: 0
expires: Sat, 04 Sep 2021 04:42:14 GMT

GET
H3-29 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame D6BF 17 KB
6 KB 92ms
88ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_245.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:42:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1624308425655142"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6467
x-xss-protection: 0
expires: Sat, 04 Sep 2021 04:42:14 GMT

GET
H3-29 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 90BD 17 KB
6 KB 112ms
108ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_245.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:42:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1624308425655142"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6467
x-xss-protection: 0
expires: Sat, 04 Sep 2021 04:42:14 GMT

GET
H3-29 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 523E 17 KB
6 KB 102ms
102ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_245.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:42:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1624308425655142"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6467
x-xss-protection: 0
expires: Sat, 04 Sep 2021 04:42:14 GMT

GET
H3-29 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame D722 17 KB
6 KB 101ms
100ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_245.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:42:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1624308425655142"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6467
x-xss-protection: 0
expires: Sat, 04 Sep 2021 04:42:14 GMT

GET
H3-29 200 300x250_de.min.png
s0.2mdn.net/creatives/assets/3765751/ Frame 441B 2 KB
2 KB 11ms
10ms Image
image/png 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/creatives/assets/3765751/300x250_de.min.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61498371/20210621060725476/index.html?e=69&leftOffset=0&topOffset=0&c=aSGvZtuX20&t=1&renderingType=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

80f27d378b4c7cf8bb75946013a68f4787b4c88b484e36c409ddcb4ee21ca5df

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61498371/20210621060725476/index.html?e=69&leftOffset=0&topOffset=0&c=aSGvZtuX20&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:41:15 GMT
x-content-type-options: nosniff
last-modified: Wed, 17 Jun 2020 11:57:46 GMT
server: sffe
age: 59
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=900
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2000
x-xss-protection: 0
expires: Sat, 04 Sep 2021 04:56:15 GMT

GET
H3-29 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 441B 17 KB
6 KB 97ms
97ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_245.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:42:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1624308425655142"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6467
x-xss-protection: 0
expires: Sat, 04 Sep 2021 04:42:14 GMT

GET
H3-29 200 activeview
pagead2.googlesyndication.com/pcs/ Frame 9FBC 42 B
64 B 21ms
20ms Image
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstDcaocaQY64ISqBvH2XAEp8FL8FVi7llNa2NMi819q7gyVRKFT-HVNZFVHER_Y4sXa78X9T0Ro3RIC3oxHhpPWGwomymVMjBq2o5L-MBfQ9mwuipu8j9q20Po&sai=AMfl-YR5AWplrp40A7iWkcblzKBz2lHQVHR6UW1x11hH9hEcIPABpufCkMXZI8zRAsYmUSDVzN7H-chNjoGmDSGh_9qeLSjXyAzm0uGIwEXk3tmecWvFFZVvAGh2OcuZrlg&sig=Cg0ArKJSzC_tweaWaCGZEAE&cid=CAASFeRoFPEMAiQnQF84z3ZcKkplG-Tnxg&id=ampim&o=970,236&d=300,250&ss=1600,1200&bs=1600,1200&mcvt=1038&mtos=0,0,1038,1038,1038&tos=0,0,1038,0,0&tfs=378&tls=1416&g=99.83749985694885&h=99.83749985694885&tt=1416&r=v&avms=ampa&adk=3104929529

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:42:14 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 1AE1 42 B
64 B 21ms
21ms Fetch
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjss8a5jcFRTw1a80A2K7w8uz8xMM9lbaDfdw_t20ecYoZW4Nfzehe3FSbLlAg3x7L6_V6vWsa27BQ_bJrTdUr33jyDQowK86cN9xAjjdty1I4W1BEXoqTN8XkMQ&sai=AMfl-YTxTtsIBERLCx97KlUA9SRxcW1Sp8r4qWeDno_2b-iaQnj22lyH48x124eqX3itOEUihKvEPcWxiDBeiUb7ZPFM-dhENkIQxzEAniowqVEY-R0ghiaat1K1n-5AHRU&sig=Cg0ArKJSzNA0DVHx5cnsEAE&cid=CAASFeRob-qYwbOydzhuJYKYR_uGCj3DeA&id=lidar2&mcvt=1085&p=47,560,137,1288&asp=47,560,137,1288&mtos=1085,1085,1085,1085,1085&tos=1085,0,0,0,0&v=20210901&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=20&adk=2102598028&rs=4&met=mue&la=0&cr=0&osd=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ%3D%3D&vs=4&eosm=0&rst=1630730532581&rpt=701&isd=0&lsd=0&r=v

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:42:14 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 4M_hU0z2aGWsE6Fh5g73T3aOvXi4a4lK__VWYOQ1wYI.js Show response
pagead2.googlesyndication.com/bg/ Frame 35BC 35 KB
13 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/4M_hU0z2aGWsE6Fh5g73T3aOvXi4a4lK__VWYOQ1wYI.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e0cfe1534cf66865ac13a161e60ef74f768ebd78b86b894afff55660e435c182

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 03 Sep 2021 05:01:25 GMT
content-encoding: br
x-content-type-options: nosniff
age: 85249
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13264
x-xss-protection: 0
last-modified: Mon, 30 Aug 2021 12:58:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 03 Sep 2022 05:01:25 GMT

GET
H2 200 geoip Show response
avm.avantisvideo.com/api/v1/ Frame 0338 116 B
869 B 153ms
153ms XHR
application/json 2600:9000:223c:7800:3:748e:7940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://avm.avantisvideo.com/api/v1/geoip

Requested by

Host: cdn1.avantisvideo.com
URL: https://cdn1.avantisvideo.com/connect/u_d.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223c:7800:3:748e:7940:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

d81386cb76a2f803a6a7674bab45293bde918693a683a583ccd20f85619df9ef

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://cdn1.avantisvideo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: application/json

Response headers

content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
via: 1.1 b9d2ce196c8a711fb15d92175d58476e.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-permitted-cross-domain-policies: none
x-amz-cf-pop: FRA56-P2
x-dns-prefetch-control: off
x-cache: Miss from cloudfront
vary: Origin
content-length: 116
x-xss-protection: 0
referrer-policy: no-referrer
x-frame-options: SAMEORIGIN
date: Sat, 04 Sep 2021 04:42:14 GMT
expect-ct: max-age=0
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
content-type: application/json; charset=utf-8
access-control-allow-origin: https://cdn1.avantisvideo.com
access-control-allow-credentials: true
x-amz-cf-id: LN2UyJo7ZLaP09znEs6gRxro5d6SpfO0-5rfO4AT7UhdTcJ8UbLBCg==

OPTIONS
H2 204 geoip
avm.avantisvideo.com/api/v1/ Frame 0
0 150ms
150ms Preflight 2600:9000:223c:7800:3:748e:7940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://avm.avantisvideo.com/api/v1/geoip

Protocol

Server

2600:9000:223c:7800:3:748e:7940:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Origin: https://cdn1.avantisvideo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Sat, 04 Sep 2021 04:42:14 GMT
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-dns-prefetch-control: off
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
vary: Origin
access-control-allow-origin: https://cdn1.avantisvideo.com
access-control-allow-credentials: true
access-control-allow-methods: GET,HEAD,PUT,POST,DELETE,PATCH
access-control-allow-headers: content-type
x-cache: Miss from cloudfront
via: 1.1 b9d2ce196c8a711fb15d92175d58476e.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P2
x-amz-cf-id: o1xQkZlcFxrwiAoo8wnWByCRgFtKNCj2yqZIzX6fKBuCHxZG6gfDPw==

GET
H3-29 200 4M_hU0z2aGWsE6Fh5g73T3aOvXi4a4lK__VWYOQ1wYI.js Show response
pagead2.googlesyndication.com/bg/ Frame 9650 35 KB
13 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/4M_hU0z2aGWsE6Fh5g73T3aOvXi4a4lK__VWYOQ1wYI.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e0cfe1534cf66865ac13a161e60ef74f768ebd78b86b894afff55660e435c182

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 03 Sep 2021 05:01:25 GMT
content-encoding: br
x-content-type-options: nosniff
age: 85249
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13264
x-xss-protection: 0
last-modified: Mon, 30 Aug 2021 12:58:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 03 Sep 2022 05:01:25 GMT

GET
H3-29 200 4M_hU0z2aGWsE6Fh5g73T3aOvXi4a4lK__VWYOQ1wYI.js Show response
pagead2.googlesyndication.com/bg/ Frame B91B 35 KB
13 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/4M_hU0z2aGWsE6Fh5g73T3aOvXi4a4lK__VWYOQ1wYI.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e0cfe1534cf66865ac13a161e60ef74f768ebd78b86b894afff55660e435c182

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 03 Sep 2021 05:01:25 GMT
content-encoding: br
x-content-type-options: nosniff
age: 85249
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13264
x-xss-protection: 0
last-modified: Mon, 30 Aug 2021 12:58:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 03 Sep 2022 05:01:25 GMT

GET
H3-29 200 4M_hU0z2aGWsE6Fh5g73T3aOvXi4a4lK__VWYOQ1wYI.js Show response
pagead2.googlesyndication.com/bg/ Frame 592E 35 KB
13 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/4M_hU0z2aGWsE6Fh5g73T3aOvXi4a4lK__VWYOQ1wYI.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e0cfe1534cf66865ac13a161e60ef74f768ebd78b86b894afff55660e435c182

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 03 Sep 2021 05:01:25 GMT
content-encoding: br
x-content-type-options: nosniff
age: 85249
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13264
x-xss-protection: 0
last-modified: Mon, 30 Aug 2021 12:58:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 03 Sep 2022 05:01:25 GMT

GET
H3-29 200 4M_hU0z2aGWsE6Fh5g73T3aOvXi4a4lK__VWYOQ1wYI.js Show response
pagead2.googlesyndication.com/bg/ Frame BF62 35 KB
13 KB 14ms
14ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/4M_hU0z2aGWsE6Fh5g73T3aOvXi4a4lK__VWYOQ1wYI.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e0cfe1534cf66865ac13a161e60ef74f768ebd78b86b894afff55660e435c182

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 03 Sep 2021 05:01:25 GMT
content-encoding: br
x-content-type-options: nosniff
age: 85249
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13264
x-xss-protection: 0
last-modified: Mon, 30 Aug 2021 12:58:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 03 Sep 2022 05:01:25 GMT

GET
H3-29 200 4M_hU0z2aGWsE6Fh5g73T3aOvXi4a4lK__VWYOQ1wYI.js Show response
pagead2.googlesyndication.com/bg/ Frame 2331 35 KB
13 KB 9ms
9ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/4M_hU0z2aGWsE6Fh5g73T3aOvXi4a4lK__VWYOQ1wYI.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e0cfe1534cf66865ac13a161e60ef74f768ebd78b86b894afff55660e435c182

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 03 Sep 2021 05:01:25 GMT
content-encoding: br
x-content-type-options: nosniff
age: 85249
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13264
x-xss-protection: 0
last-modified: Mon, 30 Aug 2021 12:58:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 03 Sep 2022 05:01:25 GMT

GET
H2 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame A7DB 42 B
108 B 22ms
22ms Fetch
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvtYdifsYzoBkPK-iF1Hkw7sELJVa7dYdrbHkTQo9WeDfZsueqdXzBdzwEI3GpEogYCnJ3cVrvCgPS_df6_oLHj_0QKGsdNLe4bXLzR0fU_DcsjAg6oDmF4X-k&sai=AMfl-YTMkDxo1A1eWjSBU0yoB3ALrwwlqewyMuIthKDJv0VwjQoqeWJwwP69nuy3DthYi3-BdRe_gOp-cq6kB5VMCjS45uXv802TVAVXhInad84WakLZvnrrQycYeMk5mQU&sig=Cg0ArKJSzNETzfQdWIDOEAE&cid=CAASFeRoZOWs1v5I0qaLPnyBO3yEojYZlQ&id=lidar2&mcvt=1060&p=518,970,768,1270&asp=518,970,768,1270&mtos=1060,1060,1060,1060,1060&tos=1060,0,0,0,0&v=20210901&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=20&adk=2048228011&rs=4&met=mue&la=0&cr=0&osd=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ%3D%3D&vs=4&eosm=0&rst=1630730532652&rpt=798&isd=0&lsd=0&r=v

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:42:14 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 blank.png_1623765585596_blank.png
s0.2mdn.net/dynamic/2/10829622/noc-css-images.s3-eu-west-1.amazonaws.com/output/ Frame D722 103 B
578 B 27ms
6ms Image
image/png 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/dynamic/2/10829622/noc-css-images.s3-eu-west-1.amazonaws.com/output/blank.png_1623765585596_blank.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61490714/20210621060706056/index.html?e=69&leftOffset=0&topOffset=0&c=sAEUSHBSQE&t=1&renderingType=2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3a5b0a6b847d483604ac9518456136660537cba5ef51720975f910e1238d4ea2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61490714/20210621060706056/index.html?e=69&leftOffset=0&topOffset=0&c=sAEUSHBSQE&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 31 Aug 2021 15:30:19 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Jun 2021 13:59:48 GMT
server: sffe
age: 306716
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-programmable
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 103
x-xss-protection: 0
expires: Wed, 31 Aug 2022 15:30:19 GMT

GET
H2 200 vertrauen-fuer300x250$324x274$parallax.png_1630307610036_vertrauen-fuer300x250$324x274$parallax.png
s0.2mdn.net/dynamic/2/10829622/noc-css-images.s3-eu-west-1.amazonaws.com/output/MOTIVES/ Frame D722 833 KB
833 KB 27ms
8ms Image
image/png 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/dynamic/2/10829622/noc-css-images.s3-eu-west-1.amazonaws.com/output/MOTIVES/vertrauen-fuer300x250$324x274$parallax.png_1630307610036_vertrauen-fuer300x250$324x274$parallax.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3c12076d7a455c11a2079b24bf90f3b1d38a41b6700c6e7b005f21918d15fcfa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61490714/20210621060706056/index.html?e=69&leftOffset=0&topOffset=0&c=sAEUSHBSQE&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 03 Sep 2021 05:21:29 GMT
x-content-type-options: nosniff
last-modified: Mon, 30 Aug 2021 07:13:42 GMT
server: sffe
age: 84046
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-programmable
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 852877
x-xss-protection: 0
expires: Sat, 03 Sep 2022 05:21:29 GMT

GET
H3-29 200 970x250_de.min.png
s0.2mdn.net/creatives/assets/3765751/ Frame D722 3 KB
3 KB 14ms
14ms Image
image/png 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/creatives/assets/3765751/970x250_de.min.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61490714/20210621060706056/index.html?e=69&leftOffset=0&topOffset=0&c=sAEUSHBSQE&t=1&renderingType=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5d318a7c4005ae653ca6a9d61a87919ebc27a1ed6a4592374b2ed1332271a642

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61490714/20210621060706056/index.html?e=69&leftOffset=0&topOffset=0&c=sAEUSHBSQE&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:42:15 GMT
x-content-type-options: nosniff
last-modified: Wed, 17 Jun 2020 11:58:24 GMT
server: sffe
age: 0
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=900
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3266
x-xss-protection: 0
expires: Sat, 04 Sep 2021 04:57:15 GMT

GET
H3-29 200 vertrauen$324x274$parallax.png_1630307610036_vertrauen$324x274$parallax.png
s0.2mdn.net/dynamic/2/10829622/noc-css-images.s3-eu-west-1.amazonaws.com/output/MOTIVES/ Frame 523E 890 KB
891 KB 6ms
5ms Image
image/png 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/dynamic/2/10829622/noc-css-images.s3-eu-west-1.amazonaws.com/output/MOTIVES/vertrauen$324x274$parallax.png_1630307610036_vertrauen$324x274$parallax.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61498371/20210621060725476/index.html?e=69&leftOffset=0&topOffset=0&c=UK2o4yXblG&t=1&renderingType=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e55e40533aba29bfd3a7109277ca52b8fc76a800027502632589556dfcbbaeca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61498371/20210621060725476/index.html?e=69&leftOffset=0&topOffset=0&c=UK2o4yXblG&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 30 Aug 2021 22:02:07 GMT
x-content-type-options: nosniff
last-modified: Mon, 30 Aug 2021 07:13:34 GMT
server: sffe
age: 369608
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-programmable
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 911779
x-xss-protection: 0
expires: Tue, 30 Aug 2022 22:02:07 GMT

GET
H3-29 200 vertrauen$324x274$parallax.png_1630307610036_vertrauen$324x274$parallax.png
s0.2mdn.net/dynamic/2/10829622/noc-css-images.s3-eu-west-1.amazonaws.com/output/MOTIVES/ Frame 441B 890 KB
891 KB 13ms
12ms Image
image/png 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/dynamic/2/10829622/noc-css-images.s3-eu-west-1.amazonaws.com/output/MOTIVES/vertrauen$324x274$parallax.png_1630307610036_vertrauen$324x274$parallax.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61498371/20210621060725476/index.html?e=69&leftOffset=0&topOffset=0&c=aSGvZtuX20&t=1&renderingType=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e55e40533aba29bfd3a7109277ca52b8fc76a800027502632589556dfcbbaeca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61498371/20210621060725476/index.html?e=69&leftOffset=0&topOffset=0&c=aSGvZtuX20&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 30 Aug 2021 22:02:07 GMT
x-content-type-options: nosniff
last-modified: Mon, 30 Aug 2021 07:13:34 GMT
server: sffe
age: 369608
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-programmable
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 911779
x-xss-protection: 0
expires: Tue, 30 Aug 2022 22:02:07 GMT

POST
H2 204 /
events1.avantisvideo.com/ 0
35 B 658ms
187ms Ping
text/plain 35.82.37.37
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://events1.avantisvideo.com/
Requested by: Host: cdn.avantisvideo.com
URL: https://cdn.avantisvideo.com/js/video-loader2-cr.js?id=1c35f5e5-f7c0-4c97-8283-6c9f94ba8c53&tagId=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.82.37.37 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-82-37-37.us-west-2.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Sat, 04 Sep 2021 04:42:15 GMT

GET
H2 200 t Show response
avm.avantisvideo.com/api/v1/tag/1c35f5e5-f7c0-4c97-8283-6c9f94ba8c53/1/desktop/generate/ 2 KB
2 KB 192ms
190ms XHR
text/plain 2600:9000:223c:7800:3:748e:7940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://avm.avantisvideo.com/api/v1/tag/1c35f5e5-f7c0-4c97-8283-6c9f94ba8c53/1/desktop/generate/t?subId=Email2&browser=chrome&utm=Email2&os=windows&url=https%3A%2F%2Fwww.123greetings.com%2Fevents%2Ffall%2F%3Futm_source%3DEmail2%26utm_medium%3DSpecial_NL%26utm_campaign%3DSNL_sep21_events&eu=true&country=DE&hour=6

Requested by

Host: cdn.avantisvideo.com
URL: https://cdn.avantisvideo.com/js/video-loader2-cr.js?id=1c35f5e5-f7c0-4c97-8283-6c9f94ba8c53&tagId=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223c:7800:3:748e:7940:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

5010abc38d335ee8205f1ebf7d7c29fbc266076903263054feb2a070a16a4633

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: application/json

Response headers

date: Sat, 04 Sep 2021 04:42:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-permitted-cross-domain-policies: none
x-amz-cf-pop: FRA56-P2
x-dns-prefetch-control: off
x-cache: Miss from cloudfront
vary: Accept-Encoding, Origin
x-xss-protection: 0
access-control-allow-origin: https://www.123greetings.com
referrer-policy: no-referrer
x-frame-options: SAMEORIGIN
expect-ct: max-age=0
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
content-type: text/plain; charset=utf-8
via: 1.1 b9d2ce196c8a711fb15d92175d58476e.cloudfront.net (CloudFront)
access-control-allow-credentials: true
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-amz-cf-id: N81x_h3LtZSWSONfXoXmy_VEjT8bzCi59OrVfSqHc05FoWj5WbjwXQ==

OPTIONS
H2 204 t
avm.avantisvideo.com/api/v1/tag/1c35f5e5-f7c0-4c97-8283-6c9f94ba8c53/1/desktop/generate/ Frame 0
0 151ms
151ms Preflight 2600:9000:223c:7800:3:748e:7940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Server

2600:9000:223c:7800:3:748e:7940:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Origin: https://www.123greetings.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Sat, 04 Sep 2021 04:42:15 GMT
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-dns-prefetch-control: off
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
vary: Origin
access-control-allow-origin: https://www.123greetings.com
access-control-allow-credentials: true
access-control-allow-methods: GET,HEAD,PUT,POST,DELETE,PATCH
access-control-allow-headers: content-type
x-cache: Miss from cloudfront
via: 1.1 b9d2ce196c8a711fb15d92175d58476e.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P2
x-amz-cf-id: H0RRyPWJAv0rmAyChq3KUk6Hw_4DKCHcu2lT7iwu790SJJ5Da9JhhQ==

GET
H3-29 200 vertrauen-fuer300x600$324x274$parallax.png_1630307610036_vertrauen-fuer300x600$324x274$parallax.png
s0.2mdn.net/dynamic/2/10829622/noc-css-images.s3-eu-west-1.amazonaws.com/output/MOTIVES/ Frame 1DC2 1006 KB
1007 KB 28ms
27ms Image
image/png 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/dynamic/2/10829622/noc-css-images.s3-eu-west-1.amazonaws.com/output/MOTIVES/vertrauen-fuer300x600$324x274$parallax.png_1630307610036_vertrauen-fuer300x600$324x274$parallax.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61498410/20210621060710917/index.html?e=69&leftOffset=0&topOffset=0&c=hy6FaEB8gn&t=1&renderingType=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a53ad5839d2890be1e594d6342a5102444769c7a89fd15ffd2f3e78aa5c3ea69

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61498410/20210621060710917/index.html?e=69&leftOffset=0&topOffset=0&c=hy6FaEB8gn&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 30 Aug 2021 21:25:49 GMT
x-content-type-options: nosniff
last-modified: Mon, 30 Aug 2021 07:13:37 GMT
server: sffe
age: 371786
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-programmable
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1030572
x-xss-protection: 0
expires: Tue, 30 Aug 2022 21:25:49 GMT

GET
H3-29 200 vertrauen-fuer300x600$324x274$parallax.png_1630307610036_vertrauen-fuer300x600$324x274$parallax.png
s0.2mdn.net/dynamic/2/10829622/noc-css-images.s3-eu-west-1.amazonaws.com/output/MOTIVES/ Frame 90BD 1006 KB
1007 KB 49ms
6ms Image
image/png 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/dynamic/2/10829622/noc-css-images.s3-eu-west-1.amazonaws.com/output/MOTIVES/vertrauen-fuer300x600$324x274$parallax.png_1630307610036_vertrauen-fuer300x600$324x274$parallax.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61498371/20210621060725476/index.html?e=69&leftOffset=0&topOffset=0&c=e8IV7Uynpf&t=1&renderingType=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a53ad5839d2890be1e594d6342a5102444769c7a89fd15ffd2f3e78aa5c3ea69

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61498371/20210621060725476/index.html?e=69&leftOffset=0&topOffset=0&c=e8IV7Uynpf&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 30 Aug 2021 21:25:49 GMT
x-content-type-options: nosniff
last-modified: Mon, 30 Aug 2021 07:13:37 GMT
server: sffe
age: 371786
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-programmable
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1030572
x-xss-protection: 0
expires: Tue, 30 Aug 2022 21:25:49 GMT

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 10E5 0
20 B 29ms
29ms Image
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=B2SvMJPkyYejBM6LD7_UP2eSe2AcAAAAAOAHgBAI&bg=!1dal1pLNAAYJpm41CaY7ACkAdvg8Wj4zarXRxa5W_U0QwpcioUpUT7pF2OPnjGtMeQ2DQqX-1zwjNgIAAAN1UgAAARhoAQcKAK6J3_ocgMg0i6xetSIKepiuJccOG-KRlECW4NyJfQiTLVmSYRbmq7kW5WYU-HPL4x4wrmOs36yNYvcOjqy2v-Wi9GpDFMOgTN4rJM3nZRsk41_mMmsxUr899B9u8my9TaqnTPo8ab53JBGiq2ysbVdRFtSaGBp5jFuNQzoIWSXKqL6in0G9PW1o3O_3PUbcTiux1HhgvntCnqXTmUfpWLyRqDy5a41LRWFcdyWHFxGZAsQ0XNn6gahI9eECjCZoYxajFn8HsO4LN230iZsvIXUZyPOrOJAgPvgnSaTQo9nPZZsn9R0pinxbao-PZtWkHQOa3fWzw0rfxEiXO8JTxZ8iIQ1lY9qiDDtwiMVTqiksiwf4RM5_v3vqxmOllN79OFbG_tf1H_hIsuiP7DT9r2phPHvLP3iZPdgfgVI9YI1TWZ2oalAr--HWx1CCuL3wqd-GVbKwbTo2TYZvyEZT_oljua6OSy_uGLbA7_y4gvB9ywFJDjwuUTH2MOAa16_t81tf2WPFwGOZIEkLnhVJU9BVxdbGqmCt7BrYLm-GhnyzH0zgY4HOzdEgzmngcay6eMPxAM6VNF9kgukVB8j1A_g-wvAOhnbTgfDs4SHwVpr97qAiUUqW_G8T3XN0gNdmdc4Z7DfPWsr-gBEHe6c_9nizWyWCwEBL-tLlcCyhZmft4qHYRk0tiTiat_9BIVrYnfg5Rnz1aI0PlESb9ntdq7N9erpgaKkL2mioVY9TRumqnthOaCrJtpPuFlNGxP9cyWACGy0VyZPCvMnU8oTI_eChME-RUOlJR7jPZ3nEoXitxTtJ6JjiCAZrHAIApqMbZ-buP9OC00XGNMVUtzqFVTqJHksOphYGZpoPeC-gO5hxkvV4JisegCW8uHO6TfLBD3mdKl1H15bMocHvypBV1RxaO1o7qRPUXK7O_co-Ab0VJIPf1UBOXVLK5G5Bh6yZ70y7hl5iDHy3Ampjiq9Xvuxx-_VyeRa679xhkVXsj143Gz0Dg5PAu26EkHTvLwXUG-qtyMEePm4AFn3EQwRWVf3AF2nAuKRqCbVA54GpFzjHTuXMLobHt6GbJ6CkcepCFoKMITIBL2iQPanj5AJdE-f5qBQzgroXngeK6behFADwudUhE5uqo_lAEib6k5jQoCcFkiqzHQdtQX5rHhDkLx37aH8YH2g

