by-them.com Open in urlscan Pro
13.32.121.11 Public Scan

URL: https://www.facebook.com/bythem.mag/?view_public_for=2354273928227808

URL: http://twitter.com/share?text=%E7%A7%81%E3%81%AF%E3%80%8C%E6%AF%92%E8%A6%AA%E3%80%8D%E8%82%B2%E3%81%A1%E3%81%A0%E3%81%A3%E3%81%9F%E3%81%AE%E3%81%8B%EF%BC%9F%E3%81%84%E3%81%BE%E3%80%81%E7%94%9F%E3%81%8D%E3%81%A5%E3%82%89%E3%81%95%E3%81%AE%E5%8E%9F%E5%9B%A0%E3%82%92%E8%80%83%E3%81%88%E3%82%8B30%E3%81%AE%E8%B3%AA%E5%95%8F-%20%20by-them&url=https%3A%2F%2Fby-them.com%2F430811

URL: http://www.facebook.com/sharer.php?src=bm&u=https%3A%2F%2Fby-them.com%2F430811&t=%E7%A7%81%E3%81%AF%E3%80%8C%E6%AF%92%E8%A6%AA%E3%80%8D%E8%82%B2%E3%81%A1%E3%81%A0%E3%81%A3%E3%81%9F%E3%81%AE%E3%81%8B%EF%BC%9F%E3%81%84%E3%81%BE%E3%80%81%E7%94%9F%E3%81%8D%E3%81%A5%E3%82%89%E3%81%95%E3%81%AE%E5%8E%9F%E5%9B%A0%E3%82%92%E8%80%83%E3%81%88%E3%82%8B30%E3%81%AE%E8%B3%AA%E5%95%8F

URL: http://b.hatena.ne.jp/add?mode=confirm&url=https%3A%2F%2Fby-them.com%2F430811

URL: http://line.me/R/msg/text/?%E7%A7%81%E3%81%AF%E3%80%8C%E6%AF%92%E8%A6%AA%E3%80%8D%E8%82%B2%E3%81%A1%E3%81%A0%E3%81%A3%E3%81%9F%E3%81%AE%E3%81%8B%EF%BC%9F%E3%81%84%E3%81%BE%E3%80%81%E7%94%9F%E3%81%8D%E3%81%A5%E3%82%89%E3%81%95%E3%81%AE%E5%8E%9F%E5%9B%A0%E3%82%92%E8%80%83%E3%81%88%E3%82%8B30%E3%81%AE%E8%B3%AA%E5%95%8F%0D%0Ahttps://by-them.com/430811

URL: https://click.speee-ad.jp/v1/arc?article_id=335992336&chk=3323751131831747184&device=1&dlat=1&ext=95149671-bf3c-4d43-93c8-b8aa2d5fe586&os=1&placement_id=5135&raa=26045&raar=1&raat=1&redirect_url=%2F%2Fby-them.com%2F432387&ref=&request_id=95149671-bf3c-4d43-93c8-b8aa2d5fe586_1634203437147266104_5135&sess_id=0.4035603742001926&slot_index=0&url=https%3A%2F%2Fby-them.com%2F430811&v=4.1.0
Title: 私は何をやってもできない人間。毒親育ちのセルフイメージが低い理由

URL: https://click.speee-ad.jp/v1/arc?article_id=342222945&chk=1102173851639741124&device=1&dlat=1&ext=95149671-bf3c-4d43-93c8-b8aa2d5fe586&os=1&placement_id=5135&raa=26045&raar=1&raat=1&redirect_url=%2F%2Fby-them.com%2F433790&ref=&request_id=95149671-bf3c-4d43-93c8-b8aa2d5fe586_1634203437147266104_5135&sess_id=0.4035603742001926&slot_index=1&url=https%3A%2F%2Fby-them.com%2F430811&v=4.1.0
Title: 「子供のためだ」と過干渉。思い通りにコントロールしたい毒親の言い分

URL: https://click.speee-ad.jp/v1/arc?article_id=332917281&chk=12768642751643951568&device=1&dlat=1&ext=95149671-bf3c-4d43-93c8-b8aa2d5fe586&os=1&placement_id=5135&raa=26045&raar=1&raat=1&redirect_url=%2F%2Fby-them.com%2F431863&ref=&request_id=95149671-bf3c-4d43-93c8-b8aa2d5fe586_1634203437147266104_5135&sess_id=0.4035603742001926&slot_index=2&url=https%3A%2F%2Fby-them.com%2F430811&v=4.1.0
Title: 毒親を捨ててもいいですか？毒親育ちの女性が結婚と離婚を繰り返す理由

URL: https://click.speee-ad.jp/v1/ac?ad_group_creative_id=486300&chk=2167345988874085327&device=1&dlct=1003&expiration=1634289837&ext=95149671-bf3c-4d43-93c8-b8aa2d5fe586&os=1&placement_id=5135&rac=35783&racr=2&ract=1003&redirect_url=https%3A%2F%2Fwatakori-simulator.com%2Fsaimu%2Fuzou01&ref=&request_id=95149671-bf3c-4d43-93c8-b8aa2d5fe586_1634203437147266104_5135&sess_id=0.4035603742001926&slot_index=3&url=https%3A%2F%2Fby-them.com%2F430811&uzcid=5ca524f0-ed36-4e3b-b151-9ea024a16758&v=4.1.0
Title: 手取り12万、貯金ゼロの極貧が400万の借金をたった1年で完済したスゴ技！ PR(司法書士わたこり事務所)

URL: https://uzou.speee-ad.jp/optout/
Title: Recommended by

URL: https://click.speee-ad.jp/v1/ac?ad_group_creative_id=486300&chk=18111055984317151164&device=1&dlct=1003&expiration=1634289837&ext=b34aa685-eea8-43ef-8236-28175f1c2d0d&os=1&placement_id=4188&rac=29154&racr=21&ract=1003&redirect_url=https%3A%2F%2Fwatakori-simulator.com%2Fsaimu%2Fuzou01&ref=&request_id=b34aa685-eea8-43ef-8236-28175f1c2d0d_1634203437146451298_4188&sess_id=0.3834278389301618&slot_index=0&url=https%3A%2F%2Fby-them.com%2F430811&uzcid=62fb94bf-4223-4932-a931-051ebb0b0e24&v=4.1.0
Title: 手取り12万、貯金ゼロの極貧が400万の借金をたった1年で完済したスゴ技！ PR(司法書士わたこり事務所)

URL: https://click.speee-ad.jp/v1/ac?ad_group_creative_id=417648&chk=9692891827180174426&device=1&dlct=1003&expiration=1634289837&ext=b34aa685-eea8-43ef-8236-28175f1c2d0d&os=1&placement_id=4188&rac=29154&racr=21&ract=1003&redirect_url=https%3A%2F%2Fnewsphere.jp%2Flist%2Freasons_for_divorce%2F%3Futm_campaign%3Daccount14%26utm_medium%3Dcpc_uzou%26utm_source%3Duzou&ref=&request_id=b34aa685-eea8-43ef-8236-28175f1c2d0d_1634203437146451298_4188&sess_id=0.3834278389301618&slot_index=1&url=https%3A%2F%2Fby-them.com%2F430811&uzcid=02ec84b4-c9da-4b4c-927c-0bcb0e9dd127&v=4.1.0
Title: 「離婚した理由ランキング」浮気は2位、では1位は？ PR(NewSphere)

URL: https://click.speee-ad.jp/v1/ac?ad_group_creative_id=487717&chk=491610748697254151&device=1&dlct=1003&expiration=1634289837&ext=b34aa685-eea8-43ef-8236-28175f1c2d0d&os=1&placement_id=4188&rac=29154&racr=21&ract=1003&redirect_url=https%3A%2F%2Fasunaro-debt.com%2Fsaimu%2Fuzou01&ref=&request_id=b34aa685-eea8-43ef-8236-28175f1c2d0d_1634203437146451298_4188&sess_id=0.3834278389301618&slot_index=2&url=https%3A%2F%2Fby-them.com%2F430811&uzcid=06231884-0ab9-4a07-a99a-6e6d04102221&v=4.1.0
Title: 手取り12万、貯金ゼロの極貧が400万の借金をたった1年で完済したスゴ技！ PR(弁護士法人東京あすなろ法律事務所)

URL: https://click.speee-ad.jp/v1/ac?ad_group_creative_id=487598&chk=8529233141266805783&device=1&dlct=1003&expiration=1634289837&ext=b34aa685-eea8-43ef-8236-28175f1c2d0d&os=1&placement_id=4188&rac=29154&racr=21&ract=1003&redirect_url=https%3A%2F%2Fsb.mogumo.site%2Fab%2FlJAznFwBxSB-BASvMWlw%3Futm_creative%3DUZ_ga048-ti080-ki04&ref=&request_id=b34aa685-eea8-43ef-8236-28175f1c2d0d_1634203437146451298_4188&sess_id=0.3834278389301618&slot_index=3&url=https%3A%2F%2Fby-them.com%2F430811&uzcid=348d0fa9-6ddd-4c76-b4f3-43d9933694e2&v=4.1.0
Title: 「歯の黄ばみゴッソリ！」アンミカ開発の医薬部外品で歯の色がだんだん!? PR(トラストライン株式会社)

URL: https://click.speee-ad.jp/v1/ac?ad_group_creative_id=384633&chk=11340997463954128006&device=1&dlct=1003&expiration=1634289837&ext=b34aa685-eea8-43ef-8236-28175f1c2d0d&os=1&placement_id=4188&rac=29154&racr=21&ract=1003&redirect_url=https%3A%2F%2Fnewsphere.jp%2Ftopics%2Fmost_popular_countries_for_moving_abroad_2%2F%3Futm_campaign%3Dpc%26utm_medium%3Dcpc_uzou%26utm_source%3Duzou&ref=&request_id=b34aa685-eea8-43ef-8236-28175f1c2d0d_1634203437146451298_4188&sess_id=0.3834278389301618&slot_index=4&url=https%3A%2F%2Fby-them.com%2F430811&uzcid=b672fd39-0cb9-43ca-83ca-42852d87322b&v=4.1.0
Title: 「移住したい国ランキング」日本は2位、では1位は？ PR(NewSphere)

URL: https://click.speee-ad.jp/v1/arc?article_id=324400888&chk=15283877602755017867&device=1&dlat=1&ext=b34aa685-eea8-43ef-8236-28175f1c2d0d&os=1&placement_id=4188&raa=21310&raar=1&raat=1&redirect_url=%2F%2Fby-them.com%2F430503&ref=&request_id=b34aa685-eea8-43ef-8236-28175f1c2d0d_1634203437146451298_4188&sess_id=0.3834278389301618&slot_index=5&url=https%3A%2F%2Fby-them.com%2F430811&v=4.1.0
Title: 毒親育ちで人生真っ暗だった私がみつけた、運命を「好転」させる方法

URL: https://click.speee-ad.jp/v1/arc?article_id=332640085&chk=13281622716637061934&device=1&dlat=1&ext=b34aa685-eea8-43ef-8236-28175f1c2d0d&os=1&placement_id=4188&raa=21310&raar=1&raat=1&redirect_url=%2F%2Fby-them.com%2F431478&ref=&request_id=b34aa685-eea8-43ef-8236-28175f1c2d0d_1634203437146451298_4188&sess_id=0.3834278389301618&slot_index=6&url=https%3A%2F%2Fby-them.com%2F430811&v=4.1.0
Title: わけもなくイライラする、不安になる。毒親育ちが苦しみを抜け出す方法

URL: https://click.speee-ad.jp/v1/arc?article_id=326772888&chk=3262082711576599569&device=1&dlat=1&ext=b34aa685-eea8-43ef-8236-28175f1c2d0d&os=1&placement_id=4188&raa=21310&raar=1&raat=1&redirect_url=%2F%2Fby-them.com%2F430994&ref=&request_id=b34aa685-eea8-43ef-8236-28175f1c2d0d_1634203437146451298_4188&sess_id=0.3834278389301618&slot_index=7&url=https%3A%2F%2Fby-them.com%2F430811&v=4.1.0
Title: 貧乏も親の不仲も不機嫌も、自分が悪いと思って育った毒親育ちの子供達

URL: https://click.speee-ad.jp/v1/arc?article_id=332917281&chk=2692212643077896310&device=1&dlat=1&ext=b34aa685-eea8-43ef-8236-28175f1c2d0d&os=1&placement_id=4188&raa=21310&raar=1&raat=1&redirect_url=%2F%2Fby-them.com%2F431863&ref=&request_id=b34aa685-eea8-43ef-8236-28175f1c2d0d_1634203437146451298_4188&sess_id=0.3834278389301618&slot_index=8&url=https%3A%2F%2Fby-them.com%2F430811&v=4.1.0
Title: 毒親を捨ててもいいですか？毒親育ちの女性が結婚と離婚を繰り返す理由

URL: https://click.speee-ad.jp/v1/arc?article_id=340128377&chk=10988677049197269189&device=1&dlat=1&ext=b34aa685-eea8-43ef-8236-28175f1c2d0d&os=1&placement_id=4188&raa=21310&raar=1&raat=1&redirect_url=%2F%2Fby-them.com%2F432743&ref=&request_id=b34aa685-eea8-43ef-8236-28175f1c2d0d_1634203437146451298_4188&sess_id=0.3834278389301618&slot_index=9&url=https%3A%2F%2Fby-them.com%2F430811&v=4.1.0
Title: 友達がいない、生きづらい。毒親育ちの子供が「人が怖い」と思う理由

URL: https://click.speee-ad.jp/v1/ac?ad_group_creative_id=486694&chk=18244005015705142575&device=1&dlct=1003&expiration=1634289837&ext=b34aa685-eea8-43ef-8236-28175f1c2d0d&os=1&placement_id=4188&rac=29154&racr=21&ract=1003&redirect_url=https%3A%2F%2Fkaren-trend.work%2F2021%2F08%2F17%2Frantruth_179%2F&ref=&request_id=b34aa685-eea8-43ef-8236-28175f1c2d0d_1634203437146451298_4188&sess_id=0.3834278389301618&slot_index=10&url=https%3A%2F%2Fby-them.com%2F430811&uzcid=fcfe9c71-deea-4a31-b5b5-56703a5be2a1&v=4.1.0
Title: 100均の裏ワザ「目元ダルダルの４５歳が２５歳に見間違い」９割知らない衝撃 PR(株式会社ヴィワンアークス)

URL: https://click.speee-ad.jp/v1/ac?ad_group_creative_id=444516&chk=10716423073163049455&device=1&dlct=1003&expiration=1634289837&ext=b34aa685-eea8-43ef-8236-28175f1c2d0d&os=1&placement_id=4188&rac=29154&racr=21&ract=1003&redirect_url=https%3A%2F%2Fliberta-simulator.com%2Fsaimu%2Fofouz01&ref=&request_id=b34aa685-eea8-43ef-8236-28175f1c2d0d_1634203437146451298_4188&sess_id=0.3834278389301618&slot_index=11&url=https%3A%2F%2Fby-them.com%2F430811&uzcid=f5848c6d-9ad7-4da3-9134-ceb528c42bb0&v=4.1.0
Title: 【カード会社が絶対に教えない】月々の返済を半分以下にする裏技 PR(リベルタ総合法律事務所)

URL: https://click.speee-ad.jp/v1/ac?ad_group_creative_id=306283&chk=13105194362631706698&device=1&dlct=1003&expiration=1634289837&ext=b34aa685-eea8-43ef-8236-28175f1c2d0d&os=1&placement_id=4188&rac=29154&racr=21&ract=1003&redirect_url=https%3A%2F%2Fnewsphere.jp%2Flist%2Fnorth_korea_20_facts%2F%3Futm_campaign%3Dpc%26utm_medium%3Dcpc_uzou%26utm_source%3Duzou&ref=&request_id=b34aa685-eea8-43ef-8236-28175f1c2d0d_1634203437146451298_4188&sess_id=0.3834278389301618&slot_index=12&url=https%3A%2F%2Fby-them.com%2F430811&uzcid=175c4444-4837-4447-9768-e53020656983&v=4.1.0
Title: 「あなたの知らない北朝鮮」人口の5％は軍人で10兆ドルのお宝が眠る？ PR(NewSphere)

URL: https://click.speee-ad.jp/v1/ac?ad_group_creative_id=331298&chk=7096123121649255591&device=1&dlct=1003&expiration=1634289837&ext=b34aa685-eea8-43ef-8236-28175f1c2d0d&os=1&placement_id=4188&rac=29154&racr=21&ract=1003&redirect_url=https%3A%2F%2Fnewsphere.jp%2Fnational%2Fcovid_party%2F%3Futm_campaign%3Dpc%26utm_medium%3Dcpc_uzou%26utm_source%3Duzou&ref=&request_id=b34aa685-eea8-43ef-8236-28175f1c2d0d_1634203437146451298_4188&sess_id=0.3834278389301618&slot_index=13&url=https%3A%2F%2Fby-them.com%2F430811&uzcid=3262472a-bbc5-4f65-b9b8-f46a341da979&v=4.1.0
Title: マスクなし感染目的「コロナパーティ」が各地で開催？参加者は何を考えているのか PR(NewSphere)

URL: https://click.speee-ad.jp/v1/ac?ad_group_creative_id=368944&chk=4657445823495535810&device=1&dlct=1003&expiration=1634289837&ext=b34aa685-eea8-43ef-8236-28175f1c2d0d&os=1&placement_id=4188&rac=29154&racr=21&ract=1003&redirect_url=https%3A%2F%2Fnewsphere.jp%2Flist%2Fbeautiful_asia_faces_of_2018_4%2F%3Futm_campaign%3Dpc%26utm_medium%3Dcpc_uzou%26utm_source%3Duzou&ref=&request_id=b34aa685-eea8-43ef-8236-28175f1c2d0d_1634203437146451298_4188&sess_id=0.3834278389301618&slot_index=14&url=https%3A%2F%2Fby-them.com%2F430811&uzcid=3a28cb59-fad2-4e7a-91bb-2b8c883598ed&v=4.1.0
Title: 「アジアで最も美しい顔ランキング」トップ3に入った日本人美女は誰？ PR(NewSphere)

URL: https://click.speee-ad.jp/v1/arc?article_id=326772889&chk=9748923247526024629&device=1&dlat=1&ext=b34aa685-eea8-43ef-8236-28175f1c2d0d&os=1&placement_id=4188&raa=21310&raar=1&raat=1&redirect_url=%2F%2Fby-them.com%2F430908&ref=&request_id=b34aa685-eea8-43ef-8236-28175f1c2d0d_1634203437146451298_4188&sess_id=0.3834278389301618&slot_index=15&url=https%3A%2F%2Fby-them.com%2F430811&v=4.1.0
Title: 鬱の母親と子供に頼る父親。毒親育ちの共依存克服エピソード【体験談】

URL: https://click.speee-ad.jp/v1/arc?article_id=342222945&chk=14671203003104543166&device=1&dlat=1&ext=b34aa685-eea8-43ef-8236-28175f1c2d0d&os=1&placement_id=4188&raa=21310&raar=1&raat=1&redirect_url=%2F%2Fby-them.com%2F433790&ref=&request_id=b34aa685-eea8-43ef-8236-28175f1c2d0d_1634203437146451298_4188&sess_id=0.3834278389301618&slot_index=16&url=https%3A%2F%2Fby-them.com%2F430811&v=4.1.0
Title: 「子供のためだ」と過干渉。思い通りにコントロールしたい毒親の言い分

URL: https://click.speee-ad.jp/v1/arc?article_id=335992336&chk=18264823201680617258&device=1&dlat=1&ext=b34aa685-eea8-43ef-8236-28175f1c2d0d&os=1&placement_id=4188&raa=21310&raar=1&raat=1&redirect_url=%2F%2Fby-them.com%2F432387&ref=&request_id=b34aa685-eea8-43ef-8236-28175f1c2d0d_1634203437146451298_4188&sess_id=0.3834278389301618&slot_index=17&url=https%3A%2F%2Fby-them.com%2F430811&v=4.1.0
Title: 私は何をやってもできない人間。毒親育ちのセルフイメージが低い理由

URL: https://click.speee-ad.jp/v1/arc?article_id=334042001&chk=15816134296405666864&device=1&dlat=1&ext=b34aa685-eea8-43ef-8236-28175f1c2d0d&os=1&placement_id=4188&raa=21310&raar=1&raat=1&redirect_url=%2F%2Fby-them.com%2F432031&ref=&request_id=b34aa685-eea8-43ef-8236-28175f1c2d0d_1634203437146451298_4188&sess_id=0.3834278389301618&slot_index=18&url=https%3A%2F%2Fby-them.com%2F430811&v=4.1.0
Title: 人が怖い、居場所がない、価値がないetc…毒親育ちの持つ悩ましい感覚

URL: https://click.speee-ad.jp/v1/arc?article_id=354386867&chk=2474683756817051474&device=1&dlat=1&ext=b34aa685-eea8-43ef-8236-28175f1c2d0d&os=1&placement_id=4188&raa=21310&raar=1&raat=1&redirect_url=%2F%2Fby-them.com%2F436253&ref=&request_id=b34aa685-eea8-43ef-8236-28175f1c2d0d_1634203437146451298_4188&sess_id=0.3834278389301618&slot_index=19&url=https%3A%2F%2Fby-them.com%2F430811&v=4.1.0
Title: 愛情と苦痛はワンセット。大人になっても抜けない毒親育ちの思い込み

URL: http://www.mag2.com/terms/reader.html
Title: 無料メルマガ登録規約

URL: https://www.mag2.com/m/0001683982.html
Title: mailmagazine

URL: https://www.mag2.com/m/0001574911.html
Title: mailmagazine

URL: https://www.mag2.com/m/0001684436.html
Title: mailmagazine

URL: https://www.mag2.com/m/P0000014.html
Title: mailmagazine

URL: https://www.mag2.com/m/0001682892.html
Title: mailmagazine

URL: https://www.kojikuno.com/
Title: Website

URL: https://ameblo.jp/algrat/
Title: Blog

URL: https://www.mag2.com/m/0001687398.html
Title: mailmagazine

URL: https://www.mag2.com/wmag/by-them.html
Title: メルマガ登録/解除

URL: https://ac.ebis.ne.jp/tr_set.php?argument=np7UMVrt&ai=a5d78b1aa8a12d
Title: 広告掲載のお問い合わせ

URL: https://www.mag2.co.jp/contact#for-business
Title: 編集部へのお問い合わせ

URL: https://docs.google.com/forms/d/e/1FAIpQLSfb_uyJu_IdbHNQ4p1GE3SW_NxHu9NAOlT9u8ofnpjwiZ2DSQ/viewform
Title: プレスリリース受付

URL: https://www.mag2.com/terms/media.html
Title: メディア利用規約

URL: https://www.mag2.co.jp/

URL: https://cookiepedia.co.uk/giving-consent-to-cookies
Title: More information

URL: https://onetrust.com/poweredbyonetrust

URL: https://www.mag2.com/terms/cookie.html
Title: Coolie policy

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://i.mag2.jp/r?aid=a61493d2843633 HTTP 302
https://ac.ebis.ne.jp/tr_set.php?argument=np7UMVrt&ai=a61493d2843633 HTTP 302
https://by-them.com/430811?utm_medium=email&utm_source=mag_W000000003_thu&utm_campaign=mag_9999_0930&trflg=1 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 100

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fby-them.com%2F&domain=by-them.com&cw=1&lsw=1 HTTP 302
https://mug.criteo.com/sid?cpp=o_3EZnxvSmhBaXk3VWdISGVuSHVxVUs4STB1amdiNHNuaU1qUzVuVjEzaWZRQ2RKTXRWd2RyREZJRlNkV08rS1diSDc3QXlWOHhyYkIrYmhoQlQ3elA1Zllld041ano3UUh5V0hCMGlwWjl1cUJDYXk3SXZkdVJJeFMwYVRrWHRiRzVPczJscTJXR0tzTmR4a3htekhMUUEzNTNqZ1dIR0R3TDlhZitORXpDL2ZraTgyU2hsSGFGTk5lUUQ2NTRjaVVVWk9MbGE4TkNmUThHZG1OZWs0bzdYWEZHNGQrTzNlT1BVdm5YbGc5MDc2YzJRPXw&cppv=2

Request Chain 118

https://y.one.impact-ad.jp/h_bid?v=hb1&p=95204&cb=21042055418&r=https%3A%2F%2Fby-them.com%2F430811&uid=290d8847b3cfd4e&tid=082a05c6-853f-4385-a988-5670cb9b1171&uc=div-gpt-ad-1566179229302-0&tmax=2000&t=i&sz=300x250%2C336x280 HTTP 302
https://y.one.impact-ad.jp/ul_cb/h_bid?v=hb1&p=95204&cb=21042055418&r=https%3A%2F%2Fby-them.com%2F430811&uid=290d8847b3cfd4e&tid=082a05c6-853f-4385-a988-5670cb9b1171&uc=div-gpt-ad-1566179229302-0&tmax=2000&t=i&sz=300x250%2C336x280

Request Chain 119

https://y.one.impact-ad.jp/h_bid?v=hb1&p=95205&cb=8104328281&r=https%3A%2F%2Fby-them.com%2F430811&uid=3016e04a27c52a3&tid=59eddf6a-2017-42ae-876f-d23a14629250&uc=div-gpt-ad-1563958765385-0&tmax=2000&t=i&sz=300x250%2C336x280 HTTP 302
https://y.one.impact-ad.jp/ul_cb/h_bid?v=hb1&p=95205&cb=8104328281&r=https%3A%2F%2Fby-them.com%2F430811&uid=3016e04a27c52a3&tid=59eddf6a-2017-42ae-876f-d23a14629250&uc=div-gpt-ad-1563958765385-0&tmax=2000&t=i&sz=300x250%2C336x280

Request Chain 120

https://y.one.impact-ad.jp/h_bid?v=hb1&p=95206&cb=16682839944&r=https%3A%2F%2Fby-them.com%2F430811&uid=31ab96ff61fdfe8&tid=6dd7870b-69fe-4c0e-8752-a401aebcef1e&uc=div-gpt-ad-1563958822521-0&tmax=2000&t=i&sz=300x250%2C336x280 HTTP 302
https://y.one.impact-ad.jp/ul_cb/h_bid?v=hb1&p=95206&cb=16682839944&r=https%3A%2F%2Fby-them.com%2F430811&uid=31ab96ff61fdfe8&tid=6dd7870b-69fe-4c0e-8752-a401aebcef1e&uc=div-gpt-ad-1563958822521-0&tmax=2000&t=i&sz=300x250%2C336x280

Request Chain 121

https://y.one.impact-ad.jp/h_bid?v=hb1&p=95210&cb=23210859549&r=https%3A%2F%2Fby-them.com%2F430811&uid=327a8bab8ffa80b&tid=4c995abf-e90d-4981-ab2d-29e01df7f2f4&uc=div-gpt-ad-1563947322354-0&tmax=2000&t=i&sz=300x250%2C336x280 HTTP 302
https://y.one.impact-ad.jp/ul_cb/h_bid?v=hb1&p=95210&cb=23210859549&r=https%3A%2F%2Fby-them.com%2F430811&uid=327a8bab8ffa80b&tid=4c995abf-e90d-4981-ab2d-29e01df7f2f4&uc=div-gpt-ad-1563947322354-0&tmax=2000&t=i&sz=300x250%2C336x280

Request Chain 122

https://y.one.impact-ad.jp/h_bid?v=hb1&p=95211&cb=16133573305&r=https%3A%2F%2Fby-them.com%2F430811&uid=331f84a99d332bc&tid=a71a9247-da22-48f6-9a34-a14c43a76558&uc=div-gpt-ad-1563947472720-0&tmax=2000&t=i&sz=300x250%2C336x280 HTTP 302
https://y.one.impact-ad.jp/ul_cb/h_bid?v=hb1&p=95211&cb=16133573305&r=https%3A%2F%2Fby-them.com%2F430811&uid=331f84a99d332bc&tid=a71a9247-da22-48f6-9a34-a14c43a76558&uc=div-gpt-ad-1563947472720-0&tmax=2000&t=i&sz=300x250%2C336x280

Request Chain 290

https://gum.criteo.com/sid/json?origin=publishertag&domain=by-them.com&sn=ChromeSyncframe&so=3&topUrl=by-them.com&bundle=j81YnF9aNFp5ZG5xUlg0YlFJUzN3cnFPb0ZURnNmMUZHT1AycnZ2TVRSS3FhNGlpWVc1UmpzUElzc3lmemZiUFJrRSUyRmpHMyUyQiUyRmZFc2NsR0dzR1gwcUF1THk1JTJGOFdjRGMzem8zcmphc2xLTXFZSjZLNDRmNnI3cFglMkJiVSUyQmVOcGpxczZxVg&cw=1&lsw=1 HTTP 302
https://mug.criteo.com/sid?cpp=oySXjHwxdm1aSjUybFJsdmI2djlpY2I2dzVxdjFuVmVlbVlBSGVFK2xhNCtQOW1yY21OUTV3WjNQYmtyMG1oaDBjVHpVWkd2YjFHQ21BUWxiVFQ5blQzMHFvMDJ3K1h0ejErUWtHamZxT3BvZyt4d2M3bEZlbDR6clJhOEttOWo4T21BQmhFOVBJN20vTCtZYXRWSFpwMldER1FSbUFxclc4ejViMDkwRTdnODlUcWVSbis5OUZJZEwvUGMxdlkzdEgwRjRPV3Rid2pHTXhmMHF5eWc2czg2cWdZdU5jOGRCeUpqK0oxYzdOVk1OVHM3VFB0dVdCdE9hR2E1c0NtdTV0WktubkFFTlR0bHl4WWh1bUZTVGQ1czBjeEVYUGFvQjVJQzczOHJoZ2QrZXhnRT18&cppv=2

Request Chain 312

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEC53isMPgHMaabqNDvfMhQY&google_cver=1

Request Chain 313

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YWf3L.IJHAtuN0XGpVci-wAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEC53isMPgHMaabqNDvfMhQY&google_cver=1&google_hm=2

Request Chain 314

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEJTmEejb12SZO6KvPwskECM&google_cver=1

Request Chain 315

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTg3MzI5MDUyMDY4NjgwMTg4Mw%3D%3D

Request Chain 316

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEC53isMPgHMaabqNDvfMhQY&google_cver=1

Request Chain 317

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YWf3L.IJHAtuN0XGpVci-wAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEC53isMPgHMaabqNDvfMhQY&google_cver=1&google_hm=2

Request Chain 318

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEJTmEejb12SZO6KvPwskECM&google_cver=1

Request Chain 319

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTg3MzI5MDUyMDY4NjgwMTg4Mw%3D%3D

Request Chain 344

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEC53isMPgHMaabqNDvfMhQY&google_cver=1

Request Chain 345

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YWf3L.IJHAtuN0XGpVci-wAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEC53isMPgHMaabqNDvfMhQY&google_cver=1&google_hm=2

Request Chain 346

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEJTmEejb12SZO6KvPwskECM&google_cver=1

Request Chain 347

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTg3MzI5MDUyMDY4NjgwMTg4Mw%3D%3D

Request Chain 348

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEC53isMPgHMaabqNDvfMhQY&google_cver=1

Request Chain 349

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YWf3L.IJHAtuN0XGpVci-wAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEC53isMPgHMaabqNDvfMhQY&google_cver=1&google_hm=2

Request Chain 350

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEJTmEejb12SZO6KvPwskECM&google_cver=1

Request Chain 351

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTg3MzI5MDUyMDY4NjgwMTg4Mw%3D%3D

Request Chain 352

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESECxvsMRegSy6GDRVM8AI05Q&google_cver=1

Request Chain 353

https://us-u.openx.net/w/1.0/cm?id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D HTTP 302
https://us-u.openx.net/w/1.0/cm?cc=1&id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=MTEwNGE0Y2ItMmY2My0yM2NmLWRjMGQtNDUzYmEyN2I1M2I5

Request Chain 354

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm HTTP 302
https://sync.teads.tv/um?eid=3&uid=CAESEIftNPQNf2YBTzYBA1Ni4t4&google_cver=1

Request Chain 356

https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_cm&google_dbm HTTP 302
https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESEEbTGjDhgYdgvhdh00K9p9A&google_cver=1

Request Chain 357

https://sync.search.spotxchange.com/partner?adv_id=7025&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dspotxchange_dbm%26google_hm%3D%24SPOTX_BASE64_USER_ID HTTP 302
https://sync.search.spotxchange.com/partner?adv_id=7025&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dspotxchange_dbm%26google_hm%3D%24SPOTX_BASE64_USER_ID&__user_check__=1&sync_id=76f9932d-2cd0-11ec-aa9b-1dbc55590406 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_hm=NzZmOTkyZTUtMmNkMC0xMWVjLWFhOWItMWRiYzU1NTkwNDA2

Request Chain 373

https://cm.g.doubleclick.net/pixel?google_nid=adtech_dbm&google_cm&google_dbm&_origin=1 HTTP 302
https://pixel.advertising.com/ups/55946/sync?uid=CAESEPGWrRqpg_nMOd-WAjuAvuY&_origin=1&google_cver=1 HTTP 302
https://ups.analytics.yahoo.com/ups/55946/sync?uid=CAESEPGWrRqpg_nMOd-WAjuAvuY&_origin=1&google_cver=1&apid=UP76fd6389-2cd0-11ec-b57c-02e8ad9e7d96

Request Chain 374

https://pixel.advertising.com/ups/55946/sync?_origin=1&redir=true HTTP 302
https://pixel.advertising.com/ups/55946/sync?_origin=1&redir=true&verify=true HTTP 302
https://ups.analytics.yahoo.com/ups/55946/sync?_origin=1&redir=true&apid=UP76fd6389-2cd0-11ec-b57c-02e8ad9e7d96 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=adtech_dbm&google_hm=VVA3NmZkNjM4OS0yY2QwLTExZWMtYjU3Yy0wMmU4YWQ5ZTdkOTY%3D

Request Chain 375

https://ups.analytics.yahoo.com/ups/58269/sync?_origin=1&redir=true HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=oath_dbm&google_hm=eS1WejdUeXZsRTJ1RnlaNnVJcFlWZEc0OVVpRjUuaHlla35B

Request Chain 379

https://cm.g.doubleclick.net/pixel?google_nid=adtech_dbm&google_cm&google_dbm&_origin=1 HTTP 302
https://pixel.advertising.com/ups/55946/sync?uid=CAESEPGWrRqpg_nMOd-WAjuAvuY&_origin=1&google_cver=1 HTTP 302
https://ups.analytics.yahoo.com/ups/55946/sync?uid=CAESEPGWrRqpg_nMOd-WAjuAvuY&_origin=1&google_cver=1&apid=UP76fd6389-2cd0-11ec-b57c-02e8ad9e7d96

Request Chain 380

https://pixel.advertising.com/ups/55946/sync?_origin=1&redir=true HTTP 302
https://pixel.advertising.com/ups/55946/sync?_origin=1&redir=true&verify=true HTTP 302
https://ups.analytics.yahoo.com/ups/55946/sync?_origin=1&redir=true&apid=UP76fd6389-2cd0-11ec-b57c-02e8ad9e7d96 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=adtech_dbm&google_hm=VVA3NmZkNjM4OS0yY2QwLTExZWMtYjU3Yy0wMmU4YWQ5ZTdkOTY%3D

Request Chain 381

https://ups.analytics.yahoo.com/ups/58269/sync?_origin=1&redir=true HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=oath_dbm&google_hm=eS1WejdUeXZsRTJ1RnlaNnVJcFlWZEc0OVVpRjUuaHlla35B

Request Chain 389

https://cm.g.doubleclick.net/pixel?google_nid=smartrtb_dbm&google_cm&google_dbm HTTP 302
https://rtb-csync.smartadserver.com/redir/?partnerid=76&partneruserid=CAESEFk-imgEzjiKF86i_DdjhhY&google_cver=1

Request Chain 467

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 476

https://pixel.everesttech.net/1/m?url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Deverest%26google_hm%3D__EFGSURFER_USB64__%26google_push%3DAYg5qPL1F6T-gJLP3yOna6EG719SLAdapUx7Wr0T2LDTGY10V80wSi0LxwEGvrpWDvJOhCGhejMIPceECBvDNoT6ZnXAERwWh16A&google_gid=CAESEEnRQuDdyrOe7g99Q5tzKOg&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WVdmM01RQUFBSGZYNVVJbQ&google_push=AYg5qPL1F6T-gJLP3yOna6EG719SLAdapUx7Wr0T2LDTGY10V80wSi0LxwEGvrpWDvJOhCGhejMIPceECBvDNoT6ZnXAERwWh16A

Request Chain 479

https://sync.tidaltv.com/genericusersync.ashx?dpid=glrdr&google_gid=CAESEJHoH95pXhpWSaTzYy15EcA&google_cver=1&google_push=AYg5qPLdiBpa3LNv_zQQ9_ij3CznI9tzi_6C1sjByCD8LF9JyIXcPFC8KGF1rRJ2y2u8Ua2-R33pgkLGsEUSIpzuoP1z8A8B_uA HTTP 302
https://sync.tidaltv.com/genericusersync.ashx?dpid=glrdr&google_gid=CAESEJHoH95pXhpWSaTzYy15EcA&google_cver=1&google_push=AYg5qPLdiBpa3LNv_zQQ9_ij3CznI9tzi_6C1sjByCD8LF9JyIXcPFC8KGF1rRJ2y2u8Ua2-R33pgkLGsEUSIpzuoP1z8A8B_uA&s_h=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=lucid1&google_push&google_hm=5hliCRscRlm2SQpvIDMwAQ&gdpr=1&gdpr_consent=

Request Chain 480

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEMMXwWU8CTP5pWv5_e8Vd9Q&google_cver=1&google_push=AYg5qPIkkYs19rYf5nveSkmu28l-GOlbg17W0thw3R6nS7wJcfJ9HCAUlED-iw4vO_Bh5HEo4em08HhGFrYKfdMpiz3_xpz9e7o HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AYg5qPIkkYs19rYf5nveSkmu28l-GOlbg17W0thw3R6nS7wJcfJ9HCAUlED-iw4vO_Bh5HEo4em08HhGFrYKfdMpiz3_xpz9e7o&google_hm=MjY5MjQ0MTQxMTQwNzQ4MTg5

Request Chain 481

https://eb2.3lift.com/ebda?sync=1&google_gid=CAESEM-haXFWLUtpb5OvoiqX3og&google_cver=1&google_push=AYg5qPJLsxdsNt9xvxxFCw6pMvCWyg_PQqJ22R1oExenNdagrnYOqCNyZOpsZPz-DalvXw_wYJBmnRsHbajJkCdvi5BZYRIsZ98 HTTP 302
https://eb2.3lift.com/sync/google/supply?ld=1&gdpr=1&cmp_cs=&us_privacy=&sync=1&google_push=AYg5qPJLsxdsNt9xvxxFCw6pMvCWyg_PQqJ22R1oExenNdagrnYOqCNyZOpsZPz-DalvXw_wYJBmnRsHbajJkCdvi5BZYRIsZ98&google_gid=CAESEM-haXFWLUtpb5OvoiqX3og HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MjgxODgwNzc1MzkyNzY4OTE2NQ%3D%3D&google_push=AYg5qPJLsxdsNt9xvxxFCw6pMvCWyg_PQqJ22R1oExenNdagrnYOqCNyZOpsZPz-DalvXw_wYJBmnRsHbajJkCdvi5BZYRIsZ98

Request Chain 486

https://sync.mathtag.com/sync/img?mt_exid=4&google_gid=CAESEFdGoEp47IPXTjCtkOkfHWc&google_cver=1&google_push=AYg5qPJl6JLBZn0amtM94HeGeWEfgTRDSm_lE4B9GHizq3ycuyZk1hL0vHRXQg8WFceL6dt4zTj9pEZIJvBi1qrkkym2a14oRw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=AYg5qPJl6JLBZn0amtM94HeGeWEfgTRDSm_lE4B9GHizq3ycuyZk1hL0vHRXQg8WFceL6dt4zTj9pEZIJvBi1qrkkym2a14oRw

Request Chain 488

https://rtb.openx.net/sync/dds?google_gid=CAESEJ_U62KNZUpkHgWbWL8xwKI&google_cver=1&google_push=AYg5qPIigXA1bCveDb4ZGtppk2q99BGzFKXycV2-jp2NEKObjehyKYESUKAQFUciLzEnBOL_ZoLRcjqcaky1WOLftLOm9qo7V7I HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPIigXA1bCveDb4ZGtppk2q99BGzFKXycV2-jp2NEKObjehyKYESUKAQFUciLzEnBOL_ZoLRcjqcaky1WOLftLOm9qo7V7I&google_hm=4j39PU-SxEUvmVM1u4CnYw==

Request Chain 489

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEIhB8Iyp-vANqlcSZb0-l7E&google_cver=1&google_push=AYg5qPJ-nGh-1AKFsQlt8mHAc3ZytGAB0UsXVdH4rZ0iJ4nGcqcs_LaqkMLmJrtDkGJQON9Mi_QsXd9TeWXbdueGQAb3N3C1D98 HTTP 302
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEIhB8Iyp-vANqlcSZb0-l7E&google_cver=1&google_push=AYg5qPJ-nGh-1AKFsQlt8mHAc3ZytGAB0UsXVdH4rZ0iJ4nGcqcs_LaqkMLmJrtDkGJQON9Mi_QsXd9TeWXbdueGQAb3N3C1D98&rdf=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=bA8_UmtMS7GU-5VkDDymLg%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPJ-nGh-1AKFsQlt8mHAc3ZytGAB0UsXVdH4rZ0iJ4nGcqcs_LaqkMLmJrtDkGJQON9Mi_QsXd9TeWXbdueGQAb3N3C1D98

Request Chain 490

https://match.360yield.com/match/ebda?google_gid=CAESEP-noxAu48zyXqHyryPi-RE&google_cver=1&google_push=AYg5qPJLoSt8sSHV5XUPzJIRyRr-F2P-CgrjdQZwYrU8XqP5jmClOk3LLRjaUVrgJTTyD2eyEx0_J_bRYS_M9_BEQmYb6_rzlUQ HTTP 302
https://match.360yield.com/ul_cb/match/ebda?google_gid=CAESEP-noxAu48zyXqHyryPi-RE&google_cver=1&google_push=AYg5qPJLoSt8sSHV5XUPzJIRyRr-F2P-CgrjdQZwYrU8XqP5jmClOk3LLRjaUVrgJTTyD2eyEx0_J_bRYS_M9_BEQmYb6_rzlUQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=hUOdT7ouQB-JAgRnuELd4g&google_push=AYg5qPJLoSt8sSHV5XUPzJIRyRr-F2P-CgrjdQZwYrU8XqP5jmClOk3LLRjaUVrgJTTyD2eyEx0_J_bRYS_M9_BEQmYb6_rzlUQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=hUOdT7ouQB-JAgRnuELd4g&google_push=AYg5qPJLoSt8sSHV5XUPzJIRyRr-F2P-CgrjdQZwYrU8XqP5jmClOk3LLRjaUVrgJTTyD2eyEx0_J_bRYS_M9_BEQmYb6_rzlUQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=hUOdT7ouQB-JAgRnuELd4g&google_push=AYg5qPJLoSt8sSHV5XUPzJIRyRr-F2P-CgrjdQZwYrU8XqP5jmClOk3LLRjaUVrgJTTyD2eyEx0_J_bRYS_M9_BEQmYb6_rzlUQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=hUOdT7ouQB-JAgRnuELd4g&google_push=AYg5qPJLoSt8sSHV5XUPzJIRyRr-F2P-CgrjdQZwYrU8XqP5jmClOk3LLRjaUVrgJTTyD2eyEx0_J_bRYS_M9_BEQmYb6_rzlUQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=hUOdT7ouQB-JAgRnuELd4g&google_push=AYg5qPJLoSt8sSHV5XUPzJIRyRr-F2P-CgrjdQZwYrU8XqP5jmClOk3LLRjaUVrgJTTyD2eyEx0_J_bRYS_M9_BEQmYb6_rzlUQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=hUOdT7ouQB-JAgRnuELd4g&google_push=AYg5qPJLoSt8sSHV5XUPzJIRyRr-F2P-CgrjdQZwYrU8XqP5jmClOk3LLRjaUVrgJTTyD2eyEx0_J_bRYS_M9_BEQmYb6_rzlUQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=hUOdT7ouQB-JAgRnuELd4g&google_push=AYg5qPJLoSt8sSHV5XUPzJIRyRr-F2P-CgrjdQZwYrU8XqP5jmClOk3LLRjaUVrgJTTyD2eyEx0_J_bRYS_M9_BEQmYb6_rzlUQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=hUOdT7ouQB-JAgRnuELd4g&google_push=AYg5qPJLoSt8sSHV5XUPzJIRyRr-F2P-CgrjdQZwYrU8XqP5jmClOk3LLRjaUVrgJTTyD2eyEx0_J_bRYS_M9_BEQmYb6_rzlUQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=hUOdT7ouQB-JAgRnuELd4g&google_push=AYg5qPJLoSt8sSHV5XUPzJIRyRr-F2P-CgrjdQZwYrU8XqP5jmClOk3LLRjaUVrgJTTyD2eyEx0_J_bRYS_M9_BEQmYb6_rzlUQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=hUOdT7ouQB-JAgRnuELd4g&google_push=AYg5qPJLoSt8sSHV5XUPzJIRyRr-F2P-CgrjdQZwYrU8XqP5jmClOk3LLRjaUVrgJTTyD2eyEx0_J_bRYS_M9_BEQmYb6_rzlUQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=hUOdT7ouQB-JAgRnuELd4g&google_push=AYg5qPJLoSt8sSHV5XUPzJIRyRr-F2P-CgrjdQZwYrU8XqP5jmClOk3LLRjaUVrgJTTyD2eyEx0_J_bRYS_M9_BEQmYb6_rzlUQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=hUOdT7ouQB-JAgRnuELd4g&google_push=AYg5qPJLoSt8sSHV5XUPzJIRyRr-F2P-CgrjdQZwYrU8XqP5jmClOk3LLRjaUVrgJTTyD2eyEx0_J_bRYS_M9_BEQmYb6_rzlUQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=hUOdT7ouQB-JAgRnuELd4g&google_push=AYg5qPJLoSt8sSHV5XUPzJIRyRr-F2P-CgrjdQZwYrU8XqP5jmClOk3LLRjaUVrgJTTyD2eyEx0_J_bRYS_M9_BEQmYb6_rzlUQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=hUOdT7ouQB-JAgRnuELd4g&google_push=AYg5qPJLoSt8sSHV5XUPzJIRyRr-F2P-CgrjdQZwYrU8XqP5jmClOk3LLRjaUVrgJTTyD2eyEx0_J_bRYS_M9_BEQmYb6_rzlUQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=hUOdT7ouQB-JAgRnuELd4g&google_push=AYg5qPJLoSt8sSHV5XUPzJIRyRr-F2P-CgrjdQZwYrU8XqP5jmClOk3LLRjaUVrgJTTyD2eyEx0_J_bRYS_M9_BEQmYb6_rzlUQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=hUOdT7ouQB-JAgRnuELd4g&google_push=AYg5qPJLoSt8sSHV5XUPzJIRyRr-F2P-CgrjdQZwYrU8XqP5jmClOk3LLRjaUVrgJTTyD2eyEx0_J_bRYS_M9_BEQmYb6_rzlUQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=hUOdT7ouQB-JAgRnuELd4g&google_push=AYg5qPJLoSt8sSHV5XUPzJIRyRr-F2P-CgrjdQZwYrU8XqP5jmClOk3LLRjaUVrgJTTyD2eyEx0_J_bRYS_M9_BEQmYb6_rzlUQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=hUOdT7ouQB-JAgRnuELd4g&google_push=AYg5qPJLoSt8sSHV5XUPzJIRyRr-F2P-CgrjdQZwYrU8XqP5jmClOk3LLRjaUVrgJTTyD2eyEx0_J_bRYS_M9_BEQmYb6_rzlUQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=hUOdT7ouQB-JAgRnuELd4g&google_push=AYg5qPJLoSt8sSHV5XUPzJIRyRr-F2P-CgrjdQZwYrU8XqP5jmClOk3LLRjaUVrgJTTyD2eyEx0_J_bRYS_M9_BEQmYb6_rzlUQ

Request Chain 491

https://pixel.advertising.com/ups/58202/sync?gdpr=&gdpr_consent=&redir=true&google_gid=CAESEM3GUF5fSXG3sBf8xBPdWd4&google_cver=1&google_push=AYg5qPKPjYE-2unhM18YkHQSPrxm_BumOQeLCUaqvMN__BQlNLM3xxB6DGo47OY1HtJHF9iyKJWL7ka24UhDr4V-2kBXQlwa-D5_ HTTP 302
https://ups.analytics.yahoo.com/ups/58202/sync?gdpr=&gdpr_consent=&redir=true&google_gid=CAESEM3GUF5fSXG3sBf8xBPdWd4&google_cver=1&google_push=AYg5qPKPjYE-2unhM18YkHQSPrxm_BumOQeLCUaqvMN__BQlNLM3xxB6DGo47OY1HtJHF9iyKJWL7ka24UhDr4V-2kBXQlwa-D5_&apid=UP76fd6389-2cd0-11ec-b57c-02e8ad9e7d96 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=oath_eb&google_hm=VVA3NmZkNjM4OS0yY2QwLTExZWMtYjU3Yy0wMmU4YWQ5ZTdkOTY%3D&google_push=AYg5qPKPjYE-2unhM18YkHQSPrxm_BumOQeLCUaqvMN__BQlNLM3xxB6DGo47OY1HtJHF9iyKJWL7ka24UhDr4V-2kBXQlwa-D5_

Request Chain 492

https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEFCllLQeRtTHh-UQjlDBFes&google_cver=1&google_push=AYg5qPIGjBSTs6x-hfkx-VTQqjh9_0uDYzX4ydkBuklZjVEWBi1UCraZgYq-CXk9e3oto9EeFC71KUiOmzkiL6OscziAK--hbNCg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS1OUXN2RU1KRTJ1SHVmREtWblc3OGxlejRRTS5KcHdPT35B&google_push=AYg5qPIGjBSTs6x-hfkx-VTQqjh9_0uDYzX4ydkBuklZjVEWBi1UCraZgYq-CXk9e3oto9EeFC71KUiOmzkiL6OscziAK--hbNCg

Request Chain 495

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESECeGbH3GHU4MjPe-HDiKmks&google_cver=1&google_push=AYg5qPJYX5NZpHRmKm2D77aFy-_TO3kok3AQdVKQxTtRNZJp9336xSUMyNq7zr7pOWFQ9dmkpT0_hZ9SsOn_8c6sHYoRpVbBj97c HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESECeGbH3GHU4MjPe-HDiKmks&google_push=AYg5qPJYX5NZpHRmKm2D77aFy-_TO3kok3AQdVKQxTtRNZJp9336xSUMyNq7zr7pOWFQ9dmkpT0_hZ9SsOn_8c6sHYoRpVbBj97c

Request Chain 497

https://gcm.ctnsnet.com/int/cm?exc=1&acc=crimtan&google_gid=CAESECIEj05zGyDJ5lp-N5W2Ct8&google_cver=1&google_push=AYg5qPI5oamFq_mpSQ3CrSKaHsY6fkKdfP1BBQQjWfmAFRa2EYFjuO0JmjP0_n1eYmCkOJmA6_ZL2n8wLswBDMJUCA9zuKUChQ1y HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AYg5qPI5oamFq_mpSQ3CrSKaHsY6fkKdfP1BBQQjWfmAFRa2EYFjuO0JmjP0_n1eYmCkOJmA6_ZL2n8wLswBDMJUCA9zuKUChQ1y&google_hm=SPTrDGffSOq07mvtGpJI0k8

Request Chain 498

https://ads.travelaudience.com/google_pixel?google_gid=CAESEPsN8yD6N7IPROGvifUmib4&google_cver=1&google_push=AYg5qPIbGfPeicBAAi497RPUQbYBFRaxcQ7Xk2FXTVifEHNz4ewsV4IalP5ZxA7hVKrMGNAQ2QHuZAUGDnUZxwJeYk-GNtVJi7s4 HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=eiQGYwbrTCK5vD3zSuGBXQ2&google_push=AYg5qPIbGfPeicBAAi497RPUQbYBFRaxcQ7Xk2FXTVifEHNz4ewsV4IalP5ZxA7hVKrMGNAQ2QHuZAUGDnUZxwJeYk-GNtVJi7s4

Request Chain 499

https://tracking.m6r.eu/sync/adxRedirect?gdprFallback=true&google_gid=&google_gid=CAESEM3z3zsYGbFyOV-Qt9CCB7c&google_cver=1&google_push=AYg5qPJr_A5e6W-HPa34Nja5DoGZN818C-vXldQurBhQNqjSBuNOaPt5WUmPVVatk_lcCGSvj8-f7iw_XHJ2B13PY8DNIeaOzbsV HTTP 302
https://tracking.m6r.eu/sync/adxRedirect?gdprFallback=true&google_gid=&google_gid=CAESEM3z3zsYGbFyOV-Qt9CCB7c&google_cver=1&google_push=AYg5qPJr_A5e6W-HPa34Nja5DoGZN818C-vXldQurBhQNqjSBuNOaPt5WUmPVVatk_lcCGSvj8-f7iw_XHJ2B13PY8DNIeaOzbsV&checkcookies=true HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=m6r&google_ula=158217889&google_hm=TAO5O3QCu8lGE768YGwkFg&google_push=AYg5qPJr_A5e6W-HPa34Nja5DoGZN818C-vXldQurBhQNqjSBuNOaPt5WUmPVVatk_lcCGSvj8-f7iw_XHJ2B13PY8DNIeaOzbsV

Request Chain 500

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEAH8jQM8dzZXBDPPIVy2XQU&google_cver=1&google_push=AYg5qPLZzxI50Y4JFChSAl-wNnwyI5lKIUJbg_m740AbOi9zYq4J39KfCm4mtgCtp0YRuBC27mILVDmKMzeh82teLTy1pXYnLz-8 HTTP 302
https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESEAH8jQM8dzZXBDPPIVy2XQU&google_cver=1&google_push=AYg5qPLZzxI50Y4JFChSAl-wNnwyI5lKIUJbg_m740AbOi9zYq4J39KfCm4mtgCtp0YRuBC27mILVDmKMzeh82teLTy1pXYnLz-8 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=ODkxOTczOTczOTc2NjM5NDcwOA&google_push=AYg5qPLZzxI50Y4JFChSAl-wNnwyI5lKIUJbg_m740AbOi9zYq4J39KfCm4mtgCtp0YRuBC27mILVDmKMzeh82teLTy1pXYnLz-8

Request Chain 524

https://pixel.everesttech.net/1/m?url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Deverest%26google_hm%3D__EFGSURFER_USB64__%26google_push%3DAYg5qPLaX-I6uYghDch0zkDziAhKVhsQBD4zNdYi8EVEMchYsXjoYYLEa-QyNrn-XwgnllgksHOVm3nnFmqw3hFrwBF1zWxCbwIk&google_gid=CAESEEnRQuDdyrOe7g99Q5tzKOg&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WVdmM01RQUFCSDdUYTBOQA&google_push=AYg5qPLaX-I6uYghDch0zkDziAhKVhsQBD4zNdYi8EVEMchYsXjoYYLEa-QyNrn-XwgnllgksHOVm3nnFmqw3hFrwBF1zWxCbwIk

Request Chain 525

https://pm.w55c.net/ping_match.gif?ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEGq_umzvTpc0iJ1KRTUIw8g&google_cver=1&google_push=AYg5qPJdBZ55ogNPFAEpWYbl_CBlZzJjyw-7Ueuhwb2VrMdPL8rll6-sSCPlHnghTQu_psC_jUBV_G-tgfHz1bVNmC44fb7YHqvG HTTP 302
https://pm.w55c.net/ping_match.gif?scc=1&ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEGq_umzvTpc0iJ1KRTUIw8g&google_cver=1&google_push=AYg5qPJdBZ55ogNPFAEpWYbl_CBlZzJjyw-7Ueuhwb2VrMdPL8rll6-sSCPlHnghTQu_psC_jUBV_G-tgfHz1bVNmC44fb7YHqvG HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=MnlGNHA5T24xTUFXWTE1&google_gid=CAESEGq_umzvTpc0iJ1KRTUIw8g&google_cver=1&google_push=AYg5qPJdBZ55ogNPFAEpWYbl_CBlZzJjyw-7Ueuhwb2VrMdPL8rll6-sSCPlHnghTQu_psC_jUBV_G-tgfHz1bVNmC44fb7YHqvG

Request Chain 526

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEAYNtEUlm_I-aI2n_36uT6o&google_cver=1&google_push=AYg5qPLWwsiRphzpf0dLpK2k-oCoB0MdbA8P__64UKJ9LWw11fCYFNXeiHrfyMANs_opyd5uMFt61psCJQwVC6buARwtC_lduHE HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1VRUUo5UkotMVYtQVM2RA==&google_push=AYg5qPLWwsiRphzpf0dLpK2k-oCoB0MdbA8P__64UKJ9LWw11fCYFNXeiHrfyMANs_opyd5uMFt61psCJQwVC6buARwtC_lduHE

Request Chain 527

https://sync.1rx.io/usersync2/rmpssp?sub=google&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3D%5BRX_SPD%5D%26google_hm%3D%5BRX_UUID_B64_BIN%5D&google_gid=CAESEEqz1eWvh9-BMa_n3Pcdfvg&google_cver=1&google_push=AYg5qPJ1uD8Aw6rxl5W_22yFKhNL0gfq-iLwMP4-ACfQ5fDAgaxfDYLoCBoCSUMjLRlhb6mVrH4ZkZRqxLK5hy5Ke8MvaZLt5HI HTTP 302
https://sync.targeting.unrulymedia.com/csync/RX-132324a8-8a9c-453d-862e-d95df14e454e-003?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3DAYg5qPJ1uD8Aw6rxl5W_22yFKhNL0gfq-iLwMP4-ACfQ5fDAgaxfDYLoCBoCSUMjLRlhb6mVrH4ZkZRqxLK5hy5Ke8MvaZLt5HI%26google_hm%3DAxMjJKiKnEU9hi7ZXfFORU4 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AYg5qPJ1uD8Aw6rxl5W_22yFKhNL0gfq-iLwMP4-ACfQ5fDAgaxfDYLoCBoCSUMjLRlhb6mVrH4ZkZRqxLK5hy5Ke8MvaZLt5HI&google_hm=AxMjJKiKnEU9hi7ZXfFORU4

Request Chain 528

https://eb2.3lift.com/ebda?sync=1&google_gid=CAESEM-haXFWLUtpb5OvoiqX3og&google_cver=1&google_push=AYg5qPIyAcnVZdyxHVPY8C320bnItd7QHUxbsPjy75Iv9EDbWfhb31VJXjvjFPd0RI-s87L71JLaNT0XM37YyS3XxIgo9u6wWJYa HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MjgxODgwNzc1MzkyNzY4OTE2NQ%3D%3D&google_push=AYg5qPIyAcnVZdyxHVPY8C320bnItd7QHUxbsPjy75Iv9EDbWfhb31VJXjvjFPd0RI-s87L71JLaNT0XM37YyS3XxIgo9u6wWJYa

Request Chain 529

https://ssbsync.smartadserver.com/api/sync?callerId=3&google_gid=CAESEARmxy8r1NbQLGqFyJUTVes&google_cver=1&google_push=AYg5qPKP7lgaYSx6EmoB1NAdIwWrBeyIrfEGIeW0q7MXWw9PNlTFHN89bnao-EU4ROXsMYnRPheArDHXfAAeeGXJOoAjwmmWXDlB HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=smart_adserver_eb&google_push=AYg5qPKP7lgaYSx6EmoB1NAdIwWrBeyIrfEGIeW0q7MXWw9PNlTFHN89bnao-EU4ROXsMYnRPheArDHXfAAeeGXJOoAjwmmWXDlB&google_hm=NTYzMjk2MDMyODkwNjQyMTI2OQ%3D%3D

Request Chain 533

https://gcm.ctnsnet.com/int/cm?exc=1&acc=crimtan&google_gid=CAESECIEj05zGyDJ5lp-N5W2Ct8&google_cver=1&google_push=AYg5qPIszw8efT1fqNHpcpeLEZCJ3hxbuxJhzPy7WCLKtEIGPKBE3p1A4oau_vDjSWCAjKZuFVDiiY1Sc3g_zpYmnfIVx_OGt0mD HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AYg5qPIszw8efT1fqNHpcpeLEZCJ3hxbuxJhzPy7WCLKtEIGPKBE3p1A4oau_vDjSWCAjKZuFVDiiY1Sc3g_zpYmnfIVx_OGt0mD&google_hm=SPTrDGffSOq07mvtGpJI0k8

Request Chain 534

https://dsp.adfarm1.adition.com/cookie/?ssp=2&google_gid=CAESENyozLDRUxibME9MY-5LIMk&google_cver=1&google_push=AYg5qPLU-esM3Epc5-NQw6x9J4i3cID8OLRzgosTh7uj3vARBIFMQ4h0lRmeVz9j2pb2v6ec95vZWawr1kLRI0rWaOqvSwIx1sx1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzAxODg1MDMzNDEyMTU4ODg3Nw%3D%3D&google_push=AYg5qPLU-esM3Epc5-NQw6x9J4i3cID8OLRzgosTh7uj3vARBIFMQ4h0lRmeVz9j2pb2v6ec95vZWawr1kLRI0rWaOqvSwIx1sx1

Request Chain 536

https://d5p.de17a.com/cookies/google?google_gid=CAESEEoAjoa-VvabstY7m4CGaVs&google_cver=1&google_push=AYg5qPIMJGNWdD9PJBRDdpvkX-WfDb3ppVwO96Fn9Secd0Ga9HaWBq5lx7dcElPFxyDU7TO22pOPO-f10mN1lqH8ZVJmGWjBgKQ HTTP 302
https://d5p.de17a.com/cookies/google;c?google_gid=CAESEEoAjoa-VvabstY7m4CGaVs&google_cver=1&google_push=AYg5qPIMJGNWdD9PJBRDdpvkX-WfDb3ppVwO96Fn9Secd0Ga9HaWBq5lx7dcElPFxyDU7TO22pOPO-f10mN1lqH8ZVJmGWjBgKQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=AYg5qPIMJGNWdD9PJBRDdpvkX-WfDb3ppVwO96Fn9Secd0Ga9HaWBq5lx7dcElPFxyDU7TO22pOPO-f10mN1lqH8ZVJmGWjBgKQ

Request Chain 537

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEIhB8Iyp-vANqlcSZb0-l7E&google_cver=1&google_push=AYg5qPLFaXBSlbdCkU4FjJKphudyCfmxA0-e05ZyHl8IJEnqqnJC6DP2rNMLVU4g9gw8gQbDrcmf4YllXxG_dvgsqWRei8cWCHc HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=bA8_UmtMS7GU-5VkDDymLg%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPLFaXBSlbdCkU4FjJKphudyCfmxA0-e05ZyHl8IJEnqqnJC6DP2rNMLVU4g9gw8gQbDrcmf4YllXxG_dvgsqWRei8cWCHc

Request Chain 538

https://match.360yield.com/match/ebda?google_gid=CAESEP-noxAu48zyXqHyryPi-RE&google_cver=1&google_push=AYg5qPIlvb4qd3mocn1BWBwysIbrptO6L0EEO9qsFVocwLZzV3ZXX43XzOtCDGcdafYAFv6_o9O-rdu1nM-YKTfvmdruLH0dM4I HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=hUOdT7ouQB-JAgRnuELd4g&google_push=AYg5qPIlvb4qd3mocn1BWBwysIbrptO6L0EEO9qsFVocwLZzV3ZXX43XzOtCDGcdafYAFv6_o9O-rdu1nM-YKTfvmdruLH0dM4I HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=hUOdT7ouQB-JAgRnuELd4g&google_push=AYg5qPIlvb4qd3mocn1BWBwysIbrptO6L0EEO9qsFVocwLZzV3ZXX43XzOtCDGcdafYAFv6_o9O-rdu1nM-YKTfvmdruLH0dM4I HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=hUOdT7ouQB-JAgRnuELd4g&google_push=AYg5qPIlvb4qd3mocn1BWBwysIbrptO6L0EEO9qsFVocwLZzV3ZXX43XzOtCDGcdafYAFv6_o9O-rdu1nM-YKTfvmdruLH0dM4I HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=hUOdT7ouQB-JAgRnuELd4g&google_push=AYg5qPIlvb4qd3mocn1BWBwysIbrptO6L0EEO9qsFVocwLZzV3ZXX43XzOtCDGcdafYAFv6_o9O-rdu1nM-YKTfvmdruLH0dM4I HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=hUOdT7ouQB-JAgRnuELd4g&google_push=AYg5qPIlvb4qd3mocn1BWBwysIbrptO6L0EEO9qsFVocwLZzV3ZXX43XzOtCDGcdafYAFv6_o9O-rdu1nM-YKTfvmdruLH0dM4I HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=hUOdT7ouQB-JAgRnuELd4g&google_push=AYg5qPIlvb4qd3mocn1BWBwysIbrptO6L0EEO9qsFVocwLZzV3ZXX43XzOtCDGcdafYAFv6_o9O-rdu1nM-YKTfvmdruLH0dM4I HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=hUOdT7ouQB-JAgRnuELd4g&google_push=AYg5qPIlvb4qd3mocn1BWBwysIbrptO6L0EEO9qsFVocwLZzV3ZXX43XzOtCDGcdafYAFv6_o9O-rdu1nM-YKTfvmdruLH0dM4I HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=hUOdT7ouQB-JAgRnuELd4g&google_push=AYg5qPIlvb4qd3mocn1BWBwysIbrptO6L0EEO9qsFVocwLZzV3ZXX43XzOtCDGcdafYAFv6_o9O-rdu1nM-YKTfvmdruLH0dM4I HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=hUOdT7ouQB-JAgRnuELd4g&google_push=AYg5qPIlvb4qd3mocn1BWBwysIbrptO6L0EEO9qsFVocwLZzV3ZXX43XzOtCDGcdafYAFv6_o9O-rdu1nM-YKTfvmdruLH0dM4I HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=hUOdT7ouQB-JAgRnuELd4g&google_push=AYg5qPIlvb4qd3mocn1BWBwysIbrptO6L0EEO9qsFVocwLZzV3ZXX43XzOtCDGcdafYAFv6_o9O-rdu1nM-YKTfvmdruLH0dM4I HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=hUOdT7ouQB-JAgRnuELd4g&google_push=AYg5qPIlvb4qd3mocn1BWBwysIbrptO6L0EEO9qsFVocwLZzV3ZXX43XzOtCDGcdafYAFv6_o9O-rdu1nM-YKTfvmdruLH0dM4I HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=hUOdT7ouQB-JAgRnuELd4g&google_push=AYg5qPIlvb4qd3mocn1BWBwysIbrptO6L0EEO9qsFVocwLZzV3ZXX43XzOtCDGcdafYAFv6_o9O-rdu1nM-YKTfvmdruLH0dM4I HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=hUOdT7ouQB-JAgRnuELd4g&google_push=AYg5qPIlvb4qd3mocn1BWBwysIbrptO6L0EEO9qsFVocwLZzV3ZXX43XzOtCDGcdafYAFv6_o9O-rdu1nM-YKTfvmdruLH0dM4I HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=hUOdT7ouQB-JAgRnuELd4g&google_push=AYg5qPIlvb4qd3mocn1BWBwysIbrptO6L0EEO9qsFVocwLZzV3ZXX43XzOtCDGcdafYAFv6_o9O-rdu1nM-YKTfvmdruLH0dM4I HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=hUOdT7ouQB-JAgRnuELd4g&google_push=AYg5qPIlvb4qd3mocn1BWBwysIbrptO6L0EEO9qsFVocwLZzV3ZXX43XzOtCDGcdafYAFv6_o9O-rdu1nM-YKTfvmdruLH0dM4I HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=hUOdT7ouQB-JAgRnuELd4g&google_push=AYg5qPIlvb4qd3mocn1BWBwysIbrptO6L0EEO9qsFVocwLZzV3ZXX43XzOtCDGcdafYAFv6_o9O-rdu1nM-YKTfvmdruLH0dM4I HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=hUOdT7ouQB-JAgRnuELd4g&google_push=AYg5qPIlvb4qd3mocn1BWBwysIbrptO6L0EEO9qsFVocwLZzV3ZXX43XzOtCDGcdafYAFv6_o9O-rdu1nM-YKTfvmdruLH0dM4I HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=hUOdT7ouQB-JAgRnuELd4g&google_push=AYg5qPIlvb4qd3mocn1BWBwysIbrptO6L0EEO9qsFVocwLZzV3ZXX43XzOtCDGcdafYAFv6_o9O-rdu1nM-YKTfvmdruLH0dM4I HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=hUOdT7ouQB-JAgRnuELd4g&google_push=AYg5qPIlvb4qd3mocn1BWBwysIbrptO6L0EEO9qsFVocwLZzV3ZXX43XzOtCDGcdafYAFv6_o9O-rdu1nM-YKTfvmdruLH0dM4I HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=hUOdT7ouQB-JAgRnuELd4g&google_push=AYg5qPIlvb4qd3mocn1BWBwysIbrptO6L0EEO9qsFVocwLZzV3ZXX43XzOtCDGcdafYAFv6_o9O-rdu1nM-YKTfvmdruLH0dM4I

Request Chain 541

https://y.one.impact-ad.jp/push_sync HTTP 302
https://pixel.mathtag.com/sync/img?redir=https%3A%2F%2Fy.one.impact-ad.jp%2Fcs%3Fd%3D288%26uid%3D%5BMM_UUID%5D%26r%3Dno HTTP 302
https://y.one.impact-ad.jp/cs?d=288&uid=e7ff6167-f731-4a00-baa5-f6346e9e63bd&r=no HTTP 302
https://penta.a.one.impact-ad.jp/psm/1.0/actualizar

Request Chain 544

https://cr-p31.ladsp.jp/cookiesender/31 HTTP 302
https://cr-pall.ladsp.com/cookiesender/31 HTTP 302
https://cr-pall.ladsp.com/cookiesender/31?cr=true

Request Chain 545

https://pm.w55c.net/ping_match.gif?ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEGq_umzvTpc0iJ1KRTUIw8g&google_cver=1&google_push=AYg5qPLhAWnJishHMcSk8vKtL1wQThZszyQhlPLhhHvEj_MbxIIc53ekL1y_NGfTbF0HAw4snPNbDI8KAUbLNJ4Aav905r7Ly4GE HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=MnlGNHA5T24xTUFXWTE1&google_gid=CAESEGq_umzvTpc0iJ1KRTUIw8g&google_cver=1&google_push=AYg5qPLhAWnJishHMcSk8vKtL1wQThZszyQhlPLhhHvEj_MbxIIc53ekL1y_NGfTbF0HAw4snPNbDI8KAUbLNJ4Aav905r7Ly4GE

Request Chain 546

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESECeGbH3GHU4MjPe-HDiKmks&google_cver=1&google_push=AYg5qPK9RmKuhTOKAF6OSZI8V6ng_XnrIyhUSJWlgsw3fhRYd9p4NO4V2AofChRrL0hVHxmYztOlsX_4GTBslRF4l713I8PPlKB5 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=WVdmM01RQUpBelZzTXdBNg==&google_gid=CAESECeGbH3GHU4MjPe-HDiKmks&google_cver=1&google_push=AYg5qPK9RmKuhTOKAF6OSZI8V6ng_XnrIyhUSJWlgsw3fhRYd9p4NO4V2AofChRrL0hVHxmYztOlsX_4GTBslRF4l713I8PPlKB5

Request Chain 547

https://um.simpli.fi/gp_match?google_gid=CAESEExQWp4XoUW0qk_D-EeLNEI&google_cver=1&google_push=AYg5qPKTpE77lLMl5kRafzUXGkOJUDBFb5nm-aB1yQKz6PJ05FGadJzpQNKYAuFdBRXPX_6h_uHTvD-9uE3g4C4a9NjSZhxgRgD7 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=84907354BD4A4971A845602DAD1D3AA1&google_push=AYg5qPKTpE77lLMl5kRafzUXGkOJUDBFb5nm-aB1yQKz6PJ05FGadJzpQNKYAuFdBRXPX_6h_uHTvD-9uE3g4C4a9NjSZhxgRgD7

Request Chain 548

https://gcm.ctnsnet.com/int/cm?exc=1&acc=crimtan&google_gid=CAESECIEj05zGyDJ5lp-N5W2Ct8&google_cver=1&google_push=AYg5qPLaYKPF_yNnXANNDBft9kw8vkPlw8ByQU1eMGSKWK8QX4O7WJa2_ztulCcVxGNQt3niJo_opn78VS1DM0C0hXFQymFiufw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AYg5qPLaYKPF_yNnXANNDBft9kw8vkPlw8ByQU1eMGSKWK8QX4O7WJa2_ztulCcVxGNQt3niJo_opn78VS1DM0C0hXFQymFiufw&google_hm=SPTrDGffSOq07mvtGpJI0k8

Request Chain 549

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEIhB8Iyp-vANqlcSZb0-l7E&google_cver=1&google_push=AYg5qPKwQlTFbXejDAwkFyvKpkI5q3KspkwJImY12p-kMHATo7LOVd-yfGOHzT-f0fxh8oYpjD8iyS3xXVk3rHO-Kwv0jtRbXZTQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=bA8_UmtMS7GU-5VkDDymLg%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPKwQlTFbXejDAwkFyvKpkI5q3KspkwJImY12p-kMHATo7LOVd-yfGOHzT-f0fxh8oYpjD8iyS3xXVk3rHO-Kwv0jtRbXZTQ

Request Chain 550

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEAYNtEUlm_I-aI2n_36uT6o&google_cver=1&google_push=AYg5qPJhkyeiONvMYIvvQfLSfyr9rfeVUiCsvKCAppkgS9_wBvMv3NTsxKGkuPTtDytc9LHTUGscGkKDzCaKFvlg-BPLV1sca-g HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1VRUUo5VU8tOS1MRTFD&google_push=AYg5qPJhkyeiONvMYIvvQfLSfyr9rfeVUiCsvKCAppkgS9_wBvMv3NTsxKGkuPTtDytc9LHTUGscGkKDzCaKFvlg-BPLV1sca-g

Request Chain 551

https://s.ad.smaato.net/c/n///-?adNetInit=g&google_gid=CAESEKi-lY8iWUwYimjPEnDMnLo&google_cver=1&google_push=AYg5qPIW-15JqkWDf67fdYj1BjQgXG03lYqlrzpFJostuuVZaPvDIydDL87tCxOmF_Zk_KwF7lXh2tKz2oKcvmPl_GqvxjCvxL-U HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=AYg5qPIW-15JqkWDf67fdYj1BjQgXG03lYqlrzpFJostuuVZaPvDIydDL87tCxOmF_Zk_KwF7lXh2tKz2oKcvmPl_GqvxjCvxL-U

Request Chain 553

https://pm.w55c.net/ping_match.gif?ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEGq_umzvTpc0iJ1KRTUIw8g&google_cver=1&google_push=AYg5qPIXJDgHAKlEzYR6VUMNTPdqLh07Iyi6mAfAKjmw0R_TYMBKTyNmScOMJh-RhCfGN22Os3m8MtiHCmwhgCGhCj7sx0F53TE HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=MnlGNHA5T24xTUFXWTE1&google_gid=CAESEGq_umzvTpc0iJ1KRTUIw8g&google_cver=1&google_push=AYg5qPIXJDgHAKlEzYR6VUMNTPdqLh07Iyi6mAfAKjmw0R_TYMBKTyNmScOMJh-RhCfGN22Os3m8MtiHCmwhgCGhCj7sx0F53TE