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:42:15 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK adb.js Show response
play.aniview.com/59918a0e073ef4782e4e347f/5ebd46100b22d93ee56a465f/ 2 B
739 B 39ms
9ms Script
text/javascript 2a02:26f0:6c00:2ab::2c79
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://play.aniview.com/59918a0e073ef4782e4e347f/5ebd46100b22d93ee56a465f/adb.js
Requested by: Host: cdn.avantisvideo.com
URL: https://cdn.avantisvideo.com/js/video-loader2-cr.js?id=1c35f5e5-f7c0-4c97-8283-6c9f94ba8c53&tagId=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2a02:26f0:6c00:2ab::2c79 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: UploadServer /
Resource Hash: d8a957038679125d4840554fc43375697e662283121561afdefc2c3fbecaf729

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Sat, 04 Sep 2021 04:42:15 GMT
X-GUploader-UploadID: ABg5-UzuRsLKTUnE2j8TsFca2KTLvRt8NxnctG4I2-AHPJ54zUAh9bpPAQfezSx8RQX9PoHELvXaxJL-R91NukoaSB8
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
Connection: keep-alive
Content-Length: 2
Last-Modified: Thu, 14 May 2020 13:22:36 GMT
Server: UploadServer
ETag: "56f785241d0ed9fe51a8170b9dd50272"
x-goog-hash: crc32c=cz4mSA==
x-goog-generation: 1589462556858294
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Type
Cache-Control: public, max-age=1800
x-goog-stored-content-length: 2
Accept-Ranges: bytes
Content-Type: text/javascript
Expires: Sat, 04 Sep 2021 05:12:15 GMT

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 28BB 0
20 B 40ms
39ms Image
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BpN0dJPkyYbbaOYzm3wP48rmwDgAAAAA4AeAEAg&bg=!RkWlRQHNAAYJpm41CaY7ACkAdvg8Wg035zCmwGh8gs3OzyXxXmeu7_EGEwI-NlffmU6deoPQQ3PdvQIAAAO5UgAAAPhoAQcKAEKGQWVGdwQ67r4Yi6GjBfrGVe-2pg3bJuVWrxzbun7bECURB0o-fhY7NbynYK7lMpTAMwldHSwipRAloJJvwR0iH4KZAtO-BXG2Gu8ED22N1B4SdJBKqhvSgBKNetbtSjFNWJyx2qLgQymJ-nbys_V_iEEAugETuC9eN5g01s2_soaxv0PrAoIcEBLsjiKS1s-XWXMpZkWqTheYfENhHXzrCT6hb_b8x9ZGFXBqZcLJZIZxJcZCKXrofGS8O7HHKyWN9Xugrw_7uG8f4PbEP_xGARABVLQvIiEzFKkjQsvmaBv-BTWsr4b9aWmrYl3FHLEDoTM3NCeBgEyoUHmo0MMibE2Vo9PRIZrIte8WP0Pv_Smc_GJyFkB7OEFw3Hr6YnOlmIhjRMY9QPcnzneIR8YGa7MDfWFClzY9epC_A7cvQVdrUplW0KxKoKPlV1sQJi-P2_s8Kq56d1ejCGwi6cCDjkF0p2ZZZc1_-r2kQpJSTZcR9zJGuEa5GAv2A-MnQ81DAHnu1_Wy77Yb9F3Eh2lerLbdVpPQllnlod1bqSuS0KTysu07dpqeDnlWJZqbsP0Rhzw_62n1EFKPjRSQTkPfJLKM88aYVm1tWOE-AshrRnEobTIn_rjBhba9QBf48wvYMKQChbXf8QFSnLs2WFu9IFZJQSAixFC2OBt2ZDeftxtgRcNxQ9HJb9R1cpnM_FQfN8EC1j0CyZ3GfdLaooKB6q_ESsnFRsn2b54UuJIhS54QjBqETRHmQ3zxOQJV5OxRDmMTD5DG-8gicTEqztbc-1cieoIGPXQ4yNBd0B4rkj3m7jA22CBJsOoZuFndlnxxtcLyfebulXtugMcnSYSiOEPEpH5vjHiWTr8E4yYV0xBTei97sanNYBNX8CaatbMkL75z3OPG6ep062T2hqiyoNj89MD3W5HrKHPoemdY2fLXpFAEZp2iNl3LPeI4aEw3u2gCUEVEOrIZi5numdD5WIlzAlJxHADX686au39yBIW9tNrgEop80cuHGlyRB9EgsXMBab5GwU3ZwQmyMp8L_i2EoCnGiRc

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:42:15 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame AB9E 0
20 B 35ms
34ms Image
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BEeDUJPkyYeaIOvqMjuwPmI6BwAcAAAAAOAHgBAI&bg=!q6ilqOzNAAYJpm41CaY7ACkAdvg8WsnolAEistjeSIqqXeWcffSOSF5yS8N0X_sLyhhvnjPZz9ORdQIAAAOwUgAAAPtoAQeZAsT5bqECPJyFiX3rHbsZPlclgjkby-aD3y0ohmky-JEBl7KjNLrmcdeLwldHrCIOl9WkqpllA3tpZ8p41aPTFegiUGM2pauuzE-Dwx3RB6AaR45nNamt0z7lUDvUpZeBT3DlnQgcEEtZMXB2KZKEepViko9NLRj-JBXLPn0LcHdxcyj5hq8RNbotYQlt9NIvO2v5g4DlV032pbLY7Ya1bUHWE5qlN3FPTJC7oxSGNAa1GQzUrDfMqM2XzJ_KbG4AAp-ycr7Bja5iL0J97_hMMk6WQCgnba2ZzI_tNhZxB0o068XPyqkSJRFCjt7sfqCLGEQylQM9O8F_lsRkhx2gE6930WvUAfanRddbdfd6XM4TncH-vegBngJ6tl3b54oSNJ8BwVCkHIMgJur_zOQSuQN0GMLp0luNl-K8SvL_kv2Rnf0AQrqGx5yCMhKYczT4dH18Pkf14zb5Orbbr4zj0lf3ohZ8hVnNMYp5DqDik4ofV-F0pMlwuH5zjHsWcCfEffC9WlYdS9yLiBCNdEzsMiiI-3EtlUMksXVCtHb-GI1gmlvAMjkVtiqNkW763I_Lcl6G6o4bhPdX8Nj3cvw6-UqNAzX5yCMcdj4jgQa4F2yBFxcEdDfs0i7Bssv8DOcuWeyhn_SaIbJiM4j54-6TkBYFLOJ0AfrZ4RHRuIWkBaXv8yEFpFUTk0CRjymgV-tz6C7MHobTRUC-WhbeeX2PvQtRDYedGndynb2iWU1LxarcAVtY22W5n0cx8APINehbZVq0A_NMWcur-3BzIxL-8PB8uPJtNjhXYZxZO5fUWzGzlXKcILPuuS2nYf2wVDNv9mcN07xKtOTqjWY4BMmHGVMInXFUZ4QqE1ZFliktOUaPeE4CUd_tnAJMFlDqBPvqIlxFqW1SS9CObp_qSDNeqpuGnrSqUtUMxk60WHbidoq-carXxvc

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:42:15 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 aniview.js Show response
player.aniview.com/script/6.1/ 25 KB
10 KB 60ms
7ms Script
application/javascript 2a02:26f0:6c00:2ab::2c79
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://player.aniview.com/script/6.1/aniview.js
Requested by: Host: cdn.avantisvideo.com
URL: https://cdn.avantisvideo.com/js/video-loader2-cr.js?id=1c35f5e5-f7c0-4c97-8283-6c9f94ba8c53&tagId=1
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2a02:26f0:6c00:2ab::2c79 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: UploadServer /
Resource Hash: ace30162bc4c525e70b147c8f9a10292d592353f78dcd0530d132156cb194e98

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:42:15 GMT
content-encoding: gzip
x-guploader-uploadid: ADPycdsE5y69JHHi7Qf35wRVtV5sGTxNryH5cRbV7LY6aITSWNVFIuyvSj6eVsvdVN21xeKrK-a0VkM32Jf62RERASIrb1qAsA
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
content-length: 9184
last-modified: Wed, 25 Aug 2021 05:53:06 GMT
server: UploadServer
etag: "96cd7da6b3d7cb2e82e24f1f71da69ae"
vary: Accept-Encoding
x-goog-hash: crc32c=Ahy0VA==, md5=ls19prPXyy6C4k8fcdpprg==
content-language: en
access-control-allow-origin: *
x-goog-generation: 1629870786787602
access-control-expose-headers: Content-Type
cache-control: no-transform, max-age=300
x-goog-stored-content-length: 9184
accept-ranges: bytes
content-type: application/javascript
expires: Sat, 04 Sep 2021 04:47:15 GMT

GET
H3-29 200 vertrauen$673x250$parallax.png_1630307610036_vertrauen$673x250$parallax.png
s0.2mdn.net/dynamic/2/10829622/noc-css-images.s3-eu-west-1.amazonaws.com/output/MOTIVES/ Frame D6BF 1 MB
1 MB 7ms
6ms Image
image/png 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/dynamic/2/10829622/noc-css-images.s3-eu-west-1.amazonaws.com/output/MOTIVES/vertrauen$673x250$parallax.png_1630307610036_vertrauen$673x250$parallax.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61498371/20210621060725476/index.html?e=69&leftOffset=0&topOffset=0&c=2WsNqxjH0W&t=1&renderingType=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2aceca191f44f57b792abd0dda19c82f408c200a704ef58c770216208d673137

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61498371/20210621060725476/index.html?e=69&leftOffset=0&topOffset=0&c=2WsNqxjH0W&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 31 Aug 2021 13:47:41 GMT
x-content-type-options: nosniff
last-modified: Mon, 30 Aug 2021 07:13:32 GMT
server: sffe
age: 312874
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-programmable
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1305782
x-xss-protection: 0
expires: Wed, 31 Aug 2022 13:47:41 GMT

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 82DD 0
20 B 29ms
29ms Image
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BqqOdJPkyYcfJO4zm3wP48rmwDgAAAAA4AeAEAg&bg=!kpGlkdXNAAYJpm41CaY7ACkAdvg8WtoVEbELlpKLIvyEqhkcxJ2aFOLOtA6LJ5NfPXdKMrbZLIOx3AIAAAR_UgAAAMloAQcKAHYPOQ4BNS-0iseTlFuHR9y5Db7MAeVFCMq9LUEXAAxXEKIVvc5WU5bgpl1jTfOEXZ37DzZ7nHw_ncDhIxMrnmqkKPf9n1Nv-vPZghfZ-inpd70hUcPno9SUJ6xloPAbRaeLBQoOd5uOkPYMnPjD1fjaGruT0aLpmQLS7fnhbV0sohNGQrEHk2Uimh1L-GAa6k46tYfWWTS4DE_OGtyQslSb4JFZQPIl72ytGqFtPbjRgftxi_KA44FFqnZuC6oihjmE-R6U-C-Y9niSVTTE0LRo3Ni1CtdBTCIHbxd8YagRis_nTEdRs6qFo-j-hJ-2Prl1hXhkoH6U2e1WL88DY39Lc_JiaYfuQQG_Pq-gKZi4yWM4crwt0VYQOfrW4rk6Gf0DEjwjdd9thAvfKxmWMS4dKKwT0t3qheV4_lodHfugja4Me4HZfYVHVYvmroBCQbW1be76tXy3lOiaBf_ndIELhSCidi9wgbJycrBFThwkl58_QtNB3K3PDf09iWXuVoNyirHy23QPw21zk4YxBbis3wj6iT0KkqWX8O8bjW20sZjUZoUBtAdzyKLEZGJdymKTd492jOohkt7nFl8evAvWOuBSZx9M6KNaUkO3jto3wYAVZQDmJ6Pw8xj4lH0UvYbh3FD0Er84Pt-s0QHU6Pdiam_ibopffEbGoRDiA4DANFnMAFtrJRrnVbbKORn9XZbojiiJAPvYdOY7RzA1Klg36eZV9erxF7bFfHj4d94glcAgqbntwKHFosVsn6qXaMYhziWf9QBdMMrwQGUj5aFcjpaRJ_ycHN6FMjAJ97qgjKxzA-326cCVQVs48HJyjBZOTwlyJW1tztITC1t1B5wWmvGo-QbwVorsqeLPVD2PZudbqKgbhsZI8pRRear6L1Sxwz5N39a4S5j9n18MZftxPh6hI_7RGEh9HB2Zvs3d4XeHyU6u-79j8OGqIpzRTh949-YUPNT6NiiLBNxh4ygmkCiZMFIJITMURTwZloRakMZQ10OwYMXXWEibgGKj2WY7o0PJ1j4oj9T-zihOWYDlr5e_F_kkxDzeyooiDWuIn_J9J8jK9W-bjQjGgwOepwNuMMRQYhAhwLXvI9LPlJbP2e-pLAY5MjpiO1c

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:42:15 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame DB3E 0
20 B 60ms
60ms Image
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=B4LCPJPkyYfDHO8H33wOO14uACQAAAAA4AeAEAg&bg=!SEulSw_NAAYJpm41CaY7ACkAdvg8WsPek4QZC8i9WQDg40rqxlLi3WhKfZwhUyNfRGEQaxGaWuEnbAIAAAWEUgAAALBoAQeZAsqBYkd6Cz8Kyn1mq2y793RZeyfduf12xvBw91IM9zHLuQ22w_WFREwZKpktpthCIHX96fIu9vueKmlDmNu7m3fhA-PmxBtiIEYoiQZGZr4gqI_5xvGoKojCbbbYKj4q0yZVw192FVX5GbjES4BAaIr4USPXyoAEXM2LEYRVYS2uQerFiVSbrounayYX-CCGUw5q7dKrcCED6MfFUXS6QAV22Q65peHbCaCB7oX6EuNsvnmWasvPZzN2parxMUsXfktI2jbBU9jZZFc7CM4jPmWJ9EEDCJuHSjXSMvaWmpEi7PIXxk1JRhbCHaI6wW58ob9kynUivf1shOQWP1ljVdUdX-Kq-NrsCUWJAHncOLRrWBhxUeCFZx03curxfHwz0mXm691MyDDRRnMA9AvTRn8aQg2HpCKyXU5qKxfPNbJMd4dU2TZI-8OBVMXDXGDuMpQtQ-nfx_cal75yCpdyAQmidkJg6Kj8n29bZ28rx9xodTjdWNLnW2dCzXftEyk1SMC7EL1GJwI3F6Gr-Hl6RPH2_kv7fwVnCeQMyz2oFgA7g1enrIvEOkbUNCjgWLX2pjMOpGOBkx-zHKwNGuZGx_huWXxI_YirbUd_ZHTcxmJ1rDNcPLPicFoBjKathcDG8AmewtqlimB2UbiXp5p6qDeghf69JHfhxau0PEUo3AArzAP-4gfWc9PEIL2wLL2Go-w3RyZc91-l9rEAsuuqWIFMkib9KJqu-NLhW6Kyl-EmhaMAw1zhWpI-_sU6JiX6CTa7zgP9uckZQAwRZq1ZxWYTZBKJBk7lbXJ9SVLBYmvpG630uZiEuFdo7GmoVojmJ2FpnigHQ6HQe32texpdqJ05LtH8pf_wu41fSZT189qH3H5_OYfHV_ztQL-1st83hC8aGkzRGO-l8oRs-PeuPggbGUXdl_BoP7kdWLETy6fz8XV6gNU_0Frl26k

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:42:15 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 AVmanager.js Show response
player.aniview.com/script/6.1/ Frame 5C9C 346 KB
98 KB 9ms
7ms Script
application/javascript 2a02:26f0:6c00:2ab::2c79
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=5e5bd02728a06124e30d85c3
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/aniview.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2a02:26f0:6c00:2ab::2c79 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: UploadServer /
Resource Hash: 1459debe4ae50fd8d33bf2b2ea987bb180ddb9a66014c4bec96ca790e7d123b1

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:42:15 GMT
content-encoding: gzip
x-guploader-uploadid: ADPycdvLQxAAENPGHOr5NZjC_tyoO5WKEEW2C7BKhZG3wO4LXlPF_GxotWnFuB_1nS1Vo9jUZPAwEAPBJLtPLgXop98
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 2
x-goog-stored-content-encoding: gzip
content-length: 99995
last-modified: Wed, 25 Aug 2021 05:52:40 GMT
server: UploadServer
etag: "2272c99eaa1581a4dad17d82a7e6863a"
vary: Accept-Encoding
x-goog-hash: crc32c=0WMWDQ==, md5=InLJnqoVgaTa0X2Cp+aGOg==
content-language: en
access-control-allow-origin: *
x-goog-generation: 1629870760547112
access-control-expose-headers: Content-Type
cache-control: public, max-age=300
x-goog-stored-content-length: 99995
accept-ranges: bytes
content-type: application/javascript
expires: Sat, 04 Sep 2021 04:47:15 GMT

GET
H2 200 AVmanager.js Show response
player.aniview.com/script/6.1/ab5/ Frame 7EDE 346 KB
98 KB 38ms
37ms Script
application/javascript 2a02:26f0:6c00:2ab::2c79
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://player.aniview.com/script/6.1/ab5/AVmanager.js?v=1.0&type=s&pid=5e5bd02728a06124e30d85c3
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/aniview.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2a02:26f0:6c00:2ab::2c79 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: UploadServer /
Resource Hash: 1459debe4ae50fd8d33bf2b2ea987bb180ddb9a66014c4bec96ca790e7d123b1

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:42:15 GMT
content-encoding: gzip
x-guploader-uploadid: ADPycdt1qYLjKNBWd_EqCo4av5ZDi_vj57MxH18HD78yD7RFu2JxoO8iU4mjy-XlVzEnDNUyKq-zeaDv_wvJzSAg-DE
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
content-length: 99995
last-modified: Wed, 01 Sep 2021 06:55:03 GMT
server: UploadServer
etag: "2272c99eaa1581a4dad17d82a7e6863a"
vary: Accept-Encoding
x-goog-hash: crc32c=0WMWDQ==, md5=InLJnqoVgaTa0X2Cp+aGOg==
content-language: en
access-control-allow-origin: *
x-goog-generation: 1630479303468422
access-control-expose-headers: Content-Type
cache-control: public, max-age=300
x-goog-stored-content-length: 99995
accept-ranges: bytes
content-type: application/javascript
expires: Sat, 04 Sep 2021 04:47:15 GMT

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame E726 0
20 B 34ms
33ms Image
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BZNYuJPkyYZ_sO57l7_UP5ca9oA0AAAAAOAHgBAI&bg=!yMuly4_NAAYJpm41CaY7ACkAdvg8WqQo1Bt6dR-CgiAGBgWbeTdzRpot86C_1OknRqp7_mb8nY99TQIAAAV5UgAAAI5oAQcKAMFaxXxfWQDXxU9qhSC7G7SL9fGlq9wjKFIzMzsrL_M_U0kMk4IgzkTDBGRLflZNNIhxNyabbjeu7I3GTdQqgyoSrfIGJVSjfqlsvcbckv1V2YEUhcxjh-H0K60YQNR-8Elt_Vo81oKoHr5e7DoT6TlTmUHZFemDKCZiWkC3S-jOcdGQR5I3lN5iHcKn_v05xgzWpCAf0vWb9wJ516fRSsugoTodEQr9CcVkSsuHUwar2mbjNNpfXJbA6Fw_-KThOb5kmQLQCqKUS5Q78PzyRwmMnDfesCTiHeu6y58oiy4zdQtOZDKnbD5ng4Niv1IB4AoZTY8whVTNKh0n4cmCTnMYL9JLOCyWRXitq7zSQzsPizwWjB5RWO_8ZHw_TkRdMAGu_VhjO358hud2G7XeywGOxagKuTvlYkgHkPqg4z8A9Vfq-MtGfMmssVs68YA1H3ShmuIgTb0a2cT32VkCgjV7ADDUOErV0isP7mHVg4J6wsicmQCp0DfdcT_AMgXs5MFREFMuGf7YTON6Za1aqQPCxGiVPuqSzuXCyfIqOcAbg6cMwEUS_nhANa5iOqSwjvoI7K3vk1M_O4zGVLRE43cyWMRMey6_c1sqpSlD78ayY1lA3kQLNMkQkm9ZQU-E-_IArnmzHG1yd2H8tCAO4r6Y28RBL0PiaHQkkmcgrgbdtCriR5Jr_OcU3FYhzO429HaZDZB6u3qEL7an9-SabA8z8B1BmL74F7bWtpicQOnob_3mcIaHJpsnLBHZJzm6h24TiK1HxdS-Slhne8fCQfh9REDBX-XMQXE93rAiVOq20y_1G7CTIqfAEX2uOg9YaBJhk6wZmsWgCx9DEe_GgLNJFxnaXsV06hafmzicT0n9_lAAv0NwyPgwyzDBT02x4vuMf_ir6cGTnLJ3wvMMVQzjuDQRFNDHeR4SThkGHNpP2Mz2diVN-GAN416qlwrnsO_LD5hXluudbuliiewcOsc0cxI7LZTJ4isSVyhc4sNX-YwJyJi7v2tymNSGzQwyP0GMRioAJB6J5AIKxtWlg7S4S55TC9gqDJF5-4lXqRVC-XxDTrEEgnDXmTLCMs24efRgEarpTLiXJbSRxUM35hjDX2ZB8w5A-ya9DiXxqFFXz3qwnrohPOz_BNanRd6Ov-OR8z7fPgKam1vjU-sEmDavrnU2VlCJahT0mShLZimFhXH8N4ppVRtyG2AHDpJERT52Z4al

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:42:16 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 vertrauen-fuer300x250$324x274$parallax.png_1630307610036_vertrauen-fuer300x250$324x274$parallax.png
s0.2mdn.net/dynamic/2/10829622/noc-css-images.s3-eu-west-1.amazonaws.com/output/MOTIVES/ Frame D722 833 KB
833 KB 9ms
7ms Image
image/png 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/dynamic/2/10829622/noc-css-images.s3-eu-west-1.amazonaws.com/output/MOTIVES/vertrauen-fuer300x250$324x274$parallax.png_1630307610036_vertrauen-fuer300x250$324x274$parallax.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61490714/20210621060706056/index.html?e=69&leftOffset=0&topOffset=0&c=sAEUSHBSQE&t=1&renderingType=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3c12076d7a455c11a2079b24bf90f3b1d38a41b6700c6e7b005f21918d15fcfa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61490714/20210621060706056/index.html?e=69&leftOffset=0&topOffset=0&c=sAEUSHBSQE&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 03 Sep 2021 05:21:29 GMT
x-content-type-options: nosniff
last-modified: Mon, 30 Aug 2021 07:13:42 GMT
server: sffe
age: 84047
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-programmable
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 852877
x-xss-protection: 0
expires: Sat, 03 Sep 2022 05:21:29 GMT

GET
H2 200 track
track1.aniview.com/ 0
70 B 390ms
144ms Image
text/plain 34.239.92.103
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track1.aniview.com/track?r=www.123greetings.com&sn=Email2&ic=0&tgt=0&app=&wi=400&he=225&test=&apppkg=&fv=3&proto=https&pid=5e5bd02728a06124e30d85c3&cid=5e5bd1f528a0610dd725f7d8&stagid=&stplid=&e=inventory&vi=100&cb=1630730536118
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.239.92.103 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-239-92-103.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:42:16 GMT
cache-control: max-age=0, no-cache, no-store
content-length: 0

GET
H2 200 track
track1.aniview.com/ 0
71 B 372ms
143ms Image
text/plain 34.239.92.103
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track1.aniview.com/track?r=www.123greetings.com&sn=Email2&ic=0&tgt=0&app=&wi=600&he=338&test=5&apppkg=&fv=3&proto=https&pid=5e5bd02728a06124e30d85c3&cid=5ec3e3871f5e5c792c20f9f7&stagid=&stplid=&e=inventory&vi=100&cb=1630730536136
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.239.92.103 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-239-92-103.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:42:16 GMT
cache-control: max-age=0, no-cache, no-store
content-length: 0