Request Chain 554

https://sync.mathtag.com/sync/img?mt_exid=4&google_gid=CAESEFdGoEp47IPXTjCtkOkfHWc&google_cver=1&google_push=AYg5qPJdQhPuVvW6_p_kw3OKoT1EejyO7JRpUmGcFSUGUVPRapHuODxxJUBmxy2kw0Fza4HCivG4E-zqh47zM6Wkjs9hvBkZ2AM HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=5_9hZ_cxSgC6pfY0bp5jvQ&google_push=AYg5qPJdQhPuVvW6_p_kw3OKoT1EejyO7JRpUmGcFSUGUVPRapHuODxxJUBmxy2kw0Fza4HCivG4E-zqh47zM6Wkjs9hvBkZ2AM

Request Chain 555

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESECeGbH3GHU4MjPe-HDiKmks&google_cver=1&google_push=AYg5qPI0R0OJpqfZraF88JHysbeRzieSwDPi-uZhlysBF4xzq1xnhOSnQjgx-oxFSR_vBpUXU7q1Nyi8Do_Cmiv3BBuiP3FZKA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=WVdmM01RQUpBelZzTXdBNg==&google_gid=CAESECeGbH3GHU4MjPe-HDiKmks&google_cver=1&google_push=AYg5qPI0R0OJpqfZraF88JHysbeRzieSwDPi-uZhlysBF4xzq1xnhOSnQjgx-oxFSR_vBpUXU7q1Nyi8Do_Cmiv3BBuiP3FZKA

Request Chain 557

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEAH8jQM8dzZXBDPPIVy2XQU&google_cver=1&google_push=AYg5qPI_3gvHld4aCYIT22FgkLKAjjy_g1VjkBHzIBmu7h8IBMs5rpM-sjfTFcwHXK5yISN6Lm5PszeJjFUomRivWRBcAxBUfJk HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=ODkxOTczOTczOTc2NjM5NDcwOA&google_push=AYg5qPI_3gvHld4aCYIT22FgkLKAjjy_g1VjkBHzIBmu7h8IBMs5rpM-sjfTFcwHXK5yISN6Lm5PszeJjFUomRivWRBcAxBUfJk

Request Chain 558

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEORKAflOX3WFjnZDasqJXrk&google_cver=1&google_push=AYg5qPJ2ussQ6IcwYDFvjonUTIdQt-cHVVbd-qGaEMOOTx6MRPErhaOLSKgpG7id9kWFc_VQ1psY2i42b2srjMnQqoUjeoWtWF8 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWf3L-IJHAtuN0XGpVci_wAABHsAAAAB&google_gid=CAESEORKAflOX3WFjnZDasqJXrk&google_push=AYg5qPJ2ussQ6IcwYDFvjonUTIdQt-cHVVbd-qGaEMOOTx6MRPErhaOLSKgpG7id9kWFc_VQ1psY2i42b2srjMnQqoUjeoWtWF8&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWf3L-IJHAtuN0XGpVci_wAABHsAAAAB&google_gid=CAESEORKAflOX3WFjnZDasqJXrk&google_push=AYg5qPJ2ussQ6IcwYDFvjonUTIdQt-cHVVbd-qGaEMOOTx6MRPErhaOLSKgpG7id9kWFc_VQ1psY2i42b2srjMnQqoUjeoWtWF8&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWf3L-IJHAtuN0XGpVci_wAABHsAAAAB&google_gid=CAESEORKAflOX3WFjnZDasqJXrk&google_push=AYg5qPJ2ussQ6IcwYDFvjonUTIdQt-cHVVbd-qGaEMOOTx6MRPErhaOLSKgpG7id9kWFc_VQ1psY2i42b2srjMnQqoUjeoWtWF8&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWf3L-IJHAtuN0XGpVci_wAABHsAAAAB&google_gid=CAESEORKAflOX3WFjnZDasqJXrk&google_push=AYg5qPJ2ussQ6IcwYDFvjonUTIdQt-cHVVbd-qGaEMOOTx6MRPErhaOLSKgpG7id9kWFc_VQ1psY2i42b2srjMnQqoUjeoWtWF8&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWf3L-IJHAtuN0XGpVci_wAABHsAAAAB&google_gid=CAESEORKAflOX3WFjnZDasqJXrk&google_push=AYg5qPJ2ussQ6IcwYDFvjonUTIdQt-cHVVbd-qGaEMOOTx6MRPErhaOLSKgpG7id9kWFc_VQ1psY2i42b2srjMnQqoUjeoWtWF8&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWf3L-IJHAtuN0XGpVci_wAABHsAAAAB&google_gid=CAESEORKAflOX3WFjnZDasqJXrk&google_push=AYg5qPJ2ussQ6IcwYDFvjonUTIdQt-cHVVbd-qGaEMOOTx6MRPErhaOLSKgpG7id9kWFc_VQ1psY2i42b2srjMnQqoUjeoWtWF8&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWf3L-IJHAtuN0XGpVci_wAABHsAAAAB&google_gid=CAESEORKAflOX3WFjnZDasqJXrk&google_push=AYg5qPJ2ussQ6IcwYDFvjonUTIdQt-cHVVbd-qGaEMOOTx6MRPErhaOLSKgpG7id9kWFc_VQ1psY2i42b2srjMnQqoUjeoWtWF8&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWf3L-IJHAtuN0XGpVci_wAABHsAAAAB&google_gid=CAESEORKAflOX3WFjnZDasqJXrk&google_push=AYg5qPJ2ussQ6IcwYDFvjonUTIdQt-cHVVbd-qGaEMOOTx6MRPErhaOLSKgpG7id9kWFc_VQ1psY2i42b2srjMnQqoUjeoWtWF8&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWf3L-IJHAtuN0XGpVci_wAABHsAAAAB&google_gid=CAESEORKAflOX3WFjnZDasqJXrk&google_push=AYg5qPJ2ussQ6IcwYDFvjonUTIdQt-cHVVbd-qGaEMOOTx6MRPErhaOLSKgpG7id9kWFc_VQ1psY2i42b2srjMnQqoUjeoWtWF8&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWf3L-IJHAtuN0XGpVci_wAABHsAAAAB&google_gid=CAESEORKAflOX3WFjnZDasqJXrk&google_push=AYg5qPJ2ussQ6IcwYDFvjonUTIdQt-cHVVbd-qGaEMOOTx6MRPErhaOLSKgpG7id9kWFc_VQ1psY2i42b2srjMnQqoUjeoWtWF8&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWf3L-IJHAtuN0XGpVci_wAABHsAAAAB&google_gid=CAESEORKAflOX3WFjnZDasqJXrk&google_push=AYg5qPJ2ussQ6IcwYDFvjonUTIdQt-cHVVbd-qGaEMOOTx6MRPErhaOLSKgpG7id9kWFc_VQ1psY2i42b2srjMnQqoUjeoWtWF8&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWf3L-IJHAtuN0XGpVci_wAABHsAAAAB&google_gid=CAESEORKAflOX3WFjnZDasqJXrk&google_push=AYg5qPJ2ussQ6IcwYDFvjonUTIdQt-cHVVbd-qGaEMOOTx6MRPErhaOLSKgpG7id9kWFc_VQ1psY2i42b2srjMnQqoUjeoWtWF8&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWf3L-IJHAtuN0XGpVci_wAABHsAAAAB&google_gid=CAESEORKAflOX3WFjnZDasqJXrk&google_push=AYg5qPJ2ussQ6IcwYDFvjonUTIdQt-cHVVbd-qGaEMOOTx6MRPErhaOLSKgpG7id9kWFc_VQ1psY2i42b2srjMnQqoUjeoWtWF8&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWf3L-IJHAtuN0XGpVci_wAABHsAAAAB&google_gid=CAESEORKAflOX3WFjnZDasqJXrk&google_push=AYg5qPJ2ussQ6IcwYDFvjonUTIdQt-cHVVbd-qGaEMOOTx6MRPErhaOLSKgpG7id9kWFc_VQ1psY2i42b2srjMnQqoUjeoWtWF8&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWf3L-IJHAtuN0XGpVci_wAABHsAAAAB&google_gid=CAESEORKAflOX3WFjnZDasqJXrk&google_push=AYg5qPJ2ussQ6IcwYDFvjonUTIdQt-cHVVbd-qGaEMOOTx6MRPErhaOLSKgpG7id9kWFc_VQ1psY2i42b2srjMnQqoUjeoWtWF8&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWf3L-IJHAtuN0XGpVci_wAABHsAAAAB&google_gid=CAESEORKAflOX3WFjnZDasqJXrk&google_push=AYg5qPJ2ussQ6IcwYDFvjonUTIdQt-cHVVbd-qGaEMOOTx6MRPErhaOLSKgpG7id9kWFc_VQ1psY2i42b2srjMnQqoUjeoWtWF8&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWf3L-IJHAtuN0XGpVci_wAABHsAAAAB&google_gid=CAESEORKAflOX3WFjnZDasqJXrk&google_push=AYg5qPJ2ussQ6IcwYDFvjonUTIdQt-cHVVbd-qGaEMOOTx6MRPErhaOLSKgpG7id9kWFc_VQ1psY2i42b2srjMnQqoUjeoWtWF8&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWf3L-IJHAtuN0XGpVci_wAABHsAAAAB&google_gid=CAESEORKAflOX3WFjnZDasqJXrk&google_push=AYg5qPJ2ussQ6IcwYDFvjonUTIdQt-cHVVbd-qGaEMOOTx6MRPErhaOLSKgpG7id9kWFc_VQ1psY2i42b2srjMnQqoUjeoWtWF8&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWf3L-IJHAtuN0XGpVci_wAABHsAAAAB&google_gid=CAESEORKAflOX3WFjnZDasqJXrk&google_push=AYg5qPJ2ussQ6IcwYDFvjonUTIdQt-cHVVbd-qGaEMOOTx6MRPErhaOLSKgpG7id9kWFc_VQ1psY2i42b2srjMnQqoUjeoWtWF8&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWf3L-IJHAtuN0XGpVci_wAABHsAAAAB&google_gid=CAESEORKAflOX3WFjnZDasqJXrk&google_push=AYg5qPJ2ussQ6IcwYDFvjonUTIdQt-cHVVbd-qGaEMOOTx6MRPErhaOLSKgpG7id9kWFc_VQ1psY2i42b2srjMnQqoUjeoWtWF8&google_cver=1

Request Chain 559

https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEFCllLQeRtTHh-UQjlDBFes&google_cver=1&google_push=AYg5qPJ3FW63JwV0RNFHn38fSPbnMheRlI0m2yES8mBL9gAxl9v7DopYUyrw_ArS-ihf5ndK2umSOSR2diPqHmj6nScIz8JMxZAX HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS1OUXN2RU1KRTJ1SHVmREtWblc3OGxlejRRTS5KcHdPT35B&google_push=AYg5qPJ3FW63JwV0RNFHn38fSPbnMheRlI0m2yES8mBL9gAxl9v7DopYUyrw_ArS-ihf5ndK2umSOSR2diPqHmj6nScIz8JMxZAX

Request Chain 561

https://pm.w55c.net/ping_match.gif?ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEGq_umzvTpc0iJ1KRTUIw8g&google_cver=1&google_push=AYg5qPIC7xSrhndppyK6Y6R-2NJfuabO52L6mE-1qW0VU7mmX8JjBHl6_nA4rkkFe_ilJhpTTKgmXsylNpKDWSS7oWiyyuyU868 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=MnlGNHA5T24xTUFXWTE1&google_gid=CAESEGq_umzvTpc0iJ1KRTUIw8g&google_cver=1&google_push=AYg5qPIC7xSrhndppyK6Y6R-2NJfuabO52L6mE-1qW0VU7mmX8JjBHl6_nA4rkkFe_ilJhpTTKgmXsylNpKDWSS7oWiyyuyU868

Request Chain 562

https://a.tribalfusion.com/i.match?p=b6&u=CAESEK2TBaWQTvxIo0wzlc7jA3s&google_cver=1&google_push=AYg5qPIyYqsyqWTi7Fl93aekCSD03j35jXwFZgshNWDRuHhKU6pxm5P4KbRy_8XcryNnqMmFYRc9XMkcI7oVDFD4CuR_a4qKDszS&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAYg5qPIyYqsyqWTi7Fl93aekCSD03j35jXwFZgshNWDRuHhKU6pxm5P4KbRy_8XcryNnqMmFYRc9XMkcI7oVDFD4CuR_a4qKDszS%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24 HTTP 302
https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEK2TBaWQTvxIo0wzlc7jA3s&google_cver=1&google_push=AYg5qPIyYqsyqWTi7Fl93aekCSD03j35jXwFZgshNWDRuHhKU6pxm5P4KbRy_8XcryNnqMmFYRc9XMkcI7oVDFD4CuR_a4qKDszS&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAYg5qPIyYqsyqWTi7Fl93aekCSD03j35jXwFZgshNWDRuHhKU6pxm5P4KbRy_8XcryNnqMmFYRc9XMkcI7oVDFD4CuR_a4qKDszS%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24

Request Chain 563

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESECeGbH3GHU4MjPe-HDiKmks&google_cver=1&google_push=AYg5qPIDTth4h7vgkWpLKWUu49R4K1Vcxops2ix951ng3QENkK-9lFSjZ8XcJnZ65vNRhwORtIhSxsU4nE4iJ-7NzjFKDctGkmk HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=WVdmM01RQUpBelZzTXdBNg==&google_gid=CAESECeGbH3GHU4MjPe-HDiKmks&google_cver=1&google_push=AYg5qPIDTth4h7vgkWpLKWUu49R4K1Vcxops2ix951ng3QENkK-9lFSjZ8XcJnZ65vNRhwORtIhSxsU4nE4iJ-7NzjFKDctGkmk

Request Chain 564

https://tracking.m6r.eu/sync/adxRedirect?gdprFallback=true&google_gid=&google_gid=CAESEM3z3zsYGbFyOV-Qt9CCB7c&google_cver=1&google_push=AYg5qPJF3eoL768mroDB7gVB8_B1oCPtS0on0hZMI4jqnVIPrruDJpsX1AW4Icbji3Ncqn2jXHNk-Bs-LzcukEywoDda5I4jFfo HTTP 302
https://tracking.m6r.eu/sync/adxRedirect?gdprFallback=true&google_gid=&google_gid=CAESEM3z3zsYGbFyOV-Qt9CCB7c&google_cver=1&google_push=AYg5qPJF3eoL768mroDB7gVB8_B1oCPtS0on0hZMI4jqnVIPrruDJpsX1AW4Icbji3Ncqn2jXHNk-Bs-LzcukEywoDda5I4jFfo&checkcookies=true HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=m6r&google_ula=158217889&google_hm=TAO5O3QCu8lGE768YGwkFg&google_push=AYg5qPJF3eoL768mroDB7gVB8_B1oCPtS0on0hZMI4jqnVIPrruDJpsX1AW4Icbji3Ncqn2jXHNk-Bs-LzcukEywoDda5I4jFfo

Request Chain 565

https://x.bidswitch.net/sync?ssp=google&google_gid=CAESEHAKvu9CENnLwkQiEdSeNts&google_cver=1&google_push=AYg5qPJ4uF07Pau0uUTIGiRSsWxlgcAA5GI5mXvXBmpkARRnd-5v-Y3H5slOXb11H1RFwBpFZKucWcALKPd9OAfM7q2VCx3Gm9ly HTTP 302
https://x.bidswitch.net/ul_cb/sync?ssp=google&google_gid=CAESEHAKvu9CENnLwkQiEdSeNts&google_cver=1&google_push=AYg5qPJ4uF07Pau0uUTIGiRSsWxlgcAA5GI5mXvXBmpkARRnd-5v-Y3H5slOXb11H1RFwBpFZKucWcALKPd9OAfM7q2VCx3Gm9ly HTTP 302
https://a.volvelle.tech/sync?ssp=bidswitch&bidswitch_ssp_id=google&bsw_uid=905dfd53-7d0b-43d0-af0d-134f9f5c93ac HTTP 302
https://a.volvelle.tech/ul_cb/sync?ssp=bidswitch&bidswitch_ssp_id=google&bsw_uid=905dfd53-7d0b-43d0-af0d-134f9f5c93ac HTTP 302
https://x.bidswitch.net/sync?dsp_id=190&expires=14&user_group=1&user_id=50ef145b-32c6-483e-acbe-3d073fe57a36&ssp=google HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=AYg5qPJ4uF07Pau0uUTIGiRSsWxlgcAA5GI5mXvXBmpkARRnd-5v-Y3H5slOXb11H1RFwBpFZKucWcALKPd9OAfM7q2VCx3Gm9ly&google_hm=kF39U30LQ9CvDRNPn1yTrA==

Request Chain 567

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEAH8jQM8dzZXBDPPIVy2XQU&google_cver=1&google_push=AYg5qPLLD7rcZdBK5xEjpD2RdSVpadYv-f-USno1AqMNuAGxgG_mvCkV9eeVR-U4IuHDjI8JZjvoPyEBdp5yywdpOmhnq0YtaSJZ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=ODkxOTczOTczOTc2NjM5NDcwOA&google_push=AYg5qPLLD7rcZdBK5xEjpD2RdSVpadYv-f-USno1AqMNuAGxgG_mvCkV9eeVR-U4IuHDjI8JZjvoPyEBdp5yywdpOmhnq0YtaSJZ

Request Chain 570

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESECeGbH3GHU4MjPe-HDiKmks&google_cver=1&google_push=AYg5qPKZw3Phk5NqDcJ1SLUamsdDSZc0g2PgVXVLlL1nt19xagLa4WxNZwThKVu7gfZjk7puy5_9FGcddIBFPHxodoOFCN-_t4k HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=WVdmM01RQUpBelZzTXdBNg==&google_gid=CAESECeGbH3GHU4MjPe-HDiKmks&google_cver=1&google_push=AYg5qPKZw3Phk5NqDcJ1SLUamsdDSZc0g2PgVXVLlL1nt19xagLa4WxNZwThKVu7gfZjk7puy5_9FGcddIBFPHxodoOFCN-_t4k

Request Chain 574

https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEHInTnepCAeo-jc7ez39dcw&google_cver=1&google_push=AYg5qPJl0VK4ELgvfMy3OXJE3VOmBvVh3KpDL5BwGqVI0m24flnficn3bVl7L9y_DJ6tK0fGq4D-KA8OU4_mGzkpWbksw6VIG5U2 HTTP 307
https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEHInTnepCAeo-jc7ez39dcw&google_cver=1&google_push=AYg5qPJl0VK4ELgvfMy3OXJE3VOmBvVh3KpDL5BwGqVI0m24flnficn3bVl7L9y_DJ6tK0fGq4D-KA8OU4_mGzkpWbksw6VIG5U2&sovrn_retry=true HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AYg5qPJl0VK4ELgvfMy3OXJE3VOmBvVh3KpDL5BwGqVI0m24flnficn3bVl7L9y_DJ6tK0fGq4D-KA8OU4_mGzkpWbksw6VIG5U2&google_hm=c35728bd8eed94ee32d7ab9c

Request Chain 575

https://s.ad.smaato.net/c/n///-?adNetInit=g&google_gid=CAESEKi-lY8iWUwYimjPEnDMnLo&google_cver=1&google_push=AYg5qPLBm3yZ-9YWS-zky6kAXIoO8ZMPplalrNA61Ui_-ir-0Pf0mFQsIVqD_Q4NaK5SjsSq92Ww2X-ZpZgE1n-fGwKeDgQIAjiG HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=AYg5qPLBm3yZ-9YWS-zky6kAXIoO8ZMPplalrNA61Ui_-ir-0Pf0mFQsIVqD_Q4NaK5SjsSq92Ww2X-ZpZgE1n-fGwKeDgQIAjiG

Request Chain 576

https://eb2.3lift.com/ebda?sync=1&google_gid=CAESEM-haXFWLUtpb5OvoiqX3og&google_cver=1&google_push=AYg5qPImRh1lDjAVfy5CZqBhkpWW4fU8JB8MyYlocIrNhaxvVnb0RDm50kaA9MOgwvn9nFUe8D0Z2g9j913fx65_MvUPGwVNfJFR HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MjgxODgwNzc1MzkyNzY4OTE2NQ%3D%3D&google_push=AYg5qPImRh1lDjAVfy5CZqBhkpWW4fU8JB8MyYlocIrNhaxvVnb0RDm50kaA9MOgwvn9nFUe8D0Z2g9j913fx65_MvUPGwVNfJFR

Request Chain 616

https://d5p.de17a.com/getuid/pubmatic?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=$UID HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=8082292463702954488

Request Chain 617

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=bA8_UmtMS7GU-5VkDDymLg%3D%3D HTTP 302
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=

Request Chain 618

https://sync.mathtag.com/sync/img?mt_exid=3&redir=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3FpartnerID%3D27%26partnerUID%3D%5BMM_UUID%5D HTTP 302
https://image4.pubmatic.com/AdServer/SPug?partnerID=27&partnerUID=e7ff6167-f731-4a00-baa5-f6346e9e63bd

Request Chain 619

https://pixel.onaudience.com/?partner=214&mapped=6C0F3F52-6B4C-4BB1-94FB-95640C3CA62E HTTP 302
https://spl.zeotap.com/?zdid=1332&zcluid=74a7aecda85a95ec HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=zeotap_ddp&google_cm&zpartnerid=1&env=mWeb&eventType=map&id_mid_4=786193f5-7626-4251-5ee6-b071648bc402&reqId=e51c432b-5f1a-4dd7-4a4c-591cd46a34bc&zcluid=74a7aecda85a95ec&zdid=1332 HTTP 302
https://mwzeom.zeotap.com/mw?google_gid=CAESEIQOG4ihUeEgLWnavhY1b9A&google_cver=1&zpartnerid=1&env=mWeb&eventType=map&id_mid_4=786193f5-7626-4251-5ee6-b071648bc402&reqId=e51c432b-5f1a-4dd7-4a4c-591cd46a34bc&zcluid=74a7aecda85a95ec&zdid=1332

Request Chain 620

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=NkMwRjNGNTItNkI0Qy00QkIxLTk0RkItOTU2NDBDM0NBNjJF&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=

Request Chain 621

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_cm&google_sc&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESELR8RGTTeOMvyHPkwrvwM7o&google_cver=1

Request Chain 623

https://match.adsrvr.org/track/cmf/generic?ttd_pid=pubmatic&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP 302
https://match.adsrvr.org/track/cmb/generic?ttd_pid=pubmatic&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=d65b1bbf-32e9-4e4e-b149-8a2bb1e8b7d5

Request Chain 624

https://c1.adform.net/serving/cookie/match?party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%20COOKIES%20HERE]&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=8919739739766394708

Request Chain 625

https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=YWf3L-IJHAtuN0XGpVci_wAABHsAAAAB&gdpr_consent=&us_privacy=&gdpr=1 HTTP 302
https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=1&google_gid=CAESEORKAflOX3WFjnZDasqJXrk&google_cver=1

Request Chain 626

https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YWf3L-IJHAtuN0XGpVci_wAABHsAAAAB HTTP 302
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YWf3L-IJHAtuN0XGpVci_wAABHsAAAAB&dcc=t

Request Chain 629

https://casale-match.dotomi.com/match/bounce/current?networkId=19998&version=1&gdpr=1 HTTP 302
https://dsum.casalemedia.com/rum?cm_dsp_id=65&external_user_id=&expiration=1634289842&gdpr=1

Request Chain 632

https://d.adroll.com/cm/index/ssp?gdpr=1 HTTP 302
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=105&external_user_id=0

657 HTTP transactions
14 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request 430811 Show response
by-them.com/
Redirect Chain

https://i.mag2.jp/r?aid=a61493d2843633
https://ac.ebis.ne.jp/tr_set.php?argument=np7UMVrt&ai=a61493d2843633
https://by-them.com/430811?utm_medium=email&utm_source=mag_W000000003_thu&utm_campaign=mag_9999_0930&trflg=1

168 KB
39 KB

1817ms
1787ms

Document
text/html

13.32.121.11
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://by-them.com/430811?utm_medium=email&utm_source=mag_W000000003_thu&utm_campaign=mag_9999_0930&trflg=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.121.11 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-121-11.fra60.r.cloudfront.net
Software: nginx /
Resource Hash: f21f0147b58fb609e29d9a7508b0a77e8a20623e2d689382bc18749e642b39d3

Request headers

:method: GET
:authority: by-them.com
:scheme: https
:path: /430811?utm_medium=email&utm_source=mag_W000000003_thu&utm_campaign=mag_9999_0930&trflg=1
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

content-type: text/html; charset=UTF-8
date: Thu, 14 Oct 2021 09:23:55 GMT
server: nginx
set-cookie: wordpress_google_apps_login=d3991c4ae64cf799ed6c37fe3761900a; path=/; secure multi-device-switcher=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; secure
link: <https://by-them.com/wp-json/>; rel="https://api.w.org/" <https://by-them.com/?p=430811>; rel=shortlink
x-f-cache: BYPASS
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 fd38301adb0ceb6cf6c42567f371a2f5.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P1
x-amz-cf-id: pXEiRaU-iIxxKuaMn5THP7wGcFbklIGZKmahY8ztCaOqeLDw1nqf-Q==

Redirect headers

Date: Thu, 14 Oct 2021 09:23:53 GMT
Server: Apache
Cross-Origin-Resource-Policy: cross-origin
Set-Cookie: TRACKING_DATA=1hnw7g4f.1634203434; Expires=Sat, 14 Oct 2023 09:23:54 GMT; Path=/; Domain=.ebis.ne.jp; SameSite=None; Secure; ad_redirect_flagmag_log=1; Expires=Thu, 14 Oct 2021 09:24:54 GMT; Path=/; Domain=.ebis.ne.jp; SameSite=None; Secure;
P3P: policyref="/w3c/p3p.xml", CP="NOI OUR PSA IND DSP COR ADM DEV UNI COM NAV INT STA"
Location: https://by-them.com/430811?utm_medium=email&utm_source=mag_W000000003_thu&utm_campaign=mag_9999_0930&trflg=1
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8

GET
H2 200 OtAutoBlock.js Show response
cdn-apac.onetrust.com/consent/1d2521eb-8d6e-408c-8231-40396d2acd11/ 315 KB
37 KB 35ms
17ms Script
application/x-javascript 2606:4700:10::6814:b944
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-apac.onetrust.com/consent/1d2521eb-8d6e-408c-8231-40396d2acd11/OtAutoBlock.js

Requested by

Host: by-them.com
URL: https://by-them.com/430811?utm_medium=email&utm_source=mag_W000000003_thu&utm_campaign=mag_9999_0930&trflg=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6814:b944 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3659a70c9a85c0c9dccdf3248472e5568278b06324d11ec2424e92787d886da9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://by-them.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 14 Oct 2021 09:23:56 GMT
content-encoding: gzip
vary: Accept-Encoding
cf-cache-status: HIT
content-md5: SY6ks6A8xgU3es4HuhHxRQ==
age: 3682
content-length: 37232
x-ms-lease-status: unlocked
last-modified: Mon, 16 Nov 2020 10:42:58 GMT
server: cloudflare
etag: 0x8D88A1C6258F434
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 1c5730ca-401e-0002-3a24-c03c6c000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=14400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 69dfc0732a514e0e-FRA

GET
H2 200 otSDKStub.js Show response
cdn-apac.onetrust.com/scripttemplates/ 19 KB
7 KB 43ms
25ms Script
application/javascript 2606:4700:10::6814:b944
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-apac.onetrust.com/scripttemplates/otSDKStub.js

Requested by

Host: by-them.com
URL: https://by-them.com/430811?utm_medium=email&utm_source=mag_W000000003_thu&utm_campaign=mag_9999_0930&trflg=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6814:b944 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

11b947e74a7ba8f1d433b84ab7a719799ec0662a9035a8b4a2ab4d7d1eb2d681

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://by-them.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 14 Oct 2021 09:23:56 GMT
content-encoding: gzip
vary: Accept-Encoding
cf-cache-status: HIT
content-md5: OPcq+YIYFFKAyM1Ar0weOg==
age: 3538
content-length: 6350
x-ms-lease-status: unlocked
last-modified: Thu, 07 Oct 2021 12:02:42 GMT
server: cloudflare
etag: 0x8D9898A5E0F34AE
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: 62508936-601e-001e-041c-c0e47b000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=14400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 69dfc0732a534e0e-FRA

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 95 KB
38 KB 52ms
30ms Script
application/javascript 2a00:1450:4001:813::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-142511850-1

Requested by

Host: by-them.com
URL: https://by-them.com/430811?utm_medium=email&utm_source=mag_W000000003_thu&utm_campaign=mag_9999_0930&trflg=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

81cfb3aebfa836f9e172ba69fba8243144947d2f62ef740101bc1461eddad55c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://by-them.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 09:23:56 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38621
x-xss-protection: 0
last-modified: Thu, 14 Oct 2021 09:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 14 Oct 2021 09:23:56 GMT

GET
H2 200 style.min.css
by-them.com/wp-includes/css/dist/block-library/ 29 KB
5 KB 25ms
23ms Stylesheet
text/css 13.32.121.11
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://by-them.com/wp-includes/css/dist/block-library/style.min.css?ver=5.2
Requested by: Host: by-them.com
URL: https://by-them.com/430811?utm_medium=email&utm_source=mag_W000000003_thu&utm_campaign=mag_9999_0930&trflg=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.121.11 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-121-11.fra60.r.cloudfront.net
Software: nginx /
Resource Hash: 4b8fe5c3d0e5ef7a6582185cbf5c535b5d369c8df1da98c03ed69833e55f474d

Request headers

:path: /wp-includes/css/dist/block-library/style.min.css?ver=5.2
pragma: no-cache
cookie: wordpress_google_apps_login=d3991c4ae64cf799ed6c37fe3761900a
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: by-them.com
referer: https://by-them.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://by-them.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 04:22:01 GMT
content-encoding: gzip
last-modified: Mon, 22 Apr 2019 12:40:04 GMT
server: nginx
age: 18115
etag: W/"5cbdb624-726f"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/css
via: 1.1 fd38301adb0ceb6cf6c42567f371a2f5.cloudfront.net (CloudFront)
cache-control: max-age=604800
x-amz-cf-pop: FRA60-P1
x-amz-cf-id: rlfMctOyKL8QJDW7lIBLFcgdgC48PEIxoDW0RAq0mbfDJIvUtNblVA==
expires: Thu, 21 Oct 2021 04:22:01 GMT

GET
H2 200 ajax-load-more.min.css
by-them.com/wp-content/plugins/ajax-load-more/core/dist/css/ 5 KB
2 KB 12ms
10ms Stylesheet
text/css 13.32.121.11
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://by-them.com/wp-content/plugins/ajax-load-more/core/dist/css/ajax-load-more.min.css?ver=5.2
Requested by: Host: by-them.com
URL: https://by-them.com/430811?utm_medium=email&utm_source=mag_W000000003_thu&utm_campaign=mag_9999_0930&trflg=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.121.11 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-121-11.fra60.r.cloudfront.net
Software: nginx /
Resource Hash: 48e168b8219d3bc107b111fe8f3176503c3b18970223a7572609c2c349e1a308

Request headers

:path: /wp-content/plugins/ajax-load-more/core/dist/css/ajax-load-more.min.css?ver=5.2
pragma: no-cache
cookie: wordpress_google_apps_login=d3991c4ae64cf799ed6c37fe3761900a
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: by-them.com
referer: https://by-them.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://by-them.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sun, 10 Oct 2021 06:54:35 GMT
content-encoding: gzip
last-modified: Wed, 29 Sep 2021 06:37:13 GMT
server: nginx
age: 354561
etag: W/"61540999-15cf"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/css
via: 1.1 fd38301adb0ceb6cf6c42567f371a2f5.cloudfront.net (CloudFront)
cache-control: max-age=604800
x-amz-cf-pop: FRA60-P1
x-amz-cf-id: DsUCT9dkCw7n6zKUsIBgpVrzqweCxP4h6mskHarQEjcRlcx45RNa1g==
expires: Sun, 17 Oct 2021 06:54:35 GMT

GET
H2 200 fontawesome-all.min.css
by-them.com/wp-content/plugins/muse/src/Custom/css/ 35 KB
8 KB 13ms
11ms Stylesheet
text/css 13.32.121.11
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://by-them.com/wp-content/plugins/muse/src/Custom/css/fontawesome-all.min.css?ver=5.0.8
Requested by: Host: by-them.com
URL: https://by-them.com/430811?utm_medium=email&utm_source=mag_W000000003_thu&utm_campaign=mag_9999_0930&trflg=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.121.11 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-121-11.fra60.r.cloudfront.net
Software: nginx /
Resource Hash: 4080b83d8afc4487b8229308be2f196372bd2123613b46388048f14159f07181

Request headers

:path: /wp-content/plugins/muse/src/Custom/css/fontawesome-all.min.css?ver=5.0.8
pragma: no-cache
cookie: wordpress_google_apps_login=d3991c4ae64cf799ed6c37fe3761900a
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: by-them.com
referer: https://by-them.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://by-them.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sun, 10 Oct 2021 06:45:07 GMT
content-encoding: gzip
last-modified: Wed, 29 Sep 2021 06:37:13 GMT
server: nginx
age: 355129
etag: W/"61540999-8a1f"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/css
via: 1.1 fd38301adb0ceb6cf6c42567f371a2f5.cloudfront.net (CloudFront)
cache-control: max-age=604800
x-amz-cf-pop: FRA60-P1
x-amz-cf-id: yzurlvlTbmIL_9X8DAAQqecRd0mcMLcNwXpIwzzwIPvkYlciaM17Rg==
expires: Sun, 17 Oct 2021 06:45:07 GMT

GET
H2 200 postratings-css.css
by-them.com/wp-content/plugins/wp-postratings/css/ 1 KB
793 B 14ms
12ms Stylesheet
text/css 13.32.121.11
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://by-them.com/wp-content/plugins/wp-postratings/css/postratings-css.css?ver=1.86.2
Requested by: Host: by-them.com
URL: https://by-them.com/430811?utm_medium=email&utm_source=mag_W000000003_thu&utm_campaign=mag_9999_0930&trflg=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.121.11 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-121-11.fra60.r.cloudfront.net
Software: nginx /
Resource Hash: c56b566e17c62870ce139b3a57bfb94a9d785792bd6ac2220d52426b8590d87f

Request headers

:path: /wp-content/plugins/wp-postratings/css/postratings-css.css?ver=1.86.2
pragma: no-cache
cookie: wordpress_google_apps_login=d3991c4ae64cf799ed6c37fe3761900a
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: by-them.com
referer: https://by-them.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://by-them.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sun, 10 Oct 2021 06:30:53 GMT
content-encoding: gzip
last-modified: Wed, 29 Sep 2021 06:37:13 GMT
server: nginx
age: 355983
etag: W/"61540999-549"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/css
via: 1.1 fd38301adb0ceb6cf6c42567f371a2f5.cloudfront.net (CloudFront)
cache-control: max-age=604800
x-amz-cf-pop: FRA60-P1
x-amz-cf-id: uGZJnFUANd4JF1yVROe9AWWvww6vZnzTsmcdiNokV2b00L5yMSNl3g==
expires: Sun, 17 Oct 2021 06:30:53 GMT

GET
H2 200 style.min.css
by-them.com/wp-content/plugins/easy-table-of-contents/vendor/icomoon/ 369 B
728 B 25ms
22ms Stylesheet
text/css 13.32.121.11
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://by-them.com/wp-content/plugins/easy-table-of-contents/vendor/icomoon/style.min.css?ver=1.7
Requested by: Host: by-them.com
URL: https://by-them.com/430811?utm_medium=email&utm_source=mag_W000000003_thu&utm_campaign=mag_9999_0930&trflg=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.121.11 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-121-11.fra60.r.cloudfront.net
Software: nginx /
Resource Hash: bd2317f75582f7f94823a6289701498ee4c75d51ce502c09fd4663de07f3dda4

Request headers

:path: /wp-content/plugins/easy-table-of-contents/vendor/icomoon/style.min.css?ver=1.7
pragma: no-cache
cookie: wordpress_google_apps_login=d3991c4ae64cf799ed6c37fe3761900a
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: by-them.com
referer: https://by-them.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://by-them.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 04:02:18 GMT
via: 1.1 fd38301adb0ceb6cf6c42567f371a2f5.cloudfront.net (CloudFront)
last-modified: Wed, 29 Sep 2021 06:37:12 GMT
server: nginx
age: 19298
etag: "61540998-171"
x-cache: Hit from cloudfront
content-type: text/css
cache-control: max-age=604800
x-amz-cf-pop: FRA60-P1
accept-ranges: bytes
content-length: 369
x-amz-cf-id: Fxmn0Uz0hZIxpshelTS33Dami12E5PnpBGjtYDPbUmy4oe8I_snV6w==
expires: Thu, 21 Oct 2021 04:02:18 GMT

GET
H2 200 screen.min.css
by-them.com/wp-content/plugins/easy-table-of-contents/assets/css/ 5 KB
2 KB 14ms
11ms Stylesheet
text/css 13.32.121.11
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://by-them.com/wp-content/plugins/easy-table-of-contents/assets/css/screen.min.css?ver=1.7
Requested by: Host: by-them.com
URL: https://by-them.com/430811?utm_medium=email&utm_source=mag_W000000003_thu&utm_campaign=mag_9999_0930&trflg=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.121.11 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-121-11.fra60.r.cloudfront.net
Software: nginx /
Resource Hash: d35c809bcd9170b889f996ca93908d12502201718a5c13cf63eecdc5232f1e2d

Request headers

:path: /wp-content/plugins/easy-table-of-contents/assets/css/screen.min.css?ver=1.7
pragma: no-cache
cookie: wordpress_google_apps_login=d3991c4ae64cf799ed6c37fe3761900a
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: by-them.com
referer: https://by-them.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://by-them.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sun, 10 Oct 2021 17:05:32 GMT
content-encoding: gzip
last-modified: Wed, 29 Sep 2021 06:37:11 GMT
server: nginx
age: 317904
etag: W/"61540997-14d2"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/css
via: 1.1 fd38301adb0ceb6cf6c42567f371a2f5.cloudfront.net (CloudFront)
cache-control: max-age=604800
x-amz-cf-pop: FRA60-P1
x-amz-cf-id: 5bKDpQhano4hgWZsaJiw3eryOcMCl3pEexahoOg7EOLXL_N8idBKEw==
expires: Sun, 17 Oct 2021 17:05:32 GMT

GET
H2 200 style.css
by-them.com/wp-content/themes/by_them_pc/ 188 KB
32 KB 17ms
15ms Stylesheet
text/css 13.32.121.11
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://by-them.com/wp-content/themes/by_them_pc/style.css?ver=4ea95c1e1deab4ba111b0883c0d0ba8b
Requested by: Host: by-them.com
URL: https://by-them.com/430811?utm_medium=email&utm_source=mag_W000000003_thu&utm_campaign=mag_9999_0930&trflg=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.121.11 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-121-11.fra60.r.cloudfront.net
Software: nginx /
Resource Hash: 8549f9d3d0ed0fcf7bde5a01867fd55951ef52e254b780a55da9ec71505f703e

Request headers

:path: /wp-content/themes/by_them_pc/style.css?ver=4ea95c1e1deab4ba111b0883c0d0ba8b
pragma: no-cache
cookie: wordpress_google_apps_login=d3991c4ae64cf799ed6c37fe3761900a
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: by-them.com
referer: https://by-them.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://by-them.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 09 Oct 2021 03:39:37 GMT
content-encoding: gzip
last-modified: Wed, 29 Sep 2021 06:37:13 GMT
server: nginx
age: 452659
etag: W/"61540999-2f149"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/css
via: 1.1 fd38301adb0ceb6cf6c42567f371a2f5.cloudfront.net (CloudFront)
cache-control: max-age=604800
x-amz-cf-pop: FRA60-P1
x-amz-cf-id: Bf6MgNKc8L0Q435fUoTuR6socqEi2A-OjBm5m96tmmU_z6fNA3W6Rw==
expires: Sat, 16 Oct 2021 03:39:37 GMT

GET
H2 200 responsive.css
by-them.com/wp-content/themes/by_them_pc/ 20 KB
4 KB 24ms
22ms Stylesheet
text/css 13.32.121.11
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://by-them.com/wp-content/themes/by_them_pc/responsive.css?ver=5.2
Requested by: Host: by-them.com
URL: https://by-them.com/430811?utm_medium=email&utm_source=mag_W000000003_thu&utm_campaign=mag_9999_0930&trflg=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.121.11 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-121-11.fra60.r.cloudfront.net
Software: nginx /
Resource Hash: eb2f58c3b600736b4baa9d7dfbe6a9e58b731444dcffedf19191c6ec44bdf5eb

Request headers

:path: /wp-content/themes/by_them_pc/responsive.css?ver=5.2
pragma: no-cache
cookie: wordpress_google_apps_login=d3991c4ae64cf799ed6c37fe3761900a
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: by-them.com
referer: https://by-them.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://by-them.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Fri, 08 Oct 2021 22:52:27 GMT
content-encoding: gzip
last-modified: Wed, 29 Sep 2021 06:37:13 GMT
server: nginx
age: 469889
etag: W/"61540999-4e97"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/css
via: 1.1 fd38301adb0ceb6cf6c42567f371a2f5.cloudfront.net (CloudFront)
cache-control: max-age=604800
x-amz-cf-pop: FRA60-P1
x-amz-cf-id: Exn4Ixt8F3QsWW8oBWcYpEunQMVLBOPPckq7TMmnCGPBkJIDpgpO-A==
expires: Fri, 15 Oct 2021 22:52:27 GMT

GET
H2 200 css
fonts.googleapis.com/ 791 B
1 KB 42ms
16ms Stylesheet
text/css 2a00:1450:4001:82b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Libre+Baskerville&display=swap&ver=5.2

Requested by

Host: by-them.com
URL: https://by-them.com/430811?utm_medium=email&utm_source=mag_W000000003_thu&utm_campaign=mag_9999_0930&trflg=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e56a3243cc0d049ebc5bfc0a7d18be66db0ac7b291fffb900c708d8ec4d02ee0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://by-them.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 14 Oct 2021 07:34:31 GMT
server: ESF
date: Thu, 14 Oct 2021 09:23:56 GMT
x-frame-options: SAMEORIGIN
report-to: {"group":"AXrpQdfmR0fDhCOPhF1MuC4lh4qBOg6Nc66MCVJYeKk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/encsid_AXrpQdfmR0fDhCOPhF1MuC4lh4qBOg6Nc66MCVJYeKk"}]}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
cross-origin-opener-policy-report-only: same-origin; report-to="AXrpQdfmR0fDhCOPhF1MuC4lh4qBOg6Nc66MCVJYeKk"
expires: Thu, 14 Oct 2021 09:23:56 GMT

GET
H2 200 jquery.js Show response
by-them.com/wp-includes/js/jquery/ 95 KB
34 KB 16ms
15ms Script
application/javascript 13.32.121.11
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://by-them.com/wp-includes/js/jquery/jquery.js?ver=1.12.4
Requested by: Host: by-them.com
URL: https://by-them.com/430811?utm_medium=email&utm_source=mag_W000000003_thu&utm_campaign=mag_9999_0930&trflg=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.121.11 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-121-11.fra60.r.cloudfront.net
Software: nginx /
Resource Hash: fa055f2f7c5b735dbbb71954f434aed79925bc00ff2ffbc3ecfc4a790689a723

Request headers

:path: /wp-includes/js/jquery/jquery.js?ver=1.12.4
pragma: no-cache
cookie: wordpress_google_apps_login=d3991c4ae64cf799ed6c37fe3761900a
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: by-them.com
referer: https://by-them.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://by-them.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 11 Oct 2021 05:48:14 GMT
content-encoding: gzip
last-modified: Wed, 23 May 2018 10:05:31 GMT
server: nginx
age: 272142
etag: W/"5b053ceb-17b9f"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=UTF-8
via: 1.1 fd38301adb0ceb6cf6c42567f371a2f5.cloudfront.net (CloudFront)
cache-control: max-age=604800
x-amz-cf-pop: FRA60-P1
x-amz-cf-id: nUKQbepneV0LsSsirhJoOBGZTEbVA9JXlCB02fDh3P6dmhjlSHsNLg==
expires: Mon, 18 Oct 2021 05:48:14 GMT

GET
H2 200 jquery-migrate.min.js Show response
by-them.com/wp-includes/js/jquery/ 10 KB
4 KB 22ms
21ms Script
application/javascript 13.32.121.11
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://by-them.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1
Requested by: Host: by-them.com
URL: https://by-them.com/430811?utm_medium=email&utm_source=mag_W000000003_thu&utm_campaign=mag_9999_0930&trflg=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.121.11 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-121-11.fra60.r.cloudfront.net
Software: nginx /
Resource Hash: 48eb8b500ae6a38617b5738d2b3faec481922a7782246e31d2755c034a45cd5d

Request headers

:path: /wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1
pragma: no-cache
cookie: wordpress_google_apps_login=d3991c4ae64cf799ed6c37fe3761900a
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: by-them.com
referer: https://by-them.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://by-them.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 11 Oct 2021 23:43:13 GMT
content-encoding: gzip
last-modified: Fri, 20 May 2016 06:11:28 GMT
server: nginx
age: 207643
etag: W/"573eaa90-2748"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=UTF-8
via: 1.1 fd38301adb0ceb6cf6c42567f371a2f5.cloudfront.net (CloudFront)
cache-control: max-age=604800
x-amz-cf-pop: FRA60-P1
x-amz-cf-id: 01WoftqM8pJSXGYPrdsi87HYHrn_74Vf2ndRbR0TaueMFlf44XV3BA==
expires: Mon, 18 Oct 2021 23:43:13 GMT

GET
H2 200 flux_bythem_AS_TM_AT.min.js Show response
flux-cdn.com/client/mag2/ 266 KB
76 KB 29ms
11ms Script
application/x-javascript 13.32.121.44
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://flux-cdn.com/client/mag2/flux_bythem_AS_TM_AT.min.js
Requested by: Host: by-them.com
URL: https://by-them.com/430811?utm_medium=email&utm_source=mag_W000000003_thu&utm_campaign=mag_9999_0930&trflg=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.121.44 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-121-44.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: d3c62980d8f646e651fbf068d688fedb48272a76afd0bc1d2897670cea1f49e2

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://by-them.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 09:19:35 GMT
content-encoding: br
last-modified: Fri, 08 Oct 2021 02:47:43 GMT
server: AmazonS3
age: 262
etag: W/"807a4fdc85c61d381cb07d4eacd2b866"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/x-javascript
via: 1.1 6fd3ab2be93b19c970fb371964d46d94.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P1
x-amz-cf-id: N39jOFUuZnzIgO0NwX6_yrpCejDH9BXy7N5cAd17y8Ltc0OYMH0iBw==

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 80 KB
27 KB 42ms
18ms Script
text/javascript 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: by-them.com
URL: https://by-them.com/430811?utm_medium=email&utm_source=mag_W000000003_thu&utm_campaign=mag_9999_0930&trflg=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

446c1dc71cad30795f9d41b5de331cf938f15e4b25794d376e2e6ef9571e397d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://by-them.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 09:23:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1015 / 706 of 1000 / last-modified: 1634200802"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27137
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Thu, 14 Oct 2021 09:23:56 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 145 KB
51 KB 77ms
54ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: by-them.com
URL: https://by-them.com/430811?utm_medium=email&utm_source=mag_W000000003_thu&utm_campaign=mag_9999_0930&trflg=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4c3735c044d254364920e69acc39831b25db236552d316a9f0424225781f0434

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://by-them.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 09:23:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 51441
x-xss-protection: 0
server: cafe
etag: 16593517423228810267
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Thu, 14 Oct 2021 09:23:56 GMT

GET
H2 200 bythem_logo_pc.png
by-them.com/wp-content/uploads/2019/07/24183923/ 30 KB
30 KB 14ms
12ms Image
image/png 13.32.121.11
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://by-them.com/wp-content/uploads/2019/07/24183923/bythem_logo_pc.png
Requested by: Host: by-them.com
URL: https://by-them.com/430811?utm_medium=email&utm_source=mag_W000000003_thu&utm_campaign=mag_9999_0930&trflg=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.121.11 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-121-11.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: d75af2b219c6aaf2232c9bf1c452c6d5a95a9554486340909eca8096eea2b29d

Request headers

:path: /wp-content/uploads/2019/07/24183923/bythem_logo_pc.png
pragma: no-cache
cookie: wordpress_google_apps_login=d3991c4ae64cf799ed6c37fe3761900a
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: by-them.com
referer: https://by-them.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://by-them.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 04 Feb 2021 05:01:33 GMT
via: 1.1 fd38301adb0ceb6cf6c42567f371a2f5.cloudfront.net (CloudFront)
last-modified: Thu, 22 Aug 2019 01:31:51 GMT
server: AmazonS3
age: 21788544
etag: "4ea11dbfd94d1c8ae49dd5342c55067d"
x-cache: Hit from cloudfront
content-type: image/png
cache-control: max-age=31536000
x-amz-cf-pop: FRA60-P1
accept-ranges: bytes
content-length: 30546
x-amz-cf-id: QkyH-YT1vObCAFhRPyN2B2uMUN-_scp6IK4zpFe6SKIAe498r19s2g==
expires: Thu, 23 Jul 2020 09:39:23 GMT

GET
H2 200 hatenabookmark-logomark.png
by-them.com/wp-content/uploads/assets/ 5 KB
6 KB 10ms
8ms Image
image/png 13.32.121.11
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://by-them.com/wp-content/uploads/assets/hatenabookmark-logomark.png
Requested by: Host: by-them.com
URL: https://by-them.com/430811?utm_medium=email&utm_source=mag_W000000003_thu&utm_campaign=mag_9999_0930&trflg=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.121.11 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-121-11.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 012d2dacd64a4061717b6fea0e85f04f4bafa874f01eacbffe74946006908f9c

Request headers

:path: /wp-content/uploads/assets/hatenabookmark-logomark.png
pragma: no-cache
cookie: wordpress_google_apps_login=d3991c4ae64cf799ed6c37fe3761900a
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: by-them.com
referer: https://by-them.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://by-them.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 13 Oct 2021 20:24:27 GMT
via: 1.1 fd38301adb0ceb6cf6c42567f371a2f5.cloudfront.net (CloudFront)
last-modified: Fri, 05 Jun 2020 06:34:58 GMT
server: AmazonS3
age: 46770
etag: "04a17ca6a446ed4ddd6ee3e4758356da"
x-cache: Hit from cloudfront
content-type: image/png
x-amz-cf-pop: FRA60-P1
accept-ranges: bytes
content-length: 5432
x-amz-cf-id: _thCG7Hp87_rGZhQ7LpocT6L-lyQ_Zn-_lVFWKy283iaKi02vJkuSA==

GET
H2 200 rating_1_on.gif
by-them.com/wp-content/plugins/wp-postratings/images/heart/ 777 B
1 KB 14ms
12ms Image
image/gif 13.32.121.11
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://by-them.com/wp-content/plugins/wp-postratings/images/heart/rating_1_on.gif
Requested by: Host: by-them.com
URL: https://by-them.com/430811?utm_medium=email&utm_source=mag_W000000003_thu&utm_campaign=mag_9999_0930&trflg=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.121.11 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-121-11.fra60.r.cloudfront.net
Software: nginx /
Resource Hash: 0ff82e177550f4c72ad92e4a6b3458fdff2b53e3810841268a9aaa3eb0810a2a

Request headers

:path: /wp-content/plugins/wp-postratings/images/heart/rating_1_on.gif
pragma: no-cache
cookie: wordpress_google_apps_login=d3991c4ae64cf799ed6c37fe3761900a
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: by-them.com
referer: https://by-them.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://by-them.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sun, 10 Oct 2021 17:05:33 GMT
via: 1.1 fd38301adb0ceb6cf6c42567f371a2f5.cloudfront.net (CloudFront)
last-modified: Wed, 29 Sep 2021 06:37:13 GMT
server: nginx
age: 317903
etag: "61540999-309"
x-cache: Hit from cloudfront
content-type: image/gif
cache-control: max-age=604800
x-amz-cf-pop: FRA60-P1
accept-ranges: bytes
content-length: 777
x-amz-cf-id: cqhpkBK_-bwkHYkITFgpmFcEQYb4o-AbEQawpHDTwSHOGLNWQWpv_w==
expires: Sun, 17 Oct 2021 17:05:33 GMT

GET
H2 200 outer-frame.min.js Show response
speee-ad.akamaized.net/tag/2-by-them_pc/js/ 183 KB
46 KB 49ms
17ms Script
application/javascript 2.16.107.65
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://speee-ad.akamaized.net/tag/2-by-them_pc/js/outer-frame.min.js
Requested by: Host: by-them.com
URL: https://by-them.com/430811?utm_medium=email&utm_source=mag_W000000003_thu&utm_campaign=mag_9999_0930&trflg=1
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2.16.107.65 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-16-107-65.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: bd72166946b276b76313495a20ab6eba57d6f7cda8d75425c9432671ed434b93

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://by-them.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 09:23:56 GMT
content-encoding: gzip
last-modified: Tue, 28 Sep 2021 07:32:29 GMT
server: AmazonS3
x-amz-request-id: 4KTKR6ZR19R64P3P
etag: "57e1cbfd64c7faefff649a8c3ba09844"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=0
accept-ranges: bytes
alt-svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
x-amz-id-2: t6RAtiwEmv1pGMmpttQNWC0aobli6qrSOv09RAip1v/JVMkjJN+T7lcqNbd4g9jLqI19gMyxQfc=
expires: Thu, 14 Oct 2021 09:23:56 GMT

GET
H2 200 1d2521eb-8d6e-408c-8231-40396d2acd11.json Show response
cdn-apac.onetrust.com/consent/1d2521eb-8d6e-408c-8231-40396d2acd11/ 2 KB
2 KB 33ms
16ms XHR
application/x-javascript 2606:4700:10::6814:b944
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-apac.onetrust.com/consent/1d2521eb-8d6e-408c-8231-40396d2acd11/1d2521eb-8d6e-408c-8231-40396d2acd11.json

Requested by

Host: cdn-apac.onetrust.com
URL: https://cdn-apac.onetrust.com/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6814:b944 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d4983519d315cab758f1379521a22dd4173c4a799bcbbfc1c4fc49584efa674c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://by-them.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 14 Oct 2021 09:23:56 GMT
content-encoding: gzip
vary: Accept-Encoding
cf-cache-status: HIT
content-md5: SHrJASUMtebWbFleiR+K6g==
age: 263
content-length: 1072
x-ms-lease-status: unlocked
last-modified: Mon, 16 Nov 2020 10:42:58 GMT
server: cloudflare
etag: 0x8D88A1C621B43B8
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: f6600f8c-401e-008a-6924-c084b5000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=14400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 69dfc0738b104de8-FRA

GET
H2 200 apstag.js Show response
c.amazon-adsystem.com/aax2/ 133 KB
36 KB 46ms
22ms Script
application/javascript 52.222.210.175
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/aax2/apstag.js
Requested by: Host: by-them.com
URL: https://by-them.com/430811?utm_medium=email&utm_source=mag_W000000003_thu&utm_campaign=mag_9999_0930&trflg=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.210.175 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-210-175.fra56.r.cloudfront.net
Software: Server /
Resource Hash: da263eff6489f28a35d328a1a5895db9adb14c22c40cd35d0afce85414cac701

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://by-them.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-amz-version-id: zTpXqDhrs..xkKPVKkqB8HVtw0cnTzHi
content-encoding: gzip
etag: e2b905aea413c4d7479fb2bb9cbc6c65
age: 828
x-cache: Hit from cloudfront
server: Server
x-amz-rid: 0MED1WBPBKA8EJPWBN55
date: Thu, 14 Oct 2021 09:10:09 GMT
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 33febf2d58aeb0618cba096d54cae019.cloudfront.net (CloudFront)
cache-control: public, max-age=900
x-amz-cf-pop: FRA56-P3
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: j_lfnMc2dYt-BjRoSVIdlvUkXZ_k05rFTw-EFG3s2f0WxAPChOOBVg==

GET
H2 200 ikd7xws.js Show response
use.typekit.net/ 33 KB
12 KB 50ms
19ms Script
text/javascript 2a02:26f0:6c00::210:ba0a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://use.typekit.net/ikd7xws.js

Requested by

Host: by-them.com
URL: https://by-them.com/430811?utm_medium=email&utm_source=mag_W000000003_thu&utm_campaign=mag_9999_0930&trflg=1

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:6c00::210:ba0a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

nginx /

Resource Hash

80c9c096e934558ab3233d98a353ed9e3b2f1047e8b41970a9eb6f087b1c86ab

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://by-them.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains;
content-encoding: gzip
server: nginx
date: Thu, 14 Oct 2021 09:23:56 GMT
vary: Accept-Encoding
content-type: text/javascript;charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=600, stale-while-revalidate=604800
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 11893

GET
H2 200 fa-brands-400.woff2
by-them.com/wp-content/plugins/muse/src/Custom/webfonts/ 53 KB
54 KB 21ms
19ms Font
font/woff2 13.32.121.11
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://by-them.com/wp-content/plugins/muse/src/Custom/webfonts/fa-brands-400.woff2
Requested by: Host: by-them.com
URL: https://by-them.com/wp-content/plugins/muse/src/Custom/css/fontawesome-all.min.css?ver=5.0.8
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.121.11 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-121-11.fra60.r.cloudfront.net
Software: nginx /
Resource Hash: e7d4d5340bbe57a01d8f7992142e2763d438d5783890c76748306eebfa056a69

Request headers

sec-fetch-mode: cors
origin: https://by-them.com
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
sec-fetch-dest: font
cookie: wordpress_google_apps_login=d3991c4ae64cf799ed6c37fe3761900a
:path: /wp-content/plugins/muse/src/Custom/webfonts/fa-brands-400.woff2
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept: */*
cache-control: no-cache
:authority: by-them.com
referer: https://by-them.com/wp-content/plugins/muse/src/Custom/css/fontawesome-all.min.css?ver=5.0.8
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://by-them.com/wp-content/plugins/muse/src/Custom/css/fontawesome-all.min.css?ver=5.0.8
Origin: https://by-them.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 09:23:56 GMT
via: 1.1 fd38301adb0ceb6cf6c42567f371a2f5.cloudfront.net (CloudFront)
last-modified: Wed, 29 Sep 2021 06:37:12 GMT
server: nginx
x-amz-cf-pop: FRA60-P1
etag: "61540998-d4d8"
x-cache: Hit from cloudfront
content-type: font/woff2
cache-control: max-age=604800
accept-ranges: bytes
content-length: 54488
x-amz-cf-id: NHYuBoVZ2yZeKXKDG9EWSz4TgTflRhlPPVHZHhBLYmUaqjewzn-nSg==
expires: Thu, 21 Oct 2021 02:25:50 GMT

GET
H2 200 design_plus.woff
by-them.com/wp-content/themes/by_them_pc/fonts/ 25 KB
26 KB 9ms
9ms Font
font/woff 13.32.121.11
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://by-them.com/wp-content/themes/by_them_pc/fonts/design_plus.woff?v=1.0
Requested by: Host: by-them.com
URL: https://by-them.com/wp-content/themes/by_them_pc/style.css?ver=4ea95c1e1deab4ba111b0883c0d0ba8b
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.121.11 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-121-11.fra60.r.cloudfront.net
Software: nginx /
Resource Hash: ac4b86db82706fe813fb3a3b5c4eef27e927307903a6e48d27cbe106b62d2126

Request headers

sec-fetch-mode: cors
origin: https://by-them.com
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
sec-fetch-dest: font
cookie: wordpress_google_apps_login=d3991c4ae64cf799ed6c37fe3761900a
:path: /wp-content/themes/by_them_pc/fonts/design_plus.woff?v=1.0
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept: */*
cache-control: no-cache
:authority: by-them.com
referer: https://by-them.com/wp-content/themes/by_them_pc/style.css?ver=4ea95c1e1deab4ba111b0883c0d0ba8b
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://by-them.com/wp-content/themes/by_them_pc/style.css?ver=4ea95c1e1deab4ba111b0883c0d0ba8b
Origin: https://by-them.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Fri, 08 Oct 2021 03:19:21 GMT
via: 1.1 fd38301adb0ceb6cf6c42567f371a2f5.cloudfront.net (CloudFront)
last-modified: Wed, 29 Sep 2021 06:37:13 GMT
server: nginx
age: 540275
etag: "61540999-6524"
x-cache: Hit from cloudfront
content-type: font/woff
cache-control: max-age=604800
x-amz-cf-pop: FRA60-P1
accept-ranges: bytes
content-length: 25892
x-amz-cf-id: bdPNDjwepQcjnEvLviWX45PKzoCEp9PSstOhekmNGfw9u-rb-6yb7A==
expires: Fri, 15 Oct 2021 03:19:21 GMT

GET
H2 200 location Show response
geolocation.onetrust.com/cookieconsentpub/v1/geo/ 165 B
214 B 24ms
24ms Script
text/javascript 2606:4700:10::6814:b944
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location

Requested by

Host: cdn-apac.onetrust.com
URL: https://cdn-apac.onetrust.com/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6814:b944 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

77ae4fb56d2da594993ef6f0203c0cef103af28f7e4c5e0ac045909137422cf9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://by-them.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 09:23:56 GMT
content-encoding: gzip
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-ray: 69dfc0748ccc4e0e-FRA

GET
H2 200 latest.json Show response
currency.prebid.org/ 2 KB
2 KB 24ms
7ms XHR
application/octet-stream 2600:9000:223f:1c00:19:2cf2:a900:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://currency.prebid.org/latest.json
Requested by: Host: flux-cdn.com
URL: https://flux-cdn.com/client/mag2/flux_bythem_AS_TM_AT.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223f:1c00:19:2cf2:a900:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 8141e029721f2ff87e0fc4b69f0cc844c129037d4c2f878a75c50bce6b01f9de

Request headers

Referer: https://by-them.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

date: Wed, 13 Oct 2021 15:06:26 GMT
via: 1.1 b6be6ee8d445cfa291adcacd75a3fb12.cloudfront.net (CloudFront)
vary: Origin
age: 65851
x-cache: Hit from cloudfront
content-length: 1681
last-modified: Wed, 13 Oct 2021 15:00:54 GMT
server: AmazonS3
etag: "83988871510becc3a0925c9195b1492b"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/octet-stream
access-control-allow-origin: *
x-amz-cf-pop: FRA56-P5
accept-ranges: bytes
x-amz-cf-id: vf6JSeOIOmHPOlP4oDFVRflk8ikDF-T2haX9jPXyAxCBZm5ovfgqdQ==
expires: Thu, 14 Oct 2021 15:00:51 GMT

GET
H2 200 outer-frame.min.js Show response
speee-ad.akamaized.net/tag/by-them_pc/js/ 185 KB
46 KB 16ms
15ms Script
application/javascript 2.16.107.65
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://speee-ad.akamaized.net/tag/by-them_pc/js/outer-frame.min.js
Requested by: Host: by-them.com
URL: https://by-them.com/430811?utm_medium=email&utm_source=mag_W000000003_thu&utm_campaign=mag_9999_0930&trflg=1
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2.16.107.65 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-16-107-65.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: ccc7b6b811683b4764e9fa7d9caeb159700b6fc23a9a5d6c4eba46083413c13c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://by-them.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 09:23:56 GMT
content-encoding: gzip
last-modified: Wed, 29 Sep 2021 04:18:59 GMT
server: AmazonS3
x-amz-request-id: G0YYYJ0S62GGKW29
etag: "f662f726db5390678bdb261eb5880787"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=0
accept-ranges: bytes
x-amz-id-2: IdT25mXlE0dqi0/Md6kbH55GbbaSAAmOkvHx6QVvZQ+9sEPO/IfJG0oDhEsf79Olq+Jx9MB/1wE=
expires: Thu, 14 Oct 2021 09:23:56 GMT

GET
H2 200 bythem-13.jpg
by-them.com/wp-content/uploads/2020/09/15102729/ 146 KB
146 KB 21ms
21ms Image
image/jpeg 13.32.121.11
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://by-them.com/wp-content/uploads/2020/09/15102729/bythem-13.jpg
Requested by: Host: by-them.com
URL: https://by-them.com/430811?utm_medium=email&utm_source=mag_W000000003_thu&utm_campaign=mag_9999_0930&trflg=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.121.11 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-121-11.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 484a495fe66552ba22f500b24a45d1044b27fffd12df641cb3664607e15c7bc3

Request headers

:path: /wp-content/uploads/2020/09/15102729/bythem-13.jpg
pragma: no-cache
cookie: wordpress_google_apps_login=d3991c4ae64cf799ed6c37fe3761900a
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: by-them.com
referer: https://by-them.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://by-them.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 11 Oct 2021 05:05:37 GMT
via: 1.1 fd38301adb0ceb6cf6c42567f371a2f5.cloudfront.net (CloudFront)
last-modified: Tue, 15 Sep 2020 01:27:30 GMT
server: AmazonS3
age: 274700
etag: "a84b36bd40e88fbcfa2d57f36a4408be"
x-cache: Hit from cloudfront
content-type: image/jpeg
cache-control: max-age=31536000
x-amz-cf-pop: FRA60-P1
accept-ranges: bytes
content-length: 149232
x-amz-cf-id: 99M0adanFys1742djwBEnYpZCzOhBPMs6mYJo7FoLc2oeVlRHjsrRg==
expires: Wed, 15 Sep 2021 01:27:29 GMT

GET
H2 200 bythem_logo_black.png
by-them.com/wp-content/uploads/assets/ 30 KB
30 KB 10ms
10ms Image
image/png 13.32.121.11
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://by-them.com/wp-content/uploads/assets/bythem_logo_black.png
Requested by: Host: by-them.com
URL: https://by-them.com/430811?utm_medium=email&utm_source=mag_W000000003_thu&utm_campaign=mag_9999_0930&trflg=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.121.11 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-121-11.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: d75af2b219c6aaf2232c9bf1c452c6d5a95a9554486340909eca8096eea2b29d

Request headers

:path: /wp-content/uploads/assets/bythem_logo_black.png
pragma: no-cache
cookie: wordpress_google_apps_login=d3991c4ae64cf799ed6c37fe3761900a
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: by-them.com
referer: https://by-them.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://by-them.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 13 Oct 2021 21:27:39 GMT
via: 1.1 fd38301adb0ceb6cf6c42567f371a2f5.cloudfront.net (CloudFront)
last-modified: Thu, 22 Aug 2019 01:31:58 GMT
server: AmazonS3
age: 42978
etag: "4ea11dbfd94d1c8ae49dd5342c55067d"
x-cache: Hit from cloudfront
content-type: image/png
x-amz-cf-pop: FRA60-P1
accept-ranges: bytes
content-length: 30546
x-amz-cf-id: JbpKHxCx6-rPSZ2pNmy8mQa8mtwEngnWBc9_Lb2h42BcP_3Jv17sCQ==

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 48 KB
20 KB 32ms
6ms Script
text/javascript 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-142511850-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

fd222137f245c06ddb4c4d44db41f12138dad6cf8ef5d4d4a5e500f38f0c8c62

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://by-them.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 13 Oct 2021 16:38:54 GMT
server: Golfe2
age: 2219
date: Thu, 14 Oct 2021 08:46:57 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19747
expires: Thu, 14 Oct 2021 10:46:57 GMT

GET
H2 200 footer_log.png
by-them.com/wp-content/uploads/assets/ 4 KB
4 KB 9ms
9ms Image
image/png 13.32.121.11
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://by-them.com/wp-content/uploads/assets/footer_log.png
Requested by: Host: by-them.com
URL: https://by-them.com/430811?utm_medium=email&utm_source=mag_W000000003_thu&utm_campaign=mag_9999_0930&trflg=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.121.11 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-121-11.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: f4e6fb9c2251a031b1b9e9bcf58ccf8cca0c1b7c3b045999ff8c59a35449a467

Request headers

:path: /wp-content/uploads/assets/footer_log.png
pragma: no-cache
cookie: wordpress_google_apps_login=d3991c4ae64cf799ed6c37fe3761900a
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: by-them.com
referer: https://by-them.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://by-them.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 13 Oct 2021 17:11:18 GMT
via: 1.1 fd38301adb0ceb6cf6c42567f371a2f5.cloudfront.net (CloudFront)
last-modified: Thu, 22 Aug 2019 01:31:58 GMT
server: AmazonS3
age: 58359
etag: "56c4057444be8b29891ef51d94296a9a"
x-cache: Hit from cloudfront
content-type: image/png
x-amz-cf-pop: FRA60-P1
accept-ranges: bytes
content-length: 3891
x-amz-cf-id: bfl0wk2EMZxyVqO67uASKhgLCpkKLTDppjzo_seukJ8aDSFNoYEkBg==

GET
H2 200 mag2_corpo_log.png
by-them.com/wp-content/uploads/assets/ 2 KB
2 KB 12ms
12ms Image
image/png 13.32.121.11
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://by-them.com/wp-content/uploads/assets/mag2_corpo_log.png
Requested by: Host: by-them.com
URL: https://by-them.com/430811?utm_medium=email&utm_source=mag_W000000003_thu&utm_campaign=mag_9999_0930&trflg=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.121.11 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-121-11.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: fc41d115829ba05f31c0947f32f81e09de4d1ce08bcfbdc2a66b31ab47531a38

Request headers

:path: /wp-content/uploads/assets/mag2_corpo_log.png
pragma: no-cache
cookie: wordpress_google_apps_login=d3991c4ae64cf799ed6c37fe3761900a
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: by-them.com
referer: https://by-them.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://by-them.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 09:23:56 GMT
via: 1.1 fd38301adb0ceb6cf6c42567f371a2f5.cloudfront.net (CloudFront)
last-modified: Thu, 22 Aug 2019 01:31:58 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P1
etag: "c15b13c35bba2ba26ac84c2c70360171"
x-cache: Hit from cloudfront
content-type: image/png
accept-ranges: bytes
content-length: 1730
x-amz-cf-id: xvkw6aq-PNEFIBH23G8bgjZpxq0cNu83eQO9SeDCqNdV14iW_IjFZQ==

GET
H2 200 rdemail.js Show response
by-them.com/wp-content/plugins/muse/src/Custom/js/ 1 KB
898 B 10ms
9ms Script
application/javascript 13.32.121.11
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://by-them.com/wp-content/plugins/muse/src/Custom/js/rdemail.js?ver=83ce794bc76e321846768cd84527bfde
Requested by: Host: by-them.com
URL: https://by-them.com/430811?utm_medium=email&utm_source=mag_W000000003_thu&utm_campaign=mag_9999_0930&trflg=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.121.11 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-121-11.fra60.r.cloudfront.net
Software: nginx /
Resource Hash: ff33261963114a52baff3f6f8827f3b0775e81b8ee537a70b6d419367c9d4313

Request headers

:path: /wp-content/plugins/muse/src/Custom/js/rdemail.js?ver=83ce794bc76e321846768cd84527bfde
pragma: no-cache
cookie: wordpress_google_apps_login=d3991c4ae64cf799ed6c37fe3761900a
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: by-them.com
referer: https://by-them.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://by-them.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 11 Oct 2021 05:12:39 GMT
content-encoding: gzip
last-modified: Wed, 29 Sep 2021 06:37:13 GMT
server: nginx
age: 274277
etag: W/"61540999-468"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=UTF-8
via: 1.1 fd38301adb0ceb6cf6c42567f371a2f5.cloudfront.net (CloudFront)
cache-control: max-age=604800
x-amz-cf-pop: FRA60-P1
x-amz-cf-id: N03DHNysIV-RZreSqCvbJtrFFMUhpUvR-MvjyGNqiXhKxEE1ZvVzUg==
expires: Mon, 18 Oct 2021 05:12:39 GMT

GET
H2 200 postratings-js.js Show response
by-them.com/wp-content/plugins/wp-postratings/js/ 3 KB
1 KB 10ms
10ms Script
application/javascript 13.32.121.11
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://by-them.com/wp-content/plugins/wp-postratings/js/postratings-js.js?ver=1.86.2
Requested by: Host: by-them.com
URL: https://by-them.com/430811?utm_medium=email&utm_source=mag_W000000003_thu&utm_campaign=mag_9999_0930&trflg=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.121.11 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-121-11.fra60.r.cloudfront.net
Software: nginx /
Resource Hash: c42425f18923921089911e70f39c6dd462794df2e42ac0596abc3884da6471fc

Request headers

:path: /wp-content/plugins/wp-postratings/js/postratings-js.js?ver=1.86.2
pragma: no-cache
cookie: wordpress_google_apps_login=d3991c4ae64cf799ed6c37fe3761900a
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: by-them.com
referer: https://by-them.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://by-them.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sun, 10 Oct 2021 19:24:10 GMT
content-encoding: gzip
last-modified: Wed, 29 Sep 2021 06:37:13 GMT
server: nginx
age: 309586
etag: W/"61540999-d01"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=UTF-8
via: 1.1 fd38301adb0ceb6cf6c42567f371a2f5.cloudfront.net (CloudFront)
cache-control: max-age=604800
x-amz-cf-pop: FRA60-P1
x-amz-cf-id: R39gibDWqG89vX4lf8Clps2Z3tWd9n3UEVe_zSdJUi0DRyu9OEo9Ow==
expires: Sun, 17 Oct 2021 19:24:10 GMT

GET
H2 200 functions.js Show response
by-them.com/wp-content/themes/by_them_pc/js/ 12 KB
4 KB 10ms
10ms Script
application/javascript 13.32.121.11
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://by-them.com/wp-content/themes/by_them_pc/js/functions.js?ver=5.2
Requested by: Host: by-them.com
URL: https://by-them.com/430811?utm_medium=email&utm_source=mag_W000000003_thu&utm_campaign=mag_9999_0930&trflg=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.121.11 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-121-11.fra60.r.cloudfront.net
Software: nginx /
Resource Hash: d83f547a919a69318056360aff389dc3e833ed7a4e4db9c27ac21b370e787a0c

Request headers

:path: /wp-content/themes/by_them_pc/js/functions.js?ver=5.2
pragma: no-cache
cookie: wordpress_google_apps_login=d3991c4ae64cf799ed6c37fe3761900a
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: by-them.com
referer: https://by-them.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://by-them.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 11 Oct 2021 06:02:28 GMT
content-encoding: gzip
last-modified: Wed, 29 Sep 2021 06:37:13 GMT
server: nginx
age: 271288
etag: W/"61540999-30ea"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=UTF-8
via: 1.1 fd38301adb0ceb6cf6c42567f371a2f5.cloudfront.net (CloudFront)
cache-control: max-age=604800
x-amz-cf-pop: FRA60-P1
x-amz-cf-id: ng2WU98TmnE4bgICVt-Yout2GyZ7TcYG5bZajhzWEKyFOezs1vZzmg==
expires: Mon, 18 Oct 2021 06:02:28 GMT

GET
H2 200 header-fix.js Show response
by-them.com/wp-content/themes/by_them_pc/js/ 841 B
1 KB 11ms
10ms Script
application/javascript 13.32.121.11
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://by-them.com/wp-content/themes/by_them_pc/js/header-fix.js?ver=5.2
Requested by: Host: by-them.com
URL: https://by-them.com/430811?utm_medium=email&utm_source=mag_W000000003_thu&utm_campaign=mag_9999_0930&trflg=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.121.11 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-121-11.fra60.r.cloudfront.net
Software: nginx /
Resource Hash: 9a82b6d28186de621a015139f499e8fafcc1599ab1d752a1deb3c8aceb03310b

Request headers

:path: /wp-content/themes/by_them_pc/js/header-fix.js?ver=5.2
pragma: no-cache
cookie: wordpress_google_apps_login=d3991c4ae64cf799ed6c37fe3761900a
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: by-them.com
referer: https://by-them.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://by-them.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sun, 10 Oct 2021 17:05:33 GMT
via: 1.1 fd38301adb0ceb6cf6c42567f371a2f5.cloudfront.net (CloudFront)
last-modified: Wed, 29 Sep 2021 06:37:13 GMT
server: nginx
age: 317903
etag: "61540999-349"
x-cache: Hit from cloudfront
content-type: application/javascript; charset=UTF-8
cache-control: max-age=604800
x-amz-cf-pop: FRA60-P1
accept-ranges: bytes
content-length: 841
x-amz-cf-id: azXIBj21fKIHkUiWAbW-6GVOuWljb3mK9Opyvo6ZPbAgvDaH3-jAkw==
expires: Sun, 17 Oct 2021 17:05:33 GMT

GET
H2 200 wp-embed.min.js Show response
by-them.com/wp-includes/js/ 1 KB
1 KB 11ms
10ms Script
application/javascript 13.32.121.11
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://by-them.com/wp-includes/js/wp-embed.min.js?ver=5.2
Requested by: Host: by-them.com
URL: https://by-them.com/430811?utm_medium=email&utm_source=mag_W000000003_thu&utm_campaign=mag_9999_0930&trflg=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.121.11 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-121-11.fra60.r.cloudfront.net
Software: nginx /
Resource Hash: 2152557cac69e2bd7d6debef5037a9f554f9209cc305b8141b3329acb10c42b7

Request headers

:path: /wp-includes/js/wp-embed.min.js?ver=5.2
pragma: no-cache
cookie: wordpress_google_apps_login=d3991c4ae64cf799ed6c37fe3761900a
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: by-them.com
referer: https://by-them.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://by-them.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 07 Oct 2021 22:01:09 GMT
content-encoding: gzip
last-modified: Thu, 30 Aug 2018 12:40:26 GMT
server: nginx
age: 559367
etag: W/"5b87e5ba-57b"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=UTF-8
via: 1.1 fd38301adb0ceb6cf6c42567f371a2f5.cloudfront.net (CloudFront)
cache-control: max-age=604800
x-amz-cf-pop: FRA60-P1
x-amz-cf-id: t988YYs_BbHAP3QpatMcejb0Q0PBrexBtzdO2Q5uFhfhzyF9mjTcSQ==
expires: Thu, 14 Oct 2021 22:01:09 GMT

GET
H2 200 jquery.color.js Show response
cdnjs.cloudflare.com/ajax/libs/jquery-color/2.1.2/ 16 KB
5 KB 50ms
32ms Script
application/javascript 2606:4700::6810:135e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/jquery-color/2.1.2/jquery.color.js

Requested by

Host: by-them.com
URL: https://by-them.com/430811?utm_medium=email&utm_source=mag_W000000003_thu&utm_campaign=mag_9999_0930&trflg=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:135e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d429fb4dd7c788c7046d3ba4bbded94521add9bdd2bd97ed1089faf143201c2f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://by-them.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 09:23:56 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 15354046
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 4553
cf-request-id: 098c8a767700002c56dc9d6000000001
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:11:45 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03ec1-3f96"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jAKUmfBWUE%2FVHjDruj9MM59Tx6cWPSJ9OXZyvjQBDSvFEzeU3N58rVQZoJOlPVWJAn1hh9O5Yo%2FoCbww6KUfAzLFUfi%2BD5TQFGuERh1j%2B5X4BkqdcjJOAkvZGXZPiIDxYcCnf5lqcH3dKfz%2FlErfpxA3"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 69dfc0756c5b694c-FRA
expires: Tue, 04 Oct 2022 09:23:56 GMT

GET
H2 200 bythem-13-600x405.jpg
by-them.com/wp-content/uploads/2020/09/15102729/ 33 KB
34 KB 975ms
975ms Image
image/jpeg 13.32.121.11
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://by-them.com/wp-content/uploads/2020/09/15102729/bythem-13-600x405.jpg
Requested by: Host: by-them.com
URL: https://by-them.com/430811?utm_medium=email&utm_source=mag_W000000003_thu&utm_campaign=mag_9999_0930&trflg=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.121.11 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-121-11.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: dfc91475a36515b5d36d69b644ce5b1bff665bd68a2d79406cf60555273b23dd

Request headers

:path: /wp-content/uploads/2020/09/15102729/bythem-13-600x405.jpg
pragma: no-cache
cookie: wordpress_google_apps_login=d3991c4ae64cf799ed6c37fe3761900a
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: by-them.com
referer: https://by-them.com/430811?utm_medium=email&utm_source=mag_W000000003_thu&utm_campaign=mag_9999_0930&trflg=1
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://by-them.com/430811?utm_medium=email&utm_source=mag_W000000003_thu&utm_campaign=mag_9999_0930&trflg=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 09:23:58 GMT
via: 1.1 fd38301adb0ceb6cf6c42567f371a2f5.cloudfront.net (CloudFront)
last-modified: Tue, 15 Sep 2020 01:27:30 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P1
etag: "7cf576868810a3518fc87ca27a4890dd"
x-cache: Miss from cloudfront
content-type: image/jpeg
cache-control: max-age=31536000
accept-ranges: bytes
content-length: 34061
x-amz-cf-id: doBhc-FdVyeBiwMiGPTR0K1hCkaIq5EhBOTpO_V0y_Pcv7qEy6gYXg==
expires: Wed, 15 Sep 2021 01:27:29 GMT

GET
H2 200 kmKnZrc3Hgbbcjq75U4uslyuy4kn0qNZaxM.woff2
fonts.gstatic.com/s/librebaskerville/v9/ 26 KB
27 KB 34ms
8ms Font
font/woff2 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/librebaskerville/v9/kmKnZrc3Hgbbcjq75U4uslyuy4kn0qNZaxM.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Libre+Baskerville&display=swap&ver=5.2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

451dad3dfc12bb5652e7600fa6ba6a2d49d804d10768758940be9fee8cf04399

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://by-them.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 11 Oct 2021 11:03:29 GMT
x-content-type-options: nosniff
age: 253227
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27108
x-xss-protection: 0
last-modified: Thu, 10 Sep 2020 17:02:19 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 11 Oct 2022 11:03:29 GMT

GET
H3 200 pubads_impl_2021100701.js Show response
securepubads.g.doubleclick.net/gpt/ 366 KB
124 KB 30ms
15ms Script
text/javascript 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021100701.js?31063160

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

74e0705ba9740aea8c7f1f7a8e582ae656c55e1c8d047b212683fadb5e623fa7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://by-them.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 09:23:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 126551
x-xss-protection: 0
last-modified: Thu, 07 Oct 2021 08:38:34 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Thu, 14 Oct 2021 09:23:56 GMT

GET
H3 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 63 B
92 B 31ms
16ms XHR
application/json 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=by-them.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

server-52-222-210-175.fra56.r.cloudfront.net

Software

cafe /

Resource Hash

2cb91bc3252b3f278cbd934ca5d721bfeba37f8051b0592b01456e2b49fce433

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://by-them.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 14 Oct 2021 09:23:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 67
x-xss-protection: 0
expires: Thu, 14 Oct 2021 09:23:56 GMT

GET
H2 200 p.gif Show response
p.typekit.net/ 35 B
214 B 47ms
7ms XHR
image/gif 2a02:26f0:6c00:2ae::19fd
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://p.typekit.net/p.gif?s=1&k=ikd7xws&ht=tk&h=by-them.com&f=35819.35820&a=6668945&js=1.6.1&app=typekit&e=js&_=1634203436454
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/ikd7xws.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:2ae::19fd Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: 9b9265c69a5cc295d1ab0d04e0273b3677db1a6216ce2ccf4efc8c277ed84b39

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://by-them.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 09:23:56 GMT
last-modified: Wed, 02 Sep 2020 03:58:21 GMT
server: nginx
etag: "5f4f185d-23"
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=604800
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
content-length: 35

GET
H2 200 m Show response
use.typekit.net/af/e4cb74/00000000000000003b9b2cc7/27/ 396 KB
279 KB 203ms
188ms XHR
font/opentype 2a02:26f0:6c00::210:ba0a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/e4cb74/00000000000000003b9b2cc7/27/m?unicode=AAARCgAAAAcrhwQ1-xZZoPWBT3LT-EzZf4f23PWSAFbn9br9xuj_hHLjNfBloba8kX9xNhQzafmWGdkefG4vL9F0PyZYfnYggosurK0OWeuffCBGFe4azuPzlDPyr3YCMHMrNI6Hqg4efDeqQ6wZAe9BX-OfDnUxhCxSDwSaUQyQjxvn-hGJ5zNgmoiKdiBlLLj31V0fx3XWkniuoG11TbsyfrS2AeWguLCVJGcII5eVezFF7TMzL-uZe9r9KIFKrf3bFKMWD1AVJFuP8synTlWK1Lhx5c6uFXi-gpCFOH_PchBMW4bwYOhLifLykb8ozZiYlPXl-F3vvPtYcZYXwSX1NfZudvu_qAwwS3vbJvk1eQqam085yj01N2dfL1wf-n12GuiZD4x5vnYZxReRxpxEL7Ct95ofrJjGTh2RcMKZEm2IXTboGAqm4lY5eicSB4uO8cv4Qcr9UaCsVidrwQly2tKMcpSpzHl_Kdi3GziwaGmtPrAwt6XwhK6aK4FKMswqV1Ti-nADIu2-_rsXjOqex1zX40kCgvr7sUc_bWO1HjHZbp4ThTtz8mfhoqcUN2u3MhfzbVJDf-KiLl9beIt0zzNWC_i1PAjum2oSLwcUa_6fcVJ_mMKhVVufKZr-GwAuNfKwaoLWORX1QAaLN5GkOgkrLzu8ukqlf9PQv5zw42ZSWuOrMecC9B5IfYIKXrH2ai2uec4wO-JTGFNH8luv-vPm-5tMAAAAzw&features=ALL&v=3
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/ikd7xws.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00::210:ba0a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: c4d50ea33845eeee7d70cd18eb09fba8f087adb1784c9a163384842dabfa3b93

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://by-them.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 09:23:56 GMT
content-encoding: gzip
server: nginx
etag: W/"6f72ff86c157f0e60951d42460dd25f7d034ac53"
vary: Accept-Encoding
content-type: font/opentype
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *

GET
H2 200 m Show response
use.typekit.net/af/484dcb/00000000000000003b9b2cc6/27/ 476 KB
333 KB 218ms
207ms XHR
font/opentype 2a02:26f0:6c00::210:ba0a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/484dcb/00000000000000003b9b2cc6/27/m?unicode=AAARCgAAAAcrhwQ1-xZZoPWBT3LT-EzZf4f23PWSAFbn9br9xuj_hHLjNfBloba8kX9xNhQzafmWGdkefG4vL9F0PyZYfnYggosurK0OWeuffCBGFe4azuPzlDPyr3YCMHMrNI6Hqg4efDeqQ6wZAe9BX-OfDnUxhCxSDwSaUQyQjxvn-hGJ5zNgmoiKdiBlLLj31V0fx3XWkniuoG11TbsyfrS2AeWguLCVJGcII5eVezFF7TMzL-uZe9r9KIFKrf3bFKMWD1AVJFuP8synTlWK1Lhx5c6uFXi-gpCFOH_PchBMW4bwYOhLifLykb8ozZiYlPXl-F3vvPtYcZYXwSX1NfZudvu_qAwwS3vbJvk1eQqam085yj01N2dfL1wf-n12GuiZD4x5vnYZxReRxpxEL7Ct95ofrJjGTh2RcMKZEm2IXTboGAqm4lY5eicSB4uO8cv4Qcr9UaCsVidrwQly2tKMcpSpzHl_Kdi3GziwaGmtPrAwt6XwhK6aK4FKMswqV1Ti-nADIu2-_rsXjOqex1zX40kCgvr7sUc_bWO1HjHZbp4ThTtz8mfhoqcUN2u3MhfzbVJDf-KiLl9beIt0zzNWC_i1PAjum2oSLwcUa_6fcVJ_mMKhVVufKZr-GwAuNfKwaoLWORX1QAaLN5GkOgkrLzu8ukqlf9PQv5zw42ZSWuOrMecC9B5IfYIKXrH2ai2uec4wO-JTGFNH8luv-vPm-5tMAAAAzw&features=ALL&v=3
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/ikd7xws.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00::210:ba0a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: efbebac68bd387baed05f3723cf3e921bd4a72dde613bb1321eed90c0534bf1c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://by-them.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 09:23:56 GMT
content-encoding: gzip
server: nginx
etag: W/"dc07187e72661286f9f60114897f5a67de72aac4"
vary: Accept-Encoding
content-type: font/opentype
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *

GET
H2 204 config Show response
c.amazon-adsystem.com/cdn/prod/ 0
300 B 98ms
98ms XHR
text/plain 52.222.210.175
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/cdn/prod/config?src=600&u=https%3A%2F%2Fby-them.com%2F430811&pubid=e7cce5f4-d902-40a2-96af-85422c7c1d5a
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.210.175 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-210-175.fra56.r.cloudfront.net
Software: Server /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://by-them.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 09:23:55 GMT
via: 1.1 33febf2d58aeb0618cba096d54cae019.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: FRA56-P3
x-cache: Miss from cloudfront
access-control-allow-origin: https://by-them.com
cache-control: max-age=21550, s-maxage=21600
access-control-allow-credentials: true
x-amz-cf-id: KrUOzxi8CBBVEUqNonNP92T6cW8-31-RoThkKt4AvX53SmKhakh9Qw==

GET
H2 200 bid Show response
c.amazon-adsystem.com/e/dtb/ 23 B
489 B 55ms
55ms XHR
text/javascript 52.222.210.175
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fby-them.com%2F430811&pid=JTQfnWOK7RAMR&cb=0&ws=1600x1200&v=7.69.01&t=1000&slots=%5B%7B%22sd%22%3A%220%22%2C%22s%22%3A%5B%22200x200%22%2C%22250x250%22%2C%22300x250%22%5D%2C%22sn%22%3A%22%2F35279801%2Fbythem_pc_post1_responsive%22%7D%2C%7B%22sd%22%3A%221%22%2C%22s%22%3A%5B%22200x200%22%2C%22250x250%22%2C%22300x250%22%5D%2C%22sn%22%3A%22%2F35279801%2Fbythem_pc_post1_right_300x250%22%7D%2C%7B%22sd%22%3A%222%22%2C%22s%22%3A%5B%22250x250%22%2C%22300x250%22%2C%22200x200%22%5D%2C%22sn%22%3A%22%2F35279801%2Fbythem_pc_post2_responsive%22%7D%2C%7B%22sd%22%3A%223%22%2C%22s%22%3A%5B%22250x250%22%2C%22200x200%22%2C%22300x250%22%5D%2C%22sn%22%3A%22%2F35279801%2Fbythem_pc_post2_right_300x250%22%7D%2C%7B%22sd%22%3A%224%22%2C%22s%22%3A%5B%22200x200%22%2C%22250x250%22%2C%22300x250%22%5D%2C%22sn%22%3A%22%2F35279801%2Fbythem_pc_post3_responsive%22%7D%2C%7B%22sd%22%3A%225%22%2C%22s%22%3A%5B%22250x250%22%2C%22200x200%22%2C%22300x250%22%5D%2C%22sn%22%3A%22%2F35279801%2Fbythem_pc_post3_right_300x250%22%7D%2C%7B%22sd%22%3A%226%22%2C%22s%22%3A%5B%22200x200%22%2C%22336x280%22%2C%22250x250%22%2C%22300x250%22%5D%2C%22sn%22%3A%22%2F35279801%2Fbythem_pc_sidebar1_336x280%22%7D%2C%7B%22sd%22%3A%227%22%2C%22s%22%3A%5B%22250x250%22%2C%22300x250%22%2C%22200x200%22%5D%2C%22sn%22%3A%22%2F35279801%2Fbythem_pc_sidebarlast_336x280%22%7D%2C%7B%22sd%22%3A%228%22%2C%22s%22%3A%5B%22200x200%22%2C%22300x250%22%2C%22250x250%22%5D%2C%22sn%22%3A%22%2F35279801%2Fbythem_pc_postleft_300x250%22%7D%2C%7B%22sd%22%3A%229%22%2C%22s%22%3A%5B%22250x250%22%2C%22300x250%22%2C%22200x200%22%5D%2C%22sn%22%3A%22%2F35279801%2Fbythem_pc_postright_300x250%22%7D%2C%7B%22sd%22%3A%2210%22%2C%22s%22%3A%5B%22728x90%22%5D%2C%22sn%22%3A%22%2F35279801%2Fbythem_pc_postrelated1_728x90%22%7D%5D&pubid=e7cce5f4-d902-40a2-96af-85422c7c1d5a&gdprl=%7B%22status%22%3A%22no-cmp%22%7D

Requested by

Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.210.175 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://by-them.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 09:23:56 GMT
via: 1.1 33febf2d58aeb0618cba096d54cae019.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: FRA56-P3
x-amz-rid: ASEA69WYAGKNRCZ9Y1KT
vary: Accept-Encoding,User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://by-them.com
access-control-allow-credentials: true
permissions-policy: interest-cohort=()
strict-transport-security: max-age=47474747; includeSubDomains; preload
timing-allow-origin: *
content-length: 23
x-amz-cf-id: tyS8GRvI_OPHDuTc9ZjFSe9xa-OZJZatj-rHowlAUpojp_y7yCme7Q==

GET
H2 200 aps_csm.js Show response
c.amazon-adsystem.com/bao-csm/aps-comm/ 6 KB
3 KB 27ms
12ms XHR
application/javascript 52.222.210.175
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.210.175 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-210-175.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://by-them.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-amz-version-id: c91ZTIbLZrDqT0mloV_AD7.LNsTlhW69
content-encoding: gzip
etag: W/"a4d296427fc806b21335359e398c025c"
x-amz-cf-pop: FRA56-P3
x-cache: Hit from cloudfront
access-control-max-age: 3000
access-control-allow-origin: *
last-modified: Thu, 07 Oct 2021 01:02:33 GMT
server: AmazonS3
date: Thu, 14 Oct 2021 09:23:56 GMT
vary: Origin
access-control-allow-methods: GET
content-type: application/javascript
via: 1.1 740769d10d5ef217a54d33b1ec64faf4.cloudfront.net (CloudFront)
cache-control: public, max-age=86400
x-amz-cf-id: pciIBJpGu9SNp1Ats_1oOGT3Ewc1ZhW9coXa3R35nqf05_DJydl9Ew==

GET
H2 200 recwid Show response
click.speee-ad.jp/v1/ 4 KB
2 KB 999ms
494ms Script
text/javascript 35.73.159.145
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://click.speee-ad.jp/v1/recwid?url=https%3A%2F%2Fby-them.com%2F430811&ft=1&placement_id=5135&placement_code=2-by-them_pc&v=4.3.0&device=1&os=1&ref=&cb_name=uzWidgetCallback0&sess_id=0.4035603742001926&ext=&cb=1634203436518
Requested by: Host: speee-ad.akamaized.net
URL: https://speee-ad.akamaized.net/tag/2-by-them_pc/js/outer-frame.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.73.159.145 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-73-159-145.ap-northeast-1.compute.amazonaws.com
Software: nginx /
Resource Hash: f3bdc926955beb34c74cb5944801ceacef9ae1300a55b38962fa9a1a9475d737

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://by-them.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 09:23:57 GMT
content-encoding: gzip
access-control-allow-credentials: true
server: nginx
content-type: text/javascript; charset=UTF-8
p3p: CP="CAO CUR ADM DEV PSA PSD OUR"

GET ev
click.speee-ad.jp/v1/ 0
0

GET
H2 200 otBannerSdk.js Show response
cdn-apac.onetrust.com/scripttemplates/6.9.0/ 341 KB
74 KB 17ms
17ms Script
application/javascript 2606:4700:10::6814:b944
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-apac.onetrust.com/scripttemplates/6.9.0/otBannerSdk.js

Requested by

Host: cdn-apac.onetrust.com
URL: https://cdn-apac.onetrust.com/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6814:b944 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6a13b93c05af6ec6255b737032aa3f5d1f4823ed2d57d12c0735bd2c4adc8efc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://by-them.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 14 Oct 2021 09:23:56 GMT
content-encoding: gzip
vary: Accept-Encoding
cf-cache-status: HIT
content-md5: 56jOXvghU3RiFIKiZ2Zh+g==
age: 5723
content-length: 75725
x-ms-lease-status: unlocked
last-modified: Thu, 12 Nov 2020 13:23:29 GMT
server: cloudflare
etag: 0x8D8870E25377AAD
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: 77957e78-801e-009c-481c-c0452b000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=14400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 69dfc07658144e0e-FRA

GET
H2 200 shutterstock_1935090026-480x270.jpg
by-them.com/wp-content/uploads/2021/09/17184903/ 52 KB
53 KB 14ms
14ms Image
image/jpeg 13.32.121.11
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://by-them.com/wp-content/uploads/2021/09/17184903/shutterstock_1935090026-480x270.jpg
Requested by: Host: by-them.com
URL: https://by-them.com/430811
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.121.11 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-121-11.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 23abfab52ecf44bdf272505d74e8bf2f023034e295f66727a3f837b3d44c7c4b

Request headers

:path: /wp-content/uploads/2021/09/17184903/shutterstock_1935090026-480x270.jpg
pragma: no-cache
cookie: wordpress_google_apps_login=d3991c4ae64cf799ed6c37fe3761900a
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: by-them.com
referer: https://by-them.com/430811
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://by-them.com/430811
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 28 Sep 2021 01:33:31 GMT
via: 1.1 fd38301adb0ceb6cf6c42567f371a2f5.cloudfront.net (CloudFront)
last-modified: Fri, 17 Sep 2021 09:49:05 GMT
server: AmazonS3
age: 1410626
etag: "cb9d02dc453ec7c949aab1aeb91e5318"
x-cache: Hit from cloudfront
content-type: image/jpeg
cache-control: max-age=31536000
x-amz-cf-pop: FRA60-P1
accept-ranges: bytes
content-length: 53621
x-amz-cf-id: 2QCR5fu5qAp7NCx2vndH8b0-OurpQmSistwOEDpg30FMtJdTaJomzQ==
expires: Sat, 17 Sep 2022 09:49:03 GMT

GET
H2 200 shutterstock_659840617-600x405.jpg
by-them.com/wp-content/uploads/2021/08/30144851/ 91 KB
91 KB 13ms
13ms Image
image/jpeg 13.32.121.11
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://by-them.com/wp-content/uploads/2021/08/30144851/shutterstock_659840617-600x405.jpg
Requested by: Host: by-them.com
URL: https://by-them.com/430811
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.121.11 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-121-11.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 04067a6fbbfd757a12dc1d982a45d67b3565660d056ebc9ad6deed267b758300

Request headers

:path: /wp-content/uploads/2021/08/30144851/shutterstock_659840617-600x405.jpg
pragma: no-cache
cookie: wordpress_google_apps_login=d3991c4ae64cf799ed6c37fe3761900a
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: by-them.com
referer: https://by-them.com/430811
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://by-them.com/430811
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Fri, 01 Oct 2021 02:33:35 GMT
via: 1.1 fd38301adb0ceb6cf6c42567f371a2f5.cloudfront.net (CloudFront)
last-modified: Mon, 30 Aug 2021 05:48:53 GMT
server: AmazonS3
age: 1147822
etag: "1b0975b233a26145800ddad9e377fb1d"
x-cache: Hit from cloudfront
content-type: image/jpeg
cache-control: max-age=31536000
x-amz-cf-pop: FRA60-P1
accept-ranges: bytes
content-length: 92985
x-amz-cf-id: Mlc6Myebxmp1oFVA-2lLI4DBHo0e9LG_DaHs6S-18O7S0NBLpu-yfA==
expires: Tue, 30 Aug 2022 05:48:51 GMT

GET
H2 200 bythem-14-480x270.jpg
by-them.com/wp-content/uploads/2021/08/25173313/ 36 KB
37 KB 15ms
15ms Image
image/jpeg 13.32.121.11
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://by-them.com/wp-content/uploads/2021/08/25173313/bythem-14-480x270.jpg
Requested by: Host: by-them.com
URL: https://by-them.com/430811
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.121.11 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-121-11.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 829b6e7ab079d0667ce82a465b543c9a36949402d530a40a102b249a5af38aca

Request headers

:path: /wp-content/uploads/2021/08/25173313/bythem-14-480x270.jpg
pragma: no-cache
cookie: wordpress_google_apps_login=d3991c4ae64cf799ed6c37fe3761900a
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: by-them.com
referer: https://by-them.com/430811
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://by-them.com/430811
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 07 Sep 2021 01:32:00 GMT
via: 1.1 fd38301adb0ceb6cf6c42567f371a2f5.cloudfront.net (CloudFront)
last-modified: Wed, 25 Aug 2021 08:33:14 GMT
server: AmazonS3
age: 3225117
etag: "50f06156622af83bf487f14558b49089"
x-cache: Hit from cloudfront
content-type: image/jpeg
cache-control: max-age=31536000
x-amz-cf-pop: FRA60-P1
accept-ranges: bytes
content-length: 37001
x-amz-cf-id: C9-S58sZw6PzFQBWuGifI3tBVf_aTRy_E2P8lB-YiKgsSYqLoqzjfQ==
expires: Thu, 25 Aug 2022 08:33:13 GMT

GET
H2 200 photo-1543879739-ab87be3df369-667x405.jpeg
by-them.com/wp-content/uploads/2021/08/27173438/ 34 KB
35 KB 19ms
19ms Image
image/jpeg 13.32.121.11
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://by-them.com/wp-content/uploads/2021/08/27173438/photo-1543879739-ab87be3df369-667x405.jpeg
Requested by: Host: by-them.com
URL: https://by-them.com/430811
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.121.11 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-121-11.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: cd211d6fe4e69f7d5b6827878269863254b520f692ca6fe894bb198df561de64

Request headers

:path: /wp-content/uploads/2021/08/27173438/photo-1543879739-ab87be3df369-667x405.jpeg
pragma: no-cache
cookie: wordpress_google_apps_login=d3991c4ae64cf799ed6c37fe3761900a
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: by-them.com
referer: https://by-them.com/430811
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://by-them.com/430811
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Fri, 01 Oct 2021 02:21:15 GMT
via: 1.1 fd38301adb0ceb6cf6c42567f371a2f5.cloudfront.net (CloudFront)
last-modified: Fri, 27 Aug 2021 08:34:40 GMT
server: AmazonS3
age: 1148561
etag: "7f5ff61c3b0ca6d237f322b59b333a61"
x-cache: Hit from cloudfront
content-type: image/jpeg
cache-control: max-age=31536000
x-amz-cf-pop: FRA60-P1
accept-ranges: bytes
content-length: 35079
x-amz-cf-id: 1bEaQFspUzFfuDj7t3GiMig3N7oBCe7sByF8cgCpVpm1BWVtZ-C8lg==
expires: Sat, 27 Aug 2022 08:34:38 GMT

GET
H2 200 andreea-popa-nMZY2ICPIFE-unsplash-480x270.jpg
by-them.com/wp-content/uploads/2021/09/17173911/ 44 KB
45 KB 20ms
20ms Image
image/jpeg 13.32.121.11
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://by-them.com/wp-content/uploads/2021/09/17173911/andreea-popa-nMZY2ICPIFE-unsplash-480x270.jpg
Requested by: Host: by-them.com
URL: https://by-them.com/430811
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.121.11 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-121-11.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 0491073bc057569cce091e2dc9dca11aa86654e5ebf9e76210775ea6fc5802ad

Request headers

:path: /wp-content/uploads/2021/09/17173911/andreea-popa-nMZY2ICPIFE-unsplash-480x270.jpg
pragma: no-cache
cookie: wordpress_google_apps_login=d3991c4ae64cf799ed6c37fe3761900a
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: by-them.com
referer: https://by-them.com/430811
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://by-them.com/430811
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 16 Sep 2021 03:34:41 GMT
via: 1.1 fd38301adb0ceb6cf6c42567f371a2f5.cloudfront.net (CloudFront)
last-modified: Tue, 17 Aug 2021 08:39:12 GMT
server: AmazonS3
age: 2440155
etag: "b54a1f9a9a32c5c2aed9581a113d8c60"
x-cache: Hit from cloudfront
content-type: image/jpeg
cache-control: max-age=31536000
x-amz-cf-pop: FRA60-P1
accept-ranges: bytes
content-length: 45422
x-amz-cf-id: BdSh9v9RtFf69Y8W8TaaBiOfFSkNRYPUhI0oOAxpDRQwcqB7lYWwWw==
expires: Wed, 17 Aug 2022 08:39:11 GMT

GET
H2 200 shutterstock_2017929116-480x270.jpg
by-them.com/wp-content/uploads/2021/08/24132358/ 25 KB
25 KB 21ms
21ms Image
image/jpeg 13.32.121.11
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://by-them.com/wp-content/uploads/2021/08/24132358/shutterstock_2017929116-480x270.jpg
Requested by: Host: by-them.com
URL: https://by-them.com/430811
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.121.11 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-121-11.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 6e73f056bd3124e5d5af568577493edbc864121cb594258f68eb85a6a100ac61

Request headers

:path: /wp-content/uploads/2021/08/24132358/shutterstock_2017929116-480x270.jpg
pragma: no-cache
cookie: wordpress_google_apps_login=d3991c4ae64cf799ed6c37fe3761900a
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: by-them.com
referer: https://by-them.com/430811
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://by-them.com/430811
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Fri, 01 Oct 2021 02:21:15 GMT
via: 1.1 fd38301adb0ceb6cf6c42567f371a2f5.cloudfront.net (CloudFront)
last-modified: Tue, 24 Aug 2021 04:23:59 GMT
server: AmazonS3
age: 1148561
etag: "646a106bcae0a4bdb2292f4130b4f134"
x-cache: Hit from cloudfront
content-type: image/jpeg
cache-control: max-age=31536000
x-amz-cf-pop: FRA60-P1
accept-ranges: bytes
content-length: 25284
x-amz-cf-id: 5VOUNN0hMr1leuai97g3GkP0d5vjnLgK_zIznRess5AUoSw3WCEHqw==
expires: Wed, 24 Aug 2022 04:23:58 GMT

GET
H2 200 shutterstock_1190437453-480x270.jpg
by-them.com/wp-content/uploads/2021/07/29145406/ 42 KB
42 KB 22ms
22ms Image
image/jpeg 13.32.121.11
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://by-them.com/wp-content/uploads/2021/07/29145406/shutterstock_1190437453-480x270.jpg
Requested by: Host: by-them.com
URL: https://by-them.com/430811
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.121.11 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-121-11.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: f1d877d318b380368c30f115f77dcf61c1659f07ddb0e2e2ba2b47eb3cd8e995

Request headers

:path: /wp-content/uploads/2021/07/29145406/shutterstock_1190437453-480x270.jpg
pragma: no-cache
cookie: wordpress_google_apps_login=d3991c4ae64cf799ed6c37fe3761900a
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: by-them.com
referer: https://by-them.com/430811
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://by-them.com/430811
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 29 Sep 2021 04:23:16 GMT
via: 1.1 fd38301adb0ceb6cf6c42567f371a2f5.cloudfront.net (CloudFront)
last-modified: Thu, 29 Jul 2021 05:54:07 GMT
server: AmazonS3
age: 1314041
etag: "2519319722d0a5f9637db05cb1490ba1"
x-cache: Hit from cloudfront
content-type: image/jpeg
cache-control: max-age=31536000
x-amz-cf-pop: FRA60-P1
accept-ranges: bytes
content-length: 42626
x-amz-cf-id: LCuWKfpN9s107_G6O2Hl8MYElSbgXVwOzhgSunQ-WGG1bwcxjLhFhw==
expires: Fri, 29 Jul 2022 05:54:06 GMT

GET
H2 200 ava-sol-v0nwijQYOPU-unsplash-720x405.jpg
by-them.com/wp-content/uploads/2021/10/05175711/ 45 KB
46 KB 23ms
23ms Image
image/jpeg 13.32.121.11
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://by-them.com/wp-content/uploads/2021/10/05175711/ava-sol-v0nwijQYOPU-unsplash-720x405.jpg
Requested by: Host: by-them.com
URL: https://by-them.com/430811
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.121.11 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-121-11.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: d721b8e4e14cf1f8367d2db0bc67a5bc3757b77c331e1101a49d9622e5365f0b

Request headers

:path: /wp-content/uploads/2021/10/05175711/ava-sol-v0nwijQYOPU-unsplash-720x405.jpg
pragma: no-cache
cookie: wordpress_google_apps_login=d3991c4ae64cf799ed6c37fe3761900a
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: by-them.com
referer: https://by-them.com/430811
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://by-them.com/430811
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 12 Oct 2021 02:03:55 GMT
via: 1.1 fd38301adb0ceb6cf6c42567f371a2f5.cloudfront.net (CloudFront)
last-modified: Tue, 05 Oct 2021 08:57:12 GMT
server: AmazonS3
age: 199202
etag: "77540dde72a229556a16b6f3afd5a7cb"
x-cache: Hit from cloudfront
content-type: image/jpeg
cache-control: max-age=31536000
x-amz-cf-pop: FRA60-P1
accept-ranges: bytes
content-length: 46399
x-amz-cf-id: wKM5Zhq7_ML-jmQdXhbP2S3tQ2eM8QiJsrGvE8uBRmN3wAfY1vGaeA==
expires: Wed, 05 Oct 2022 08:57:11 GMT

GET
H2 200 alwin-kroon-AWcteyBudGQ-unsplash-480x270.jpg
by-them.com/wp-content/uploads/2021/08/31103445/ 27 KB
28 KB 22ms
22ms Image
image/jpeg 13.32.121.11
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://by-them.com/wp-content/uploads/2021/08/31103445/alwin-kroon-AWcteyBudGQ-unsplash-480x270.jpg
Requested by: Host: by-them.com
URL: https://by-them.com/430811
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.121.11 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-121-11.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 7896ef9974ef59a9277fecf544908b64a5cbe3eea367b0c2a1418b5d89f49eb9

Request headers

:path: /wp-content/uploads/2021/08/31103445/alwin-kroon-AWcteyBudGQ-unsplash-480x270.jpg
pragma: no-cache
cookie: wordpress_google_apps_login=d3991c4ae64cf799ed6c37fe3761900a
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: by-them.com
referer: https://by-them.com/430811
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://by-them.com/430811
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 30 Sep 2021 21:50:16 GMT
via: 1.1 fd38301adb0ceb6cf6c42567f371a2f5.cloudfront.net (CloudFront)
last-modified: Tue, 31 Aug 2021 01:34:46 GMT
server: AmazonS3
age: 1164821
etag: "1b9ef77b32766976e85287fe533950b7"
x-cache: Hit from cloudfront
content-type: image/jpeg
cache-control: max-age=31536000
x-amz-cf-pop: FRA60-P1
accept-ranges: bytes
content-length: 27826
x-amz-cf-id: Jq9LOoTXQg0Z2nvgPEM48LQxzdHcQ4vM-c1SCNtVsMfRvpWLOMyC7Q==
expires: Wed, 31 Aug 2022 01:34:45 GMT

GET
H2 200 christian-chen-4MxpZ-T_2JE-unsplash-480x270.jpg
by-them.com/wp-content/uploads/2021/09/30115127/ 35 KB
35 KB 23ms
22ms Image
image/jpeg 13.32.121.11
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://by-them.com/wp-content/uploads/2021/09/30115127/christian-chen-4MxpZ-T_2JE-unsplash-480x270.jpg
Requested by: Host: by-them.com
URL: https://by-them.com/430811
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.121.11 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-121-11.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 1d3445020a7b0a3d4e5477268729bf6ce5b67bfb4e06d66b30c838c7360d159b

Request headers

:path: /wp-content/uploads/2021/09/30115127/christian-chen-4MxpZ-T_2JE-unsplash-480x270.jpg
pragma: no-cache
cookie: wordpress_google_apps_login=d3991c4ae64cf799ed6c37fe3761900a
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: by-them.com
referer: https://by-them.com/430811
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://by-them.com/430811
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 02 Sep 2021 06:21:11 GMT
via: 1.1 fd38301adb0ceb6cf6c42567f371a2f5.cloudfront.net (CloudFront)
last-modified: Fri, 30 Jul 2021 02:51:28 GMT
server: AmazonS3
age: 3639766
etag: "e54c4873323f619a7749a3701ed06a44"
x-cache: Hit from cloudfront
content-type: image/jpeg
cache-control: max-age=31536000
x-amz-cf-pop: FRA60-P1
accept-ranges: bytes
content-length: 35585
x-amz-cf-id: BGDKkyDyiTKsYShred1T4c52uru5OwLHys631bjDH1v4oo5FAJ-L7g==
expires: Sat, 30 Jul 2022 02:51:27 GMT

GET
H2 200 photo-1579149840618-c0d5ea3f4d74-720x405.jpeg
by-them.com/wp-content/uploads/2020/04/08172351/ 48 KB
48 KB 11ms
10ms Image
image/jpeg 13.32.121.11
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://by-them.com/wp-content/uploads/2020/04/08172351/photo-1579149840618-c0d5ea3f4d74-720x405.jpeg
Requested by: Host: by-them.com
URL: https://by-them.com/430811
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.121.11 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-121-11.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 38a67e5c57a8912c9dd0465e65fbaebdbbe666cfd3720744fdd07ecb47905b73

Request headers

:path: /wp-content/uploads/2020/04/08172351/photo-1579149840618-c0d5ea3f4d74-720x405.jpeg
pragma: no-cache
cookie: wordpress_google_apps_login=d3991c4ae64cf799ed6c37fe3761900a
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: by-them.com
referer: https://by-them.com/430811
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://by-them.com/430811
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 09 Jun 2021 15:12:59 GMT
via: 1.1 fd38301adb0ceb6cf6c42567f371a2f5.cloudfront.net (CloudFront)
last-modified: Wed, 08 Apr 2020 08:23:53 GMT
server: AmazonS3
age: 10951857
etag: "1532cfbff67d720da67403f38aad7134"
x-cache: Hit from cloudfront
content-type: image/jpeg
cache-control: max-age=31536000
x-amz-cf-pop: FRA60-P1
accept-ranges: bytes
content-length: 48740
x-amz-cf-id: dHfclfTmdOj_vAtqW2axv9r6qZNVHKKtsYQShT4hsQfjeBcQn94o1w==
expires: Thu, 08 Apr 2021 08:23:51 GMT

GET
H2 200 toa-heftiba-oKbQxVusp8M-unsplash-720x405.jpg
by-them.com/wp-content/uploads/2020/02/27111341/ 65 KB
66 KB 20ms
19ms Image
image/jpeg 13.32.121.11
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://by-them.com/wp-content/uploads/2020/02/27111341/toa-heftiba-oKbQxVusp8M-unsplash-720x405.jpg
Requested by: Host: by-them.com
URL: https://by-them.com/430811
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.121.11 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-121-11.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 38b05ae5fe708e5a8c759531d80a56fd70854f1d5399af4f5092db3af9952c40

Request headers

:path: /wp-content/uploads/2020/02/27111341/toa-heftiba-oKbQxVusp8M-unsplash-720x405.jpg
pragma: no-cache
cookie: wordpress_google_apps_login=d3991c4ae64cf799ed6c37fe3761900a
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: by-them.com
referer: https://by-them.com/430811
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://by-them.com/430811
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 04 Feb 2021 10:50:47 GMT
via: 1.1 fd38301adb0ceb6cf6c42567f371a2f5.cloudfront.net (CloudFront)
last-modified: Thu, 27 Feb 2020 02:13:42 GMT
server: AmazonS3
age: 21767589
etag: "68a87485279ca1ca5027d3ce62055eec"
x-cache: Hit from cloudfront
content-type: image/jpeg
cache-control: max-age=31536000
x-amz-cf-pop: FRA60-P1
accept-ranges: bytes
content-length: 66655
x-amz-cf-id: NpPIOOJauJRXSBe-gtz1YqbP8O9yo3pWL2ICtozHchHHXDzmDOLzTQ==
expires: Fri, 26 Feb 2021 02:13:41 GMT

GET
H2 200 anton-luzhkovsky-kgrloevjhWw-unsplash-720x405.jpg
by-them.com/wp-content/uploads/2020/05/01174628/ 71 KB
72 KB 12ms
11ms Image
image/jpeg 13.32.121.11
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://by-them.com/wp-content/uploads/2020/05/01174628/anton-luzhkovsky-kgrloevjhWw-unsplash-720x405.jpg
Requested by: Host: by-them.com
URL: https://by-them.com/430811
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.121.11 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-121-11.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: f3a5ac556b8ebe7990dac7276719591ab9834703c15957d7b845182f537af44e

Request headers

:path: /wp-content/uploads/2020/05/01174628/anton-luzhkovsky-kgrloevjhWw-unsplash-720x405.jpg
pragma: no-cache
cookie: wordpress_google_apps_login=d3991c4ae64cf799ed6c37fe3761900a
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: by-them.com
referer: https://by-them.com/430811
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://by-them.com/430811
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Fri, 11 Jun 2021 19:06:23 GMT
via: 1.1 fd38301adb0ceb6cf6c42567f371a2f5.cloudfront.net (CloudFront)
last-modified: Fri, 01 May 2020 08:46:29 GMT
server: AmazonS3
age: 10765054
etag: "7b9af42ddcd60fbdf03f749776102433"
x-cache: Hit from cloudfront
content-type: image/jpeg
cache-control: max-age=31536000
x-amz-cf-pop: FRA60-P1
accept-ranges: bytes
content-length: 73062
x-amz-cf-id: 2hgV9ag9bRE2PoglY8CMYiEyMlMENT6mdWVFh7IKW0Cry187xx2Bqg==
expires: Sat, 01 May 2021 08:46:28 GMT

GET
H2 200 yue-su-MKfxITjPhzY-unsplash-720x405.jpg
by-them.com/wp-content/uploads/2020/03/26161944/ 87 KB
88 KB 17ms
15ms Image
image/jpeg 13.32.121.11
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://by-them.com/wp-content/uploads/2020/03/26161944/yue-su-MKfxITjPhzY-unsplash-720x405.jpg
Requested by: Host: by-them.com
URL: https://by-them.com/430811
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.121.11 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-121-11.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 252d57a8a370b83d451dabdf7175806545e43b34a01dfce70ba0161d8ca5681f

Request headers

:path: /wp-content/uploads/2020/03/26161944/yue-su-MKfxITjPhzY-unsplash-720x405.jpg
pragma: no-cache
cookie: wordpress_google_apps_login=d3991c4ae64cf799ed6c37fe3761900a
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: by-them.com
referer: https://by-them.com/430811
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://by-them.com/430811
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 11 Feb 2021 03:58:18 GMT
via: 1.1 fd38301adb0ceb6cf6c42567f371a2f5.cloudfront.net (CloudFront)
last-modified: Thu, 26 Mar 2020 07:19:46 GMT
server: AmazonS3
age: 21187539
etag: "ee39cf303b8856e46b77e2772ac1f690"
x-cache: Hit from cloudfront
content-type: image/jpeg
cache-control: max-age=31536000
x-amz-cf-pop: FRA60-P1
accept-ranges: bytes
content-length: 89567
x-amz-cf-id: lQlL2hakXNhOVsSO7rJAgJdgy9ys3EYJiJzvRaG_zbO2xbVzQyGVbA==
expires: Fri, 26 Mar 2021 07:19:44 GMT

GET
H2 200 carolina-heza-zMfP2YvouOY-unsplash-720x405.jpg
by-them.com/wp-content/uploads/2020/02/05153823/ 44 KB
44 KB 13ms
12ms Image
image/jpeg 13.32.121.11
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://by-them.com/wp-content/uploads/2020/02/05153823/carolina-heza-zMfP2YvouOY-unsplash-720x405.jpg
Requested by: Host: by-them.com
URL: https://by-them.com/430811
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.121.11 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-121-11.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: fce60aec70b00a82698631105a9c79964c1607e5d1da0b83b909eed2bb6d8492

Request headers

:path: /wp-content/uploads/2020/02/05153823/carolina-heza-zMfP2YvouOY-unsplash-720x405.jpg
pragma: no-cache
cookie: wordpress_google_apps_login=d3991c4ae64cf799ed6c37fe3761900a
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: by-them.com
referer: https://by-them.com/430811
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://by-them.com/430811
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sun, 21 Mar 2021 22:29:45 GMT
via: 1.1 fd38301adb0ceb6cf6c42567f371a2f5.cloudfront.net (CloudFront)
last-modified: Wed, 05 Feb 2020 06:38:24 GMT
server: AmazonS3
age: 17837652
etag: "8140be83dc6b94e376e1156d6ed4d427"
x-cache: Hit from cloudfront
content-type: image/jpeg
cache-control: max-age=31536000
x-amz-cf-pop: FRA60-P1
accept-ranges: bytes
content-length: 44967
x-amz-cf-id: 5AmVXspReFQA5HSOqUyyCP3PBhif1BZ7z7Q6xPa3x5GwpNIYVSEIRQ==
expires: Thu, 04 Feb 2021 06:38:23 GMT

GET
H2 200 photo-1486704155675-e4c07f8ad160-720x405.jpeg
by-them.com/wp-content/uploads/2020/02/03111230/ 82 KB
82 KB 17ms
16ms Image
image/jpeg 13.32.121.11
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://by-them.com/wp-content/uploads/2020/02/03111230/photo-1486704155675-e4c07f8ad160-720x405.jpeg
Requested by: Host: by-them.com
URL: https://by-them.com/430811
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.121.11 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-121-11.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: bf63a3e5ec9caf39c079d98cdb08bf231d60ed271e639ed6936084b41824e678

Request headers

:path: /wp-content/uploads/2020/02/03111230/photo-1486704155675-e4c07f8ad160-720x405.jpeg
pragma: no-cache
cookie: wordpress_google_apps_login=d3991c4ae64cf799ed6c37fe3761900a
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: by-them.com
referer: https://by-them.com/430811
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://by-them.com/430811
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Fri, 11 Jun 2021 22:54:30 GMT
via: 1.1 fd38301adb0ceb6cf6c42567f371a2f5.cloudfront.net (CloudFront)
last-modified: Mon, 03 Feb 2020 02:12:31 GMT
server: AmazonS3
age: 10751367
etag: "a08be1c4ed0e99ecd3e911e6884aa4d8"
x-cache: Hit from cloudfront
content-type: image/jpeg
cache-control: max-age=31536000
x-amz-cf-pop: FRA60-P1
accept-ranges: bytes
content-length: 83902
x-amz-cf-id: lCoAfxWkrLptMF1ubAHMqocWkjTTuFRazD_3sq_4nw9c4kY86A366A==
expires: Tue, 02 Feb 2021 02:12:30 GMT

GET
H2 200 photo-1530099486328-e021101a494a-720x405.jpeg
by-them.com/wp-content/uploads/2020/07/14150458/ 77 KB
77 KB 20ms
19ms Image
image/jpeg 13.32.121.11
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://by-them.com/wp-content/uploads/2020/07/14150458/photo-1530099486328-e021101a494a-720x405.jpeg
Requested by: Host: by-them.com
URL: https://by-them.com/430811
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.121.11 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-121-11.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 5b57733206689d45d56d8206c97bcfd372f795656d7bf165b8c06bb7bf7791ce

Request headers

:path: /wp-content/uploads/2020/07/14150458/photo-1530099486328-e021101a494a-720x405.jpeg
pragma: no-cache
cookie: wordpress_google_apps_login=d3991c4ae64cf799ed6c37fe3761900a
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: by-them.com
referer: https://by-them.com/430811
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://by-them.com/430811
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sun, 21 Mar 2021 22:29:45 GMT
via: 1.1 fd38301adb0ceb6cf6c42567f371a2f5.cloudfront.net (CloudFront)
last-modified: Thu, 14 May 2020 06:05:00 GMT
server: AmazonS3
age: 17837652
etag: "0bbbc409bf16e7b65a2d9c4505037806"
x-cache: Hit from cloudfront
content-type: image/jpeg
cache-control: max-age=31536000
x-amz-cf-pop: FRA60-P1
accept-ranges: bytes
content-length: 78357
x-amz-cf-id: Cq7yrwRRIgjAYJhQCqM1cSEX9k1kXivajT1LoI2JBP0d2goFI4Yvlw==
expires: Fri, 14 May 2021 06:04:58 GMT

GET
H2 200 photo-1560379790-ed80c2f376a0-720x405.jpeg
by-them.com/wp-content/uploads/2020/07/16165654/ 55 KB
56 KB 21ms
20ms Image
image/jpeg 13.32.121.11
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://by-them.com/wp-content/uploads/2020/07/16165654/photo-1560379790-ed80c2f376a0-720x405.jpeg
Requested by: Host: by-them.com
URL: https://by-them.com/430811
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.121.11 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-121-11.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: ec5c66d14d03939914f17de744c4c4c2b907c186b48e34c43be443c2877dbbed

Request headers

:path: /wp-content/uploads/2020/07/16165654/photo-1560379790-ed80c2f376a0-720x405.jpeg
pragma: no-cache
cookie: wordpress_google_apps_login=d3991c4ae64cf799ed6c37fe3761900a
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: by-them.com
referer: https://by-them.com/430811
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://by-them.com/430811
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Fri, 29 Jan 2021 01:54:22 GMT
via: 1.1 fd38301adb0ceb6cf6c42567f371a2f5.cloudfront.net (CloudFront)
last-modified: Thu, 16 Jul 2020 07:56:55 GMT
server: AmazonS3
age: 22318175
etag: "7defccfe570a8839d23f20aa57b12af7"
x-cache: Hit from cloudfront
content-type: image/jpeg
cache-control: max-age=31536000
x-amz-cf-pop: FRA60-P1
accept-ranges: bytes
content-length: 56685
x-amz-cf-id: 35KzAWRW6X1zu9SYBDWtthkQ2odKAinBkk5JgtIkGRt8SkQRnhBhFg==
expires: Fri, 16 Jul 2021 07:56:54 GMT

GET
H2 200 shutterstock_1272953689-1200x675-720x405.jpg
by-them.com/wp-content/uploads/2019/08/21174400/ 50 KB
50 KB 21ms
20ms Image
image/jpeg 13.32.121.11
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://by-them.com/wp-content/uploads/2019/08/21174400/shutterstock_1272953689-1200x675-720x405.jpg
Requested by: Host: by-them.com
URL: https://by-them.com/430811
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.121.11 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-121-11.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 704671ea332a0b6e25bbfc0338262a99185f9c51eb1765c47edca5a03aa4c643

Request headers

:path: /wp-content/uploads/2019/08/21174400/shutterstock_1272953689-1200x675-720x405.jpg
pragma: no-cache
cookie: wordpress_google_apps_login=d3991c4ae64cf799ed6c37fe3761900a
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: by-them.com
referer: https://by-them.com/430811
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://by-them.com/430811
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sun, 07 Feb 2021 08:56:20 GMT
via: 1.1 fd38301adb0ceb6cf6c42567f371a2f5.cloudfront.net (CloudFront)
last-modified: Thu, 22 Aug 2019 01:31:58 GMT
server: AmazonS3
age: 21515256
etag: "de46059260136f1c9b21b51da5ee034f"
x-cache: Hit from cloudfront
content-type: image/jpeg
cache-control: max-age=31536000
x-amz-cf-pop: FRA60-P1
accept-ranges: bytes
content-length: 51188
x-amz-cf-id: NgWgwAgwCDHJUJuvAncz9kgB41pUKFQcG2ZPyIk5B-R8f-lNJlTITw==
expires: Thu, 20 Aug 2020 08:44:00 GMT

GET
H2 200 fuu-j-eYcmHGj0VFU-unsplash-720x405.jpg
by-them.com/wp-content/uploads/2019/10/13120510/ 66 KB
66 KB 24ms
23ms Image
image/jpeg 13.32.121.11
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://by-them.com/wp-content/uploads/2019/10/13120510/fuu-j-eYcmHGj0VFU-unsplash-720x405.jpg
Requested by: Host: by-them.com
URL: https://by-them.com/430811
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.121.11 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-121-11.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: fb9d89cfed3b471f2c439e6dbd0c86f881f6ebdd134a7428b77c98a9fc2da6a2

Request headers

:path: /wp-content/uploads/2019/10/13120510/fuu-j-eYcmHGj0VFU-unsplash-720x405.jpg
pragma: no-cache
cookie: wordpress_google_apps_login=d3991c4ae64cf799ed6c37fe3761900a
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: by-them.com
referer: https://by-them.com/430811
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://by-them.com/430811
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 08 Feb 2021 04:22:37 GMT
via: 1.1 fd38301adb0ceb6cf6c42567f371a2f5.cloudfront.net (CloudFront)
last-modified: Wed, 13 Nov 2019 03:05:12 GMT
server: AmazonS3
age: 21445280
etag: "ecbe12f245ab3c9d45fbeda1e815c53d"
x-cache: Hit from cloudfront
content-type: image/jpeg
cache-control: max-age=31536000
x-amz-cf-pop: FRA60-P1
accept-ranges: bytes
content-length: 67477
x-amz-cf-id: 2g5RloQ5Dimi-JGppA5Xy-N029KcWp8ntsYj8GcGn-qHN44_pKLzsQ==
expires: Thu, 12 Nov 2020 03:05:10 GMT

GET
H2 200 neonbrand-YbP4pVKphyk-unsplash-1-720x405.jpg
by-them.com/wp-content/uploads/2019/11/06163900/ 75 KB
76 KB 27ms
26ms Image
image/jpeg 13.32.121.11
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://by-them.com/wp-content/uploads/2019/11/06163900/neonbrand-YbP4pVKphyk-unsplash-1-720x405.jpg
Requested by: Host: by-them.com
URL: https://by-them.com/430811
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.121.11 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-121-11.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 360277514a8701b7a3ba86470cae6f02f3baf76a12511010d98bdc54aa9a59aa

Request headers

:path: /wp-content/uploads/2019/11/06163900/neonbrand-YbP4pVKphyk-unsplash-1-720x405.jpg
pragma: no-cache
cookie: wordpress_google_apps_login=d3991c4ae64cf799ed6c37fe3761900a
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: by-them.com
referer: https://by-them.com/430811
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://by-them.com/430811
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 04 Feb 2021 10:50:47 GMT
via: 1.1 fd38301adb0ceb6cf6c42567f371a2f5.cloudfront.net (CloudFront)
last-modified: Wed, 06 Nov 2019 07:39:02 GMT
server: AmazonS3
age: 21767589
etag: "5fbfa0879639f87ea7e85edbcfe09841"
x-cache: Hit from cloudfront
content-type: image/jpeg
cache-control: max-age=31536000
x-amz-cf-pop: FRA60-P1
accept-ranges: bytes
content-length: 77288
x-amz-cf-id: kyVIJQgfMreK8qQEI5DkOKmwXqyt_uMu5lLwbdeKj6itspWTPxZoOA==
expires: Thu, 05 Nov 2020 07:39:00 GMT

GET
H2 200 photo-1466547785201-9c6106aea1af-720x405.jpeg
by-them.com/wp-content/uploads/2019/11/08174812/ 27 KB
28 KB 24ms
23ms Image
image/jpeg 13.32.121.11
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://by-them.com/wp-content/uploads/2019/11/08174812/photo-1466547785201-9c6106aea1af-720x405.jpeg
Requested by: Host: by-them.com
URL: https://by-them.com/430811
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.121.11 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-121-11.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: f753bdc7c05d2ce278d8b740c9d1adf80e143512112810722cb12b80fe8b1faa

Request headers

:path: /wp-content/uploads/2019/11/08174812/photo-1466547785201-9c6106aea1af-720x405.jpeg
pragma: no-cache
cookie: wordpress_google_apps_login=d3991c4ae64cf799ed6c37fe3761900a
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: by-them.com
referer: https://by-them.com/430811
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://by-them.com/430811
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 03 Feb 2021 02:15:48 GMT
via: 1.1 fd38301adb0ceb6cf6c42567f371a2f5.cloudfront.net (CloudFront)
last-modified: Fri, 08 Nov 2019 08:48:13 GMT
server: AmazonS3
age: 21884889
etag: "d277429488f302dd47dcef6c0b9b51a1"
x-cache: Hit from cloudfront
content-type: image/jpeg
cache-control: max-age=31536000
x-amz-cf-pop: FRA60-P1
accept-ranges: bytes
content-length: 27984
x-amz-cf-id: rRFoChameSnEJorMb8nHuynLyxhvzhG_nNDKB2VVTxR12NgZTIaE0g==
expires: Sat, 07 Nov 2020 08:48:12 GMT

GET
H2 200 henrique-felix-mmuMa7VXL1Y-unsplash-720x405.jpg
by-them.com/wp-content/uploads/2019/11/07100832/ 63 KB
64 KB 24ms
23ms Image
image/jpeg 13.32.121.11
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://by-them.com/wp-content/uploads/2019/11/07100832/henrique-felix-mmuMa7VXL1Y-unsplash-720x405.jpg
Requested by: Host: by-them.com
URL: https://by-them.com/430811
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.121.11 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-121-11.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 8497bb7397cbbdc054954a7d63db8259e25516f2aec17e48af8fbd8a79afe577

Request headers

:path: /wp-content/uploads/2019/11/07100832/henrique-felix-mmuMa7VXL1Y-unsplash-720x405.jpg
pragma: no-cache
cookie: wordpress_google_apps_login=d3991c4ae64cf799ed6c37fe3761900a
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: by-them.com
referer: https://by-them.com/430811
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://by-them.com/430811
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 10 Feb 2021 07:15:10 GMT
via: 1.1 fd38301adb0ceb6cf6c42567f371a2f5.cloudfront.net (CloudFront)
last-modified: Thu, 07 Nov 2019 01:08:33 GMT
server: AmazonS3
age: 21262127
etag: "a6f81b33f20adfede79fb802d76e230f"
x-cache: Hit from cloudfront
content-type: image/jpeg
cache-control: max-age=31536000
x-amz-cf-pop: FRA60-P1
accept-ranges: bytes
content-length: 64974
x-amz-cf-id: L1x3AmrDOeMPr4IkwsQgs_dSODBGFC0pGqZTyT6cWN4089t9zW7vtg==
expires: Fri, 06 Nov 2020 01:08:32 GMT

GET
H2 200 yunming-wang-DkqqLxxBUI4-unsplash-720x405.jpg
by-them.com/wp-content/uploads/2020/09/08132611/ 66 KB
67 KB 25ms
25ms Image
image/jpeg 13.32.121.11
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://by-them.com/wp-content/uploads/2020/09/08132611/yunming-wang-DkqqLxxBUI4-unsplash-720x405.jpg
Requested by: Host: by-them.com
URL: https://by-them.com/430811
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.121.11 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-121-11.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 270ed529cce4b6316ea9877623ca5ac92fd003e6fdd890989897dd84dc02c57a

Request headers

:path: /wp-content/uploads/2020/09/08132611/yunming-wang-DkqqLxxBUI4-unsplash-720x405.jpg
pragma: no-cache
cookie: wordpress_google_apps_login=d3991c4ae64cf799ed6c37fe3761900a
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: by-them.com
referer: https://by-them.com/430811
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://by-them.com/430811
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 08 Feb 2021 04:22:37 GMT
via: 1.1 fd38301adb0ceb6cf6c42567f371a2f5.cloudfront.net (CloudFront)
last-modified: Tue, 08 Sep 2020 04:26:12 GMT
server: AmazonS3
age: 21445280
etag: "8c5e94092428a4f5d9ec0f0c786e28b6"
x-cache: Hit from cloudfront
content-type: image/jpeg
cache-control: max-age=31536000
x-amz-cf-pop: FRA60-P1
accept-ranges: bytes
content-length: 67896
x-amz-cf-id: wTRMfo0GIt_WZzlCG98inOUBXwOjOjWW2qFTARq8cUih60rK8nK4gg==
expires: Wed, 08 Sep 2021 04:26:11 GMT

GET
H2 200 photo-1485359466996-ba9d9b4958b9-720x405.jpeg
by-them.com/wp-content/uploads/2021/09/17170728/ 42 KB
42 KB 28ms
27ms Image
image/jpeg 13.32.121.11
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://by-them.com/wp-content/uploads/2021/09/17170728/photo-1485359466996-ba9d9b4958b9-720x405.jpeg
Requested by: Host: by-them.com
URL: https://by-them.com/430811
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.121.11 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-121-11.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: c8030c21a8cbccb86877322f7bd0a493fbedd4f97f364bcbcb89d17f7ec4a008

Request headers

:path: /wp-content/uploads/2021/09/17170728/photo-1485359466996-ba9d9b4958b9-720x405.jpeg
pragma: no-cache
cookie: wordpress_google_apps_login=d3991c4ae64cf799ed6c37fe3761900a
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: by-them.com
referer: https://by-them.com/430811
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://by-them.com/430811
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 04:22:03 GMT
via: 1.1 fd38301adb0ceb6cf6c42567f371a2f5.cloudfront.net (CloudFront)
last-modified: Fri, 17 Sep 2021 08:07:29 GMT
server: AmazonS3
age: 18114
etag: "3f2d8e0a3a54e845f4a108e00fd9d8f8"
x-cache: Hit from cloudfront
content-type: image/jpeg
cache-control: max-age=31536000
x-amz-cf-pop: FRA60-P1
accept-ranges: bytes
content-length: 42756
x-amz-cf-id: ndy796_ogN0ED38hAVnWSoh139QC2Eqt0zXCaasn-YCQCgjpgRjb4Q==
expires: Sat, 17 Sep 2022 08:07:28 GMT

GET
H2 200 julia-cheperis-lyKxRnr0AyA-unsplash-480x270.jpg
by-them.com/wp-content/uploads/2021/08/05135236/ 38 KB
38 KB 29ms
28ms Image
image/jpeg 13.32.121.11
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://by-them.com/wp-content/uploads/2021/08/05135236/julia-cheperis-lyKxRnr0AyA-unsplash-480x270.jpg
Requested by: Host: by-them.com
URL: https://by-them.com/430811
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.121.11 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-121-11.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 292ae682c89c1f1431bca82c61df8535db1d4c741e1a27e416bc12105712e972

Request headers

:path: /wp-content/uploads/2021/08/05135236/julia-cheperis-lyKxRnr0AyA-unsplash-480x270.jpg
pragma: no-cache
cookie: wordpress_google_apps_login=d3991c4ae64cf799ed6c37fe3761900a
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: by-them.com
referer: https://by-them.com/430811
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://by-them.com/430811
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 07 Oct 2021 02:55:45 GMT
via: 1.1 fd38301adb0ceb6cf6c42567f371a2f5.cloudfront.net (CloudFront)
last-modified: Thu, 05 Aug 2021 04:52:37 GMT
server: AmazonS3
age: 628091
etag: "6f91952017842586c55c8bc15ced8d0a"
x-cache: Hit from cloudfront
content-type: image/jpeg
cache-control: max-age=31536000
x-amz-cf-pop: FRA60-P1
accept-ranges: bytes
content-length: 38482
x-amz-cf-id: opSJ4SaQX9vp3iZ2O_JxVDvQPaBqoQHmsqgkWUh8mpnKggaPq0V8UA==
expires: Fri, 05 Aug 2022 04:52:36 GMT

GET
H2 200 02d251f4af338ff2f823818eabc63dd6-480x270.jpg
by-them.com/wp-content/uploads/2021/09/17155330/ 30 KB
30 KB 30ms
29ms Image
image/jpeg 13.32.121.11
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://by-them.com/wp-content/uploads/2021/09/17155330/02d251f4af338ff2f823818eabc63dd6-480x270.jpg
Requested by: Host: by-them.com
URL: https://by-them.com/430811
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.121.11 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-121-11.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: a55deeead5c816164cf2145668ee39dd706a2bbd1483f9222f0308c98c16d715

Request headers

:path: /wp-content/uploads/2021/09/17155330/02d251f4af338ff2f823818eabc63dd6-480x270.jpg
pragma: no-cache
cookie: wordpress_google_apps_login=d3991c4ae64cf799ed6c37fe3761900a
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: by-them.com
referer: https://by-them.com/430811
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://by-them.com/430811
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 07 Oct 2021 02:55:46 GMT
via: 1.1 fd38301adb0ceb6cf6c42567f371a2f5.cloudfront.net (CloudFront)
last-modified: Fri, 17 Sep 2021 06:53:31 GMT
server: AmazonS3
age: 628091
etag: "aded3f75f23f76683b6f6dfce2a8cf38"
x-cache: Hit from cloudfront
content-type: image/jpeg
cache-control: max-age=31536000
x-amz-cf-pop: FRA60-P1
accept-ranges: bytes
content-length: 30580
x-amz-cf-id: trI8XeJdB6-IT_bA2nAAgPSYJV7xy4l3gvxn1IdHs_dLxub-JVMxvA==
expires: Sat, 17 Sep 2022 06:53:30 GMT

GET
H2 200 taylor-wilcox-4nKOEAQaTgA-unsplash-480x270.jpg
by-them.com/wp-content/uploads/2021/10/05153752/ 31 KB
32 KB 32ms
32ms Image
image/jpeg 13.32.121.11
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://by-them.com/wp-content/uploads/2021/10/05153752/taylor-wilcox-4nKOEAQaTgA-unsplash-480x270.jpg
Requested by: Host: by-them.com
URL: https://by-them.com/430811
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.121.11 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-121-11.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: b4055a9e82b505500d99b497796a5b1d7feec57a3a835ca31c3ed0ba099e1e34

Request headers

:path: /wp-content/uploads/2021/10/05153752/taylor-wilcox-4nKOEAQaTgA-unsplash-480x270.jpg
pragma: no-cache
cookie: wordpress_google_apps_login=d3991c4ae64cf799ed6c37fe3761900a
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: by-them.com
referer: https://by-them.com/430811
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://by-them.com/430811
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 07 Oct 2021 02:55:45 GMT
via: 1.1 fd38301adb0ceb6cf6c42567f371a2f5.cloudfront.net (CloudFront)
last-modified: Thu, 05 Aug 2021 06:37:54 GMT
server: AmazonS3
age: 628091
etag: "ad5cc1e77daf8cf8f5a636de94c700ec"
x-cache: Hit from cloudfront
content-type: image/jpeg
cache-control: max-age=31536000
x-amz-cf-pop: FRA60-P1
accept-ranges: bytes
content-length: 32057
x-amz-cf-id: f7YM6x2hof-uh4NnZyfxuE7wGFzzssVmqjX0cTSvWPq3EcP_qSZOjw==
expires: Fri, 05 Aug 2022 06:37:52 GMT

GET
H2 200 nonsap-visuals-ZcDNTnTShCg-unsplash-480x270.jpg
by-them.com/wp-content/uploads/2021/08/03134843/ 46 KB
47 KB 30ms
29ms Image
image/jpeg 13.32.121.11
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://by-them.com/wp-content/uploads/2021/08/03134843/nonsap-visuals-ZcDNTnTShCg-unsplash-480x270.jpg
Requested by: Host: by-them.com
URL: https://by-them.com/430811
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.121.11 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-121-11.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 0a8fbb19d13dde4c825c98d0aa58f3951ac2eaf264cf6d51dcdd4115a46ea8ee

Request headers

:path: /wp-content/uploads/2021/08/03134843/nonsap-visuals-ZcDNTnTShCg-unsplash-480x270.jpg
pragma: no-cache
cookie: wordpress_google_apps_login=d3991c4ae64cf799ed6c37fe3761900a
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: by-them.com
referer: https://by-them.com/430811
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://by-them.com/430811
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 06 Oct 2021 02:44:03 GMT
via: 1.1 fd38301adb0ceb6cf6c42567f371a2f5.cloudfront.net (CloudFront)
last-modified: Tue, 03 Aug 2021 04:48:44 GMT
server: AmazonS3
age: 715194
etag: "c80f179b524f6e4a2a564f15c72a6425"
x-cache: Hit from cloudfront
content-type: image/jpeg
cache-control: max-age=31536000
x-amz-cf-pop: FRA60-P1
accept-ranges: bytes
content-length: 47259
x-amz-cf-id: FY6nltzg06hsWuW8OtugaEv-IDS1OaywvivWveoXYXyragbhPUNmXw==
expires: Wed, 03 Aug 2022 04:48:43 GMT

GET
H2 200 IKEAMUJI-480x270.png
by-them.com/wp-content/uploads/2021/08/26130716/ 204 KB
204 KB 30ms
30ms Image
image/png 13.32.121.11
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://by-them.com/wp-content/uploads/2021/08/26130716/IKEAMUJI-480x270.png
Requested by: Host: by-them.com
URL: https://by-them.com/430811
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.121.11 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-121-11.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 502114bcb32163ec6005e15153bb1c506188ca13b88106a609c3e1beaa97f243

Request headers

:path: /wp-content/uploads/2021/08/26130716/IKEAMUJI-480x270.png
pragma: no-cache
cookie: wordpress_google_apps_login=d3991c4ae64cf799ed6c37fe3761900a
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: by-them.com
referer: https://by-them.com/430811
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://by-them.com/430811
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 05 Oct 2021 01:41:12 GMT
via: 1.1 fd38301adb0ceb6cf6c42567f371a2f5.cloudfront.net (CloudFront)
last-modified: Thu, 26 Aug 2021 04:07:17 GMT
server: AmazonS3
age: 805365
etag: "b4c4390d64e050e3e64acb2d67b610be"
x-cache: Hit from cloudfront
content-type: image/png
cache-control: max-age=31536000
x-amz-cf-pop: FRA60-P1
accept-ranges: bytes
content-length: 208446
x-amz-cf-id: Ye3_hNo6N5sKb6QzKzRGQKAjk7HSWdIRbRg75OUTudCCcUGjATR5mQ==
expires: Fri, 26 Aug 2022 04:07:16 GMT

GET
H2 200 recwid Show response
click.speee-ad.jp/v1/ 18 KB
4 KB 516ms
254ms Script
text/javascript 35.73.159.145
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://click.speee-ad.jp/v1/recwid?url=https%3A%2F%2Fby-them.com%2F430811&ft=1&placement_id=4188&placement_code=by-them_pc&v=4.3.0&device=1&os=1&ref=&cb_name=uzWidgetCallback1&sess_id=0.3834278389301618&ext=&cb=1634203436759
Requested by: Host: speee-ad.akamaized.net
URL: https://speee-ad.akamaized.net/tag/by-them_pc/js/outer-frame.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.73.159.145 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-73-159-145.ap-northeast-1.compute.amazonaws.com
Software: nginx /
Resource Hash: ff3ee62672eff7763f71224a1417b83358a36f7573ac046cce82ba6b1b8f6c03

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://by-them.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 09:23:57 GMT
content-encoding: gzip
access-control-allow-credentials: true
server: nginx
content-type: text/javascript; charset=UTF-8
p3p: CP="CAO CUR ADM DEV PSA PSD OUR"

GET ev
click.speee-ad.jp/v1/ 0
0

GET
H2 200 shutterstock_1948901866-720x405.jpg
by-them.com/wp-content/uploads/2021/10/11193118/ 65 KB
65 KB 9ms
9ms Image
image/jpeg 13.32.121.11
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://by-them.com/wp-content/uploads/2021/10/11193118/shutterstock_1948901866-720x405.jpg
Requested by: Host: by-them.com
URL: https://by-them.com/430811
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.121.11 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-121-11.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: bbdd99b94170e94eaa7f87e71a9f2da9f4356d6e5e633c5378480185da965071

Request headers

:path: /wp-content/uploads/2021/10/11193118/shutterstock_1948901866-720x405.jpg
pragma: no-cache
cookie: wordpress_google_apps_login=d3991c4ae64cf799ed6c37fe3761900a
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: by-them.com
referer: https://by-them.com/430811
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://by-them.com/430811
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 12 Oct 2021 15:23:52 GMT
via: 1.1 fd38301adb0ceb6cf6c42567f371a2f5.cloudfront.net (CloudFront)
last-modified: Mon, 11 Oct 2021 10:31:19 GMT
server: AmazonS3
age: 151205
etag: "f8500af1d863db8dc6c34ffabfe9bc25"
x-cache: Hit from cloudfront
content-type: image/jpeg
cache-control: max-age=31536000
x-amz-cf-pop: FRA60-P1
accept-ranges: bytes
content-length: 66174
x-amz-cf-id: DCkvoLdnOH3tlTCynIEpGihjGmTrG6dTBUyqC2hXOmxt3eYA91DdcQ==
expires: Tue, 11 Oct 2022 10:31:18 GMT

GET
H2 200 dca7fe48566e112d6b53c51f71ec0029-480x270.jpg
by-them.com/wp-content/uploads/2021/09/28143951/ 18 KB
19 KB 10ms
9ms Image
image/jpeg 13.32.121.11
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://by-them.com/wp-content/uploads/2021/09/28143951/dca7fe48566e112d6b53c51f71ec0029-480x270.jpg
Requested by: Host: by-them.com
URL: https://by-them.com/430811
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.121.11 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-121-11.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 2a1eb0fa93459cff40bbe8dd59b97fa1f2384067861a163cdeac71419b2edbd1

Request headers

:path: /wp-content/uploads/2021/09/28143951/dca7fe48566e112d6b53c51f71ec0029-480x270.jpg
pragma: no-cache
cookie: wordpress_google_apps_login=d3991c4ae64cf799ed6c37fe3761900a
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: by-them.com
referer: https://by-them.com/430811
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://by-them.com/430811
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sun, 10 Oct 2021 03:40:25 GMT
via: 1.1 fd38301adb0ceb6cf6c42567f371a2f5.cloudfront.net (CloudFront)
last-modified: Tue, 28 Sep 2021 05:39:53 GMT
server: AmazonS3
age: 366212
etag: "4bcbc00a75fae8848e353dd464063f25"
x-cache: Hit from cloudfront
content-type: image/jpeg
cache-control: max-age=31536000
x-amz-cf-pop: FRA60-P1
accept-ranges: bytes
content-length: 18758
x-amz-cf-id: KzdEQhCGD5USafjao1E8r9-S5FJ8sUHlS5a4XR-GtAJ2yBOAgG1GQA==
expires: Wed, 28 Sep 2022 05:39:51 GMT

GET
H2 200 photo-1616681659771-fcbb996c7cad-720x405.jpeg
by-them.com/wp-content/uploads/2021/10/28121634/ 56 KB
56 KB 11ms
11ms Image
image/jpeg 13.32.121.11
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://by-them.com/wp-content/uploads/2021/10/28121634/photo-1616681659771-fcbb996c7cad-720x405.jpeg
Requested by: Host: by-them.com
URL: https://by-them.com/430811
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.121.11 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-121-11.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: aa2f57b213c2561d6b5ac8dbff6123cd0a5ed76973538e8707df6fd4071ce1fe

Request headers

:path: /wp-content/uploads/2021/10/28121634/photo-1616681659771-fcbb996c7cad-720x405.jpeg
pragma: no-cache
cookie: wordpress_google_apps_login=d3991c4ae64cf799ed6c37fe3761900a
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: by-them.com
referer: https://by-them.com/430811
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://by-them.com/430811
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 07 Oct 2021 02:55:45 GMT
via: 1.1 fd38301adb0ceb6cf6c42567f371a2f5.cloudfront.net (CloudFront)
last-modified: Tue, 28 Sep 2021 03:16:36 GMT
server: AmazonS3
age: 628092
etag: "b277f5864f5f43370650ee5ea6a2b76a"
x-cache: Hit from cloudfront
content-type: image/jpeg
cache-control: max-age=31536000
x-amz-cf-pop: FRA60-P1
accept-ranges: bytes
content-length: 56961
x-amz-cf-id: 2KvLNr0GDBRDdzW9uaoTndpew0428ErGkhYgghSozz88ef1tezK53g==
expires: Wed, 28 Sep 2022 03:16:34 GMT

GET
H2 200 julia-cheperis-PsiOQlybXog-unsplash-960x540.jpg
by-them.com/wp-content/uploads/2021/09/01105522/ 140 KB
140 KB 10ms
10ms Image
image/jpeg 13.32.121.11
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://by-them.com/wp-content/uploads/2021/09/01105522/julia-cheperis-PsiOQlybXog-unsplash-960x540.jpg
Requested by: Host: by-them.com
URL: https://by-them.com/430811
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.121.11 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-121-11.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: d0e5e1973a7235e59b03eecc3fe7e2457730c1a5ea162ce61d3bb5a7906b7912