GET
H2 200 / Show response
go1.aniview.com/api/adserver/tag/ 11 KB
3 KB 397ms
121ms XHR
application/json 52.1.46.74
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://go1.aniview.com/api/adserver/tag/?AV_URL=https%3A%2F%2Fwww.123greetings.com%2Fevents%2Ffall%2F%3Futm_source&utm_medium=Special_NL&utm_campaign=SNL_sep21_events&AV_SUBID=Email2&AV_SECURED=1&AV_LANGUAGE=en&AV_PUBLISHERID=5e5bd02728a06124e30d85c3&AV_CHANNELID=5e5bd1f528a0610dd725f7d8&format=json&tgt=0&AV_CDIM1=&AV_CDIM2=&AV_CDIM3=&AV_ABT=&pce=1&npx=1&AV_DETDOMAIN=www.123greetings.com&AV_DADPOS=3&v=6.1.1.243&avtoken=536117&AV_WIDTH=400&AV_HEIGHT=225&AV_DNT=0&cb=1630730536257
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=5e5bd02728a06124e30d85c3
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.1.46.74 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-1-46-74.compute-1.amazonaws.com
Software: /
Resource Hash: 83648acde5165da6f5a13b4e9dc1dd55f2e580772dcaec57537600fbafe57497

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:42:16 GMT
content-encoding: gzip
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://www.123greetings.com
cache-control: no-cache
access-control-allow-credentials: true
expires: Mon, 23 Aug 2021 14:55:36 GMT

POST
H2 204 /
events1.avantisvideo.com/ 0
34 B 187ms
187ms Ping
text/plain 35.82.37.37
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://events1.avantisvideo.com/
Requested by: Host: cdn.avantisvideo.com
URL: https://cdn.avantisvideo.com/js/video-loader2-cr.js?id=1c35f5e5-f7c0-4c97-8283-6c9f94ba8c53&tagId=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.82.37.37 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-82-37-37.us-west-2.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Sat, 04 Sep 2021 04:42:16 GMT

GET
H2 200 / Show response
go1.aniview.com/api/adserver/tag/5/ 11 KB
3 KB 388ms
122ms XHR
application/json 52.1.46.74
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://go1.aniview.com/api/adserver/tag/5/?AV_URL=https%3A%2F%2Fwww.123greetings.com%2Fevents%2Ffall%2F%3Futm_source&utm_medium=Special_NL&utm_campaign=SNL_sep21_events&AV_SUBID=Email2&AV_SECURED=1&AV_LANGUAGE=en&AV_PUBLISHERID=5e5bd02728a06124e30d85c3&AV_CHANNELID=5ec3e3871f5e5c792c20f9f7&format=json&tgt=0&AV_CDIM1=&AV_CDIM2=&AV_CDIM3=&AV_ABT=5&pce=1&npx=1&AV_DETDOMAIN=www.123greetings.com&AV_DADPOS=3&v=6.1.1.243&avtoken=536136&AV_WIDTH=600&AV_HEIGHT=338&AV_DNT=0&cb=1630730536268
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/ab5/AVmanager.js?v=1.0&type=s&pid=5e5bd02728a06124e30d85c3
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.1.46.74 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-1-46-74.compute-1.amazonaws.com
Software: /
Resource Hash: efd97a9caf5b9e30e1de009c6c650facb8993f5bb1256d9ce7d2d7b72a3bee9a

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:42:16 GMT
content-encoding: gzip
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://www.123greetings.com
cache-control: no-cache
access-control-allow-credentials: true
expires: Mon, 23 Aug 2021 14:55:36 GMT

POST
H2 204 /
events1.avantisvideo.com/ 0
34 B 188ms
188ms Ping
text/plain 35.82.37.37
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://events1.avantisvideo.com/
Requested by: Host: cdn.avantisvideo.com
URL: https://cdn.avantisvideo.com/js/video-loader2-cr.js?id=1c35f5e5-f7c0-4c97-8283-6c9f94ba8c53&tagId=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.82.37.37 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-82-37-37.us-west-2.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Sat, 04 Sep 2021 04:42:16 GMT

GET
H2

200

cookiesyncendpoint Show response
sync.aniview.com/ Frame 207F
Redirect Chain

https://secure.adnxs.com/getuid?https%3A%2F%2Fsync.aniview.com%2Fcookiesyncendpoint%3Fauid%3D1630730536592-919282496603-008741-015-006420%26biddername%3D55%26key%3D%24UID
https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fsync.aniview.com%252Fcookiesyncendpoint%253Fauid%253D1630730536592-919282496603-008741-015-006420%2526biddername%253D55%2526key%253D%...
https://sync.aniview.com/cookiesyncendpoint?auid=1630730536592-919282496603-008741-015-006420&biddername=55&key=7687085539858020377

0
216 B

361ms
129ms

Document
text/plain

34.196.245.189
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://sync.aniview.com/cookiesyncendpoint?auid=1630730536592-919282496603-008741-015-006420&biddername=55&key=7687085539858020377
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=5e5bd02728a06124e30d85c3
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.196.245.189 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-196-245-189.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:method: GET
:authority: sync.aniview.com
:scheme: https
:path: /cookiesyncendpoint?auid=1630730536592-919282496603-008741-015-006420&biddername=55&key=7687085539858020377
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.123greetings.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: aniC=1630730536591-964452496603-008575-011-002896
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://www.123greetings.com/

Response headers

date: Sat, 04 Sep 2021 04:42:17 GMT
content-length: 0
set-cookie: 2_C_55=7687085539858020377; Path=/; Domain=aniview.com; Expires=Sun, 05 Sep 2021 04:42:17 GMT; Secure; SameSite=None 2_C_55=7687085539858020377; Path=/; Expires=Sun, 05 Sep 2021 04:42:17 GMT; Secure; SameSite=None

Redirect headers

Server: nginx/1.17.9
Date: Sat, 04 Sep 2021 04:42:16 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Location: https://sync.aniview.com/cookiesyncendpoint?auid=1630730536592-919282496603-008741-015-006420&biddername=55&key=7687085539858020377
AN-X-Request-Uuid: 5ea3c237-a688-4215-a3da-c439e23b5a92
Set-Cookie: uuid2=7687085539858020377; SameSite=None; Path=/; Max-Age=7776000; Expires=Fri, 03-Dec-2021 04:42:16 GMT; Domain=.adnxs.com; Secure; HttpOnly
X-Proxy-Origin: 185.236.201.228; 185.236.201.228; 720.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com

GET
H/1.1 200
OK ptv Show response
ib.adnxs.com/ 85 B
771 B 131ms
100ms XHR
application/xml 185.33.221.15
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ptv?id=19012622&referrer=https%3A%2F%2Fwww.123greetings.com%2Fevents%2Ffall%2F%3Futm_source&us_privacy=1---&cbb=730536678&imp_id=9acb7408-8e59-42e2-ae11-661572f5f656

Requested by

Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=5e5bd02728a06124e30d85c3

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.15 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

720.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

b2effcb18f514a7896e737bdda537f2ef3b5bb989eb247f4ab2aa3facf1148ea

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 04 Sep 2021 04:42:16 GMT
X-Proxy-Origin: 185.236.201.228; 185.236.201.228; 720.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 437bca44-3b0d-4fb3-8bcb-95e72a35cd37
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.123greetings.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/xml; charset=utf-8
Content-Length: 85
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 200 s2s Show response
s2s.aniview.com/api/adserver/ 1 B
235 B 369ms
153ms XHR
text/plain 52.203.102.176
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://s2s.aniview.com/api/adserver/s2s?auc_id=8496b68f9a70c11f49e68125df5c3185_1723158171&wpm=&ssrtb=&pbjs=&AV_C_USER_ID=1630730536592-919282496603-008741-015-006420&AV_URL=https%3A%2F%2Fwww.123greetings.com%2Fevents%2Ffall%2F%3Futm_source&utm_medium=Special_NL&utm_campaign=SNL_sep21_events&AV_SUBID=Email2&AV_SECURED=1&AV_LANGUAGE=en&AV_PUBLISHERID=5e5bd02728a06124e30d85c3&AV_CHANNELID=5e5bd1f528a0610dd725f7d8&format=json&tgt=0&AV_CDIM1=&AV_CDIM2=&AV_CDIM3=&AV_ABT=&pce=1&npx=1&AV_DETDOMAIN=www.123greetings.com&AV_DADPOS=3&v=6.1.1.243&avtoken=536117&AV_WIDTH=400&AV_HEIGHT=225&AV_DNT=0&cb=730536681&tgt=0&&AV_VI=0&AV_VID=0
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=5e5bd02728a06124e30d85c3
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.203.102.176 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-203-102-176.compute-1.amazonaws.com
Software: /
Resource Hash: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:42:17 GMT
content-encoding: gzip
vary: Accept-Encoding
content-type: text/plain
access-control-allow-origin: https://www.123greetings.com
cache-control: no-cache
access-control-allow-credentials: true
expires: Mon, 23 Aug 2021 14:55:37 GMT

GET
H2 200 avpb3.js Show response
player.aniview.com/script/6.1/ Frame 5C9C 282 KB
89 KB 9ms
6ms Script
application/javascript 2a02:26f0:6c00:2ab::2c79
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://player.aniview.com/script/6.1/avpb3.js
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=5e5bd02728a06124e30d85c3
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2a02:26f0:6c00:2ab::2c79 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: UploadServer /
Resource Hash: 8cd4b8b06d59ef4dd52b1d2b22c9dd0a2c2f0d42f0bccbf918a07dbaf3e531f6

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:42:16 GMT
content-encoding: gzip
x-guploader-uploadid: ADPycdvyfBlPTagPdb5aEhqfrh7qC0FMszxeDTkgCIiXTfzjq1N5aTNO8qVH94vquRWJjaxeNkqDbErFjfqKM7etMpc
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 2
x-goog-stored-content-encoding: gzip
content-length: 90379
last-modified: Wed, 25 Aug 2021 05:51:56 GMT
server: UploadServer
etag: "cbc43a94682697a04cd9e52edf034719"
vary: Accept-Encoding
x-goog-hash: crc32c=GDSkGQ==, md5=y8Q6lGgml6BM2eUu3wNHGQ==
content-language: en
access-control-allow-origin: *
x-goog-generation: 1629870716641505
access-control-expose-headers: Content-Type
cache-control: public, max-age=300
x-goog-stored-content-length: 90379
accept-ranges: bytes
content-type: application/javascript
expires: Sat, 04 Sep 2021 04:47:16 GMT

GET
H2 200 track
track1.aniview.com/ 0
70 B 121ms
120ms Image
text/plain 34.239.92.103
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track1.aniview.com/track?d=Chrome&cou=CH&cos=Windows&r=www.123greetings.com&rs=www.123greetings.com&sid=60164&t=1630730536&cip=185.236.201.228&sn=Email2&tgt=0&osv=10&bv=92.0&brn=Chrome&wi=400&he=225&app=&AV_PUBLISHERID=5e5bd02728a06124e30d85c3&test=&aafaid=&proto=https&uid=1630730536592-919282496603-008741-015-006420&cha=0.7&stagid=&stplid=&cb=24191924397&d9=0000&AV_WIDTH=400&AV_HEIGHT=225&&ppid=5e5bd02728a06124e30d85c3&nid=59918a0e073ef4782e4e347f&pcid=5e5bd1f528a0610dd725f7d8&ncid=5e8b3e740cd6ad6132403f66&pasid=5e8b42ae145a8138e61d4a85&e=request&cb=1630730536711&asid=60e594d3cc338a41335e9e75%2C60e594da4123720f2e250d24%2C5e9030afdc817965520eb855%2C6114f48c04b3691b08691b7c%2C608e90cf34acc10fb7767e4a%2C6114f476dd0eb2621e735342&ofpr=%2C%2C%2C0.29%2C0.26%2C0.2&fpo=%2C%2C%2C%2C%2C
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.239.92.103 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-239-92-103.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:42:16 GMT
cache-control: max-age=0, no-cache, no-store
content-length: 0

GET
H2

200

cookiesyncendpoint Show response
sync.aniview.com/ Frame C5B1
Redirect Chain

https://secure.adnxs.com/getuid?https%3A%2F%2Fsync.aniview.com%2Fcookiesyncendpoint%3Fauid%3D1630730536591-964452496603-008575-011-002896%26biddername%3D55%26key%3D%24UID
https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fsync.aniview.com%252Fcookiesyncendpoint%253Fauid%253D1630730536591-964452496603-008575-011-002896%2526biddername%253D55%2526key%253D%...
https://sync.aniview.com/cookiesyncendpoint?auid=1630730536591-964452496603-008575-011-002896&biddername=55&key=4739656639353668120

0
216 B

303ms
130ms

Document
text/plain

34.196.245.189
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://sync.aniview.com/cookiesyncendpoint?auid=1630730536591-964452496603-008575-011-002896&biddername=55&key=4739656639353668120
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/ab5/AVmanager.js?v=1.0&type=s&pid=5e5bd02728a06124e30d85c3
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.196.245.189 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-196-245-189.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:method: GET
:authority: sync.aniview.com
:scheme: https
:path: /cookiesyncendpoint?auid=1630730536591-964452496603-008575-011-002896&biddername=55&key=4739656639353668120
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.123greetings.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: aniC=1630730536591-964452496603-008575-011-002896
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://www.123greetings.com/

Response headers

date: Sat, 04 Sep 2021 04:42:17 GMT
content-length: 0
set-cookie: 2_C_55=4739656639353668120; Path=/; Domain=aniview.com; Expires=Sun, 05 Sep 2021 04:42:17 GMT; Secure; SameSite=None 2_C_55=4739656639353668120; Path=/; Expires=Sun, 05 Sep 2021 04:42:17 GMT; Secure; SameSite=None

Redirect headers

Server: nginx/1.17.9
Date: Sat, 04 Sep 2021 04:42:16 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Location: https://sync.aniview.com/cookiesyncendpoint?auid=1630730536591-964452496603-008575-011-002896&biddername=55&key=4739656639353668120
AN-X-Request-Uuid: db981bc6-c80d-442b-9436-8c5355e12f7f
Set-Cookie: uuid2=4739656639353668120; SameSite=None; Path=/; Max-Age=7776000; Expires=Fri, 03-Dec-2021 04:42:16 GMT; Domain=.adnxs.com; Secure; HttpOnly
X-Proxy-Origin: 185.236.201.228; 185.236.201.228; 720.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com

GET
H/1.1 200
OK ptv Show response
ib.adnxs.com/ 85 B
771 B 37ms
34ms XHR
application/xml 185.33.221.15
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ptv?id=19012622&referrer=https%3A%2F%2Fwww.123greetings.com%2Fevents%2Ffall%2F%3Futm_source&us_privacy=1---&cbb=730536724&imp_id=be1635fb-0ad1-4a9b-b4a2-04bd497cec7a

Requested by

Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/ab5/AVmanager.js?v=1.0&type=s&pid=5e5bd02728a06124e30d85c3

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.15 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

720.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

b2effcb18f514a7896e737bdda537f2ef3b5bb989eb247f4ab2aa3facf1148ea

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 04 Sep 2021 04:42:16 GMT
X-Proxy-Origin: 185.236.201.228; 185.236.201.228; 720.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 4d594336-0e89-4fb1-aea8-56a013bfcf88
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.123greetings.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/xml; charset=utf-8
Content-Length: 85
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 200 s2s Show response
s2s.aniview.com/api/adserver/ 1 B
236 B 340ms
139ms XHR
text/plain 52.203.102.176
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://s2s.aniview.com/api/adserver/s2s?auc_id=504b32684c7ac79c52d3ca9d3c450c2e_172314925&wpm=&ssrtb=&pbjs=&AV_C_USER_ID=1630730536591-964452496603-008575-011-002896&AV_URL=https%3A%2F%2Fwww.123greetings.com%2Fevents%2Ffall%2F%3Futm_source&utm_medium=Special_NL&utm_campaign=SNL_sep21_events&AV_SUBID=Email2&AV_SECURED=1&AV_LANGUAGE=en&AV_PUBLISHERID=5e5bd02728a06124e30d85c3&AV_CHANNELID=5ec3e3871f5e5c792c20f9f7&format=json&tgt=0&AV_CDIM1=&AV_CDIM2=&AV_CDIM3=&AV_ABT=5&pce=1&npx=1&AV_DETDOMAIN=www.123greetings.com&AV_DADPOS=3&v=6.1.1.243&avtoken=536136&AV_WIDTH=600&AV_HEIGHT=338&AV_DNT=0&cb=730536727&tgt=0&&AV_VI=22&AV_VID=0
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/ab5/AVmanager.js?v=1.0&type=s&pid=5e5bd02728a06124e30d85c3
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.203.102.176 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-203-102-176.compute-1.amazonaws.com
Software: /
Resource Hash: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:42:17 GMT
content-encoding: gzip
vary: Accept-Encoding
content-type: text/plain
access-control-allow-origin: https://www.123greetings.com
cache-control: no-cache
access-control-allow-credentials: true
expires: Mon, 23 Aug 2021 14:55:37 GMT

GET
H2 200 avpb3.js Show response
player.aniview.com/script/6.1/ab5/ Frame 7EDE 282 KB
89 KB 6ms
6ms Script
application/javascript 2a02:26f0:6c00:2ab::2c79
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://player.aniview.com/script/6.1/ab5/avpb3.js
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/ab5/AVmanager.js?v=1.0&type=s&pid=5e5bd02728a06124e30d85c3
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2a02:26f0:6c00:2ab::2c79 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: UploadServer /
Resource Hash: 8cd4b8b06d59ef4dd52b1d2b22c9dd0a2c2f0d42f0bccbf918a07dbaf3e531f6

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:42:16 GMT
content-encoding: gzip
x-guploader-uploadid: ADPycdvvSZvLJLlmC9GJbxKuMu_NKrO423pqiuWGKPhFtSst1hgvViuj5oDeS2vCaZ2URi3CZdXYOOrVDiisIWqu85k
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
content-length: 90379
last-modified: Wed, 01 Sep 2021 06:53:23 GMT
server: UploadServer
etag: "cbc43a94682697a04cd9e52edf034719"
vary: Accept-Encoding
x-goog-hash: crc32c=GDSkGQ==, md5=y8Q6lGgml6BM2eUu3wNHGQ==
content-language: en
access-control-allow-origin: *
x-goog-generation: 1630479202945162
access-control-expose-headers: Content-Type
cache-control: public, max-age=300
x-goog-stored-content-length: 90379
accept-ranges: bytes
content-type: application/javascript
expires: Sat, 04 Sep 2021 04:47:16 GMT

GET
H2 200 track
track1.aniview.com/ 0
70 B 120ms
120ms Image
text/plain 34.239.92.103
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track1.aniview.com/track?d=Chrome&cou=CH&cos=Windows&r=www.123greetings.com&rs=www.123greetings.com&sid=80101&t=1630730536&cip=185.236.201.228&sn=Email2&tgt=0&osv=10&bv=92.0&brn=Chrome&wi=600&he=338&app=&AV_PUBLISHERID=5e5bd02728a06124e30d85c3&test=5&aafaid=&proto=https&uid=1630730536591-964452496603-008575-011-002896&cha=0.05&stagid=&stplid=&cb=94255378259&d9=0000&AV_WIDTH=600&AV_HEIGHT=338&&ppid=5e5bd02728a06124e30d85c3&nid=59918a0e073ef4782e4e347f&pcid=5ec3e3871f5e5c792c20f9f7&ncid=5e8b3e740cd6ad6132403f66&pasid=5e8b42ae145a8138e61d4a85&e=request&cb=1630730536732&asid=60e594d3cc338a41335e9e75%2C60e594da4123720f2e250d24%2C5e9030afdc817965520eb855%2C6114f48c04b3691b08691b7c%2C608e90cf34acc10fb7767e4a%2C6114f476dd0eb2621e735342&ofpr=%2C%2C%2C0.29%2C0.26%2C0.2&fpo=%2C%2C%2C%2C%2C
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.239.92.103 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-239-92-103.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:42:16 GMT
cache-control: max-age=0, no-cache, no-store
content-length: 0

POST
H/1.1 204
No Content 287573 Show response
search.spotxchange.com/openrtb/2.3/dados/ 0
989 B 110ms
37ms XHR
application/json 185.94.180.124
SPOTX-AMS

General

Check archive.org

Show headers Download Go to

Full URL: https://search.spotxchange.com/openrtb/2.3/dados/287573?src_sys=prebid
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/avpb3.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 185.94.180.124 Amsterdam, Netherlands, ASN35220 (SPOTX-AMS, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain

Response headers

Date: Sat, 04 Sep 2021 04:42:16 GMT
X-SpotX-Timing-Transform: 0.000388
X-SpotX-Timing-SpotMarket: 0.003018
X-SpotX-Timing-Page-Mux: 0.001003
X-SpotX-Timing-Page-Require: 0.000342
X-fe: 135
Connection: keep-alive
X-SpotX-Timing-Page-Cookie: 0.000002
X-SpotX-Timing-Page: 0.009530
Pragma: no-cache
X-SpotX-Timing-Page-Context: 0.000309
Last-Modified: Sat, 04 Sep 2021 04:42:16 GMT
Server: nginx
Cache-Control: no-cache, must-revalidate, post-check=0, pre-check=0
X-SpotX-Timing-SpotMarket-Primary: 0.003018
Access-Control-Allow-Methods: POST, GET, PATCH, DELETE, OPTIONS
Content-Type: application/json
Access-Control-Allow-Origin: https://www.123greetings.com
X-SpotX-Timing-Page-Misc: 0.004456
X-SpotX-Timing-Page-Exception: 0.000001
X-SpotX-Timing-SpotMarket-Secondary: 0.000000
X-SpotX-Timing-Page-URI: 0.000011
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 cygnus Show response
htlb.casalemedia.com/ 24 B
527 B 93ms
30ms XHR
application/json 23.37.38.181
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://htlb.casalemedia.com/cygnus?s=512884&v=8.1&ac=j&sd=1&nf=1&r=%7B%22id%22%3A%223f5f3d15f86e76%22%2C%22site%22%3A%7B%22page%22%3A%22https%3A%2F%2Fwww.123greetings.com%2Fevents%2Ffall%2F%3Futm_source%3DEmail2%26utm_medium%3DSpecial_NL%26utm_campaign%3DSNL_sep21_events%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%2C%22ixdiag%22%3A%7B%22mfu%22%3A0%2C%22bu%22%3A0%2C%22iu%22%3A0%2C%22nu%22%3A0%2C%22ou%22%3A1%2C%22allu%22%3A1%2C%22ren%22%3Atrue%2C%22version%22%3A%224.42.1%22%2C%22userIds%22%3A%5B%5D%2C%22msd%22%3A0%2C%22msi%22%3A0%7D%7D%2C%22source%22%3A%7B%22ext%22%3A%7B%22schain%22%3A%7B%22ver%22%3A%221.0%22%2C%22nodes%22%3A%5B%7B%22name%22%3A%22123Greetings%22%2C%22asi%22%3A%22avantisvideo.com%22%2C%22sid%22%3A%228079%22%2C%22rid%22%3A%228496b68f9a70c11f49e68125df5c3185_1723158171%22%2C%22domain%22%3A%22123greetings.com%22%2C%22hp%22%3A1%7D%5D%2C%22complete%22%3A1%7D%7D%7D%2C%22imp%22%3A%5B%7B%22id%22%3A%2247646082c5715%22%2C%22ext%22%3A%7B%22siteID%22%3A%22512884%22%2C%22sid%22%3A%22400x225%22%2C%22fl%22%3A%22x%22%7D%2C%22video%22%3A%7B%22mimes%22%3A%5B%22video%2Fmp4%22%2C%22video%2Fwebm%22%2C%22application%2Fjavascript%22%5D%2C%22minduration%22%3A1%2C%22maxduration%22%3A60%2C%22api%22%3A%5B2%5D%2C%22protocols%22%3A%5B2%2C3%2C5%2C6%5D%2C%22w%22%3A400%2C%22h%22%3A225%2C%22placement%22%3A4%7D%2C%22bidfloor%22%3A0.2%2C%22bidfloorcur%22%3A%22USD%22%7D%5D%7D
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/avpb3.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.37.38.181 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-37-38-181.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: ee8588778287c0926d07a6f50c41bbb2a0c7e3c2b468f0c4984de86d85b104d7

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:42:16 GMT
content-encoding: gzip
x-ak-initial-geo: CC:[CH], RC:[ZH], CN:[EU], CIP:[185.236.201.228], XFF:[]
server: Apache
vary: Is-Traffic-Invalid,Accept-Encoding
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
access-control-allow-origin: https://www.123greetings.com
x-cs-client-geo: 12
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: true
content-type: application/json
content-length: 44
x-ak-client-geo: 12
expires: Sat, 04 Sep 2021 04:42:16 GMT

POST
H/1.1 204
No Content openrtb Show response
ads.adaptv.advertising.com/rtb/ 0
221 B 114ms
32ms XHR
application/json 18.195.69.184
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.adaptv.advertising.com/rtb/openrtb?ext_id=Avantis
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/avpb3.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.195.69.184 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-69-184.eu-central-1.compute.amazonaws.com
Software: adaptv/1.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://www.123greetings.com
access-control-allow-credentials: true
server: adaptv/1.0
Connection: keep-alive
content-length: 0
content-type: application/json

POST
H/1.1 204
No Content 287573 Show response
search.spotxchange.com/openrtb/2.3/dados/ 0
989 B 79ms
35ms XHR
application/json 185.94.180.124
SPOTX-AMS

General

Check archive.org

Show headers Download Go to

Full URL: https://search.spotxchange.com/openrtb/2.3/dados/287573?src_sys=prebid
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/ab5/avpb3.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 185.94.180.124 Amsterdam, Netherlands, ASN35220 (SPOTX-AMS, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain

Response headers

Date: Sat, 04 Sep 2021 04:42:16 GMT
X-SpotX-Timing-Transform: 0.000337
X-SpotX-Timing-SpotMarket: 0.003257
X-SpotX-Timing-Page-Mux: 0.000971
X-SpotX-Timing-Page-Require: 0.000354
X-fe: 049
Connection: keep-alive
X-SpotX-Timing-Page-Cookie: 0.000003
X-SpotX-Timing-Page: 0.007260
Pragma: no-cache
X-SpotX-Timing-Page-Context: 0.000314
Last-Modified: Sat, 04 Sep 2021 04:42:16 GMT
Server: nginx
Cache-Control: no-cache, must-revalidate, post-check=0, pre-check=0
X-SpotX-Timing-SpotMarket-Primary: 0.003257
Access-Control-Allow-Methods: POST, GET, PATCH, DELETE, OPTIONS
Content-Type: application/json
Access-Control-Allow-Origin: https://www.123greetings.com
X-SpotX-Timing-Page-Misc: 0.002009
X-SpotX-Timing-Page-Exception: 0.000001
X-SpotX-Timing-SpotMarket-Secondary: 0.000000
X-SpotX-Timing-Page-URI: 0.000014
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 cygnus Show response
htlb.casalemedia.com/ 24 B
527 B 30ms
30ms XHR
application/json 23.37.38.181
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://htlb.casalemedia.com/cygnus?s=512884&v=8.1&ac=j&sd=1&nf=1&r=%7B%22id%22%3A%223d189cad3d835e%22%2C%22site%22%3A%7B%22page%22%3A%22https%3A%2F%2Fwww.123greetings.com%2Fevents%2Ffall%2F%3Futm_source%3DEmail2%26utm_medium%3DSpecial_NL%26utm_campaign%3DSNL_sep21_events%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%2C%22ixdiag%22%3A%7B%22mfu%22%3A0%2C%22bu%22%3A0%2C%22iu%22%3A0%2C%22nu%22%3A0%2C%22ou%22%3A1%2C%22allu%22%3A1%2C%22ren%22%3Atrue%2C%22version%22%3A%224.42.1%22%2C%22userIds%22%3A%5B%5D%2C%22msd%22%3A0%2C%22msi%22%3A0%7D%7D%2C%22source%22%3A%7B%22ext%22%3A%7B%22schain%22%3A%7B%22nodes%22%3A%5B%7B%22asi%22%3A%22avantisvideo.com%22%2C%22hp%22%3A1%2C%22name%22%3A%22123Greetings%22%2C%22domain%22%3A%22123greetings.com%22%2C%22sid%22%3A%228079%22%2C%22rid%22%3A%22504b32684c7ac79c52d3ca9d3c450c2e_172314925%22%7D%5D%2C%22ver%22%3A%221.0%22%2C%22complete%22%3A1%7D%7D%7D%2C%22imp%22%3A%5B%7B%22id%22%3A%2240e6d09eb76c83%22%2C%22ext%22%3A%7B%22siteID%22%3A%22512884%22%2C%22sid%22%3A%22600x338%22%2C%22fl%22%3A%22x%22%7D%2C%22video%22%3A%7B%22mimes%22%3A%5B%22video%2Fmp4%22%2C%22video%2Fwebm%22%2C%22application%2Fjavascript%22%5D%2C%22minduration%22%3A1%2C%22maxduration%22%3A60%2C%22api%22%3A%5B2%5D%2C%22protocols%22%3A%5B2%2C3%2C5%2C6%5D%2C%22w%22%3A600%2C%22h%22%3A338%2C%22placement%22%3A4%7D%2C%22bidfloor%22%3A0.2%2C%22bidfloorcur%22%3A%22USD%22%7D%5D%7D
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/ab5/avpb3.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.37.38.181 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-37-38-181.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: eaa9c4d3ab04c20b60d55a23cd625bd2718bbaea74fa483a194e41647211ad35

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:42:16 GMT
content-encoding: gzip
x-ak-initial-geo: CC:[CH], RC:[ZH], CN:[EU], CIP:[185.236.201.228], XFF:[]
server: Apache
vary: Is-Traffic-Invalid,Accept-Encoding
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
access-control-allow-origin: https://www.123greetings.com
x-cs-client-geo: 12
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: true
content-type: application/json
content-length: 44
x-ak-client-geo: 12
expires: Sat, 04 Sep 2021 04:42:16 GMT

POST
H/1.1 204
No Content openrtb Show response
ads.adaptv.advertising.com/rtb/ 0
221 B 69ms
29ms XHR
application/json 18.195.69.184
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.adaptv.advertising.com/rtb/openrtb?ext_id=Avantis
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/ab5/avpb3.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.195.69.184 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-69-184.eu-central-1.compute.amazonaws.com
Software: adaptv/1.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://www.123greetings.com
access-control-allow-credentials: true
server: adaptv/1.0
Connection: keep-alive
content-length: 0
content-type: application/json

GET
H2 200 track
track1.aniview.com/ 0
70 B 125ms
124ms Image
text/plain 34.239.92.103
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track1.aniview.com/track?d=Chrome&cou=CH&cos=Windows&r=www.123greetings.com&rs=www.123greetings.com&sid=80101&t=1630730536&cip=185.236.201.228&sn=Email2&tgt=0&osv=10&bv=92.0&brn=Chrome&wi=600&he=338&app=&AV_PUBLISHERID=5e5bd02728a06124e30d85c3&test=5&aafaid=&proto=https&uid=1630730536591-964452496603-008575-011-002896&cha=0.05&stagid=&stplid=&cb=94255378259&d9=0000&AV_WIDTH=600&AV_HEIGHT=338&&ppid=5e5bd02728a06124e30d85c3&nid=59918a0e073ef4782e4e347f&pcid=5ec3e3871f5e5c792c20f9f7&ncid=5e8b3e740cd6ad6132403f66&pasid=5e8b42ae145a8138e61d4a85&e=bid&cb=1630730537071&asid=60e594d3cc338a41335e9e75%2C60e594da4123720f2e250d24&ofpr=%2C&fpo=%2C
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.239.92.103 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-239-92-103.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:42:17 GMT
cache-control: max-age=0, no-cache, no-store
content-length: 0

GET
H2 200 track
track1.aniview.com/ 0
70 B 122ms
121ms Image
text/plain 34.239.92.103
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track1.aniview.com/track?d=Chrome&cou=CH&cos=Windows&r=www.123greetings.com&rs=www.123greetings.com&sid=60164&t=1630730536&cip=185.236.201.228&sn=Email2&tgt=0&osv=10&bv=92.0&brn=Chrome&wi=400&he=225&app=&AV_PUBLISHERID=5e5bd02728a06124e30d85c3&test=&aafaid=&proto=https&uid=1630730536592-919282496603-008741-015-006420&cha=0.7&stagid=&stplid=&cb=24191924397&d9=0000&AV_WIDTH=400&AV_HEIGHT=225&&ppid=5e5bd02728a06124e30d85c3&nid=59918a0e073ef4782e4e347f&pcid=5e5bd1f528a0610dd725f7d8&ncid=5e8b3e740cd6ad6132403f66&pasid=5e8b42ae145a8138e61d4a85&e=bid&cb=1630730537112&asid=60e594d3cc338a41335e9e75%2C60e594da4123720f2e250d24&ofpr=%2C&fpo=%2C
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.239.92.103 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-239-92-103.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:42:17 GMT
cache-control: max-age=0, no-cache, no-store
content-length: 0

GET
H2 200 ima3.js Show response
imasdk.googleapis.com/js/sdkloader/ Frame 8CC8 346 KB
119 KB 42ms
18ms Script
text/javascript 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/sdkloader/ima3.js

Requested by

Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/ab5/AVmanager.js?v=1.0&type=s&pid=5e5bd02728a06124e30d85c3

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9a876f6cbd09c5f245491f6877db2a6bb7faa356893ae8a5f8881b2ad6c64212

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:42:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 121776
x-xss-protection: 0
expires: Sat, 04 Sep 2021 04:42:17 GMT

GET
H2 200 ima3.js Show response
imasdk.googleapis.com/js/sdkloader/ Frame 6D17 346 KB
119 KB 76ms
52ms Script
text/javascript 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/sdkloader/ima3.js

Requested by

Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/ab5/AVmanager.js?v=1.0&type=s&pid=5e5bd02728a06124e30d85c3

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9a876f6cbd09c5f245491f6877db2a6bb7faa356893ae8a5f8881b2ad6c64212

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:42:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 121776
x-xss-protection: 0
expires: Sat, 04 Sep 2021 04:42:17 GMT

GET
H2 200 ima3.js Show response
imasdk.googleapis.com/js/sdkloader/ Frame 1B27 346 KB
119 KB 69ms
54ms Script
text/javascript 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/sdkloader/ima3.js

Requested by

Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=5e5bd02728a06124e30d85c3

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9a876f6cbd09c5f245491f6877db2a6bb7faa356893ae8a5f8881b2ad6c64212

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:42:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 121776
x-xss-protection: 0
expires: Sat, 04 Sep 2021 04:42:17 GMT

GET
H2 200 ima3.js Show response
imasdk.googleapis.com/js/sdkloader/ Frame 8872 346 KB
119 KB 68ms
53ms Script
text/javascript 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/sdkloader/ima3.js

Requested by

Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=5e5bd02728a06124e30d85c3

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9a876f6cbd09c5f245491f6877db2a6bb7faa356893ae8a5f8881b2ad6c64212

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:42:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 121776
x-xss-protection: 0
expires: Sat, 04 Sep 2021 04:42:17 GMT

GET
H3-29 200 bridge3.478.2_en.html Show response
imasdk.googleapis.com/js/core/ Frame D3D5 574 KB
188 KB 15ms
14ms Document
text/html 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/core/bridge3.478.2_en.html

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6ba74b0b7223564fe5de95a05498160da36162274673a6c4583a757d233c41b1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: imasdk.googleapis.com
:scheme: https
:path: /js/core/bridge3.478.2_en.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.123greetings.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://www.123greetings.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 192508
date: Fri, 03 Sep 2021 19:55:47 GMT
expires: Sat, 03 Sep 2022 19:55:47 GMT
last-modified: Fri, 03 Sep 2021 19:50:18 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 31590
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 client.js Show response
s0.2mdn.net/instream/video/ Frame 8CC8 44 KB
16 KB 14ms
14ms Script
text/javascript 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/instream/video/client.js

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d0bffc7261df1454c5e05475cda7d9e6647318dc6c3936767e1252bfe8849c54

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:42:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16746
x-xss-protection: 0
expires: Sat, 04 Sep 2021 04:42:17 GMT

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ Frame 8CC8 107 B
165 B 20ms
15ms Script
application/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.123greetings.com

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 04 Sep 2021 04:42:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 bridge3.478.2_en.html Show response
imasdk.googleapis.com/js/core/ Frame 5B12 574 KB
188 KB 7ms
7ms Document
text/html 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/core/bridge3.478.2_en.html

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6ba74b0b7223564fe5de95a05498160da36162274673a6c4583a757d233c41b1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: imasdk.googleapis.com
:scheme: https
:path: /js/core/bridge3.478.2_en.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.123greetings.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://www.123greetings.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 192508
date: Fri, 03 Sep 2021 19:55:47 GMT
expires: Sat, 03 Sep 2022 19:55:47 GMT
last-modified: Fri, 03 Sep 2021 19:50:18 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 31590
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 client.js Show response
s0.2mdn.net/instream/video/ Frame 8872 44 KB
16 KB 20ms
16ms Script
text/javascript 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/instream/video/client.js

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d0bffc7261df1454c5e05475cda7d9e6647318dc6c3936767e1252bfe8849c54

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:42:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16746
x-xss-protection: 0
expires: Sat, 04 Sep 2021 04:42:17 GMT

GET
H3-29 200 integrator.js Show response
adservice.google.com/adsid/ Frame 8872 107 B
122 B 16ms
15ms Script
application/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.123greetings.com

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 04 Sep 2021 04:42:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 bridge3.478.2_en.html Show response
imasdk.googleapis.com/js/core/ Frame C4B3 574 KB
188 KB 6ms
6ms Document
text/html 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/core/bridge3.478.2_en.html

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6ba74b0b7223564fe5de95a05498160da36162274673a6c4583a757d233c41b1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: imasdk.googleapis.com
:scheme: https
:path: /js/core/bridge3.478.2_en.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.123greetings.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://www.123greetings.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 192508
date: Fri, 03 Sep 2021 19:55:47 GMT
expires: Sat, 03 Sep 2022 19:55:47 GMT
last-modified: Fri, 03 Sep 2021 19:50:18 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 31590
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 client.js Show response
s0.2mdn.net/instream/video/ Frame 6D17 44 KB
16 KB 28ms
28ms Script
text/javascript 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/instream/video/client.js

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d0bffc7261df1454c5e05475cda7d9e6647318dc6c3936767e1252bfe8849c54

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:42:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16746
x-xss-protection: 0
expires: Sat, 04 Sep 2021 04:42:17 GMT

GET
H3-29 200 integrator.js Show response
adservice.google.com/adsid/ Frame 6D17 107 B
122 B 28ms
28ms Script
application/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.123greetings.com

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 04 Sep 2021 04:42:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 bridge3.478.2_en.html Show response
imasdk.googleapis.com/js/core/ Frame A3A9 574 KB
188 KB 6ms
6ms Document
text/html 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/core/bridge3.478.2_en.html

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6ba74b0b7223564fe5de95a05498160da36162274673a6c4583a757d233c41b1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: imasdk.googleapis.com
:scheme: https
:path: /js/core/bridge3.478.2_en.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.123greetings.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://www.123greetings.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 192508
date: Fri, 03 Sep 2021 19:55:47 GMT
expires: Sat, 03 Sep 2022 19:55:47 GMT
last-modified: Fri, 03 Sep 2021 19:50:18 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 31590
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 client.js Show response
s0.2mdn.net/instream/video/ Frame 1B27 44 KB
16 KB 29ms
29ms Script
text/javascript 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/instream/video/client.js

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d0bffc7261df1454c5e05475cda7d9e6647318dc6c3936767e1252bfe8849c54

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:42:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16746
x-xss-protection: 0
expires: Sat, 04 Sep 2021 04:42:17 GMT

GET
H3-29 200 integrator.js Show response
adservice.google.com/adsid/ Frame 1B27 107 B
122 B 14ms
14ms Script
application/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.123greetings.com

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 04 Sep 2021 04:42:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 omweb-v1.js Show response
pagead2.googlesyndication.com/omsdk/releases/live/ Frame 8FFF 36 KB
13 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js

Requested by

Host: srcdoc
URL: about:srcdoc

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a11f37584d425c821f06a42bb6a20546c9ceaf34bbf5d4d776afbaef40148e6e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:13:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1716
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12603
x-xss-protection: 0
last-modified: Mon, 14 Dec 2020 16:45:56 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Sat, 04 Sep 2021 05:13:41 GMT

GET
H3-29 200 omweb-v1.js Show response
pagead2.googlesyndication.com/omsdk/releases/live/ Frame 05DF 36 KB
12 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js

Requested by

Host: srcdoc
URL: about:srcdoc

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a11f37584d425c821f06a42bb6a20546c9ceaf34bbf5d4d776afbaef40148e6e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:41:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 53
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12603
x-xss-protection: 0
last-modified: Mon, 14 Dec 2020 16:45:56 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Sat, 04 Sep 2021 05:41:24 GMT

GET
H3-29 200 omweb-v1.js Show response
pagead2.googlesyndication.com/omsdk/releases/live/ Frame 3D68 36 KB
12 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js

Requested by

Host: srcdoc
URL: about:srcdoc

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a11f37584d425c821f06a42bb6a20546c9ceaf34bbf5d4d776afbaef40148e6e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:41:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 53
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12603
x-xss-protection: 0
last-modified: Mon, 14 Dec 2020 16:45:56 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Sat, 04 Sep 2021 05:41:24 GMT

GET
H3-29 200 omweb-v1.js Show response
pagead2.googlesyndication.com/omsdk/releases/live/ Frame 5BB9 36 KB
12 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js

Requested by

Host: srcdoc
URL: about:srcdoc

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a11f37584d425c821f06a42bb6a20546c9ceaf34bbf5d4d776afbaef40148e6e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:41:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 53
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12603
x-xss-protection: 0
last-modified: Mon, 14 Dec 2020 16:45:56 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Sat, 04 Sep 2021 05:41:24 GMT

GET
H/1.1 200
OK ixmatch.html Show response
js-sec.indexww.com/um/ Frame 6EB9 2 KB
1 KB 89ms
30ms Document
text/html 2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://js-sec.indexww.com/um/ixmatch.html
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/avpb3.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 7eca7977c6ade416c20775a7fd7cfa2291c5752cd1225d5c4342b057c37a000c

Request headers

Host: js-sec.indexww.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://www.123greetings.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://www.123greetings.com/

Response headers

Server: Apache
Last-Modified: Thu, 11 Feb 2021 16:12:45 GMT
ETag: "e20015-90b-5bb11ca420f07"
Accept-Ranges: bytes
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1151
Date: Sat, 04 Sep 2021 04:42:17 GMT
Connection: keep-alive

GET
H/1.1

204
No Content

sync
ups.analytics.yahoo.com/ups/57304/
Redirect Chain

https://pixel.advertising.com/ups/57304/sync?gdpr=&gdpr_consent=&_origin=0&redir=true
https://pixel.advertising.com/ups/57304/sync?gdpr=&gdpr_consent=&_origin=0&redir=true&verify=true
https://ups.analytics.yahoo.com/ups/57304/sync?gdpr=&gdpr_consent=&_origin=0&redir=true&apid=UP7bad6c9e-0d3a-11ec-8f0b-06a17173c662
https://ups.analytics.yahoo.com/ups/57304/sync?gdpr=&gdpr_consent=&_origin=0&redir=true&apid=UP7bad6c9e-0d3a-11ec-8f0b-06a17173c662&verify=true
https://cm.g.doubleclick.net/pixel?google_nid=adaptv_dbm&google_cm&google_hm=VVA3YmFkNmM5ZS0wZDNhLTExZWMtOGYwYi0wNmExNzE3M2M2NjI%3D
https://cm.g.doubleclick.net/pixel?google_nid=adaptv_dbm&google_cm=&google_hm=VVA3YmFkNmM5ZS0wZDNhLTExZWMtOGYwYi0wNmExNzE3M2M2NjI%3D&google_tc=
https://pixel.advertising.com/ups/57304/sync?uid=CAESEBhIX6PJfl8rjkpwqOu8Dho&google_cver=1
https://ups.analytics.yahoo.com/ups/57304/sync?uid=CAESEBhIX6PJfl8rjkpwqOu8Dho&google_cver=1&apid=UP7bad6c9e-0d3a-11ec-8f0b-06a17173c662

0
1 KB

34ms
27ms

Image
text/plain

3.126.56.137
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ups.analytics.yahoo.com/ups/57304/sync?uid=CAESEBhIX6PJfl8rjkpwqOu8Dho&google_cver=1&apid=UP7bad6c9e-0d3a-11ec-8f0b-06a17173c662

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

3.126.56.137 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-126-56-137.eu-central-1.compute.amazonaws.com

Software

ATS/7.1.2.138 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Sat, 04 Sep 2021 04:42:17 GMT
Server: ATS/7.1.2.138
Connection: keep-alive
Age: 0
Strict-Transport-Security: max-age=31536000
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

Redirect headers

location: https://ups.analytics.yahoo.com/ups/57304/sync?uid=CAESEBhIX6PJfl8rjkpwqOu8Dho&google_cver=1&apid=UP7bad6c9e-0d3a-11ec-8f0b-06a17173c662
date: Sat, 04 Sep 2021 04:42:17 GMT
content-length: 0
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H/1.1

204
No Content

sync
ups.analytics.yahoo.com/ups/55953/
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=adaptv&ttd_tpi=1
https://match.adsrvr.org/track/cmb/generic?ttd_pid=adaptv&ttd_tpi=1
https://ups.analytics.yahoo.com/ups/55953/sync?uid=ee22a6f8-9000-4b3b-81cc-4a50eac0bc79&_origin=1&gdpr=1&gdpr_consent=

0
234 B

75ms
28ms

Image
text/plain

3.126.56.137
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ups.analytics.yahoo.com/ups/55953/sync?uid=ee22a6f8-9000-4b3b-81cc-4a50eac0bc79&_origin=1&gdpr=1&gdpr_consent=

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

3.126.56.137 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-126-56-137.eu-central-1.compute.amazonaws.com

Software

ATS/7.1.2.138 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Sat, 04 Sep 2021 04:42:17 GMT
Server: ATS/7.1.2.138
Connection: keep-alive
Age: 0
Strict-Transport-Security: max-age=31536000
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

Redirect headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:42:17 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://ups.analytics.yahoo.com/ups/55953/sync?uid=ee22a6f8-9000-4b3b-81cc-4a50eac0bc79&_origin=1&gdpr=1&gdpr_consent=
cache-control: private,no-cache, must-revalidate
content-type: text/html
content-length: 267

GET
H/1.1

204
No Content

sync
ups.analytics.yahoo.com/ups/55986/
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/m7y5t93k?gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fpixel.advertising.com%2Fups%2F55986%2Fsync%3Fuid%3D%24%7BUSER_ID%7D%26_origin%3D0&gdpr=0&gdpr_consent=
https://sync-tm.everesttech.net/ct/upi/pid/m7y5t93k?gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fpixel.advertising.com%2Fups%2F55986%2Fsync%3Fuid%3D%24%7BUSER_ID%7D%26_origin%3D0&gdpr=0&gdpr_consent=&_...
https://pixel.advertising.com/ups/55986/sync?uid=YTL5KQAEROLC6gBg&_origin=0&gdpr=0&gdpr_consent=&_test=YTL5KQAEROLC6gBg
https://ups.analytics.yahoo.com/ups/55986/sync?uid=YTL5KQAEROLC6gBg&_origin=0&gdpr=0&gdpr_consent=&_test=YTL5KQAEROLC6gBg&apid=UP7bad6c9e-0d3a-11ec-8f0b-06a17173c662

0
1 KB

27ms
26ms

Image
text/plain

3.126.56.137
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ups.analytics.yahoo.com/ups/55986/sync?uid=YTL5KQAEROLC6gBg&_origin=0&gdpr=0&gdpr_consent=&_test=YTL5KQAEROLC6gBg&apid=UP7bad6c9e-0d3a-11ec-8f0b-06a17173c662

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

3.126.56.137 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-126-56-137.eu-central-1.compute.amazonaws.com

Software

ATS/7.1.2.138 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Sat, 04 Sep 2021 04:42:17 GMT
Server: ATS/7.1.2.138
Connection: keep-alive
Age: 0
Strict-Transport-Security: max-age=31536000
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

Redirect headers

location: https://ups.analytics.yahoo.com/ups/55986/sync?uid=YTL5KQAEROLC6gBg&_origin=0&gdpr=0&gdpr_consent=&_test=YTL5KQAEROLC6gBg&apid=UP7bad6c9e-0d3a-11ec-8f0b-06a17173c662
date: Sat, 04 Sep 2021 04:42:17 GMT
content-length: 0
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H/1.1 200
OK ixmatch.html Show response
js-sec.indexww.com/um/ Frame 0C2C 2 KB
1 KB 84ms
28ms Document
text/html 2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://js-sec.indexww.com/um/ixmatch.html
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/ab5/avpb3.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 7eca7977c6ade416c20775a7fd7cfa2291c5752cd1225d5c4342b057c37a000c

Request headers

Host: js-sec.indexww.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://www.123greetings.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://www.123greetings.com/

Response headers

Server: Apache
Last-Modified: Thu, 11 Feb 2021 16:12:45 GMT
ETag: "e20015-90b-5bb11ca420f07"
Accept-Ranges: bytes
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1151
Date: Sat, 04 Sep 2021 04:42:17 GMT
Connection: keep-alive

GET
H/1.1

200
OK

Cookie set usermatch Show response
ssum-sec.casalemedia.com/ Frame BA0B
Redirect Chain

https://ssum-sec.casalemedia.com/usermatch?d=https://www.123greetings.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
https://ssum-sec.casalemedia.com/usermatch?d=https://www.123greetings.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1

2 KB
3 KB

41ms
40ms

Document
text/html

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ssum-sec.casalemedia.com/usermatch?d=https://www.123greetings.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Requested by: Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/um/ixmatch.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 74573014dae59707855b5e8ba2e2961d304f298ab2232f633649a70011231e42

Request headers

Host: ssum-sec.casalemedia.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://js-sec.indexww.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: CMPS=5223; CMID=YTL5KUCPj.kFTncwdEIu.wAA
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://js-sec.indexww.com/

Response headers

Server: Apache
Content-Type: text/html
Dropped-Udsids: 39|241|230|45|4|218|196|40
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Vary: Is-Traffic-Usersync
Content-Length: 1563
Expires: Sat, 04 Sep 2021 04:42:17 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 04 Sep 2021 04:42:17 GMT
Connection: keep-alive
Set-Cookie: CMID=YTL5KUCPj.kFTncwdEIu.wAA;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Sun, 04 Sep 2022 04:42:17 GMT CMPS=5223;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Fri, 03 Dec 2021 04:42:17 GMT CMPRO=1163;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Fri, 03 Dec 2021 04:42:17 GMT CMST=YTL5KWEy+SkA;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Sun, 05 Sep 2021 04:42:17 GMT CMRUM3=da6132f9292760&f16132f92905a0&2d6132f92905a0&286132f92905a00&c46132f92905a0&e66132f9292760&046132f92905a0&276132f9290b40;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Sun, 04 Sep 2022 04:42:17 GMT