Request headers

:path: /wp-content/uploads/2021/09/01105522/julia-cheperis-PsiOQlybXog-unsplash-960x540.jpg
pragma: no-cache
cookie: wordpress_google_apps_login=d3991c4ae64cf799ed6c37fe3761900a
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: by-them.com
referer: https://by-them.com/430811
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://by-them.com/430811
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Fri, 01 Oct 2021 02:33:35 GMT
via: 1.1 fd38301adb0ceb6cf6c42567f371a2f5.cloudfront.net (CloudFront)
last-modified: Fri, 01 Oct 2021 01:55:23 GMT
server: AmazonS3
age: 1147823
etag: "80b05adb34dc98306467d44cbc3df0a0"
x-cache: Hit from cloudfront
content-type: image/jpeg
cache-control: max-age=31536000
x-amz-cf-pop: FRA60-P1
accept-ranges: bytes
content-length: 143209
x-amz-cf-id: eviOCwBsZBfnnau--oeCB92GJI8HDFz5kNdt0se15nmKtRX1rWCOXg==
expires: Sat, 01 Oct 2022 01:55:22 GMT

GET
H2 200 hannah-busing-i6srrLYeS-A-unsplash-480x270.jpg
by-them.com/wp-content/uploads/2021/08/19153452/ 45 KB
45 KB 14ms
13ms Image
image/jpeg 13.32.121.11
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://by-them.com/wp-content/uploads/2021/08/19153452/hannah-busing-i6srrLYeS-A-unsplash-480x270.jpg
Requested by: Host: by-them.com
URL: https://by-them.com/430811
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.121.11 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-121-11.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: e56964bb23429b11c32ab9d511400cc1bf26e1f01a47d001f1d9c5d047c9f8b3

Request headers

:path: /wp-content/uploads/2021/08/19153452/hannah-busing-i6srrLYeS-A-unsplash-480x270.jpg
pragma: no-cache
cookie: wordpress_google_apps_login=d3991c4ae64cf799ed6c37fe3761900a
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: by-them.com
referer: https://by-them.com/430811
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://by-them.com/430811
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 30 Sep 2021 04:16:51 GMT
via: 1.1 fd38301adb0ceb6cf6c42567f371a2f5.cloudfront.net (CloudFront)
last-modified: Thu, 19 Aug 2021 06:34:54 GMT
server: AmazonS3
age: 1228027
etag: "1e2e2cfbcd2094410d4b56c171ce2f51"
x-cache: Hit from cloudfront
content-type: image/jpeg
cache-control: max-age=31536000
x-amz-cf-pop: FRA60-P1
accept-ranges: bytes
content-length: 45744
x-amz-cf-id: Djvc6d4egIoKgWjgZgpEtoqjYbcFekmTX042KhrMc2PnTyuSndoLMQ==
expires: Fri, 19 Aug 2022 06:34:52 GMT

GET
H2 200 photo-1569348642938-46517ef6f177-720x405.jpeg
by-them.com/wp-content/uploads/2021/09/27134257/ 75 KB
75 KB 12ms
11ms Image
image/jpeg 13.32.121.11
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://by-them.com/wp-content/uploads/2021/09/27134257/photo-1569348642938-46517ef6f177-720x405.jpeg
Requested by: Host: by-them.com
URL: https://by-them.com/430811
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.121.11 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-121-11.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 634ade9bd3bc873ce774fac999b24aae0d08e37bfec289085ac999c38fc4a514

Request headers

:path: /wp-content/uploads/2021/09/27134257/photo-1569348642938-46517ef6f177-720x405.jpeg
pragma: no-cache
cookie: wordpress_google_apps_login=d3991c4ae64cf799ed6c37fe3761900a
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: by-them.com
referer: https://by-them.com/430811
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://by-them.com/430811
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Fri, 01 Oct 2021 02:33:35 GMT
via: 1.1 fd38301adb0ceb6cf6c42567f371a2f5.cloudfront.net (CloudFront)
last-modified: Mon, 27 Sep 2021 04:42:58 GMT
server: AmazonS3
age: 1147823
etag: "e97d33ab4717a4ea231c3a8f47104400"
x-cache: Hit from cloudfront
content-type: image/jpeg
cache-control: max-age=31536000
x-amz-cf-pop: FRA60-P1
accept-ranges: bytes
content-length: 76477
x-amz-cf-id: vhT3EBBqGscPOtBcTv-uexaEQKbgrZ9X02cVp4yi1LEjDbx6OaasPQ==
expires: Tue, 27 Sep 2022 04:42:57 GMT

GET
H2 200 80404516e906a9cc3eb1efbda5a9e98a-480x270.jpg
by-them.com/wp-content/uploads/2021/09/15184632/ 24 KB
25 KB 12ms
12ms Image
image/jpeg 13.32.121.11
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://by-them.com/wp-content/uploads/2021/09/15184632/80404516e906a9cc3eb1efbda5a9e98a-480x270.jpg
Requested by: Host: by-them.com
URL: https://by-them.com/430811
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.121.11 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-121-11.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 7867e3cd7e24bc56ae04988bed883839be4046c7cb1fda57d4d2f8b2ba0b03f5

Request headers

:path: /wp-content/uploads/2021/09/15184632/80404516e906a9cc3eb1efbda5a9e98a-480x270.jpg
pragma: no-cache
cookie: wordpress_google_apps_login=d3991c4ae64cf799ed6c37fe3761900a
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: by-them.com
referer: https://by-them.com/430811
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://by-them.com/430811
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Fri, 01 Oct 2021 02:21:16 GMT
via: 1.1 fd38301adb0ceb6cf6c42567f371a2f5.cloudfront.net (CloudFront)
last-modified: Wed, 15 Sep 2021 09:46:33 GMT
server: AmazonS3
age: 1148562
etag: "2d9a8e58264d55d1423d17e5c5b5d05a"
x-cache: Hit from cloudfront
content-type: image/jpeg
cache-control: max-age=31536000
x-amz-cf-pop: FRA60-P1
accept-ranges: bytes
content-length: 25082
x-amz-cf-id: Nx4w84sWexHlm4e_n3dEqQtEkIVlHqBwHGhmG2llOTT8uBPTrhyFmQ==
expires: Thu, 15 Sep 2022 09:46:32 GMT

GET
H2 200 shutterstock_1970319392-480x270.jpg
by-them.com/wp-content/uploads/2021/10/13111935/ 26 KB
26 KB 13ms
13ms Image
image/jpeg 13.32.121.11
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://by-them.com/wp-content/uploads/2021/10/13111935/shutterstock_1970319392-480x270.jpg
Requested by: Host: by-them.com
URL: https://by-them.com/430811
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.121.11 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-121-11.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: f67e53ad5fb9e60ac88e67ea78cdec7f88818e84ba31288f9267f3318dacc507

Request headers

:path: /wp-content/uploads/2021/10/13111935/shutterstock_1970319392-480x270.jpg
pragma: no-cache
cookie: wordpress_google_apps_login=d3991c4ae64cf799ed6c37fe3761900a
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: by-them.com
referer: https://by-them.com/430811
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://by-them.com/430811
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 04:22:03 GMT
via: 1.1 fd38301adb0ceb6cf6c42567f371a2f5.cloudfront.net (CloudFront)
last-modified: Wed, 13 Oct 2021 02:19:36 GMT
server: AmazonS3
age: 18115
etag: "d378b15a92f25427efb64a2e980ded08"
x-cache: Hit from cloudfront
content-type: image/jpeg
cache-control: max-age=31536000
x-amz-cf-pop: FRA60-P1
accept-ranges: bytes
content-length: 26576
x-amz-cf-id: Mwql-so7JV35XQvcHIIFHVgXkDR6IwB3FDOrkJLlYaBJjLOljhHV7w==
expires: Thu, 13 Oct 2022 02:19:35 GMT

GET
H2 200 jasmin-chew-IkvoQkiS9hs-unsplash-1-480x270.jpg
by-them.com/wp-content/uploads/2021/10/02142341/ 25 KB
26 KB 15ms
15ms Image
image/jpeg 13.32.121.11
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://by-them.com/wp-content/uploads/2021/10/02142341/jasmin-chew-IkvoQkiS9hs-unsplash-1-480x270.jpg
Requested by: Host: by-them.com
URL: https://by-them.com/430811
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.121.11 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-121-11.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 6054028b0b65752fdee3db797ce49e5c94f248db707ac9e5ceaa4dd31563edc8

Request headers

:path: /wp-content/uploads/2021/10/02142341/jasmin-chew-IkvoQkiS9hs-unsplash-1-480x270.jpg
pragma: no-cache
cookie: wordpress_google_apps_login=d3991c4ae64cf799ed6c37fe3761900a
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: by-them.com
referer: https://by-them.com/430811
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://by-them.com/430811
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 02:37:55 GMT
via: 1.1 fd38301adb0ceb6cf6c42567f371a2f5.cloudfront.net (CloudFront)
last-modified: Thu, 02 Sep 2021 05:23:42 GMT
server: AmazonS3
age: 24363
etag: "ad6c9d96140680e6615d4bba12d2d9cd"
x-cache: Hit from cloudfront
content-type: image/jpeg
cache-control: max-age=31536000
x-amz-cf-pop: FRA60-P1
accept-ranges: bytes
content-length: 26034
x-amz-cf-id: 7_Atl0T7VKHnGYD95Jtg8gXUzkH3aBl5xUcolReW8cUCRBv_ogi48A==
expires: Fri, 02 Sep 2022 05:23:41 GMT

GET
H2 200 photo-1521252517631-1a6549100bd1-720x405.jpeg
by-them.com/wp-content/uploads/2021/10/04165558/ 41 KB
41 KB 15ms
15ms Image
image/jpeg 13.32.121.11
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://by-them.com/wp-content/uploads/2021/10/04165558/photo-1521252517631-1a6549100bd1-720x405.jpeg
Requested by: Host: by-them.com
URL: https://by-them.com/430811
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.121.11 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-121-11.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 17977e8585d9b7c8bef6950810ca83eabee5b10fedf680e14bb0026b9464b502

Request headers

:path: /wp-content/uploads/2021/10/04165558/photo-1521252517631-1a6549100bd1-720x405.jpeg
pragma: no-cache
cookie: wordpress_google_apps_login=d3991c4ae64cf799ed6c37fe3761900a
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: by-them.com
referer: https://by-them.com/430811
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://by-them.com/430811
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 04:22:03 GMT
via: 1.1 fd38301adb0ceb6cf6c42567f371a2f5.cloudfront.net (CloudFront)
last-modified: Mon, 04 Oct 2021 07:55:59 GMT
server: AmazonS3
age: 18115
etag: "893b3dd5822f9ce39f942c67af042d54"
x-cache: Hit from cloudfront
content-type: image/jpeg
cache-control: max-age=31536000
x-amz-cf-pop: FRA60-P1
accept-ranges: bytes
content-length: 42010
x-amz-cf-id: lpsY4CS81YicwN7gTIEDGyam8j13ztrEn8pbK7egyWjktoBh1t8ibw==
expires: Tue, 04 Oct 2022 07:55:58 GMT

GET
H2 200 shutterstock_1100199110-480x270.jpg
by-them.com/wp-content/uploads/2021/10/21135850/ 41 KB
42 KB 13ms
13ms Image
image/jpeg 13.32.121.11
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://by-them.com/wp-content/uploads/2021/10/21135850/shutterstock_1100199110-480x270.jpg
Requested by: Host: by-them.com
URL: https://by-them.com/430811
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.121.11 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-121-11.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: d754c53d8092af3b588d9805d46c3ed8fc3296a3f9aee81a5638dd2fe100f12d

Request headers

:path: /wp-content/uploads/2021/10/21135850/shutterstock_1100199110-480x270.jpg
pragma: no-cache
cookie: wordpress_google_apps_login=d3991c4ae64cf799ed6c37fe3761900a
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: by-them.com
referer: https://by-them.com/430811
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://by-them.com/430811
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 04:22:03 GMT
via: 1.1 fd38301adb0ceb6cf6c42567f371a2f5.cloudfront.net (CloudFront)
last-modified: Tue, 21 Sep 2021 04:58:51 GMT
server: AmazonS3
age: 18115
etag: "a3a5d59404bc9214a3259374cbae461c"
x-cache: Hit from cloudfront
content-type: image/jpeg
cache-control: max-age=31536000
x-amz-cf-pop: FRA60-P1
accept-ranges: bytes
content-length: 42450
x-amz-cf-id: C-DvN1haZL47MUSuXXQPR0lGbGcxFxVR7C_nqmbNryARV1TwKGCECA==
expires: Wed, 21 Sep 2022 04:58:50 GMT

GET
H2 200 jonas-weckschmied-950JJJW35ZY-unsplash-480x270.jpg
by-them.com/wp-content/uploads/2021/08/26115555/ 31 KB
32 KB 13ms
13ms Image
image/jpeg 13.32.121.11
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://by-them.com/wp-content/uploads/2021/08/26115555/jonas-weckschmied-950JJJW35ZY-unsplash-480x270.jpg
Requested by: Host: by-them.com
URL: https://by-them.com/430811
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.121.11 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-121-11.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: c8c3bed428246bfe00470d726cd0db7c28b25b58fc90312a5110d66919c938d4

Request headers

:path: /wp-content/uploads/2021/08/26115555/jonas-weckschmied-950JJJW35ZY-unsplash-480x270.jpg
pragma: no-cache
cookie: wordpress_google_apps_login=d3991c4ae64cf799ed6c37fe3761900a
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: by-them.com
referer: https://by-them.com/430811
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://by-them.com/430811
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 13 Oct 2021 02:37:36 GMT
via: 1.1 fd38301adb0ceb6cf6c42567f371a2f5.cloudfront.net (CloudFront)
last-modified: Thu, 26 Aug 2021 02:55:56 GMT
server: AmazonS3
age: 110781
etag: "bc175d932c74c7a87a73e20552ba65e9"
x-cache: Hit from cloudfront
content-type: image/jpeg
cache-control: max-age=31536000
x-amz-cf-pop: FRA60-P1
accept-ranges: bytes
content-length: 32066
x-amz-cf-id: Qiq71dGZh1cuycZjEMJMsZfD-WBif6H4CA7Sj_IGSbgBF7zvhiR1ig==
expires: Fri, 26 Aug 2022 02:55:55 GMT

GET
H2 200 fa-regular-400.woff2
by-them.com/wp-content/plugins/muse/src/Custom/webfonts/ 12 KB
12 KB 12ms
12ms Font
font/woff2 13.32.121.11
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://by-them.com/wp-content/plugins/muse/src/Custom/webfonts/fa-regular-400.woff2
Requested by: Host: by-them.com
URL: https://by-them.com/wp-content/plugins/muse/src/Custom/css/fontawesome-all.min.css?ver=5.0.8
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.121.11 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-121-11.fra60.r.cloudfront.net
Software: nginx /
Resource Hash: 4d2883443b24e424527f6a0a7aa2897b3df71f239db40373c4ff760e48147801

Request headers

sec-fetch-mode: cors
origin: https://by-them.com
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
sec-fetch-dest: font
cookie: wordpress_google_apps_login=d3991c4ae64cf799ed6c37fe3761900a
:path: /wp-content/plugins/muse/src/Custom/webfonts/fa-regular-400.woff2
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept: */*
cache-control: no-cache
:authority: by-them.com
referer: https://by-them.com/wp-content/plugins/muse/src/Custom/css/fontawesome-all.min.css?ver=5.0.8
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://by-them.com/wp-content/plugins/muse/src/Custom/css/fontawesome-all.min.css?ver=5.0.8
Origin: https://by-them.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sun, 10 Oct 2021 06:30:54 GMT
via: 1.1 fd38301adb0ceb6cf6c42567f371a2f5.cloudfront.net (CloudFront)
last-modified: Wed, 29 Sep 2021 06:37:12 GMT
server: nginx
age: 355983
etag: "61540998-2fd0"
x-cache: Hit from cloudfront
content-type: font/woff2
cache-control: max-age=604800
x-amz-cf-pop: FRA60-P1
accept-ranges: bytes
content-length: 12240
x-amz-cf-id: DLsxfM4QZSUDX12_I6Q0QTFcyJGoOrTUDG0BMy6SkX5-od_rfwz7mw==
expires: Sun, 17 Oct 2021 06:30:54 GMT

POST
H2 200 collect Show response
www.google-analytics.com/j/ 2 B
204 B 15ms
14ms XHR
text/plain 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j93&a=911177822&t=pageview&_s=1&dl=https%3A%2F%2Fby-them.com%2F430811&ul=en-us&de=UTF-8&dt=%E6%8B%92%E7%B5%B6%E3%80%81%E7%84%A1%E8%A6%96%E3%80%81%E9%81%8E%E5%B9%B2%E6%B8%89%E3%80%81%E6%80%A7%E7%9A%84%E8%99%90%E5%BE%85%20%E2%80%A6%E6%AF%92%E8%A6%AA%E8%82%B2%E3%81%A1%E3%81%8C%E9%99%A5%E3%82%8B%E3%80%81%E3%82%88%E3%81%8F%E3%81%82%E3%82%8B%E5%95%8F%E9%A1%8C%E3%81%A8%E3%81%AF&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=4GBAAUABAAAAAC~&jid=1066658384&gjid=1924786422&cid=842165529.1634203437&tid=UA-142511850-1&_gid=727390644.1634203437&_r=1&gtm=2ouab0&z=1577334790

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://by-them.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 14 Oct 2021 09:23:57 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://by-them.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

OPTIONS
H2 200 json
gum.criteo.com/sid/ Frame 0
0 50ms
17ms Preflight
application/json 2a02:2638::1c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fby-them.com%2F&domain=by-them.com&cw=1&lsw=1

Protocol

Server

2a02:2638::1c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Origin: https://by-them.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
content-type: application/json; charset=utf-8
expires: 0
strict-transport-security: max-age=31536000
access-control-allow-origin: https://by-them.com
access-control-allow-headers: content-type
access-control-allow-credentials: true
access-control-allow-methods: GET
server-processing-duration-in-ticks: 1447
date: Thu, 14 Oct 2021 09:23:56 GMT
content-encoding: gzip
vary: Accept-Encoding

GET
H2

200

sid Show response
mug.criteo.com/
Redirect Chain

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fby-them.com%2F&domain=by-them.com&cw=1&lsw=1
https://mug.criteo.com/sid?cpp=o_3EZnxvSmhBaXk3VWdISGVuSHVxVUs4STB1amdiNHNuaU1qUzVuVjEzaWZRQ2RKTXRWd2RyREZJRlNkV08rS1diSDc3QXlWOHhyYkIrYmhoQlQ3elA1Zllld041ano3UUh5V0hCMGlwWjl1cUJDYXk3SXZkdVJJeFMwYV...

356 B
610 B

39ms
14ms

XHR
application/json

178.250.2.146
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://mug.criteo.com/sid?cpp=o_3EZnxvSmhBaXk3VWdISGVuSHVxVUs4STB1amdiNHNuaU1qUzVuVjEzaWZRQ2RKTXRWd2RyREZJRlNkV08rS1diSDc3QXlWOHhyYkIrYmhoQlQ3elA1Zllld041ano3UUh5V0hCMGlwWjl1cUJDYXk3SXZkdVJJeFMwYVRrWHRiRzVPczJscTJXR0tzTmR4a3htekhMUUEzNTNqZ1dIR0R3TDlhZitORXpDL2ZraTgyU2hsSGFGTk5lUUQ2NTRjaVVVWk9MbGE4TkNmUThHZG1OZWs0bzdYWEZHNGQrTzNlT1BVdm5YbGc5MDc2YzJRPXw&cppv=2

Requested by

Host: by-them.com
URL: https://by-them.com/430811

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.146 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

434fa6e4b6aa43dffeadd3b88ab8e939a845ccb8a56615632660dacbe7f187be

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://by-them.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000
content-encoding: gzip
date: Thu, 14 Oct 2021 09:23:56 GMT
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: null
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 2525
expires: 0

Redirect headers

pragma: no-cache
strict-transport-security: max-age=31536000
date: Thu, 14 Oct 2021 09:23:56 GMT
location: https://mug.criteo.com/sid?cpp=o_3EZnxvSmhBaXk3VWdISGVuSHVxVUs4STB1amdiNHNuaU1qUzVuVjEzaWZRQ2RKTXRWd2RyREZJRlNkV08rS1diSDc3QXlWOHhyYkIrYmhoQlQ3elA1Zllld041ano3UUh5V0hCMGlwWjl1cUJDYXk3SXZkdVJJeFMwYVRrWHRiRzVPczJscTJXR0tzTmR4a3htekhMUUEzNTNqZ1dIR0R3TDlhZitORXpDL2ZraTgyU2hsSGFGTk5lUUQ2NTRjaVVVWk9MbGE4TkNmUThHZG1OZWs0bzdYWEZHNGQrTzNlT1BVdm5YbGc5MDc2YzJRPXw&cppv=2
access-control-allow-methods: GET
content-type: text/html; charset=utf-8
access-control-allow-origin: https://by-them.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 1621
content-length: 482
expires: 0

GET
H/1.1 200
OK bidRequest Show response
c2shb.ssp.yahoo.com/ 5 KB
5 KB 126ms
84ms XHR
application/json 35.157.246.167
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a96989e0179791f18f5243a99af00e7&pos=8a96901c0179791f15d3243da89000ca&cmd=bid&secure=1
Requested by: Host: flux-cdn.com
URL: https://flux-cdn.com/client/mag2/flux_bythem_AS_TM_AT.min.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.157.246.167 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-157-246-167.eu-central-1.compute.amazonaws.com
Software: ATS/7.1.2.138 /
Resource Hash: c32a7fc22e0590a1847328e5bbbe9e5b100c8c77847da84c30d85f0dd3eab3b9

Request headers

Referer: https://by-them.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

Date: Thu, 14 Oct 2021 09:23:57 GMT
Server: ATS/7.1.2.138
Age: 0
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Methods: POST,GET,HEAD,OPTIONS
Content-Type: application/json;charset=utf-8
Access-Control-Allow-Origin: https://by-them.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 4665

GET
H/1.1 200
OK bidRequest Show response
c2shb.ssp.yahoo.com/ 5 KB
5 KB 119ms
77ms XHR
application/json 35.157.246.167
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a96989e0179791f18f5243a99af00e7&pos=8a96989e0179791f18f5243daa5300f1&cmd=bid&secure=1
Requested by: Host: flux-cdn.com
URL: https://flux-cdn.com/client/mag2/flux_bythem_AS_TM_AT.min.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.157.246.167 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-157-246-167.eu-central-1.compute.amazonaws.com
Software: ATS/7.1.2.138 /
Resource Hash: 779bbc13f8dd50741e04bbbd770c1184f79af695c8cc1162d828f0b58e2d96df

Request headers

Referer: https://by-them.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

Date: Thu, 14 Oct 2021 09:23:57 GMT
Server: ATS/7.1.2.138
Age: 0
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Methods: POST,GET,HEAD,OPTIONS
Content-Type: application/json;charset=utf-8
Access-Control-Allow-Origin: https://by-them.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 4677

GET
H/1.1 200
OK bidRequest Show response
c2shb.ssp.yahoo.com/ 5 KB
5 KB 122ms
81ms XHR
application/json 35.157.246.167
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a96989e0179791f18f5243a99af00e7&pos=8a969c6c0179791f1838243dac2c00f0&cmd=bid&secure=1
Requested by: Host: flux-cdn.com
URL: https://flux-cdn.com/client/mag2/flux_bythem_AS_TM_AT.min.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.157.246.167 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-157-246-167.eu-central-1.compute.amazonaws.com
Software: ATS/7.1.2.138 /
Resource Hash: 7255671220991982802ffbb2b868d8ad43d9786e37d5f6bc8fe7dc017a657d98

Request headers

Referer: https://by-them.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

Date: Thu, 14 Oct 2021 09:23:57 GMT
Server: ATS/7.1.2.138
Age: 0
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Methods: POST,GET,HEAD,OPTIONS
Content-Type: application/json;charset=utf-8
Access-Control-Allow-Origin: https://by-them.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 4670

GET
H/1.1 200
OK bidRequest Show response
c2shb.ssp.yahoo.com/ 5 KB
5 KB 122ms
81ms XHR
application/json 35.157.246.167
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a96989e0179791f18f5243a99af00e7&pos=8a969c6c0179791f1838243db3c000f2&cmd=bid&secure=1
Requested by: Host: flux-cdn.com
URL: https://flux-cdn.com/client/mag2/flux_bythem_AS_TM_AT.min.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.157.246.167 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-157-246-167.eu-central-1.compute.amazonaws.com
Software: ATS/7.1.2.138 /
Resource Hash: 3c5e602c223aba99e8b8f946a7a0ede3b0afc7daea7a2c34dcf60d2ab47d904a

Request headers

Referer: https://by-them.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

Date: Thu, 14 Oct 2021 09:23:57 GMT
Server: ATS/7.1.2.138
Age: 0
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Methods: POST,GET,HEAD,OPTIONS
Content-Type: application/json;charset=utf-8
Access-Control-Allow-Origin: https://by-them.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 4666

GET
H/1.1 200
OK bidRequest Show response
c2shb.ssp.yahoo.com/ 5 KB
5 KB 122ms
81ms XHR
application/json 35.157.246.167
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a96989e0179791f18f5243a99af00e7&pos=8a96989e0179791f18f5243db5b600f3&cmd=bid&secure=1
Requested by: Host: flux-cdn.com
URL: https://flux-cdn.com/client/mag2/flux_bythem_AS_TM_AT.min.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.157.246.167 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-157-246-167.eu-central-1.compute.amazonaws.com
Software: ATS/7.1.2.138 /
Resource Hash: b95e1708fe20a5072449cf882b23fd0871b3f831aab62f273afe75192bed21f6

Request headers

Referer: https://by-them.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

Date: Thu, 14 Oct 2021 09:23:57 GMT
Server: ATS/7.1.2.138
Age: 0
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Methods: POST,GET,HEAD,OPTIONS
Content-Type: application/json;charset=utf-8
Access-Control-Allow-Origin: https://by-them.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 4670

GET
H/1.1 200
OK bidRequest Show response
c2shb.ssp.yahoo.com/ 5 KB
5 KB 111ms
70ms XHR
application/json 35.157.246.167
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a96989e0179791f18f5243a99af00e7&pos=8a969c6c0179791f1838243daff800f1&cmd=bid&secure=1
Requested by: Host: flux-cdn.com
URL: https://flux-cdn.com/client/mag2/flux_bythem_AS_TM_AT.min.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.157.246.167 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-157-246-167.eu-central-1.compute.amazonaws.com
Software: ATS/7.1.2.138 /
Resource Hash: 1e4f9ead775ddbfb9ab933f02689fa7405a092633cb28b6fa69d38d9ba30ac33

Request headers

Referer: https://by-them.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

Date: Thu, 14 Oct 2021 09:23:57 GMT
Server: ATS/7.1.2.138
Age: 0
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Methods: POST,GET,HEAD,OPTIONS
Content-Type: application/json;charset=utf-8
Access-Control-Allow-Origin: https://by-them.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 4656

GET
H/1.1 200
OK bidRequest Show response
c2shb.ssp.yahoo.com/ 5 KB
5 KB 184ms
73ms XHR
application/json 35.157.246.167
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a96989e0179791f18f5243a99af00e7&pos=8a96901c0179791f15d3243db1f100cb&cmd=bid&secure=1
Requested by: Host: flux-cdn.com
URL: https://flux-cdn.com/client/mag2/flux_bythem_AS_TM_AT.min.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.157.246.167 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-157-246-167.eu-central-1.compute.amazonaws.com
Software: ATS/7.1.2.138 /
Resource Hash: fc4cc8ee7c1c3a85b2f4e77723608854a07a8c19261647064dc88b0bfe44b252

Request headers

Referer: https://by-them.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

Date: Thu, 14 Oct 2021 09:23:57 GMT
Server: ATS/7.1.2.138
Age: 0
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Methods: POST,GET,HEAD,OPTIONS
Content-Type: application/json;charset=utf-8
Access-Control-Allow-Origin: https://by-them.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 4645

GET
H/1.1 200
OK bidRequest Show response
c2shb.ssp.yahoo.com/ 5 KB
5 KB 199ms
82ms XHR
application/json 35.157.246.167
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a96989e0179791f18f5243a99af00e7&pos=8a96989e0179791f18f5243dae1700f2&cmd=bid&secure=1
Requested by: Host: flux-cdn.com
URL: https://flux-cdn.com/client/mag2/flux_bythem_AS_TM_AT.min.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.157.246.167 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-157-246-167.eu-central-1.compute.amazonaws.com
Software: ATS/7.1.2.138 /
Resource Hash: 22c7d2b9ea90076aa15c073a092eaee0d22366aea881b68e1512a7da41d0a525

Request headers

Referer: https://by-them.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

Date: Thu, 14 Oct 2021 09:23:57 GMT
Server: ATS/7.1.2.138
Age: 0
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Methods: POST,GET,HEAD,OPTIONS
Content-Type: application/json;charset=utf-8
Access-Control-Allow-Origin: https://by-them.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 4663

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ 0
113 B 236ms
200ms XHR
text/plain 185.64.189.112
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: flux-cdn.com
URL: https://flux-cdn.com/client/mag2/flux_bythem_AS_TM_AT.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://by-them.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://by-them.com
date: Thu, 14 Oct 2021 09:23:55 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true

POST
H2 200 prebid Show response
pb.ladsp.com/adrequest/ 90 B
469 B 750ms
251ms XHR
application/json 18.180.145.241
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://pb.ladsp.com/adrequest/prebid
Requested by: Host: flux-cdn.com
URL: https://flux-cdn.com/client/mag2/flux_bythem_AS_TM_AT.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.180.145.241 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-180-145-241.ap-northeast-1.compute.amazonaws.com
Software: Logicad/DADServer /
Resource Hash: abad0cadaed2c2e92df5d56d60dcdd21b82343797a43d73af49381aa1abfb047

Request headers

Referer: https://by-them.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 14 Oct 2021 09:23:57 GMT
content-encoding: gzip
server: Logicad/DADServer
vary: Accept-Encoding, User-Agent
p3p: CP="NOI DEVo TAIo PSAo PSDo OUR IND UNI NAV", policyref="http://cd.ladsp.com/xml/w3c/p3p.xml"
access-control-allow-origin: https://by-them.com
cache-control: private, no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials: true
content-type: application/json;charset=utf-8
content-length: 104
expires: -1

POST
H2 200 prebid Show response
pb.ladsp.com/adrequest/ 90 B
470 B 749ms
250ms XHR
application/json 18.180.145.241
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://pb.ladsp.com/adrequest/prebid
Requested by: Host: flux-cdn.com
URL: https://flux-cdn.com/client/mag2/flux_bythem_AS_TM_AT.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.180.145.241 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-180-145-241.ap-northeast-1.compute.amazonaws.com
Software: Logicad/DADServer /
Resource Hash: abad0cadaed2c2e92df5d56d60dcdd21b82343797a43d73af49381aa1abfb047

Request headers

Referer: https://by-them.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 14 Oct 2021 09:23:57 GMT
content-encoding: gzip
server: Logicad/DADServer
vary: Accept-Encoding, User-Agent
p3p: CP="NOI DEVo TAIo PSAo PSDo OUR IND UNI NAV", policyref="http://cd.ladsp.com/xml/w3c/p3p.xml"
access-control-allow-origin: https://by-them.com
cache-control: private, no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials: true
content-type: application/json;charset=utf-8
content-length: 104
expires: -1

POST
H2 200 prebid Show response
pb.ladsp.com/adrequest/ 90 B
469 B 749ms
251ms XHR
application/json 18.180.145.241
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://pb.ladsp.com/adrequest/prebid
Requested by: Host: flux-cdn.com
URL: https://flux-cdn.com/client/mag2/flux_bythem_AS_TM_AT.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.180.145.241 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-180-145-241.ap-northeast-1.compute.amazonaws.com
Software: Logicad/DADServer /
Resource Hash: abad0cadaed2c2e92df5d56d60dcdd21b82343797a43d73af49381aa1abfb047

Request headers

Referer: https://by-them.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 14 Oct 2021 09:23:57 GMT
content-encoding: gzip
server: Logicad/DADServer
vary: Accept-Encoding, User-Agent
p3p: CP="NOI DEVo TAIo PSAo PSDo OUR IND UNI NAV", policyref="http://cd.ladsp.com/xml/w3c/p3p.xml"
access-control-allow-origin: https://by-them.com
cache-control: private, no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials: true
content-type: application/json;charset=utf-8
content-length: 104
expires: -1

POST
H2 200 prebid Show response
pb.ladsp.com/adrequest/ 90 B
469 B 986ms
488ms XHR
application/json 18.180.145.241
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://pb.ladsp.com/adrequest/prebid
Requested by: Host: flux-cdn.com
URL: https://flux-cdn.com/client/mag2/flux_bythem_AS_TM_AT.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.180.145.241 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-180-145-241.ap-northeast-1.compute.amazonaws.com
Software: Logicad/DADServer /
Resource Hash: abad0cadaed2c2e92df5d56d60dcdd21b82343797a43d73af49381aa1abfb047

Request headers

Referer: https://by-them.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 14 Oct 2021 09:23:57 GMT
content-encoding: gzip
server: Logicad/DADServer
vary: Accept-Encoding, User-Agent
p3p: CP="NOI DEVo TAIo PSAo PSDo OUR IND UNI NAV", policyref="http://cd.ladsp.com/xml/w3c/p3p.xml"
access-control-allow-origin: https://by-them.com
cache-control: private, no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials: true
content-type: application/json;charset=utf-8
content-length: 104
expires: -1

POST
H2 200 prebid Show response
pb.ladsp.com/adrequest/ 90 B
469 B 986ms
488ms XHR
application/json 18.180.145.241
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://pb.ladsp.com/adrequest/prebid
Requested by: Host: flux-cdn.com
URL: https://flux-cdn.com/client/mag2/flux_bythem_AS_TM_AT.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.180.145.241 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-180-145-241.ap-northeast-1.compute.amazonaws.com
Software: Logicad/DADServer /
Resource Hash: abad0cadaed2c2e92df5d56d60dcdd21b82343797a43d73af49381aa1abfb047

Request headers

Referer: https://by-them.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 14 Oct 2021 09:23:57 GMT
content-encoding: gzip
server: Logicad/DADServer
vary: Accept-Encoding, User-Agent
p3p: CP="NOI DEVo TAIo PSAo PSDo OUR IND UNI NAV", policyref="http://cd.ladsp.com/xml/w3c/p3p.xml"
access-control-allow-origin: https://by-them.com
cache-control: private, no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials: true
content-type: application/json;charset=utf-8
content-length: 104
expires: -1

POST
H2 200 prebid Show response
pb.ladsp.com/adrequest/ 90 B
469 B 985ms
487ms XHR
application/json 18.180.145.241
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://pb.ladsp.com/adrequest/prebid
Requested by: Host: flux-cdn.com
URL: https://flux-cdn.com/client/mag2/flux_bythem_AS_TM_AT.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.180.145.241 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-180-145-241.ap-northeast-1.compute.amazonaws.com
Software: Logicad/DADServer /
Resource Hash: abad0cadaed2c2e92df5d56d60dcdd21b82343797a43d73af49381aa1abfb047

Request headers

Referer: https://by-them.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 14 Oct 2021 09:23:57 GMT
content-encoding: gzip
server: Logicad/DADServer
vary: Accept-Encoding, User-Agent
p3p: CP="NOI DEVo TAIo PSAo PSDo OUR IND UNI NAV", policyref="http://cd.ladsp.com/xml/w3c/p3p.xml"
access-control-allow-origin: https://by-them.com
cache-control: private, no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials: true
content-type: application/json;charset=utf-8
content-length: 104
expires: -1

POST
H2 200 prebid Show response
pb.ladsp.com/adrequest/ 90 B
469 B 748ms
251ms XHR
application/json 18.180.145.241
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://pb.ladsp.com/adrequest/prebid
Requested by: Host: flux-cdn.com
URL: https://flux-cdn.com/client/mag2/flux_bythem_AS_TM_AT.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.180.145.241 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-180-145-241.ap-northeast-1.compute.amazonaws.com
Software: Logicad/DADServer /
Resource Hash: abad0cadaed2c2e92df5d56d60dcdd21b82343797a43d73af49381aa1abfb047

Request headers

Referer: https://by-them.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 14 Oct 2021 09:23:57 GMT
content-encoding: gzip
server: Logicad/DADServer
vary: Accept-Encoding, User-Agent
p3p: CP="NOI DEVo TAIo PSAo PSDo OUR IND UNI NAV", policyref="http://cd.ladsp.com/xml/w3c/p3p.xml"
access-control-allow-origin: https://by-them.com
cache-control: private, no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials: true
content-type: application/json;charset=utf-8
content-length: 104
expires: -1

POST
H2 200 prebid Show response
pb.ladsp.com/adrequest/ 90 B
469 B 985ms
488ms XHR
application/json 18.180.145.241
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://pb.ladsp.com/adrequest/prebid
Requested by: Host: flux-cdn.com
URL: https://flux-cdn.com/client/mag2/flux_bythem_AS_TM_AT.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.180.145.241 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-180-145-241.ap-northeast-1.compute.amazonaws.com
Software: Logicad/DADServer /
Resource Hash: abad0cadaed2c2e92df5d56d60dcdd21b82343797a43d73af49381aa1abfb047

Request headers

Referer: https://by-them.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 14 Oct 2021 09:23:57 GMT
content-encoding: gzip
server: Logicad/DADServer
vary: Accept-Encoding, User-Agent
p3p: CP="NOI DEVo TAIo PSAo PSDo OUR IND UNI NAV", policyref="http://cd.ladsp.com/xml/w3c/p3p.xml"
access-control-allow-origin: https://by-them.com
cache-control: private, no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials: true
content-type: application/json;charset=utf-8
content-length: 104
expires: -1

GET
H/1.1

200
OK

h_bid Show response
y.one.impact-ad.jp/ul_cb/
Redirect Chain

https://y.one.impact-ad.jp/h_bid?v=hb1&p=95204&cb=21042055418&r=https%3A%2F%2Fby-them.com%2F430811&uid=290d8847b3cfd4e&tid=082a05c6-853f-4385-a988-5670cb9b1171&uc=div-gpt-ad-1566179229302-0&tmax=20...
https://y.one.impact-ad.jp/ul_cb/h_bid?v=hb1&p=95204&cb=21042055418&r=https%3A%2F%2Fby-them.com%2F430811&uid=290d8847b3cfd4e&tid=082a05c6-853f-4385-a988-5670cb9b1171&uc=div-gpt-ad-1566179229302-0&t...

133 B
729 B

241ms
240ms

XHR
application/json

35.213.109.249
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://y.one.impact-ad.jp/ul_cb/h_bid?v=hb1&p=95204&cb=21042055418&r=https%3A%2F%2Fby-them.com%2F430811&uid=290d8847b3cfd4e&tid=082a05c6-853f-4385-a988-5670cb9b1171&uc=div-gpt-ad-1566179229302-0&tmax=2000&t=i&sz=300x250%2C336x280
Requested by: Host: by-them.com
URL: https://by-them.com/430811
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.213.109.249 Tokyo, Japan, ASN15169 (GOOGLE, US),
Reverse DNS: 249.109.213.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: 32f88b1c72628b76fee2083e5128878b95b2a642c806e6c03838d942dc960048

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://by-them.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Thu, 14 Oct 2021 09:23:58 GMT
Content-Encoding: gzip
Server: nginx
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://by-them.com
Cache-Control: no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 127

Redirect headers

Date: Thu, 14 Oct 2021 09:23:57 GMT
Server: nginx
Access-Control-Allow-Origin: https://by-them.com
Location: https://y.one.impact-ad.jp/ul_cb/h_bid?v=hb1&p=95204&cb=21042055418&r=https%3A%2F%2Fby-them.com%2F430811&uid=290d8847b3cfd4e&tid=082a05c6-853f-4385-a988-5670cb9b1171&uc=div-gpt-ad-1566179229302-0&tmax=2000&t=i&sz=300x250%2C336x280
Cache-Control: no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 0

GET
H/1.1

200
OK

h_bid Show response
y.one.impact-ad.jp/ul_cb/
Redirect Chain

https://y.one.impact-ad.jp/h_bid?v=hb1&p=95205&cb=8104328281&r=https%3A%2F%2Fby-them.com%2F430811&uid=3016e04a27c52a3&tid=59eddf6a-2017-42ae-876f-d23a14629250&uc=div-gpt-ad-1563958765385-0&tmax=200...
https://y.one.impact-ad.jp/ul_cb/h_bid?v=hb1&p=95205&cb=8104328281&r=https%3A%2F%2Fby-them.com%2F430811&uid=3016e04a27c52a3&tid=59eddf6a-2017-42ae-876f-d23a14629250&uc=div-gpt-ad-1563958765385-0&tm...

133 B
729 B

242ms
241ms

XHR
application/json

35.213.109.249
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://y.one.impact-ad.jp/ul_cb/h_bid?v=hb1&p=95205&cb=8104328281&r=https%3A%2F%2Fby-them.com%2F430811&uid=3016e04a27c52a3&tid=59eddf6a-2017-42ae-876f-d23a14629250&uc=div-gpt-ad-1563958765385-0&tmax=2000&t=i&sz=300x250%2C336x280
Requested by: Host: by-them.com
URL: https://by-them.com/430811
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.213.109.249 Tokyo, Japan, ASN15169 (GOOGLE, US),
Reverse DNS: 249.109.213.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: a3e257982cec1d70db9639af3dc0096e6a2617f4f53ed0643e5e0f8f5aa95f9c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://by-them.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Thu, 14 Oct 2021 09:23:58 GMT
Content-Encoding: gzip
Server: nginx
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://by-them.com
Cache-Control: no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 127

Redirect headers

Date: Thu, 14 Oct 2021 09:23:57 GMT
Server: nginx
Access-Control-Allow-Origin: https://by-them.com
Location: https://y.one.impact-ad.jp/ul_cb/h_bid?v=hb1&p=95205&cb=8104328281&r=https%3A%2F%2Fby-them.com%2F430811&uid=3016e04a27c52a3&tid=59eddf6a-2017-42ae-876f-d23a14629250&uc=div-gpt-ad-1563958765385-0&tmax=2000&t=i&sz=300x250%2C336x280
Cache-Control: no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 0

GET
H/1.1

200
OK

h_bid Show response
y.one.impact-ad.jp/ul_cb/
Redirect Chain

https://y.one.impact-ad.jp/h_bid?v=hb1&p=95206&cb=16682839944&r=https%3A%2F%2Fby-them.com%2F430811&uid=31ab96ff61fdfe8&tid=6dd7870b-69fe-4c0e-8752-a401aebcef1e&uc=div-gpt-ad-1563958822521-0&tmax=20...
https://y.one.impact-ad.jp/ul_cb/h_bid?v=hb1&p=95206&cb=16682839944&r=https%3A%2F%2Fby-them.com%2F430811&uid=31ab96ff61fdfe8&tid=6dd7870b-69fe-4c0e-8752-a401aebcef1e&uc=div-gpt-ad-1563958822521-0&t...

133 B
729 B

247ms
247ms

XHR
application/json

35.213.109.249
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://y.one.impact-ad.jp/ul_cb/h_bid?v=hb1&p=95206&cb=16682839944&r=https%3A%2F%2Fby-them.com%2F430811&uid=31ab96ff61fdfe8&tid=6dd7870b-69fe-4c0e-8752-a401aebcef1e&uc=div-gpt-ad-1563958822521-0&tmax=2000&t=i&sz=300x250%2C336x280
Requested by: Host: by-them.com
URL: https://by-them.com/430811
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.213.109.249 Tokyo, Japan, ASN15169 (GOOGLE, US),
Reverse DNS: 249.109.213.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: c50d50fa1ce535b95dc32f6be5c87814e8e71ea74f770a130af2632969b93705

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://by-them.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Thu, 14 Oct 2021 09:23:58 GMT
Content-Encoding: gzip
Server: nginx
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://by-them.com
Cache-Control: no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 127

Redirect headers

Date: Thu, 14 Oct 2021 09:23:57 GMT
Server: nginx
Access-Control-Allow-Origin: https://by-them.com
Location: https://y.one.impact-ad.jp/ul_cb/h_bid?v=hb1&p=95206&cb=16682839944&r=https%3A%2F%2Fby-them.com%2F430811&uid=31ab96ff61fdfe8&tid=6dd7870b-69fe-4c0e-8752-a401aebcef1e&uc=div-gpt-ad-1563958822521-0&tmax=2000&t=i&sz=300x250%2C336x280
Cache-Control: no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 0

GET
H/1.1

200
OK

h_bid Show response
y.one.impact-ad.jp/ul_cb/
Redirect Chain

https://y.one.impact-ad.jp/h_bid?v=hb1&p=95210&cb=23210859549&r=https%3A%2F%2Fby-them.com%2F430811&uid=327a8bab8ffa80b&tid=4c995abf-e90d-4981-ab2d-29e01df7f2f4&uc=div-gpt-ad-1563947322354-0&tmax=20...
https://y.one.impact-ad.jp/ul_cb/h_bid?v=hb1&p=95210&cb=23210859549&r=https%3A%2F%2Fby-them.com%2F430811&uid=327a8bab8ffa80b&tid=4c995abf-e90d-4981-ab2d-29e01df7f2f4&uc=div-gpt-ad-1563947322354-0&t...

133 B
729 B

242ms
241ms

XHR
application/json

35.213.109.249
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://y.one.impact-ad.jp/ul_cb/h_bid?v=hb1&p=95210&cb=23210859549&r=https%3A%2F%2Fby-them.com%2F430811&uid=327a8bab8ffa80b&tid=4c995abf-e90d-4981-ab2d-29e01df7f2f4&uc=div-gpt-ad-1563947322354-0&tmax=2000&t=i&sz=300x250%2C336x280
Requested by: Host: by-them.com
URL: https://by-them.com/430811
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.213.109.249 Tokyo, Japan, ASN15169 (GOOGLE, US),
Reverse DNS: 249.109.213.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: c93c9be66ca71377caa60fc7bc5a31c2b4abb225945309ef68303491a3cdf69f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://by-them.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Thu, 14 Oct 2021 09:23:58 GMT
Content-Encoding: gzip
Server: nginx
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://by-them.com
Cache-Control: no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 127

Redirect headers

Date: Thu, 14 Oct 2021 09:23:57 GMT
Server: nginx
Access-Control-Allow-Origin: https://by-them.com
Location: https://y.one.impact-ad.jp/ul_cb/h_bid?v=hb1&p=95210&cb=23210859549&r=https%3A%2F%2Fby-them.com%2F430811&uid=327a8bab8ffa80b&tid=4c995abf-e90d-4981-ab2d-29e01df7f2f4&uc=div-gpt-ad-1563947322354-0&tmax=2000&t=i&sz=300x250%2C336x280
Cache-Control: no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 0

GET
H/1.1

200
OK

h_bid Show response
y.one.impact-ad.jp/ul_cb/
Redirect Chain

https://y.one.impact-ad.jp/h_bid?v=hb1&p=95211&cb=16133573305&r=https%3A%2F%2Fby-them.com%2F430811&uid=331f84a99d332bc&tid=a71a9247-da22-48f6-9a34-a14c43a76558&uc=div-gpt-ad-1563947472720-0&tmax=20...
https://y.one.impact-ad.jp/ul_cb/h_bid?v=hb1&p=95211&cb=16133573305&r=https%3A%2F%2Fby-them.com%2F430811&uid=331f84a99d332bc&tid=a71a9247-da22-48f6-9a34-a14c43a76558&uc=div-gpt-ad-1563947472720-0&t...

133 B
730 B

478ms
248ms

XHR
application/json

35.213.109.249
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://y.one.impact-ad.jp/ul_cb/h_bid?v=hb1&p=95211&cb=16133573305&r=https%3A%2F%2Fby-them.com%2F430811&uid=331f84a99d332bc&tid=a71a9247-da22-48f6-9a34-a14c43a76558&uc=div-gpt-ad-1563947472720-0&tmax=2000&t=i&sz=300x250%2C336x280
Requested by: Host: by-them.com
URL: https://by-them.com/430811
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.213.109.249 Tokyo, Japan, ASN15169 (GOOGLE, US),
Reverse DNS: 249.109.213.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: 93e7d659e4dfd962b3c7af020d3cc5ce74416a9e61f665e98cbe12330b21fd8f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://by-them.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Thu, 14 Oct 2021 09:23:58 GMT
Content-Encoding: gzip
Server: nginx
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://by-them.com
Cache-Control: no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 128

Redirect headers

Date: Thu, 14 Oct 2021 09:23:57 GMT
Server: nginx
Access-Control-Allow-Origin: https://by-them.com
Location: https://y.one.impact-ad.jp/ul_cb/h_bid?v=hb1&p=95211&cb=16133573305&r=https%3A%2F%2Fby-them.com%2F430811&uid=331f84a99d332bc&tid=a71a9247-da22-48f6-9a34-a14c43a76558&uc=div-gpt-ad-1563947472720-0&tmax=2000&t=i&sz=300x250%2C336x280
Cache-Control: no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 0

GET
H/1.1 200
OK h_bid Show response
y.one.impact-ad.jp/ 119 B
424 B 804ms
247ms XHR
application/json 35.213.109.249
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://y.one.impact-ad.jp/h_bid?v=hb1&p=95208&cb=66559740539&r=https%3A%2F%2Fby-them.com%2F430811&uid=343e3014b67e484&tid=e3e759f4-6170-411f-a05a-7b5c47e8f3ba&uc=div-gpt-ad-1563947796682-0&tmax=2000&t=i&sz=300x250%2C336x280
Requested by: Host: flux-cdn.com
URL: https://flux-cdn.com/client/mag2/flux_bythem_AS_TM_AT.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.213.109.249 Tokyo, Japan, ASN15169 (GOOGLE, US),
Reverse DNS: 249.109.213.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: a335be9e36de71ef8ec03c4de881f4722ce993e9ef5cf777419cb6c18e7858d3

Request headers

Referer: https://by-them.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

Date: Thu, 14 Oct 2021 09:23:57 GMT
Server: nginx
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://by-them.com
Cache-Control: no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 119

GET
H/1.1 200
OK h_bid Show response
y.one.impact-ad.jp/ 119 B
424 B 1053ms
249ms XHR
application/json 35.213.109.249
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://y.one.impact-ad.jp/h_bid?v=hb1&p=95209&cb=10525448333&r=https%3A%2F%2Fby-them.com%2F430811&uid=35a488a10a7819e&tid=3d8cf562-db10-4e24-9dee-269b108b1c70&uc=div-gpt-ad-1563947743154-0&tmax=2000&t=i&sz=300x250%2C336x280
Requested by: Host: flux-cdn.com
URL: https://flux-cdn.com/client/mag2/flux_bythem_AS_TM_AT.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.213.109.249 Tokyo, Japan, ASN15169 (GOOGLE, US),
Reverse DNS: 249.109.213.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: d4509b69b8e49bd4a1246574d79bf305dcfd7e763686b618c7f40c086631ba47

Request headers

Referer: https://by-them.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

Date: Thu, 14 Oct 2021 09:23:58 GMT
Server: nginx
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://by-them.com
Cache-Control: no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 119

GET
H/1.1 200
OK h_bid Show response
y.one.impact-ad.jp/ 119 B
447 B 1058ms
235ms XHR
application/json 35.213.109.249
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://y.one.impact-ad.jp/h_bid?v=hb1&p=95207&cb=78734606182&r=https%3A%2F%2Fby-them.com%2F430811&uid=36ada0766e311d4&tid=3bf2fe6f-3d8f-4e40-8806-51cc2876dad5&uc=div-gpt-ad-1563949719741-0&tmax=2000&t=i&sz=728x90
Requested by: Host: flux-cdn.com
URL: https://flux-cdn.com/client/mag2/flux_bythem_AS_TM_AT.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.213.109.249 Tokyo, Japan, ASN15169 (GOOGLE, US),
Reverse DNS: 249.109.213.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: 691daa43dcc71d1b8c90551bec448755402e4ec48d4fa7d25a7b323183d006c2

Request headers

Referer: https://by-them.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

Date: Thu, 14 Oct 2021 09:23:58 GMT
Content-Encoding: gzip
Server: nginx
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://by-them.com
Cache-Control: no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 118

POST
H2 200 cdb Show response
bidder.criteo.com/ 18 B
280 B 89ms
55ms XHR
application/json 178.250.0.165
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://bidder.criteo.com/cdb?profileId=207&av=33&wv=4.40.0&cb=99889626203
Requested by: Host: flux-cdn.com
URL: https://flux-cdn.com/client/mag2/flux_bythem_AS_TM_AT.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.0.165 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS: bidder.par.vip.prod.criteo.com
Software: Finatra /
Resource Hash: ad6aa18e132c373e6a0be7543103d4e5dfde8680587cea250550686591419910

Request headers

Referer: https://by-them.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

date: Thu, 14 Oct 2021 09:23:57 GMT
content-encoding: gzip
server: Finatra
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://by-them.com
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 44

GET
H2 200 prebid Show response
s-rtb-pb.send.microad.jp/ 47 B
393 B 769ms
274ms XHR
application/json 202.233.84.2
MICROAD MicroAd

General

Check archive.org

Show headers Download Go to

Full URL

https://s-rtb-pb.send.microad.jp/prebid?spot=66933dcc698e60ff47da5b8ff0788b68&url=https%3A%2F%2Fby-them.com%2F430811&referrer=https%3A%2F%2Fby-them.com%2F430811&bid_id=47c221d66f615b3&transaction_id=082a05c6-853f-4385-a988-5670cb9b1171&media_types=1&cbt=2454db357d63c6017c7e1d88e8

Requested by

Host: flux-cdn.com
URL: https://flux-cdn.com/client/mag2/flux_bythem_AS_TM_AT.min.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

202.233.84.2 , Japan, ASN131957 (MICROAD MicroAd, Inc., JP),

Reverse DNS

Software

nginx /

Resource Hash

eafb4bf577f5c3be774b5a16fb3729c76c6487f5e210b2a55b962d2acee40638

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://by-them.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

date: Thu, 14 Oct 2021 09:23:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: nginx
strict-transport-security: max-age=86400
p3p: policyref="http://www.microad.jp/w3c/p3p.xml",CP="NOI DSP COR NID DEVo PSAo OUR STP STA PRE
access-control-allow-origin: https://by-them.com
access-control-allow-credentials: true
content-type: application/json;charset=UTF-8
x-xss-protection: 1; mode=block

GET
H/1.1 200
OK v1 Show response
d.socdm.com/adsv/ 1 KB
2 KB 744ms
251ms XHR
application/json 202.241.208.56
IDCF IDC Frontier...

General

Check archive.org

Show headers Download Go to

Full URL: https://d.socdm.com/adsv/v1?posall=SSPLOC&id=130727&sdktype=0&hb=true&t=json3&transactionid=082a05c6-853f-4385-a988-5670cb9b1171&sizes=300x250%2C336x280&currency=JPY&pbver=4.40.0&sdkname=prebidjs&adapterver=1.0.1&imark=1&tp=https%3A%2F%2Fby-them.com%2F430811
Requested by: Host: flux-cdn.com
URL: https://flux-cdn.com/client/mag2/flux_bythem_AS_TM_AT.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 202.241.208.56 , Japan, ASN4694 (IDCF IDC Frontier Inc., JP),
Reverse DNS
Software: nginx /
Resource Hash: a435402371d94f630675d59b615ea7d90627d1087f00538dc60c60ca011999f0

Request headers

Referer: https://by-them.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

Date: Thu, 14 Oct 2021 09:23:57 GMT
X-SO-LB-Data: {"ban":false,"clean_query":"\/adsv\/v1?adapterver=1.0.1&currency=JPY&hb=true&id=130727&imark=1&pbver=4.40.0&posall=SSPLOC&sdkname=prebidjs&sdktype=0&sizes=300x250%2C336x280&t=json3&tp=https%3A%2F%2Fby-them.com%2F430811&transactionid=082a05c6-853f-4385-a988-5670cb9b1171","cluster_id":1,"gdpr":true,"ipv4":"0.0.0.0","key":"YWf3LcCo5uYAANqCozUAAAAA","privacy_sensitive":true,"uid":"","upstream_id":"m-ad2"}
X-SO-Key: YWf3LcCo5uYAANqCozUAAAAA
X-SO-Upstream-ID: m-ad2
P3P: CP="See also http://www.scaleout.jp/privacy/"
X-SO-HostName: m-ad2.dc4p.scaleout.jp
Connection: keep-alive
Content-Length: 1090
X-SO-IP: 91.199.118.79
X-SO-Cluster-ID: 1
Server: nginx
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://by-them.com
Cache-Control: private
Access-Control-Allow-Credentials: true
X-SO-Ads-Time: 7
X-SO-LB-Hostname: a-tgng40015.dc2p.scaleout.jp

GET
H/1.1 200
OK v1 Show response
d.socdm.com/adsv/ 1 KB
2 KB 755ms
253ms XHR
application/json 202.241.208.56
IDCF IDC Frontier...

General

Check archive.org

Show headers Download Go to

Full URL: https://d.socdm.com/adsv/v1?posall=SSPLOC&id=130726&sdktype=0&hb=true&t=json3&transactionid=59eddf6a-2017-42ae-876f-d23a14629250&sizes=300x250%2C336x280&currency=JPY&pbver=4.40.0&sdkname=prebidjs&adapterver=1.0.1&imark=1&tp=https%3A%2F%2Fby-them.com%2F430811
Requested by: Host: flux-cdn.com
URL: https://flux-cdn.com/client/mag2/flux_bythem_AS_TM_AT.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 202.241.208.56 , Japan, ASN4694 (IDCF IDC Frontier Inc., JP),
Reverse DNS
Software: nginx /
Resource Hash: 3a84dd0551d8700b259d3414bf5113a2ab502ba78e5135f4787bf043328d34c4

Request headers

Referer: https://by-them.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

Date: Thu, 14 Oct 2021 09:23:57 GMT
X-SO-LB-Data: {"ban":false,"clean_query":"\/adsv\/v1?adapterver=1.0.1&currency=JPY&hb=true&id=130726&imark=1&pbver=4.40.0&posall=SSPLOC&sdkname=prebidjs&sdktype=0&sizes=300x250%2C336x280&t=json3&tp=https%3A%2F%2Fby-them.com%2F430811&transactionid=59eddf6a-2017-42ae-876f-d23a14629250","cluster_id":29,"gdpr":true,"ipv4":"0.0.0.0","key":"YWf3LcCo5ukAAHlLwCcAAAAA","privacy_sensitive":true,"uid":"","upstream_id":"m-ad349"}
X-SO-Key: YWf3LcCo5ukAAHlLwCcAAAAA
X-SO-Upstream-ID: m-ad349
P3P: CP="See also http://www.scaleout.jp/privacy/"
X-SO-HostName: m-ad349.dc4p.scaleout.jp
Connection: keep-alive
Content-Length: 1096
X-SO-IP: 91.199.118.79
X-SO-Cluster-ID: 29
Server: nginx
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://by-them.com
Cache-Control: private
Access-Control-Allow-Credentials: true
X-SO-Ads-Time: 4
X-SO-LB-Hostname: a-tgng40018.dc2p.scaleout.jp

GET
H/1.1 200
OK v1 Show response
d.socdm.com/adsv/ 1 KB
2 KB 759ms
256ms XHR
application/json 202.241.208.56
IDCF IDC Frontier...

General

Check archive.org

Show headers Download Go to

Full URL: https://d.socdm.com/adsv/v1?posall=SSPLOC&id=130728&sdktype=0&hb=true&t=json3&transactionid=6dd7870b-69fe-4c0e-8752-a401aebcef1e&sizes=300x250%2C336x280&currency=JPY&pbver=4.40.0&sdkname=prebidjs&adapterver=1.0.1&imark=1&tp=https%3A%2F%2Fby-them.com%2F430811
Requested by: Host: flux-cdn.com
URL: https://flux-cdn.com/client/mag2/flux_bythem_AS_TM_AT.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 202.241.208.56 , Japan, ASN4694 (IDCF IDC Frontier Inc., JP),
Reverse DNS
Software: nginx /
Resource Hash: 84bf2026905727b92c7082686d99228d7abf167540d73764bf1a05ea8de70db6

Request headers

Referer: https://by-them.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

Date: Thu, 14 Oct 2021 09:23:57 GMT
X-SO-LB-Data: {"ban":false,"clean_query":"\/adsv\/v1?adapterver=1.0.1&currency=JPY&hb=true&id=130728&imark=1&pbver=4.40.0&posall=SSPLOC&sdkname=prebidjs&sdktype=0&sizes=300x250%2C336x280&t=json3&tp=https%3A%2F%2Fby-them.com%2F430811&transactionid=6dd7870b-69fe-4c0e-8752-a401aebcef1e","cluster_id":14,"gdpr":true,"ipv4":"0.0.0.0","key":"YWf3LcCo5s0AAJsqNCIAAAAA","privacy_sensitive":true,"uid":"","upstream_id":"m-ad49"}
X-SO-Key: YWf3LcCo5s0AAJsqNCIAAAAA
X-SO-Upstream-ID: m-ad49
P3P: CP="See also http://www.scaleout.jp/privacy/"
X-SO-HostName: m-ad49.dc4p.scaleout.jp
Connection: keep-alive
Content-Length: 1093
X-SO-IP: 91.199.118.79
X-SO-Cluster-ID: 14
Server: nginx
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://by-them.com
Cache-Control: private
Access-Control-Allow-Credentials: true
X-SO-Ads-Time: 6
X-SO-LB-Hostname: a-tgng40009.dc2p.scaleout.jp

GET
H/1.1 200
OK v1 Show response
d.socdm.com/adsv/ 1 KB
2 KB 775ms
261ms XHR
application/json 202.241.208.56
IDCF IDC Frontier...

General

Check archive.org

Show headers Download Go to

Full URL: https://d.socdm.com/adsv/v1?posall=SSPLOC&id=130732&sdktype=0&hb=true&t=json3&transactionid=4c995abf-e90d-4981-ab2d-29e01df7f2f4&sizes=300x250%2C336x280&currency=JPY&pbver=4.40.0&sdkname=prebidjs&adapterver=1.0.1&imark=1&tp=https%3A%2F%2Fby-them.com%2F430811
Requested by: Host: flux-cdn.com
URL: https://flux-cdn.com/client/mag2/flux_bythem_AS_TM_AT.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 202.241.208.56 , Japan, ASN4694 (IDCF IDC Frontier Inc., JP),
Reverse DNS
Software: nginx /
Resource Hash: 99243c1aef0d8ef9f1df2206313d998290e7771f3fb731faa6e32ce90d4092fe

Request headers

Referer: https://by-them.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

Date: Thu, 14 Oct 2021 09:23:57 GMT
X-SO-LB-Data: {"ban":false,"clean_query":"\/adsv\/v1?adapterver=1.0.1&currency=JPY&hb=true&id=130732&imark=1&pbver=4.40.0&posall=SSPLOC&sdkname=prebidjs&sdktype=0&sizes=300x250%2C336x280&t=json3&tp=https%3A%2F%2Fby-them.com%2F430811&transactionid=4c995abf-e90d-4981-ab2d-29e01df7f2f4","cluster_id":31,"gdpr":true,"ipv4":"0.0.0.0","key":"YWf3LcCo5tEAAHZlLoEAAAAA","privacy_sensitive":true,"uid":"","upstream_id":"a-ad40237"}
X-SO-Key: YWf3LcCo5tEAAHZlLoEAAAAA
X-SO-Upstream-ID: a-ad40237
P3P: CP="See also http://www.scaleout.jp/privacy/"
X-SO-HostName: a-ad40237.dc2p.scaleout.jp
Connection: keep-alive
Content-Length: 1102
X-SO-IP: 91.199.118.79
X-SO-Cluster-ID: 31
Server: nginx
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://by-them.com
Cache-Control: private
Access-Control-Allow-Credentials: true
X-SO-Ads-Time: 6
X-SO-LB-Hostname: a-tgng40013.dc2p.scaleout.jp

GET
H/1.1 200
OK v1 Show response
d.socdm.com/adsv/ 1 KB
2 KB 789ms
268ms XHR
application/json 202.241.208.56
IDCF IDC Frontier...

General

Check archive.org

Show headers Download Go to

Full URL: https://d.socdm.com/adsv/v1?posall=SSPLOC&id=130733&sdktype=0&hb=true&t=json3&transactionid=a71a9247-da22-48f6-9a34-a14c43a76558&sizes=300x250%2C336x280&currency=JPY&pbver=4.40.0&sdkname=prebidjs&adapterver=1.0.1&imark=1&tp=https%3A%2F%2Fby-them.com%2F430811
Requested by: Host: flux-cdn.com
URL: https://flux-cdn.com/client/mag2/flux_bythem_AS_TM_AT.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 202.241.208.56 , Japan, ASN4694 (IDCF IDC Frontier Inc., JP),
Reverse DNS
Software: nginx /
Resource Hash: 3bae151a5f81787b863515e8e99b41cb181a08183cc0cb855bb8207c6ad35991

Request headers

Referer: https://by-them.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

Date: Thu, 14 Oct 2021 09:23:57 GMT
X-SO-LB-Data: {"ban":false,"clean_query":"\/adsv\/v1?adapterver=1.0.1&currency=JPY&hb=true&id=130733&imark=1&pbver=4.40.0&posall=SSPLOC&sdkname=prebidjs&sdktype=0&sizes=300x250%2C336x280&t=json3&tp=https%3A%2F%2Fby-them.com%2F430811&transactionid=a71a9247-da22-48f6-9a34-a14c43a76558","cluster_id":52,"gdpr":true,"ipv4":"0.0.0.0","key":"YWf3LcCo5s4AADzhDYsAAAAA","privacy_sensitive":true,"uid":"","upstream_id":"m-ad372"}
X-SO-Key: YWf3LcCo5s4AADzhDYsAAAAA
X-SO-Upstream-ID: m-ad372
P3P: CP="See also http://www.scaleout.jp/privacy/"
X-SO-HostName: m-ad372.dc4p.scaleout.jp
Connection: keep-alive
Content-Length: 1096
X-SO-IP: 91.199.118.79
X-SO-Cluster-ID: 52
Server: nginx
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://by-them.com
Cache-Control: private
Access-Control-Allow-Credentials: true
X-SO-Ads-Time: 7
X-SO-LB-Hostname: a-tgng40010.dc2p.scaleout.jp

GET
H/1.1 200
OK v1 Show response
d.socdm.com/adsv/ 1 KB
2 KB 938ms
413ms XHR
application/json 202.241.208.56
IDCF IDC Frontier...

General

Check archive.org

Show headers Download Go to

Full URL: https://d.socdm.com/adsv/v1?posall=SSPLOC&id=130730&sdktype=0&hb=true&t=json3&transactionid=e3e759f4-6170-411f-a05a-7b5c47e8f3ba&sizes=300x250%2C336x280&currency=JPY&pbver=4.40.0&sdkname=prebidjs&adapterver=1.0.1&imark=1&tp=https%3A%2F%2Fby-them.com%2F430811
Requested by: Host: flux-cdn.com
URL: https://flux-cdn.com/client/mag2/flux_bythem_AS_TM_AT.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 202.241.208.56 , Japan, ASN4694 (IDCF IDC Frontier Inc., JP),
Reverse DNS
Software: nginx /
Resource Hash: 7b0edadd6444cade10f1f849a3f99f3b98a8cf32f9c5fe0320b1c9bc9c5b486d

Request headers

Referer: https://by-them.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

Date: Thu, 14 Oct 2021 09:23:58 GMT
X-SO-LB-Data: {"ban":false,"clean_query":"\/adsv\/v1?adapterver=1.0.1&currency=JPY&hb=true&id=130730&imark=1&pbver=4.40.0&posall=SSPLOC&sdkname=prebidjs&sdktype=0&sizes=300x250%2C336x280&t=json3&tp=https%3A%2F%2Fby-them.com%2F430811&transactionid=e3e759f4-6170-411f-a05a-7b5c47e8f3ba","cluster_id":63,"gdpr":true,"ipv4":"0.0.0.0","key":"YWf3LcCo5soAADkXdG0AAAAA","privacy_sensitive":true,"uid":"","upstream_id":"m-ad319"}
X-SO-Key: YWf3LcCo5soAADkXdG0AAAAA
X-SO-Upstream-ID: m-ad319
P3P: CP="See also http://www.scaleout.jp/privacy/"
X-SO-HostName: m-ad319.dc4p.scaleout.jp
Connection: keep-alive
Content-Length: 1096
X-SO-IP: 91.199.118.79
X-SO-Cluster-ID: 63
Server: nginx
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://by-them.com
Cache-Control: private
Access-Control-Allow-Credentials: true
X-SO-Ads-Time: 149
X-SO-LB-Hostname: a-tgng40006.dc2p.scaleout.jp

GET
H/1.1 200
OK v1 Show response
d.socdm.com/adsv/ 1 KB
2 KB 991ms
247ms XHR
application/json 202.241.208.56
IDCF IDC Frontier...

General

Check archive.org

Show headers Download Go to

Full URL: https://d.socdm.com/adsv/v1?posall=SSPLOC&id=130731&sdktype=0&hb=true&t=json3&transactionid=3d8cf562-db10-4e24-9dee-269b108b1c70&sizes=300x250%2C336x280&currency=JPY&pbver=4.40.0&sdkname=prebidjs&adapterver=1.0.1&imark=1&tp=https%3A%2F%2Fby-them.com%2F430811
Requested by: Host: flux-cdn.com
URL: https://flux-cdn.com/client/mag2/flux_bythem_AS_TM_AT.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 202.241.208.56 , Japan, ASN4694 (IDCF IDC Frontier Inc., JP),
Reverse DNS
Software: nginx /
Resource Hash: c8b1cac7f0854e36b435a741dab9e62c8ff33ddef776a85405a42e0095c04cb5

Request headers

Referer: https://by-them.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

Date: Thu, 14 Oct 2021 09:23:58 GMT
X-SO-LB-Data: {"ban":false,"clean_query":"\/adsv\/v1?adapterver=1.0.1&currency=JPY&hb=true&id=130731&imark=1&pbver=4.40.0&posall=SSPLOC&sdkname=prebidjs&sdktype=0&sizes=300x250%2C336x280&t=json3&tp=https%3A%2F%2Fby-them.com%2F430811&transactionid=3d8cf562-db10-4e24-9dee-269b108b1c70","cluster_id":42,"gdpr":true,"ipv4":"0.0.0.0","key":"YWf3LsCo5uYAANqCoz0AAAAA","privacy_sensitive":true,"uid":"","upstream_id":"m-ad298"}
X-SO-Key: YWf3LsCo5uYAANqCoz0AAAAA
X-SO-Upstream-ID: m-ad298
P3P: CP="See also http://www.scaleout.jp/privacy/"
X-SO-HostName: m-ad298.dc4p.scaleout.jp
Connection: keep-alive
Content-Length: 1096
X-SO-IP: 91.199.118.79
X-SO-Cluster-ID: 42
Server: nginx
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://by-them.com
Cache-Control: private
Access-Control-Allow-Credentials: true
X-SO-Ads-Time: 3
X-SO-LB-Hostname: a-tgng40015.dc2p.scaleout.jp

GET
H/1.1 200
OK v1 Show response
d.socdm.com/adsv/ 1 KB
2 KB 1007ms
252ms XHR
application/json 202.241.208.56
IDCF IDC Frontier...

General

Check archive.org

Show headers Download Go to

Full URL: https://d.socdm.com/adsv/v1?posall=SSPLOC&id=130729&sdktype=0&hb=true&t=json3&transactionid=3bf2fe6f-3d8f-4e40-8806-51cc2876dad5&sizes=728x90&currency=JPY&pbver=4.40.0&sdkname=prebidjs&adapterver=1.0.1&imark=1&tp=https%3A%2F%2Fby-them.com%2F430811
Requested by: Host: flux-cdn.com
URL: https://flux-cdn.com/client/mag2/flux_bythem_AS_TM_AT.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 202.241.208.56 , Japan, ASN4694 (IDCF IDC Frontier Inc., JP),
Reverse DNS
Software: nginx /
Resource Hash: c9ce6b8c3162263da735be38a1a659faec884e863f61da6ae8af240ec26d1f04

Request headers

Referer: https://by-them.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

Date: Thu, 14 Oct 2021 09:23:58 GMT
X-SO-LB-Data: {"ban":false,"clean_query":"\/adsv\/v1?adapterver=1.0.1&currency=JPY&hb=true&id=130729&imark=1&pbver=4.40.0&posall=SSPLOC&sdkname=prebidjs&sdktype=0&sizes=728x90&t=json3&tp=https%3A%2F%2Fby-them.com%2F430811&transactionid=3bf2fe6f-3d8f-4e40-8806-51cc2876dad5","cluster_id":20,"gdpr":true,"ipv4":"0.0.0.0","key":"YWf3LsCo5ukAAHlLwC0AAAAA","privacy_sensitive":true,"uid":"","upstream_id":"a-ad40336"}
X-SO-Key: YWf3LsCo5ukAAHlLwC0AAAAA
X-SO-Upstream-ID: a-ad40336
P3P: CP="See also http://www.scaleout.jp/privacy/"
X-SO-HostName: a-ad40336.dc2p.scaleout.jp
Connection: keep-alive
Content-Length: 1102
X-SO-IP: 91.199.118.79
X-SO-Cluster-ID: 20
Server: nginx
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://by-them.com
Cache-Control: private
Access-Control-Allow-Credentials: true
X-SO-Ads-Time: 3
X-SO-LB-Hostname: a-tgng40018.dc2p.scaleout.jp

GET
H2 200 cygnus Show response
htlb.casalemedia.com/ 25 B
370 B 152ms
127ms XHR
application/json 23.37.38.181
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://htlb.casalemedia.com/cygnus?s=614527&v=7.2&ac=j&sd=1&r=%7B%22id%22%3A%225785f7a02122c18%22%2C%22site%22%3A%7B%22page%22%3A%22https%3A%2F%2Fby-them.com%2F430811%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%2C%22ixdiag%22%3A%7B%22mfu%22%3A0%2C%22bu%22%3A8%2C%22iu%22%3A0%2C%22nu%22%3A0%2C%22ou%22%3A0%2C%22allu%22%3A8%2C%22ren%22%3Afalse%2C%22version%22%3A%224.40.0%22%2C%22userIds%22%3A%5B%5D%2C%22msd%22%3A0%2C%22msi%22%3A0%7D%7D%2C%22imp%22%3A%5B%7B%22id%22%3A%22583a9952d0edcb9%22%2C%22ext%22%3A%7B%22siteID%22%3A%22614527%22%2C%22sid%22%3A%22300x250%22%7D%2C%22banner%22%3A%7B%22w%22%3A300%2C%22h%22%3A250%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%2259b4ea9017087ab%22%2C%22ext%22%3A%7B%22siteID%22%3A%22614527%22%2C%22sid%22%3A%22336x280%22%7D%2C%22banner%22%3A%7B%22w%22%3A336%2C%22h%22%3A280%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%22604cd5bb854c7ca%22%2C%22ext%22%3A%7B%22siteID%22%3A%22614529%22%2C%22sid%22%3A%22300x250%22%7D%2C%22banner%22%3A%7B%22w%22%3A300%2C%22h%22%3A250%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%2261d0e10451bca79%22%2C%22ext%22%3A%7B%22siteID%22%3A%22614529%22%2C%22sid%22%3A%22336x280%22%7D%2C%22banner%22%3A%7B%22w%22%3A336%2C%22h%22%3A280%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%2262bee00245a9e77%22%2C%22ext%22%3A%7B%22siteID%22%3A%22614531%22%2C%22sid%22%3A%22300x250%22%7D%2C%22banner%22%3A%7B%22w%22%3A300%2C%22h%22%3A250%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%226389451fce885de%22%2C%22ext%22%3A%7B%22siteID%22%3A%22614531%22%2C%22sid%22%3A%22336x280%22%7D%2C%22banner%22%3A%7B%22w%22%3A336%2C%22h%22%3A280%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%22642d9e663476c09%22%2C%22ext%22%3A%7B%22siteID%22%3A%22614539%22%2C%22sid%22%3A%22300x250%22%7D%2C%22banner%22%3A%7B%22w%22%3A300%2C%22h%22%3A250%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%2265d51f0ee3884af%22%2C%22ext%22%3A%7B%22siteID%22%3A%22614539%22%2C%22sid%22%3A%22336x280%22%7D%2C%22banner%22%3A%7B%22w%22%3A336%2C%22h%22%3A280%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%226699c3d8c28598c%22%2C%22ext%22%3A%7B%22siteID%22%3A%22614541%22%2C%22sid%22%3A%22300x250%22%7D%2C%22banner%22%3A%7B%22w%22%3A300%2C%22h%22%3A250%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%22675b4d382f23908%22%2C%22ext%22%3A%7B%22siteID%22%3A%22614541%22%2C%22sid%22%3A%22336x280%22%7D%2C%22banner%22%3A%7B%22w%22%3A336%2C%22h%22%3A280%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%22680b9d4d9227985%22%2C%22ext%22%3A%7B%22siteID%22%3A%22614535%22%2C%22sid%22%3A%22300x250%22%7D%2C%22banner%22%3A%7B%22w%22%3A300%2C%22h%22%3A250%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%2269afb885fed1b05%22%2C%22ext%22%3A%7B%22siteID%22%3A%22614535%22%2C%22sid%22%3A%22336x280%22%7D%2C%22banner%22%3A%7B%22w%22%3A336%2C%22h%22%3A280%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%227068014b9849a39%22%2C%22ext%22%3A%7B%22siteID%22%3A%22614537%22%2C%22sid%22%3A%22300x250%22%7D%2C%22banner%22%3A%7B%22w%22%3A300%2C%22h%22%3A250%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%2271558825246311%22%2C%22ext%22%3A%7B%22siteID%22%3A%22614537%22%2C%22sid%22%3A%22336x280%22%7D%2C%22banner%22%3A%7B%22w%22%3A336%2C%22h%22%3A280%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%227243fe36fcee8d2%22%2C%22ext%22%3A%7B%22siteID%22%3A%22614533%22%2C%22sid%22%3A%22728x90%22%7D%2C%22banner%22%3A%7B%22w%22%3A728%2C%22h%22%3A90%2C%22topframe%22%3A1%7D%7D%5D%7D
Requested by: Host: flux-cdn.com
URL: https://flux-cdn.com/client/mag2/flux_bythem_AS_TM_AT.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.37.38.181 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-37-38-181.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: c419f5ddfbd3fccbbfd26d401af663e768288edd6f4859969e86f92e583e68fd

Request headers

Referer: https://by-them.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 14 Oct 2021 09:23:57 GMT
content-encoding: gzip
x-ak-initial-geo: CC:[DE], RC:[HE], CN:[EU], CIP:[91.199.118.79], XFF:[]
server: Apache
vary: Is-Traffic-Invalid,Accept-Encoding
content-type: application/json
access-control-allow-origin: https://by-them.com
x-cs-client-geo: 12
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: true
content-length: 45
x-ak-client-geo: 12
expires: Thu, 14 Oct 2021 09:23:57 GMT

GET
H2 200 prebid Show response
ad.as.amanad.adtdp.com/v2/ 69 B
581 B 250ms
231ms XHR
application/json 18.66.97.115
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.as.amanad.adtdp.com/v2/prebid?asi=nTH3r0hGR&skt=5&prebid_id=74aef64b10b6848&prebid_ver=4.40.0&page_url=https%3A%2F%2Fby-them.com%2F430811&
Requested by: Host: flux-cdn.com
URL: https://flux-cdn.com/client/mag2/flux_bythem_AS_TM_AT.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.97.115 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 696f2ae2d6b10bc9948443a31844a85224d226a656529154c28c6df92e8a9fa0

Request headers

Referer: https://by-them.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

date: Thu, 14 Oct 2021 09:23:57 GMT
content-encoding: gzip
x-amz-cf-pop: FRA56-P2
x-cache: Miss from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 92
pragma: no-cache
access-control-allow-origin: https://by-them.com
x-amzn-trace-id: Root=1-00000000-000000000000000000000000
vary: Accept-Encoding
content-type: application/json; charset=UTF-8
via: 1.1 c387974a86541bbcc6c5141a85eeaf36.cloudfront.net (CloudFront)
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-amz-cf-id: qI_onH_31TYPIkg2A1uUtOpb_c1HRfdvu9UoYPL6ltz4qTvSXHKm7Q==
expires: Thu, 01 Jan 1970 09:00:00 GMT

GET
H2 200 prebid Show response
ad.as.amanad.adtdp.com/v2/ 69 B
580 B 251ms
232ms XHR
application/json 18.66.97.115
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.as.amanad.adtdp.com/v2/prebid?asi=7AmerAhGR&skt=5&prebid_id=75ad3a7ecd3ef98&prebid_ver=4.40.0&page_url=https%3A%2F%2Fby-them.com%2F430811&
Requested by: Host: flux-cdn.com
URL: https://flux-cdn.com/client/mag2/flux_bythem_AS_TM_AT.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.97.115 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 696f2ae2d6b10bc9948443a31844a85224d226a656529154c28c6df92e8a9fa0

Request headers

Referer: https://by-them.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

date: Thu, 14 Oct 2021 09:23:57 GMT
content-encoding: gzip
x-amz-cf-pop: FRA56-P2
x-cache: Miss from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 92
pragma: no-cache
access-control-allow-origin: https://by-them.com
x-amzn-trace-id: Root=1-00000000-000000000000000000000000
vary: Accept-Encoding
content-type: application/json; charset=UTF-8
via: 1.1 c387974a86541bbcc6c5141a85eeaf36.cloudfront.net (CloudFront)
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-amz-cf-id: ddmSh4aKCMods2O0Wi2OFbODckzo9sbGj4-kciM3ABQs5VR3FmUInw==
expires: Thu, 01 Jan 1970 09:00:00 GMT

GET
H2 200 prebid Show response
ad.as.amanad.adtdp.com/v2/ 69 B
582 B 249ms
230ms XHR
application/json 18.66.97.115
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.as.amanad.adtdp.com/v2/prebid?asi=Fs_Kj0hMR&skt=5&prebid_id=76bf7281797d6ad&prebid_ver=4.40.0&page_url=https%3A%2F%2Fby-them.com%2F430811&
Requested by: Host: flux-cdn.com
URL: https://flux-cdn.com/client/mag2/flux_bythem_AS_TM_AT.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.97.115 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 696f2ae2d6b10bc9948443a31844a85224d226a656529154c28c6df92e8a9fa0

Request headers

Referer: https://by-them.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

date: Thu, 14 Oct 2021 09:23:57 GMT
content-encoding: gzip
x-amz-cf-pop: FRA56-P2
x-cache: Miss from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 92
pragma: no-cache
access-control-allow-origin: https://by-them.com
x-amzn-trace-id: Root=1-00000000-000000000000000000000000
vary: Accept-Encoding
content-type: application/json; charset=UTF-8
via: 1.1 c387974a86541bbcc6c5141a85eeaf36.cloudfront.net (CloudFront)
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-amz-cf-id: A8UTE_0elRiqMV4QVBBihkUjMnH1bHy7kpHUlXiR4l868DUVmGOhXA==
expires: Thu, 01 Jan 1970 09:00:00 GMT

GET
H2 200 prebid Show response
ad.as.amanad.adtdp.com/v2/ 69 B
581 B 250ms
231ms XHR
application/json 18.66.97.115
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.as.amanad.adtdp.com/v2/prebid?asi=J4zbjAhGR&skt=5&prebid_id=77730f00c28fecf&prebid_ver=4.40.0&page_url=https%3A%2F%2Fby-them.com%2F430811&
Requested by: Host: flux-cdn.com
URL: https://flux-cdn.com/client/mag2/flux_bythem_AS_TM_AT.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.97.115 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 696f2ae2d6b10bc9948443a31844a85224d226a656529154c28c6df92e8a9fa0

Request headers

Referer: https://by-them.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

date: Thu, 14 Oct 2021 09:23:57 GMT
content-encoding: gzip
x-amz-cf-pop: FRA56-P2
x-cache: Miss from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 92
pragma: no-cache
access-control-allow-origin: https://by-them.com
x-amzn-trace-id: Root=1-00000000-000000000000000000000000
vary: Accept-Encoding
content-type: application/json; charset=UTF-8
via: 1.1 c387974a86541bbcc6c5141a85eeaf36.cloudfront.net (CloudFront)
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-amz-cf-id: OFu1I3yGdgFJHUV1deps6yVjPBvUelPPq4nvn01mCBrGyr70hfN2hA==
expires: Thu, 01 Jan 1970 09:00:00 GMT

GET
H2 200 prebid Show response
ad.as.amanad.adtdp.com/v2/ 69 B
581 B 251ms
233ms XHR
application/json 18.66.97.115
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.as.amanad.adtdp.com/v2/prebid?asi=9iz-j0hGR&skt=5&prebid_id=78be8022e5fb8af&prebid_ver=4.40.0&page_url=https%3A%2F%2Fby-them.com%2F430811&
Requested by: Host: flux-cdn.com
URL: https://flux-cdn.com/client/mag2/flux_bythem_AS_TM_AT.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.97.115 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 696f2ae2d6b10bc9948443a31844a85224d226a656529154c28c6df92e8a9fa0

Request headers

Referer: https://by-them.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

date: Thu, 14 Oct 2021 09:23:57 GMT
content-encoding: gzip
x-amz-cf-pop: FRA56-P2
x-cache: Miss from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 92
pragma: no-cache
access-control-allow-origin: https://by-them.com
x-amzn-trace-id: Root=1-00000000-000000000000000000000000
vary: Accept-Encoding
content-type: application/json; charset=UTF-8
via: 1.1 c387974a86541bbcc6c5141a85eeaf36.cloudfront.net (CloudFront)
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-amz-cf-id: _a66FnQWnjEromFalF2CwOwdwFbW9levoXNIlHW4ezZeaNgfMCLhtA==
expires: Thu, 01 Jan 1970 09:00:00 GMT

GET
H2 200 prebid Show response
ad.as.amanad.adtdp.com/v2/ 69 B
582 B 250ms
232ms XHR
application/json 18.66.97.115
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.as.amanad.adtdp.com/v2/prebid?asi=-AG2CA2Mg&skt=5&prebid_id=79ea03804f1989&prebid_ver=4.40.0&page_url=https%3A%2F%2Fby-them.com%2F430811&
Requested by: Host: flux-cdn.com
URL: https://flux-cdn.com/client/mag2/flux_bythem_AS_TM_AT.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.97.115 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 696f2ae2d6b10bc9948443a31844a85224d226a656529154c28c6df92e8a9fa0

Request headers

Referer: https://by-them.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

date: Thu, 14 Oct 2021 09:23:57 GMT
content-encoding: gzip
x-amz-cf-pop: FRA56-P2
x-cache: Miss from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 92
pragma: no-cache
access-control-allow-origin: https://by-them.com
x-amzn-trace-id: Root=1-00000000-000000000000000000000000
vary: Accept-Encoding
content-type: application/json; charset=UTF-8
via: 1.1 c387974a86541bbcc6c5141a85eeaf36.cloudfront.net (CloudFront)
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-amz-cf-id: erYqp2CFFOOtC_oHuQ8ykVW4tKFFuZ2y--hOG47xyI3SGmwU8qOPpw==
expires: Thu, 01 Jan 1970 09:00:00 GMT

GET
H2 200 prebid Show response
ad.as.amanad.adtdp.com/v2/ 69 B
581 B 467ms
449ms XHR
application/json 18.66.97.115
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.as.amanad.adtdp.com/v2/prebid?asi=6omJCAhGR&skt=5&prebid_id=80cb739e6317e24&prebid_ver=4.40.0&page_url=https%3A%2F%2Fby-them.com%2F430811&
Requested by: Host: flux-cdn.com
URL: https://flux-cdn.com/client/mag2/flux_bythem_AS_TM_AT.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.97.115 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 696f2ae2d6b10bc9948443a31844a85224d226a656529154c28c6df92e8a9fa0

Request headers

Referer: https://by-them.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

date: Thu, 14 Oct 2021 09:23:57 GMT
content-encoding: gzip
x-amz-cf-pop: FRA56-P2
x-cache: Miss from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 92
pragma: no-cache
access-control-allow-origin: https://by-them.com
x-amzn-trace-id: Root=1-00000000-000000000000000000000000
vary: Accept-Encoding
content-type: application/json; charset=UTF-8
via: 1.1 c387974a86541bbcc6c5141a85eeaf36.cloudfront.net (CloudFront)
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-amz-cf-id: lnmrxdDtRtLnu7yS5V6s3MGMQpZX99IjuFX6Qny1SX6c7DGrof9HQQ==
expires: Thu, 01 Jan 1970 09:00:00 GMT

GET
H2 200 prebid Show response
ad.as.amanad.adtdp.com/v2/ 69 B
580 B 262ms
244ms XHR
application/json 18.66.97.115
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.as.amanad.adtdp.com/v2/prebid?asi=s7scj02GR&skt=5&prebid_id=8175fc93cbd4a47&prebid_ver=4.40.0&page_url=https%3A%2F%2Fby-them.com%2F430811&
Requested by: Host: flux-cdn.com
URL: https://flux-cdn.com/client/mag2/flux_bythem_AS_TM_AT.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.97.115 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 696f2ae2d6b10bc9948443a31844a85224d226a656529154c28c6df92e8a9fa0

Request headers

Referer: https://by-them.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

date: Thu, 14 Oct 2021 09:23:57 GMT
content-encoding: gzip
x-amz-cf-pop: FRA56-P2
x-cache: Miss from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 92
pragma: no-cache
access-control-allow-origin: https://by-them.com
x-amzn-trace-id: Root=1-00000000-000000000000000000000000
vary: Accept-Encoding
content-type: application/json; charset=UTF-8
via: 1.1 c387974a86541bbcc6c5141a85eeaf36.cloudfront.net (CloudFront)
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-amz-cf-id: c1i2nDggnxOxAGWlaxHGvOdoh_TcbGWBQtOZ5S29clrkYzB4Gf89UA==
expires: Thu, 01 Jan 1970 09:00:00 GMT

GET
H2 200 bi.js Show response
cs.nakanohito.jp/b3/ 53 KB
18 KB 282ms
258ms Script
application/javascript 35.186.221.74
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://cs.nakanohito.jp/b3/bi.js
Requested by: Host: by-them.com
URL: https://by-them.com/430811
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.186.221.74 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 74.221.186.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: 599f9213d8ad0629d7df8f1eae30ac18c1f8d8ba8fc9bad5b1f5773bbbeb6d48

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://by-them.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 09:23:57 GMT
content-encoding: gzip
last-modified: Mon, 04 Oct 2021 10:44:47 GMT
server: nginx
etag: W/"615adb1f-d4b6"
p3p: policyref="http://b.nakanohito.jp/w3c/p3p.xml", CP="NOI DSP COR ADM DEV PSA OUR IND UNI COM NAV INT STA"
via: 1.1 google
cache-control: max-age=10800
cache_control: public
content-type: application/javascript
alt-svc: clear
expires: Thu, 14 Oct 2021 12:23:57 GMT

GET
H2 200 rating_1_over.gif
by-them.com/wp-content/plugins/wp-postratings/images/heart/ 767 B
1 KB 8ms
8ms Image
image/gif 13.32.121.11
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://by-them.com/wp-content/plugins/wp-postratings/images/heart/rating_1_over.gif
Requested by: Host: by-them.com
URL: https://by-them.com/430811
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.121.11 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-121-11.fra60.r.cloudfront.net
Software: nginx /
Resource Hash: dc9e6f830f0ece3b444003085ed6f2a9ecf49bdb9897216f7e4ad351431a326f

Request headers

:path: /wp-content/plugins/wp-postratings/images/heart/rating_1_over.gif
pragma: no-cache
cookie: wordpress_google_apps_login=d3991c4ae64cf799ed6c37fe3761900a; _ga=GA1.2.842165529.1634203437; _gid=GA1.2.727390644.1634203437; _gat_gtag_UA_142511850_1=1; _pbjs_userid_consent_data=3524755945110770
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: by-them.com
referer: https://by-them.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://by-them.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 07 Oct 2021 18:40:45 GMT
via: 1.1 fd38301adb0ceb6cf6c42567f371a2f5.cloudfront.net (CloudFront)
last-modified: Wed, 29 Sep 2021 06:37:13 GMT
server: nginx
age: 571391
etag: "61540999-2ff"
x-cache: Hit from cloudfront
content-type: image/gif
cache-control: max-age=604800
x-amz-cf-pop: FRA60-P1
accept-ranges: bytes
content-length: 767
x-amz-cf-id: y4XWkBNaizjWYI1JK6hA6ZFdXngClR6jfp1mw3WDDT_cQTWFSYIZKA==
expires: Thu, 14 Oct 2021 18:40:45 GMT

POST
H2 200 admin-ajax.php Show response
by-them.com/wp-admin/ 4 B
513 B 634ms
632ms XHR
text/html 13.32.121.11
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://by-them.com/wp-admin/admin-ajax.php

Requested by

Host: by-them.com
URL: https://by-them.com/wp-includes/js/jquery/jquery.js?ver=1.12.4

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.121.11 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-121-11.fra60.r.cloudfront.net

Software

nginx /

Resource Hash

11a6767d5674c7e45f7e00dc525762275b3a48491ad6045427d2609cc496c516

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

sec-fetch-mode: cors
origin: https://by-them.com
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
sec-fetch-dest: empty
x-requested-with: XMLHttpRequest
cookie: wordpress_google_apps_login=d3991c4ae64cf799ed6c37fe3761900a; _ga=GA1.2.842165529.1634203437; _gid=GA1.2.727390644.1634203437; _gat_gtag_UA_142511850_1=1; _pbjs_userid_consent_data=3524755945110770
content-length: 53
:path: /wp-admin/admin-ajax.php
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
content-type: application/x-www-form-urlencoded; charset=UTF-8
accept: */*
cache-control: no-cache
:authority: by-them.com
referer: https://by-them.com/
:scheme: https
sec-fetch-site: same-origin
:method: POST
Accept: */*
Referer: https://by-them.com/
X-Requested-With: XMLHttpRequest
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

date: Thu, 14 Oct 2021 09:23:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-amz-cf-pop: FRA60-P1
x-cache: Miss from cloudfront
access-control-allow-origin: https://by-them.com
referrer-policy: strict-origin-when-cross-origin
server: nginx
x-frame-options: SAMEORIGIN
content-type: text/html; charset=UTF-8
via: 1.1 fd38301adb0ceb6cf6c42567f371a2f5.cloudfront.net (CloudFront)
cache-control: no-cache, must-revalidate, max-age=0
access-control-allow-credentials: true
x-robots-tag: noindex
x-amz-cf-id: MZgVtLy_KwI6FRx1F8PhZpwLNIabZRZbsQo3ii1DSxlKaabRMlaeNg==
expires: Wed, 11 Jan 1984 05:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 1 B
457 B 42ms
14ms XHR
text/plain 2a00:1450:400c:c0c::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j93&tid=UA-142511850-1&cid=842165529.1634203437&jid=1066658384&gjid=1924786422&_gid=727390644.1634203437&_u=4GBAAUAAAAAAAC~&z=1173009425

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c0c::9d Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://by-them.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Thu, 14 Oct 2021 09:23:57 GMT
content-type: text/plain
access-control-allow-origin: https://by-them.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 en.json Show response
cdn-apac.onetrust.com/consent/1d2521eb-8d6e-408c-8231-40396d2acd11/6ed20968-f2cf-439e-9328-9aa9ddf8e993/ 91 KB
17 KB 34ms
34ms Fetch
application/x-javascript 2606:4700:10::6814:b944
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-apac.onetrust.com/consent/1d2521eb-8d6e-408c-8231-40396d2acd11/6ed20968-f2cf-439e-9328-9aa9ddf8e993/en.json

Requested by

Host: cdn-apac.onetrust.com
URL: https://cdn-apac.onetrust.com/scripttemplates/6.9.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6814:b944 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1f76af386d3d632532bbf21ce8b4287d8f525eb1b9c3d251492274bcbaed1dca

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://by-them.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 14 Oct 2021 09:23:57 GMT
content-encoding: gzip
vary: Accept-Encoding
cf-cache-status: HIT
content-md5: vtUuFtvzzL25IU87V1YU3g==
age: 263
content-length: 16842
x-ms-lease-status: unlocked
last-modified: Mon, 16 Nov 2020 10:42:59 GMT
server: cloudflare
etag: 0x8D88A1C63198107
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 57b346fd-101e-0077-6224-c0bbd7000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=14400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 69dfc07d39394de8-FRA

GET
H2 200 m Show response
use.typekit.net/af/e4cb74/00000000000000003b9b2cc7/27/ 144 KB
98 KB 149ms
149ms XHR
application/x-typekit-augmentation 2a02:26f0:6c00::210:ba0a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/e4cb74/00000000000000003b9b2cc7/27/m?unicode=AAACZgAAAAcuUEVwqwyBMTnK_yVhaGj_uhJzxNNXPGk0JyFNCh9qdv3LhuTov_5PxV0MogguL5IxgsLd5u1xUgePSz7na91ksV0LeF4RRkuJnHdYAAAALg&gdyn=eJztVc9r3EUU_7zZyWYSQ_3umkMK2k7KHoqoxBVBBMkkhJKDh4CXnDSbbGID-cXupq0iZDZNNdBLPNWTRPEQehCPXiSpePUmeNN68eBBc7C00Javb-Y73x-btv-A5MF-583Me5_3Pm_ezEIAIEC8V_pdnr9xJn6eJ04sZr1mfjmMPxsNVrZyTtvbVx9vxj9MPXh4iz5p1157-fCg9M5feq4sQTbCWXbB9EWpgRLUjAArwrljRJrII-8kEbBNkNpK1AwGJHuxITtbjLFWln04klDeUIefS8KOdqOyV_vcLiNy3Bs7wZu85Sh_pJKlKfMcrx7hTUTDKIqENbBRCQMiiSCNMVIoy55mBzMOZ25H_ghTznwMZ6DUHlAD55ykY0KxCHNuGCa7R6hz7VJxNRPoB3YzBt5SJCXWvUk5c87nG785rAe9m1_V5OvDdcmNwzGFFDwWWbeCC-laGsqRVENBSfm4w0jqYhy4dKNCFJwqlgo8koRTURlQVeyUgH2Lrp92eV1iV0FZ3zHa7gfePl-VhzfYjxJqeVYqJ2JyhonU-DeYTqYn3wWGvBmlcA6M0um-n0L1OVIiQ55wiuiy65SW6K3-CSFJvO_gkp7NrK3gxfk80yACxWoFsSf0OhnsbRw1cG6yP7tovNOdufft4d-Ht9RWXL-WXykdX-dm1JzApbdwvHU8_kX8elxK-A6_MntTfDd7k7RBnMsW7tRRKEkuJ6ZRob7iThyPOzbHJRfsz_OO2KNxWA72IH4Y3-ft93E35jbu_7InWOgWFJRnSW-zi4lk3H2q7T5OHP-laxa3f7v36-P71T_--aB89-fPvz949PWZfw-u24pjMokmXLt9FVnfGGbA1Ttpt7kocK-GHlZlsFmEPVAtSu8ciN8JfqPchXghpGpROMJPJUa8Mux2PaKMqiLxlt6S3zUbaQxF9KrbLv0EY3p4cTR2mBxCTemwQFRhfZv1ijAk3RNb5WY6WywctOYm5penmqbTlwyhRjMMW3alzC6p21B4kT1F6mLzN0FkpEJSyV2IvHvV8dEiAbHpKYzkxgGjkF6Sh8Bu8cxcTR1JPYbemzYRUgay60U6HJHClEPOH5vCe-VRAtC0ioZ8aJmZRtAXeHswyWk78Pb56kJ4spNFvMJgk4x6G5mLjouZ_UAF_s8JlDL1Rc1o22SmpQMZyJAl84OSYgxRN3raO5GLjGQANH6eHR8GeXGX8jC5CJwU0aOPZ2Vkdm9DyyfsT-VUTuV_IS81GisdWmi0F2lhYXWDmivLH1JzbX2VllqNBVq6utyky8vtDl12Gm82aGVtc5VW1hdWiJUWrbvpequ5RhtO23B2rc35j6jtkNvLa0vUbo_V3ecNam_Ot_mz0aaOM-60Gk26stjq0JVWp04fL7bW6T868e42&v=3
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/ikd7xws.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00::210:ba0a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: 9b1173ebcc658a2ebef8a70059204b4a854bb8fc2319e0f2f794370f822efc89

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://by-them.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 09:23:57 GMT
content-encoding: gzip
server: nginx
etag: W/"3ab043f46bb5665b7ed59b966e556e1d3c10a5a0"
vary: Accept-Encoding
content-type: application/x-typekit-augmentation
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *

OPTIONS
H2 200 sid
mug.criteo.com/ Frame 0
0 46ms
13ms Preflight
application/json 178.250.2.146
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Server

178.250.2.146 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Origin: null
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
content-type: application/json; charset=utf-8
expires: 0
strict-transport-security: max-age=31536000
access-control-allow-origin: null
access-control-allow-headers: content-type
access-control-allow-credentials: true
access-control-allow-methods: GET
server-processing-duration-in-ticks: 811
date: Thu, 14 Oct 2021 09:23:56 GMT
content-encoding: gzip
vary: Accept-Encoding

GET set
sync.im-apps.net/imid/ 0
0

GET
H3-Q050 200 5dc2970ffebb6690aa584014cb6fa79a.jpg
speee-ad.akamaized.net/creatives/080c993fb3b58e26c1d2265bf9da0af3/ 31 KB
31 KB 11ms
10ms Image
image/webp 2.16.107.65
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://speee-ad.akamaized.net/creatives/080c993fb3b58e26c1d2265bf9da0af3/5dc2970ffebb6690aa584014cb6fa79a.jpg
Requested by: Host: by-them.com
URL: https://by-them.com/430811
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 2.16.107.65 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-16-107-65.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: ac0f5c2a0d77954a15a80c17b3ed8cdcdf529c316dacb462fa2dffc90367ed66

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://by-them.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 09:23:57 GMT
last-modified: Thu, 07 Oct 2021 09:44:35 GMT
server: AmazonS3
x-amz-request-id: C33YDXNX7YZEM98M
etag: "3dc091e7d0c83b60e9b3fb23a0fbcb5a"
content-type: image/webp
cache-control: public, max-age=86400
accept-ranges: bytes
alt-svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
content-length: 31854
x-amz-id-2: ITBmLk+aWU6adANr1sRJPL56Rp7jmpp8wVcQW3sxxeKZAagNtU0B5nHi0p6Ue64HnNjrGhA8cOE=
quic-version: Q050

GET
H3-Q050 200 7bd6dfe9faa35ddf89756c0d1a2712b4.jpg
speee-ad.akamaized.net/creatives/d8a4e572d866aa45da78418d9d2ff9f9/ 3 KB
4 KB 9ms
8ms Image
image/webp 2.16.107.65
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://speee-ad.akamaized.net/creatives/d8a4e572d866aa45da78418d9d2ff9f9/7bd6dfe9faa35ddf89756c0d1a2712b4.jpg
Requested by: Host: by-them.com
URL: https://by-them.com/430811
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 2.16.107.65 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-16-107-65.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 1bd2df57f6358ad13bf9fdf7dc857df6b1ffb01af172a129c3074906bd97e62f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://by-them.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 09:23:57 GMT
last-modified: Wed, 14 Apr 2021 03:42:47 GMT
server: AmazonS3
x-amz-request-id: 700BJBXH85ZRCFBJ
etag: "0affe42b37b50715b2150b72ebd1d4f6"
content-type: image/webp
cache-control: public, max-age=86400
accept-ranges: bytes
alt-svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
content-length: 3426
x-amz-id-2: avmcelDqOuuaiByKiNF+EgMSDoeJBWA5RsMLIqTA+cOMV2IXLntnVgh8YDfMLNgps94Jm2f8FuU=
quic-version: Q050

GET
H3-Q050 200 b1f1a455ed0e2575eccbbd86488d74ad.jpg
speee-ad.akamaized.net/creatives/191c62d342811d1a0d3d0528ec35cd2d/ 19 KB
20 KB 26ms
25ms Image
image/webp 2.16.107.65
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://speee-ad.akamaized.net/creatives/191c62d342811d1a0d3d0528ec35cd2d/b1f1a455ed0e2575eccbbd86488d74ad.jpg
Requested by: Host: by-them.com
URL: https://by-them.com/430811
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 2.16.107.65 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-16-107-65.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 156a5b72ad1271f2fd103a2cb83bd5f64873a4ec5f6ceb1cba6df86baf43b98a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://by-them.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 09:23:57 GMT
last-modified: Thu, 07 Oct 2021 09:45:24 GMT
server: AmazonS3
x-amz-request-id: YM6GBM6770J4VNV7
etag: "0b8429d82c26e83487e281deb1a8aedc"
content-type: image/webp
cache-control: public, max-age=86400
accept-ranges: bytes
alt-svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
content-length: 19838
x-amz-id-2: I89EN1gC4zj2eoPK2zrHpH0KMnXmn8AQmSE0lxOb8qEdDj4F+cBLiWsJGkkhkrAApXF4ScNsmSE=
quic-version: Q050

GET
H3-Q050 200 51422a87d69e8004dac47e4354c776cb.jpg
speee-ad.akamaized.net/creatives/8c5ebe834bb61a2e5ab8ef38f8d940f3/ 14 KB
14 KB 28ms
25ms Image
image/webp 2.16.107.65
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://speee-ad.akamaized.net/creatives/8c5ebe834bb61a2e5ab8ef38f8d940f3/51422a87d69e8004dac47e4354c776cb.jpg
Requested by: Host: by-them.com
URL: https://by-them.com/430811
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 2.16.107.65 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-16-107-65.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 4672bcdde06a259fba67ed236d97806d2b5a521620b314baa345c35013687e3d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://by-them.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 09:23:57 GMT
last-modified: Tue, 12 Oct 2021 07:35:37 GMT
server: AmazonS3
x-amz-request-id: 02Q9DJGFD4WDD3BY
etag: "26c18fc687cc35e1728a58ea6da202aa"
content-type: image/webp
cache-control: public, max-age=86400
accept-ranges: bytes
alt-svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
content-length: 14434
x-amz-id-2: KXb8si7uStbNzJhIn0aMO7fNCrLh6Zw9yexL0XRgmv7xVu5zuieIh5/ADBkcR0cU/Uj7UoGrxWE=
quic-version: Q050

GET
H3-Q050 200 e81c40725f17a9e46ada91b92e58100d.jpg
speee-ad.akamaized.net/creatives/e951ccd95572a67138f4572c1c7d7ee8/ 6 KB
6 KB 11ms
9ms Image
image/webp 2.16.107.65
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://speee-ad.akamaized.net/creatives/e951ccd95572a67138f4572c1c7d7ee8/e81c40725f17a9e46ada91b92e58100d.jpg
Requested by: Host: by-them.com
URL: https://by-them.com/430811
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 2.16.107.65 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-16-107-65.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: c7c27ade10ef0377ff7b44a277165679c95723259a5bba56c185e1a854a3211f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://by-them.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 09:23:57 GMT
last-modified: Fri, 12 Mar 2021 08:45:53 GMT
server: AmazonS3
x-amz-request-id: N4YNDVE5M2AFGQ1Y
etag: "33703d00e7fdee7488107f5756520eef"
content-type: image/webp
cache-control: public, max-age=86400
accept-ranges: bytes
alt-svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
content-length: 5688
x-amz-id-2: sdaUr7xixE1yEhXcgMizClIN3iNl/Kn7zMNlw3FaZYpK5NlmC7aOgKvi3PiRziMt6fRcgaoJ7uI=
quic-version: Q050

GET
H3-Q050 200 9eb2a9002c69600b4ed075a6046c2fd4.jpg
speee-ad.akamaized.net/articles/f337d999d9ad116a7b4f3d409fcc6480/ 6 KB
6 KB 106ms
103ms Image
image/webp 2.16.107.65
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://speee-ad.akamaized.net/articles/f337d999d9ad116a7b4f3d409fcc6480/9eb2a9002c69600b4ed075a6046c2fd4.jpg
Requested by: Host: by-them.com
URL: https://by-them.com/430811
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 2.16.107.65 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-16-107-65.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 42f04153d6b5c4dcae4e7e02a178cd6aef02a7727a92e4890bd9b460170208ac

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://by-them.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 09:23:57 GMT
last-modified: Sat, 17 Apr 2021 00:05:13 GMT
server: AmazonS3
x-amz-request-id: 9QAP3JX3MGTKFQDQ
etag: "9e2faddec9490c33a4b57746b238517c"
content-type: image/webp
cache-control: public, max-age=86400
accept-ranges: bytes
alt-svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
content-length: 6266
x-amz-id-2: hZDWr9ysJvizS62Ec0nFpwgr1YSQaUNt5dOHZjDhQGesaLRcQHYRVfTRNlLktAp2MY2xRkzF+M4=
quic-version: Q050

GET
H3-Q050 200 6af16915ea8ad401ae0a2eca60dbfd63.jpg
speee-ad.akamaized.net/articles/f337d999d9ad116a7b4f3d409fcc6480/ 23 KB
23 KB 1165ms
1162ms Image
image/webp 2.16.107.65
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://speee-ad.akamaized.net/articles/f337d999d9ad116a7b4f3d409fcc6480/6af16915ea8ad401ae0a2eca60dbfd63.jpg
Requested by: Host: by-them.com
URL: https://by-them.com/430811
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 2.16.107.65 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-16-107-65.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 5516a0696b838982acfa23cdc5b8a4ce05702d0b3ab611cf0eefcc8d5dbebca2

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://by-them.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 09:23:58 GMT
last-modified: Wed, 12 May 2021 03:19:41 GMT
server: AmazonS3
x-amz-request-id: FQJSSE5ACK0PK8BV
etag: "f026fd0de0e95f300e3d2e63ba4fa331"
content-type: image/webp
cache-control: public, max-age=86400
accept-ranges: bytes
alt-svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
content-length: 23126
x-amz-id-2: TIqGdUX7BeK2Z46Bm+mhViHivNrMXzTjumlwSXAvuqaVxoeKJ+h39HhlqM3J9opD3NtoWcAl4xw=
quic-version: Q050

GET
H3-Q050 200 e14169bb4b89d3a6b1e54a5bc7e05cb4.jpg
speee-ad.akamaized.net/articles/f337d999d9ad116a7b4f3d409fcc6480/ 9 KB
10 KB 38ms
35ms Image
image/webp 2.16.107.65
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://speee-ad.akamaized.net/articles/f337d999d9ad116a7b4f3d409fcc6480/e14169bb4b89d3a6b1e54a5bc7e05cb4.jpg
Requested by: Host: by-them.com
URL: https://by-them.com/430811
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 2.16.107.65 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-16-107-65.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 63660dc1a72874c8717b992e1ddb62fdcc2a6c5ec9ff680feb06cb3afb24ddb0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://by-them.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 09:23:57 GMT
last-modified: Wed, 28 Apr 2021 22:40:08 GMT
server: AmazonS3
x-amz-request-id: J1GQM8E3RS1ARRQX
etag: "6abc7e395e23ce09bd15e625952e3e26"
content-type: image/webp
cache-control: public, max-age=86400
accept-ranges: bytes
alt-svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
content-length: 9596
x-amz-id-2: YA3ENoPK/KCvYjbEa8J2kuUHAei8WW+obovxfs3y+N0s8LSx8uJzjWBrbDrTQMVZKu9EePBIQ6U=
quic-version: Q050

GET
H3-Q050 200 c337025a4164f69b818c7a06f0530cf5.jpg
speee-ad.akamaized.net/articles/f337d999d9ad116a7b4f3d409fcc6480/ 14 KB
14 KB 41ms
39ms Image
image/webp 2.16.107.65
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://speee-ad.akamaized.net/articles/f337d999d9ad116a7b4f3d409fcc6480/c337025a4164f69b818c7a06f0530cf5.jpg
Requested by: Host: by-them.com
URL: https://by-them.com/430811
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 2.16.107.65 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-16-107-65.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: fa6cfe6ec19f139b22e3d43c899e0ab406ffd4a2609541a7ddfc832673be415a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://by-them.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 09:23:57 GMT
last-modified: Wed, 19 May 2021 04:44:56 GMT
server: AmazonS3
x-amz-request-id: 5FR08V4QPT0SBS7B
etag: "4ca78736e4153dea63731084862258c8"
content-type: image/webp
cache-control: public, max-age=86400
accept-ranges: bytes
alt-svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
content-length: 14104
x-amz-id-2: //yJAfK72zaoxCHlRQ+UDCrX2HPL3PKehCyM3m4AdpZ/AdB1Xi9U1J+5I47KOaLARRCLg6BgipY=
quic-version: Q050

GET
H3-Q050 200 1aa31835163eaeb8d6415a741c8bc0ad.jpg
speee-ad.akamaized.net/articles/f337d999d9ad116a7b4f3d409fcc6480/ 6 KB
7 KB 1060ms
1057ms Image
image/webp 2.16.107.65
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://speee-ad.akamaized.net/articles/f337d999d9ad116a7b4f3d409fcc6480/1aa31835163eaeb8d6415a741c8bc0ad.jpg
Requested by: Host: by-them.com
URL: https://by-them.com/430811
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 2.16.107.65 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-16-107-65.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: bd2c5534fefc9cf7f874a413ee1a176e53874ede3b27417b021a4b4d630ed150

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://by-them.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 09:23:58 GMT
last-modified: Wed, 09 Jun 2021 03:04:41 GMT
server: AmazonS3
x-amz-request-id: FQJJZJTWGZ57K42D
etag: "8767a01c0e17ebea92eb80f044e48619"
content-type: image/webp
cache-control: public, max-age=86400
accept-ranges: bytes
alt-svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
content-length: 6506
x-amz-id-2: XMJkJASCP1EiIRssFuFJkL8Nm9cPVMIwLA34/PfX5ln2fKv9M9Ig5itwchfjAC1p2er0+dfUbMQ=
quic-version: Q050

GET
H3-Q050 200 1e13222b5b2fbfd1e026a51c34d95135.jpg
speee-ad.akamaized.net/creatives/9d068c869fd3e03fc606ec297fcd00be/ 18 KB
18 KB 30ms
27ms Image
image/webp 2.16.107.65
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://speee-ad.akamaized.net/creatives/9d068c869fd3e03fc606ec297fcd00be/1e13222b5b2fbfd1e026a51c34d95135.jpg
Requested by: Host: by-them.com
URL: https://by-them.com/430811
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 2.16.107.65 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-16-107-65.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: dbb0c1869617e99b983fc982317019ade8245759640b20768a154aa33a487416

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://by-them.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 09:23:57 GMT
last-modified: Tue, 05 Oct 2021 11:23:08 GMT
server: AmazonS3
x-amz-request-id: HAF36YAEDPK33157
etag: "877ceaa70137b8b405dd13afd038e05e"
content-type: image/webp
cache-control: public, max-age=86400
accept-ranges: bytes
alt-svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
content-length: 18368
x-amz-id-2: b3J4lwLUNW8U77yyzlhjka5Wmmhy7l8lXaotkueANFhXHhUpdeCO8/OnHpXgVFVyZltDI5x00hI=
quic-version: Q050

GET
H3-Q050 200 20b4d7b6ff8847e18b7cc23c757cb8e0.jpg
speee-ad.akamaized.net/creatives/8011ecba39754a741ff861d810a7601f/ 42 KB
42 KB 30ms
27ms Image
image/webp 2.16.107.65
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://speee-ad.akamaized.net/creatives/8011ecba39754a741ff861d810a7601f/20b4d7b6ff8847e18b7cc23c757cb8e0.jpg
Requested by: Host: by-them.com
URL: https://by-them.com/430811
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 2.16.107.65 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-16-107-65.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 5af6d07713cb42cbe7ee89156054b7c78d8ab8f308ac708628e69b6591c4a7c7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://by-them.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 09:23:57 GMT
last-modified: Mon, 05 Jul 2021 01:59:46 GMT
server: AmazonS3
x-amz-request-id: 43F42TZDMHEF5FRK
etag: "544f9667308f69866aa25410eec59c1f"
content-type: image/webp
cache-control: public, max-age=86400
accept-ranges: bytes
alt-svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
content-length: 43252
x-amz-id-2: s2NwFuJiU074E7/OCkGiMvlO47zAqnJUsZ7RADMb3LyRhmVH6WdzSEAw/Gery/ay8aphusRLVnk=
quic-version: Q050

GET
H3-Q050 200 492ef6b696d5a41894e5620e21e3a2ab.jpg
speee-ad.akamaized.net/creatives/748d6b6ed8e13f857ceaa6cfbdca14b8/ 16 KB
16 KB 42ms
39ms Image
image/webp 2.16.107.65
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://speee-ad.akamaized.net/creatives/748d6b6ed8e13f857ceaa6cfbdca14b8/492ef6b696d5a41894e5620e21e3a2ab.jpg
Requested by: Host: by-them.com
URL: https://by-them.com/430811
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 2.16.107.65 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-16-107-65.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: f516fda8e924f58021e5ee48bec1f956b6fcb110665a927e9f41a12c927ee844

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://by-them.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 09:23:57 GMT
last-modified: Fri, 12 Mar 2021 07:29:45 GMT
server: AmazonS3
x-amz-request-id: NPHZBWTFY6YMTDMX
etag: "0d4d330d7fc00872475278b885f155c7"
content-type: image/webp
cache-control: public, max-age=86400
accept-ranges: bytes
alt-svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
content-length: 16112
x-amz-id-2: +5XOg6tqauU9oTfY4LMuCEL0cV/tNMRRCJmxF39QQAxU5BsdSjux1yXsav+rjTYdIwLrkiFyfdU=
quic-version: Q050

GET
H3-Q050 200 b78dd3cfe90c16faf2eecd9b4e51b0b0.jpg
speee-ad.akamaized.net/creatives/f11bec1411101c743f64df596773d0b2/ 13 KB
13 KB 30ms
27ms Image
image/webp 2.16.107.65
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://speee-ad.akamaized.net/creatives/f11bec1411101c743f64df596773d0b2/b78dd3cfe90c16faf2eecd9b4e51b0b0.jpg
Requested by: Host: by-them.com
URL: https://by-them.com/430811
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 2.16.107.65 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-16-107-65.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 276bcd853d270e0514c5fa8fa5b542357e2d4c4a563dd73b1207bc987fafc394

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://by-them.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 09:23:57 GMT
last-modified: Fri, 12 Mar 2021 10:42:11 GMT
server: AmazonS3
x-amz-request-id: G02P1YF7R2F7CYRY
etag: "75d0145770019ee4782666e716b61fe9"
content-type: image/webp
cache-control: public, max-age=86400
accept-ranges: bytes
alt-svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
content-length: 13560
x-amz-id-2: uFNGIEbX5uX5+AnNPuWWe7/eqdaxktryHipUP3oKQfbyk5TRllYp1f4l/Zs5hpbCjxC60z/hyiM=
quic-version: Q050

GET
H3-Q050 200 6326204d37628611c8ef912c492f71c9.jpg
speee-ad.akamaized.net/creatives/564645fbd0332f066cbd9d083ddd077c/ 5 KB
5 KB 19ms
17ms Image
image/webp 2.16.107.65
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://speee-ad.akamaized.net/creatives/564645fbd0332f066cbd9d083ddd077c/6326204d37628611c8ef912c492f71c9.jpg
Requested by: Host: by-them.com
URL: https://by-them.com/430811
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 2.16.107.65 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-16-107-65.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 352f84d218f61bc21bebcaf18b4ec294de25a75c44ab5c25b7aae4adefc5b053

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://by-them.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 09:23:57 GMT
last-modified: Fri, 12 Mar 2021 10:59:01 GMT
server: AmazonS3
x-amz-request-id: 68W0JKMBPKHNCB68
etag: "ca101ea6efad28664961ddc2ea6762dc"
content-type: image/webp
cache-control: public, max-age=86400
accept-ranges: bytes
alt-svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
content-length: 5132
x-amz-id-2: jM9maO7DLloeOBDE0JLqOXt96QV1/9AF1tAq0A0nc1476RTc9BKHwVjLmUYXB1pUT2cPf0sKbu8=
quic-version: Q050

GET
H3-Q050 200 bf8c41b56790133e05b9c5c0afe323ee.jpg
speee-ad.akamaized.net/articles/f337d999d9ad116a7b4f3d409fcc6480/ 11 KB
11 KB 1187ms
1185ms Image
image/webp 2.16.107.65
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://speee-ad.akamaized.net/articles/f337d999d9ad116a7b4f3d409fcc6480/bf8c41b56790133e05b9c5c0afe323ee.jpg
Requested by: Host: by-them.com
URL: https://by-them.com/430811
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 2.16.107.65 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-16-107-65.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 934e946decfec8284333612fda978c81980240f86963e681afebf87f0ac9bc30

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://by-them.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 09:23:58 GMT
last-modified: Tue, 27 Apr 2021 01:20:00 GMT
server: AmazonS3
x-amz-request-id: FQJSQWCJSERQRBMG
etag: "33abf7eebc2802bf7e9077849b4ca7b3"
content-type: image/webp
cache-control: public, max-age=86400
accept-ranges: bytes
alt-svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
content-length: 11088
x-amz-id-2: 5t7GFBMwowVtbUQRG+CDVWWOtdcelsvlOQ4yirdus+FB0WYPP8kscpU4JukCkQt/dFSLbRujtaA=
quic-version: Q050

GET
H3-Q050 200 391b5f3452236affbdc91c3b26bd3fbd.jpg
speee-ad.akamaized.net/articles/f337d999d9ad116a7b4f3d409fcc6480/ 6 KB
6 KB 41ms
40ms Image
image/webp 2.16.107.65
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://speee-ad.akamaized.net/articles/f337d999d9ad116a7b4f3d409fcc6480/391b5f3452236affbdc91c3b26bd3fbd.jpg
Requested by: Host: by-them.com
URL: https://by-them.com/430811
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 2.16.107.65 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-16-107-65.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 2267a9d8bf0b516a6c53a12ae36012d8f83c73de1388d90b4f236607271ee380

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://by-them.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 09:23:57 GMT
last-modified: Wed, 30 Jun 2021 04:35:03 GMT
server: AmazonS3
x-amz-request-id: J1GRTEM16EFVWSCD
etag: "c690718ff8938071c0d803a8d772f5c9"
content-type: image/webp
cache-control: public, max-age=86400
accept-ranges: bytes
alt-svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
content-length: 6124
x-amz-id-2: hezDtYHfjOMBhYDq4NzfGVrBgQNDCzWjlIy3mxspHHVUhFE/w1yUAYv30CQE18YHPeut9NB24lk=
quic-version: Q050

GET
H3-Q050 200 439315f4fe701ddaf20554dde53a9ca8.jpg
speee-ad.akamaized.net/articles/f337d999d9ad116a7b4f3d409fcc6480/ 12 KB
12 KB 38ms
36ms Image
image/webp 2.16.107.65
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://speee-ad.akamaized.net/articles/f337d999d9ad116a7b4f3d409fcc6480/439315f4fe701ddaf20554dde53a9ca8.jpg
Requested by: Host: by-them.com
URL: https://by-them.com/430811
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 2.16.107.65 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-16-107-65.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 36fa429b72ab9afabb84e05b000920d918eff637cb0bd4724c26344280e55e11

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://by-them.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 09:23:57 GMT
last-modified: Wed, 02 Jun 2021 04:26:24 GMT
server: AmazonS3
x-amz-request-id: YDWRMFTCZKGJDQ8D
etag: "4870a8c0a7e5a6a0195130c07329e3cc"
content-type: image/webp
cache-control: public, max-age=86400
accept-ranges: bytes
alt-svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
content-length: 12394
x-amz-id-2: xVxRzfyL3Fz0xup059YIJBChae/Ut+UcTr1Ov5VXEO9KAa0DcKY9lxsMcUbu+1MPWLiSAPqfYW4=
quic-version: Q050

GET
H3-Q050 200 2af84cb17e02632728f4aaf826607b87.jpg
speee-ad.akamaized.net/articles/f337d999d9ad116a7b4f3d409fcc6480/ 9 KB
9 KB 1153ms
1152ms Image
image/webp 2.16.107.65
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://speee-ad.akamaized.net/articles/f337d999d9ad116a7b4f3d409fcc6480/2af84cb17e02632728f4aaf826607b87.jpg
Requested by: Host: by-them.com
URL: https://by-them.com/430811
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 2.16.107.65 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-16-107-65.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 508a9ffce68f785884ea7b0be946485ccf950ab5ccd6a54868764689fc22869e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://by-them.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 09:23:58 GMT
last-modified: Wed, 26 May 2021 03:30:11 GMT
server: AmazonS3
x-amz-request-id: FQJK94VT9YFN29TH
etag: "a72c1eb579a13fad98bd778b1e10ce52"
content-type: image/webp
cache-control: public, max-age=86400
accept-ranges: bytes
alt-svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
content-length: 9294
x-amz-id-2: zryqZta4qF0zshtMc9bJ8KAp9ROtf0NcLCkQYTtinehTBEUcDdXwXiTToLtx7uSsosWUjlnvzjQ=
quic-version: Q050

GET
H3-Q050 200 4cbaf89a37b456d0feba39eadf278c35.jpg
speee-ad.akamaized.net/articles/f337d999d9ad116a7b4f3d409fcc6480/ 8 KB
9 KB 1021ms
1020ms Image
image/webp 2.16.107.65
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://speee-ad.akamaized.net/articles/f337d999d9ad116a7b4f3d409fcc6480/4cbaf89a37b456d0feba39eadf278c35.jpg
Requested by: Host: by-them.com
URL: https://by-them.com/430811
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 2.16.107.65 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-16-107-65.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 187928ba5d736037d35fe5607bd0c6270daaf59de1647987e936c5e1926e22f6

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://by-them.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 09:23:58 GMT
last-modified: Wed, 04 Aug 2021 03:55:47 GMT
server: AmazonS3
x-amz-request-id: FQJHXAQ074ZBNEA2
etag: "f24a9ce15020e5e890df4db7e39e423d"
content-type: image/webp
cache-control: public, max-age=86400
accept-ranges: bytes
alt-svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
content-length: 8614
x-amz-id-2: Oj3icY/nsYa88Wc/c854+ujLvRgYeWNvX9D+xQX60uNKeUjI05DTx2Yp+Gyh5ow2NagezdTMDqk=
quic-version: Q050

GET
H2 200 m Show response
use.typekit.net/af/484dcb/00000000000000003b9b2cc6/27/ 166 KB
112 KB 153ms
153ms XHR
application/x-typekit-augmentation 2a02:26f0:6c00::210:ba0a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/484dcb/00000000000000003b9b2cc6/27/m?unicode=AAACZgAAAAcuUEVwqwyBMTnK_yVhaGj_uhJzxNNXPGk0JyFNCh9qdv3LhuTov_5PxV0MogguL5IxgsLd5u1xUgePSz7na91ksV0LeF4RRkuJnHdYAAAALg&gdyn=eJztVDFsXEUQnVn_nP9ZhuxdXBxSpOxZLgzC5DBdJMjagsgFRehB3PnOTiyd7dP9czAIdHuOFRlREBASqZChsigQJRKFDykVCERHBXEqJBfYBVEojD8zu___-9-JoEbyFPvn7868eTM7OyAAAAHELe_IWw9TAt6zOXCiICP823-PNf1t1-6YlMmc0YdheAFMz-dfXlqbw_72_hvdX7sXC8fHC3Dv_PsffH9xX394yb-DqEF5mkJJKI6gD30i8wn7GWPxcig9G7Xs8E2VCPsKIS-1QPICtpMKRknDGYQKgoA4tOUAGqpzahOtak8JEbUul523ttaabH0U30HhZ0G7Ff0EeGcyiSMoCeou6I0oAkopeyCq5CnLMMY4pXKvArcx8ZF0JsQEQB6Is6NzFSJWUOLvK6AaYEYHNWScbegTyHicgbU0Ufn9LCk2Jz5P28MzW8K62d05rio7YmIcXaGO3X22VIxq5lKoNhQnKYYiJc6HL8PVRTI48leA55y0V023i8mUT8RAZhPu02dSaWtKqyCccQFi2xL31WSUt-UrBuElTHrRfSWsRJJIxCcleQqWeH8szwFwOjLOnoujdYwHkzY6zCKB3E6QNedniOQQFHyEbPWzomGGG4lV17OJ9TZtmtKAqRMDjzyuEzvU1uZV4jlx1H3X_J56nheU3qNXZgMlgH6kXX3w1e4fu5_63XB6PZh47pndnaEX95UKb-pNbmG48tNlTvQver3hMByGD8ODMOy-DnshvvZ1deql_vxUzgAepeKh90McJVviE7_adZyj4_EcMT3onzUU7k6XEz4MAY7PUqiD8B4dr6PhNIY_S8XqwgBEwn-IydRLzLjv1mNttyG6mFiurBv48rcHv_z9sHj_4M3c3o8ffbNz9MWTf-7cNAVJprPQ4AzV55KY04DReU7Blbkqo8Ypxh2YAzKT1Do44TqR7VD0aS3JMYBzEVUDqadxy3NTAMb41CJ6siict2ctN2nhASdxio-H7nLTpoWikcPsKEz4KtpALJC-QXpBaCQcUyhSHz-VLhwopQV3ejGmE827qEY0p0SOS5k8IT7w4Tx5itjFDO5fJElFpDzbzNK6FzkfJRyIiW-hNDCOMFL0HA8BW-k745pykqoC2acyE1EG15KMiCq6Ih9eHoyfGCURlQDN-XLUhvYSU5r443Q84jhtRHlbvioVHs1sGi_1MY5RtpF5vEwm9vkCQMWaxZnaoiZpG_enPAbJJ8ge5UePTFRA9uTJaZsVz81tiIdncn0wQptbOAgzEAEnRWT0y0kZKbtLxO5f4p_KqZzK_1jKtVqzg_XpoI71WrCA9fpyCxvNpWvYWFldxsV2rY6Lby018PpS0MHrrC11ak0kixo2V9aWsblabyIpbVzl39V2YwVbrLXYuL02_zYGHCNYWlnEYLnewiCoPM_LNC8vYLA2H9DSCrDDbp12rYE3FtodvNHuTOM7C-1V_AdiShlV&v=3
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/ikd7xws.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00::210:ba0a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: 1ebcb19568250b0f63558660f3435777535fd972369f28e06be12f49f5da6893

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://by-them.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 09:23:57 GMT
content-encoding: gzip
server: nginx
etag: W/"e2b36a9adfe04d3c6edfd02208bb03774f4886c7"
vary: Accept-Encoding
content-type: application/x-typekit-augmentation
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *

POST
H/1.1 200
OK /
bs.nakanohito.jp/b3/ 0
375 B 698ms
237ms Ping
text/html 122.220.195.253
UCOM ARTERIA Netw...

General

Check archive.org

Show headers Download Go to

Full URL: https://bs.nakanohito.jp/b3/
Requested by: Host: cs.nakanohito.jp
URL: https://cs.nakanohito.jp/b3/bi.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 122.220.195.253 Setagaya-ku, Japan, ASN17506 (UCOM ARTERIA Networks Corporation, JP),
Reverse DNS: 122x220x195x253.ap122.ftth.ucom.ne.jp
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://by-them.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Date: Thu, 14 Oct 2021 09:23:58 GMT
Server: nginx
P3P: policyref="http://b.nakanohito.jp/w3c/p3p.xml", CP="NOI DSP COR ADM DEV PSA OUR IND UNI COM NAV INT STA"
Access-Control-Allow-Origin: https://by-them.com
Cache-Control: no-store
Access-Control-Allow-Credentials: true
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 0

GET
H2 200 otFloatingRoundedCorner.json Show response
cdn-apac.onetrust.com/scripttemplates/6.9.0/assets/ 9 KB
3 KB 23ms
22ms Fetch
application/json 2606:4700:10::6814:b944
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-apac.onetrust.com/scripttemplates/6.9.0/assets/otFloatingRoundedCorner.json

Requested by

Host: cdn-apac.onetrust.com
URL: https://cdn-apac.onetrust.com/scripttemplates/6.9.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6814:b944 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e8854bc499730ccdc482ed3591bec10f29e9c5d7becdd754b8866e7bd713799d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://by-them.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 14 Oct 2021 09:23:57 GMT
content-encoding: gzip
vary: Accept-Encoding
cf-cache-status: HIT
content-md5: iC1WKQr7LwV0xCA7WkdyEg==
age: 262
content-length: 2716
x-ms-lease-status: unlocked
last-modified: Thu, 12 Nov 2020 13:23:08 GMT
server: cloudflare
etag: 0x8D8870E18A361BB
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: 230ac333-c01e-013e-4824-c0cee2000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=14400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 69dfc07e4b0e4de8-FRA

GET
H2 200 otPcTab.json Show response
cdn-apac.onetrust.com/scripttemplates/6.9.0/assets/ 58 KB
14 KB 23ms
22ms Fetch
application/json 2606:4700:10::6814:b944
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-apac.onetrust.com/scripttemplates/6.9.0/assets/otPcTab.json

Requested by

Host: cdn-apac.onetrust.com
URL: https://cdn-apac.onetrust.com/scripttemplates/6.9.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6814:b944 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c13d4f1b7510f38563cac76ead168ba2ad77f23c85ef1caf6814d1a8e3b4bfa7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://by-them.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 14 Oct 2021 09:23:57 GMT
content-encoding: gzip
vary: Accept-Encoding
cf-cache-status: HIT
content-md5: SS9HY0E5VJkfXk3sxBfHSg==
age: 262
content-length: 14225
x-ms-lease-status: unlocked
last-modified: Thu, 12 Nov 2020 13:23:08 GMT
server: cloudflare
etag: 0x8D8870E18C855B2
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: 4a761c64-001e-00c9-6624-c0ae5c000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=14400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 69dfc07e4b104de8-FRA

GET
H2 200 m Show response
use.typekit.net/af/e4cb74/00000000000000003b9b2cc7/27/ 355 KB
256 KB 164ms
164ms XHR
application/x-typekit-augmentation 2a02:26f0:6c00::210:ba0a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/e4cb74/00000000000000003b9b2cc7/27/m?unicode=AAAPFwAAAAeFK5lpFPymk8pGgzvAlvWujtHaUjZp1zVctFeXH4DEr09TlP3druAIkBw5e0FUQf1osdIQ_yK0XUbEnGz_JbceXrIZzfcv2OPFQTDjwn9QjqF-Ibtkmjj4Ciout7f9oAg7GlH6RpYe0X8vQboF5ue9mh1B0RAwlQMp3uwQZvKQEwcqeHDey-g3QPjZEcWiBkfxPaUAIuuQSIl4HStQSLZh_-jtvZJtev7dfzQFj3ZO6M8hdwF-F1le-zQPn5VL93o6We5bmJbuWHNXCUNANbCcmczQ_Caz_wj_E5SrH_JttSmka0G4ZkMphRBXsPbGVVza1vcPPs9NpX6sz9_luT4iAbOJ1fEjv65t-jeZ_vlacr7wSv3bTqI8X7XR0NGPiqRDs8jm-blZNh3TQZDRpYQajVM0B9neD11bqtO2bJWWbLO2fmYMjmIJ1olW4iR-qzKWNpqQtzPfMM_wTZ0buTgPTNeOdX6DGLLg1XqyWlvdWfw-_bd3nyX409soSgKh0MuLowvkiNWNIjthICkhmUGncFeyEUDtSXMp67T-nF1PT6pflBVPT_zkAsmfRtNZ7IiliW3RTWnvyQ6_d4WA8RwFad7J1DcRPSypJ08LaxPzFOQl81qNpCPHBXcw1S2CsFcAMFHR&gdyn=eJztVd9rXEUU_ubuZHc2DXp3u0oitZ3EfaiiJa4KpSCZhBiC9CHoS97MJpvYQH6xu6lVxExiWlZScFFB8EHTkgfJg_jcl6Qq_gFF8EmoL-KTraC2aOP1nJl7dzf0P5Acdu89O3PmO9_5NYsAgACC1-WWPHX5kehR-sFiMek088Ne9GF_hrSbKVzNndR2dy1ajQ5G7__zqXj33s5XZ_a-3Hr574GpdAbDjRB9dATjp-VpIAU1sTGuCZydoHfUhPxe33TwwIaA1FaiaGRWYopWAmwYi0HSxmQXbsphxdxAWEJ7WsL2fxA-LlntggIIUUJc_mQUaAYuEmzjaUBLJVOvmGOEuT_yEsICNGII8BFrYPNPIRsox63HGCMDZfuJ_SYmNOFMbRa_gRlrnTHEQmWbQBHE2WOZrpiVY4-CsE1hz3FwJtmADWQGhjLDiaAVZ-mcWg6KDfPOVLpgKaadXuJvC_oJoOESRj-FRzRp7xcSSZniejlGwrrMDiRriSsCReM86SpZJTwuRvNFqgvBETi5N2QYxodyVhDBQyhJUBj3iMw82EwB163jyEwVMWsoKNvNTrTd5lK4jDMNBW2COILt0OcHLTDVDsSgFaGXIn27Yz0cHzkP0SPYzAOEjpkQrpMlt4DDVl2ks0NyzOjD_AjW0YNRJqVb6GGitPMjBe2zC7dH7aJ9-DagxWmv6zZJcmJtB1_tbZGEbjmXJWHQXNkv4-RIpj1olLyJP-_s_bb3hVqLSpfaI6Wj9_evQJ8Fvj-Lu2t_DH0WPR-l3KH9wrOTW_mvJ7d-1wZRW9aCmyXt_cfF8l6kNofSSRG38xt8G0VDVBrcTbGzX04x-wdr1kYZdT_GfQ-3I7oEMp8fckYwcYg-g4lPhYfEdqQbSA9768bDhiTX6DuaFIN5jl2y2P334MeDe8d_vvNG-vZPH9-48eD6mb9-3bK5E5D9I6iwW30t3KZZJuTswLqvOs1xKBwtmQ98nVQaoSXCTeSKoetx6leIYJ-2e3MFyOOy33klLGkTTleKmHRB8k3iA5Xha3maI-U52mCHHqFGT0E8x9vHvoOhWwYtCE4Sdc-rV1FUPhmD1LM50jdIzwVmnXBs7iMi2deePGKhi9TETb4nYqzH0EoNyQTBprHrr5fWhgpPAJQZ6xIpO2Y5zSjCjTEH4cyJTzjAVcrzsuZUyYAvOi99_iVagxIkik14BGh0jiznnoPUJZpDnaxKHkKSW-AbkylRwiCSblVU9qADPG6BmLoWSQ-Nq7DHNQ9zTHKrB2j7Gc9pg9ZDxIOt-VQ2jsCOtMD1oZf1nloROqGk87-PE6OzOchBDlL4SOPrx99tYQxB_w2cU3bIjukjKT4oGQwiXE-s4vOHmXA1ksvSpYnaxcbhd9Niw11wHQDepp2ueKsbSejcGEOta42iO-ev4xbtIzmSI_n_yJPl8kJdzJRrs2JmZnFFVBbm3xSVpeVFMVctz4i5t-Yr4sJ8rS4usEabZbGwtLooFpZnFgQpVbHMP5erlSWxwtoK21VXp98WNUauzS_NiVptsMSPF0RtdbpGj5WaqLNxvVquiIuz1bq4WK2XxDuz1WXxH8yFEmI&v=3
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/ikd7xws.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00::210:ba0a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: 9dbd715b83b660bf01eab4395209eb1eda8665e02a6bcb4cf00336ae99d37720

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://by-them.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 09:23:57 GMT
content-encoding: gzip
server: nginx
etag: W/"128e2776f3ef9f689fa2203589bfca6f742185d7"
vary: Accept-Encoding
content-type: application/x-typekit-augmentation
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 145 KB
50 KB 39ms
38ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: cdn-apac.onetrust.com
URL: https://cdn-apac.onetrust.com/scripttemplates/6.9.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4c3735c044d254364920e69acc39831b25db236552d316a9f0424225781f0434

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://by-them.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 09:23:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 51441
x-xss-protection: 0
server: cafe
etag: 16593517423228810267
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Thu, 14 Oct 2021 09:23:57 GMT

GET
H2 200 set
sync.im-apps.net/imid/ 43 B
596 B 512ms
265ms Image
image/gif 54.64.168.70
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.im-apps.net/imid/set?cid=1000594&tid=uzid&uid=b34aa685-eea8-43ef-8236-28175f1c2d0d
Requested by: Host: by-them.com
URL: https://by-them.com/430811
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.64.168.70 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-64-168-70.ap-northeast-1.compute.amazonaws.com
Software: nginx /
Resource Hash: afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://by-them.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 09:23:58 GMT
server: nginx
x-im-imid-created: 1634203438
p3p: CP="NOI PSD OTR"
x-im-imid: yjnreoVZTNyXFA4HNPjxxw
cache-control: no-cache
content-type: image/gif
expires: Thu, 14 Oct 2021 09:23:57 GMT

GET
H2 200 ev
click.speee-ad.jp/v1/ 0
218 B 251ms
250ms Image
text/plain 35.73.159.145
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://click.speee-ad.jp/v1/ev?id=5135&v=4.3.0&tp=global&lv=load&idx=0&sess=0.4035603742001926&ts=1634203436511
Requested by: Host: by-them.com
URL: https://by-them.com/430811
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.73.159.145 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-73-159-145.ap-northeast-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://by-them.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 09:23:58 GMT
access-control-allow-credentials: true
server: nginx
content-length: 0
p3p: CP="CAO CUR ADM DEV PSA PSD OUR"

GET
H2 200 ev
click.speee-ad.jp/v1/ 0
218 B 251ms
251ms Image
text/plain 35.73.159.145
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://click.speee-ad.jp/v1/ev?id=4188&v=4.3.0&tp=global&lv=load&idx=0&sess=0.3834278389301618&ts=1634203436728
Requested by: Host: by-them.com
URL: https://by-them.com/430811
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.73.159.145 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-73-159-145.ap-northeast-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://by-them.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 09:23:58 GMT
access-control-allow-credentials: true
server: nginx
content-length: 0
p3p: CP="CAO CUR ADM DEV PSA PSD OUR"

GET
H2 200 m Show response
use.typekit.net/af/484dcb/00000000000000003b9b2cc6/27/ 366 KB
264 KB 170ms
169ms XHR
application/x-typekit-augmentation 2a02:26f0:6c00::210:ba0a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/484dcb/00000000000000003b9b2cc6/27/m?unicode=AAAPFwAAAAeFK5lpFPymk8pGgzvAlvWujtHaUjZp1zVctFeXH4DEr09TlP3druAIkBw5e0FUQf1osdIQ_yK0XUbEnGz_JbceXrIZzfcv2OPFQTDjwn9QjqF-Ibtkmjj4Ciout7f9oAg7GlH6RpYe0X8vQboF5ue9mh1B0RAwlQMp3uwQZvKQEwcqeHDey-g3QPjZEcWiBkfxPaUAIuuQSIl4HStQSLZh_-jtvZJtev7dfzQFj3ZO6M8hdwF-F1le-zQPn5VL93o6We5bmJbuWHNXCUNANbCcmczQ_Caz_wj_E5SrH_JttSmka0G4ZkMphRBXsPbGVVza1vcPPs9NpX6sz9_luT4iAbOJ1fEjv65t-jeZ_vlacr7wSv3bTqI8X7XR0NGPiqRDs8jm-blZNh3TQZDRpYQajVM0B9neD11bqtO2bJWWbLO2fmYMjmIJ1olW4iR-qzKWNpqQtzPfMM_wTZ0buTgPTNeOdX6DGLLg1XqyWlvdWfw-_bd3nyX409soSgKh0MuLowvkiNWNIjthICkhmUGncFeyEUDtSXMp67T-nF1PT6pflBVPT_zkAsmfRtNZ7IiliW3RTWnvyQ6_d4WA8RwFad7J1DcRPSypJ08LaxPzFOQl81qNpCPHBXcw1S2CsFcAMFHR&gdyn=eJztVc9r3EUUf2862c7G1M53EyGFQmeXFaLYGuNFhJJJ_EEQD0Ev3tzNbmoD-cXutkap7qQtJVLBUD30pFvpQStIz1VMCqWXgogXT6XpSenB9qJVabO-NzPf3a39D6SP3e_37cy8z_u8H_MWBAAggDjV971cafeIlM9kJG2CAsMvcP4JQvPPzQ9Yt98141Y4wjLlJu602_ukW93rrVcA6id3qtatG83rzfFke3sWbhz8-ptrz96a-eQHdfYyWl2QNgOgIdeP_bBJLj4zOQUuOMwkmmlYk6cnuXElIqwMQlZPCIRh9u4MkRogLZlAOzqhhWXLfrBE3vOE0lThZB-yikAhEyJam38yATjP2yQjtp_Yorhsk58EYV6c3gWyjwBUJzQEo6F1RdnjcNwv7NBar4Io0RGdh6EpWhrOfzQK60nHRhPqpCgCZIE4B6xpjKyYPcArYKrQepyD0-kGtOAyAmWGTByvDHcqUGIUOuh8WgB9sBTTU5RDZfrW6FXwCaNaRMT14FADRlbGpvwUYxjOrJuCrnhX3BuFQdJFXCUrX4ziLqoLwRE4CnoKkMHIyhITfAAlBgWQgwjkTsJNeo4Y5qiYqSBmBQGiJdiJMiNcCp9xpiFArcdswoiM9UrB0pcKntIIg2TJTUpentGDFl7iYxFAMjNrGc-x4UgIcRJJXw-OCd1yfI5I7oCESXX7QaZKNz8TtM_oPk3cLiqE32Ifw0FXHZKcH2N6-Hrsllf9GVOCAfc6mRXvNY-5X3uu54axW-1xKZkEWYV-VCqgTv9xe-P3jS9Usz22cvf8twc2vjp98J-CaZ_YPAXmBYCrP45zoH-1Adu79Z0IeQy22vjmxdL-Dzdn9l89AXivx19WXnORMvYEr91_Mm475SY6A2Ro3Cps7nZbAGebbH2njWJ7n9mKuH-ja-8D2Pl5j69m6CnvpHsjOCcKHpLe2UNdORFOrz18kOQcfV9OK8gBvLri4ML2_V_u3x28efvtzNb1Ty9duvflgT9_O-2SvSDzk1Blt-acpqLQgLHZwmqa5pJGT0vmmCp9VYbToal1kqIG51uFai02aXs4GQI5KPPeK2FJl3I6VYS3fJBDHEhA1G_kEKwKHJ2gEeV4wA3hft5-7Ao3rYMOBCeJRuFrH0NRhWSMAmJCOrdFIuyq5Nl4hkju6VaLWJiiFdzpuRTrCeikhmSaYDNwwQfXLbrSNNgpM84nUrouYoZR0I-dcLmkn9i6wFXK8bLhVEkRZhfLnvDCTtOkV8kzkmFlrXPRIBSPgzRjNE5NukonuPLwsx8_TIn_ptDEzlFUdtEDHlsgUqfBHIGmlB7wzcMc09yaAm0_HTgdp3UNcab5q5uNEbjJDrh54OWCp-61YOHxMhJ1a7IJyFEOEkOkNjALf786QkgwfmBlg2P6SIoPlBSjoFfTU9H-QSZcDRkBfZqoXVwMv58W19DrXYBwppuuuNUPaejcGOOdWUjRvUjsUl_wSB7JI_lfSb5cnm9gZaxewUq5PouVysIyVufn3sHq4tICHqqVK3jo3bkqHp6rN_Awa3ON8jzSiTLOLx5ZwPmlyjySUsMl_rlUqy7iMmvLfLh2ZOY9rLOP-tziIawvVJaxXh99jh9j_Hge60dm6vRYrmODzRq1chWPztYaeLTWGMP3Z2tL-C9hhECK&v=3
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/ikd7xws.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00::210:ba0a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: e3ca79552103783b4d9f4f43c4f65ce67af8301bf857ba41383b790150878bc7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://by-them.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 09:23:58 GMT
content-encoding: gzip
server: nginx
etag: W/"facbb885213b5132917868c520e87ca5e239cf6c"
vary: Accept-Encoding
content-type: application/x-typekit-augmentation
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *

GET
H2 200 show_ads_impl_with_ama_fy2019.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202110070201/ 272 KB
98 KB 32ms
32ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202110070201/show_ads_impl_with_ama_fy2019.js?client=ca-pub-7145995810615536&plah=by-them.com

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2a4617686d53812d3f06b891e5edc0cf5b7f289bfd57be08e123a3845efcdcd6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://by-them.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 09:23:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 99876
x-xss-protection: 0
server: cafe
etag: 5725214712622718827
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Thu, 14 Oct 2021 09:23:58 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20211011/r20190131/ Frame E1B2 10 KB
5 KB 29ms
6ms Document
text/html 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20211011/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f694b4fc5d667777e89694296218e249226ae1670bbe90a8a345f9f75298b9cd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/html/r20211011/r20190131/zrt_lookup.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://by-them.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://by-them.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Wed, 13 Oct 2021 20:21:55 GMT
expires: Wed, 27 Oct 2021 20:21:55 GMT
content-type: text/html; charset=UTF-8
etag: 414810510046348021
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 4645
x-xss-protection: 0
age: 46923
cache-control: public, max-age=1209600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 201 B
440 B 46ms
16ms Script
text/javascript 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=by-them.com&callback=_gfp_s_&client=ca-pub-7145995810615536

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202110070201/show_ads_impl_with_ama_fy2019.js?client=ca-pub-7145995810615536&plah=by-them.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d826481dc134f28d6d4571831da9bd8605dc7e544c441b934877c97d72656f25

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://by-them.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 09:23:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 193
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
853 B 40ms
15ms Script
application/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=by-them.com

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://by-them.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 14 Oct 2021 09:23:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
570 B 41ms
16ms Script
application/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=by-them.com

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://by-them.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 14 Oct 2021 09:23:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 676F 0
188 B 91ms
91ms Document
text/html 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7145995810615536&output=html&adk=1812271804&adf=3025194257&lmt=1634203438&plat=3%3A32%2C4%3A32%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fby-them.com%2F430811&ea=0&flash=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1634203438057&bpp=4&bdt=2072&idt=130&shv=r20211011&mjsv=m202110070201&ptt=9&saldr=aa&abxe=1&nras=1&correlator=8186193249577&frm=20&pv=2&ga_vid=842165529.1634203437&ga_sid=1634203438&ga_hid=911177822&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44752093%2C21066433%2C31062525&oid=2&pvsid=1741331419192314&pem=42&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=160

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-7145995810615536&output=html&adk=1812271804&adf=3025194257&lmt=1634203438&plat=3%3A32%2C4%3A32%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fby-them.com%2F430811&ea=0&flash=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1634203438057&bpp=4&bdt=2072&idt=130&shv=r20211011&mjsv=m202110070201&ptt=9&saldr=aa&abxe=1&nras=1&correlator=8186193249577&frm=20&pv=2&ga_vid=842165529.1634203437&ga_sid=1634203438&ga_hid=911177822&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44752093%2C21066433%2C31062525&oid=2&pvsid=1741331419192314&pem=42&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=160
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://by-them.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://by-them.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Thu, 14 Oct 2021 09:23:58 GMT
server: cafe
content-length: 0
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Thu, 14-Oct-2021 09:38:58 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Thu, 14 Oct 2021 09:23:58 GMT
cache-control: private

OPTIONS
H2 200 bid
prebid.flux-analytics.com/analytics/v1/ Frame 0
0 315ms
295ms Preflight
text/html 35.186.217.60
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.flux-analytics.com/analytics/v1/bid
Protocol: H2
Server: 35.186.217.60 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 60.217.186.35.bc.googleusercontent.com
Software: / Express
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://by-them.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

x-powered-by: Express
access-control-allow-origin: https://by-them.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, set-cookie
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
allow: POST
content-type: text/html; charset=utf-8
content-length: 4
etag: W/"4-Yf+Bwwqjx254r+pisuO9HfpJ6FQ"
date: Thu, 14 Oct 2021 09:23:58 GMT
via: 1.1 google
alt-svc: clear