Redirect headers

Server: Apache
Content-Length: 343
Content-Type: text/html; charset=iso-8859-1
Location: https://ssum-sec.casalemedia.com/usermatch?d=https://www.123greetings.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Expires: Sat, 04 Sep 2021 04:42:17 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 04 Sep 2021 04:42:17 GMT
Connection: keep-alive
Set-Cookie: CMID=YTL5KULqGRNMwRTN1Ug0XgAA;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Sun, 04 Sep 2022 04:42:17 GMT CMPS=5223;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Fri, 03 Dec 2021 04:42:17 GMT

GET
H/1.1

200
OK

Cookie set usermatch Show response
ssum-sec.casalemedia.com/ Frame F797
Redirect Chain

https://ssum-sec.casalemedia.com/usermatch?d=https://www.123greetings.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
https://ssum-sec.casalemedia.com/usermatch?d=https://www.123greetings.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1

2 KB
3 KB

38ms
37ms

Document
text/html

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ssum-sec.casalemedia.com/usermatch?d=https://www.123greetings.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Requested by: Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/um/ixmatch.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: aee734abd6823c8680b1abb876d30da0250333fd75b5af890d286e1b11916ee7

Request headers

Host: ssum-sec.casalemedia.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://js-sec.indexww.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: CMPS=5223; CMID=YTL5KUCPj.kFTncwdEIu.wAA
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://js-sec.indexww.com/

Response headers

Server: Apache
Content-Type: text/html
Dropped-Udsids: 39|241|45|230|218|156|73|152
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Vary: Is-Traffic-Usersync
Content-Length: 1632
Expires: Sat, 04 Sep 2021 04:42:17 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 04 Sep 2021 04:42:17 GMT
Connection: keep-alive
Set-Cookie: CMID=YTL5KUCPj.kFTncwdEIu.wAA;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Sun, 04 Sep 2022 04:42:17 GMT CMPS=5223;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Fri, 03 Dec 2021 04:42:17 GMT CMPRO=1163;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Fri, 03 Dec 2021 04:42:17 GMT CMRUM3=276132f9290b40&e66132f9292760&9c6132f92905a00&496132f92905a0&da6132f9292760&2d6132f92905a0&f16132f92905a0&986132f92905a00;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Sun, 04 Sep 2022 04:42:17 GMT CMST=YTL5KWEy+SkA;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Sun, 05 Sep 2021 04:42:17 GMT

Redirect headers

Server: Apache
Content-Length: 343
Content-Type: text/html; charset=iso-8859-1
Location: https://ssum-sec.casalemedia.com/usermatch?d=https://www.123greetings.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Expires: Sat, 04 Sep 2021 04:42:17 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 04 Sep 2021 04:42:17 GMT
Connection: keep-alive
Set-Cookie: CMID=YTL5KUCPj.kFTncwdEIu.wAA;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Sun, 04 Sep 2022 04:42:17 GMT CMPS=5223;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Fri, 03 Dec 2021 04:42:17 GMT

GET
H2 200 ads Show response
pubads.g.doubleclick.net/gampad/ Frame D3D5 156 B
625 B 323ms
321ms XHR
text/xml 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pubads.g.doubleclick.net/gampad/ads?iu=%2F7103%2FSMG_AirNow%2Fpreroll%2Fsyndication_2&description_url=https%3A%2F%2Fwww.123greetings.com%2Fevents%2Ffall%2F%3Futm_source&tfcd=0&npa=0&sz=640x480&gdfp_req=1&output=xml_vast4&unviewed_position_start=1&env=vp&correlator=3059994622451467&sdkv=h.3.478.2&osd=2&frm=0&vis=1&sdr=1&hl=en&afvsz=200x200%2C250x250%2C300x250%2C450x50%2C468x60%2C480x70&is_amp=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&u_so=l&ctv=0&sdki=44d&adk=3062135741&sdk_apis=2%2C8&sid=A3B5E739-CAB6-468D-AC58-65B528B0CB20&eid=44737475%2C44745938%2C668123728&top=https%3A%2F%2Fwww.123greetings.com%2Fevents%2Ffall%2F%3Futm_source%3DEmail2%26utm_medium%3DSpecial_NL%26utm_campaign%3DSNL_sep21_events&url=https%3A%2F%2Fwww.123greetings.com%2Fevents%2Ffall%2F%3Futm_source%3DEmail2%26utm_medium%3DSpecial_NL%26utm_campaign%3DSNL_sep21_events&dt=1630730537828&cookie_enabled=1&scor=935367580250712&ged=ve4_td1_tt1_pd1_la1000_er1126.320.1278.620_vi0.0.1200.1600_vp49_eb23147

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.478.2_en.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

8cd629187427fdb93787d7156be7a32c391bb2a8da471bbaa274e806e48b36e7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:42:18 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 113
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/xml; charset=UTF-8
access-control-allow-origin: https://imasdk.googleapis.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ads Show response
pubads.g.doubleclick.net/gampad/ Frame 5B12 156 B
287 B 350ms
350ms XHR
text/xml 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pubads.g.doubleclick.net/gampad/ads?iu=%2F7103%2FSMG_AirNow%2Fpreroll%2Fsyndication_4&description_url=https%3A%2F%2Fwww.123greetings.com%2Fevents%2Ffall%2F%3Futm_source&tfcd=0&npa=0&sz=640x480&gdfp_req=1&output=xml_vast4&unviewed_position_start=1&env=vp&correlator=3409756022370864&sdkv=h.3.478.2&osd=2&frm=0&vis=1&sdr=1&hl=en&is_amp=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&u_so=l&ctv=0&sdki=44d&adk=4072117527&sdk_apis=2%2C8&sid=A0C69605-5686-42AA-9F44-8F0B020FCC0C&eid=44745941&url=https%3A%2F%2Fwww.123greetings.com%2Fevents%2Ffall%2F%3Futm_source%3DEmail2%26utm_medium%3DSpecial_NL%26utm_campaign%3DSNL_sep21_events&dt=1630730537852&cookie_enabled=1&scor=3206471152024870&ged=ve4_td1_tt0_pd1_la1000_er1199.1200.1351.1500_vi0.0.1200.1600_vp1_eb23147

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.478.2_en.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

8cd629187427fdb93787d7156be7a32c391bb2a8da471bbaa274e806e48b36e7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:42:18 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 113
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/xml; charset=UTF-8
access-control-allow-origin: https://imasdk.googleapis.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ads Show response
pubads.g.doubleclick.net/gampad/ Frame C4B3 156 B
287 B 347ms
347ms XHR
text/xml 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pubads.g.doubleclick.net/gampad/ads?iu=%2F7103%2FSMG_AirNow%2Fpreroll%2Fsyndication_4&description_url=https%3A%2F%2Fwww.123greetings.com%2Fevents%2Ffall%2F%3Futm_source&tfcd=0&npa=0&sz=640x480&gdfp_req=1&output=xml_vast4&unviewed_position_start=1&env=vp&correlator=1195009706309403&sdkv=h.3.478.2&osd=2&frm=0&vis=1&sdr=1&hl=en&afvsz=200x200%2C250x250%2C300x250%2C450x50%2C468x60%2C480x70&is_amp=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&u_so=l&ctv=0&sdki=44d&adk=3091720744&sdk_apis=2%2C8&sid=739E7B6B-525B-405A-8752-3E48C546C558&eid=44745938&url=https%3A%2F%2Fwww.123greetings.com%2Fevents%2Ffall%2F%3Futm_source%3DEmail2%26utm_medium%3DSpecial_NL%26utm_campaign%3DSNL_sep21_events&dt=1630730537856&cookie_enabled=1&scor=1348134652479422&ged=ve4_td1_tt0_pd1_la1000_er1126.320.1278.620_vi0.0.1200.1600_vp49_eb23147

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.478.2_en.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

8cd629187427fdb93787d7156be7a32c391bb2a8da471bbaa274e806e48b36e7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:42:18 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 113
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/xml; charset=UTF-8
access-control-allow-origin: https://imasdk.googleapis.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ads Show response
pubads.g.doubleclick.net/gampad/ Frame A3A9 156 B
287 B 383ms
383ms XHR
text/xml 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pubads.g.doubleclick.net/gampad/ads?iu=%2F7103%2FSMG_AirNow%2Fpreroll%2Fsyndication_2&description_url=https%3A%2F%2Fwww.123greetings.com%2Fevents%2Ffall%2F%3Futm_source&tfcd=0&npa=0&sz=640x480&gdfp_req=1&output=xml_vast4&unviewed_position_start=1&env=vp&correlator=1015224102500075&sdkv=h.3.478.2&osd=2&frm=0&vis=1&sdr=1&hl=en&is_amp=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&u_so=l&ctv=0&sdki=44d&adk=1043023986&sdk_apis=2%2C8&sid=3F07AF4F-EE14-43FB-A23E-D5CF71D786F7&eid=44725356%2C44732023&url=https%3A%2F%2Fwww.123greetings.com%2Fevents%2Ffall%2F%3Futm_source%3DEmail2%26utm_medium%3DSpecial_NL%26utm_campaign%3DSNL_sep21_events&dt=1630730537865&cookie_enabled=1&scor=715388431751840&ged=ve4_td1_tt0_pd1_la1000_er1199.1200.1351.1500_vi0.0.1200.1600_vp1_eb23147

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.478.2_en.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

8cd629187427fdb93787d7156be7a32c391bb2a8da471bbaa274e806e48b36e7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:42:18 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 113
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/xml; charset=UTF-8
access-control-allow-origin: https://imasdk.googleapis.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 casale
match.adsrvr.org/track/cmf/ Frame F797 70 B
264 B 50ms
40ms Image
image/gif 13.248.242.197
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/casale
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https://www.123greetings.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.248.242.197 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a97adde81b00f2ca4.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:42:17 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H/1.1

200
OK

dcm
s.amazon-adsystem.com/ Frame F797
Redirect Chain

https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=YTL5KUCPj-kFTncwdEIu-wAABIsAAAAB
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=YTL5KUCPj-kFTncwdEIu-wAABIsAAAAB&dcc=t

43 B
932 B

140ms
140ms

Image
image/gif

209.54.177.54
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=YTL5KUCPj-kFTncwdEIu-wAABIsAAAAB&dcc=t

Requested by

Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https://www.123greetings.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

209.54.177.54 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 04 Sep 2021 04:42:18 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: EAARJH894NQ0MBC6DS4G
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Sat, 04 Sep 2021 04:42:18 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: RSQ4WS4F1KVK0QH91PN3
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location: https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=YTL5KUCPj-kFTncwdEIu-wAABIsAAAAB&dcc=t
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1

200
OK

crum
dsum-sec.casalemedia.com/ Frame F797
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=YTL5KUCPj.kFTncwdEIu.wAA
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEHFuowNWKwCF1vUqdIXA9v0&google_cver=1&google_hm=2

43 B
1 KB

35ms
34ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEHFuowNWKwCF1vUqdIXA9v0&google_cver=1&google_hm=2
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https://www.123greetings.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 04 Sep 2021 04:42:18 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Sat, 04 Sep 2021 04:42:18 GMT

Redirect headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:42:17 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEHFuowNWKwCF1vUqdIXA9v0&google_cver=1&google_hm=2
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 330
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

usermatchredir
ssum-sec.casalemedia.com/ Frame F797
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=YTL5KUCPj-kFTncwdEIu-wAABIsAAAAB&gdpr_consent=&us_privacy=&gdpr=
https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=&google_gid=CAESEIwc7CsNisgaEXYJZMJEjxc&google_cver=1

43 B
315 B

34ms
32ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=&google_gid=CAESEIwc7CsNisgaEXYJZMJEjxc&google_cver=1
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https://www.123greetings.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 04 Sep 2021 04:42:17 GMT
Server: Apache
Vary: Is-Traffic-Usersync
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 43
Expires: Sat, 04 Sep 2021 04:42:17 GMT

Redirect headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:42:17 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=&google_gid=CAESEIwc7CsNisgaEXYJZMJEjxc&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 342
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

demconf.jpg
dpm.demdex.net/ Frame F797
Redirect Chain

https://dpm.demdex.net/ibs:dpid=23728&dpuuid=YTL5KUCPj.kFTncwdEIu.wAA%261163?gdpr_consent=&us_privacy=&gdpr=
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=23728&dpuuid=YTL5KUCPj.kFTncwdEIu.wAA%261163

42 B
943 B

48ms
47ms

Image
image/gif

52.17.54.18
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=23728&dpuuid=YTL5KUCPj.kFTncwdEIu.wAA%261163

Requested by

Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https://www.123greetings.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.17.54.18 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-17-54-18.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

DCS: dcs-prod-irl1-1-v015-0c5294fd3.edge-irl1.demdex.com UNKNOWN
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: jNLqjgUaRKc=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

DCS: dcs-prod-irl1-1-v015-0c10d40a0.edge-irl1.demdex.com UNKNOWN
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: gmiCccwpQQI=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Location: https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=23728&dpuuid=YTL5KUCPj.kFTncwdEIu.wAA%261163
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H/1.1 200
OK cookiesync
bttrack.com/pixel/ Frame F797 35 B
380 B 469ms
116ms Image
image/gif 192.132.33.46
BIDTELLECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bttrack.com/pixel/cookiesync?source=67e94f23-25d6-4008-8236-375d1743c2e0&secure=1
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https://www.123greetings.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 192.132.33.46 , United States, ASN18568 (BIDTELLECT, US),
Reverse DNS: 46.bidtellect.com
Software: Microsoft-IIS/8.5 /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

X-ServerName: Track004-dc3
Pragma: no-cache
Date: Sat, 04 Sep 2021 04:41:42 GMT
X-AspNetMvc-Version: 5.2
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319
P3P: CP="CAO DSP COR ADMo DEVo PSAo PSDo HISo IVAo IVDo OUR IND OTC"
Cache-Control: private,no-cache
Content-Type: image/gif
Content-Length: 35
Expires: -1

GET
H2 200 YTL5KUCPj-kFTncwdEIu-wAABIsAAAAB
pr-bh.ybp.yahoo.com/sync/casale/ Frame F797 43 B
716 B 41ms
34ms Image
image/gif 2a00:1288:110:c305::8000
YAHOO-IRD

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pr-bh.ybp.yahoo.com/sync/casale/YTL5KUCPj-kFTncwdEIu-wAABIsAAAAB?gdpr_consent=&us_privacy=&gdpr=

Requested by

Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https://www.123greetings.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1288:110:c305::8000 Dublin, Ireland, ASN34010 (YAHOO-IRD, GB),

Reverse DNS

Software

ATS /

Resource Hash

48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:42:17 GMT
referrer-policy: strict-origin-when-cross-origin
server: ATS
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=31536000
content-type: image/gif
x-xss-protection: 1; mode=block
content-length: 43
x-content-type-options: nosniff
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1

200
OK

crum
dsum-sec.casalemedia.com/ Frame F797
Redirect Chain

https://sync.extend.tv/r.gif?exchange=index
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=152&external_user_id=4a9d0084-b8c2-404c-8283-aefbbe18a0e8

43 B
1 KB

34ms
32ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=152&external_user_id=4a9d0084-b8c2-404c-8283-aefbbe18a0e8
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https://www.123greetings.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 04 Sep 2021 04:42:18 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Sat, 04 Sep 2021 04:42:18 GMT

Redirect headers

Pragma: no-cache
Date: Sat, 04 Sep 2021 04:42:18 GMT
Access-Control-Allow-Origin: *
Content-Type: text/html; charset=utf-8
Location: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=152&external_user_id=4a9d0084-b8c2-404c-8283-aefbbe18a0e8
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: keep-alive
Content-Length: 132
Expires: Tue, 29 May 1984 15:00:00 GMT

GET
H/1.1 200
OK htw-pixel.gif
js-sec.indexww.com/ht/ Frame F797 43 B
425 B 34ms
28ms Image
image/gif 2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://js-sec.indexww.com/ht/htw-pixel.gif?YTL5KUCPj.kFTncwdEIu.wAA%261163
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https://www.123greetings.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Sat, 04 Sep 2021 04:42:17 GMT
Last-Modified: Tue, 24 Jan 2017 19:36:04 GMT
Server: Apache
ETag: "902a3d-2b-546dc3a097100"
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=1528
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: image/gif
Content-Length: 43
Expires: Sat, 04 Sep 2021 05:07:45 GMT

GET
H2 200 casale
match.adsrvr.org/track/cmf/ Frame BA0B 70 B
264 B 49ms
40ms Image
image/gif 13.248.242.197
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/casale
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https://www.123greetings.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.248.242.197 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a97adde81b00f2ca4.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:42:17 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H/1.1

200
OK

dcm
s.amazon-adsystem.com/ Frame BA0B
Redirect Chain

https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=YTL5KUCPj-kFTncwdEIu-wAABIsAAAAB
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=YTL5KUCPj-kFTncwdEIu-wAABIsAAAAB&dcc=t

43 B
932 B

141ms
140ms

Image
image/gif

209.54.177.54
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=YTL5KUCPj-kFTncwdEIu-wAABIsAAAAB&dcc=t

Requested by

Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https://www.123greetings.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

209.54.177.54 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 04 Sep 2021 04:42:18 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: C1TEJK053M1MP4NWGT1H
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Sat, 04 Sep 2021 04:42:18 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: 705AXB85NCGNJ01C3A9D
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location: https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=YTL5KUCPj-kFTncwdEIu-wAABIsAAAAB&dcc=t
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1

200
OK

usermatchredir
ssum-sec.casalemedia.com/ Frame BA0B
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=YTL5KUCPj-kFTncwdEIu-wAABIsAAAAB&gdpr_consent=&us_privacy=&gdpr=
https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=&google_gid=CAESEAAKiPIBKRrq7dWbSleCf38&google_cver=1

43 B
315 B

38ms
37ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=&google_gid=CAESEAAKiPIBKRrq7dWbSleCf38&google_cver=1
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https://www.123greetings.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 04 Sep 2021 04:42:17 GMT
Server: Apache
Vary: Is-Traffic-Usersync
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 43
Expires: Sat, 04 Sep 2021 04:42:17 GMT

Redirect headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:42:17 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=&google_gid=CAESEAAKiPIBKRrq7dWbSleCf38&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 342
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

crum
dsum-sec.casalemedia.com/ Frame BA0B
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=YTL5KUCPj.kFTncwdEIu.wAA
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEHFuowNWKwCF1vUqdIXA9v0&google_cver=1&google_hm=2

43 B
1 KB

35ms
34ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEHFuowNWKwCF1vUqdIXA9v0&google_cver=1&google_hm=2
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https://www.123greetings.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 04 Sep 2021 04:42:18 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Sat, 04 Sep 2021 04:42:18 GMT

Redirect headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:42:17 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEHFuowNWKwCF1vUqdIXA9v0&google_cver=1&google_hm=2
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 330
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame BA0B
Redirect Chain

https://ad.turn.com/r/cs?pid=21
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=4&external_user_id=4258626010301809263

43 B
992 B

60ms
39ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=4&external_user_id=4258626010301809263
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https://www.123greetings.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 04 Sep 2021 04:42:17 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Sat, 04 Sep 2021 04:42:17 GMT

Redirect headers

location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=4&external_user_id=4258626010301809263
pragma: no-cache
date: Sat, 04 Sep 2021 04:42:17 GMT
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length: 0
p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

GET
H/1.1

200
OK

demconf.jpg
dpm.demdex.net/ Frame BA0B
Redirect Chain

https://dpm.demdex.net/ibs:dpid=23728&dpuuid=YTL5KUCPj.kFTncwdEIu.wAA%261163?gdpr_consent=&us_privacy=&gdpr=
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=23728&dpuuid=YTL5KUCPj.kFTncwdEIu.wAA%261163

42 B
943 B

47ms
46ms

Image
image/gif

52.17.54.18
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=23728&dpuuid=YTL5KUCPj.kFTncwdEIu.wAA%261163

Requested by

Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https://www.123greetings.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.17.54.18 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-17-54-18.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

DCS: dcs-prod-irl1-2-v015-064a7714a.edge-irl1.demdex.com UNKNOWN
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: YVCdQw61QOI=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

DCS: dcs-prod-irl1-1-v015-0fcec44a9.edge-irl1.demdex.com UNKNOWN
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: gcBiv6IwS68=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Location: https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=23728&dpuuid=YTL5KUCPj.kFTncwdEIu.wAA%261163
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H/1.1

200
OK

crum
dsum-sec.casalemedia.com/ Frame BA0B
Redirect Chain

https://gu.dyntrk.com/adx/ie/us.php?dynk=1nd3xx6ch1
https://gu.dyntrk.com/adx/ie/us.php?dynk=1nd3xx6ch1&prevuid=05030002_6132f929ed31c&knw=0
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=196&external_user_id=05030002_6132f929ed31c

43 B
1 KB

34ms
34ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=196&external_user_id=05030002_6132f929ed31c
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https://www.123greetings.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 04 Sep 2021 04:42:18 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Sat, 04 Sep 2021 04:42:18 GMT

Redirect headers

date: Sat, 04 Sep 2021 04:42:17 GMT
server: nginx
access-control-allow-origin: *
transfer-encoding: chunked
access-control-allow-methods: POST, GET, OPTIONS
p3p: CP="NOI DEV OUR BUS UNI"
location: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=196&external_user_id=05030002_6132f929ed31c
cache-control: no-cache
content-type: text/html; charset=UTF-8
access-control-allow-headers: Origin
keep-alive: timeout=10

GET
H/1.1 200
OK htw-pixel.gif
js-sec.indexww.com/ht/ Frame BA0B 43 B
425 B 37ms
32ms Image
image/gif 2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://js-sec.indexww.com/ht/htw-pixel.gif?YTL5KUCPj.kFTncwdEIu.wAA%261163
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https://www.123greetings.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Sat, 04 Sep 2021 04:42:17 GMT
Last-Modified: Tue, 24 Jan 2017 19:36:04 GMT
Server: Apache
ETag: "902a3d-2b-546dc3a097100"
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=1528
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: image/gif
Content-Length: 43
Expires: Sat, 04 Sep 2021 05:07:45 GMT

GET
H2

200

cs&eq_cc=1 Show response
um2.eqads.com/um/ Frame 0ED9
Redirect Chain

https://um2.eqads.com/um/cs
https://um2.eqads.com/um/cs&eq_cc=1

186 B
370 B

115ms
115ms

Document
text/html

52.70.17.21
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://um2.eqads.com/um/cs&eq_cc=1
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https://www.123greetings.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.70.17.21 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-70-17-21.compute-1.amazonaws.com
Software: /
Resource Hash: 05edd59c07929b25057ce7a333b66e17b21d9f07d5a91cef6d590910c92ee42c

Request headers

:method: GET
:authority: um2.eqads.com
:scheme: https
:path: /um/cs&eq_cc=1
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ssum-sec.casalemedia.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: EQUser=UID=d9c27c22-2ab4-40e6-96e0-370effa16579
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://ssum-sec.casalemedia.com/

Response headers

date: Sat, 04 Sep 2021 04:42:18 GMT
content-type: text/html; charset=utf-8
content-length: 186
cache-control: no-cache, must-revalidate
expires: Sat, 6 May 1995 12:00:00 GMT
last-modified: Sat, 04 Sep 2021 04:42:18 GMT
pragma: no-cache

Redirect headers

date: Sat, 04 Sep 2021 04:42:18 GMT
content-type: text/html; charset=utf-8
content-length: 41
location: /um/cs&eq_cc=1
set-cookie: EQUser=UID=d9c27c22-2ab4-40e6-96e0-370effa16579; Path=/; Domain=eqads.com; Expires=Sat, 04 Dec 2021 04:42:18 GMT; Secure; SameSite=None

POST
H2 204 /
events1.avantisvideo.com/ 0
34 B 187ms
187ms Ping
text/plain 35.82.37.37
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://events1.avantisvideo.com/
Requested by: Host: cdn.avantisvideo.com
URL: https://cdn.avantisvideo.com/js/video-loader2-cr.js?id=1c35f5e5-f7c0-4c97-8283-6c9f94ba8c53&tagId=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.82.37.37 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-82-37-37.us-west-2.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Sat, 04 Sep 2021 04:42:18 GMT

POST
H2 204 /
events1.avantisvideo.com/ 0
34 B 191ms
187ms Ping
text/plain 35.82.37.37
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://events1.avantisvideo.com/
Requested by: Host: cdn.avantisvideo.com
URL: https://cdn.avantisvideo.com/js/video-loader2-cr.js?id=1c35f5e5-f7c0-4c97-8283-6c9f94ba8c53&tagId=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.82.37.37 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-82-37-37.us-west-2.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Sat, 04 Sep 2021 04:42:18 GMT

GET
H/1.1 200
OK ptv Show response
ib.adnxs.com/ 85 B
771 B 33ms
33ms XHR
application/xml 185.33.221.15
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ptv?id=19012622&referrer=https%3A%2F%2Fwww.123greetings.com%2Fevents%2Ffall%2F%3Futm_source&us_privacy=1---&cbb=730538285&imp_id=f50685b8-292c-417a-b952-15addd915a24

Requested by

Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/ab5/AVmanager.js?v=1.0&type=s&pid=5e5bd02728a06124e30d85c3

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.15 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