POST
H2 200 bid Show response
prebid.flux-analytics.com/analytics/v1/ 75 B
385 B 508ms
493ms XHR
text/html 35.186.217.60
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.flux-analytics.com/analytics/v1/bid
Requested by: Host: flux-cdn.com
URL: https://flux-cdn.com/client/mag2/flux_bythem_AS_TM_AT.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.186.217.60 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 60.217.186.35.bc.googleusercontent.com
Software: / Express
Resource Hash: a45484c0d590a4743f2b34157d5a287d1aa15e378c28608f3e0f58742c238935

Request headers

Referer: https://by-them.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: application/json

Response headers

date: Thu, 14 Oct 2021 09:23:59 GMT
via: 1.1 google
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, set-cookie
x-powered-by: Express
etag: W/"4b-y7cH8U1woTAzEcrnkqNJxyWsaQk"
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
content-type: text/html; charset=utf-8
access-control-allow-origin: https://by-them.com
access-control-allow-credentials: true
alt-svc: clear
content-length: 75

POST
H/1.1 200
OK hba Show response
pool.tsukiji.iponweb.net/ 43 B
581 B 1509ms
1008ms XHR
image/gif 34.84.37.177
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://pool.tsukiji.iponweb.net/hba
Requested by: Host: flux-cdn.com
URL: https://flux-cdn.com/client/mag2/flux_bythem_AS_TM_AT.min.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 34.84.37.177 Tokyo, Japan, ASN15169 (GOOGLE, US),
Reverse DNS: 177.37.84.34.bc.googleusercontent.com
Software: nginx /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Referer: https://by-them.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

Date: Thu, 14 Oct 2021 09:24:00 GMT
Server: nginx
Content-Type: image/gif
Access-Control-Allow-Origin: https://by-them.com
Cache-Control: no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 43

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
165 B 24ms
23ms Script
application/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=by-them.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021100701.js?31063160

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://by-them.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 14 Oct 2021 09:23:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
165 B 16ms
16ms Script
application/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=by-them.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021100701.js?31063160

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://by-them.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 14 Oct 2021 09:23:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 435 KB
113 KB 619ms
619ms XHR
text/plain 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1741331419192314&correlator=3666999285951733&output=ldjh&impl=fifs&eid=31061423%2C31063134%2C31063160%2C31061425%2C31062525&vrg=2021100701&ptt=17&sc=1&sfv=1-0-38&ecs=20211014&iu_parts=35279801%2Cbythem_pc_post1_responsive%2Cbythem_pc_post1_right_300x250%2Cbythem_pc_post2_responsive%2Cbythem_pc_post2_right_300x250%2Cbythem_pc_post3_responsive%2Cbythem_pc_post3_right_300x250%2Cbythem_pc_sidebar1_336x280%2Cbythem_pc_sidebarlast_336x280%2Cbythem_pc_postleft_300x250%2Cbythem_pc_postright_300x250%2Cbythem_pc_postrelated1_728x90%2Cbythem_pc_catrelated1_728x90%2Cbythem_pc_postrecommend3%2Cbythem_pc_postrecommend4%2Cbythem_pc_postrecommend5&enc_prev_ius=%2F0%2F1%2C%2F0%2F2%2C%2F0%2F3%2C%2F0%2F4%2C%2F0%2F5%2C%2F0%2F6%2C%2F0%2F7%2C%2F0%2F8%2C%2F0%2F9%2C%2F0%2F10%2C%2F0%2F11%2C%2F0%2F12%2C%2F0%2F13%2C%2F0%2F14%2C%2F0%2F15&prev_iu_szs=320x50%7C200x200%7C250x250%7C300x250%2C320x50%7C200x200%7C250x250%7C300x250%2C320x50%7C250x250%7C300x250%7C200x200%2C320x50%7C250x250%7C200x200%7C300x250%2C320x50%7C200x200%7C250x250%7C300x250%2C320x50%7C250x250%7C200x200%7C300x250%2C320x50%7C200x200%7C336x280%7C250x250%7C300x250%2C320x50%7C250x250%7C300x250%7C200x200%7C336x280%2C320x50%7C200x200%7C300x250%7C250x250%2C320x50%7C250x250%7C300x250%7C200x200%2C728x90%2C728x90%2C320x50%2C320x50%2C320x50&fluid=height%2Cheight%2Cheight%2Cheight%2Cheight%2Cheight%2Cheight%2Cheight%2Cheight%2Cheight%2C0%2C0%2Cheight%2Cheight%2Cheight&prev_scp=amznbid%3D2%26amznp%3D2%26hb_format%3Dbanner%26hb_source%3Dclient%26hb_size%3D336x280%26hb_pb%3D4.00%26hb_adid%3D82ab1cf540fc8b2%26hb_bidder%3Donemobile%7Camznbid%3D2%26amznp%3D2%7Camznbid%3D2%26amznp%3D2%26hb_format%3Dbanner%26hb_source%3Dclient%26hb_size%3D336x280%26hb_pb%3D4.00%26hb_adid%3D8319e6507233396%26hb_bidder%3Donemobile%7Camznbid%3D2%26amznp%3D2%7Camznbid%3D2%26amznp%3D2%26hb_format%3Dbanner%26hb_source%3Dclient%26hb_size%3D336x280%26hb_pb%3D4.00%26hb_adid%3D8439d4fd165c02b%26hb_bidder%3Donemobile%7Camznbid%3D2%26amznp%3D2%7Camznbid%3D2%26amznp%3D2%26hb_format%3Dbanner%26hb_source%3Dclient%26hb_size%3D336x280%26hb_pb%3D4.00%26hb_adid%3D85d5efa3ebba3d3%26hb_bidder%3Donemobile%7Camznbid%3D2%26amznp%3D2%26hb_format%3Dbanner%26hb_source%3Dclient%26hb_size%3D336x280%26hb_pb%3D4.00%26hb_adid%3D86fa86b62d7b3df%26hb_bidder%3Donemobile%7Camznbid%3D2%26amznp%3D2%26hb_format%3Dbanner%26hb_source%3Dclient%26hb_size%3D336x280%26hb_pb%3D4.00%26hb_adid%3D87c7b907d1a00b3%26hb_bidder%3Donemobile%7Camznbid%3D2%26amznp%3D2%26hb_format%3Dbanner%26hb_source%3Dclient%26hb_size%3D336x280%26hb_pb%3D4.00%26hb_adid%3D8807968075525e4%26hb_bidder%3Donemobile%7Camznbid%3D2%26amznp%3D2%26hb_format%3Dbanner%26hb_source%3Dclient%26hb_size%3D728x90%26hb_pb%3D4.00%26hb_adid%3D891ff5f1bfb42c1%26hb_bidder%3Donemobile%7C%7C%7C%7C&eri=1&cookie=ID%3D116c2f8d707de05a-22c0be9ef3ca00ae%3AT%3D1634203438%3ART%3D1634203438%3AS%3DALNI_MaLctk5YNnq8CxKr4HbFpXaOpADJQ&bc=31&abxe=1&lmt=1634203438&dt=1634203438677&dlt=1634203435985&idt=1260&frm=20&biw=1600&bih=1200&oid=2&adxs=322%2C742%2C322%2C692%2C322%2C692%2C1099%2C1099%2C327%2C637%2C436%2C-9%2C327%2C533%2C739&adys=1254%2C1254%2C2161%2C2161%2C3147%2C3147%2C743%2C2848%2C4596%2C4596%2C8566%2C-9%2C4911%2C4911%2C4911&adks=2146881674%2C3387759199%2C3969110785%2C3395544957%2C855907849%2C3551609568%2C402083105%2C126681351%2C481523901%2C1988766796%2C183941531%2C3053808770%2C3227281534%2C1550693283%2C906876900&ucis=1%7C2%7C3%7C4%7C5%7C6%7C7%7C8%7C9%7Ca%7Cb%7Cc%7Cd%7Ce%7Cf&ifi=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fby-them.com%2F430811&vis=1&dmc=8&scr_x=0&scr_y=0&psz=200x250%7C200x250%7C250x250%7C250x250%7C200x250%7C250x250%7C336x280%7C336x280%7C300x250%7C300x250%7C728x90%7C0x-1%7C198x0%7C198x0%7C198x0&msz=200x0%7C200x0%7C250x0%7C250x0%7C200x0%7C250x0%7C336x0%7C336x0%7C300x0%7C300x0%7C728x-1%7C0x-1%7C198x0%7C198x0%7C198x0&ga_vid=842165529.1634203437&ga_sid=1634203438&ga_hid=911177822&ga_fc=false&fws=4%2C4%2C4%2C4%2C4%2C4%2C4%2C4%2C4%2C4%2C4%2C2%2C4%2C4%2C4&ohw=1600%2C1600%2C1600%2C1600%2C1600%2C1600%2C1600%2C1600%2C1600%2C1600%2C1600%2C0%2C1600%2C1600%2C1600&btvi=1%7C2%7C3%7C4%7C5%7C6%7C0%7C7%7C8%7C9%7C10%7C-1%7C11%7C12%7C13&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021100701.js?31063160

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c2bb01907fa6da9fe8ff5343c81fe866d2035b546b9bb1509eddf5d6d4c9e7bb

Security Headers

Name	Value
Content-Security-Policy	child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/10980269524931627100/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/10980269524931627100/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CJ3v1pvKyfMCFRW4dwod8I4DBw&gqi=&layout=/sadbundle/%24csp%253Der3%24/10980269524931627100/index.html
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://by-them.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

content-security-policy: child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/10980269524931627100/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/10980269524931627100/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CJ3v1pvKyfMCFRW4dwod8I4DBw&gqi=&layout=/sadbundle/%24csp%253Der3%24/10980269524931627100/index.html
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2,-2,-2,-2,-2
google-creative-id: -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,138329158694,-2,138367296383,138367324530,138367722907
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 115756
x-xss-protection: 0
google-lineitem-id: -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,5528330140,-2,5332613742,5332606311,5333766386
pragma: no-cache
server: cafe
google-mediationtag-id: -2
date: Thu, 14 Oct 2021 09:23:59 GMT
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://by-them.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 164D 6 KB
4 KB 51ms
15ms Document
text/html 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021100701.js?31063160

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://by-them.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://by-them.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Thu, 14 Oct 2021 09:23:58 GMT
expires: Fri, 14 Oct 2022 09:23:58 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 ivwid Show response
click.speee-ad.jp/v1/ 0
272 B 252ms
252ms Script
text/javascript 35.73.159.145
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://click.speee-ad.jp/v1/ivwid?device=1&ext=95149671-bf3c-4d43-93c8-b8aa2d5fe586&os=1&placement_id=5135&raa=26045&raar=1&raat=1&rac=35783&racr=2&ract=1003&ref=&request_id=95149671-bf3c-4d43-93c8-b8aa2d5fe586_1634203437147266104_5135&sess_id=0.4035603742001926&url=https%3A%2F%2Fby-them.com%2F430811&v=4.1.0
Requested by: Host: speee-ad.akamaized.net
URL: https://speee-ad.akamaized.net/tag/2-by-them_pc/js/outer-frame.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.73.159.145 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-73-159-145.ap-northeast-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://by-them.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 09:23:59 GMT
server: nginx
p3p: CP="CAO CUR ADM DEV PSA PSD OUR"
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-credentials: true
content-type: text/javascript
content-length: 0

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 11 KB
9 KB 44ms
21ms XHR
application/json 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20211011&st=env

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ac1751bb46fb5c3cf2b95ffbf1e4db313f16bd206c0815bd8d41d83e06709adc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://by-them.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 14 Oct 2021 09:23:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8547
x-xss-protection: 0

GET
H2 200 publishertag.prebid.js Show response
static.criteo.net/js/ld/ 85 KB
27 KB 49ms
19ms Script
text/javascript 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://static.criteo.net/js/ld/publishertag.prebid.js
Requested by: Host: flux-cdn.com
URL: https://flux-cdn.com/client/mag2/flux_bythem_AS_TM_AT.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: nginx /
Resource Hash: 2581d556ceadd8cdd3eb15509ff94501871552563a71381393fc7b59611cbc1e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://by-them.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 09:23:59 GMT
content-encoding: gzip
last-modified: Mon, 04 Oct 2021 12:34:24 GMT
server: nginx
etag: W/"615af4d0-1535c"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Fri, 15 Oct 2021 09:23:59 GMT

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
7 KB 47ms
26ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://by-them.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 09:23:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1624308425655142"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6467
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
expires: Thu, 14 Oct 2021 09:23:59 GMT

GET
H2 200 container.html Show response
3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame BF5A 6 KB
3 KB 8ms
7ms Document
text/html 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021100701.js?31063160

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://by-them.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://by-them.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Thu, 14 Oct 2021 09:23:58 GMT
expires: Fri, 14 Oct 2022 09:23:58 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 container.html Show response
3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 897F 6 KB
3 KB 6ms
6ms Document
text/html 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021100701.js?31063160

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://by-them.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://by-them.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Thu, 14 Oct 2021 09:23:58 GMT
expires: Fri, 14 Oct 2022 09:23:58 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/224/ Frame 9659 12 KB
5 KB 7ms
6ms Document
text/html 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/224/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://by-them.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://by-them.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5029
date: Thu, 14 Oct 2021 09:23:04 GMT
expires: Fri, 14 Oct 2022 09:23:04 GMT
last-modified: Wed, 02 Jun 2021 17:09:45 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 55
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 5900 783 B
1 KB 214ms
16ms Document
text/html 2a00:1450:4001:812::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

ec3bab95e0031a2439b6018c35401aad733a349c3fbb2f340e33ad0db62de6ad

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-PRzqZQKXRO8R3X+QFdxTdw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /recaptcha/api2/aframe
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://by-them.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://by-them.com/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Thu, 14 Oct 2021 09:23:59 GMT
date: Thu, 14 Oct 2021 09:23:59 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-PRzqZQKXRO8R3X+QFdxTdw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 515
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 syncframe Show response
gum.criteo.com/ Frame BEB0 11 KB
5 KB 18ms
18ms Document
text/html 2a02:2638::1c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/syncframe?origin=publishertag&topUrl=by-them.com

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.prebid.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::1c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

44fdd1eb3c024fe9fb4faeb815b2367ace182437a87eb25a75d7802d0f3c88c0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

:method: GET
:authority: gum.criteo.com
:scheme: https
:path: /syncframe?origin=publishertag&topUrl=by-them.com
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://by-them.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://by-them.com/

Response headers

cache-control: private, max-age=3600
content-type: text/html; charset=utf-8
content-encoding: gzip
vary: Accept-Encoding
strict-transport-security: max-age=31536000
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
server-processing-duration-in-ticks: 2325
set-cookie: uid=98519038-97f3-4e12-8cbd-2a5e6519fb67; expires=Tue, 08 Nov 2022 09:23:59 GMT; domain=.criteo.com; path=/; secure; samesite=none
date: Thu, 14 Oct 2021 09:23:58 GMT
content-length: 4685

GET
H2 200 publishertag.prebid.js Show response
static.criteo.net/js/ld/ 85 KB
27 KB 48ms
22ms XHR
text/javascript 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://static.criteo.net/js/ld/publishertag.prebid.js
Requested by: Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.prebid.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: nginx /
Resource Hash: 2581d556ceadd8cdd3eb15509ff94501871552563a71381393fc7b59611cbc1e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://by-them.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 09:23:59 GMT
content-encoding: gzip
last-modified: Mon, 04 Oct 2021 12:34:24 GMT
server: nginx
etag: W/"615af4d0-1535c"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Fri, 15 Oct 2021 09:23:59 GMT

GET
H2 200 container.html Show response
3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 37B5 6 KB
3 KB 6ms
6ms Document
text/html 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021100701.js?31063160

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://by-them.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://by-them.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Thu, 14 Oct 2021 09:23:58 GMT
expires: Fri, 14 Oct 2022 09:23:58 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 container.html Show response
3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 2BFD 6 KB
3 KB 7ms
7ms Document
text/html 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021100701.js?31063160

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://by-them.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://by-them.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Thu, 14 Oct 2021 09:23:58 GMT
expires: Fri, 14 Oct 2022 09:23:58 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 container.html Show response
3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 99DE 6 KB
3 KB 7ms
7ms Document
text/html 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021100701.js?31063160

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://by-them.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://by-them.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Thu, 14 Oct 2021 09:23:58 GMT
expires: Fri, 14 Oct 2022 09:23:58 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 container.html Show response
3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame B1EF 6 KB
3 KB 7ms
6ms Document
text/html 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021100701.js?31063160

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://by-them.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://by-them.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Thu, 14 Oct 2021 09:23:58 GMT
expires: Fri, 14 Oct 2022 09:23:58 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 container.html Show response
3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame CAB7 6 KB
3 KB 6ms
6ms Document
text/html 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021100701.js?31063160

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://by-them.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://by-them.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Thu, 14 Oct 2021 09:23:58 GMT
expires: Fri, 14 Oct 2022 09:23:58 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 container.html Show response
3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 773B 6 KB
3 KB 6ms
6ms Document
text/html 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021100701.js?31063160

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://by-them.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://by-them.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Thu, 14 Oct 2021 09:23:58 GMT
expires: Fri, 14 Oct 2022 09:23:58 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 container.html Show response
3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame F692 6 KB
3 KB 10ms
4ms Document
text/html 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021100701.js?31063160

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://by-them.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://by-them.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Thu, 14 Oct 2021 09:23:58 GMT
expires: Fri, 14 Oct 2022 09:23:58 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 container.html Show response
3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 76B3 6 KB
3 KB 12ms
6ms Document
text/html 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021100701.js?31063160

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://by-them.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://by-them.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Thu, 14 Oct 2021 09:23:58 GMT
expires: Fri, 14 Oct 2022 09:23:58 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 container.html Show response
3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 6846 6 KB
3 KB 9ms
6ms Document
text/html 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021100701.js?31063160

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://by-them.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://by-them.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Thu, 14 Oct 2021 09:23:58 GMT
expires: Fri, 14 Oct 2022 09:23:58 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 container.html Show response
3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 8CA2 6 KB
3 KB 8ms
6ms Document
text/html 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021100701.js?31063160

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://by-them.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://by-them.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Thu, 14 Oct 2021 09:23:58 GMT
expires: Fri, 14 Oct 2022 09:23:58 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 container.html Show response
3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame B9D7 6 KB
3 KB 8ms
7ms Document
text/html 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021100701.js?31063160

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://by-them.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://by-them.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Thu, 14 Oct 2021 09:23:58 GMT
expires: Fri, 14 Oct 2022 09:23:58 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 container.html Show response
3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame C45A 6 KB
3 KB 8ms
7ms Document
text/html 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021100701.js?31063160

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://by-them.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://by-them.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Thu, 14 Oct 2021 09:23:58 GMT
expires: Fri, 14 Oct 2022 09:23:58 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 4CD5 624 B
344 B 19ms
19ms Document
text/html 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CPnoIxCA2vS7AhiEkpG1ATAB&v=APEucNWONS0QfrMDTXtUL5GTOX8Woryyqzw1hrnp-jGHfto9qxGQo77bjwext-tatDOKuj2YU7tXsYHtnUqp5Khd8lVR-lEE9v5RosWNyMSYEU0ioCJQ3e8PxFhVsiZE_Tk4dhklOy98PfPxSE7v2jz0Xkii3fRAxfi2bu0g569JYGbdzI2dEII

Requested by

Host: 3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com
URL: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /xbbe/pixel?d=CPnoIxCA2vS7AhiEkpG1ATAB&v=APEucNWONS0QfrMDTXtUL5GTOX8Woryyqzw1hrnp-jGHfto9qxGQo77bjwext-tatDOKuj2YU7tXsYHtnUqp5Khd8lVR-lEE9v5RosWNyMSYEU0ioCJQ3e8PxFhVsiZE_Tk4dhklOy98PfPxSE7v2jz0Xkii3fRAxfi2bu0g569JYGbdzI2dEII
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
cookie: IDE=AHWqTUlopxitySf2MkNATtgMj4sCbW4PdSTqR7wFButfVKU5IY96dTnuVrJvps2xJUk
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Thu, 14 Oct 2021 09:23:59 GMT
server: cafe
cache-control: private
content-length: 276
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame BF5A 12 KB
9 KB 41ms
41ms Script
text/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-Df3Kt5LM2-kI5OpeEEEJ09o1r-mCOQ4Z-hmTNqyX5Nu851j2w0BcI45bBeXdBxr53Gjpislx3DoARfKqM915ooCcsU8DGGxEKaNc0jP_bFFLNXr9RR1BhzdHHIeJN8EShfQdQq-vQSvRFEnM0dXze-cSdt5Q&dbm_d=AKAmf-CKsnEKF8eQwn353jvkEga5gkCXYFR8m4Jdk9FEWvLd9pJV4kOQfaWtWQ2f2djH5IGVy8hTgryx-WesbLvDgwFmn2HOEAQd_4AIMgVSK0Lkm1Ur0SAKnOV9HeaGqbir6TtOTOf7O3Jmvy3HAiUkSviIEHv3SrUI88nD-FkaONXLT__qtPtRiMH8sFNxc551oZM8bXYYPDMYWhsmIkJo0RgQq3fTBhSnTmaSy1JZ143xJxJ8pPRGAdpXNKMQDCqBm2QGrPgRGZmoc_JzjnurdY3BA4tpVMohNOaxEeqNLI63fcd7MCffRj9DS5mTA1lXXpHeiVykVzf-Fcg2HhnAh9jzk_4pZ6AaZGzhPe1Jf-G8eq3u6G9pYXRlCOpeK1XPsyVQtN8fFkJal5rrW8rMH3RtvrM_8dJOA3u6BCIktAWbcnq15jlRWIc3YWJOVbi31s-6nxsZa4e2bYQJpfCW1DHx9S3VXt9VUwfCIJbtS0syHfSuUGYoBwVCNk7axGPTFX58nGykdbl6V-strWO587A5MTgnfUgiIY-i1CptjU0BBCIO_KajAGp46AIHLXEEBaEocaJ_cejXbUjeMQhzpuExw8FM4BdopohW5BBuYDpdfVx64GUc3DrhMUEauUm_XxU2_JoQxTf1l7Uz_8iuSFHfrgcgDEVd7BRTI5DPMJ0HNbrlcOjJjZn7GwBqNMFmrZ0us7ZlUDTAzoM2K0PgKPT_xci4NhmQv8_9-kAaB6q1TfXXVWpyhmLthiyMFUj6k2UWTv5amOns567czH0GPmWht7nix6lvoloLdS7Cd9L-vbeOjsjp8O4D_sWf6efLnhL2KjwBEdZMMKMVyt5Vjp_PDSlt_8K20S9kGC8D4w2ykbEI3USmXahKfOTgTGFAxRS8tCOLoTija349TsYxm7b-rfaopFuAn59fFsO-GQHLHcM_OyBt6WwzEVHKlcqZASBj5-mracRd0dPkLA2GwLF-wBaZS8_4N6I3zX1nqH65IHS0HuLPCOV3Lv5ExjYUltwRJN2TkROjoyutes43fgPUuf0Tx3lOHw1TKXvegMfMvRMkjy1jG1uZrr1tYI_ygpnwIzFsaXPT5yKMjw55clbMX-n2OpPzFRtrYGYodsRAK2NK2y6DQz85R5fuQf5y8TqTBIjFUmWNn3zrWZiHBqt4K5DMYdD3GqaqNOGNEO1B98FWzUcB6lDDEw51gWajDpk8J1C3efuprUzhKxzMzB8ApUu1bwuv_KNFxk0TMUcACHbXKdQZntPhhfJ2qvndjMX7zalD2KvpHwvTaz4D-S64i5uahwPLwdNFePFLTVol5d-RpObNHeuhDPMP7FnpxWBlLSOGG1XykcI7Z3XHWULIB821h6DMxbYuEmmvoT21FMCd0BrlgyvJGIHit3OK2-ONo9Uw5yD5DR1-fgFqLlsF8XWPy8MRW1vpxvUubco5ClGMXkw1CUWIkpROcE9JRCor6pByN2ED4HXkbQLlQtfz4d0iA4DyjgkZPjrL_jSMZBd8G_MjmQTe1J5qzByHqdH0b4bUsMwzpQVGQHwH-b7MiuUibP9xcw0cu6FGZP8lSjSY386MjDnntAmbO_62FL3j1WS4VIzARj8cjSfE6Oj4T7of6syqfdnX9ymiTifrpKj-dcFBO8AbDfpzfGaJBG-Te-jTwLb0lJq2_xY2B7Y-bIPAlV35n8V8PcirBIUZ5gs-dry47xNy8uu639C4d03Qeu31jtQeDtEYcFAwoGMPuYDA9tgMkZxqQxDQYeQ6emn86IgDcCW-QY_EhyahbZwk-EX1KpriTYEsjcWEfPTncVniFuqloisJQALZR7G8x8N_lMbUAPN7BeIoiW6IqTjVptIqtKZQPimf4Eex3zWd_hz8QJTt5X7_BZCJjQcS8UFL4hDJTnJ_ZOPQRsap-QyOJNTIkkTGKGIGhH-KzD_BbtsmlDIQG-598O9nyhCfbvy_W-czgbhHcP_93snxnt3KtgDOoacYpQxRm_Q8FT5SyWDx1aHfTrfeU8TdfiDl3kR29YsfeRcLwIM6S9Zj4lXydI-bRst8SQztbSoC4WsQEPF59gIWLOXCrHgfCPDgGyj7EYlqURp7uywJ4j8DdnwUtIUQ9r9zFnkbVNaurQpWFu3c_PR_QZvwoHE2IpsGi-ISRa22WzvCWq1xCIOMScus8fvTtLyxBUHfTfL0fZ7dx2ep0JM234vaRXLqGJTzPWOBzwPun5xbN7F5Sk5wNJ-27Is6er9eiyUOOCoMgRXXu5laZMNWC0KThcaU_9RTHwhInw-Rc7LUlgFsfTriYbIYISbjW6jzqSk0NSkek7kW_Dy5W94d9RxelEtK4RIbU1vA2niBHRqMPHG2PUQTAA5eWMlPeeckMhf09S2DtBOp_Uoh_CAUX5H4kAIzW5_gUyd09Hhuxk3iQ8h6Qf74SsoMGkGPnbuLoj5WWMotFKfRb-I4bqDHp4x6WFDjdxNWWBgDgIe80l_ZcqKugYsEwvjD8y_EjyNItWzKOawHjabzBeMTAmdBtEUONMwScjNWZOrow7kycUiGedd2ZZ8gSVeiiuUST_f6u_lwnZtP86AQxoDOrcgtAtmf9Q1MICBKxg2zGTt0ZvOGBzH2iHYAsiZdZFG8EI20sZH_Mxktqy_wltegElk8f6bqnKM3S9YsJ1wNjyA&cid=CAASEuRoRSydz96zBwneucsARBVvBw&rfl=1%2Chttps%253A%252F%252Fby-them.com%252F%240

Requested by

Host: by-them.com
URL: https://by-them.com/430811?utm_medium=email&utm_source=mag_W000000003_thu&utm_campaign=mag_9999_0930&trflg=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

62260402a5bac64618ae2d99f7d89d8344104e4b771839fde4fb67d793fdc4fa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Oct 2021 09:23:59 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8850
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame BF5A 42 B
173 B 39ms
39ms Image
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-DfH5A7sjXqzTfgHha-Tx1ZFang1NO9tbOQ3mxUwmsgC5J94DnszEhBDzYeteFmPgAMzhjTtJu7dzY_D9Eg93x3z570NMJxlGIHureLsvETYyLCXAc

Requested by

Host: 3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com
URL: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Oct 2021 09:23:59 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 adj Show response
bid.g.doubleclick.net/xbbe/creative/ Frame BF5A 56 KB
19 KB 75ms
44ms Script
text/javascript 66.102.1.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://bid.g.doubleclick.net/xbbe/creative/adj?p=APEucNVLdPOzFTTB6sf8aEPJc2gliaLWUtovRx_Xp6s19gT5I6bmbcU&d=CnkAoCZ_4Lu9au3XjtPD58r0q_LXahKcZ3moi0inmAAz9L5oPnUj2jFVrMK2FWEAehdCSo1NwARC8JZjWn8ZJNFlK3yHtyZEGmEschXJ6woNR_HfTv5lWgCaHfqz27Gzmmtk3_6tbyca5FO09N6c8FGqBFsbCv12fagiEvkRAKAmf-AFZS6M3fDQff5EHS9-LLGAuaurUM3LYvOoO6fCOTn4Z9aJg_yJaKKunl5uJ0sWv3xE62ZbwTGe2PORbogboITG23VAx15xh_AwJbleGj6uJGBoboDyUn0Mi58R6POWrET6oWeKMdag9pHqueLhs2iIU480BRjk2tYMuS4v5beP1biLYhQfDeDZE1XaPuJScbM-Kpqwcr9hw_TyDsgfJwik1P9wZLE6YD43Qo9jFLactxDbNxJLFakDsSMRIgNoriVI5TZyykh5DzUPap_2GNv_XzRLNezx0o-g_3QPvOj4ZMKTml1CkgwD5TqbmqrTWAVP1RkD3ceYyD3B_0UIvqglsaB1weT9Kk2oF0yiWqIkKqUbdKxR7ijtY6N1QVFIpb9_HafjRGH41IbQqLMUZaZXzzmN0fLR6QEIjSUIDe1i03aKDJgE_8Ip0ExvpzDlIQu3RDlzxNkM4tMeE6Kjny3N6PZ_wp37MJ4KdQC_O5JxOQRCZxr9cdb-aZ1LNEdE3l63yynCG_ea8KQmS8ISJS5TWtHf98OQzKBAI56zbbEQbcyXrU8evAWKRYmpu1dInWv-iI0jOdR3w7Gv92AltsuQa6oNtZMZ5QYID5LZKPidKqledTJcKTkGRSSvubusimevEAUJg5rKQKTQecA-4-pHS0mPcsvj_wlbE-X0a4LkHSXf2DBJ9uc4wHij7zwXY15QgpMd3i5zWE5FN6anTzdo-LBR0Ng_DvaxkC8qqeh_deECUB9hpGcXja-LKGaky1vaXWv3UoxnmSxvZnmrF9iZPPh7DICtkxEVYX24gSz57E3LHcC3UlQi207By9LolF11iSF0wKohBBe-XbXUJ1dmYTfF3HDLwOczUqXlK1VrmleHvyYOu0unOCBWxayJmZgeMQGEY1ZQSwlKKcpRQpLLrODO84U1GdWJMD6FV6oFVj3cL_w7tOe0SQBBK_KLqQEjO8kxG2cKFtwM5URfsxPPwhhtIFr0HlAxhG7uww1-rlt8yrp0Bc3vz4TFKoRzdZtTLKFyeiFClGZGyLi8AYIqVbMryvYCxkmpE-AV0VHc2boS52yOTuUvo3Vr3x6ZCbkUjr01PY_u50rPTWO5Mx7YHuhgj6Wj95ECKSDzbKB13f89tfSDyxgvL1VtLdRcrt9WkrBs1iJjwbnZNSyeqCEaYYxFN_a_9IM776ePXfxnW7JxSmw_Grtn5uH__7xc0tkB-PuGeNWM1boT_ehvKevIdMazHCfeD9ZIc0j6mOxu1DGLL9Pnv8YUWdzWbvz5Ztmssu1t1gaRylxOtVg7eFgIsZQDCsrwhAcZ1k0XYxGqiRLJNJqqHS6hjX4brJAOGq8OkWJKRFhmVIO4Nt9lZzNZZwo4-uQzj2NadfsK0pWGriaioXtk9nyFL1tr1CIIo3C1WVmZb4Gak2yDgXSZQ9rETMiDQTu5M2h-JXt7B_NEQUdJbtB6lC_e_Ygz3IrKZKBnrUtBuIBMzuRyMA8CKOdm2zpj8-6PKJ-EZsq4Nq1LZCEWYCzvVS4OrE1PLvmAk1Jt-uSUflR9bHYRvLZx5xoHeKO52SBgwc8Sn2arAN93kokZVjRNG6ZTOfG525NzvEYPnhHnDq4_gGJlaDt1oYmtDGDUnnepJa4PekA8rnjW3gvAu2OwcjpTZ9XfW_ilRcWt0A1kFZktYstz15T93NqofNBQLDjgnbazRr6kf3RSpYQF0TWveeD_OK3vyRGblY-TxDyPumwExAb4oI5cOIdkEsYwVmHoxlGyFeKPDTTaW6fALXEoxlRyv5qhajai59l4bGRGwXVx8b-uSm2dwhFTFBPK48d10BvpxMuWeDsNWi9xzlVeIXcnYpCh70y9fVwAHxdQda3-nmdw8pUEsLLW8AzfXJ9T7c9qX-gKo4zQZ40VERnvGJrvgGQzS08C8XaM0oWqvsJekvPJNMiITn1m6_dFuEhSLApS3kEwevzTU3qNU0gXqNHTPhZpnnsd43o33HiYq3z30c_7EJKVsGFJ62do2ZS25KZiUBVRzran18KF5BFSPNYL35sMzNg-G1w2HKom3f65D2NCkZCMqsolYTYjwq-STqZexdEq0uTqsJNn7YiEpgqWFAEQ_qVSdJp9jEPVVMKZrr4qPosiFvs-SQbVe4lQqbxvZSlX65zMaxNOxcPRvpRL2B3bwi6jI1nWwkx_H-IfHm-eO6mj1OCxd69vXlSVVWyAyihQAHYEb9qnhAc-7u1GcwNMOJNVjkdoTgMxG1hi__Zk-HdaPq8Dmoq6ma_RY1iDDaOkYf6Xt94Wm01wtxCRihWXCe9uj0gOaV7bVKCdpYM2kNvb0XzOq-0K8R1CVpiAAHdhUoyQrrn15RCzys18iHckIRQnyvObgcHItaApw-cQOs59_GQvQCyGwWps78Em7gRd_B_CHP_kKGV3vwE9-ri3tisZ3LdI32SdBg0l4Qq8pn3CyLylA6v1l9NCw0XrrMwrJIBXBSI6BSO-oCOuOPaHt5uglTKc0Z8RwWqhCL5TkadsVzEmzI4VDD83FId0KCU-ZtnUj3OFf0wNeQeOaTpA_6RK4C_T0yh6iM4gn-eURzGh4bRfddsjZfRLdvj9ANq_x2dVxhS2Zvjmr9XvvSrI5ZSzv9pu-Vu3b2lVYeSTK03DdOnvp-jyIk5FqApCE2pxvJbPAYzid282_nNgHSvXnASXEVX1qt4SGXOGrj8oHfVOQ5wK47Gh5Ghk673cL2XLsr46vwZptCQvwVIxrKXsN1zopN7hPlNXTCjKAIA3UwVgYEi0eMfajGcV2YXZO0b3yK01EAZCu0nEHWQhG7NanoezBqGWdAaoOPGNhGvki7vhjQCcfmQKChzGoFJct_ezehrxzonC9U8DJQ1TIOD0c5XXeILlz0Oi3t5gQv4doF8hOSs-yOTSnYKiYvnBbrwgaQAMPE4YMCsQ94kf8zfwLAKH49wj4Q-wmpZ8FA1t0uUSOCMFnOzf3pUtdRW5m2fR9XQmwKZ5NuBQ0akToSnH3Sn_yxjrIhv6tCh8vACjweR1QKBL9ot2N43XtDHAz29o9nZlZj6Co9MaFggAEhLkaEUsnc_eswcJ3rnLAEQVbwdgAQ

Requested by

Host: 3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com
URL: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

66.102.1.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

81e06ec04ab6277bf918d5b167b95e5d88cc52c4766df13e9a30dc91c3821e9d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Oct 2021 09:23:59 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18943
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ca Show response
choices.truste.com/ Frame BF5A 27 KB
10 KB 28ms
8ms Script
text/javascript 13.32.121.66
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://choices.truste.com/ca?pid=digitas01&aid=hpeus01&js=pmw0&cid=2&c=digitas01cont2&w=300&h=250
Requested by: Host: 3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com
URL: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.121.66 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-121-66.fra60.r.cloudfront.net
Software: nginx /
Resource Hash: 8fa8636d235648561126bb2c6af94db8baae7be336ebe5aa1467382b560fac34

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Oct 2021 09:04:28 GMT
content-encoding: gzip
server: nginx
age: 1171
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript;charset=UTF-8
via: 1.1 6b17c6258978715ba0681e1d5589502c.cloudfront.net (CloudFront)
cache-control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
x-amz-cf-pop: FRA60-P1
x-amz-cf-id: kzvXrQfD2s4SmfSOqoVrTjOrsGUYduuReXok2sojHMlWLT5jXJ8EgA==
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211011/r20110914/client/ Frame BF5A 3 KB
1 KB 9ms
7ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211011/r20110914/client/window_focus_fy2019.js

Requested by

Host: 3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com
URL: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0bb775e23934c5478dab7517dbf8a614834c96e926c4498b734399eb8a2e640d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 09:23:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 50
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1426
x-xss-protection: 0
server: cafe
etag: 18061233391346882222
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 28 Oct 2021 09:23:09 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame BF5A 123 KB
38 KB 46ms
22ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com
URL: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

393cf048c5b518e266aa392aa2540de2a0d5538f0bae4f44b1b6a89f095a85f7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 09:23:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37935
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1633952256361887"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 14 Oct 2021 09:23:59 GMT

GET
H2 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211011/r20110914/client/ Frame BF5A 14 KB
6 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211011/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com
URL: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f4726d988effd5253298f2a2738ca92d780d4105af0ce67eb7e7d1c748fb6909

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 09:22:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 87
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6281
x-xss-protection: 0
server: cafe
etag: 18349783599053866072
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 28 Oct 2021 09:22:32 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame BF5A 0
0 16ms
15ms Image
text/html 2a00:1450:4001:812::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaTrJV1h2bcYYiHfEIlsINzgRsnTssHp7wOMMIqQGo--EIbbpF7CBF_hY14_KBpzHA-o1mSjcrGSRGNqMvXMIwbnJL-TeQ
Requested by: Host: 3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com
URL: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:812::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 2F8A 624 B
340 B 19ms
18ms Document
text/html 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CPnoIxCA2vS7AhiEkpG1ATAB&v=APEucNW2o1-DHdMDYff0TrYrmCqFvtleC7IY0iKW5txmfGk1_DdTsVimUBQX105YCHwclIrpRJnJR1YfcnpQrh92ezTspY17G5g9mEdUvnlMoXP_fvE7HD0-OsGO3ugzZlVbg5CEyuQASWbvdp66EaiZT-jvp9y7NeZwtBet5EVldNTlMuhWEiM

Requested by

Host: 3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com
URL: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /xbbe/pixel?d=CPnoIxCA2vS7AhiEkpG1ATAB&v=APEucNW2o1-DHdMDYff0TrYrmCqFvtleC7IY0iKW5txmfGk1_DdTsVimUBQX105YCHwclIrpRJnJR1YfcnpQrh92ezTspY17G5g9mEdUvnlMoXP_fvE7HD0-OsGO3ugzZlVbg5CEyuQASWbvdp66EaiZT-jvp9y7NeZwtBet5EVldNTlMuhWEiM
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
cookie: IDE=AHWqTUlopxitySf2MkNATtgMj4sCbW4PdSTqR7wFButfVKU5IY96dTnuVrJvps2xJUk
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Thu, 14 Oct 2021 09:23:59 GMT
server: cafe
cache-control: private
content-length: 276
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 897F 11 KB
9 KB 36ms
35ms Script
text/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-D7Ssv5Mp8Ct54XYdBYrAER3yHkl56hc3bxDYx9moA31TVCu378L7IMd7LbEZEeyaUvwI7_12GBhPTyDGTK8mE3Mn4tizukJ3TEb0XyCY7eo9moNGRaZFcgN6_LOs73CR5EfXEbKFrhmDos79sou4KTnkYgxA&dbm_d=AKAmf-CAdwIghO6vyaLYjDF-F3zLb5uTPH-Sev7KqWrbpjLFecflXt0fUmOTmzbcxOYv8QqKmfYqP1bgsOz-ylipRG8v7vmEC1AuuLDoWEDhRp9jEGW9g0ubU7wPp5p2q0Gum8VemZ-b3Zp-y44sm5HU2rUnAvL1EZRsd555U50lwKbgd1xqX95kraPIYDO5ZbP54ey3dIq0tV0jHNEeeOq13B_cL5wIruQN2igwrYPdOnYcwWs3lIIyMiI_BPgyp-7JAzooWr-vCz0zn2aGh3TwsoA8YHIed6o6BlgSu8Zz8uY1aMJ7uAg4rXH3_qXaeYNBAWA-xvdNGsyWsSvVqH-ZKCdLQOj7Darya-mRHsiJFZb8hx11XOkEW-f1GlqL4PZEgK4xyZUuf9myl8OWIkgmnfs5pAFP7yrJzCb-S3S1SPlc94RmV9v4rtthGWCZGWJmt23-uxLZLU4txMoWNqUwUHNT_gvlsSmGv6zHt1UxRinkk6xelW2zAO0AgyT0iBngf4wU087cyzg_BiqphFWiVeHVcgCkEYRf7LTZtBU17gD19_4lKKT4RWsd01ILDVAMpJRETrQWX3JfdKwUIb-5ooLIJSiDXwiJDturDp3PaOPPVzaHi4NtXYwqFGgoEWmek7m7eNiHkxXTdgFwl_nmqaKvMxx_qR5DlK1pb9MDoiaBKlIp2HACDLVA6fPM0D6exyu7ouHasPzi0YRd_80v7qpJW_nEJEZAmrm4wzo5NaJPTf8IN4yohIyxDYPL6EwMhWM9MhVc7EUgDWUfB7wjk8cXHbZ8fRaYD4mGnyE1YS0KNmNEF72Y8vydCYdeZBlZTvn4OATtxeDpuQ_V61SrHLGjs8DMSyxTXKwSUpD1e63S9WmLEtkw9PNgpqZ8uFNCPOYBDNhJj3mq2_ENrGgKavnWZX7He6FNXAFURv2GnR2DQEviSYSEczVLAtNY3tCmo2u7gFzKiyENaCDzq6sc0Dgpi4vnpQgtMVrDFNHBozFpgeRL51IqHFcOdMbh9YgnR2eV8mBq_LgiY3q6aXpR5anoBGg3yZ4_uEmzfqQOKsRWvuduKaGcI0TSR4sp0NcomJcuFErA_FilI2NYXW2MVJwGkG2bBTLktwRWB1MiDgVw7rBd7v-PusBDvkugwgt5tR9p0PtlXA-PVb5zewMqAHEM4XcG_XhhHfnaqRjj8mPasK1DwiruX1QJoQYVX-ghP3rRXh0-L06ikyhdXzcn8l4GpVWQUqqzeOo03auz9jUeljBuuPAnG5k7W1rdqXfpzZqZaCponEsBe3VsaarBc55Bp7AtNFxwnID7zUjFttMrUT9aS2OP1CfjJ7_2eFIrpspYDy5ZH13-V-EB_vN79P2rVpQfgDel1a4G3aEdNYapAk6Hmg0pW4pjrt66_xiW21cUlCYH8MN8Yg1AzeD1brZgUx-ns4jQ8u-f7aaQep5Wf1yUPlQP-ajin1m7Jh-KTIyNkWqjvwVBVN8bMwIlcuuJCByysvLx9nha8JQ_WqMmHhD0FutlvCjk62luOww-VFR-pG1JcvKPWtjLpeEbNcdWvG6LZMx1BSXWco9RSCjgs3ULy9F3rYotWQuRqfo4tvp1nkyI2NHWQIq0iZjUcaAUxAJNDYNl1DFgu8u0-pLdVOaTDhGAmmbjs8lcZ5U0-VDiEW7jLu8oBgx2fDo4eDgWAuXRFsFY1IpUWdkkfVsVIT0PmKTRAv64LfToEWLoqXLfdx4zqxy3ikHDgyzfCNs684sHoAwkr6GakElHA8QSvOZA2-lzUOQowwAtgaeG52O4SVB5bM-aPtHwVYyM0ukl29MKzlhbJe4TEJEv_QT9Asno6MjkYnizLWObtal--SVoNN7otqy0sVkknU33YJmoqzP5ZVKalJOMoWMHDP235Eju59XbKeysDGl-2vDBzcIZLclvyUybXPir6TYPCEkp7M_SImzhJkcW4PWLMXPhR5Td-1RhL-_AUArRsOZNHmZZKueAleNwjztz0osVGK0Ii40hc8XyWcolUv4kHbFXqd6Jt7Ca2BHoz20VbrYGEm8jJoui7LJdTaJpj_VSMB_M6Vs5GqV1dYcls4JZz4Q3LbvDbhfV2mV5P7Fxh7B4Zug7-nO_1ltITWAeg6TdPUYWSlX3B9FpXKlF49h9F9ZIUaJEb9RoHL2tdmE9NIlcCLLg16kA5895pLW4oWRjAw3-GF65vPh45GKU8nwSPiwqGO4vZJOVxWAqXe4OSEx86q7FD1hrRRu1__91YH13q_f8VVVD4cyLf7fwYpQc3bxN4NKL9tjgMdWSJy4mbC_T0GaCByJG0GDVegI1Xp2ebAJKO7us1GivZH59qSfG8LIpuTuRGMdHMfho5jtoJGjlXMO2AsM8LCOvonWCHOkKJBWYHo4Y3LYBHBDdWyi452a-0onQT18CgllK2-ibfGrqVP6bSmsUwzspYPVzXrWWCGdH7_Vy-ZLqtjmSTjK2g_Leh7m0DZ60gCDNUiycYxF-xOX8e-__XvTP92uMr6yODx0l_eBsjQhPkLqjI3edx-eo_9Vj2hsmRXEXHvXv-Uw7Yf_itjbrY275lRNISu9ciCUaPHG7og&cid=CAASEuRo-UJ_owLbHU6971ajYwvbKw&rfl=1%2Chttps%253A%252F%252Fby-them.com%252F%240

Requested by

Host: by-them.com
URL: https://by-them.com/430811?utm_medium=email&utm_source=mag_W000000003_thu&utm_campaign=mag_9999_0930&trflg=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3946b9d803e06a58a806b89d74d693a74c2f9fab878d678401f6ffe685d028e8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Oct 2021 09:23:59 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8728
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 897F 42 B
107 B 39ms
38ms Image
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-D0ZJJtaWslI03yZztkYMeGE_OGpUE2qp1ywkTDr1rFQ_91pKcP6E6cIi10NJPbB9WffkkNqaoWVh16SeWOTizfDP4SXBgXxbBG2zeyqLPoXlvOiYc

Requested by

Host: 3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com
URL: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Oct 2021 09:23:59 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 adj Show response
bid.g.doubleclick.net/xbbe/creative/ Frame 897F 56 KB
19 KB 64ms
38ms Script
text/javascript 66.102.1.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://bid.g.doubleclick.net/xbbe/creative/adj?p=APEucNVLdPOzFTTB6sf8aEPJc2gliaLWUtovRx_Xp6s19gT5I6bmbcU&d=CnkAoCZ_4FsYNDrI4QWt6468DL1Tn7GgxAlnSpksWz-EguXTwCzLXs7RyhIWIed291sU17_5rWv6z17nlmnWM9kUgBj_xQsPCv26ZGcZwNhAHJrxQpBIhJuZoW0unTKlzYbqwozd5ixc2hxOXL2qb5-LKOatlJzyPf7NEqkRAKAmf-BtC24zKL8R13Swy8pqCJC6mFNEKkrs5mL9czpBlpnSGpE7BENEdu4qP0i6-14we8o7_XUsNlBda_M4F-YhsWDWy1-AyNs7fi5817NGGsabB2vqhouPLtPBLkm_bz8Vnq6vT0g8n4KAn1GTpA5rPrYMinV6bFPEeHO552Pnf2nEc7tElg3uTNj0OfpuJqekw756qgELF2bE8Zfv1VbS7ckYqESt5rlAsEVpXeAZjsFuVT34rmHMm2ohWSLe93vlD9FgvfR4Rn4BdjIAxARFJcTlwD8M_FH0la4Vz8j-0jSDxr2GCKEZ4YngTwux_2zeUSzvZLuW0ZDLMRz7LAIorUZJA9hYvNag-JWh2oj5Po-BlrvjPBDczsNIhWx6Xjqr4VsF1jnUqeHD483tGgStMStWUTfZoSzTMcuE9sUR07H45eHEIwhfEcZMEeD1R25KnRDQPcIozHRkesPtLWjOEmz8wVdvaHLZD0GzNrS2y8-IXfLp22d0DU0z4b044ID1uhZ5Lpn-rnGTRbrsFHkE1z_huiT0uSSdENKsKr3ZYGnQB22NMovfLhfCVsuY3Qpnd_I7_ucXqZqeaQX7AsPt7NweCR6Nu2GH28PqBvnpzt3YjOPjN5MFFgx8wsc0FU8_8kf-vnJGtX8hnO898knw2iohtT8JMHqGVD88AlNp-I9ueS-kkcGiq4eT3CAVE8aSaSs_Ui6KKvBBiFWRMI7Wy5rBr-7M61PRDxMRtyj8C8iOt6a5A3P7eYsITvkGcO_38Q-s-9mL4lCKFH4NTTocQNXGam8Da3KKHsK0TCsodYRShVrr0nCWY8K9WPoeWCpbniDuVQhUYhRc3LdJKgTHP1FlvJpm42XJ3U4GATNJA6QXqMMoYbIWZAgS_9A9pR8t4VC9qVP7s6p15hfXKOjFArxhdyQO5itQHyxkB_db1FtFzmCu6skqhxN5U1KNzVZIKgjLh-3THPCF40q0sBsKlZ-2UZh5gAhOG8A7hiyn_1JFzyIINtWESjmW5_5eYU64MMze_G0-c_zi4tge5DBQ1qko1GOv1Y0GhD4OLWKR2W41_Q6kP7f8I_dxKpSSB6zTGVOYeGuJNImzww9xtSLd0vMWSd9Joi-l6yRygipcLnoohqqr6kSLj1zTGnkEQywiNP4fJmClPoyntJTmUuChaCZcC3AXYKl3RwO2k_FKJt6-JcAyIHyfS4C8svHFNOtDE01kuLy3chd5qn5GQ8gb1cKtMhUvNvUgWNYjZuWRJ_-5V4YobtJkSGL39jRLlo0qbwO8UzhGGulDd7d0R1lz4XdIxsPt0txS3CDL_DpFJiyP520nQu1jBuJ7LbxjxvZRY7IXaoObEMglptvyOOxHcUuvx6xZ-9_V3sW3bK77dYGG48hZk_16LCdYB2JjMWSrSM37vN1vWZeCpEVKWDfXbThNAlkd5QfdpUTZFP_FPBgce3R_T3aOMxMC-6ypw2_1voI9plQQaivgtp-p2R2gL8TZPlcjW2-WM7ASyGx_qOPFJ5rzJ57XoeayO5lkVe11w35m8jfOXUGrQ9q2S9JW3iV9hJKikL-o65bc8HlJMdTc28xGJbsgSTbfyTn9KSlDg1CyUpZmR82b3ZvAwwG6-gANgj6qAm27BEQ_zT8DKHrdj8VM9v1pCFNSblTfZt6rpmg8s3muyODojuCP88-lB5tc1ZBQlt_RhHTcddoyTsGyOoDmX120pTiIGVOa9k4AeqaO-ZcYUAdZV7lfOzFJradDzzYzmqwpqj5fm3MjZ_MDZWH-_Q9wxRi4mCRfYvrM2RpO7zcbwuyjV8IlMcuyU6INJYck_A40shhPEZ0xukfj-Pa5VGaxIDE0J4RsQ1nM_w8Aw7he_XybA1-ePFVy7gSqdRshKzT45tmAwU74sFhPJlaEwYSnJav_vJ2VA1Rmy_d6NcYGKbhAjObFPxovOjWul0rZ4CiCsveP41np0jv3yBux-_zw3NIxs7xhSY78bTL_3iRFUBC-o97-RKetiSiylFaYQSO7Qwa5ajJaveGxCMkDUV4rLkB22kdEjtR2A-ioE4n04l7-BGu8_4Gn6lv7Hvrhd8gRWwC4KW1_IBYYkicAETo6dajOA4BKoXqEMGNMH0JJypmosTtqzSNV_uqtuVRWx8c80b_e5Jxx1xTc5DtTq28WaXKIy06ZfBdqz-OR0ArbLtotS47Zr0yNv7s5y8DhGTfDbs3XjNs_MM-QsvB7Y6NihrS2A9WdAoUgeojeMtAM0agQjG8IXZ25K2rI1XrCrqCAn986nxEPv0j_QxMWfjFGu6LDjTIqaUoVkowCBVGkE8Jjnbibwx-Aad-eN-VaQiqbJbAfywLQ0gjp8m4PSDttB1ebwcjJgMarxHHZIZP3mOYlA75Xr8baFJsnL6_RkdNZPtytXc5xWP96hwLir9GnyUSJEDy7OeNwoqKFCrIuzVFoukrUAdnHt5xMomEHx33j9Mlwu0kijEq3Y1aBfbMeyETgM7gx75K6w9JP9VTn4jlJ-UCjjFHEYwv2xa-xMuarppA8RaXds5xcDSwAs2km37xGaX4GKqUXH-5I4FuCLfBVjQGxrn3MYqi5XgP1WEePPoG5DPOj2cCBxUtCaSeeC8iItY3Ond0TKLpiaG6q3fUAYUvO0ZDbl1li_KkjAUj6opvujk73pq9pnpX0BhGyXv2UxKZmFzS4yYirONN-V3SPJPR55FjzhDcrLc-rkFLnmaQPKINog0QEqYoTMgQbgKg91UgPRou2ydtmh0B-FRV29IBEOve9OYJnpvHL68fj52jjKWVKAIKGaL9j4lrhaW6Bzdc0SSjQz-uFon7Qbmd_vJHSESJU3Rt9WP0G-paPMscgAe3c_66sMMYc4N7jf0QEW1d62RoQtd3llQsnmbrDpAZpOIrsk9kW6JPODhYbG5Yb0hNK3Zf9zbtAZ8f__zqrSgnxNB4RbG4Vz1jWGhYIABIS5Gj5Qn-jAtsdTr3vVqNjC9srYAE

Requested by

Host: 3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com
URL: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

66.102.1.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4b5f2fb6df9ad449285d7cf4b83277353472c9107f4faed6f02bb1ab191751db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Oct 2021 09:23:59 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18825
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ca Show response
choices.truste.com/ Frame 897F 27 KB
10 KB 24ms
9ms Script
text/javascript 13.32.121.66
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://choices.truste.com/ca?pid=digitas01&aid=hpeus01&js=pmw0&cid=2&c=digitas01cont2&w=300&h=250
Requested by: Host: 3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com
URL: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.121.66 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-121-66.fra60.r.cloudfront.net
Software: nginx /
Resource Hash: 8fa8636d235648561126bb2c6af94db8baae7be336ebe5aa1467382b560fac34

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Oct 2021 09:04:28 GMT
content-encoding: gzip
server: nginx
age: 1171
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript;charset=UTF-8
via: 1.1 6b17c6258978715ba0681e1d5589502c.cloudfront.net (CloudFront)
cache-control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
x-amz-cf-pop: FRA60-P1
x-amz-cf-id: QQqUWR7VpyEp75nmTciALraIf4ny_InJDto02r5OtUQT3KhOPbMSjw==
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211011/r20110914/client/ Frame 897F 3 KB
1 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211011/r20110914/client/window_focus_fy2019.js

Requested by

Host: 3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com
URL: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0bb775e23934c5478dab7517dbf8a614834c96e926c4498b734399eb8a2e640d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 09:23:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 50
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1426
x-xss-protection: 0
server: cafe
etag: 18061233391346882222
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 28 Oct 2021 09:23:09 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 897F 123 KB
37 KB 57ms
38ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com
URL: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

393cf048c5b518e266aa392aa2540de2a0d5538f0bae4f44b1b6a89f095a85f7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 09:23:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37935
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1633952256361887"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 14 Oct 2021 09:23:59 GMT

GET
H2 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211011/r20110914/client/ Frame 897F 14 KB
6 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211011/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com
URL: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f4726d988effd5253298f2a2738ca92d780d4105af0ce67eb7e7d1c748fb6909

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 09:22:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 87
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6281
x-xss-protection: 0
server: cafe
etag: 18349783599053866072
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 28 Oct 2021 09:22:32 GMT

GET
H2 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 897F 41 KB
15 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-D7Ssv5Mp8Ct54XYdBYrAER3yHkl56hc3bxDYx9moA31TVCu378L7IMd7LbEZEeyaUvwI7_12GBhPTyDGTK8mE3Mn4tizukJ3TEb0XyCY7eo9moNGRaZFcgN6_LOs73CR5EfXEbKFrhmDos79sou4KTnkYgxA&dbm_d=AKAmf-CAdwIghO6vyaLYjDF-F3zLb5uTPH-Sev7KqWrbpjLFecflXt0fUmOTmzbcxOYv8QqKmfYqP1bgsOz-ylipRG8v7vmEC1AuuLDoWEDhRp9jEGW9g0ubU7wPp5p2q0Gum8VemZ-b3Zp-y44sm5HU2rUnAvL1EZRsd555U50lwKbgd1xqX95kraPIYDO5ZbP54ey3dIq0tV0jHNEeeOq13B_cL5wIruQN2igwrYPdOnYcwWs3lIIyMiI_BPgyp-7JAzooWr-vCz0zn2aGh3TwsoA8YHIed6o6BlgSu8Zz8uY1aMJ7uAg4rXH3_qXaeYNBAWA-xvdNGsyWsSvVqH-ZKCdLQOj7Darya-mRHsiJFZb8hx11XOkEW-f1GlqL4PZEgK4xyZUuf9myl8OWIkgmnfs5pAFP7yrJzCb-S3S1SPlc94RmV9v4rtthGWCZGWJmt23-uxLZLU4txMoWNqUwUHNT_gvlsSmGv6zHt1UxRinkk6xelW2zAO0AgyT0iBngf4wU087cyzg_BiqphFWiVeHVcgCkEYRf7LTZtBU17gD19_4lKKT4RWsd01ILDVAMpJRETrQWX3JfdKwUIb-5ooLIJSiDXwiJDturDp3PaOPPVzaHi4NtXYwqFGgoEWmek7m7eNiHkxXTdgFwl_nmqaKvMxx_qR5DlK1pb9MDoiaBKlIp2HACDLVA6fPM0D6exyu7ouHasPzi0YRd_80v7qpJW_nEJEZAmrm4wzo5NaJPTf8IN4yohIyxDYPL6EwMhWM9MhVc7EUgDWUfB7wjk8cXHbZ8fRaYD4mGnyE1YS0KNmNEF72Y8vydCYdeZBlZTvn4OATtxeDpuQ_V61SrHLGjs8DMSyxTXKwSUpD1e63S9WmLEtkw9PNgpqZ8uFNCPOYBDNhJj3mq2_ENrGgKavnWZX7He6FNXAFURv2GnR2DQEviSYSEczVLAtNY3tCmo2u7gFzKiyENaCDzq6sc0Dgpi4vnpQgtMVrDFNHBozFpgeRL51IqHFcOdMbh9YgnR2eV8mBq_LgiY3q6aXpR5anoBGg3yZ4_uEmzfqQOKsRWvuduKaGcI0TSR4sp0NcomJcuFErA_FilI2NYXW2MVJwGkG2bBTLktwRWB1MiDgVw7rBd7v-PusBDvkugwgt5tR9p0PtlXA-PVb5zewMqAHEM4XcG_XhhHfnaqRjj8mPasK1DwiruX1QJoQYVX-ghP3rRXh0-L06ikyhdXzcn8l4GpVWQUqqzeOo03auz9jUeljBuuPAnG5k7W1rdqXfpzZqZaCponEsBe3VsaarBc55Bp7AtNFxwnID7zUjFttMrUT9aS2OP1CfjJ7_2eFIrpspYDy5ZH13-V-EB_vN79P2rVpQfgDel1a4G3aEdNYapAk6Hmg0pW4pjrt66_xiW21cUlCYH8MN8Yg1AzeD1brZgUx-ns4jQ8u-f7aaQep5Wf1yUPlQP-ajin1m7Jh-KTIyNkWqjvwVBVN8bMwIlcuuJCByysvLx9nha8JQ_WqMmHhD0FutlvCjk62luOww-VFR-pG1JcvKPWtjLpeEbNcdWvG6LZMx1BSXWco9RSCjgs3ULy9F3rYotWQuRqfo4tvp1nkyI2NHWQIq0iZjUcaAUxAJNDYNl1DFgu8u0-pLdVOaTDhGAmmbjs8lcZ5U0-VDiEW7jLu8oBgx2fDo4eDgWAuXRFsFY1IpUWdkkfVsVIT0PmKTRAv64LfToEWLoqXLfdx4zqxy3ikHDgyzfCNs684sHoAwkr6GakElHA8QSvOZA2-lzUOQowwAtgaeG52O4SVB5bM-aPtHwVYyM0ukl29MKzlhbJe4TEJEv_QT9Asno6MjkYnizLWObtal--SVoNN7otqy0sVkknU33YJmoqzP5ZVKalJOMoWMHDP235Eju59XbKeysDGl-2vDBzcIZLclvyUybXPir6TYPCEkp7M_SImzhJkcW4PWLMXPhR5Td-1RhL-_AUArRsOZNHmZZKueAleNwjztz0osVGK0Ii40hc8XyWcolUv4kHbFXqd6Jt7Ca2BHoz20VbrYGEm8jJoui7LJdTaJpj_VSMB_M6Vs5GqV1dYcls4JZz4Q3LbvDbhfV2mV5P7Fxh7B4Zug7-nO_1ltITWAeg6TdPUYWSlX3B9FpXKlF49h9F9ZIUaJEb9RoHL2tdmE9NIlcCLLg16kA5895pLW4oWRjAw3-GF65vPh45GKU8nwSPiwqGO4vZJOVxWAqXe4OSEx86q7FD1hrRRu1__91YH13q_f8VVVD4cyLf7fwYpQc3bxN4NKL9tjgMdWSJy4mbC_T0GaCByJG0GDVegI1Xp2ebAJKO7us1GivZH59qSfG8LIpuTuRGMdHMfho5jtoJGjlXMO2AsM8LCOvonWCHOkKJBWYHo4Y3LYBHBDdWyi452a-0onQT18CgllK2-ibfGrqVP6bSmsUwzspYPVzXrWWCGdH7_Vy-ZLqtjmSTjK2g_Leh7m0DZ60gCDNUiycYxF-xOX8e-__XvTP92uMr6yODx0l_eBsjQhPkLqjI3edx-eo_9Vj2hsmRXEXHvXv-Uw7Yf_itjbrY275lRNISu9ciCUaPHG7og&cid=CAASEuRo-UJ_owLbHU6971ajYwvbKw&rfl=1%2Chttps%253A%252F%252Fby-them.com%252F%240

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 13 Oct 2021 21:29:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 42891
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
expires: Thu, 13 Oct 2022 21:29:08 GMT

GET
H2 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame BF5A 41 KB
15 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-Df3Kt5LM2-kI5OpeEEEJ09o1r-mCOQ4Z-hmTNqyX5Nu851j2w0BcI45bBeXdBxr53Gjpislx3DoARfKqM915ooCcsU8DGGxEKaNc0jP_bFFLNXr9RR1BhzdHHIeJN8EShfQdQq-vQSvRFEnM0dXze-cSdt5Q&dbm_d=AKAmf-CKsnEKF8eQwn353jvkEga5gkCXYFR8m4Jdk9FEWvLd9pJV4kOQfaWtWQ2f2djH5IGVy8hTgryx-WesbLvDgwFmn2HOEAQd_4AIMgVSK0Lkm1Ur0SAKnOV9HeaGqbir6TtOTOf7O3Jmvy3HAiUkSviIEHv3SrUI88nD-FkaONXLT__qtPtRiMH8sFNxc551oZM8bXYYPDMYWhsmIkJo0RgQq3fTBhSnTmaSy1JZ143xJxJ8pPRGAdpXNKMQDCqBm2QGrPgRGZmoc_JzjnurdY3BA4tpVMohNOaxEeqNLI63fcd7MCffRj9DS5mTA1lXXpHeiVykVzf-Fcg2HhnAh9jzk_4pZ6AaZGzhPe1Jf-G8eq3u6G9pYXRlCOpeK1XPsyVQtN8fFkJal5rrW8rMH3RtvrM_8dJOA3u6BCIktAWbcnq15jlRWIc3YWJOVbi31s-6nxsZa4e2bYQJpfCW1DHx9S3VXt9VUwfCIJbtS0syHfSuUGYoBwVCNk7axGPTFX58nGykdbl6V-strWO587A5MTgnfUgiIY-i1CptjU0BBCIO_KajAGp46AIHLXEEBaEocaJ_cejXbUjeMQhzpuExw8FM4BdopohW5BBuYDpdfVx64GUc3DrhMUEauUm_XxU2_JoQxTf1l7Uz_8iuSFHfrgcgDEVd7BRTI5DPMJ0HNbrlcOjJjZn7GwBqNMFmrZ0us7ZlUDTAzoM2K0PgKPT_xci4NhmQv8_9-kAaB6q1TfXXVWpyhmLthiyMFUj6k2UWTv5amOns567czH0GPmWht7nix6lvoloLdS7Cd9L-vbeOjsjp8O4D_sWf6efLnhL2KjwBEdZMMKMVyt5Vjp_PDSlt_8K20S9kGC8D4w2ykbEI3USmXahKfOTgTGFAxRS8tCOLoTija349TsYxm7b-rfaopFuAn59fFsO-GQHLHcM_OyBt6WwzEVHKlcqZASBj5-mracRd0dPkLA2GwLF-wBaZS8_4N6I3zX1nqH65IHS0HuLPCOV3Lv5ExjYUltwRJN2TkROjoyutes43fgPUuf0Tx3lOHw1TKXvegMfMvRMkjy1jG1uZrr1tYI_ygpnwIzFsaXPT5yKMjw55clbMX-n2OpPzFRtrYGYodsRAK2NK2y6DQz85R5fuQf5y8TqTBIjFUmWNn3zrWZiHBqt4K5DMYdD3GqaqNOGNEO1B98FWzUcB6lDDEw51gWajDpk8J1C3efuprUzhKxzMzB8ApUu1bwuv_KNFxk0TMUcACHbXKdQZntPhhfJ2qvndjMX7zalD2KvpHwvTaz4D-S64i5uahwPLwdNFePFLTVol5d-RpObNHeuhDPMP7FnpxWBlLSOGG1XykcI7Z3XHWULIB821h6DMxbYuEmmvoT21FMCd0BrlgyvJGIHit3OK2-ONo9Uw5yD5DR1-fgFqLlsF8XWPy8MRW1vpxvUubco5ClGMXkw1CUWIkpROcE9JRCor6pByN2ED4HXkbQLlQtfz4d0iA4DyjgkZPjrL_jSMZBd8G_MjmQTe1J5qzByHqdH0b4bUsMwzpQVGQHwH-b7MiuUibP9xcw0cu6FGZP8lSjSY386MjDnntAmbO_62FL3j1WS4VIzARj8cjSfE6Oj4T7of6syqfdnX9ymiTifrpKj-dcFBO8AbDfpzfGaJBG-Te-jTwLb0lJq2_xY2B7Y-bIPAlV35n8V8PcirBIUZ5gs-dry47xNy8uu639C4d03Qeu31jtQeDtEYcFAwoGMPuYDA9tgMkZxqQxDQYeQ6emn86IgDcCW-QY_EhyahbZwk-EX1KpriTYEsjcWEfPTncVniFuqloisJQALZR7G8x8N_lMbUAPN7BeIoiW6IqTjVptIqtKZQPimf4Eex3zWd_hz8QJTt5X7_BZCJjQcS8UFL4hDJTnJ_ZOPQRsap-QyOJNTIkkTGKGIGhH-KzD_BbtsmlDIQG-598O9nyhCfbvy_W-czgbhHcP_93snxnt3KtgDOoacYpQxRm_Q8FT5SyWDx1aHfTrfeU8TdfiDl3kR29YsfeRcLwIM6S9Zj4lXydI-bRst8SQztbSoC4WsQEPF59gIWLOXCrHgfCPDgGyj7EYlqURp7uywJ4j8DdnwUtIUQ9r9zFnkbVNaurQpWFu3c_PR_QZvwoHE2IpsGi-ISRa22WzvCWq1xCIOMScus8fvTtLyxBUHfTfL0fZ7dx2ep0JM234vaRXLqGJTzPWOBzwPun5xbN7F5Sk5wNJ-27Is6er9eiyUOOCoMgRXXu5laZMNWC0KThcaU_9RTHwhInw-Rc7LUlgFsfTriYbIYISbjW6jzqSk0NSkek7kW_Dy5W94d9RxelEtK4RIbU1vA2niBHRqMPHG2PUQTAA5eWMlPeeckMhf09S2DtBOp_Uoh_CAUX5H4kAIzW5_gUyd09Hhuxk3iQ8h6Qf74SsoMGkGPnbuLoj5WWMotFKfRb-I4bqDHp4x6WFDjdxNWWBgDgIe80l_ZcqKugYsEwvjD8y_EjyNItWzKOawHjabzBeMTAmdBtEUONMwScjNWZOrow7kycUiGedd2ZZ8gSVeiiuUST_f6u_lwnZtP86AQxoDOrcgtAtmf9Q1MICBKxg2zGTt0ZvOGBzH2iHYAsiZdZFG8EI20sZH_Mxktqy_wltegElk8f6bqnKM3S9YsJ1wNjyA&cid=CAASEuRoRSydz96zBwneucsARBVvBw&rfl=1%2Chttps%253A%252F%252Fby-them.com%252F%240

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 13 Oct 2021 21:29:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 42891
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
expires: Thu, 13 Oct 2022 21:29:08 GMT

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 46FA 624 B
340 B 21ms
18ms Document
text/html 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CPnoIxCA2vS7AhiSsJG1ATAB&v=APEucNWzrUIoBhhjKhmDJaVQQUImutKJL97hxtV7gH9sNtl5s20-TsZ6-LUHITGXX0nVzQelIoPItH42666lEYgg8oVjKUIFBg34tTTmEINWgHM8FsR_I5kdB6NkBt5Dvw_Lc7_McbYWNjraC6YO4ooD0bXXPirvxH3Snw3mxy5Ao0UJaDPH7Cc

Requested by

Host: 3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com
URL: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /xbbe/pixel?d=CPnoIxCA2vS7AhiSsJG1ATAB&v=APEucNWzrUIoBhhjKhmDJaVQQUImutKJL97hxtV7gH9sNtl5s20-TsZ6-LUHITGXX0nVzQelIoPItH42666lEYgg8oVjKUIFBg34tTTmEINWgHM8FsR_I5kdB6NkBt5Dvw_Lc7_McbYWNjraC6YO4ooD0bXXPirvxH3Snw3mxy5Ao0UJaDPH7Cc
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
cookie: IDE=AHWqTUlopxitySf2MkNATtgMj4sCbW4PdSTqR7wFButfVKU5IY96dTnuVrJvps2xJUk
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Thu, 14 Oct 2021 09:23:59 GMT
server: cafe
cache-control: private
content-length: 276
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 37B5 12 KB
9 KB 34ms
33ms Script
text/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AxMOHLmFOWl5K4r1aVHbxWINqs4rJfx49r2hZAOS-RKlaxB9PceKWtOUMXLewbT61Co6uaOgX3bzA-uY4XM3OB26Ghb63arUyzXsazg70rqDdYBxgYSoKJR3eCRR2xPQeQXUpnWLAUX3esZo44vzdzS0maKg&dbm_d=AKAmf-BZCa-Qtn8TPUPXcS5oxkf2hIIfFEUogSGKzXyYkchZjqCDzvhMIjCneV-oNkFGZns_5tg1rG08A5XUUClnIt7k6NaINxTMP1Nam5viUjDoYBnhlKNkE17BUYuNN1JAMrI3Lo83Dh6bpnIRAAwaFpWxDKhUNli5mxhZr8NAMdOSI-KWLRwsQDtmGMnVzC64B4H9TsEv4lhyfGRb_FoSPy4uI89d8KCEK7UKJkPcNe6sXjNNFG2PbNRzGIjiG74qUpcoQSswVegigaiq5iy6ls3BFTPsuGIaali12j67H3O6crBxp44egT-YiB64qB_sWlIstuP2NLM3MYQ0tbXXAI_voqaGBWo6H5iiZ-eSaxLz8tEpyhFBaweQrxg5tUxOCHqVsFJshN2luSClv5A9BKmf6CJbpdNHWumnizSw2nVJdeVeS7NAPKbfwZb2q1GIF1H8PYM2Vh84D_vp6Fpsegb9_HRVXidrBaS-1-nZqYsTDohFKm0hZgfYJb0Bupv897H-Nsq-dOPooD962NJKWM9cqdIgscP9eBRTt8jFgzRF51Pz9JQMSqGpHU6tiTpjfW28ldZFIRhehe3YvqfqIJlcYITuB4vsvVmP1KqQZpj_sCVBkTdYe8ZHxkUaTaxDFUrdTk29-baXeJH_U1yDIXbyHjn9gMzMIQ2YiyGx_LUhUfvcBxpKTO_mkKxuatw1hfaSqkKQ3cFiDPP1_HPeTHD4BPvj2CiM2j0UIoOLeB52W9HigozXdYvAKiIarChed9gWgKI-Qt8GaE9yoahJBb8LCG_HUHJOu9iTRVDpG5holrblsOZaFChpwgG0APHGhVMXDhIpMScTgKypAmvM5Q92zPmK3gZr7mDZRiWQtu4J5LPghSeHkU6m4iQNjN09Rl6VUCzVa4U2_K8Jx3mYy4OvSS7Akj6wQXHCg4egrm5Kp2W14DiS4pBRc4WenGR5cXbnUuhuOZElRPMqW36ucuYLKgICZ9JtxKmgu8sZaCMPE3MosBqi3sZbGASeZGeZk7MdhckeKJlV-uuhhUo0hX81-497C2cgkD7Xmq-LTsIcSM3RzDjhhbk5e1A09hFTvBo5GTyc22F4yp2uizKRKNhiX02dO0sUhbvnzH_HZroNxxNIQlR83lYu8PZh1ktsZeEZB07nE83a95G2RKEI9wQEzriWJt8EAzOMrpQUT2NsYhKl7OAZKqKto5tfykla9arh9u4L08ZJRL3tYuTtDpz4EuQiLZG95xeG73Kqx-I5KpVTDNLKmvRqKoECxOsnPqJ2N5YlDYqA2K3_OfGnmlHA0xb8od5x8Xwr6n8kmpN9rDXZMenSvaX3wFmI5nGwPYceDZb5ENqk-HO0RTYgqmeO6PqJCpw8klfQ0yJda1ydMmKTKUUSFnPl6nHchgqFqPpCp0Dax-6HfGis_NqvPJOcSjZ7tUVTTyZdmv3quiwHcZs-dQMvC4eNHbQdrLQndSmzIctNo0TOa_tLO66EXzV3ACmekURGQBYp1FNolGAZA4CbmwtKOZ1LNAhdbGme9lBzIAGSBUO2VnHEtiaTBAyFFc9X5VDCTKWfGQ-wIqimrCDKYDqnFi6klGEVGYtOzHxJQ2ELWxp7H9LFaflKZCkXJJ-ejGQ-WrO4yKA2k2MzmndA_ePnb8nt_24betq2ZKbjse3XejsmxSJ1TspL7y7RsYPU3gQWWdPhHOgr5OP45qYViKlXXDRaStNV24GWmumBAd-vO55w67dKcjltMQWqzWNqbh5GiuiSjKqYAyGmbGK98vrUePc8Ta-BocysOFdY1tvAWA4ub6l5r00iTfF6R2xFKfopTEZ_8L9jI0dO4EZfP64etCCpjuzx806PgwqzPmrGIuaJNRzR3sN2celb3BYAEkYa6FV6E1VxGNBPVp5-OjiphXbGMLPBqL4WccnH-cAJG6_FaXaScikznmfoFhp2NG8qUgi6DZ1kqmLME_WfQj1yPWrJPuZPu4h2qx5MhMJ0ggDlIBJ-kAj8ywKsT_bWAckYi4-CIBHUJ44670xBBBitekkFIbV_6H9cAprbDQim3Sdy0Bh1wxtA4OuqGP2DRIYbrv9v6cbfbKlYB3DXlSIBnpGaw-uc4Of-dAMCpAmeWdND9z86-sUccblMah9Bh8ZJ9ZwklkejRdJFyJnVhXYS3ASP7sLqYbx_pdr1p3oveILsr4LY1Ag7-bgR33edXMaZDZw6u9BgtIsOkEBe9OPlTUhg6tkglCNdTMqqxldDqlM3tqPlaabwpfVQaW-bnNMhvrubnKOFmXJKm6fpH36TJbSr_5B7SKTA8w-HKprf9pc5slgaFgfxdB-nNdVgm7qha2-tggJfvguaecT8XSr_omnvdRTTols4dOlODLS3-0VUsHsYMR6YOBu7-YHxgOgAJn06dNthL1cWrs-lFLUnzrzoHH4AotDDFwB-SbmLyvqtVdPdrxeN84aH27zIit_tBgHAsBq0NIaZZGhrcsvz2EphHPC7HSSYxnBKDHGzBmUK12SHGqzcMTEliGZqQIfw0WkO3eYpHfF9gxuqncwCQ8BQmMyRolLbMaIPylSZLhiGlDLrbMBcf4bLQlMEBw&cid=CAASEuRouNPUoGetgnbEW9bR45lwiQ&rfl=1%2Chttps%253A%252F%252Fby-them.com%252F%240