720.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

b2effcb18f514a7896e737bdda537f2ef3b5bb989eb247f4ab2aa3facf1148ea

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 04 Sep 2021 04:42:18 GMT
X-Proxy-Origin: 185.236.201.228; 185.236.201.228; 720.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: d1633177-e999-4f8d-a00f-4ee2e6346ecd
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.123greetings.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/xml; charset=utf-8
Content-Length: 85
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 200 s2s Show response
s2s.aniview.com/api/adserver/ 1 B
235 B 125ms
125ms XHR
text/plain 52.203.102.176
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://s2s.aniview.com/api/adserver/s2s?auc_id=504b32684c7ac79c52d3ca9d3c450c2e_172314925&wpm=&ssrtb=&pbjs=&AV_C_USER_ID=1630730536591-964452496603-008575-011-002896&AV_URL=https%3A%2F%2Fwww.123greetings.com%2Fevents%2Ffall%2F%3Futm_source&utm_medium=Special_NL&utm_campaign=SNL_sep21_events&AV_SUBID=Email2&AV_SECURED=1&AV_LANGUAGE=en&AV_PUBLISHERID=5e5bd02728a06124e30d85c3&AV_CHANNELID=5ec3e3871f5e5c792c20f9f7&format=json&tgt=0&AV_CDIM1=&AV_CDIM2=&AV_CDIM3=&AV_ABT=5&pce=1&npx=1&AV_DETDOMAIN=www.123greetings.com&AV_DADPOS=3&v=6.1.1.243&avtoken=536136&AV_WIDTH=600&AV_HEIGHT=338&AV_DNT=0&cb=730538286&tgt=0&&AV_VI=22&AV_VID=0
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/ab5/AVmanager.js?v=1.0&type=s&pid=5e5bd02728a06124e30d85c3
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.203.102.176 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-203-102-176.compute-1.amazonaws.com
Software: /
Resource Hash: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:42:18 GMT
content-encoding: gzip
vary: Accept-Encoding
content-type: text/plain
access-control-allow-origin: https://www.123greetings.com
cache-control: no-cache
access-control-allow-credentials: true
expires: Mon, 23 Aug 2021 14:55:38 GMT

GET
H2 200 track
track1.aniview.com/ 0
70 B 123ms
123ms Image
text/plain 34.239.92.103
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track1.aniview.com/track?d=Chrome&cou=CH&cos=Windows&r=www.123greetings.com&rs=www.123greetings.com&sid=80101&t=1630730536&cip=185.236.201.228&sn=Email2&tgt=0&osv=10&bv=92.0&brn=Chrome&wi=600&he=338&app=&AV_PUBLISHERID=5e5bd02728a06124e30d85c3&test=5&aafaid=&proto=https&uid=1630730536591-964452496603-008575-011-002896&cha=0.05&stagid=&stplid=&cb=94255378259&d9=0000&AV_WIDTH=600&AV_HEIGHT=338&&ppid=5e5bd02728a06124e30d85c3&nid=59918a0e073ef4782e4e347f&pcid=5ec3e3871f5e5c792c20f9f7&ncid=5e8b3e740cd6ad6132403f66&pasid=5e8b42ae145a8138e61d4a85&e=request&cb=1630730538287&asid=60e594d3cc338a41335e9e75%2C60e594da4123720f2e250d24%2C5e9030afdc817965520eb855%2C6114f48c04b3691b08691b7c%2C608e90cf34acc10fb7767e4a%2C6114f476dd0eb2621e735342&ofpr=%2C%2C%2C0.29%2C0.26%2C0.2&fpo=%2C%2C%2C%2C%2C
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.239.92.103 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-239-92-103.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:42:18 GMT
cache-control: max-age=0, no-cache, no-store
content-length: 0

POST
H/1.1 204
No Content openrtb Show response
ads.adaptv.advertising.com/rtb/ 0
221 B 26ms
26ms XHR
application/json 18.195.69.184
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.adaptv.advertising.com/rtb/openrtb?ext_id=Avantis
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/ab5/avpb3.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.195.69.184 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-69-184.eu-central-1.compute.amazonaws.com
Software: adaptv/1.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://www.123greetings.com
access-control-allow-credentials: true
server: adaptv/1.0
Connection: keep-alive
content-length: 0
content-type: application/json

GET
H2 200 cygnus Show response
htlb.casalemedia.com/ 25 B
528 B 30ms
28ms XHR
application/json 23.37.38.181
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://htlb.casalemedia.com/cygnus?s=512884&v=8.1&ac=j&sd=1&nf=1&r=%7B%22id%22%3A%22103bb072202d3e3%22%2C%22site%22%3A%7B%22page%22%3A%22https%3A%2F%2Fwww.123greetings.com%2Fevents%2Ffall%2F%3Futm_source%3DEmail2%26utm_medium%3DSpecial_NL%26utm_campaign%3DSNL_sep21_events%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%2C%22ixdiag%22%3A%7B%22mfu%22%3A0%2C%22bu%22%3A0%2C%22iu%22%3A0%2C%22nu%22%3A0%2C%22ou%22%3A1%2C%22allu%22%3A1%2C%22ren%22%3Atrue%2C%22version%22%3A%224.42.1%22%2C%22userIds%22%3A%5B%5D%2C%22msd%22%3A0%2C%22msi%22%3A0%7D%7D%2C%22source%22%3A%7B%22ext%22%3A%7B%22schain%22%3A%7B%22nodes%22%3A%5B%7B%22asi%22%3A%22avantisvideo.com%22%2C%22hp%22%3A1%2C%22name%22%3A%22123Greetings%22%2C%22domain%22%3A%22123greetings.com%22%2C%22sid%22%3A%228079%22%2C%22rid%22%3A%22504b32684c7ac79c52d3ca9d3c450c2e_172314925%22%7D%5D%2C%22ver%22%3A%221.0%22%2C%22complete%22%3A1%7D%7D%7D%2C%22imp%22%3A%5B%7B%22id%22%3A%22111381c39da126%22%2C%22ext%22%3A%7B%22siteID%22%3A%22512884%22%2C%22sid%22%3A%22600x338%22%2C%22fl%22%3A%22x%22%7D%2C%22video%22%3A%7B%22mimes%22%3A%5B%22video%2Fmp4%22%2C%22video%2Fwebm%22%2C%22application%2Fjavascript%22%5D%2C%22minduration%22%3A1%2C%22maxduration%22%3A60%2C%22api%22%3A%5B2%5D%2C%22protocols%22%3A%5B2%2C3%2C5%2C6%5D%2C%22w%22%3A600%2C%22h%22%3A338%2C%22placement%22%3A4%7D%2C%22bidfloor%22%3A0.2%2C%22bidfloorcur%22%3A%22USD%22%7D%5D%7D
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/ab5/avpb3.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.37.38.181 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-37-38-181.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 0489566fae63e88f1e956e986a7f0098a9e3d4a923f10306a4da6b068b8ca6fb

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:42:18 GMT
content-encoding: gzip
x-ak-initial-geo: CC:[CH], RC:[ZH], CN:[EU], CIP:[185.236.201.228], XFF:[]
server: Apache
vary: Is-Traffic-Invalid,Accept-Encoding
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
access-control-allow-origin: https://www.123greetings.com
x-cs-client-geo: 12
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: true
content-type: application/json
content-length: 45
x-ak-client-geo: 12
expires: Sat, 04 Sep 2021 04:42:18 GMT

POST
H/1.1 204
No Content 287573 Show response
search.spotxchange.com/openrtb/2.3/dados/ 0
989 B 37ms
37ms XHR
application/json 185.94.180.124
SPOTX-AMS

General

Check archive.org

Show headers Download Go to

Full URL: https://search.spotxchange.com/openrtb/2.3/dados/287573?src_sys=prebid
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/ab5/avpb3.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 185.94.180.124 Amsterdam, Netherlands, ASN35220 (SPOTX-AMS, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain

Response headers

Date: Sat, 04 Sep 2021 04:42:18 GMT
X-SpotX-Timing-Transform: 0.002113
X-SpotX-Timing-SpotMarket: 0.003078
X-SpotX-Timing-Page-Mux: 0.000966
X-SpotX-Timing-Page-Require: 0.000355
X-fe: 054
Connection: keep-alive
X-SpotX-Timing-Page-Cookie: 0.000003
X-SpotX-Timing-Page: 0.009347
Pragma: no-cache
X-SpotX-Timing-Page-Context: 0.000331
Last-Modified: Sat, 04 Sep 2021 04:42:18 GMT
Server: nginx
Cache-Control: no-cache, must-revalidate, post-check=0, pre-check=0
X-SpotX-Timing-SpotMarket-Primary: 0.003078
Access-Control-Allow-Methods: POST, GET, PATCH, DELETE, OPTIONS
Content-Type: application/json
Access-Control-Allow-Origin: https://www.123greetings.com
X-SpotX-Timing-Page-Misc: 0.002489
X-SpotX-Timing-Page-Exception: 0.000000
X-SpotX-Timing-SpotMarket-Secondary: 0.000000
X-SpotX-Timing-Page-URI: 0.000012
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK ptv Show response
ib.adnxs.com/ 85 B
771 B 34ms
34ms XHR
application/xml 185.33.221.15
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ptv?id=19012622&referrer=https%3A%2F%2Fwww.123greetings.com%2Fevents%2Ffall%2F%3Futm_source&us_privacy=1---&cbb=730538346&imp_id=e569a1c6-8a15-4163-ac32-daff2ccde3f3

Requested by

Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=5e5bd02728a06124e30d85c3

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.15 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

720.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

b2effcb18f514a7896e737bdda537f2ef3b5bb989eb247f4ab2aa3facf1148ea

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 04 Sep 2021 04:42:18 GMT
X-Proxy-Origin: 185.236.201.228; 185.236.201.228; 720.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: cd455c21-aec1-4849-bf1a-1c2febe9fabe
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.123greetings.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/xml; charset=utf-8
Content-Length: 85
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 200 s2s Show response
s2s.aniview.com/api/adserver/ 1 B
235 B 119ms
118ms XHR
text/plain 52.203.102.176
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://s2s.aniview.com/api/adserver/s2s?auc_id=8496b68f9a70c11f49e68125df5c3185_1723158171&wpm=&ssrtb=&pbjs=&AV_C_USER_ID=1630730536592-919282496603-008741-015-006420&AV_URL=https%3A%2F%2Fwww.123greetings.com%2Fevents%2Ffall%2F%3Futm_source&utm_medium=Special_NL&utm_campaign=SNL_sep21_events&AV_SUBID=Email2&AV_SECURED=1&AV_LANGUAGE=en&AV_PUBLISHERID=5e5bd02728a06124e30d85c3&AV_CHANNELID=5e5bd1f528a0610dd725f7d8&format=json&tgt=0&AV_CDIM1=&AV_CDIM2=&AV_CDIM3=&AV_ABT=&pce=1&npx=1&AV_DETDOMAIN=www.123greetings.com&AV_DADPOS=3&v=6.1.1.243&avtoken=536117&AV_WIDTH=400&AV_HEIGHT=225&AV_DNT=0&cb=730538347&tgt=0&&AV_VI=0&AV_VID=0
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=5e5bd02728a06124e30d85c3
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.203.102.176 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-203-102-176.compute-1.amazonaws.com
Software: /
Resource Hash: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:42:18 GMT
content-encoding: gzip
vary: Accept-Encoding
content-type: text/plain
access-control-allow-origin: https://www.123greetings.com
cache-control: no-cache
access-control-allow-credentials: true
expires: Mon, 23 Aug 2021 14:55:38 GMT

GET
H2 200 track
track1.aniview.com/ 0
70 B 120ms
120ms Image
text/plain 34.239.92.103
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track1.aniview.com/track?d=Chrome&cou=CH&cos=Windows&r=www.123greetings.com&rs=www.123greetings.com&sid=60164&t=1630730536&cip=185.236.201.228&sn=Email2&tgt=0&osv=10&bv=92.0&brn=Chrome&wi=400&he=225&app=&AV_PUBLISHERID=5e5bd02728a06124e30d85c3&test=&aafaid=&proto=https&uid=1630730536592-919282496603-008741-015-006420&cha=0.7&stagid=&stplid=&cb=24191924397&d9=0000&AV_WIDTH=400&AV_HEIGHT=225&&ppid=5e5bd02728a06124e30d85c3&nid=59918a0e073ef4782e4e347f&pcid=5e5bd1f528a0610dd725f7d8&ncid=5e8b3e740cd6ad6132403f66&pasid=5e8b42ae145a8138e61d4a85&e=request&cb=1630730538348&asid=60e594d3cc338a41335e9e75%2C60e594da4123720f2e250d24%2C5e9030afdc817965520eb855%2C6114f48c04b3691b08691b7c%2C608e90cf34acc10fb7767e4a%2C6114f476dd0eb2621e735342&ofpr=%2C%2C%2C0.29%2C0.26%2C0.2&fpo=%2C%2C%2C%2C%2C
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.239.92.103 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-239-92-103.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:42:18 GMT
cache-control: max-age=0, no-cache, no-store
content-length: 0

GET
H2 200 cygnus Show response
htlb.casalemedia.com/ 23 B
526 B 27ms
27ms XHR
application/json 23.37.38.181
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://htlb.casalemedia.com/cygnus?s=512884&v=8.1&ac=j&sd=1&nf=1&r=%7B%22id%22%3A%228a06af3c37375%22%2C%22site%22%3A%7B%22page%22%3A%22https%3A%2F%2Fwww.123greetings.com%2Fevents%2Ffall%2F%3Futm_source%3DEmail2%26utm_medium%3DSpecial_NL%26utm_campaign%3DSNL_sep21_events%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%2C%22ixdiag%22%3A%7B%22mfu%22%3A0%2C%22bu%22%3A0%2C%22iu%22%3A0%2C%22nu%22%3A0%2C%22ou%22%3A1%2C%22allu%22%3A1%2C%22ren%22%3Atrue%2C%22version%22%3A%224.42.1%22%2C%22userIds%22%3A%5B%5D%2C%22msd%22%3A0%2C%22msi%22%3A0%7D%7D%2C%22source%22%3A%7B%22ext%22%3A%7B%22schain%22%3A%7B%22ver%22%3A%221.0%22%2C%22nodes%22%3A%5B%7B%22name%22%3A%22123Greetings%22%2C%22asi%22%3A%22avantisvideo.com%22%2C%22sid%22%3A%228079%22%2C%22rid%22%3A%228496b68f9a70c11f49e68125df5c3185_1723158171%22%2C%22domain%22%3A%22123greetings.com%22%2C%22hp%22%3A1%7D%5D%2C%22complete%22%3A1%7D%7D%7D%2C%22imp%22%3A%5B%7B%22id%22%3A%229dcc0bb3719c3%22%2C%22ext%22%3A%7B%22siteID%22%3A%22512884%22%2C%22sid%22%3A%22400x225%22%2C%22fl%22%3A%22x%22%7D%2C%22video%22%3A%7B%22mimes%22%3A%5B%22video%2Fmp4%22%2C%22video%2Fwebm%22%2C%22application%2Fjavascript%22%5D%2C%22minduration%22%3A1%2C%22maxduration%22%3A60%2C%22api%22%3A%5B2%5D%2C%22protocols%22%3A%5B2%2C3%2C5%2C6%5D%2C%22w%22%3A400%2C%22h%22%3A225%2C%22placement%22%3A4%7D%2C%22bidfloor%22%3A0.2%2C%22bidfloorcur%22%3A%22USD%22%7D%5D%7D
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/avpb3.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.37.38.181 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-37-38-181.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 73479d3be9744865b811d11f4704db6b6e9dbc1ca3357d24df7a6516541c2481

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:42:18 GMT
content-encoding: gzip
x-ak-initial-geo: CC:[CH], RC:[ZH], CN:[EU], CIP:[185.236.201.228], XFF:[]
server: Apache
vary: Is-Traffic-Invalid,Accept-Encoding
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
access-control-allow-origin: https://www.123greetings.com
x-cs-client-geo: 12
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: true
content-type: application/json
content-length: 43
x-ak-client-geo: 12
expires: Sat, 04 Sep 2021 04:42:18 GMT

POST
H/1.1 204
No Content 287573 Show response
search.spotxchange.com/openrtb/2.3/dados/ 0
989 B 35ms
34ms XHR
application/json 185.94.180.124
SPOTX-AMS

General

Check archive.org

Show headers Download Go to

Full URL: https://search.spotxchange.com/openrtb/2.3/dados/287573?src_sys=prebid
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/avpb3.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 185.94.180.124 Amsterdam, Netherlands, ASN35220 (SPOTX-AMS, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain

Response headers

Date: Sat, 04 Sep 2021 04:42:18 GMT
X-SpotX-Timing-Transform: 0.000313
X-SpotX-Timing-SpotMarket: 0.003291
X-SpotX-Timing-Page-Mux: 0.000903
X-SpotX-Timing-Page-Require: 0.000365
X-fe: 130
Connection: keep-alive
X-SpotX-Timing-Page-Cookie: 0.000003
X-SpotX-Timing-Page: 0.006666
Pragma: no-cache
X-SpotX-Timing-Page-Context: 0.000294
Last-Modified: Sat, 04 Sep 2021 04:42:18 GMT
Server: nginx
Cache-Control: no-cache, must-revalidate, post-check=0, pre-check=0
X-SpotX-Timing-SpotMarket-Primary: 0.003291
Access-Control-Allow-Methods: POST, GET, PATCH, DELETE, OPTIONS
Content-Type: application/json
Access-Control-Allow-Origin: https://www.123greetings.com
X-SpotX-Timing-Page-Misc: 0.001484
X-SpotX-Timing-Page-Exception: 0.000001
X-SpotX-Timing-SpotMarket-Secondary: 0.000000
X-SpotX-Timing-Page-URI: 0.000012
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers
Expires: Thu, 01 Jan 1970 00:00:00 GMT

POST
H/1.1 204
No Content openrtb Show response
ads.adaptv.advertising.com/rtb/ 0
221 B 27ms
27ms XHR
application/json 18.195.69.184
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.adaptv.advertising.com/rtb/openrtb?ext_id=Avantis
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/avpb3.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.195.69.184 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-69-184.eu-central-1.compute.amazonaws.com
Software: adaptv/1.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://www.123greetings.com
access-control-allow-credentials: true
server: adaptv/1.0
Connection: keep-alive
content-length: 0
content-type: application/json

GET
H2 200 track
track1.aniview.com/ 0
70 B 122ms
122ms Image
text/plain 34.239.92.103
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track1.aniview.com/track?d=Chrome&cou=CH&cos=Windows&r=www.123greetings.com&rs=www.123greetings.com&sid=80101&t=1630730536&cip=185.236.201.228&sn=Email2&tgt=0&osv=10&bv=92.0&brn=Chrome&wi=600&he=338&app=&AV_PUBLISHERID=5e5bd02728a06124e30d85c3&test=5&aafaid=&proto=https&uid=1630730536591-964452496603-008575-011-002896&cha=0.05&stagid=&stplid=&cb=94255378259&d9=0000&AV_WIDTH=600&AV_HEIGHT=338&&ppid=5e5bd02728a06124e30d85c3&nid=59918a0e073ef4782e4e347f&pcid=5ec3e3871f5e5c792c20f9f7&ncid=5e8b3e740cd6ad6132403f66&pasid=5e8b42ae145a8138e61d4a85&e=bid&cb=1630730538427&asid=60e594d3cc338a41335e9e75%2C60e594da4123720f2e250d24&ofpr=%2C&fpo=%2C
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.239.92.103 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-239-92-103.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:42:18 GMT
cache-control: max-age=0, no-cache, no-store
content-length: 0

GET
H/1.1 200
OK crum
dsum-sec.casalemedia.com/ Frame 0ED9 43 B
1 KB 35ms
34ms Image
image/gif 2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=40&external_user_id=d9c27c22-2ab4-40e6-96e0-370effa16579&expiration=1638592938
Requested by: Host: um2.eqads.com
URL: https://um2.eqads.com/um/cs&eq_cc=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://um2.eqads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 04 Sep 2021 04:42:18 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Sat, 04 Sep 2021 04:42:18 GMT

GET
H3-29 200 ima3.js Show response
imasdk.googleapis.com/js/sdkloader/ Frame 1582 346 KB
119 KB 21ms
18ms Script
text/javascript 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/sdkloader/ima3.js

Requested by

Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/ab5/AVmanager.js?v=1.0&type=s&pid=5e5bd02728a06124e30d85c3

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9a876f6cbd09c5f245491f6877db2a6bb7faa356893ae8a5f8881b2ad6c64212

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:42:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 121776
x-xss-protection: 0
expires: Sat, 04 Sep 2021 04:42:18 GMT

GET
H3-29 200 ima3.js Show response
imasdk.googleapis.com/js/sdkloader/ Frame 2837 346 KB
119 KB 26ms
26ms Script
text/javascript 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/sdkloader/ima3.js

Requested by

Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/ab5/AVmanager.js?v=1.0&type=s&pid=5e5bd02728a06124e30d85c3

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9a876f6cbd09c5f245491f6877db2a6bb7faa356893ae8a5f8881b2ad6c64212

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:42:18 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-doubleclick-instream-static
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 121776
x-xss-protection: 0
expires: Sat, 04 Sep 2021 04:42:18 GMT

GET
H2 200 track
track1.aniview.com/ 0
70 B 127ms
121ms Image
text/plain 34.239.92.103
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track1.aniview.com/track?d=Chrome&cou=CH&cos=Windows&r=www.123greetings.com&rs=www.123greetings.com&sid=60164&t=1630730536&cip=185.236.201.228&sn=Email2&tgt=0&osv=10&bv=92.0&brn=Chrome&wi=400&he=225&app=&AV_PUBLISHERID=5e5bd02728a06124e30d85c3&test=&aafaid=&proto=https&uid=1630730536592-919282496603-008741-015-006420&cha=0.7&stagid=&stplid=&cb=24191924397&d9=0000&AV_WIDTH=400&AV_HEIGHT=225&&ppid=5e5bd02728a06124e30d85c3&nid=59918a0e073ef4782e4e347f&pcid=5e5bd1f528a0610dd725f7d8&ncid=5e8b3e740cd6ad6132403f66&pasid=5e8b42ae145a8138e61d4a85&e=bid&cb=1630730538481&asid=60e594d3cc338a41335e9e75%2C60e594da4123720f2e250d24&ofpr=%2C&fpo=%2C
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.239.92.103 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-239-92-103.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:42:18 GMT
cache-control: max-age=0, no-cache, no-store
content-length: 0

GET
H3-29 200 ima3.js Show response
imasdk.googleapis.com/js/sdkloader/ Frame CEFB 346 KB
119 KB 15ms
14ms Script
text/javascript 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/sdkloader/ima3.js

Requested by

Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=5e5bd02728a06124e30d85c3

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9a876f6cbd09c5f245491f6877db2a6bb7faa356893ae8a5f8881b2ad6c64212

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:42:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 121776
x-xss-protection: 0
expires: Sat, 04 Sep 2021 04:42:18 GMT

GET
H3-29 200 ima3.js Show response
imasdk.googleapis.com/js/sdkloader/ Frame EC9C 346 KB
119 KB 22ms
21ms Script
text/javascript 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/sdkloader/ima3.js

Requested by

Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=5e5bd02728a06124e30d85c3

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9a876f6cbd09c5f245491f6877db2a6bb7faa356893ae8a5f8881b2ad6c64212

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:42:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 121776
x-xss-protection: 0
expires: Sat, 04 Sep 2021 04:42:18 GMT

GET
H3-29 200 bridge3.478.2_en.html Show response
imasdk.googleapis.com/js/core/ Frame 04A9 574 KB
188 KB 6ms
6ms Document
text/html 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/core/bridge3.478.2_en.html

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6ba74b0b7223564fe5de95a05498160da36162274673a6c4583a757d233c41b1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: imasdk.googleapis.com
:scheme: https
:path: /js/core/bridge3.478.2_en.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.123greetings.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://www.123greetings.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 192508
date: Fri, 03 Sep 2021 19:55:47 GMT
expires: Sat, 03 Sep 2022 19:55:47 GMT
last-modified: Fri, 03 Sep 2021 19:50:18 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 31591
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 client.js Show response
s0.2mdn.net/instream/video/ Frame 1582 44 KB
16 KB 17ms
14ms Script
text/javascript 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/instream/video/client.js

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d0bffc7261df1454c5e05475cda7d9e6647318dc6c3936767e1252bfe8849c54

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:42:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16746
x-xss-protection: 0
expires: Sat, 04 Sep 2021 04:42:18 GMT

GET
H3-29 200 integrator.js Show response
adservice.google.com/adsid/ Frame 1582 107 B
122 B 15ms
14ms Script
application/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.123greetings.com

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 04 Sep 2021 04:42:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 bridge3.478.2_en.html Show response
imasdk.googleapis.com/js/core/ Frame 7140 574 KB
188 KB 12ms
11ms Document
text/html 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/core/bridge3.478.2_en.html

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6ba74b0b7223564fe5de95a05498160da36162274673a6c4583a757d233c41b1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: imasdk.googleapis.com
:scheme: https
:path: /js/core/bridge3.478.2_en.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.123greetings.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://www.123greetings.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 192508
date: Fri, 03 Sep 2021 19:55:47 GMT
expires: Sat, 03 Sep 2022 19:55:47 GMT
last-modified: Fri, 03 Sep 2021 19:50:18 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 31591
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 client.js Show response
s0.2mdn.net/instream/video/ Frame 2837 44 KB
16 KB 22ms
18ms Script
text/javascript 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/instream/video/client.js

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d0bffc7261df1454c5e05475cda7d9e6647318dc6c3936767e1252bfe8849c54

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:42:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16746
x-xss-protection: 0
expires: Sat, 04 Sep 2021 04:42:18 GMT

GET
H3-29 200 integrator.js Show response
adservice.google.com/adsid/ Frame 2837 107 B
122 B 15ms
15ms Script
application/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.123greetings.com

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 04 Sep 2021 04:42:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 omweb-v1.js Show response
pagead2.googlesyndication.com/omsdk/releases/live/ Frame EACC 36 KB
12 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js

Requested by

Host: srcdoc
URL: about:srcdoc

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a11f37584d425c821f06a42bb6a20546c9ceaf34bbf5d4d776afbaef40148e6e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:41:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 54
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12603
x-xss-protection: 0
last-modified: Mon, 14 Dec 2020 16:45:56 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Sat, 04 Sep 2021 05:41:24 GMT

GET
H3-29 200 omweb-v1.js Show response
pagead2.googlesyndication.com/omsdk/releases/live/ Frame D10D 36 KB
12 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js

Requested by

Host: srcdoc
URL: about:srcdoc

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a11f37584d425c821f06a42bb6a20546c9ceaf34bbf5d4d776afbaef40148e6e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:41:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 54
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12603
x-xss-protection: 0
last-modified: Mon, 14 Dec 2020 16:45:56 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Sat, 04 Sep 2021 05:41:24 GMT

GET
H3-29 200 bridge3.478.2_en.html Show response
imasdk.googleapis.com/js/core/ Frame 70DD 574 KB
188 KB 27ms
27ms Document
text/html 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/core/bridge3.478.2_en.html

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6ba74b0b7223564fe5de95a05498160da36162274673a6c4583a757d233c41b1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: imasdk.googleapis.com
:scheme: https
:path: /js/core/bridge3.478.2_en.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.123greetings.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://www.123greetings.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 192508
date: Fri, 03 Sep 2021 19:55:47 GMT
expires: Sat, 03 Sep 2022 19:55:47 GMT
last-modified: Fri, 03 Sep 2021 19:50:18 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 31591
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 client.js Show response
s0.2mdn.net/instream/video/ Frame EC9C 44 KB
16 KB 40ms
14ms Script
text/javascript 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/instream/video/client.js

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d0bffc7261df1454c5e05475cda7d9e6647318dc6c3936767e1252bfe8849c54

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:42:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16746
x-xss-protection: 0
expires: Sat, 04 Sep 2021 04:42:18 GMT

GET
H3-29 200 integrator.js Show response
adservice.google.com/adsid/ Frame EC9C 107 B
122 B 15ms
15ms Script
application/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.123greetings.com

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 04 Sep 2021 04:42:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 bridge3.478.2_en.html Show response
imasdk.googleapis.com/js/core/ Frame A152 574 KB
188 KB 6ms
6ms Document
text/html 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/core/bridge3.478.2_en.html

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6ba74b0b7223564fe5de95a05498160da36162274673a6c4583a757d233c41b1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: imasdk.googleapis.com
:scheme: https
:path: /js/core/bridge3.478.2_en.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.123greetings.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://www.123greetings.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 192508
date: Fri, 03 Sep 2021 19:55:47 GMT
expires: Sat, 03 Sep 2022 19:55:47 GMT
last-modified: Fri, 03 Sep 2021 19:50:18 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 31591
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 client.js Show response
s0.2mdn.net/instream/video/ Frame CEFB 44 KB
16 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/instream/video/client.js

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d0bffc7261df1454c5e05475cda7d9e6647318dc6c3936767e1252bfe8849c54

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:42:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16746
x-xss-protection: 0
expires: Sat, 04 Sep 2021 04:42:18 GMT

GET
H3-29 200 integrator.js Show response
adservice.google.com/adsid/ Frame CEFB 107 B
122 B 15ms
14ms Script
application/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.123greetings.com

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 04 Sep 2021 04:42:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 omweb-v1.js Show response
pagead2.googlesyndication.com/omsdk/releases/live/ Frame 52A8 36 KB
12 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js

Requested by

Host: srcdoc
URL: about:srcdoc

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a11f37584d425c821f06a42bb6a20546c9ceaf34bbf5d4d776afbaef40148e6e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:41:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 54
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12603
x-xss-protection: 0
last-modified: Mon, 14 Dec 2020 16:45:56 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Sat, 04 Sep 2021 05:41:24 GMT

GET
H3-29 200 omweb-v1.js Show response
pagead2.googlesyndication.com/omsdk/releases/live/ Frame AEC0 36 KB
12 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js

Requested by

Host: srcdoc
URL: about:srcdoc

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a11f37584d425c821f06a42bb6a20546c9ceaf34bbf5d4d776afbaef40148e6e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:41:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 54
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12603
x-xss-protection: 0
last-modified: Mon, 14 Dec 2020 16:45:56 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Sat, 04 Sep 2021 05:41:24 GMT

GET
H3-29 200 ads Show response
pubads.g.doubleclick.net/gampad/ Frame 04A9 156 B
142 B 389ms
386ms XHR
text/xml 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pubads.g.doubleclick.net/gampad/ads?iu=%2F7103%2FSMG_AirNow%2Fpreroll%2Fsyndication_2&description_url=https%3A%2F%2Fwww.123greetings.com%2Fevents%2Ffall%2F%3Futm_source&tfcd=0&npa=0&sz=640x480&gdfp_req=1&output=xml_vast4&unviewed_position_start=1&env=vp&correlator=1664298082208388&sdkv=h.3.478.2&osd=2&frm=0&vis=1&sdr=1&hl=en&afvsz=200x200%2C250x250%2C300x250%2C450x50%2C468x60%2C480x70&is_amp=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&u_so=l&ctv=0&sdki=44d&adk=3445515552&sdk_apis=2%2C8&sid=2D86AD85-7887-45BB-BF7C-E3C25075D108&eid=420706110&url=https%3A%2F%2Fwww.123greetings.com%2Fevents%2Ffall%2F%3Futm_source%3DEmail2%26utm_medium%3DSpecial_NL%26utm_campaign%3DSNL_sep21_events&dt=1630730538973&cookie_enabled=1&scor=1870494559411441&ged=ve4_td1_tt0_pd1_la1000_er1126.320.1278.620_vi0.0.1200.1600_vp49_eb23147

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.478.2_en.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

8cd629187427fdb93787d7156be7a32c391bb2a8da471bbaa274e806e48b36e7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:42:19 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 113
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/xml; charset=UTF-8
access-control-allow-origin: https://imasdk.googleapis.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 ads Show response
pubads.g.doubleclick.net/gampad/ Frame 7140 156 B
142 B 395ms
395ms XHR
text/xml 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pubads.g.doubleclick.net/gampad/ads?iu=%2F7103%2FSMG_AirNow%2Fpreroll%2Fsyndication_4&description_url=https%3A%2F%2Fwww.123greetings.com%2Fevents%2Ffall%2F%3Futm_source&tfcd=0&npa=0&sz=640x480&gdfp_req=1&output=xml_vast4&unviewed_position_start=1&env=vp&correlator=1772505675194353&sdkv=h.3.478.2&osd=2&frm=0&vis=1&sdr=1&hl=en&afvsz=200x200%2C250x250%2C300x250%2C450x50%2C468x60%2C480x70&is_amp=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&u_so=l&ctv=0&sdki=44d&adk=1322083244&sdk_apis=2%2C8&sid=A838556D-A52E-492C-A63B-545816343570&eid=44737473%2C44745941&url=https%3A%2F%2Fwww.123greetings.com%2Fevents%2Ffall%2F%3Futm_source%3DEmail2%26utm_medium%3DSpecial_NL%26utm_campaign%3DSNL_sep21_events&dt=1630730538989&cookie_enabled=1&scor=3851285547682657&ged=ve4_td1_tt0_pd1_la1000_er1126.320.1278.620_vi0.0.1200.1600_vp49_eb23147

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.478.2_en.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

8cd629187427fdb93787d7156be7a32c391bb2a8da471bbaa274e806e48b36e7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:42:19 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 113
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/xml; charset=UTF-8
access-control-allow-origin: https://imasdk.googleapis.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 ads Show response
pubads.g.doubleclick.net/gampad/ Frame 70DD 156 B
142 B 368ms
367ms XHR
text/xml 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pubads.g.doubleclick.net/gampad/ads?iu=%2F7103%2FSMG_AirNow%2Fpreroll%2Fsyndication_4&description_url=https%3A%2F%2Fwww.123greetings.com%2Fevents%2Ffall%2F%3Futm_source&tfcd=0&npa=0&sz=640x480&gdfp_req=1&output=xml_vast4&unviewed_position_start=1&env=vp&correlator=2888624441068145&sdkv=h.3.478.2&osd=2&frm=0&vis=1&sdr=1&hl=en&is_amp=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&u_so=l&ctv=0&sdki=44d&adk=1966779041&sdk_apis=2%2C8&sid=EC46FC28-6ECA-46A2-831C-9A66AC12B68E&eid=44736153&url=https%3A%2F%2Fwww.123greetings.com%2Fevents%2Ffall%2F%3Futm_source%3DEmail2%26utm_medium%3DSpecial_NL%26utm_campaign%3DSNL_sep21_events&dt=1630730539059&cookie_enabled=1&scor=2057994750978184&ged=ve4_td1_tt0_pd1_la1000_er1199.1200.1351.1500_vi0.0.1200.1600_vp1_eb23147

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.478.2_en.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

8cd629187427fdb93787d7156be7a32c391bb2a8da471bbaa274e806e48b36e7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:42:19 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 113
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/xml; charset=UTF-8
access-control-allow-origin: https://imasdk.googleapis.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 ads Show response
pubads.g.doubleclick.net/gampad/ Frame A152 156 B
142 B 413ms
412ms XHR
text/xml 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pubads.g.doubleclick.net/gampad/ads?iu=%2F7103%2FSMG_AirNow%2Fpreroll%2Fsyndication_2&description_url=https%3A%2F%2Fwww.123greetings.com%2Fevents%2Ffall%2F%3Futm_source&tfcd=0&npa=0&sz=640x480&gdfp_req=1&output=xml_vast4&unviewed_position_start=1&env=vp&correlator=1573518438791352&sdkv=h.3.478.2&osd=2&frm=0&vis=1&sdr=1&hl=en&is_amp=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&u_so=l&ctv=0&sdki=44d&adk=925418737&sdk_apis=2%2C8&sid=715E4809-826B-4315-B4DA-90AB49ADA44A&eid=44747319&url=https%3A%2F%2Fwww.123greetings.com%2Fevents%2Ffall%2F%3Futm_source%3DEmail2%26utm_medium%3DSpecial_NL%26utm_campaign%3DSNL_sep21_events&dt=1630730539071&cookie_enabled=1&scor=1709610557308017&ged=ve4_td1_tt0_pd1_la1000_er1199.1200.1351.1500_vi0.0.1200.1600_vp1_eb23147

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.478.2_en.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

8cd629187427fdb93787d7156be7a32c391bb2a8da471bbaa274e806e48b36e7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:42:19 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 113
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/xml; charset=UTF-8
access-control-allow-origin: https://imasdk.googleapis.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 /
events1.avantisvideo.com/ 0
34 B 187ms
187ms Ping
text/plain 35.82.37.37
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://events1.avantisvideo.com/
Requested by: Host: cdn.avantisvideo.com
URL: https://cdn.avantisvideo.com/js/video-loader2-cr.js?id=1c35f5e5-f7c0-4c97-8283-6c9f94ba8c53&tagId=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.82.37.37 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-82-37-37.us-west-2.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Sat, 04 Sep 2021 04:42:19 GMT

POST
H2 204 /
events1.avantisvideo.com/ 0
34 B 187ms
186ms Ping
text/plain 35.82.37.37
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://events1.avantisvideo.com/
Requested by: Host: cdn.avantisvideo.com
URL: https://cdn.avantisvideo.com/js/video-loader2-cr.js?id=1c35f5e5-f7c0-4c97-8283-6c9f94ba8c53&tagId=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.82.37.37 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-82-37-37.us-west-2.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Sat, 04 Sep 2021 04:42:19 GMT

POST
H2 200 track Show response
track1.aniview.com/ 0
94 B 354ms
116ms XHR
text/plain 34.239.92.103
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://track1.aniview.com/track?d=Chrome&cou=CH&cos=Windows&r=www.123greetings.com&rs=www.123greetings.com&sid=60164&t=1630730536&cip=185.236.201.228&sn=Email2&tgt=0&osv=10&bv=92.0&brn=Chrome&wi=400&he=225&app=&AV_PUBLISHERID=5e5bd02728a06124e30d85c3&test=&aafaid=&proto=https&uid=1630730536592-919282496603-008741-015-006420&cha=0.7&stagid=&stplid=&cb=24191924397&d9=0000&AV_WIDTH=400&AV_HEIGHT=225
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=5e5bd02728a06124e30d85c3
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.239.92.103 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-239-92-103.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Sat, 04 Sep 2021 04:42:21 GMT
cache-control: max-age=0, no-cache, no-store
content-length: 0

POST
H2 200 track Show response
track1.aniview.com/ 0
93 B 345ms
117ms XHR
text/plain 34.239.92.103
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://track1.aniview.com/track?d=Chrome&cou=CH&cos=Windows&r=www.123greetings.com&rs=www.123greetings.com&sid=80101&t=1630730536&cip=185.236.201.228&sn=Email2&tgt=0&osv=10&bv=92.0&brn=Chrome&wi=600&he=338&app=&AV_PUBLISHERID=5e5bd02728a06124e30d85c3&test=5&aafaid=&proto=https&uid=1630730536591-964452496603-008575-011-002896&cha=0.05&stagid=&stplid=&cb=94255378259&d9=0000&AV_WIDTH=600&AV_HEIGHT=338
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/ab5/AVmanager.js?v=1.0&type=s&pid=5e5bd02728a06124e30d85c3
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.239.92.103 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-239-92-103.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Sat, 04 Sep 2021 04:42:21 GMT
cache-control: max-age=0, no-cache, no-store
content-length: 0

GET
H2 200 dc_oe=ChMI6OOJ0cDk8gIVouG7CB1Zsgd7EAAYACCc8uRAQhMI1p3P0MDk8gIVnMV3Ch0upw0A;met=1;&timestamp=1630730544064;eid1=871060;ecn1=1;etm1=0;eid2=2;ecn2=1;etm2=10;
ade.googlesyndication.com/ddm/activity/ Frame 1AE1 42 B
515 B 83ms
34ms Image
image/gif 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ade.googlesyndication.com/ddm/activity/dc_oe=ChMI6OOJ0cDk8gIVouG7CB1Zsgd7EAAYACCc8uRAQhMI1p3P0MDk8gIVnMV3Ch0upw0A;met=1;&timestamp=1630730544064;eid1=871060;ecn1=1;etm1=0;eid2=2;ecn2=1;etm2=10;

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:42:24 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dc_oe=ChMItvyP0cDk8gIVDPN3Ch14eQ7mEAAYACDt5-NAQhMIxZ_P0MDk8gIVnMV3Ch0upw0A;met=1;&timestamp=1630730544116;eid1=871060;ecn1=1;etm1=0;eid2=2;ecn2=1;etm2=10;
ade.googlesyndication.com/ddm/activity/ Frame A7DB 42 B
107 B 32ms
31ms Image
image/gif 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ade.googlesyndication.com/ddm/activity/dc_oe=ChMItvyP0cDk8gIVDPN3Ch14eQ7mEAAYACDt5-NAQhMIxZ_P0MDk8gIVnMV3Ch0upw0A;met=1;&timestamp=1630730544116;eid1=871060;ecn1=1;etm1=0;eid2=2;ecn2=1;etm2=10;

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:42:24 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dc_oe=ChMI5qqQ0cDk8gIVeoaDBx0YRwB4EAAYACDt5-NAQhMIuaDP0MDk8gIVnMV3Ch0upw0A;met=1;&timestamp=1630730544122;eid1=871060;ecn1=1;etm1=0;eid2=2;ecn2=1;etm2=10;
ade.googlesyndication.com/ddm/activity/ Frame 7214 42 B
107 B 31ms
31ms Image
image/gif 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ade.googlesyndication.com/ddm/activity/dc_oe=ChMI5qqQ0cDk8gIVeoaDBx0YRwB4EAAYACDt5-NAQhMIuaDP0MDk8gIVnMV3Ch0upw0A;met=1;&timestamp=1630730544122;eid1=871060;ecn1=1;etm1=0;eid2=2;ecn2=1;etm2=10;

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:42:24 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 dc_oe=ChMI8OmR0cDk8gIVwft3Ch2O6wKQEAAYACDt5-NAQhMIr6HP0MDk8gIVnMV3Ch0upw0A;met=1;&timestamp=1630730544145;eid1=871060;ecn1=1;etm1=0;eid2=2;ecn2=1;etm2=10;
ade.googlesyndication.com/ddm/activity/ Frame 01C4 42 B
63 B 39ms
38ms Image
image/gif 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ade.googlesyndication.com/ddm/activity/dc_oe=ChMI8OmR0cDk8gIVwft3Ch2O6wKQEAAYACDt5-NAQhMIr6HP0MDk8gIVnMV3Ch0upw0A;met=1;&timestamp=1630730544145;eid1=871060;ecn1=1;etm1=0;eid2=2;ecn2=1;etm2=10;

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:42:24 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 dc_oe=ChMIn46S0cDk8gIVnvK7CB1lYw_UEAAYACDS7ORAQhMIlaPP0MDk8gIVnMV3Ch0upw0A;met=1;&timestamp=1630730544149;eid1=871060;ecn1=1;etm1=0;eid2=2;ecn2=1;etm2=10;
ade.googlesyndication.com/ddm/activity/ Frame 9097 42 B
63 B 39ms
39ms Image
image/gif 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ade.googlesyndication.com/ddm/activity/dc_oe=ChMIn46S0cDk8gIVnvK7CB1lYw_UEAAYACDS7ORAQhMIlaPP0MDk8gIVnMV3Ch0upw0A;met=1;&timestamp=1630730544149;eid1=871060;ecn1=1;etm1=0;eid2=2;ecn2=1;etm2=10;

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:42:24 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 dc_oe=ChMIx-uR0cDk8gIVDPN3Ch14eQ7mEAAYACDt5-NAQhMIoKLP0MDk8gIVnMV3Ch0upw0A;met=1;&timestamp=1630730544157;eid1=871060;ecn1=1;etm1=0;eid2=2;ecn2=1;etm2=10;
ade.googlesyndication.com/ddm/activity/ Frame A44E 42 B
63 B 32ms
31ms Image
image/gif 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ade.googlesyndication.com/ddm/activity/dc_oe=ChMIx-uR0cDk8gIVDPN3Ch14eQ7mEAAYACDt5-NAQhMIoKLP0MDk8gIVnMV3Ch0upw0A;met=1;&timestamp=1630730544157;eid1=871060;ecn1=1;etm1=0;eid2=2;ecn2=1;etm2=10;

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:42:24 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: cm.g.doubleclick.net
URL: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTL5JYWbhem9VtXZP_sMpwAABJQAAAAB&google_push=AYg5qPLHmbXTFS_hcf2UF0loVClSUOvooeX3uOSy04zSELjvXTlCW3fxj_P-b9ZENHYh-We2LsDrg3dn9eax4I-ZsUIBJi_bAUI&google_gid=CAESECYvurN_xnIfEz71lsji0Xk&google_cver=1&google_tc=

Domain: cm.g.doubleclick.net
URL: https://cm.g.doubleclick.net/pixel?google_nid=chocolateplatform&google_hm=Y3AtZDc5YWM4MmMxZDU5NGMyMzVjNGNiNDU2MTFhOTRjNzk=&google_push=AYg5qPLAE1XXhO-0g4KFsc4OXUoQmlTudFOplRYx2cFh_IfqH2d_Hg6zCc2GHlGZxcWWjvbhq6DFZN9TmSo4opRG0_gyxm_oMw&google_tc=

Verdicts & Comments Add Verdict or Comment

450 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

7 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.123greetings.com/	1970-01-20 06:20:26	Name: __gads Value: ID=41b49f7f71172e27-22175a89f3c8006b:T=1630730531:RT=1630730531:S=ALNI_MbjT1AMfzB8dEMyXW3ml_MTj395qQ
.doubleclick.net/	1970-01-19 20:58:51	Name: test_cookie Value: CheckForPermission
.123greetings.com/	1969-12-31 23:59:59	Name: utm_source Value: Email2
.123greetings.com/	1970-01-19 20:58:50	Name: _gat_gtag_UA_5085183_1 Value: 1
www.123greetings.com/	1970-01-19 20:58:50	Name: config_data Value: CADB=1\|CLG=1\|CBR=1\|CUB=1\|CCC=1\|CFLC=1\|CPFR=1\|CBRR=1\|TCP=1\|TAP=1\|TCAP=1\|TRE=1\|QkDshLgd=0\|FBCon=1
.123greetings.com/	1970-01-19 21:00:16	Name: _gid Value: GA1.2.50023498.1630730532
.123greetings.com/	1970-01-20 14:30:02	Name: _ga Value: GA1.2.18072530.1630730531

33 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	info	URL: https://cdn.ampproject.org/rtv/012108170213000/amp4ads-v0.mjs(Line 6) Message: Powered by AMP ⚡ HTML – Version 2108170213000 https://www.123greetings.com/events/fall/?utm_source=Email2&utm_medium=Special_NL&utm_campaign=SNL_sep21_events
console-api	log	URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61498410/20210621060710917/index.html?e=69&leftOffset=0&topOffset=0&c=hy6FaEB8gn&t=1&renderingType=2(Line 408) Message: Profile ID: 10550207
console-api	log	URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61498410/20210621060710917/index.html?e=69&leftOffset=0&topOffset=0&c=hy6FaEB8gn&t=1&renderingType=2(Line 409) Message: Profile String: CSS_Herbstkampagne2020_Prospecting_DE
console-api	log	URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61498371/20210621060725476/index.html?e=69&leftOffset=0&topOffset=0&c=2WsNqxjH0W&t=1&renderingType=2(Line 412) Message: Profile ID: 10550207
console-api	log	URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61498371/20210621060725476/index.html?e=69&leftOffset=0&topOffset=0&c=2WsNqxjH0W&t=1&renderingType=2(Line 413) Message: Profile String: CSS_Herbstkampagne2020_Prospecting_DE
console-api	log	URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61498371/20210621060725476/index.html?e=69&leftOffset=0&topOffset=0&c=e8IV7Uynpf&t=1&renderingType=2(Line 412) Message: Profile ID: 10550207
console-api	log	URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61498371/20210621060725476/index.html?e=69&leftOffset=0&topOffset=0&c=e8IV7Uynpf&t=1&renderingType=2(Line 413) Message: Profile String: CSS_Herbstkampagne2020_Prospecting_DE
console-api	log	URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61498371/20210621060725476/index.html?e=69&leftOffset=0&topOffset=0&c=UK2o4yXblG&t=1&renderingType=2(Line 412) Message: Profile ID: 10550207
console-api	log	URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61498371/20210621060725476/index.html?e=69&leftOffset=0&topOffset=0&c=UK2o4yXblG&t=1&renderingType=2(Line 413) Message: Profile String: CSS_Herbstkampagne2020_Prospecting_DE
console-api	log	URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61490714/20210621060706056/index.html?e=69&leftOffset=0&topOffset=0&c=sAEUSHBSQE&t=1&renderingType=2(Line 414) Message: Profile ID: 10550207
console-api	log	URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61490714/20210621060706056/index.html?e=69&leftOffset=0&topOffset=0&c=sAEUSHBSQE&t=1&renderingType=2(Line 415) Message: Profile String: CSS_Herbstkampagne2020_Prospecting_DE
console-api	log	URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61498371/20210621060725476/index.html?e=69&leftOffset=0&topOffset=0&c=aSGvZtuX20&t=1&renderingType=2(Line 412) Message: Profile ID: 10550207
console-api	log	URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61498371/20210621060725476/index.html?e=69&leftOffset=0&topOffset=0&c=aSGvZtuX20&t=1&renderingType=2(Line 413) Message: Profile String: CSS_Herbstkampagne2020_Prospecting_DE
console-api	log	URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61498410/20210621060710917/index.html?e=69&leftOffset=0&topOffset=0&c=hy6FaEB8gn&t=1&renderingType=2(Line 507) Message: [object Object]
console-api	info	URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61498410/20210621060710917/index.html?e=69&leftOffset=0&topOffset=0&c=hy6FaEB8gn&t=1&renderingType=2(Line 513) Message: is not editor mode
console-api	log	URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61498410/20210621060710917/index.html?e=69&leftOffset=0&topOffset=0&c=hy6FaEB8gn&t=1&renderingType=2(Line 503) Message: [object Object]
console-api	log	URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61498371/20210621060725476/index.html?e=69&leftOffset=0&topOffset=0&c=2WsNqxjH0W&t=1&renderingType=2(Line 509) Message: [object Object]
console-api	info	URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61498371/20210621060725476/index.html?e=69&leftOffset=0&topOffset=0&c=2WsNqxjH0W&t=1&renderingType=2(Line 515) Message: is not editor mode
console-api	log	URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61498371/20210621060725476/index.html?e=69&leftOffset=0&topOffset=0&c=e8IV7Uynpf&t=1&renderingType=2(Line 509) Message: [object Object]
console-api	info	URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61498371/20210621060725476/index.html?e=69&leftOffset=0&topOffset=0&c=e8IV7Uynpf&t=1&renderingType=2(Line 515) Message: is not editor mode
console-api	log	URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61498371/20210621060725476/index.html?e=69&leftOffset=0&topOffset=0&c=UK2o4yXblG&t=1&renderingType=2(Line 509) Message: [object Object]
console-api	info	URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61498371/20210621060725476/index.html?e=69&leftOffset=0&topOffset=0&c=UK2o4yXblG&t=1&renderingType=2(Line 515) Message: is not editor mode
console-api	log	URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61498371/20210621060725476/index.html?e=69&leftOffset=0&topOffset=0&c=aSGvZtuX20&t=1&renderingType=2(Line 509) Message: [object Object]
console-api	info	URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61498371/20210621060725476/index.html?e=69&leftOffset=0&topOffset=0&c=aSGvZtuX20&t=1&renderingType=2(Line 515) Message: is not editor mode
console-api	log	URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61490714/20210621060706056/index.html?e=69&leftOffset=0&topOffset=0&c=sAEUSHBSQE&t=1&renderingType=2(Line 512) Message: [object Object]
console-api	info	URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61490714/20210621060706056/index.html?e=69&leftOffset=0&topOffset=0&c=sAEUSHBSQE&t=1&renderingType=2(Line 518) Message: is not editor mode
console-api	log	URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61490714/20210621060706056/index.html?e=69&leftOffset=0&topOffset=0&c=sAEUSHBSQE&t=1&renderingType=2(Line 508) Message: [object Object]
console-api	log	URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61498371/20210621060725476/index.html?e=69&leftOffset=0&topOffset=0&c=UK2o4yXblG&t=1&renderingType=2(Line 531) Message: All images loaded!
console-api	log	URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61498371/20210621060725476/index.html?e=69&leftOffset=0&topOffset=0&c=aSGvZtuX20&t=1&renderingType=2(Line 531) Message: All images loaded!
console-api	log	URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61498410/20210621060710917/index.html?e=69&leftOffset=0&topOffset=0&c=hy6FaEB8gn&t=1&renderingType=2(Line 529) Message: All images loaded!
console-api	log	URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61498371/20210621060725476/index.html?e=69&leftOffset=0&topOffset=0&c=e8IV7Uynpf&t=1&renderingType=2(Line 531) Message: All images loaded!
console-api	log	URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61498371/20210621060725476/index.html?e=69&leftOffset=0&topOffset=0&c=2WsNqxjH0W&t=1&renderingType=2(Line 531) Message: All images loaded!
console-api	log	URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61490714/20210621060706056/index.html?e=69&leftOffset=0&topOffset=0&c=sAEUSHBSQE&t=1&renderingType=2(Line 534) Message: All images loaded!