Requested by

Host: by-them.com
URL: https://by-them.com/430811?utm_medium=email&utm_source=mag_W000000003_thu&utm_campaign=mag_9999_0930&trflg=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3e3bd463f444db3a2c1563d9fff3811c2d90beff9019a86708919c5c573a4419

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Oct 2021 09:23:59 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8761
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 37B5 42 B
107 B 41ms
39ms Image
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-DXQF7oKQXQelbqavUrqaMzFItOnkIVPhGrE9tbEe_piyF777LxMR6q1W81OsIe5NbZbIIrfbPGxPy__2SH2azd-bBDMtoZFDbdB9yLP90d1BhKZ6Y

Requested by

Host: 3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com
URL: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Oct 2021 09:23:59 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 adj Show response
bid.g.doubleclick.net/xbbe/creative/ Frame 37B5 56 KB
18 KB 65ms
49ms Script
text/javascript 66.102.1.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://bid.g.doubleclick.net/xbbe/creative/adj?p=APEucNWbq1HWXXFP03WF1i_d-ZOoSpqkzevi7qrB2aJ95VBByKiwxsU&d=CnkAoCZ_4EQ1-onbsWQ7bfiXuTNKrZ9twuulc4vxbGfQD3ZvrB3NmZ27FgY2vACdqcdays75WKwPzdZClmaFE29S_OrO2GcMQvGNAs9tLVf86Z8Ipqi6CfOH1a2Z9nNGJ1A7bPrvoPoDE4eeJQJ4TvEnXEnVE5tfQbB1EqkRAKAmf-AQw0JaAQIImSLWMmKxIkTPA7LvKmo49yQWasZk7UsakYGG0L3vyPYXFWvGq3CNNSOudYKlJPxHzsAoit93at84wNsx0lH-4ASKjzGNOlxyDyamn13RopKrHnyp9lJvd5DvoGlo_Y2K4YW10k10aMUhR-z77pnsPyj_L6H3310D3hzVOftkAKumAIXcfIQMfmezI5XWTIQhDpcitqzsIt8ng-T7PQsd9vRofHad-7iRfXaqPq6J-J1Gb97VjdbLxCAJNNw9QD11WoKaFvoQrqpoTpKZgv8MCP_nwmx9kM9no8UfBvJt0-eiqoMQtLzqXazkKwYsZ2UJH-iMuuvvQqYLQlnCADNB2nVb9ceg_fuEzd1am4iRNiGOtut9OvFkM9XDcszkWsi0E_xGGFHijbMccUBWYyK-ViKFhcspeooNglvfN1lJvj1UDsH3gboUKLf20-tgJ01aVyGcvACzR-vPWHvN8ICOd7QanAhDcUikk-lvdfUVpF6yklb6SLhBjsrJdeLQu0Y7T_LaGk0kWXSEwNu-u2QpIdOD7SaNQj9kihU1bm7zQmuHCzhENYC8jGWIKdGaWiSFpgQw0BwMPqbd3I6o_r8xmDwkXjtynLy1uFmlplXDfDVZs1VBCyVAgXsY5KPxcGUrEaqjLGyCMirWKexQ1GpU8Rc3nDlQLZEvRB5QbcXrlaWISYMrK69XNv6-HITyoXRy21e69QmcoHwbZEjsZB_4pa8OWRcZ66M2CChcchURIoeVnyIprE_Fi_om-r4Tg-_sb6mal1rnVYayNltN7UUWBFGZqT6tay92fFrgRNdhxvkerSGEfk-oyrsKbF3Ha_MuwghMP5LVlzZ6sNyKJBBSk_89qk_zOC91mazqTw_teBBWYrVu7YRfAR4oPKdLAstPSXJnh0FMIqk3Gu98dm9juXfUZEvUeKqr1B9rHffWisWjWU-6NIE-wGUeLSUEHeZ0fS-hC-HeFyK09gD2m47j-F0YpRVVOwFQJX5aMgddCAGbsSuCL75n7ItpdBhODABqR3h6D7g1QVlcwdcdJdEqzrQ4FsT8bKwiFZEUgx71Q5-DXrOTemEX8JDPxIIJbDvx8XFKz0KH43MnXybGcr85-TYTIk8g2waBgxUZPOUqAbdvATXcbak2cBlFWHWcTpuRtj8dulNz36dIS09umdFgsM6IXyD-XSYFtj8Mp0rtpNWZOfQg_JFqimAAmSIsnoSI18XyWIqDfDau7F2WDS5UfLs2M4O1QqZrJ15f-6ZRLf5eMI_m-k9rYN-otmlh-cpMUaJfDt610YJTyOdmTl39DHOk2pt7uvXDycd5XERumNx9w7UoN1gieaR99Rtyf33LwKjVluPFwQRI3BX2x4TJGzt0nFWA7l5UFWUtYkQfmKn1aeFRv-KUSkxjWYziAtMLm6SFjtOCaege8sFAcbBTJQsCZh7yIUziiG6ttcqotV3bI1KudOKPpJGsrlcAe6w2DyGnkAhx2T_r4yvFzCrLJYCqXpyBbVTy7ZNg8Wb2-rlBwMS5Ik1bHyWarWOajXPZZJ6hVG3BTD_FqwXGYyFXR0nYJQswi0kcFVC1yO7VWFNbjtLCn_vV5v4Iq5XJ6CMZMzGZq3vxX1lR3drFsU6gLmqmnb-TasoYDbyFB5-ya6LzyyouzQ7Up_PmyQ_oHyW7PWqPtdnOxxVo9G9WbmBN6M1Yzys6QHMLRbQkAB2x9ZKVCSzBMI3J9fhUwcTY7rcburkff08E6toI1vpwfKleuMyysEYKYoJHtE74s_XrCpZKY5ay_zMUCutfoM5EMlQxhzf1SLKAGGTXFXAdRpAQqNh3N_2uDixScO9bJ9Lw3IjR10dwQREtSDc9HALzvoNzZOelRInSzul3uE7tLmYOWTwbrajVbYindSo3r7mTNdm0A_G-8GGUvO05xgYvsc2j6jsYIQzEW3EbaFAYg-r_9nJh9A84ZSSf2HSMFZ9E_t1Ba0hAmS-eVps1bq9jRZmIs4Itkgy9VyS1CetQ6NtqvJ1QeDYYPeTm2-Bqo93aTHiuYif4SsCwPOJh4vM_PJeS52HeQArvI_w9uv2WgphgNq8FgfvDKJHuqj8e5mOMWkcp_VCxwV4c8LwpnQegbbCGdOs18f0rBOACRTNXQ2HTVebVxi1W2x_FeTdHPIHMGWkJyjFNYttmWJexnQRh3avhkfE5oMx1AKKGy5A7yUcwrzdglGAPF5eh3kUPt1jiNIb0NgTVMTNRhsR6MIF88FeD46rXmloKMVGzclumoO_IaM8VzVkGm922Q2fmqu2Ax39imSU_bKIdS09Mrj88TeEfWOkR_9ChV3ZnXWlWrvrK5pUw13PC45soYJ8AB5hQ-eHepTJEddZmxiy6SE3YfZYMSFIxFCW3RaHmHvE7buD4cXqAMKMPPjiirrBEOoPM2E9dd2mNyNYHI5um9WeiP_u-SlEx8xQ34jJ7xrsGp9Hya36EO6vs0lZ1TVQcsCqL8NVpYy6o7wZ7M_w2G3Y7bbNZrTmR3EXoyIvm9Vp4In1_N0sK5LDASkHZt1Zdrae8l1HPDQKEcjACS7q3Ta1kBrxXe6aHL0d7bOsHPj3pfgJLyJv3Ukv2PV115JoICezw08ek938CmLZWZd3sBy8XyWb4lfEW2iE2O_PEB2rKLhDTEeHSDU_isefvEWGsPuIv-h9B39Muy1pExdBNThLIHtZGOfIBSuwRZx7XtDOrFCphNHPjPwTOj_V8SRaHRx3eWaGMS1wcZ_r4TFHUHKuRy-PpHZvyKCTpXCn9q82p7uu4QqAVv75QprKGGrav7UkneXH7Z11b9-ksp1MbOv8V3wAL-2oR5IPU-xcJY9H-4Hj9b5z5XZOKACF9o1IcAOu69XLlQ3UJZyE6C1-GbNaG7-5r-OzHAHkIUUvpjaA84uBMifVD9B8LsUv0p-Od3vsF10SLmZxX51N19LzZWFeOGhYIABIS5Gi409SgZ62CdsRb1tHjmXCJYAE

Requested by

Host: 3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com
URL: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

66.102.1.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

19fe7d40f4b0c636d19a144cea54ae6c163d8bc049348ed2ecb07de571654b52

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Oct 2021 09:23:59 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18854
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ca Show response
choices.truste.com/ Frame 37B5 27 KB
10 KB 10ms
8ms Script
text/javascript 13.32.121.66
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://choices.truste.com/ca?pid=digitas01&aid=hpeus01&js=pmw0&cid=2&c=digitas01cont2&w=300&h=250
Requested by: Host: 3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com
URL: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.121.66 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-121-66.fra60.r.cloudfront.net
Software: nginx /
Resource Hash: 8fa8636d235648561126bb2c6af94db8baae7be336ebe5aa1467382b560fac34

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Oct 2021 09:04:28 GMT
content-encoding: gzip
server: nginx
age: 1171
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript;charset=UTF-8
via: 1.1 6b17c6258978715ba0681e1d5589502c.cloudfront.net (CloudFront)
cache-control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
x-amz-cf-pop: FRA60-P1
x-amz-cf-id: M9jpAUpPSz9bbnN_fflFQ5G9rUbRT9pfg5IL_lUbnCqUnlyIdVeHaw==
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211011/r20110914/client/ Frame 37B5 3 KB
1 KB 9ms
7ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211011/r20110914/client/window_focus_fy2019.js

Requested by

Host: 3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com
URL: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0bb775e23934c5478dab7517dbf8a614834c96e926c4498b734399eb8a2e640d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 09:23:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 50
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1426
x-xss-protection: 0
server: cafe
etag: 18061233391346882222
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 28 Oct 2021 09:23:09 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 37B5 123 KB
37 KB 18ms
16ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com
URL: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

393cf048c5b518e266aa392aa2540de2a0d5538f0bae4f44b1b6a89f095a85f7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 09:23:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37935
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1633952256361887"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 14 Oct 2021 09:23:59 GMT

GET
H2 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211011/r20110914/client/ Frame 37B5 14 KB
6 KB 8ms
6ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211011/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com
URL: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f4726d988effd5253298f2a2738ca92d780d4105af0ce67eb7e7d1c748fb6909

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 09:22:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 87
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6281
x-xss-protection: 0
server: cafe
etag: 18349783599053866072
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 28 Oct 2021 09:22:32 GMT

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame E03A 624 B
340 B 25ms
24ms Document
text/html 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CPnoIxCA2vS7AhiSsJG1ATAB&v=APEucNXGjk912I_NY7RPbu6FXVPBcJTcTw74KBLowNrZUThuu428WtOPV-4pdyJ6aBs7lTKnMlWiCn3O0dUecIUaCDpvG-nvvnGG77sdleDO97_WckA__RGrsmaiWHFYN68MbspwPRdw0X48WWwKOqqKshlYEdi8n3HsVt9f8oTtY7kr-AKHE7E

Requested by

Host: 3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com
URL: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /xbbe/pixel?d=CPnoIxCA2vS7AhiSsJG1ATAB&v=APEucNXGjk912I_NY7RPbu6FXVPBcJTcTw74KBLowNrZUThuu428WtOPV-4pdyJ6aBs7lTKnMlWiCn3O0dUecIUaCDpvG-nvvnGG77sdleDO97_WckA__RGrsmaiWHFYN68MbspwPRdw0X48WWwKOqqKshlYEdi8n3HsVt9f8oTtY7kr-AKHE7E
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
cookie: IDE=AHWqTUlopxitySf2MkNATtgMj4sCbW4PdSTqR7wFButfVKU5IY96dTnuVrJvps2xJUk
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Thu, 14 Oct 2021 09:23:59 GMT
server: cafe
cache-control: private
content-length: 276
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 2BFD 12 KB
9 KB 38ms
37ms Script
text/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DarZeSWuUosf0zSDYPDqxnMw9MxjcEkYblcjdSqKzYnTIlkTh59pev44rU2j8rYopr_wZzeIolXt12i6-AgohyeN3kKFBfnJ25oYAWn9GwMo_H9CpK4PoZ3f8e7VCJP2pge__HxuZCDa8q1AIVEKYKOhhPbQ&dbm_d=AKAmf-Bf0fhGlaEFZuzG-E1rviBgvk4q0LXg6hYGf09Np05rDU_Q_tFAO8g3s5wNo6r_8h3TxwPBgBpVr8--ArTJvHTki2R6PnDmiI3kV6P5yYU8m-JdAzdTLZIkJ9A3TPDZx28_zzQTHLtlcHpA3hy2_jwgrJPpMeXSUIwqVYPH_c8W0440MFlkw2vz3u5MnS6VDk6MAMGxbNoAyqmNsaNf3exFHd-PvKiVO4ine6a1mtUGNTJHqNYvExdJB79ut1QJs_XYzo-J0MwMonupyLU2Hucrdokuz2XO2enOtQ8VyL0Q-ypbIcQGSFP0Rqi9yvwahfeA68LCULWlR_fhZaOP7BR5bKUV47JeR1HaclNjh0fD_yKJW_kGyOqquE03BO5UrmWPeB9xLw7gvmGmQ899CUOKb7h4Ay5gZQZVye1wS3QATLZ3_X_lcJr9uWcc7ciPP5YH6kdSS3EX8Z4noBV6Ljr7Sq2btv3rzzssIgqZllsSLKUGkt9tLcoDg1BxANz3MAFlwzGbPQ8UiFkD149G5E-qei-PkNacl3tVyQ5K1bTPXjU2XEYOHS8Wr5aFNeSihRJk1b9Roun9L7do24BWKf1hv3UWY7hMjbv3AumspKVveiU9kDT-BAwXPgsyEhEOUKoJbUlReW5j3fZIN7W5jwOYIwoJ6fvoUrs5PYwmT8koWKv8-vuJavT23DTXPllVRfp1mXs7KOO2Y_ZmcrCxzjCsG8nDEBOKrqaigVuQZFczTauyvInFnK46J09nYCxoLtHbatdVVaLxewrO_7NPY1yysG49NKdlTq-0idUfKDGQuaLsTXDptVAcNiZsXLwXqyXE11uKNbcXjBx9Z07_H0GdR4GlGbEC95VhcG7vEcAA3HPPtUpPZNTszid82ZteRFEMOxMOuqUNVPzFiQTYXV5HG6OmiQRYB5oLkfoMB_iqYKe7b6fer7E6Ze7Uy9Hr42rW5DINl1GnAv4LZd9yCwDazFpYXaqxdPR3zW9vek43FwoFeTRDtlpjxKbiJuOFRfVPNTaZKbSuyhsBH9dv791qobn8yKxzpHru4sZx2jtVSoj9AMbiDypz-F8bHHiVNwzpuf9gTRr82eT7A2mQNRXkK0yaEtWETs5LAdv-expKKl0UJXIe4--YUgImxBhH8R_T_eP0RbXjLuL4XVgWH_buW081SUKaO3VHvO1CVL4cY89-j4TTg4pb2mtkuq1CjEf6nCA2uZ1dhoqWTG8uCcIdJUyiVUIXXu876aQeQuP5FPuo8ll5yugwoKSB3POrWvgYfsgwe4I6pAjcGKYXxwpNoBcwthJKgVyVqm50eiiT1fb5lF9bZDGy4Fk0AtT9UWkYL77HBvl6WU8GwVaYhCx-KF-GTAqmosxNTq3ZTf8-2VyydGEFq4V72gtUMer1OXy7FNKTjPT7nXkJZ__Ag42zbWtxc7zISfP1PyTAiEeMd__DJzVjaVAJYYIdkOKhqF6HWV3Y5SdnRSHNbwqi8BkOqUu2r9fvEzOXhjKcv9hodh4OLimJvxdsLprl7i5sG4dzH7_SgtEApL3h2-IgphNqVNZth_aa495xoKjw6FKkIX_pif1IDy2EkZNALcoJkK_4_z842QO0qLCHGMY9tpTtWV6LtcDgC1u5ImfpL8JlZNGZHyyNax3FU8rhhsV35nzawz5YG30WNWd3DoOzZt3cDmPtzyJmWpugMeMxJ_8TdEqLWyY_FPg6tyBoqyedATLkOUFJ5dTU4QBGEIN1TCGaBOuYMVhsC0P5sqtE1o5KY3bkkudZkSs6ApNpNW0SfOq8pDMVAc4MsQH44lQkmgOFXCu3JegPiKdyrjNnkWFbvqicvci_4H_A4TXdD0OG6IwVLVMzFTynIa3RAMpVofaMtO01qayrlifMGct7sL8NaoiOMOkk6teO2P3mkBSAqF-O5OSdW059nsh7iPIolAF_6CXAovHoPOLd1zoOe4N_t-XnvrHrLX959rPwCr5ydrZfYOmui9tmwqHli-GPrkUxT9OoCdVH8g5c-1E_6WDGNi6w9lq5IWBPlI1ak1Vf6VtAgoHkpKZQQIQUly5WAg02malj14hfvcH1xPrQnUemcfmIdL2NoIJsBPK6t8jmphIzep28s7NdGxqM9cYb8lN0-P8egybIxBbTUZWMAL1sg6XG2EqlW9ncyS-rqBshZQoTCrU0dArt0No5j91eYb82rOT6ebpuKY02uGNf8rvdAGeopLQQUoKCIMT4A65TQTgl7ZgLWo1oclDbIjnNZ_mzLSzdAagIm9G2SglIiTnkBbrioW5lqaewDZAeE31403RfpjopWMsfom2K9aj5MJf2Ml3JnHBX68AcZ-0AA9YCq4aC5z911RBWkgNPX-tCe_kI8mVYkKVgtq-_S_fh1CVYti4B21RRZ_7o9I6-YKtxbdmPC7Jk2BCR3JpKhvxpWFeNZQXBbI2oA2LlJjZnkLShH40byEMhzjHDfXYaJC_8BF-saaHDuG3-tEJJaso6np8OzEaLZ1p_iHpmKBV2wXx0vE3EpFUVa3zdOgzIw5ctTlC-kVzuHS31YZBYkgyP7BnbCMFNFbFCim0LPD__QIlWuUCC1OJ2_ZMJCKRCh3seVN8cp9CEv0ml-i9SREppv_9EcuMfv0VGFkxOCMa8bqg6DDlCJgYH_-7mjbroImW-KGIOgUrCNIiYAXnge1-B5xElAT_8&cid=CAASEuRoX6xeN-Kyk0weqajotNMDrw&rfl=1%2Chttps%253A%252F%252Fby-them.com%252F%240

Requested by

Host: by-them.com
URL: https://by-them.com/430811?utm_medium=email&utm_source=mag_W000000003_thu&utm_campaign=mag_9999_0930&trflg=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d6c0413497dbae429d836136d871b9dd66d2e07124e5298c551f8a8be0b9930b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Oct 2021 09:23:59 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8882
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 2BFD 42 B
107 B 42ms
40ms Image
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-DcggdLWwYdKZTolTBjrISotsGKMOh_gx2z0-nEtbHfPRiZlBGtCwzZ5rvFvwjwxjzzP0DCJNV6vXNQj9OkxxvaqgblFNkZsu8EkwtRg2M5BQavPa8

Requested by

Host: 3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com
URL: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Oct 2021 09:23:59 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 adj Show response
bid.g.doubleclick.net/xbbe/creative/ Frame 2BFD 56 KB
19 KB 50ms
38ms Script
text/javascript 66.102.1.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://bid.g.doubleclick.net/xbbe/creative/adj?p=APEucNWbq1HWXXFP03WF1i_d-ZOoSpqkzevi7qrB2aJ95VBByKiwxsU&d=CnkAoCZ_4Gk_e2TZmOC_Gsp4H51z49_ZVaLYVdeki3NkwnVSSF-y6G5Ih2LV_YKYVhcz4XoBGgwTRIp1waBtR5EDkp7RzpIEWbGR71Q5y1KsTcgJhUtE9v9FLGbvESpfh6IsDdXmbT_ClTj5f99a5Az9UQYyP90HJqRREvkRAKAmf-CPf6VgCdTtbVzMTUM7qy4-Y2f5IDi49XLV0NCF0ZTs21BoxKSCbR_vCxlu6STBchMHb8ZlPQyBoqkPEMdHM3Z5eBLIWeftLAtoRDhWOgcwdh7y4QxcZi1TFFDwvwupl6WQp1gScf8kVTyI0hbibZsdUFAzIwWqXObQhS6tXdPa1RkoMFFZ0EWdW_YMFXBvL4pj4DTOqM55cGc3zSqBX54M2PR-bZABNPGicNDakH2jP24ZqFJ2gOsCiIaWZZVhYgd-Y9KSXduXwFyBhY09R-XAxJbkbvRbUoM3bZ7LjIou1nyKjv5DwdeKrtfcD-y0eV0KX1_RNxXJ8gCJP_t0Oe7MA70YCLK0XOoggY0wptJUujMVCzK1FPEj67UEkvYuz0yv-Y8Uo-fGqmreZIgioh21OSKniw437YuFLWr3H3zowmTb9-LqLXF-8yAiL8M0fnousJMSkMCE7gymgGxrWxlXJDTUYVgFieEaTa69b7Hd8zEnB_84M0rdsemZ7Nnb009FdBATxAjMk_pE94mG95C39fdr4OiXUW4cy3csxCaHTMnpcDKJL6HU8xJNSq0p1zts7uA7VQ3qe04yXisyXuTB4P1jGgDxZ4x-twehUy0ASIIDBsuUIVc6OhBhLN-1WWNbaGoXgwkgbC8dfXJgqRVPTOvPH-VwGkT3Hk7_A52DYCq4f9Me-h0RurNuCvJqfDHCGb5nY_W64fDx0PIrtptL8a3j3vf94ntjQlESdWe_kXV_uEaMD520rhY1MQ4ZDdMcEYcH9Nl18FnS4x-Z7h0gDju9VHCqr3y6grD9Ra8DZjmNcw6PjQTWUWv7TmvU4HvBQyMgu-bN3jrtEnwxlqyV-pc9mIip19SKws-s60plPbXowmRpmvjIrx-iu_tcapPEfYqFmCf4o8yqNZ9QVdQZ5PYrkL73_DjQ0U7g6QQUWZP4mFl3oA8vTkNqkg10DCnho4Oaod471sNn40gbD9ICxF2cOmHb7-jHbTcSqLxcS8HI8iZoTNPRZfx4xbhcX6XsaOG5NNXDUtxLL67bk3ag5H6zrc8H1hqoOddsmR5wT32g-EiV1AQu1m5phH44BRV2QGtxOKWgUiLwL8cqeGXZvo-sEOs8jt2mdFLV9GJxXf80CwGG9E9upscCbfj68MJVR8V_RTBERMmoiLqmHe6Mph8vDrB1VRAL1Nhbg5skiFFhUtyQcmk8ih75ca2fSWJyU86DCEAKlg3sYKNCTji8mssAa6p1fp756X4Z2O0tor_P16Yq2ksIyRK4mhIGaHt4CKUnIxvR6YmkdaeNNwfaA75kfQQYWxW9s7mIQvzEcgH7xxHaz-g6Co9cKL-q888NUm-CR-JnjG5n3i8zZ-VCYoRsF8KS6pPPIQ1xjIw2ppcH9tZSikYCFYv9P9qsHgWaqWg1NDAoPHB6icfKQDrQN2OlgyR90G6vECRTk07NkE_AYjfBistQ6kkLIbDVp_IlX9DLOZBKm9JDUIV76E63G1pSkoH7x0sMXy09GPazjF-CCVTxysWmCRkvkxWLjhSeOBwGs0WWE9E2uwAwbensPNzxMuBa5gIZ2LP38K6M7JTqm6BRDOlI3fRaJMwes8xcxwMoIwOob19niiZu0_pti4jytBzaWcG7VJraADGCHXOA2WpmhlvfzvCHO69fBTNVNMY23WTnRkLFh7OdRPmN7RDEIWZmfbXouwgbrFnvaraEJh7rmiXcXLu4HfzvJLC1YBYrqAO-igAtBtbth-95EwXft-rnzq0zbec1DQhM2L1SgfL28czed9B-Q0GoKV_2QEYVAz3mOyL36v-o12wn0Oi6s9XOECKlE_xlFGalagNShzotXlDgNbytf7UlScI6IObtbbpxDK_tE5PkFXsFfHIX31_X5zdQyKTQPGWf4MIhSgmdrqYJXI2tKKz8r4kVrzQ1NUI66u1K01awy-gTKe0A5gz1oalgPPvJ3Fs9EiGjdZskTQJY9hp4H-HDidHWwRXOh4dUDFXErAC-tpar8tbn05bk-WeDfCXLT7w8Red8qcjXN4bTAk8YLeduI5ZpqyE_VvFbzCCh8i4MTj-xd9tMXpLAqqVjFhMd7H6t1ATbQCSPh9WHiPHuCBOiYWh2TKNVmP2e3xMeTjdVl1jT-uUR6-aHfwYtCa8QSW4GSYwSKBECXDcNujyriqNmjUY5HN1o-QsJtm_BHKHcxlaC4kSFoimqT0ed6mO21dNuOKUHyq9OgIdOF1K78CvZoyFA89tFqfO4CQ9UQDlvFc_Mx4E5_LmxeKMH06dAHF_cPKinWdP6gf0YAxAGXyXyU3puXIC3-wy7Vh7FbYYGU1pNJRlBCuvo-lVH-823tEmkxtUfVN0e8R33RAjOxQ-J4q7BIQNS86I0ahViJEAyPgE9iMi7g3F75GfzlUIPl05y3968pb4F0se4db2u0FxLFn_u5t_-AF0OLel4Nuez4b8YN5Etn3StvDicoUiQ8RjDJ6VhCPNEmXrZWAukoA09gTIwSogP5e-9aJzxFp1SdAvSCm9S5-30oyXPP4E_TDlDVeskNoAF2qs6qYiPSbPCmzMWBkKvZdaPmpeolxlRC5eL_oy-B2vKdHzY9xR3ksvt5FgF_a6gl7XfhO1Y84zGsVeB60XY0Xgkyw03LiTGxZlkWStJmafvOVek4oSYLASITRmVVfgpXmdFQtc3v554PpNGGQ1vPTs_gt3_rhTLi6OYmVVt4mmpLyc0Zmm-xpsdNCZKSqHOnx9Ge9sOEQUPy8ouoYVMDmh8_mw4V_WOhq-IVdHIifdnqsvv5n9arclm-8BBj7Fl_1Zki95XvlsfOLUmc2LWq956Iz0bxBhZplpPcN86YMjayGRxZKdkzEKbix2rWGkW4KmKX_ox2O8v42qpeQqlq7udM6DEx8tyKDXSr6c9Tm03MeJJgqlc87qVN7Y0j4VBIO1y7IQlrJblKZq5fDH86RVkiscoALN_-j0v_27DkFe2mAh39LF-CtTrnNnyKtWrd7sB8Hn56PaUbk-phIllRcfM16DwxIhEPJA-vgBbemFmG3OnlagFYc67k8YXvCQaFggAEhLkaF-sXjfispNMHqmo6LTTA69gAQ

Requested by

Host: 3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com
URL: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

66.102.1.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ac09d53b2d7ee0253cfb6dd0a8ed9b110d2febae18284991292eede042355632

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Oct 2021 09:23:59 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18969
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ca Show response
choices.truste.com/ Frame 2BFD 27 KB
10 KB 9ms
8ms Script
text/javascript 13.32.121.66
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://choices.truste.com/ca?pid=digitas01&aid=hpeus01&js=pmw0&cid=2&c=digitas01cont2&w=300&h=250
Requested by: Host: 3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com
URL: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.121.66 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-121-66.fra60.r.cloudfront.net
Software: nginx /
Resource Hash: 8fa8636d235648561126bb2c6af94db8baae7be336ebe5aa1467382b560fac34

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Oct 2021 09:04:28 GMT
content-encoding: gzip
server: nginx
age: 1171
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript;charset=UTF-8
via: 1.1 6b17c6258978715ba0681e1d5589502c.cloudfront.net (CloudFront)
cache-control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
x-amz-cf-pop: FRA60-P1
x-amz-cf-id: 7C6cLpiDfWHLa1ZKHoI0mFVjWDbRyv6yjvs39IwobXWt5Fk4TYjfWw==
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211011/r20110914/client/ Frame 2BFD 3 KB
1 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211011/r20110914/client/window_focus_fy2019.js

Requested by

Host: 3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com
URL: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0bb775e23934c5478dab7517dbf8a614834c96e926c4498b734399eb8a2e640d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 09:23:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 50
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1426
x-xss-protection: 0
server: cafe
etag: 18061233391346882222
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 28 Oct 2021 09:23:09 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 2BFD 123 KB
37 KB 23ms
23ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com
URL: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

393cf048c5b518e266aa392aa2540de2a0d5538f0bae4f44b1b6a89f095a85f7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 09:23:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37935
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1633952256361887"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 14 Oct 2021 09:23:59 GMT

GET
H2 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211011/r20110914/client/ Frame 2BFD 14 KB
6 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211011/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com
URL: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f4726d988effd5253298f2a2738ca92d780d4105af0ce67eb7e7d1c748fb6909

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 09:22:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 87
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6281
x-xss-protection: 0
server: cafe
etag: 18349783599053866072
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 28 Oct 2021 09:22:32 GMT

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 052A 640 B
363 B 22ms
19ms Document
text/html 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CPnoIxCA2vS7AhiEkpG1ATAB&v=APEucNXDr64Fc0w_Hu2VJJMTnst1reVoK-dRZn7pMc9q-vQO-R01aFqxXi9rh8Dhda_JAOJEC38qaFXIdCHfuGxD0tAMVzhPGIhD_acgbJoHzapBIWK3LlrA5D9BloNsWxUXgOGE_mrvEpsj0zg_m54AbKlvtb1K3EizvWrQMtAMXqsE2n8KEVk

Requested by

Host: 3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com
URL: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d0e8821e889280c3b745b859e6b3971924723a4562bac65ba8aa0fe44bfc83b2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /xbbe/pixel?d=CPnoIxCA2vS7AhiEkpG1ATAB&v=APEucNXDr64Fc0w_Hu2VJJMTnst1reVoK-dRZn7pMc9q-vQO-R01aFqxXi9rh8Dhda_JAOJEC38qaFXIdCHfuGxD0tAMVzhPGIhD_acgbJoHzapBIWK3LlrA5D9BloNsWxUXgOGE_mrvEpsj0zg_m54AbKlvtb1K3EizvWrQMtAMXqsE2n8KEVk
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
cookie: IDE=AHWqTUlopxitySf2MkNATtgMj4sCbW4PdSTqR7wFButfVKU5IY96dTnuVrJvps2xJUk
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Thu, 14 Oct 2021 09:23:59 GMT
server: cafe
cache-control: private
content-length: 295
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 99DE 12 KB
9 KB 43ms
39ms Script
text/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-B5GzFxjWg0kkzUWw4oUFFBWKWgHgvpj6CQR5W58Nf-NNuu_wXHbZivqW6EQQMquU-Rqk-nyLddYD4X25d5TSpvJmRx2k_2pVxaYyBMc7EIWDpDuJ8fY7rvr0xkqPtnYGkWS5ArScq0AlJNojPrBOGoEXF8Jw&dbm_d=AKAmf-CmR_z3qS7kUvPsIzDPMDKMUvPP9X36oN8PBoasGiVxISZYg8c-EpNzZMob5MLCXW8kI3F0YfpZjpik42vCrQH0Ny0n7cA-nx_E6gC0cWGz6Prgr4y_dEVjs1uPW4QwhtaOJTzBxzjRswhQfsazcDCN7ssDqyUBCQnXJmPBREuNcfjhDrnIm1YlKIV3hs6n2JpaGc_q0BTznpUxP6JwhAkornhtIVrOV_IgFPbXsFJJjLfo6cqp4jD9Ni7ojwDEaSx9straCEzqCnWE3ABqzXEoCEteTFnAwI7Xlko5SpIWrHHnFeRl3Yb4r3wK1jVNK9iLZmygnVikGjtbdevd8QnIENOz9_QZcGsMO3D0egXXxQA0vzVVw5rSoWRyvyyuMCnazI0_wS5FtV-fjF_ugaWP544EvfJKfhjwP9d5V4Eak0ECCJ4KdHxezUSoYUfhqDcgRun0CbLjTCUbsnW8_LMVz5XWhXLooYH8N2O7RJA6g1VfeRhAh4yGNJEpAK-iFRNF3hltrFCKregQFtjd5G8LJgmrNT2CxntWvvrwKkVxcc2zMO1ehdyK3v9Js8DuAeNcgG8XqFNHUOf9iIsWrGRGhXCkg6tYusawezs7g5WJY9Sumwfnnn4Ji9OHxP1_WPYlPZhaT5B9O-4KVCrUnm8VSJHbUWrFusvaC-hE9dhd05YNi25naMPWXygTrCnCrD9kUrJhBiNvBLS-yi1EV0onVxpX4TyzhgNbYvwYFhWHW_p1ZRtI9vXEJe1l0KjHH2AmOFzVAkuxUy2HQrb47NPhlvRtymetywpxCIcoJ_cSXikeiF5lRYYZ8ry-9cc81xWYzFODAFJNTvRW7QNryte1KpuVOy8w5fvU9BIwfv9s39Zk-7YfNXQxfvUA5VdRruT7-5ksdIbALRjiVG7wqrmsg02-0zmbT4wlKm2GvCqvK4Qjp9ix2-yExMst1yBvM_Lpt6jCpTivBpLtNLY6JqK2sEn82hB7utjdG1B-7NCQNf-Hd7C886WlIdKeW2j3HNrhwtxWrOwqR6vNpoD0uWXuH3iJEKFeVqjb74WLLWod-Ck8j_X_B0Y2Lo1VtgNqiXQxN0waGzP1XUrhr_aFV_PWxsmCYRK0HzypwGqm76fkTlUvZOMNi7SnH_JJJ3eVTwIX_yrohIxwV2Uc029RUl2tjKnJfU9Dz31pJLQxEb1Dil7lLM4wYRKz9gMANwJrmpxyysT9n3RRAL7cLHpNpzcYz0Xv_bv8oZJpnFvvbo2upIKo3nqRaJKBtcyXlXHVlJ2wWpxqfOMTbgktlf5MS7mW8koQI2TekAmOU_ecWfw8c7R3j6baoPygPYO702zGTYQGoAd7WjZt8IE9tV8EvNQyeAOnxxhM_VVE7zuPe2Rd4XKdf5EE-_1YUvjLwkeElrCJosygMzVKu5PkuVCpsJJSqpvsQvfOQYBQW2HO5j0N26p6rX8N7FIkTtF7tlVI2bzVwXJQ2tCUwPhrI1_eEhSSyqEND9ZqAaeeQ6HObHQwR2yn11cXy32X2yBAr26MuM9U-0GwoKHKyA3nG2oTE9SC53y5zuMpuAfEA072CTa7fwaJ8Q9Mxz5aj59h4L8Ojm8opwSUlmIkVpZEypaxEvSPfDQeKGhCRcVqSfAzEBnbFHyDtks9YIUpkebNS6tVachTUhkAALNr73DFSS40yOF5GejMVJbVg_b4ICv-ttcdoXxQHDOV85mvQ9am7IE0WUv0E0Nfmc5NJ8aOpxGoC1RyiioJszuONP35amhJwkzK5iyGkLfRRJVaF-qDca8H02gcyBryqW5hQYdyEvx_8VrSyT8BeONUAbToCjZFN1Aor0zreYCnm_MIUJl58TY_PEYsKcJ623hrth6D-4hjlET9i1NZFaFpkbp4GZzZtFmKopXpM3bnxtswmXw39ybyc0y_0SRKQVs1Q0s7Q4G8xJnQR0qyUUVL6jXJwVzIJGL7Vu5KfaDT_uffxQFRFgml1TEEb75I-v3eDDMDM2uX834BXXs4mvPWfuubY2F-SlBknSXhZ7dlYb4CQCuVURk7m9nhrcFc38OEeN748R8VyF27hBcAE70KsV_gjh4UeanXzWyWvM4nvwV9BHAkSXpJW0XR5oJ_RsBPnXrfEdShc1KkZm5tUxnS54E_KdGW8XftZepfh52PpYlDsUbIN-Dvn9fFk-Oqa-2YDvN1itRjWDcJfsdxxFlbrmKaEEdjDY6rJMqA33cbZ45nGgzC5M4MnkTSji9X4i0QEpicth0hGL1vtIRiI5_My3A2lLEP1Prs4-mxdRb25BODcN6wXFAwO48Gn8X7SE2eL5pSvw3mMdoumvRsA5NCHq77LmYyoT3GmnxZrbpNeZoCWalx_gV6oKYf0KSr_ylMjAiBJasAthXRzC6IcR2VNtwfBg5pwK1ju0hgTJvwOCJI13XdRIC3QysQ3QpM4CgLTsG_-2OIVKoIy8L4XVCpTht9kfs0bng82GIt0UfmOchmfD7Q2UDgb3Xz6lfCxeccIOAbJdPAqJ-FBtar-GI-QWDOcpm12zmr5fliGXl-WX8Gcg1ShC3GIsi2Uxc2X6Do5F24lOT7SXekhw0nGw&cid=CAASEuRoVszAty7NsC6ufD0r4RXqJg&rfl=1%2Chttps%253A%252F%252Fby-them.com%252F%240

Requested by

Host: by-them.com
URL: https://by-them.com/430811?utm_medium=email&utm_source=mag_W000000003_thu&utm_campaign=mag_9999_0930&trflg=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c93c03a4b23de0d347e24e770249c1312a06db1592516d5f103e207377c37a13

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Oct 2021 09:23:59 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8848
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 99DE 42 B
107 B 44ms
38ms Image
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-BYup0IvgTsTaeVON6Ny_QTxJJqAaS-l-hwqS7KK9GjjDKWtxzIKmVtEDXy8HoFhrAvLxOZFSPYjUFsqUOYwQ3DT8e0vTuBHAMhZOEPvNfcg7eUFVQ

Requested by

Host: 3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com
URL: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Oct 2021 09:23:59 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 adj Show response
bid.g.doubleclick.net/xbbe/creative/ Frame 99DE 56 KB
18 KB 41ms
35ms Script
text/javascript 66.102.1.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://bid.g.doubleclick.net/xbbe/creative/adj?p=APEucNVLdPOzFTTB6sf8aEPJc2gliaLWUtovRx_Xp6s19gT5I6bmbcU&d=CnkAoCZ_4BGjuPnG8mPgdmOyJmIgnNkLqnFhDZW4VUdYngxPFq3ZCQFHgI7MTgcs-JgDWk1_Am-suH8EpgQYOcWWNZXEZORzfbgrr90MOt3SkwjJYet5sbIcGNs4mJId9Qbdgq_kB9CjZn6zbfZru-UfY3E-ag3LCEEdEqkRAKAmf-ASH0c6JSPVtZXdfKhABYtMt0rIv0H7dAdFcleCHPcMseX3YT-P8j3FSqFdBIdrmSZDtYQSv3rnAYHh2HwtUYcIFrRRR83ygZbuBOA8ttVoB7Df3_O12PcREJtZVZY1taWkwCI-xnRA6MeFJOEGkl32_TYjxNoagXVV8ue7Fuck3KcVuVy4eM3WAnqmZi1SHUwIJM9ZxF5db4hGUfp8T2u9im-UyMnKEmiGJAyOzC7c1JS55lxyS-pXr3-t8ywoAZGUVvzeaev-TqC0WjxozIm4tkrthGQmTLp9yVhjsrnCTU59QPu6Pos0VN01vZKAX4tAuKoHd6Cidza5Aq5-iYbO9-eoqUwgrg7TjAmFH45t3Z2osE9LQ1PcLOe77SgELFIe4Ri2HUk647d2Ccp7tNE-tCDhHaC-fs4yNgnnbpCZDC_rQIQ8TOveAVSZgj2Gsj94MjhtkcKHiFM2h8VVYzpq9LS3U4njFtvtewgjBfpc_2ug_fM_Pihk0m42RsM5d-WlgKfkWHR_eqLR0Gpd-4iOjILFSdPEtc7bUO2DP3Wrzj2ifwWhoT_F3vQggWmal3XddMML1hWlhY6yG9WTN9auAhAucONiKsaIST7-6jzqmV7mdK7RuzkD4HqHjHUE0yx-5z-Wi6oeImDafSUFbRCctY7jR1Jq4nqEUBHM_lAxurO6S941abhKepJiUel8kVhPLzBChlOGqMAGVmnWcRr-DTCLUuEfzq6Wb6UQZpXvPWJ6L-5lNyfqZ5r3791uzWcSNiOaRVjywYdtEM3WcPz3IoGFlk51zNvET0A3F6B9_fejQ59EL9XffGOG4uObAJVBerJb3QuXzyBIqQmFw2AIUf8h1y_yskzp9pXawF5ZkMWDPtSjfQr_uzlYYc5z7Ozmb5T5nDbtB_6JY0syxcyx6adDTWuc_Yr8jQcJclYDBidG4-_L83Yiq1lxaraetxs0pF4LVKNufOR14a95LDzVpD5WRMK7_fEXQTRuzkorvvpPUeU5tgG6Gz0tF5cYmA6G7494NabQ2us2xQgEbMw5_iFDU7cRefp2H6FVUpkLk7ZyZrxFtELMrnoTruvG_9uHgQX_y6r7HGnH6wzEvgTW1It_d99mDjOki3NAAs70LsLlQwMe4enNmUkQl6_dpHI-pL6m4vPRL8NpJWq5sc2qnBi_eeS6BMLRU72j5Q-BP9YkDqlcboIBRYQH3ctTiyOSf_VVaGXKR1_ecosULbTAknvTJuNFodjrphO9n6KJ95kFytIdSt6vq9e8W-BGKRXh_S1QloyxTCnQPsI7JfsVyx6b_8gjf22ICzpOUJ2U8lP4VUrlvQ-7wRW6PdKt8Hu2vXhD9EUuoKUF0iMoHCmLPuLxZEokzrzXAxzMXowyxzT0j4OuKDzas_UZlPZdYCPa_x8XYays-CtCYb1rKMo_t6MjEMZVhEdf8PYTkvhGQH_WyUR6wczlcTcdVW5t2EXE5yTpsYkiqC6PZ871ymvyiAcNXevdZbndD6-qcQ1GWUHV58gALeLjL435fU24wzAqJtOt3jItr_RAbFH-Fwlvd7OYYTgK5oYoZXLDNdcQqepIigQLFBjVYCSngYLZn2s3UvtkcnJHV_FFZ-_ekzvZTe4EnDuTW2RedVir5T-unxI2gCI5txzZcEnr0cGEBi3ZAqJWoWV2xuUrhEdneefOAUYjadYt7xkG0KWQM8WcwhR83829zMLHTTFigeiGKkb5uXJfAoudxHj-1eo5q05FiqWLsRsgKDudT8aa79QRz4fwT331dDA-FZ6j3yg52OTnlIypJLf7mBZMdfGKwesFMRmIJiW7pONQNsOJMMYlgNW9QNvWakWx1rkvzRMSfh1RSn-1BSqj_s7qLBb2GbvE2jlJlbn-D-TMiFMI413HTI5IDHL4yeGY_a-YGGfHmd2OWhHtmZYTxCDduNAa7y-NDMuXM5a8NaoGjQfy5tyyMkiswF0AKLxSgp59A2UQatjY2OkgaGpOCPueOtBqJ0go5vWkLhUMpTGtO3kbvteCOuRyGv9J1bk4nwrHD7qnjl5wB-1HGgOm8_C3Nb5cKxaJTGiCOjXhdlsg2crZu7OuI3jCGYaRFflQkhnCXsDg5eNxhD2cvrOHoo7koY1WOf7ICKE1LpSUgirdjTgdWPBvA-h00vMOYNsRJinaicvWwb2UPxF7ZAuD8sb4SnUC4KreZCSbUX-q9vkqchm9RQ0Em-SaVukF4h5Fh6OuRS2mvHGlpatjQHYFNYv1LJI7YT5Su11BgkpwCGszWQmxI1sfAgq9Ns12xRCkmu22Wv-k9fRrzE6LUUG_3Do_8XssoE_n1Ahdnkq5O8eZ36lg-6UL2S25raKfJFjfF7TdIM2ZQvKxl6gbK5KcbuRurSL1PQHVwoMcAySxSXx7uetLDVqMxN1_pPX-Atgr-xNs8ZDM6CPHQ2mDqLHCFxFIFzQ5jCp7wtXStJABAsPVxnqx-d6f5wFcqyoIjL6L8nlJV-7ruVuEoFCjp45Cc2jgjEk5T1lSp2yW0CFWAtc4DrxDXr2RIazVAxCH_i0mMiEbSmD4omSY2RaVn5GJ_wS7-kFZZ6GHuj70-JeroFp3wMpi0ZsbztFqv_1jIXuLmFU3fOLyi5sWJN9d2pfBaQzX3eNiktdbGDP2HfAhiPh4DZgKI5dhtv1MOdONplLqgfQz9UxGhAGV8mvrWKjdq-AUhHaXAW_SqkqQSZm7Q-opPR6crAH_9LUaFwVeU_F14Aq5SZP9W0q6N2_vJ5Y43ZeIsWzi7PBxwvHGgeB5QhpqDj9j6mbe05QYByIV7nvjvh3XSSVJhgPZPf8K3bjO75TUXd1EYOTJx54o8qF7E2H74NgiFusHG0Z20mrskBhr8_Cnx5g3jqUlDzW11NtYJuKgXErpFx_yY1ljvEEDSucDA4wh2dzPGVO_F5iQYrlo3McgB8j1LiZItG5fGhYIABIS5GhWzMC3Ls2wLq58PSvhFeomYAE

Requested by

Host: 3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com
URL: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

66.102.1.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

dee2f85c945d385020dbe9f53eed255c7ff8dfa77ab3776d431b44752a6c34e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Oct 2021 09:23:59 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18814
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ca Show response
choices.truste.com/ Frame 99DE 27 KB
10 KB 18ms
11ms Script
text/javascript 13.32.121.66
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://choices.truste.com/ca?pid=digitas01&aid=hpeus01&js=pmw0&cid=2&c=digitas01cont2&w=300&h=250
Requested by: Host: 3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com
URL: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.121.66 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-121-66.fra60.r.cloudfront.net
Software: nginx /
Resource Hash: 8fa8636d235648561126bb2c6af94db8baae7be336ebe5aa1467382b560fac34

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Oct 2021 09:04:28 GMT
content-encoding: gzip
server: nginx
age: 1171
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript;charset=UTF-8
via: 1.1 6b17c6258978715ba0681e1d5589502c.cloudfront.net (CloudFront)
cache-control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
x-amz-cf-pop: FRA60-P1
x-amz-cf-id: r9gzs4ezHznykfe4GDU5qD51egkuLekhXQIP5w2-IAhQICF93BO6sQ==
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211011/r20110914/client/ Frame 99DE 3 KB
1 KB 12ms
5ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211011/r20110914/client/window_focus_fy2019.js

Requested by

Host: 3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com
URL: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0bb775e23934c5478dab7517dbf8a614834c96e926c4498b734399eb8a2e640d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 09:23:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 50
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1426
x-xss-protection: 0
server: cafe
etag: 18061233391346882222
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 28 Oct 2021 09:23:09 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 99DE 123 KB
37 KB 24ms
17ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com
URL: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

393cf048c5b518e266aa392aa2540de2a0d5538f0bae4f44b1b6a89f095a85f7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 09:23:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37935
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1633952256361887"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 14 Oct 2021 09:23:59 GMT

GET
H2 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211011/r20110914/client/ Frame 99DE 14 KB
6 KB 10ms
4ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211011/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com
URL: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f4726d988effd5253298f2a2738ca92d780d4105af0ce67eb7e7d1c748fb6909

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 09:22:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 87
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6281
x-xss-protection: 0
server: cafe
etag: 18349783599053866072
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 28 Oct 2021 09:22:32 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame 99DE 0
0 20ms
13ms Image
text/html 2a00:1450:4001:812::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaRFS44nGCe_1KNEICmkhk_wucPcIBwnwvBUQDEYutkTPrGfmU-WD1wZBlOk3Xf0fYziCgiJIDEAn8lKNKrWjZGRVagoWA
Requested by: Host: 3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com
URL: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:812::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 6763 499 B
381 B 22ms
15ms Document
text/html 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARiR7OioATAB&v=APEucNUNMUdO53PAU-Zb6dZXokPpHFVWbSYA9pAExd6WT9FKD06ck4Vj_xL0sRcNB0vooWYnZ3vNePP-dKLhldzZHhXeoysLdnl5_VA6CCbPrbfdSuybHQVXV7gpjw6IGLywhUFl2LSY5d63nF6IS4LUAM6Ruj4os-XXcWZ7P-FxnkujtFThKaM

Requested by

Host: 3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com
URL: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

583eda12fed77c078f7391866e53eedd80aec5b9b178a3537a3c4c3b09575485

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /xbbe/pixel?d=CPvjgQEQ_aOOARiR7OioATAB&v=APEucNUNMUdO53PAU-Zb6dZXokPpHFVWbSYA9pAExd6WT9FKD06ck4Vj_xL0sRcNB0vooWYnZ3vNePP-dKLhldzZHhXeoysLdnl5_VA6CCbPrbfdSuybHQVXV7gpjw6IGLywhUFl2LSY5d63nF6IS4LUAM6Ruj4os-XXcWZ7P-FxnkujtFThKaM
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
cookie: IDE=AHWqTUlopxitySf2MkNATtgMj4sCbW4PdSTqR7wFButfVKU5IY96dTnuVrJvps2xJUk
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Thu, 14 Oct 2021 09:23:59 GMT
server: cafe
cache-control: private
content-length: 313
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame B1EF 77 KB
29 KB 49ms
44ms Script
text/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CcOodgqs7shYBJlqUTVBeLjxey_4OSoONVd6djRhaPkMkkUnAWaU7f8OzFFXJpIAtbApC3gF-d8x2FxyQRcGpOQhmLFE7xohC_YJbsUbYiRFFIWz4NLB6VPlrRopFhEDA3BYjUccBuW2UgqUR8LEz-n-drVA&dbm_d=AKAmf-AOBVFKsRgOogRmZvC9dDxE7yW5JX1OeWpj2muqZ0BNKcKf9qrnckUvCqDwI7jH9bQlnNQypU9GUS_MOl14Kj5UA6bK_0oASp2VFfri2t2I9RnCVh7xycloebkpCXGkoE5BpEYTmbKO_zrSruEnRHTwt1ViKnp3O35RVMFdYzAZQaCCBOXO_7rcfDDkU7X1hCwda4-LZxJ9crZceP-9Mkdqfp5pvSwq3VjxBU_miAQaa-abv5EYHH1-EftZhMY2wyfYubrtzN1R0wq4-0Pbqg-KXhEZzeP9N5DxoUFFJaKUVSS-6BSt26SXVBZqL2QdlEDjLagi3h7WXEi62DHu7NoZtROUpMhujW9Dxugnh2Q9Ikv2EWubiCwwV7uJKGpb9oRYLa_HLmT7gHWYdl2jZf4tvj5QkKSYYSiwmCC3ede4r4auLE4AaefmpVQR_30FFnjw9mY7-c6SdHWsjgsnXDr9hf7QkF4gc5FZVchUfdSMJZIXjEgwPLxcqvJD5kbuGFTaQy6ar11fVMBTBzJmzYNzYBs4fpUhcTTVD8Gu6GO-dSr-7R0GAAiuUB9Sb95sCx2RfVtteUeHs34Z5cEkBQrGDBBG6KSVWRzDg-OrgU-ywBlxAWLuSqiXtQmpKrVmMgfrc-tq0lDbNwHgLymbJcc6AV_UKla29I1MwnHvDf42d-PDEegKyPZ-pWsWdbr1Te_5IFmEUbUlL5jdcnRt6sIX-mjPxvz82ZHznuoNSE1CMOUalYZ6Vl3NtyIfFaQyk5rUEEyuM5yvtmIqDWmcml-ez6GKI7o4OcZLRlcI9duLJ-MaX4r05yzaYxJPupuIuxl8hv96ae1bQsmZya394IxEFFCkyRZqRIxfYb6UiqjY_fvX2U7pvPRgb0SgOrOpKPmpqqESYr5RkOkN3eL_OYTfAl3A9kVy0uHsrhia1vqKz6zWTZZ2ZR9hRpKrLTASN_yKI-Rcfs7Mw6dtojlozlDP4rHlhnLxCO1QJDTTmmYE6KpWAOgVikW3eCM9gBlFmWwNW6yVSKKIoWDf2iZ5bcWCHNNZTMrgTi6HbBBS2wGhxypAz2MIrm6jUVNLSXb0sqepmMuCrkAJO7fyCJgVNXVMneltiuYnDHiZa4yqSGpqqp914ZJCrRKZz8VWs1btoOXmaDiKuX3XlvTSMfTW8w4gp2VgMr9VB0Uc_sgKebGVMw9zm38ivoyJTl3YEC4dyYeZDq-HvbmAaqm1FvOAdqCJlVq9oXiA8hjaT6QIPqmK60vElviyeO2q9YtHMNNrX4C5NzWyIYG9Q2qVY52sZIrojIwsGO7FsYGCc8Cem7-PVOOWWVwYq7h22KmN4-q3Lhp81F-ekCTG-zY9WcIQE17_Wh01dQwTSTR69O6xkgvAxUBlVvHTFi5qwOSy3ta4DXggcfGtjXJiA_NMMBl21eO17bp88Dj-iE2tLOvWyCsWAZFLmnsVa94YIL7C8lMdEw3JkXqgEDIB4SY8rZcPX-Cdh68CQNj3Sr2rPs5pNbrLT4zniZx3GyfK693ojPFwpSt3jdZEmE-QMckWQ6zctYfUSkwgsgnDXmC2DdzHFf1N7tDnKBW61duPyAZYRvR23YlXoxxrTJGurKa5p4DkaP-htuNXJeqUd_NY60X6NBQ3yHMUGFip-mWLcz8e_Vm05cCqraV4i6s7MHvFCgsrbZ9d3A4bZ7CJ3-VD2kCHXtMWACTESvW_X5L9AI2WyxUP8-OCRrYtMsYbQlZ92JNSRGwaO5utjn9YeTIT1N8qqF2tLKiTvd8NIdYVHa2BKgZDHDIB89sO8YruQwgKmnnS6Yy3mqhmLoPQX0isD8VkZblNmAiBPkBXdQornrFj3-nvGefOvyIBeYKYk3THt3XSTa9A7ng3VeNkr9UX1PWULCZ0ZHb235kolIyLQ_Ly4ppm91Q6Db7QChrrt7QffNfohHVWoPXpvE42DJkkyy2564jVLb72lh-tQVaqhhGGP3r-JI2Jvsd-qEC6Nf2uYb9XbBuI2ZoiWHVEnAmQHAEp47Dr0hVfL3xBcOpM6xEOXN9Oyxp6D4PPBz1sSb4EcLEb6X_-xafA1WqLWtvMwmfIfyW5dVqEIYrSox2JOowCVBNpR9QAnP0bNZqd7ehp-4HxXSkNyRuaUhgDtp85n33gLze9-kSco5299kJsA4wp3wZ3i5uW8iiPu61Zfj9AA6lbcfhlfxbXzauS6EvvrB6J2KzgAIlhdb3QA2eakfX50jKLQ2cbOBbOED334PIA-mRElAqcCxh4yG1R-bH5pQFs3LPWPYsfKTGSUyUAY2u2vF4UR_Bp7jqkmIa6dbsGJ6RV3BGBrW2Uc3nrMPkHM6fnC_MG09gDTIpeuOppw5f-Poxt0G3czaEWRefciD8mo25RwlH5zNotpVgN5HrbfUlUjJzA_ezZXdCrHd9OEKnSvKde1R0pUP_DZJPVGeGu_aWCjqd7Dntu2ML4jytK2S0WU4mkQK-65SfE9wd-22WA6EOecUGC0yKUkAmpku2JYqKMEV3UzEGshJZVIAcleTEddwljbF_ZpMRNTwvcanNzNPzf_ZyVjkbNBmfN3scmQG-9F55KuqpjUD4z0r4cg7c9zEQcLSAcKfmgrj5PKm8FgTWoOZIVUv7TwnT0zei-kdl9fODdB-2Y5sSwIO4BwWyVEP-cJnaAKnSWa6V_sIaz4Smctn-vGbsi0MxHnvaUCSume4BS7tmEbv-lVOSrVHFn1FnJBluszJ3DspX-yr0XSUvP-vzSHC_16D28FSWK3FrF5a-I6sHT7efNyebvGCBuiQkRj44p_3vUIPlmjmPQQEoERIdHF3BJ3yaBvTuCTLMt3FMRQtIlNztsui9NBOxPTBBGz0cZQzOU9YPaVQRoNr1yFtf2xXBdCSd4_jkAxRGx1HU9PyAVEyPe62zdDXn1HK0VAldpNwIkOmqwk6sFnIogyZSQK_uUYJPDi36SMAtGXC46ulq5Vp04l68kKS3TewWJE0s6UEU3FBekZUiBB6ih3DmFoy8K&cid=CAASEuRoOUEk3maXDPaIZYMvOGZdZg&rfl=1%2Chttps%253A%252F%252Fby-them.com%252F%240

Requested by

Host: by-them.com
URL: https://by-them.com/430811?utm_medium=email&utm_source=mag_W000000003_thu&utm_campaign=mag_9999_0930&trflg=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d536ce14f7c12c68ddd4df472a56a7c1b26da61c2cbe84db2e0f6155ebf1aefb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Oct 2021 09:23:59 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29857
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame B1EF 42 B
107 B 43ms
29ms Image
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-A3ji3HCahIF6S_KIhPoBQy18AnpXYmB94q6K54NH5J0gJy8jNX_sSqCcUTmNP3FhVTz4aRCef3BnjaF82pLKdhc-keeLbgDqFQzvc0zyz_3xfGmYI

Requested by

Host: 3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com
URL: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Oct 2021 09:23:59 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211011/r20110914/client/ Frame B1EF 3 KB
1 KB 11ms
0ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211011/r20110914/client/window_focus_fy2019.js

Requested by

Host: 3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com
URL: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0bb775e23934c5478dab7517dbf8a614834c96e926c4498b734399eb8a2e640d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 09:23:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 50
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1426
x-xss-protection: 0
server: cafe
etag: 18061233391346882222
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 28 Oct 2021 09:23:09 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame B1EF 123 KB
37 KB 26ms
13ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com
URL: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

393cf048c5b518e266aa392aa2540de2a0d5538f0bae4f44b1b6a89f095a85f7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 09:23:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37935
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1633952256361887"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 14 Oct 2021 09:23:59 GMT

GET
H2 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211011/r20110914/client/ Frame B1EF 14 KB
6 KB 10ms
0ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211011/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com
URL: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f4726d988effd5253298f2a2738ca92d780d4105af0ce67eb7e7d1c748fb6909

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 09:22:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 87
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6281
x-xss-protection: 0
server: cafe
etag: 18349783599053866072
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 28 Oct 2021 09:22:32 GMT

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame B92A 363 B
273 B 29ms
20ms Document
text/html 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CPnoIxCA2vS7AhiEkpG1ATAB&v=APEucNW2omP4Zo5dQJhBVVX7Zm713AqSqtMnz9c1ab6g5J6Y709ZNM245JewgOJEU_NAlDvcJpuDtGEzdRpISY8R9ETth8HRA31Ww1ww_Tru_VAagfLhiNjRRunsf5blFHNacND5sx65LvheCfHavJd9gV-Cwl0u3cP7fEi3EjAxGzFXafP-YKw

Requested by

Host: 3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com
URL: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6edfad1d5d6275fc7ade68ffb1f07d480fdbb39579fa359bc9c7ea1d4649fce9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /xbbe/pixel?d=CPnoIxCA2vS7AhiEkpG1ATAB&v=APEucNW2omP4Zo5dQJhBVVX7Zm713AqSqtMnz9c1ab6g5J6Y709ZNM245JewgOJEU_NAlDvcJpuDtGEzdRpISY8R9ETth8HRA31Ww1ww_Tru_VAagfLhiNjRRunsf5blFHNacND5sx65LvheCfHavJd9gV-Cwl0u3cP7fEi3EjAxGzFXafP-YKw
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
cookie: IDE=AHWqTUlopxitySf2MkNATtgMj4sCbW4PdSTqR7wFButfVKU5IY96dTnuVrJvps2xJUk
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Thu, 14 Oct 2021 09:23:59 GMT
server: cafe
cache-control: private
content-length: 206
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame CAB7 11 KB
9 KB 48ms
32ms Script
text/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BvCQ7YxJ5uzcTmeCXIELtwCIAcr_xRIz32xZPZD2f8vpcfrH070LsoxjBjXRAWuptcjUE9Ar4wu_AA1GD0-r6qnlsBrhuP6D9j9UfIaPXKHEZJgpYgb_oR1DBG7bDGDLxjGL70pkguIfD0X0OmqObYsfZsDA&dbm_d=AKAmf-BfBblkHwlEmuNizljZSQmksQfTCXiKUgh0OgzafYDBRQi5lbNcb4YNWggjxWgtlam5F6N00y1CHjf3VsyHC50BQrqgDzdpAANg1TpcRBOvN-BK7S87I1jTKN1_Gx3nkfAeG6dcLUYuK2phziXmwDB023KBpV8nraTQ2Rqra1gGOHTC_xsMmh-Oq3zo-0Mejr3PgBvV1qEbfd_px6AmFNcxyRAQFQdULwtvOLFyglxvPt1hU9hgEC_hjPyBchtyV6_NHdzsJYdErGWFq_3kzCJWBA8qfyOmJPKzFDS7frSQvjE8ckOf2ZyVZcgprYEWShn4WOmGG3AR2VtrbY3L4SldX6T4atQlElf3uLicMGAMdQt8eiDG0pKmuVHtXFgBwtKwinChso3KfLvMEHU9685fmnfZ1kgH4q00tFx7BPKHG-65WCxxseLBHuFhGNO6_w44ZEEmn8aDS4MIk4f3C8nCqMQwodKcRWbbTcFBJv79K7btN8176bxPv2EE8SH_j6Ehkuerom1ef6Nc-6-y0y2GE0LTUNDsy0hKtYo8IXIUCq3Sfyg7ojaq_Rd77iqRS4hAX_Trvcgz6-8AGQvzVxd7GrXA71_4qQwy4jXwmiJCJmXhUzD9desFhwDeobtbHXR_QU5g-IR7VDXf1ELhty0tTfyis9ps4Bc6TgOTTBy0VFIiB0GE7NPcowh9hE81SDDts7RFokj_P6hOeHLD33KO2AjnSxJMEon5E4nIQD7IvKy1F5wXbgsiQREPE8l68lJqB5zENLBqdmFZpryQclZ3a9tY680ZL57pPa4k7DDPGepF4RV5ENbXHpuzOK_uy4Xy0Oej_MRovnY_dZDMpGTL5wOiaf7kkx7y0O0pN1odS3EudnqcT4GXaIz3-h1JL7ockGzytREnqkpKfQi336mD1YMNF3hXh5CYbdzskiauhvXJqkEzfpTqidOp7ac48AZ0sbWgKG-livHnKQLrZDpNdRhhngvPEZJx2sfpuVSWzmMXQ4Og8ZCFpmQWCTkJ28KWrpEmoftZYpyFoM6o08LFD3lmoDr7PA1Cb2t9bBVlNhmLNR5ZsD8goNmQ7uJ6O67sEroHrwovsb0xLmr32xoA2IjZXA2426JdyGM7QbDdiK4ti1cbbsnSDHzE180yEwdX5tjIT3uEZ91nwvAZKlFVJ7nYdi01djSeMaTbmK-27JtiD2EdGeQfa1NCjk-mTTUlePfRbzN7Vx9Bv3AiC29zfxEaipN3AeobuVCV6CqzzFThYgZEnffUkIbWSIOO2JmgaRnQgf8n0zyG4jK06Nhrvo2A46efe7V97TxP187sGC77mSr95lBGBxh9txlFlkmU0lAl4hRM9ZHMjgykDqogi0cCqcAdnCt8vmX6HtLiY9cLbaxCzUaAjwQ4vAXnKplWJa5A740eR7OhPci7JB1PTEC9LPugNc3M8wmd5SkYjn5KiBdlvXyDu3wjxmvvj-AQzlWvTOrSgSHBU-U9Yxc2cKtdp1RvcYfozfxwsNgtZEAwFkhoIWPlVTsvYvKJh89nji42PL3Arf-w59G-5nA9yoMonuatnOhI6hZIQB4mJ-XsgtKwNB1RVSlE4cP4YQDHelDQ0T2DQa09YWnhCH4Ed-V83SWBvYzwnqfn6l472VZJyZNADeI1ItRx7JyqI24L_JgNJhhaWFIJ8SlynQ5Q9dVPWcdnR34AsG_H_j5LOd6Ybe5zy_Dq4_fj7D3qs2lxUroUI0EXMitvISXoV5E2PlxrqXYfOWmvNG0Lsek3-uJdXYGZ0vjjcvLYazuGxKVjacXEx7zr2ELBT17V-LKLnO5GWUUFEjQk9C1rb5U2Meg2rWBvjCgpeEh15lggmR4yEh1-HNYabsnI7mTR5l8QWO3FsqbeSldiuLil9hcwj18Zg46hrVW8r64RcAU9knxU9SQADACVbYWDJhVn_quCG4l4y9WTa30v5-5SIoszj0WfEudTQC0wGjO2JZKAP3i_yIKvnsfC8B-oAmB4AGV7WGHr81H1JhD46x-T1AtFl6licnllJZZB4FzEBBwct2c1b6VqdMVFQvMGORqNgTY5CVg-BGjFMonvdHj1zcQm6tNV2XKpLdbgJJUYJGHtJIJ4bLG-4JHo-b4-fqO840TMsMTwrhiKd-DmiJjSM_B-ep6jv1IXClv47WoaneGmdoVOY5F2IGEKN05nGG94e-_Biu92dURn99XhSAYZGi9idd8GcXUAZAYGWw3vc3tQGvk1Q19XE2kT1bVHGqhIQJ59fB8XZtmH5ZyyGBIqgOwvGYQApOOx5gQEyiajT7HNmt7JaWrTFLDGHRxctTtmh1S5gMihuY6EnUCig580PAp-vMKV3GKGHtZghhzT2lBCFxLfAentoWHbfM2dCNp_aY9sbhnAM_Yp3H9dEz7gd4mfKO_3_wT4kaWWCfsClIOFxNBL0uTAFSVX5OqHZOx-PGz_BOIhRJ1EUHKMxt_XwpQbIhpZtbG0qvWPxNGb3xuDJaoyYLSp60dZz8G9nmQFvhuaj3jTBIiCxc0EACoHW4Y3oqxrrWSuTe1ApWGDfCKSIJGab-NG0D7sVIVAQg09Pziu8-VvR8ZP5vFRMv1QHfjnT-Xlgmzgi8gyhygZnrXK44rKBSLS67-KAAR9vCLGab1KvhMHDWueVl4VpyGBT3zksCvjk2I&cid=CAASEuRoQMcnuG1cuTYwX5LLe30v-g&rfl=1%2Chttps%253A%252F%252Fby-them.com%252F%240

Requested by

Host: by-them.com
URL: https://by-them.com/430811?utm_medium=email&utm_source=mag_W000000003_thu&utm_campaign=mag_9999_0930&trflg=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c01f76e187c38e310eb04c7f4ece35f2d3561be4e92370411429211024b870e1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Oct 2021 09:23:59 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8729
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame CAB7 42 B
107 B 54ms
35ms Image
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-Bk_KPUBwvhvZvkptt0U_TOpBNMoPY-WzY9TJSX383Z1S52_KvuTCmL2MySKud0WLs4fkoX2o1i6YQR0MTJaDCiYzjncAd1nw3RdBcbOLVvUurwai4

Requested by

Host: 3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com
URL: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Oct 2021 09:23:59 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 adj Show response
bid.g.doubleclick.net/xbbe/creative/ Frame CAB7 56 KB
19 KB 52ms
40ms Script
text/javascript 66.102.1.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://bid.g.doubleclick.net/xbbe/creative/adj?p=APEucNVLdPOzFTTB6sf8aEPJc2gliaLWUtovRx_Xp6s19gT5I6bmbcU&d=CnkAoCZ_4JXeUo47NFPl2mxpcVJ0KdpzhJmy8n2yJGDCJrPEBkS0tvj39QCIC9pnLpGdpHf8tRhJtw-LUMeMSg-JvggnKlct0RVZaxLcfwHbzKXzFkDZjgwrrKrjv2-_umkfUK5kyVnMy5nZjslg7sesLjOpZrref19cEvkRAKAmf-A6cerZKR_5mZ5sVcKza2SrQzvPtqv6oMCtAIZLS7NeZ_S6LhCWm84LnFb4EQSLdrEH7ER2pVDkP74g76_hQQ2rBByHTX5dlgImpE2wdOCCG048C_i-KMYvc9pNqEz6hdvnZDPSnFomZl2V8D_69ze4ZSWvkFSqw38bkdhz81BmtbEvMA_yml9Z8xjND6LcIe70Hsg06Q7LeN43jVBUXG23SmGQWOYAYRU9gmw91ctt3gLtVycq7zC7gsvAnVPBC8I9-5Ev0965CTCq1FjYBZE4Q6o50XDnXyjnbnu2s0F9lXiBsinMKRFR5goKEQImWp6i9K8Srfo8g8hlo5MdWYw9nCBT8HsFuIX7V1_DVj_B6wlsNhrI01h4ZSlG6E9xvqEa0yb9OYbHUzrffC4793S72jvsi_yMuRYN445xiWgAvu4sMbBuI06hN2lbNHWMzawPD21I4XuQ9cCZTRzroi-UvoRh1leJyoTpNL3Kx22cg3ro5vBN5gSJaRolOQo3oMDXeUpeFen2BSVvZY8HPP5c00F_bkEk2Y3gYInYEH9j_u3bvyNAm5IA3Mi_sMwlh3xxVplMzH1c462MQV4HYnNLRetVeA7hLxRDHERdO_ayzcucuQ07U4QkLZc1GdaNmts6442XQn_EtRdaRkPrkkHkGAEmK_K2HEI_KePUBBgWgjsdNkLw9vrPom4OTo8toTuHWdV0uztDsCLvO8_uIStj7oYYTxUmJ5sJch2xEDxF8bzBVxTgBhgTZzaA05etnLYVPnacgPDStYXJoXt2gOiKxmhv6DVzEjTKgqNf8-cub3UnWXk1bwQi3N7Hnyy58t9iYsKrKEQaKLyEEaOL4E7dWIVJPPrk-DtV-9T4kqCv20iX2zExQRzKnG0h7XIvp_OCP0maUWJcccCMeyHJa6NBCHN2wD63j034ODYAJ__TlI3NRHcxXOOTeTEM4TIHsGaDHKXFWPXOlEsVCWH4Kr3RKVqqP7jsV1h6ZwlkJ4I4m8PHTgzyJiXR-baTXs-4YeQCL3J-hVgm_GIZ9_M5yfkW6_yD1NfJWRhv7k16D3wlTfh0WqpoOh7ePEUugqpUgMKKVVxbEM5grY0t0xXk9tLYlvZKEPz2naTeMMA9oX1dNoxIiDJm6GXIwCq_yNefDmwJpE9ne-o-AKqWXSYkfp-8IpxS6J-rbrna4V3T342Wca9KF9LlrjruoY2kORzs9AUibfcBhpUF4FKyRLVAnZZzGKtC0XKoR-14gSDI7LSUtWAXU403mYIljJYqJsT4BO8ZPbbtzzFIe4oalupEstNXv0JdmnbRybFcV5Q8BJOY7VfFn4eHWZKrZda81JKrlJuEt1d8PpAE5fCUZeRpThUijNcHgaaMhKGcGQmu5AUK2Al3u5vNPY8itaBcTzmldREN5We9x2oRgYqtkaR_EON2pO9_-7c1fWivJP-T-yTNJVWO9vUQsKY1k1wr_gg7DgpjCIIP7apCOTYkN3yBZ3IbvAfe4I3dUh9YOQUuJkzc6mgM_aFBHmbRecvI8mEQSFTwwH5MsGonl8C-XVuS4Wbyv8B4tcknSxaLVME7Y6MNQWEON43i-RtAITBmwxO_9-5Y7hbozJ-lY6MTkVGVhSkLgboyMXbPNcvA2TLZW5_6egzkSaQVbuuHbV8LC3T5o94UtQ3jUSOB1Sn-6TXFvw8SJ3V_cgneOFI79_6QWb4ajfPAOa4UXPIIPxjAzhGDPNNqWRgTXLtKN3q-WckPE5nwN-EjxAa_j_Ld8Rnj8NAsvvjeQm5NP49wyeSnwqixpgyQ-LREOysfWBi1oe6bIvnZs6Xk2Y2YPDKYjziNAU3aZQHN2lAhuH6CFT9F6_CHcDyu90WPR24-amemh09CF5RCNcMHwZSVSEORp64Vy5IjN823bF6ZzToG6hVxZhnZXCheuyNIcKPP4K2sr1iJv2vEgDyxNLecIr-k1RENhp9HP6FLdVSpgkDyX_okMP_MupKcjMsgmVUEC9E-CFdkb6twtDJGcvRbLdvbvgjDT_KoJKwWEXYVNbkNOH_R1rRUcqW9JzBX1xMa9BOvhlqNPPSUkB4HxOGP3Nc9o8Zvk8FdVpz8iDdPzeH-v7OvmfpqN3Fn99piHXpNhsyp51DlW1gOGBPQXqmy9C0laprC64S5fVzksC767CxnszWsqkPU0CG5ruYuZsEybSHhR_kbaH_cEVSioos3zsJRXUJo4zbSfN-lEuUaiUYedrRqw6vH2ST1xGKJCkhF_k1_zejKAgi-mvtCv3Z8f5OuPGydiHowe1dlAz914gqIfRuXertMxpVNScBbHPcnqWubgBgEhfmSoMQu1bINwRWLZd__4tgobnAFe5vr6QPMsVSN8ZKfEFEZqH_0sOhThYyMYwXnof3jCc2ptySZ5_oMVaXCFgIdKY_GrO4aRFR3-jEdIsCx5DOjXyBrkDv9TJ5U2xf1MFSFJEod4yQVVzXbgrY0vSkzmjU2YlAo3K_JaOGkI-_z1kwBv__oQemOaaA6-GxlbCfwQL8qmj5l8-2eBk4lQoyBLnA4eAGeIgrJ-2wNeP-NU0fqSRqaofaksh_Iu6UDHsYngfCzalgREuZyRR1zrn6K2vpS6zkiS2nytcxqU51bIGr3AX5EEczfx92GPoM2ZKki5LYvAEWa_kLI8LU2GOd9vjnT4wqlZ-zOJKG5EN2fMNw_OwHTFU0YvPdiwR4RxBBJBpRuoTFzV0abrIhOq--cG5c8oVYoQ7co4DUt2fWRYtqFeA1k6at4ZPDYInhpdVTWN_A25iJg6c8ht0ZfgiyBtNsIYNInXTmTtSptOgrVbWv8WtAdQehyyoiVkjXyOgX65CNEUfALI3lPHcK5Cbu8aHA4HLwfp9ig--eAcHsX7OzjIriCPhyoYIe3a4JtqDHmsaY_uIbr7H_bKvtvF0T3CDvxJEx9h_7jW64U0swLLTBAdULUdOg17CUrB_RRrbA2K1fDEeZ1Xx7tXfYGLMjQ47bkVV8vOPoLiGuGbtQVukdlSBjlngBvPku8yjW1n5COI7t2v4TNR7Y08ml_iIFJeSRp0JYaFggAEhLkaEDHJ7htXLk2MF-Sy3t9L_pgAQ