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

1f2e7.v.fwmrm.net
8efa51d7b20628d6ec8fb42123f5426d.safeframe.googlesyndication.com
a.c.appier.net
a.rfihub.com
ad.turn.com
ade.googlesyndication.com
ads.adaptv.advertising.com
ads.avct.cloud
ads.stickyadstv.com
ads.yahoo.com
ads.yieldmo.com
adservice.google.ch
adservice.google.com
adservice.google.de
avm.avantisvideo.com
beacon.walmart.com
bttrack.com
c.123g.us
c1.adform.net
cdn.ampproject.org
cdn.avantisvideo.com
cdn1.avantisvideo.com
cm.g.doubleclick.net
cms.quantserve.com
d.agkn.com
d5p.de17a.com
dclk-match.dotomi.com
dpm.demdex.net
dsum-sec.casalemedia.com
eb2.3lift.com
events1.avantisvideo.com
fonts.googleapis.com
fonts.gstatic.com
go1.aniview.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
gu.dyntrk.com
htlb.casalemedia.com
i.123g.us
ib.adnxs.com
id.rlcdn.com
image6.pubmatic.com
imasdk.googleapis.com
js-sec.indexww.com
match.360yield.com
match.adsrvr.org
match.sharethrough.com
pagead2.googlesyndication.com
partner.googleadservices.com
partners.tremorhub.com
pixel.advertising.com
pixel.everesttech.net
pixel.rubiconproject.com
play.aniview.com
player.aniview.com
pm.w55c.net
pr-bh.ybp.yahoo.com
pubads.g.doubleclick.net
px.adhigh.net
r.turn.com
rtb.openx.net
s.amazon-adsystem.com
s0.2mdn.net
s2s.aniview.com
search.spotxchange.com
secure.adnxs.com
securepubads.g.doubleclick.net
sm.rtb.mts.ru
ssum-sec.casalemedia.com
static.avantisvideo.com
stats.g.doubleclick.net
sync-tm.everesttech.net
sync.1rx.io
sync.aniview.com
sync.extend.tv
sync.search.spotxchange.com
sync.targeting.unrulymedia.com
sync.teads.tv
tech.rtb.mts.ru
tpc.googlesyndication.com
track1.aniview.com
tracking.m6r.eu
trkn.us
um.simpli.fi
um2.eqads.com
ups.analytics.yahoo.com
us-u.openx.net
www.123greetings.com
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.googletagservices.com
www.maqors.com
x.123g.us
x.bidswitch.net
cm.g.doubleclick.net
104.111.242.245
13.248.242.197
13.248.245.213
135.125.160.77
142.250.185.162
142.250.185.194
142.250.186.130
142.250.186.34
151.101.14.49
169.50.137.190
172.105.221.29
18.134.84.26
18.156.99.44
18.184.122.71
18.185.140.232
18.195.69.184
184.72.244.154
184.72.254.163
185.33.221.15
185.64.189.115
185.94.180.124
185.94.180.126
192.132.33.46
193.0.160.128
193.232.148.146
2.18.234.21
2.21.142.210
2001:678:cb4:bbbb::11
209.54.177.54
213.155.156.168
213.19.147.44
213.87.44.187
216.58.212.130
217.66.147.162
23.37.38.181
2600:1f18:612b:4200:3aa:8894:1069:c551
2600:9000:223c:7800:3:748e:7940:93a1
2600:9000:223f:cc00:8:9ed9:9c40:93a1
2600:9000:2240:8a00:1c:38a0:8a40:93a1
2620:116:800d:21:f916:5049:f87f:108e
2a00:1288:110:c305::8000
2a00:1288:80:800::7001
2a00:1450:4001:800::2002
2a00:1450:4001:80e::200e
2a00:1450:4001:80f::2002
2a00:1450:4001:80f::2004
2a00:1450:4001:80f::2006
2a00:1450:4001:810::2001
2a00:1450:4001:810::2002
2a00:1450:4001:811::2002
2a00:1450:4001:812::2002
2a00:1450:4001:827::2001
2a00:1450:4001:829::2008
2a00:1450:4001:829::200e
2a00:1450:4001:82a::2002
2a00:1450:4001:82a::200a
2a00:1450:4001:82b::2002
2a00:1450:4001:82f::2001
2a00:1450:4001:82f::2003
2a00:1450:4001:82f::200a
2a00:1450:400c:c08::9d
2a00:1450:400d:803::2002
2a02:26f0:6c00:2ab::2c79
2a02:fa8:8806:12::1370
3.126.56.137
3.127.92.82
34.196.245.189
34.224.231.148
34.239.92.103
34.98.64.218
35.157.140.213
35.157.177.200
35.227.252.103
35.244.174.68
35.82.37.37
37.157.3.29
40.124.130.12
52.1.46.74
52.17.54.18
52.203.102.176
52.208.100.147
52.70.17.21
54.170.158.38
54.235.95.241
69.173.144.139
72.251.244.142
8.248.149.252
99.80.199.35
00b4606b9ef239cfe2f782966ae7b51010357b122fd83998db5d213fafbae142
00d2454ee3db7d2a389c0e7cefd7a4b84c26a983af51e38fa9a7621c9be5f66c
01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b
02813684c6f3aad1e6083b92703bf14c0c5a61cdf6a11253c6582fa93ed2fa71
0299ce766df424b69a25530d8afe7c2352cb6240c7510fe7be67d8cd53bd3467
02d67caea88317886c195472fb9f5d38cb91c565ea96494204cab51d10c8db0e
0414d0221112224b4c926de91a6e316f9d9aba685aa8b05fd0654848d8fcdf55
0489566fae63e88f1e956e986a7f0098a9e3d4a923f10306a4da6b068b8ca6fb
05edd59c07929b25057ce7a333b66e17b21d9f07d5a91cef6d590910c92ee42c
07a40e887b2d93433ae2629f7cdcc1b2277d880e0a402926d8c537915768628b
0a799d4080a6dbfffbe127b65a354db44e2e6ad6f22b9c59178d98b359df9454
0ae485367eb0862700624f4b18563586fe0fd2ecd7abd1efb8a4896ead71fdd3
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9
0fbe8ac90edf1af5508d89417ab916da0892806ca5259c435ef897160dca6daa
114dabe187311ee2e303549831223ef80d06385cb854e2aa1647ec1e0ca148f5
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
12ba93c7b0114439929f7ac0efcdc60e6eee9da57a2fe6ce68bb969f00f4a54e
1459debe4ae50fd8d33bf2b2ea987bb180ddb9a66014c4bec96ca790e7d123b1
1495669716c7292ef54bbc4ab4a07a81eaf9f1c6b6a697362b6feb75d4d974b1
185d961a00faa1b2be124c66b7a619eca6a2cf1c1859ba73103e07f125b5d6a6
1b91d59c4bdd90f11c17f875ae27b15c1efe83d42182702f51570fcc2063fd24
1e66c06ab180f7bf3da83626313d8c1b45efa2ddd191b430ffec9993a3f9675f
1eb26cfacccd63a2ba28dccde662bdcea27e12835dd3ec8b82b97abf8ab03bb5
21cc852b9403de27f0365e24f9424d97eaabb55f4405f998f7c5a1d330c66fac
22428f9093ad269f49827ae21c713dfbad293be5816f50b68fcf2e2527b05d9b
22cd7cf9363d99f98450e69326c33d9062c1595985b2de4452413c369079b416
2468d8defc10a0ab4f1c4cdfdb085d486de1d1190998cc1b0ef86f0540da2d34
26d51505332c23d6cbda9334670d7311bbb034572931905ecd97e7783a15c3db
29c73bf81e47583e58c823034a73f76ee5aa258f218ddebf92749698d208f4a8
2a5e25cc7cea44b987ce36defc4759391213ef24d0b01f00bf02c6900689bdc2
2aceca191f44f57b792abd0dda19c82f408c200a704ef58c770216208d673137
2ca5941b9c15fd99101457606a3caa97dce6a7bf434345a3b99f92a73333f4f1
2cff7ab03cb4e476b49ea05511c6cfcc71af6d5ed20d40e9b40ee31062149e77
2d9908eaa228bcc16675ea1ed79b67d1fbe2fc170f1a65db2f4acd056ef0a69d
328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7
33530b007071281a97e79baab13ddf7cc4b9de942ebd3e212224857335f7cb97
36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1
3a5b0a6b847d483604ac9518456136660537cba5ef51720975f910e1238d4ea2
3c0c73a1de384be91df7b91b149c28248c0fea534c3d445f159ca7ac4fc6f7c3
3c12076d7a455c11a2079b24bf90f3b1d38a41b6700c6e7b005f21918d15fcfa
3c7183c4de043ccc6a810792aa695847e316969d59069dfa9f014c8fd9a2e04b
3d91efa8e674bee80063a1aa0340dfe1e70157e7ac0f93aae0f3e67f69145838
3ed79e3ac08968102787cbf6064b0bc103e886b15360946315708a95f88b86d0
3eda48b86c56427adbcb08902de61084b5e425b951645ed27d0e6669391ba4b1
3fac6fcea268523d827b4512f268a9bb1df0479b8a4603d118c9e4df7489a038
4330d4072d013510b91ca5648f210b614c2e4e8ecbea94a1f8a8373aa6068532
458519182911aee4143b2a09549c8b275964816dc350d9ec9430df03425178fb
4642568b405b3750fb18df621889e27def95e8162c1cdd256a21b319c9a4e24b
467b9deb4eec0157bf9ba5eaa14e133f5216e6f2e3883d9f59a31eedaab315b3
4842d520e08464045d716e75eb1779ad28f7e13814835e3f3576611b9feab7df
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
48bb89434a42b4fb519f27e9272e018e8151383b4b7f46f26260f5fd29e5f05e
48ec775d3d3c7c54194e7f4d82b1dbc256819da796c9b43b3fb3a8a9de61ce15
49012a03034751182bec7d9d13f321f6870622af0fac77e7eb1fd49dfc164d4a
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3
5010abc38d335ee8205f1ebf7d7c29fbc266076903263054feb2a070a16a4633
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
5336fb757df91e343cca414c112da532ff47f3d40b0d6e1b3c39ea00c8e24ab6
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
55b198b5ed1bd02e77f84c6971a69d5c2160c0c32fd770ce33405e194750f5fd
5738c733f2f7b04e67edebebb67f01a2022d611ce73cbbf9ac15aa8186c6613e
58187730459a02d430a9e3d602a257729971f2dee6b7c718007e9d7c8b5e7a30
583eda12fed77c078f7391866e53eedd80aec5b9b178a3537a3c4c3b09575485
5a8f31073172900f31fd3d4846e4c4882317510fe834f1f8b4479ac1709377d9
5ab46139be655a9bfc68802082f5b8952fa56210d418f8f32755661ba32196d8
5ac034e9f6cf98b1c7b6e258c90ae1065b75217670f008acd061220eda391ba1
5bf14325d405b1a79f657e4986f29e89f5d01a531b4d77ec457bb48d8a6aedbc
5d318a7c4005ae653ca6a9d61a87919ebc27a1ed6a4592374b2ed1332271a642
5d6b864869c19ea1f500174a8dc3f327fd5fdc7e8f92f569788a6744341e4f27
5de01c7b6d59f6d285ae1e13501ca4b84b473fbfff26febd3497e5a6b42cb6f0
613603afe8c5203c59d7f9df1cbac87109df7ffdf245fd20becfa6bd95b92155
634dbb1649db1ae0603f3b13ef07a93d56275471e449e48103209a93b208a3d3
69303f97bf43e5d9fd7a0c8e6b5f4b49de4466684c7e2b8e2108de98e5c98483
6a6e90cb081a4d6f3deca7b0c05c32d01615159e631b68bfa7542166dd8526ea
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6b148df37d08fab8ca2bad1603d8480656d668df7f1258ef3ace8bb60a3b5bf4
6b69d3e8cfca6fe61ca962b3a6454050a8f49cdf976a89fab32845425fb088a1
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6ba74b0b7223564fe5de95a05498160da36162274673a6c4583a757d233c41b1
6bafdc8a6b2f45c69726d91008ce98744ec49146ba44107d9e35e5eb7b1e9da2
6eb31b2fd0be94a39f5e7d36317f17e99c84c22f3287cdd18455f9833de9ab38
6f45cca4a2cf3da6b4e2d74ba6f0803d462ea516157130bb5d6d3b67f98fc8cf
701fb83bf8bc8b07dbb24c8caac66b8106df94943c890754d7f08532ab3050da
70d0aa1a7429573e8d63a5d732a2bc27150ac345ca82e3550d5d3a4a148508df
73479d3be9744865b811d11f4704db6b6e9dbc1ca3357d24df7a6516541c2481
74573014dae59707855b5e8ba2e2961d304f298ab2232f633649a70011231e42
74784da9efde9ee8d897233962fa4f3970312ca244dfa921dd38bec421d27dee
772e8255135bd44cc27bc57038f7d1a773cbbfddac68a63fcb7f6a7ec21ee87b
7907550d56b3bc99a272e14a3f59df2d09cbca431a64b1f5692d09b6c181f8b3
7eca7977c6ade416c20775a7fd7cfa2291c5752cd1225d5c4342b057c37a000c
7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b
80517662352655810cd94d92070d02d75b231c2159cb5b92e6c9b6ceb1bea2d5
80f27d378b4c7cf8bb75946013a68f4787b4c88b484e36c409ddcb4ee21ca5df
821bdc4f69b0d71c8ee65e9e97c232e0a127004991b92133da9019dbe8f90047
82bd02cee2c77b75a28a94f51c1163035315c09ef8eafe6fa5f79f35b97424e5
83648acde5165da6f5a13b4e9dc1dd55f2e580772dcaec57537600fbafe57497
8528e6f56a5fbfa15ce727fee044cc8cb3f859689aa35a43691819981fc73cbb
89b03d4a2f2ca3d04df1fda63a5247ef31cea689a0ca553e353122ab3d22b646
8a4a4dfac1d187a4eeaf1f9d90fae93ab7d76f1ff885b43ef1edab642f4a5c9a
8acdf2e765acbcc04c02865695b036240a398eaba3634556f22cfd2437e85358
8b2ae633ac080271dc61d3b612168791b70664548097d76d90f65b9d8ab6a94a
8c516a0ca4968638bc06124102ce57555afcb2646cfe7d214a08bdbaacc81a43
8cb3a5beb55d80016c612fa6b48eb44b7c06eea49eedb6ef9f905ee2aca9cb19
8cd4b8b06d59ef4dd52b1d2b22c9dd0a2c2f0d42f0bccbf918a07dbaf3e531f6
8cd629187427fdb93787d7156be7a32c391bb2a8da471bbaa274e806e48b36e7
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8ecc5152f7343777baea83373a5007e3a570322842552f886d68072dfa9c7324
91222f96f34735ebc88df208017e54d4329b9202e3e52367fb8b149698a1a5ef
9158e53d7052a6df65c12e3a59a8c77a8be353425523e4eff057fa5578e654ad
966ee1486939f4b7c9815a6ce8dd42420c5859a42efdbbd5b91aff45e0b1cc38
969cfdee4bd0977fdc16895cc9f97e342e7f722518333f2145a0ea47f8662944
9853c133d6f835a0ff8aac88e36834c5b71e8b0ef2734979388817eb0f4097cc
98c0955bc640820323c4f30c88793f402e05aa2124a614bcb460f3eafbceace8
9a876f6cbd09c5f245491f6877db2a6bb7faa356893ae8a5f8881b2ad6c64212
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9e9fd99987af15246e14306757980986239d79241971767883173787fefc636a
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a11f37584d425c821f06a42bb6a20546c9ceaf34bbf5d4d776afbaef40148e6e
a19c83274d8c3c10554c7444c1982cd229d7d1552f599da1c52d466d18fa5247
a34d7888784392bc2af4c5dfaeaf0758292841396e14a4aaeba2f00962cdc660
a3558aefa4ead85a45ecbf71fe842572e0293a87472936bcc65972ac335cb5cc
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a53ad5839d2890be1e594d6342a5102444769c7a89fd15ffd2f3e78aa5c3ea69
a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
a7653c0894ff81630bf0c6670945fad9283c95b5fa4cb68776de02b1941ccb4e
abfaa28e509b104c2edc0bd048809340d5e006ec872e1966baff8383ff8a0e22
ac98f80abb0ecf69b2eac3d98a7896daa62bb223084c5073ddd56fd77541febb
ace30162bc4c525e70b147c8f9a10292d592353f78dcd0530d132156cb194e98
aee734abd6823c8680b1abb876d30da0250333fd75b5af890d286e1b11916ee7
afff8b457f58eff10d6c36cc20fa2b30479d1ac83c1ccc32f4d83b44b2ba922e
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b2c78c910f5ea29e3a9d223dabc203c055c8708b1fe7d83788b490638126db4d
b2effcb18f514a7896e737bdda537f2ef3b5bb989eb247f4ab2aa3facf1148ea
b389c3373b35c43d555f22fff4b401371dd5190f2f01cbff08b7e439fc5b2bd4
b5dc7ad3b3d9dffc2b9c95809de7a9ef6b5d9da3fd729c7cc5b116516ea7e6d4
b6f6d0902ff385f68ec17c4c059d4fe89a0a08f1c022ab70580ea8552dfc0a11
b861cfb1905d4d7c84059d9bdc98d4b3f318f5cd0ed3a02f7d85b4ea3caa6ec5
bb7ac578b3a44f14bb081020aaadd876a144c276842c9f8112d1b2efa45af947
bd3a2482b7b952b621e16a05c3bb1847829d057fb1384f4c32d1362b8153e967
bf051f3ee7aa85b70fbdb5a9c4dbe61dc57372814f700b1b23ecb4f7dfb9ce63
bf40687a1f2f1ade8e2cc851107f622288ca1f802d82c8f53517a794165d3a7d
bf5230ffb8745d28c11ae8b743868364f9be8379300bd59d235f402a53ea96ee
c1857f12739ff327ab20e4a22206df42b7c292e40b403d9b0507c60781e0cd6f
c202f71f67589c6ea3b4fad81228a743f963bea617033a4645b1a74a8e2776f1
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
c40c9c0117af4abd3ab87c81eb1725c442ec682095d29cc8bc2206e3e5ac1c23
c693e913914f4394b8ab57cda7c788490024405ce57f4480a233ad2c84a7cfd2
c76cc68adbbc958993e23bf9ad18979f7aeaab6274b1f2322afb581d22eb855f
c8aba5a821df184d25014d3dda38619d690d340b154bb2d7725187e074c3c542
cafd612ebd6bc497a7a05d3dfef133a0b793f1e04e277b31c424d6d8892a1d48
cb658d8af264091d320d32e952cb1756ea0145c2f6497b182a39e7ce4e466653
ce641364790c6eeca1a9d7939ba220fd148f7eac3cc7c0038aa8cee1dcad9dc1
ce780ce3a0e733e4802151f8e36fed91117d10ca236edae8bf10915ffa9a1931
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d0bffc7261df1454c5e05475cda7d9e6647318dc6c3936767e1252bfe8849c54
d42551b36f344c14cbab00492d682f78ff716f25436e56f2ec19605017f49071
d43839c30999b2062fe54c833b00067c5589af3b0fb0734c34709eb09b6014e0
d81386cb76a2f803a6a7674bab45293bde918693a683a583ccd20f85619df9ef
d8a957038679125d4840554fc43375697e662283121561afdefc2c3fbecaf729
dcef18b9bfa5ba585a335832c5d5dfce3c74aabfd40479273413e2bd9e7bf38c
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
de6b1569f10d67682062caaa40c437ba7710fc5f9fc601169f0be9fc1fc4eb44
e0cfe1534cf66865ac13a161e60ef74f768ebd78b86b894afff55660e435c182
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e55e40533aba29bfd3a7109277ca52b8fc76a800027502632589556dfcbbaeca
e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e
e60c3a63fabfeb15807369b2310092ec16fa0b72a548d1fdf08f9eb644d80beb
e66724b7284c1cb011a5594f5af03602189da837569e74cd5511249572f9b83c
e7e9879e57f8e78354f4ec91a338351b8d97d63914b7762ef79504f7b727b273
e8403779d45a9590b43c0ecf984ebe11e75fd2982630d658390a6001a6768770
e91e7d4b434bf577e8f9f0fef4a45ab94c41fd0493ff9e760bcd398732f6fdc4
eaa9c4d3ab04c20b60d55a23cd625bd2718bbaea74fa483a194e41647211ad35
ed72690522a553c2800b9b742ddcc58fe9c221ec9047d9b27596a774908f859a
ee8588778287c0926d07a6f50c41bbb2a0c7e3c2b468f0c4984de86d85b104d7
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
efa057ea04dd22d35f041563a01808a82244d6b8972478983b17ba9ee5161deb
efca3cc27d852f839975a9cbb42fa4683a14c3f9c36f038dec1c782ebba3fea7
efd196d6e60dc30833072e3a288e9711d00be623554d81198d9cbd127af761f3
efd97a9caf5b9e30e1de009c6c650facb8993f5bb1256d9ce7d2d7b72a3bee9a
f1e39db75b34ff4da77fbb5d728ae7278c79ab84cd41553cbe757463d8a38796
f48f1b088976f2de3bb46a5c5bc609160ef0a6f919109e08f784596b0a93b7d8
f4a74fe2cef1d4e3ca293944e20763b350954439d0966a662691d304d9e1aac3
f6d0fbc88097468e92dd911acb6c3815679d077c0d7ffd0466cb3d19a79c3fd7
f7a4f2070df726492de4c3e47b46a78b77c56fe7dfc4613ff744ca0dfc11e131
f7ae826e9eb5b1dd4b358119ad6b64131ee78b4ed5c337ead7897165563f3d30
f954e3714ac118e43c8dd23cf49cb3fb0ed00bb9bdda3b15f31346e91e4da5c2
fae2773cd95cb857866b4b3a54777c88f6c03e0167bf323c2a1f431985887b61
fbe1583d8642d89d0c349b00c0125e485dd55976282165a6b5f2d29ea9d44549
fd222137f245c06ddb4c4d44db41f12138dad6cf8ef5d4d4a5e500f38f0c8c62

www.123greetings.com Open in urlscan Pro 184.72.244.154 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

510 Requests

100 %HTTPS

34 %IPv6

63 Domains

95 Subdomains

60 IPs

12 Countries

18697 kBTransfer

30250 kBSize

7 Cookies

12 Outgoing links

Page URL History

Redirected requests

510 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 10 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.123greetings.com Open in urlscan Pro
184.72.244.154 Public Scan

Screenshot
Live screenshot

Full Image

510
Requests

100 %
HTTPS

34 %
IPv6

63
Domains

95
Subdomains

60
IPs

12
Countries

18697 kB
Transfer

30250 kB
Size

7
Cookies

510 HTTP transactions
10 data transactions