Requested by

Host: 3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com
URL: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

66.102.1.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c1b89b4d36ca06f937ede2a9caf28aa3a578f125c6da06ddc028a1cb092ce2d7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Oct 2021 09:23:59 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18918
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ca Show response
choices.truste.com/ Frame CAB7 27 KB
10 KB 25ms
6ms Script
text/javascript 13.32.121.66
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://choices.truste.com/ca?pid=digitas01&aid=hpeus01&js=pmw0&cid=2&c=digitas01cont2&w=300&h=250
Requested by: Host: 3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com
URL: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.121.66 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-121-66.fra60.r.cloudfront.net
Software: nginx /
Resource Hash: 8fa8636d235648561126bb2c6af94db8baae7be336ebe5aa1467382b560fac34

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Oct 2021 09:04:28 GMT
content-encoding: gzip
server: nginx
age: 1171
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript;charset=UTF-8
via: 1.1 6b17c6258978715ba0681e1d5589502c.cloudfront.net (CloudFront)
cache-control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
x-amz-cf-pop: FRA60-P1
x-amz-cf-id: dpb9QfyqDtqJfKyxWgQuDwbx_kCu6F0ebs1OA4vCIgIRriMBKN0Fqw==
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211011/r20110914/client/ Frame CAB7 3 KB
1 KB 26ms
6ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211011/r20110914/client/window_focus_fy2019.js

Requested by

Host: 3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com
URL: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0bb775e23934c5478dab7517dbf8a614834c96e926c4498b734399eb8a2e640d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 09:23:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 50
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1426
x-xss-protection: 0
server: cafe
etag: 18061233391346882222
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 28 Oct 2021 09:23:09 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame CAB7 123 KB
37 KB 40ms
21ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com
URL: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

393cf048c5b518e266aa392aa2540de2a0d5538f0bae4f44b1b6a89f095a85f7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 09:23:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37935
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1633952256361887"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 14 Oct 2021 09:23:59 GMT

GET
H2 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211011/r20110914/client/ Frame CAB7 14 KB
6 KB 24ms
5ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211011/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com
URL: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f4726d988effd5253298f2a2738ca92d780d4105af0ce67eb7e7d1c748fb6909

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 09:22:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 87
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6281
x-xss-protection: 0
server: cafe
etag: 18349783599053866072
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 28 Oct 2021 09:22:32 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame CAB7 0
0 31ms
12ms Image
text/html 2a00:1450:4001:812::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaRPEltZNx5lUsakDgI5iFqf6OHik1zID-7CdJefbWjEfTgvfVTde9OZWCQywFWz_KNP94-SatNwYfycnbIcdcETd331pA
Requested by: Host: 3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com
URL: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:812::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame D604 363 B
270 B 27ms
22ms Document
text/html 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARiR7OioATAB&v=APEucNVZ-QQ6-fOdzTEKsmfm5R-gj_KUIC1CGWZHr8QuH5gKXtdz72aUchAZgkog2SdtsSyKiCKIz5-vdx6JY-J3LGjgYP3AytAIUNorNIjk5VMZIGHgVURZVjG8TrJ5AbNqp1UbOHAtB65dOg29EeX8qpeTHwV1pIbqWxujYvl7Y5xDisWAVIE

Requested by

Host: 3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com
URL: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6edfad1d5d6275fc7ade68ffb1f07d480fdbb39579fa359bc9c7ea1d4649fce9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /xbbe/pixel?d=CPvjgQEQ_aOOARiR7OioATAB&v=APEucNVZ-QQ6-fOdzTEKsmfm5R-gj_KUIC1CGWZHr8QuH5gKXtdz72aUchAZgkog2SdtsSyKiCKIz5-vdx6JY-J3LGjgYP3AytAIUNorNIjk5VMZIGHgVURZVjG8TrJ5AbNqp1UbOHAtB65dOg29EeX8qpeTHwV1pIbqWxujYvl7Y5xDisWAVIE
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
cookie: IDE=AHWqTUlopxitySf2MkNATtgMj4sCbW4PdSTqR7wFButfVKU5IY96dTnuVrJvps2xJUk
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Thu, 14 Oct 2021 09:23:59 GMT
server: cafe
cache-control: private
content-length: 206
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 773B 77 KB
29 KB 54ms
48ms Script
text/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-ARb09gzUxXE7n2Q8wSwRzHgHwR8HR3o33lv99kzVrjrm9jkZnXY9aqlOthqrEasyBO-NYiiKlHa5RnNStd6a7ncuwPQNBjFHmPGv4Ar7oE6WFqKk1B1Ny4h6pc_JJltgzMLO9sHsUvqzSXL79LwTos-ZjxIw&dbm_d=AKAmf-AkZpEsjy-GVcP-_guXkcXhO7a3DmFCxPdRz1DWGCdaG3CWURuo_RaVRfxgUz5sK4KvLSp7JZ5wIlO7WMLjGxoAI6fm1zoC7XfHdQ-L8gZQ9QUG82bQVoWTWricYNF6TEcbVU9a-IdvIIY7ZND1Qgzs8ssNshaJJMSkNHDtgvzkMQ4byAEHVxN9DFCulemCbRWQolF0Zhz2vprC7iFqbRGGK5qiVaWijCFsmZ3Wi6UPvJBx0QAs_DNwzG37_cM40HgdzZ24pOSQf4sDTysSLh00B9-GvsFevaMp4bYZRhdmz4nR52RvYoXrBHaXTMOoC4B36UCaXNQOYTj8pSZO5zWTgSuMxCxrgj7kR8oe2dP_ynlKvoaSlnYaiSX9ZS1wmoSiq5DmzkR6OMrxa_vDsVJckrKCLL2S4HuAr0b5A4SnhpK4OcDpSepcTubIFT6ckqJxlTphRAQGqza_w3AfKLwx_QyejQqamuDAIlTw80fC2A8x5bwVr5qQmUtFxrLeZtBotk2OMhT_TE8EhW7xed38zA1mpKB_2bS6CFM_LhW1vAMO2ID3rLAGBdWABqkh0clYbFaWE2X2N1GLewdlv9ACFGAclTbTPGc1KVqyzgJ7K8fVsDrCobCBNhhjLGhBy7s-cW3-bNCxZvY4bHyOGTCQyI2Vs_iJIpkbjwxO5Ck8Bddz-WZiD1t3DMukSWTXsDINAa-DbjVTk-HG37lmC3bWWXDQgsnvftVxju05W-myOVlKs7PbjEH-qb8HYullHMC26h06jWME6PNVxnw9CP_vp2sVUvFkJ-MkQK4FmJsfJzCmP7pwiwB9FaliJeMvMugk-2pMaAoWRzHt2ynPVql9tI0KUILVQZ5D3UJWb5HRqclRozEKcB-nEcEmO0FxDfWA7uM2vd9SLkAYuEnoujXh8IW1eDHY9HPlAcj7zW4W-1F0ju3QYkG-V1by9Jt7x0gzjjE2tKrT8MdT19lCSSiZLYw1_tuahEqJiMJC2GTIrI92yQNcZ8sCcxx5xnXzNwvSUrNemqAKlCycWomCe1ZuLwb5snqu6jdIByE7RBAy8dkrT5kJy3mbCvBgEJiaiMyrmoimyEWFvRmYk5qmwzi5Qn0IqPuQYNWhNV6ISFephHwlB5gDouy2oYNUMmJMSuFsH8wzqpNB5MY4eM9hUGCA3lOMYeouoLjouIKOCbhgPIdlNMRq478HvbGNOz9wy4T-nRx0nMmYn_QVVieiSP0BFxEvyHndxlZ80KycZbnyggnEYr3nB4yGHSlv5Iz-5vSOAygvOThZChnGaFrfo1E63HHVFunREnCPZq5S5WwaVR1wW4Bgfbvy0G5VRgVEVPbckQic92z9geNf_zcjOIacVdSFA-6ZXegW9LnzB-8YFvTiL40dpqw8eIln6sw6Q1qZUhcfydP_hCycZROYATvOSQDjojAd9vDjjwtdvimEPrMb-XCwBCGkIVUpLr8NOXAljrW65QOWIABdUn_tcIQs-FM1bS-gmCzXySPeVwGRJR50oQMvVtlZb4t7pGNwJgC6QLw_UpNj0eQULLQu1IcCOUBBK8Xlsgb2v8pi0YZnnNKcw0OZaZSuaZzq6SgRuy-tLYwwf5od7Bc77WVYuKQpL46fjH5Ptwktin5K9C5J3zp7hCAw0YmD8Rr1Kxkl101iylr3_Q2FFNJNVHPfoJXgxQDsyXmqyJzZawyYJFgFWXnYaEY1ipQa_O4Jz3t5coVasCGBIYLGIgxsKg5bKKcp8bsPATl5zoyxoIXdP_NT8UoD61m7dzhCKCxpOHRWtZ-6xCDc51Mxwoo8EnwNy1Qh2EdE-L7NB5JqVpW3BiCh4wGpLiNaecRh63Xgru77mYtGrZXW1BA5lVZdnH9bNu2KEIcjNSAzmzoHEuFpI-n3XeVa-ejHXZxueeEP70vf11DrDfT6KIcwBHN2GpIyg8bQd3h1znolBxXhOOda85dtDmR3qz190xrbWJZ0u0w5tKHBbWM09EmVlbzC8zmWaPfCJuksvB4H_kliiFL_8cqKdN3HiZs9IPKiqowz1ZOYLv3q-exOjIgrYQDwZ7ntquAugF7qVaI-jNatN6j0a_7v9RQEQBscTSdAtxdywiZv1d-sHsleOw9Gsj5mBh50pEi_Bw53ooYe9VW4FKZivju74de1KcYN77EP6gr9pytccnGP70XjZYnXrnFi8mET_uQX4ZiCtv9dczzYaHj-LjX35WZ-s-MMbLA4f-u4zFRRO8gYNW3jOPmFjn-LKMzPIw0trWDojoGcy9U5JaW9hLILsaOXVsvmmLccvRbqV2WOOqLpEPQNss-CdQgZmPMc_0_9QremkP03-pC55bE4Ngvgq3P0akW7eH1IMaDLHqt_Srmz6PZC-0zYLXOCkYDO3vajpHCHHZP5TxqYpVUdibUQhHKLTrt3ngFXoeD4JdpbZDdo7bzN1R4gIGLk-LVYCDocj1kUI9H8oNbYK91U2dfu1lItGF1kB38RfswT90S92ODCfN-l_FsoWF987xOwc_ILMQhO07nk518VMGR9QIB26fwkZUfzfs8oSCrJ3jeBTrQ3EVE7PplkSiPT8UjGuwP2Hd-QOA9wlIMsG1jefbh73JLw8UKz0PfAA5-hAgSmcIs0e9LavpYkC_LrI2py22-h2emDJMWMgfLQi02B56RwRaL47ewwEsMwW53xmo9IQCnLYW4164BgRXDXTS0BL4g9gP7fprlXuq6jBIptVNopWgpIM7JMRUisvTHKWCo6OvJfdLmGvhLumEXP4-vc_imxHEYBEsn4cQgWP2oFeqbwTRVbjdVX-GTqjsI4YhlQIbTjTwyU2l8bbNiUJxNszP1CkjTE62ueaIIs5H3KhQC6K633yURfrM9TCdvfylzpb45mKAu214Kl83HXdcwkCw0jlJpIdx3d8p-R36Gjs7TQF5sVVLZNXay-vu7mqg8D0KXSG1a6CL53l__p4TLBFoXXqHcGkR-ezg83tQp0uPJjgNmjXeuW0S4lqp4sOiA43u62l0LOhUQdKgQSVKeiIMNy4f5uDVzv8CYAjCZoVBAacNKtLVqnnMZCmRUvKBNFj46uo9NU3_yR-eZ5pDUCjaOzSxQLtQ&cid=CAASEuRo8GPYUVjjNZcDritEFj0DZg&rfl=1%2Chttps%253A%252F%252Fby-them.com%252F%240

Requested by

Host: by-them.com
URL: https://by-them.com/430811?utm_medium=email&utm_source=mag_W000000003_thu&utm_campaign=mag_9999_0930&trflg=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

96b614b73937969da63ded199b34b31be8d52696f055135218b49ddbad2bd4cc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Oct 2021 09:23:59 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29719
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 773B 42 B
107 B 45ms
39ms Image
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-Aiw0a99lBz6zJlW3E8Ioegj5skMF0_kHDHNgv4akE3cYp4HLSBtC_fLzBL1itKFF5IQwVKpjDRwdb0Vncb5kEWjQ3EPu9G5i5J5ptEySujiyBQI3o

Requested by

Host: 3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com
URL: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Oct 2021 09:23:59 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211011/r20110914/client/ Frame 773B 3 KB
1 KB 12ms
6ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211011/r20110914/client/window_focus_fy2019.js

Requested by

Host: 3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com
URL: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0bb775e23934c5478dab7517dbf8a614834c96e926c4498b734399eb8a2e640d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 09:23:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 50
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1426
x-xss-protection: 0
server: cafe
etag: 18061233391346882222
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 28 Oct 2021 09:23:09 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 773B 123 KB
37 KB 40ms
34ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com
URL: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

393cf048c5b518e266aa392aa2540de2a0d5538f0bae4f44b1b6a89f095a85f7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 09:23:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37935
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1633952256361887"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 14 Oct 2021 09:23:59 GMT

GET
H2 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211011/r20110914/client/ Frame 773B 14 KB
6 KB 11ms
5ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211011/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com
URL: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f4726d988effd5253298f2a2738ca92d780d4105af0ce67eb7e7d1c748fb6909

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 09:22:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 87
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6281
x-xss-protection: 0
server: cafe
etag: 18349783599053866072
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 28 Oct 2021 09:22:32 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame 773B 0
0 20ms
14ms Image
text/html 2a00:1450:4001:812::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaT1w-kjh0qMc26h8aqwGWxrYSND9g88s1krF20dx8rNV9PwACbDdbSu1qOY_gKCkGkxUxVYL10Ks4OW9JzMEd1lqOXb2Q
Requested by: Host: 3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com
URL: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:812::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

GET
H2 200 index.html Show response
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/10980269524931627100/ Frame 05B2 22 KB
5 KB 12ms
6ms Document
text/html 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/10980269524931627100/index.html

Requested by

Host: by-them.com
URL: https://by-them.com/430811?utm_medium=email&utm_source=mag_W000000003_thu&utm_campaign=mag_9999_0930&trflg=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c50da16ff33f6860295b9882f818218cfeaa545922c17cd61e4af999a9d6a159

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sadbundle/$csp%3Der3$/10980269524931627100/index.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-type: text/html
access-control-allow-origin: *
content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
timing-allow-origin: *
date: Sun, 10 Oct 2021 11:02:25 GMT
expires: Mon, 10 Oct 2022 11:02:25 GMT
last-modified: Mon, 26 Apr 2021 10:35:39 GMT
x-content-type-options: nosniff
x-dns-prefetch-control: off
content-encoding: gzip
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
content-length: 3672
age: 339694
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame F692 0
0 53ms
49ms Fetch
text/html 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CdK0QLvdnYZ2gMJXw3gPwnY44u5emzmLihMKTjg2_4R4QASCm8b9pYJXSiYKYB6AB_rzXvQPIAQmpAmfKxo2EcrM-4AIAqAMByAMIqgTdAU_QPzqjrbp_HDG-_fle-2H0zK__jmxxxpGJrBbAPOUxFO6LxM2Hb-gZNg_lcSK7TYY_kpSiDJ6XFNg-UQ3rts-2m3PY_jEusGlP3PVgXeF3J-hXTci5VhM_JJayQ1dPn_u6O2VIctAU9p6XPSGyVtMeq93ytCMeiwUQBWEr2-Lzqsb6EcSpvm0hcdzL8BJM0TY7ZeXV6En2lB0bPDzjKjHUdLb9-Q8q412c1S_PYf6rAr_K9k0ePyp5oW25iiUwYN5A86klUNN3aXaHimlDjamIQVHNVI6Syqapo90_wAT27q_AvQPgBAGSBQQIBBgBkgUECAUYBKAGLoAHvYvsRqgH8NkbqAfy2RuoB47OG6gHk9gbqAe6BqgH7paxAqgH_p6xAqgH1ckbqAemvhvYBwDyBwQQ_v4M0ggJCIDhgBAQARgdgAoDyAsB2BMNiBQC0BUBmBYBgBcBshceChwIABIUcHViLTE5Mjg2Njg4OTA1NzUwNjAYwfgd&sigh=lcN1cYoSmYs&template_id=419
Requested by: Host: by-them.com
URL: https://by-them.com/430811?utm_medium=email&utm_source=mag_W000000003_thu&utm_campaign=mag_9999_0930&trflg=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.185.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s53-in-f2.1e100.net
Software: /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

GET
H2 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211011/r20110914/ Frame F692 18 KB
8 KB 11ms
6ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211011/r20110914/abg_lite_fy2019.js

Requested by

Host: 3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com
URL: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b2ec3db0c3ffe01385ebd2fa36b83708e505fada5609f9859a8e04a9cbdcaefd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 09:19:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 289
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7691
x-xss-protection: 0
server: cafe
etag: 14402072889669646931
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 28 Oct 2021 09:19:10 GMT

GET
H2 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211011/r20110914/client/ Frame F692 3 KB
1 KB 13ms
8ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211011/r20110914/client/window_focus_fy2019.js

Requested by

Host: 3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com
URL: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0bb775e23934c5478dab7517dbf8a614834c96e926c4498b734399eb8a2e640d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 09:23:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 50
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1426
x-xss-protection: 0
server: cafe
etag: 18061233391346882222
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 28 Oct 2021 09:23:09 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame F692 123 KB
37 KB 50ms
45ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com
URL: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

393cf048c5b518e266aa392aa2540de2a0d5538f0bae4f44b1b6a89f095a85f7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 09:23:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37935
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1633952256361887"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 14 Oct 2021 09:23:59 GMT

GET
H2 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211011/r20110914/client/ Frame F692 14 KB
6 KB 12ms
7ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211011/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com
URL: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f4726d988effd5253298f2a2738ca92d780d4105af0ce67eb7e7d1c748fb6909

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 09:22:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 87
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6281
x-xss-protection: 0
server: cafe
etag: 18349783599053866072
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 28 Oct 2021 09:22:32 GMT

GET
H2

200

sid Show response
mug.criteo.com/ Frame BEB0
Redirect Chain

https://gum.criteo.com/sid/json?origin=publishertag&domain=by-them.com&sn=ChromeSyncframe&so=3&topUrl=by-them.com&bundle=j81YnF9aNFp5ZG5xUlg0YlFJUzN3cnFPb0ZURnNmMUZHT1AycnZ2TVRSS3FhNGlpWVc1UmpzUElz...
https://mug.criteo.com/sid?cpp=oySXjHwxdm1aSjUybFJsdmI2djlpY2I2dzVxdjFuVmVlbVlBSGVFK2xhNCtQOW1yY21OUTV3WjNQYmtyMG1oaDBjVHpVWkd2YjFHQ21BUWxiVFQ5blQzMHFvMDJ3K1h0ejErUWtHamZxT3BvZyt4d2M3bEZlbDR6clJhOE...

425 B
620 B

14ms
14ms

Fetch
application/json

178.250.2.146
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://mug.criteo.com/sid?cpp=oySXjHwxdm1aSjUybFJsdmI2djlpY2I2dzVxdjFuVmVlbVlBSGVFK2xhNCtQOW1yY21OUTV3WjNQYmtyMG1oaDBjVHpVWkd2YjFHQ21BUWxiVFQ5blQzMHFvMDJ3K1h0ejErUWtHamZxT3BvZyt4d2M3bEZlbDR6clJhOEttOWo4T21BQmhFOVBJN20vTCtZYXRWSFpwMldER1FSbUFxclc4ejViMDkwRTdnODlUcWVSbis5OUZJZEwvUGMxdlkzdEgwRjRPV3Rid2pHTXhmMHF5eWc2czg2cWdZdU5jOGRCeUpqK0oxYzdOVk1OVHM3VFB0dVdCdE9hR2E1c0NtdTV0WktubkFFTlR0bHl4WWh1bUZTVGQ1czBjeEVYUGFvQjVJQzczOHJoZ2QrZXhnRT18&cppv=2

Requested by

Host: gum.criteo.com
URL: https://gum.criteo.com/syncframe?origin=publishertag&topUrl=by-them.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.146 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

3d1333324b029b19d5049f106263eaaa953dd00300742803596819b2dee9dd42

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://gum.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000
content-encoding: gzip
date: Thu, 14 Oct 2021 09:23:59 GMT
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: https://gum.criteo.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 2223
expires: 0

Redirect headers

pragma: no-cache
strict-transport-security: max-age=31536000
date: Thu, 14 Oct 2021 09:23:59 GMT
content-type: text/html; charset=utf-8
location: https://mug.criteo.com/sid?cpp=oySXjHwxdm1aSjUybFJsdmI2djlpY2I2dzVxdjFuVmVlbVlBSGVFK2xhNCtQOW1yY21OUTV3WjNQYmtyMG1oaDBjVHpVWkd2YjFHQ21BUWxiVFQ5blQzMHFvMDJ3K1h0ejErUWtHamZxT3BvZyt4d2M3bEZlbDR6clJhOEttOWo4T21BQmhFOVBJN20vTCtZYXRWSFpwMldER1FSbUFxclc4ejViMDkwRTdnODlUcWVSbis5OUZJZEwvUGMxdlkzdEgwRjRPV3Rid2pHTXhmMHF5eWc2czg2cWdZdU5jOGRCeUpqK0oxYzdOVk1OVHM3VFB0dVdCdE9hR2E1c0NtdTV0WktubkFFTlR0bHl4WWh1bUZTVGQ1czBjeEVYUGFvQjVJQzczOHJoZ2QrZXhnRT18&cppv=2
cache-control: no-cache, no-store, must-revalidate
server-processing-duration-in-ticks: 1832
content-length: 567
expires: 0

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 03C9 398 B
326 B 26ms
16ms Document
text/html 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CKjuaBCznHAY6uLqtQEwAQ&v=APEucNUSO3EFgPU9ev0Bw0BtpGR5us1kGAGCr6ib9RiB-q7jouBEVco-pElTUOF4vnU-bH_hdXGSFCq44G7NrpV0DY2mWmgGcRCSw0sCRu_NUYzeiQo9EYykQ-g3QhsTpS-IOCKIyRidJ87QF7g6Pbab36n1Id28aaNWrEc0H4EtOKZXLZ7psv0

Requested by

Host: 3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com
URL: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

dc00d2dc19a9dd32d5f89ec3d68bfed90dd775a5fa638855b7fe00d6415f379b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /xbbe/pixel?d=CKjuaBCznHAY6uLqtQEwAQ&v=APEucNUSO3EFgPU9ev0Bw0BtpGR5us1kGAGCr6ib9RiB-q7jouBEVco-pElTUOF4vnU-bH_hdXGSFCq44G7NrpV0DY2mWmgGcRCSw0sCRu_NUYzeiQo9EYykQ-g3QhsTpS-IOCKIyRidJ87QF7g6Pbab36n1Id28aaNWrEc0H4EtOKZXLZ7psv0
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
cookie: IDE=AHWqTUlopxitySf2MkNATtgMj4sCbW4PdSTqR7wFButfVKU5IY96dTnuVrJvps2xJUk
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Thu, 14 Oct 2021 09:23:59 GMT
server: cafe
cache-control: private
content-length: 258
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 express_html_inpage_rendering_lib_200_273.js Show response
s0.2mdn.net/879366/ Frame 76B3 114 KB
40 KB 34ms
6ms Script
text/javascript 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_273.js

Requested by

Host: by-them.com
URL: https://by-them.com/430811?utm_medium=email&utm_source=mag_W000000003_thu&utm_campaign=mag_9999_0930&trflg=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2bc98b5956d216197013af35c909aa49d3aa7c26b48de9e9930eb4bd6b846391

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/
Origin: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 13 Oct 2021 11:05:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 80289
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 40185
x-xss-protection: 0
last-modified: Wed, 30 Jun 2021 20:54:50 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 14 Oct 2021 11:05:50 GMT

GET
H2 200 omrhp_fy2019.js Show response
pagead2.googlesyndication.com/pagead/js/r20211011/r20110914/elements/html/ Frame 76B3 6 KB
3 KB 12ms
6ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20211011/r20110914/elements/html/omrhp_fy2019.js

Requested by

Host: by-them.com
URL: https://by-them.com/430811?utm_medium=email&utm_source=mag_W000000003_thu&utm_campaign=mag_9999_0930&trflg=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

fb9268e99659f17a183de7aa0d4e27453f96c159a7ba99d6482522f8f72d1009

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 09:20:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 226
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2631
x-xss-protection: 0
server: cafe
etag: 10983085961369067521
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 28 Oct 2021 09:20:13 GMT

GET
H2 200 abg_lite_fy2019.js Show response
pagead2.googlesyndication.com/pagead/js/r20211011/r20110914/ Frame 76B3 18 KB
8 KB 11ms
5ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20211011/r20110914/abg_lite_fy2019.js

Requested by

Host: by-them.com
URL: https://by-them.com/430811?utm_medium=email&utm_source=mag_W000000003_thu&utm_campaign=mag_9999_0930&trflg=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b2ec3db0c3ffe01385ebd2fa36b83708e505fada5609f9859a8e04a9cbdcaefd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 09:23:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 5
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7691
x-xss-protection: 0
server: cafe
etag: 14402072889669646931
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 28 Oct 2021 09:23:54 GMT

GET
H2 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 76B3 42 B
107 B 44ms
39ms Image
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-De1H1lND5b6voyQ8NBKfaxvwiGpjHHD5CXLfuTHOnsto4hHnC_BdaSKpBrfv9aWpHxOCwcDI5ABfsw7b7ZvjY63jb8Wdj-5st4RpGtmwv33g4qhls

Requested by

Host: 3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com
URL: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Oct 2021 09:23:59 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211011/r20110914/client/ Frame 76B3 3 KB
1 KB 13ms
8ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211011/r20110914/client/window_focus_fy2019.js

Requested by

Host: 3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com
URL: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0bb775e23934c5478dab7517dbf8a614834c96e926c4498b734399eb8a2e640d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 09:23:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 50
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1426
x-xss-protection: 0
server: cafe
etag: 18061233391346882222
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 28 Oct 2021 09:23:09 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 76B3 123 KB
37 KB 49ms
45ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com
URL: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

393cf048c5b518e266aa392aa2540de2a0d5538f0bae4f44b1b6a89f095a85f7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 09:23:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37935
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1633952256361887"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 14 Oct 2021 09:23:59 GMT

GET
H2 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211011/r20110914/client/ Frame 76B3 14 KB
6 KB 12ms
7ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211011/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com
URL: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f4726d988effd5253298f2a2738ca92d780d4105af0ce67eb7e7d1c748fb6909

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 09:22:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 87
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6281
x-xss-protection: 0
server: cafe
etag: 18349783599053866072
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 28 Oct 2021 09:22:32 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame 76B3 0
0 19ms
14ms Image
text/html 2a00:1450:4001:812::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaT8pz599hcmn6Svqfh2IWdwQKPTyZPZEfL2RNpf4vDPxAbaS_hiGUez6wOWIVvNIbw9Y4MPtN6wjyZORfk63tTyKG-4nw
Requested by: Host: 3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com
URL: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:812::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

GET
H2 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-38/js/ Frame 6846 22 KB
7 KB 13ms
9ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-38/js/ext.js

Requested by

Host: 3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com
URL: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0bcac89d72d5f0b2bef20f815406384ff05489e4294acee57409060c2eccffc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 13 Oct 2021 21:26:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 43022
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7022
x-xss-protection: 0
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Thu, 13 Oct 2022 21:26:57 GMT

GET
H2 200 creative.js Show response
cdn.jsdelivr.net/npm/prebid-universal-creative@latest/dist/ Frame 6846 26 KB
9 KB 46ms
26ms Script
application/javascript 2606:4700::6810:5914
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/prebid-universal-creative@latest/dist/creative.js

Requested by

Host: 3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com
URL: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5914 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2c2210f87e564b9f117ad40e2cb2f666828d11dbb947bc4304e368b9d5e247ee

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 09:23:59 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 9945
x-jsd-version: 1.12.0
x-cache: HIT
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-served-by: cache-fra19166-FRA
timing-allow-origin: *
x-jsd-version-type: version
server: cloudflare
etag: W/"682b-PM7TIXX2mG/XvjIIwb9PtOhKkw4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
cf-ray: 69dfc08b4a5e42d5-FRA

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 6846 123 KB
37 KB 42ms
40ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com
URL: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

393cf048c5b518e266aa392aa2540de2a0d5538f0bae4f44b1b6a89f095a85f7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 09:23:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37935
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1633952256361887"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 14 Oct 2021 09:23:59 GMT

GET
H2 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-38/js/ Frame 8CA2 22 KB
7 KB 12ms
10ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-38/js/ext.js

Requested by

Host: 3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com
URL: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0bcac89d72d5f0b2bef20f815406384ff05489e4294acee57409060c2eccffc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 13 Oct 2021 21:26:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 43022
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7022
x-xss-protection: 0
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Thu, 13 Oct 2022 21:26:57 GMT

GET
H2 200 13809741454613283922
tpc.googlesyndication.com/simgad/ Frame 8CA2 119 KB
119 KB 12ms
11ms Image
image/jpeg 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/13809741454613283922?

Requested by

Host: 3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com
URL: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

18943d0a49d756bd3d5bf2c72f70aa8b68e559774a55c061d9d1b39a6ab288e9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 13 Oct 2021 15:00:34 GMT
x-content-type-options: nosniff
age: 66205
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 121592
x-xss-protection: 0
last-modified: Thu, 10 Dec 2020 03:36:04 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Thu, 13 Oct 2022 15:00:34 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 8CA2 123 KB
37 KB 52ms
50ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com
URL: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

393cf048c5b518e266aa392aa2540de2a0d5538f0bae4f44b1b6a89f095a85f7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 09:23:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37935
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1633952256361887"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 14 Oct 2021 09:23:59 GMT

GET
H2 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-38/js/ Frame B9D7 22 KB
7 KB 10ms
10ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-38/js/ext.js

Requested by

Host: 3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com
URL: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0bcac89d72d5f0b2bef20f815406384ff05489e4294acee57409060c2eccffc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 13 Oct 2021 21:26:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 43022
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7022
x-xss-protection: 0
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Thu, 13 Oct 2022 21:26:57 GMT

GET
H2 200 17695468946475477132
tpc.googlesyndication.com/simgad/ Frame B9D7 85 KB
85 KB 10ms
10ms Image
image/jpeg 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/17695468946475477132?

Requested by

Host: 3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com
URL: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c379607c37ade94378c57972716e2ea46a45f1aeabd715ea062740476a27c718

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 13 Oct 2021 15:00:34 GMT
x-content-type-options: nosniff
age: 66205
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 86562
x-xss-protection: 0
last-modified: Wed, 13 Oct 2021 04:03:34 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Thu, 13 Oct 2022 15:00:34 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame B9D7 123 KB
37 KB 30ms
30ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com
URL: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

393cf048c5b518e266aa392aa2540de2a0d5538f0bae4f44b1b6a89f095a85f7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 09:23:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37935
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1633952256361887"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 14 Oct 2021 09:23:59 GMT

GET
H2 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-38/js/ Frame C45A 22 KB
7 KB 18ms
13ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-38/js/ext.js

Requested by

Host: 3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com
URL: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0bcac89d72d5f0b2bef20f815406384ff05489e4294acee57409060c2eccffc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 13 Oct 2021 21:26:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 43022
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7022
x-xss-protection: 0
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Thu, 13 Oct 2022 21:26:57 GMT

GET
H2 200 1391346322200222182
tpc.googlesyndication.com/simgad/ Frame C45A 37 KB
38 KB 18ms
12ms Image
image/jpeg 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/1391346322200222182?

Requested by

Host: 3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com
URL: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

96a850c9b609006ace6823b5ced486774fc992a5b789766f50db4c2fcbd8ce8f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 13 Oct 2021 15:00:34 GMT
x-content-type-options: nosniff
age: 66205
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38331
x-xss-protection: 0
last-modified: Wed, 13 Oct 2021 04:07:45 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Thu, 13 Oct 2022 15:00:34 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame C45A 123 KB
37 KB 30ms
25ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com
URL: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

393cf048c5b518e266aa392aa2540de2a0d5538f0bae4f44b1b6a89f095a85f7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 09:23:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37935
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1633952256361887"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 14 Oct 2021 09:23:59 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 4CD5
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEC53isMPgHMaabqNDvfMhQY&google_cver=1

43 B
1014 B

32ms
17ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEC53isMPgHMaabqNDvfMhQY&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPnoIxCA2vS7AhiEkpG1ATAB&v=APEucNWONS0QfrMDTXtUL5GTOX8Woryyqzw1hrnp-jGHfto9qxGQo77bjwext-tatDOKuj2YU7tXsYHtnUqp5Khd8lVR-lEE9v5RosWNyMSYEU0ioCJQ3e8PxFhVsiZE_Tk4dhklOy98PfPxSE7v2jz0Xkii3fRAxfi2bu0g569JYGbdzI2dEII
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 14 Oct 2021 09:24:00 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Thu, 14 Oct 2021 09:24:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 14 Oct 2021 09:23:59 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEC53isMPgHMaabqNDvfMhQY&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 4CD5
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YWf3L.IJHAtuN0XGpVci-wAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEC53isMPgHMaabqNDvfMhQY&google_cver=1&google_hm=2

43 B
894 B

16ms
16ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEC53isMPgHMaabqNDvfMhQY&google_cver=1&google_hm=2
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPnoIxCA2vS7AhiEkpG1ATAB&v=APEucNWONS0QfrMDTXtUL5GTOX8Woryyqzw1hrnp-jGHfto9qxGQo77bjwext-tatDOKuj2YU7tXsYHtnUqp5Khd8lVR-lEE9v5RosWNyMSYEU0ioCJQ3e8PxFhVsiZE_Tk4dhklOy98PfPxSE7v2jz0Xkii3fRAxfi2bu0g569JYGbdzI2dEII
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 14 Oct 2021 09:24:00 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Thu, 14 Oct 2021 09:24:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 14 Oct 2021 09:24:00 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEC53isMPgHMaabqNDvfMhQY&google_cver=1&google_hm=2
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame 4CD5
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEJTmEejb12SZO6KvPwskECM&google_cver=1

43 B
1004 B

15ms
13ms

Image
image/gif

185.33.220.240
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEJTmEejb12SZO6KvPwskECM&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPnoIxCA2vS7AhiEkpG1ATAB&v=APEucNWONS0QfrMDTXtUL5GTOX8Woryyqzw1hrnp-jGHfto9qxGQo77bjwext-tatDOKuj2YU7tXsYHtnUqp5Khd8lVR-lEE9v5RosWNyMSYEU0ioCJQ3e8PxFhVsiZE_Tk4dhklOy98PfPxSE7v2jz0Xkii3fRAxfi2bu0g569JYGbdzI2dEII

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.220.240 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

Software

nginx/1.17.9 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 14 Oct 2021 09:24:00 GMT
X-Proxy-Origin: 91.199.118.79; 91.199.118.79; 717.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 9ad48c34-ba58-48de-87c7-75f619e8eb5d
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 14 Oct 2021 09:23:59 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEJTmEejb12SZO6KvPwskECM&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 4CD5
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTg3MzI5MDUyMDY4NjgwMTg4Mw%3D%3D

170 B
188 B

23ms
17ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTg3MzI5MDUyMDY4NjgwMTg4Mw%3D%3D

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Oct 2021 09:24:00 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Thu, 14 Oct 2021 09:24:00 GMT
X-Proxy-Origin: 91.199.118.79; 91.199.118.79; 717.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 7b87250c-8d37-4faa-85a4-b2a7e8db1822
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTg3MzI5MDUyMDY4NjgwMTg4Mw%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 2F8A
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEC53isMPgHMaabqNDvfMhQY&google_cver=1

43 B
1014 B

30ms
15ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEC53isMPgHMaabqNDvfMhQY&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPnoIxCA2vS7AhiEkpG1ATAB&v=APEucNW2o1-DHdMDYff0TrYrmCqFvtleC7IY0iKW5txmfGk1_DdTsVimUBQX105YCHwclIrpRJnJR1YfcnpQrh92ezTspY17G5g9mEdUvnlMoXP_fvE7HD0-OsGO3ugzZlVbg5CEyuQASWbvdp66EaiZT-jvp9y7NeZwtBet5EVldNTlMuhWEiM
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 14 Oct 2021 09:24:00 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Thu, 14 Oct 2021 09:24:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 14 Oct 2021 09:23:59 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEC53isMPgHMaabqNDvfMhQY&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 2F8A
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YWf3L.IJHAtuN0XGpVci-wAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEC53isMPgHMaabqNDvfMhQY&google_cver=1&google_hm=2

43 B
894 B

14ms
13ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEC53isMPgHMaabqNDvfMhQY&google_cver=1&google_hm=2
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPnoIxCA2vS7AhiEkpG1ATAB&v=APEucNW2o1-DHdMDYff0TrYrmCqFvtleC7IY0iKW5txmfGk1_DdTsVimUBQX105YCHwclIrpRJnJR1YfcnpQrh92ezTspY17G5g9mEdUvnlMoXP_fvE7HD0-OsGO3ugzZlVbg5CEyuQASWbvdp66EaiZT-jvp9y7NeZwtBet5EVldNTlMuhWEiM
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 14 Oct 2021 09:24:00 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Thu, 14 Oct 2021 09:24:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 14 Oct 2021 09:24:00 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEC53isMPgHMaabqNDvfMhQY&google_cver=1&google_hm=2
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame 2F8A
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEJTmEejb12SZO6KvPwskECM&google_cver=1

43 B
1004 B

16ms
15ms

Image
image/gif

185.33.220.240
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEJTmEejb12SZO6KvPwskECM&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPnoIxCA2vS7AhiEkpG1ATAB&v=APEucNW2o1-DHdMDYff0TrYrmCqFvtleC7IY0iKW5txmfGk1_DdTsVimUBQX105YCHwclIrpRJnJR1YfcnpQrh92ezTspY17G5g9mEdUvnlMoXP_fvE7HD0-OsGO3ugzZlVbg5CEyuQASWbvdp66EaiZT-jvp9y7NeZwtBet5EVldNTlMuhWEiM

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.220.240 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

Software

nginx/1.17.9 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 14 Oct 2021 09:24:00 GMT
X-Proxy-Origin: 91.199.118.79; 91.199.118.79; 717.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 490ab283-320a-461f-9c14-791ecb9aaecf
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 14 Oct 2021 09:23:59 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEJTmEejb12SZO6KvPwskECM&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 2F8A
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTg3MzI5MDUyMDY4NjgwMTg4Mw%3D%3D

170 B
188 B

16ms
16ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTg3MzI5MDUyMDY4NjgwMTg4Mw%3D%3D

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Oct 2021 09:24:00 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Thu, 14 Oct 2021 09:24:00 GMT
X-Proxy-Origin: 91.199.118.79; 91.199.118.79; 717.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: a7abe3f4-204f-4f57-80c2-fa5f6280f784
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTg3MzI5MDUyMDY4NjgwMTg4Mw%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 express_html_inpage_rendering_lib_200_273.js Show response
s0.2mdn.net/879366/ Frame 897F 114 KB
39 KB 15ms
12ms Script
text/javascript 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_273.js

Requested by

Host: by-them.com
URL: https://by-them.com/430811?utm_medium=email&utm_source=mag_W000000003_thu&utm_campaign=mag_9999_0930&trflg=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2bc98b5956d216197013af35c909aa49d3aa7c26b48de9e9930eb4bd6b846391

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/
Origin: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 13 Oct 2021 11:05:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 80289
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 40185
x-xss-protection: 0
last-modified: Wed, 30 Jun 2021 20:54:50 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 14 Oct 2021 11:05:50 GMT

GET
H2 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20211011/r20110914/elements/html/ Frame 897F 8 KB
3 KB 14ms
12ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20211011/r20110914/elements/html/omrhp.js

Requested by

Host: bid.g.doubleclick.net
URL: https://bid.g.doubleclick.net/xbbe/creative/adj?p=APEucNVLdPOzFTTB6sf8aEPJc2gliaLWUtovRx_Xp6s19gT5I6bmbcU&d=CnkAoCZ_4FsYNDrI4QWt6468DL1Tn7GgxAlnSpksWz-EguXTwCzLXs7RyhIWIed291sU17_5rWv6z17nlmnWM9kUgBj_xQsPCv26ZGcZwNhAHJrxQpBIhJuZoW0unTKlzYbqwozd5ixc2hxOXL2qb5-LKOatlJzyPf7NEqkRAKAmf-BtC24zKL8R13Swy8pqCJC6mFNEKkrs5mL9czpBlpnSGpE7BENEdu4qP0i6-14we8o7_XUsNlBda_M4F-YhsWDWy1-AyNs7fi5817NGGsabB2vqhouPLtPBLkm_bz8Vnq6vT0g8n4KAn1GTpA5rPrYMinV6bFPEeHO552Pnf2nEc7tElg3uTNj0OfpuJqekw756qgELF2bE8Zfv1VbS7ckYqESt5rlAsEVpXeAZjsFuVT34rmHMm2ohWSLe93vlD9FgvfR4Rn4BdjIAxARFJcTlwD8M_FH0la4Vz8j-0jSDxr2GCKEZ4YngTwux_2zeUSzvZLuW0ZDLMRz7LAIorUZJA9hYvNag-JWh2oj5Po-BlrvjPBDczsNIhWx6Xjqr4VsF1jnUqeHD483tGgStMStWUTfZoSzTMcuE9sUR07H45eHEIwhfEcZMEeD1R25KnRDQPcIozHRkesPtLWjOEmz8wVdvaHLZD0GzNrS2y8-IXfLp22d0DU0z4b044ID1uhZ5Lpn-rnGTRbrsFHkE1z_huiT0uSSdENKsKr3ZYGnQB22NMovfLhfCVsuY3Qpnd_I7_ucXqZqeaQX7AsPt7NweCR6Nu2GH28PqBvnpzt3YjOPjN5MFFgx8wsc0FU8_8kf-vnJGtX8hnO898knw2iohtT8JMHqGVD88AlNp-I9ueS-kkcGiq4eT3CAVE8aSaSs_Ui6KKvBBiFWRMI7Wy5rBr-7M61PRDxMRtyj8C8iOt6a5A3P7eYsITvkGcO_38Q-s-9mL4lCKFH4NTTocQNXGam8Da3KKHsK0TCsodYRShVrr0nCWY8K9WPoeWCpbniDuVQhUYhRc3LdJKgTHP1FlvJpm42XJ3U4GATNJA6QXqMMoYbIWZAgS_9A9pR8t4VC9qVP7s6p15hfXKOjFArxhdyQO5itQHyxkB_db1FtFzmCu6skqhxN5U1KNzVZIKgjLh-3THPCF40q0sBsKlZ-2UZh5gAhOG8A7hiyn_1JFzyIINtWESjmW5_5eYU64MMze_G0-c_zi4tge5DBQ1qko1GOv1Y0GhD4OLWKR2W41_Q6kP7f8I_dxKpSSB6zTGVOYeGuJNImzww9xtSLd0vMWSd9Joi-l6yRygipcLnoohqqr6kSLj1zTGnkEQywiNP4fJmClPoyntJTmUuChaCZcC3AXYKl3RwO2k_FKJt6-JcAyIHyfS4C8svHFNOtDE01kuLy3chd5qn5GQ8gb1cKtMhUvNvUgWNYjZuWRJ_-5V4YobtJkSGL39jRLlo0qbwO8UzhGGulDd7d0R1lz4XdIxsPt0txS3CDL_DpFJiyP520nQu1jBuJ7LbxjxvZRY7IXaoObEMglptvyOOxHcUuvx6xZ-9_V3sW3bK77dYGG48hZk_16LCdYB2JjMWSrSM37vN1vWZeCpEVKWDfXbThNAlkd5QfdpUTZFP_FPBgce3R_T3aOMxMC-6ypw2_1voI9plQQaivgtp-p2R2gL8TZPlcjW2-WM7ASyGx_qOPFJ5rzJ57XoeayO5lkVe11w35m8jfOXUGrQ9q2S9JW3iV9hJKikL-o65bc8HlJMdTc28xGJbsgSTbfyTn9KSlDg1CyUpZmR82b3ZvAwwG6-gANgj6qAm27BEQ_zT8DKHrdj8VM9v1pCFNSblTfZt6rpmg8s3muyODojuCP88-lB5tc1ZBQlt_RhHTcddoyTsGyOoDmX120pTiIGVOa9k4AeqaO-ZcYUAdZV7lfOzFJradDzzYzmqwpqj5fm3MjZ_MDZWH-_Q9wxRi4mCRfYvrM2RpO7zcbwuyjV8IlMcuyU6INJYck_A40shhPEZ0xukfj-Pa5VGaxIDE0J4RsQ1nM_w8Aw7he_XybA1-ePFVy7gSqdRshKzT45tmAwU74sFhPJlaEwYSnJav_vJ2VA1Rmy_d6NcYGKbhAjObFPxovOjWul0rZ4CiCsveP41np0jv3yBux-_zw3NIxs7xhSY78bTL_3iRFUBC-o97-RKetiSiylFaYQSO7Qwa5ajJaveGxCMkDUV4rLkB22kdEjtR2A-ioE4n04l7-BGu8_4Gn6lv7Hvrhd8gRWwC4KW1_IBYYkicAETo6dajOA4BKoXqEMGNMH0JJypmosTtqzSNV_uqtuVRWx8c80b_e5Jxx1xTc5DtTq28WaXKIy06ZfBdqz-OR0ArbLtotS47Zr0yNv7s5y8DhGTfDbs3XjNs_MM-QsvB7Y6NihrS2A9WdAoUgeojeMtAM0agQjG8IXZ25K2rI1XrCrqCAn986nxEPv0j_QxMWfjFGu6LDjTIqaUoVkowCBVGkE8Jjnbibwx-Aad-eN-VaQiqbJbAfywLQ0gjp8m4PSDttB1ebwcjJgMarxHHZIZP3mOYlA75Xr8baFJsnL6_RkdNZPtytXc5xWP96hwLir9GnyUSJEDy7OeNwoqKFCrIuzVFoukrUAdnHt5xMomEHx33j9Mlwu0kijEq3Y1aBfbMeyETgM7gx75K6w9JP9VTn4jlJ-UCjjFHEYwv2xa-xMuarppA8RaXds5xcDSwAs2km37xGaX4GKqUXH-5I4FuCLfBVjQGxrn3MYqi5XgP1WEePPoG5DPOj2cCBxUtCaSeeC8iItY3Ond0TKLpiaG6q3fUAYUvO0ZDbl1li_KkjAUj6opvujk73pq9pnpX0BhGyXv2UxKZmFzS4yYirONN-V3SPJPR55FjzhDcrLc-rkFLnmaQPKINog0QEqYoTMgQbgKg91UgPRou2ydtmh0B-FRV29IBEOve9OYJnpvHL68fj52jjKWVKAIKGaL9j4lrhaW6Bzdc0SSjQz-uFon7Qbmd_vJHSESJU3Rt9WP0G-paPMscgAe3c_66sMMYc4N7jf0QEW1d62RoQtd3llQsnmbrDpAZpOIrsk9kW6JPODhYbG5Yb0hNK3Zf9zbtAZ8f__zqrSgnxNB4RbG4Vz1jWGhYIABIS5Gj5Qn-jAtsdTr3vVqNjC9srYAE

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

67cf5c21bfc71ee46210832792237e4a6ccd99e5c7bc198b046a38c9167fd0ab

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 09:23:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 36
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3128
x-xss-protection: 0
server: cafe
etag: 3658073882064373855
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 28 Oct 2021 09:23:23 GMT

GET
H2 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20211011/r20110914/ Frame 897F 23 KB
9 KB 16ms
9ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20211011/r20110914/abg_lite.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

599ad71fae7cb8d014f7c2d29b8450bc7c34f8e32d49fa103716becef8ae9964

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 09:22:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 99
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9283
x-xss-protection: 0
server: cafe
etag: 1044373809082006429
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 28 Oct 2021 09:22:20 GMT

GET
H2 200 express_html_inpage_rendering_lib_200_273.js Show response
s0.2mdn.net/879366/ Frame BF5A 114 KB
39 KB 13ms
10ms Script
text/javascript 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_273.js

Requested by

Host: by-them.com
URL: https://by-them.com/430811?utm_medium=email&utm_source=mag_W000000003_thu&utm_campaign=mag_9999_0930&trflg=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2bc98b5956d216197013af35c909aa49d3aa7c26b48de9e9930eb4bd6b846391

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/
Origin: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 13 Oct 2021 11:05:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 80289
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 40185
x-xss-protection: 0
last-modified: Wed, 30 Jun 2021 20:54:50 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 14 Oct 2021 11:05:50 GMT

GET
H2 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20211011/r20110914/elements/html/ Frame BF5A 8 KB
3 KB 11ms
9ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20211011/r20110914/elements/html/omrhp.js

Requested by

Host: bid.g.doubleclick.net
URL: https://bid.g.doubleclick.net/xbbe/creative/adj?p=APEucNVLdPOzFTTB6sf8aEPJc2gliaLWUtovRx_Xp6s19gT5I6bmbcU&d=CnkAoCZ_4Lu9au3XjtPD58r0q_LXahKcZ3moi0inmAAz9L5oPnUj2jFVrMK2FWEAehdCSo1NwARC8JZjWn8ZJNFlK3yHtyZEGmEschXJ6woNR_HfTv5lWgCaHfqz27Gzmmtk3_6tbyca5FO09N6c8FGqBFsbCv12fagiEvkRAKAmf-AFZS6M3fDQff5EHS9-LLGAuaurUM3LYvOoO6fCOTn4Z9aJg_yJaKKunl5uJ0sWv3xE62ZbwTGe2PORbogboITG23VAx15xh_AwJbleGj6uJGBoboDyUn0Mi58R6POWrET6oWeKMdag9pHqueLhs2iIU480BRjk2tYMuS4v5beP1biLYhQfDeDZE1XaPuJScbM-Kpqwcr9hw_TyDsgfJwik1P9wZLE6YD43Qo9jFLactxDbNxJLFakDsSMRIgNoriVI5TZyykh5DzUPap_2GNv_XzRLNezx0o-g_3QPvOj4ZMKTml1CkgwD5TqbmqrTWAVP1RkD3ceYyD3B_0UIvqglsaB1weT9Kk2oF0yiWqIkKqUbdKxR7ijtY6N1QVFIpb9_HafjRGH41IbQqLMUZaZXzzmN0fLR6QEIjSUIDe1i03aKDJgE_8Ip0ExvpzDlIQu3RDlzxNkM4tMeE6Kjny3N6PZ_wp37MJ4KdQC_O5JxOQRCZxr9cdb-aZ1LNEdE3l63yynCG_ea8KQmS8ISJS5TWtHf98OQzKBAI56zbbEQbcyXrU8evAWKRYmpu1dInWv-iI0jOdR3w7Gv92AltsuQa6oNtZMZ5QYID5LZKPidKqledTJcKTkGRSSvubusimevEAUJg5rKQKTQecA-4-pHS0mPcsvj_wlbE-X0a4LkHSXf2DBJ9uc4wHij7zwXY15QgpMd3i5zWE5FN6anTzdo-LBR0Ng_DvaxkC8qqeh_deECUB9hpGcXja-LKGaky1vaXWv3UoxnmSxvZnmrF9iZPPh7DICtkxEVYX24gSz57E3LHcC3UlQi207By9LolF11iSF0wKohBBe-XbXUJ1dmYTfF3HDLwOczUqXlK1VrmleHvyYOu0unOCBWxayJmZgeMQGEY1ZQSwlKKcpRQpLLrODO84U1GdWJMD6FV6oFVj3cL_w7tOe0SQBBK_KLqQEjO8kxG2cKFtwM5URfsxPPwhhtIFr0HlAxhG7uww1-rlt8yrp0Bc3vz4TFKoRzdZtTLKFyeiFClGZGyLi8AYIqVbMryvYCxkmpE-AV0VHc2boS52yOTuUvo3Vr3x6ZCbkUjr01PY_u50rPTWO5Mx7YHuhgj6Wj95ECKSDzbKB13f89tfSDyxgvL1VtLdRcrt9WkrBs1iJjwbnZNSyeqCEaYYxFN_a_9IM776ePXfxnW7JxSmw_Grtn5uH__7xc0tkB-PuGeNWM1boT_ehvKevIdMazHCfeD9ZIc0j6mOxu1DGLL9Pnv8YUWdzWbvz5Ztmssu1t1gaRylxOtVg7eFgIsZQDCsrwhAcZ1k0XYxGqiRLJNJqqHS6hjX4brJAOGq8OkWJKRFhmVIO4Nt9lZzNZZwo4-uQzj2NadfsK0pWGriaioXtk9nyFL1tr1CIIo3C1WVmZb4Gak2yDgXSZQ9rETMiDQTu5M2h-JXt7B_NEQUdJbtB6lC_e_Ygz3IrKZKBnrUtBuIBMzuRyMA8CKOdm2zpj8-6PKJ-EZsq4Nq1LZCEWYCzvVS4OrE1PLvmAk1Jt-uSUflR9bHYRvLZx5xoHeKO52SBgwc8Sn2arAN93kokZVjRNG6ZTOfG525NzvEYPnhHnDq4_gGJlaDt1oYmtDGDUnnepJa4PekA8rnjW3gvAu2OwcjpTZ9XfW_ilRcWt0A1kFZktYstz15T93NqofNBQLDjgnbazRr6kf3RSpYQF0TWveeD_OK3vyRGblY-TxDyPumwExAb4oI5cOIdkEsYwVmHoxlGyFeKPDTTaW6fALXEoxlRyv5qhajai59l4bGRGwXVx8b-uSm2dwhFTFBPK48d10BvpxMuWeDsNWi9xzlVeIXcnYpCh70y9fVwAHxdQda3-nmdw8pUEsLLW8AzfXJ9T7c9qX-gKo4zQZ40VERnvGJrvgGQzS08C8XaM0oWqvsJekvPJNMiITn1m6_dFuEhSLApS3kEwevzTU3qNU0gXqNHTPhZpnnsd43o33HiYq3z30c_7EJKVsGFJ62do2ZS25KZiUBVRzran18KF5BFSPNYL35sMzNg-G1w2HKom3f65D2NCkZCMqsolYTYjwq-STqZexdEq0uTqsJNn7YiEpgqWFAEQ_qVSdJp9jEPVVMKZrr4qPosiFvs-SQbVe4lQqbxvZSlX65zMaxNOxcPRvpRL2B3bwi6jI1nWwkx_H-IfHm-eO6mj1OCxd69vXlSVVWyAyihQAHYEb9qnhAc-7u1GcwNMOJNVjkdoTgMxG1hi__Zk-HdaPq8Dmoq6ma_RY1iDDaOkYf6Xt94Wm01wtxCRihWXCe9uj0gOaV7bVKCdpYM2kNvb0XzOq-0K8R1CVpiAAHdhUoyQrrn15RCzys18iHckIRQnyvObgcHItaApw-cQOs59_GQvQCyGwWps78Em7gRd_B_CHP_kKGV3vwE9-ri3tisZ3LdI32SdBg0l4Qq8pn3CyLylA6v1l9NCw0XrrMwrJIBXBSI6BSO-oCOuOPaHt5uglTKc0Z8RwWqhCL5TkadsVzEmzI4VDD83FId0KCU-ZtnUj3OFf0wNeQeOaTpA_6RK4C_T0yh6iM4gn-eURzGh4bRfddsjZfRLdvj9ANq_x2dVxhS2Zvjmr9XvvSrI5ZSzv9pu-Vu3b2lVYeSTK03DdOnvp-jyIk5FqApCE2pxvJbPAYzid282_nNgHSvXnASXEVX1qt4SGXOGrj8oHfVOQ5wK47Gh5Ghk673cL2XLsr46vwZptCQvwVIxrKXsN1zopN7hPlNXTCjKAIA3UwVgYEi0eMfajGcV2YXZO0b3yK01EAZCu0nEHWQhG7NanoezBqGWdAaoOPGNhGvki7vhjQCcfmQKChzGoFJct_ezehrxzonC9U8DJQ1TIOD0c5XXeILlz0Oi3t5gQv4doF8hOSs-yOTSnYKiYvnBbrwgaQAMPE4YMCsQ94kf8zfwLAKH49wj4Q-wmpZ8FA1t0uUSOCMFnOzf3pUtdRW5m2fR9XQmwKZ5NuBQ0akToSnH3Sn_yxjrIhv6tCh8vACjweR1QKBL9ot2N43XtDHAz29o9nZlZj6Co9MaFggAEhLkaEUsnc_eswcJ3rnLAEQVbwdgAQ

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

67cf5c21bfc71ee46210832792237e4a6ccd99e5c7bc198b046a38c9167fd0ab

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 09:23:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 36
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3128
x-xss-protection: 0
server: cafe
etag: 3658073882064373855
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 28 Oct 2021 09:23:23 GMT

GET
H2 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20211011/r20110914/ Frame BF5A 23 KB
9 KB 17ms
4ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20211011/r20110914/abg_lite.js

Requested by

Host: bid.g.doubleclick.net
URL: https://bid.g.doubleclick.net/xbbe/creative/adj?p=APEucNVLdPOzFTTB6sf8aEPJc2gliaLWUtovRx_Xp6s19gT5I6bmbcU&d=CnkAoCZ_4Lu9au3XjtPD58r0q_LXahKcZ3moi0inmAAz9L5oPnUj2jFVrMK2FWEAehdCSo1NwARC8JZjWn8ZJNFlK3yHtyZEGmEschXJ6woNR_HfTv5lWgCaHfqz27Gzmmtk3_6tbyca5FO09N6c8FGqBFsbCv12fagiEvkRAKAmf-AFZS6M3fDQff5EHS9-LLGAuaurUM3LYvOoO6fCOTn4Z9aJg_yJaKKunl5uJ0sWv3xE62ZbwTGe2PORbogboITG23VAx15xh_AwJbleGj6uJGBoboDyUn0Mi58R6POWrET6oWeKMdag9pHqueLhs2iIU480BRjk2tYMuS4v5beP1biLYhQfDeDZE1XaPuJScbM-Kpqwcr9hw_TyDsgfJwik1P9wZLE6YD43Qo9jFLactxDbNxJLFakDsSMRIgNoriVI5TZyykh5DzUPap_2GNv_XzRLNezx0o-g_3QPvOj4ZMKTml1CkgwD5TqbmqrTWAVP1RkD3ceYyD3B_0UIvqglsaB1weT9Kk2oF0yiWqIkKqUbdKxR7ijtY6N1QVFIpb9_HafjRGH41IbQqLMUZaZXzzmN0fLR6QEIjSUIDe1i03aKDJgE_8Ip0ExvpzDlIQu3RDlzxNkM4tMeE6Kjny3N6PZ_wp37MJ4KdQC_O5JxOQRCZxr9cdb-aZ1LNEdE3l63yynCG_ea8KQmS8ISJS5TWtHf98OQzKBAI56zbbEQbcyXrU8evAWKRYmpu1dInWv-iI0jOdR3w7Gv92AltsuQa6oNtZMZ5QYID5LZKPidKqledTJcKTkGRSSvubusimevEAUJg5rKQKTQecA-4-pHS0mPcsvj_wlbE-X0a4LkHSXf2DBJ9uc4wHij7zwXY15QgpMd3i5zWE5FN6anTzdo-LBR0Ng_DvaxkC8qqeh_deECUB9hpGcXja-LKGaky1vaXWv3UoxnmSxvZnmrF9iZPPh7DICtkxEVYX24gSz57E3LHcC3UlQi207By9LolF11iSF0wKohBBe-XbXUJ1dmYTfF3HDLwOczUqXlK1VrmleHvyYOu0unOCBWxayJmZgeMQGEY1ZQSwlKKcpRQpLLrODO84U1GdWJMD6FV6oFVj3cL_w7tOe0SQBBK_KLqQEjO8kxG2cKFtwM5URfsxPPwhhtIFr0HlAxhG7uww1-rlt8yrp0Bc3vz4TFKoRzdZtTLKFyeiFClGZGyLi8AYIqVbMryvYCxkmpE-AV0VHc2boS52yOTuUvo3Vr3x6ZCbkUjr01PY_u50rPTWO5Mx7YHuhgj6Wj95ECKSDzbKB13f89tfSDyxgvL1VtLdRcrt9WkrBs1iJjwbnZNSyeqCEaYYxFN_a_9IM776ePXfxnW7JxSmw_Grtn5uH__7xc0tkB-PuGeNWM1boT_ehvKevIdMazHCfeD9ZIc0j6mOxu1DGLL9Pnv8YUWdzWbvz5Ztmssu1t1gaRylxOtVg7eFgIsZQDCsrwhAcZ1k0XYxGqiRLJNJqqHS6hjX4brJAOGq8OkWJKRFhmVIO4Nt9lZzNZZwo4-uQzj2NadfsK0pWGriaioXtk9nyFL1tr1CIIo3C1WVmZb4Gak2yDgXSZQ9rETMiDQTu5M2h-JXt7B_NEQUdJbtB6lC_e_Ygz3IrKZKBnrUtBuIBMzuRyMA8CKOdm2zpj8-6PKJ-EZsq4Nq1LZCEWYCzvVS4OrE1PLvmAk1Jt-uSUflR9bHYRvLZx5xoHeKO52SBgwc8Sn2arAN93kokZVjRNG6ZTOfG525NzvEYPnhHnDq4_gGJlaDt1oYmtDGDUnnepJa4PekA8rnjW3gvAu2OwcjpTZ9XfW_ilRcWt0A1kFZktYstz15T93NqofNBQLDjgnbazRr6kf3RSpYQF0TWveeD_OK3vyRGblY-TxDyPumwExAb4oI5cOIdkEsYwVmHoxlGyFeKPDTTaW6fALXEoxlRyv5qhajai59l4bGRGwXVx8b-uSm2dwhFTFBPK48d10BvpxMuWeDsNWi9xzlVeIXcnYpCh70y9fVwAHxdQda3-nmdw8pUEsLLW8AzfXJ9T7c9qX-gKo4zQZ40VERnvGJrvgGQzS08C8XaM0oWqvsJekvPJNMiITn1m6_dFuEhSLApS3kEwevzTU3qNU0gXqNHTPhZpnnsd43o33HiYq3z30c_7EJKVsGFJ62do2ZS25KZiUBVRzran18KF5BFSPNYL35sMzNg-G1w2HKom3f65D2NCkZCMqsolYTYjwq-STqZexdEq0uTqsJNn7YiEpgqWFAEQ_qVSdJp9jEPVVMKZrr4qPosiFvs-SQbVe4lQqbxvZSlX65zMaxNOxcPRvpRL2B3bwi6jI1nWwkx_H-IfHm-eO6mj1OCxd69vXlSVVWyAyihQAHYEb9qnhAc-7u1GcwNMOJNVjkdoTgMxG1hi__Zk-HdaPq8Dmoq6ma_RY1iDDaOkYf6Xt94Wm01wtxCRihWXCe9uj0gOaV7bVKCdpYM2kNvb0XzOq-0K8R1CVpiAAHdhUoyQrrn15RCzys18iHckIRQnyvObgcHItaApw-cQOs59_GQvQCyGwWps78Em7gRd_B_CHP_kKGV3vwE9-ri3tisZ3LdI32SdBg0l4Qq8pn3CyLylA6v1l9NCw0XrrMwrJIBXBSI6BSO-oCOuOPaHt5uglTKc0Z8RwWqhCL5TkadsVzEmzI4VDD83FId0KCU-ZtnUj3OFf0wNeQeOaTpA_6RK4C_T0yh6iM4gn-eURzGh4bRfddsjZfRLdvj9ANq_x2dVxhS2Zvjmr9XvvSrI5ZSzv9pu-Vu3b2lVYeSTK03DdOnvp-jyIk5FqApCE2pxvJbPAYzid282_nNgHSvXnASXEVX1qt4SGXOGrj8oHfVOQ5wK47Gh5Ghk673cL2XLsr46vwZptCQvwVIxrKXsN1zopN7hPlNXTCjKAIA3UwVgYEi0eMfajGcV2YXZO0b3yK01EAZCu0nEHWQhG7NanoezBqGWdAaoOPGNhGvki7vhjQCcfmQKChzGoFJct_ezehrxzonC9U8DJQ1TIOD0c5XXeILlz0Oi3t5gQv4doF8hOSs-yOTSnYKiYvnBbrwgaQAMPE4YMCsQ94kf8zfwLAKH49wj4Q-wmpZ8FA1t0uUSOCMFnOzf3pUtdRW5m2fR9XQmwKZ5NuBQ0akToSnH3Sn_yxjrIhv6tCh8vACjweR1QKBL9ot2N43XtDHAz29o9nZlZj6Co9MaFggAEhLkaEUsnc_eswcJ3rnLAEQVbwdgAQ

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

599ad71fae7cb8d014f7c2d29b8450bc7c34f8e32d49fa103716becef8ae9964

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 09:22:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 99
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9283
x-xss-protection: 0
server: cafe
etag: 1044373809082006429
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 28 Oct 2021 09:22:20 GMT

GET
H2 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 37B5 41 KB
15 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AxMOHLmFOWl5K4r1aVHbxWINqs4rJfx49r2hZAOS-RKlaxB9PceKWtOUMXLewbT61Co6uaOgX3bzA-uY4XM3OB26Ghb63arUyzXsazg70rqDdYBxgYSoKJR3eCRR2xPQeQXUpnWLAUX3esZo44vzdzS0maKg&dbm_d=AKAmf-BZCa-Qtn8TPUPXcS5oxkf2hIIfFEUogSGKzXyYkchZjqCDzvhMIjCneV-oNkFGZns_5tg1rG08A5XUUClnIt7k6NaINxTMP1Nam5viUjDoYBnhlKNkE17BUYuNN1JAMrI3Lo83Dh6bpnIRAAwaFpWxDKhUNli5mxhZr8NAMdOSI-KWLRwsQDtmGMnVzC64B4H9TsEv4lhyfGRb_FoSPy4uI89d8KCEK7UKJkPcNe6sXjNNFG2PbNRzGIjiG74qUpcoQSswVegigaiq5iy6ls3BFTPsuGIaali12j67H3O6crBxp44egT-YiB64qB_sWlIstuP2NLM3MYQ0tbXXAI_voqaGBWo6H5iiZ-eSaxLz8tEpyhFBaweQrxg5tUxOCHqVsFJshN2luSClv5A9BKmf6CJbpdNHWumnizSw2nVJdeVeS7NAPKbfwZb2q1GIF1H8PYM2Vh84D_vp6Fpsegb9_HRVXidrBaS-1-nZqYsTDohFKm0hZgfYJb0Bupv897H-Nsq-dOPooD962NJKWM9cqdIgscP9eBRTt8jFgzRF51Pz9JQMSqGpHU6tiTpjfW28ldZFIRhehe3YvqfqIJlcYITuB4vsvVmP1KqQZpj_sCVBkTdYe8ZHxkUaTaxDFUrdTk29-baXeJH_U1yDIXbyHjn9gMzMIQ2YiyGx_LUhUfvcBxpKTO_mkKxuatw1hfaSqkKQ3cFiDPP1_HPeTHD4BPvj2CiM2j0UIoOLeB52W9HigozXdYvAKiIarChed9gWgKI-Qt8GaE9yoahJBb8LCG_HUHJOu9iTRVDpG5holrblsOZaFChpwgG0APHGhVMXDhIpMScTgKypAmvM5Q92zPmK3gZr7mDZRiWQtu4J5LPghSeHkU6m4iQNjN09Rl6VUCzVa4U2_K8Jx3mYy4OvSS7Akj6wQXHCg4egrm5Kp2W14DiS4pBRc4WenGR5cXbnUuhuOZElRPMqW36ucuYLKgICZ9JtxKmgu8sZaCMPE3MosBqi3sZbGASeZGeZk7MdhckeKJlV-uuhhUo0hX81-497C2cgkD7Xmq-LTsIcSM3RzDjhhbk5e1A09hFTvBo5GTyc22F4yp2uizKRKNhiX02dO0sUhbvnzH_HZroNxxNIQlR83lYu8PZh1ktsZeEZB07nE83a95G2RKEI9wQEzriWJt8EAzOMrpQUT2NsYhKl7OAZKqKto5tfykla9arh9u4L08ZJRL3tYuTtDpz4EuQiLZG95xeG73Kqx-I5KpVTDNLKmvRqKoECxOsnPqJ2N5YlDYqA2K3_OfGnmlHA0xb8od5x8Xwr6n8kmpN9rDXZMenSvaX3wFmI5nGwPYceDZb5ENqk-HO0RTYgqmeO6PqJCpw8klfQ0yJda1ydMmKTKUUSFnPl6nHchgqFqPpCp0Dax-6HfGis_NqvPJOcSjZ7tUVTTyZdmv3quiwHcZs-dQMvC4eNHbQdrLQndSmzIctNo0TOa_tLO66EXzV3ACmekURGQBYp1FNolGAZA4CbmwtKOZ1LNAhdbGme9lBzIAGSBUO2VnHEtiaTBAyFFc9X5VDCTKWfGQ-wIqimrCDKYDqnFi6klGEVGYtOzHxJQ2ELWxp7H9LFaflKZCkXJJ-ejGQ-WrO4yKA2k2MzmndA_ePnb8nt_24betq2ZKbjse3XejsmxSJ1TspL7y7RsYPU3gQWWdPhHOgr5OP45qYViKlXXDRaStNV24GWmumBAd-vO55w67dKcjltMQWqzWNqbh5GiuiSjKqYAyGmbGK98vrUePc8Ta-BocysOFdY1tvAWA4ub6l5r00iTfF6R2xFKfopTEZ_8L9jI0dO4EZfP64etCCpjuzx806PgwqzPmrGIuaJNRzR3sN2celb3BYAEkYa6FV6E1VxGNBPVp5-OjiphXbGMLPBqL4WccnH-cAJG6_FaXaScikznmfoFhp2NG8qUgi6DZ1kqmLME_WfQj1yPWrJPuZPu4h2qx5MhMJ0ggDlIBJ-kAj8ywKsT_bWAckYi4-CIBHUJ44670xBBBitekkFIbV_6H9cAprbDQim3Sdy0Bh1wxtA4OuqGP2DRIYbrv9v6cbfbKlYB3DXlSIBnpGaw-uc4Of-dAMCpAmeWdND9z86-sUccblMah9Bh8ZJ9ZwklkejRdJFyJnVhXYS3ASP7sLqYbx_pdr1p3oveILsr4LY1Ag7-bgR33edXMaZDZw6u9BgtIsOkEBe9OPlTUhg6tkglCNdTMqqxldDqlM3tqPlaabwpfVQaW-bnNMhvrubnKOFmXJKm6fpH36TJbSr_5B7SKTA8w-HKprf9pc5slgaFgfxdB-nNdVgm7qha2-tggJfvguaecT8XSr_omnvdRTTols4dOlODLS3-0VUsHsYMR6YOBu7-YHxgOgAJn06dNthL1cWrs-lFLUnzrzoHH4AotDDFwB-SbmLyvqtVdPdrxeN84aH27zIit_tBgHAsBq0NIaZZGhrcsvz2EphHPC7HSSYxnBKDHGzBmUK12SHGqzcMTEliGZqQIfw0WkO3eYpHfF9gxuqncwCQ8BQmMyRolLbMaIPylSZLhiGlDLrbMBcf4bLQlMEBw&cid=CAASEuRouNPUoGetgnbEW9bR45lwiQ&rfl=1%2Chttps%253A%252F%252Fby-them.com%252F%240

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 13 Oct 2021 21:29:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 42892
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
expires: Thu, 13 Oct 2022 21:29:08 GMT

GET
H2 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 2BFD 41 KB
15 KB 8ms
6ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DarZeSWuUosf0zSDYPDqxnMw9MxjcEkYblcjdSqKzYnTIlkTh59pev44rU2j8rYopr_wZzeIolXt12i6-AgohyeN3kKFBfnJ25oYAWn9GwMo_H9CpK4PoZ3f8e7VCJP2pge__HxuZCDa8q1AIVEKYKOhhPbQ&dbm_d=AKAmf-Bf0fhGlaEFZuzG-E1rviBgvk4q0LXg6hYGf09Np05rDU_Q_tFAO8g3s5wNo6r_8h3TxwPBgBpVr8--ArTJvHTki2R6PnDmiI3kV6P5yYU8m-JdAzdTLZIkJ9A3TPDZx28_zzQTHLtlcHpA3hy2_jwgrJPpMeXSUIwqVYPH_c8W0440MFlkw2vz3u5MnS6VDk6MAMGxbNoAyqmNsaNf3exFHd-PvKiVO4ine6a1mtUGNTJHqNYvExdJB79ut1QJs_XYzo-J0MwMonupyLU2Hucrdokuz2XO2enOtQ8VyL0Q-ypbIcQGSFP0Rqi9yvwahfeA68LCULWlR_fhZaOP7BR5bKUV47JeR1HaclNjh0fD_yKJW_kGyOqquE03BO5UrmWPeB9xLw7gvmGmQ899CUOKb7h4Ay5gZQZVye1wS3QATLZ3_X_lcJr9uWcc7ciPP5YH6kdSS3EX8Z4noBV6Ljr7Sq2btv3rzzssIgqZllsSLKUGkt9tLcoDg1BxANz3MAFlwzGbPQ8UiFkD149G5E-qei-PkNacl3tVyQ5K1bTPXjU2XEYOHS8Wr5aFNeSihRJk1b9Roun9L7do24BWKf1hv3UWY7hMjbv3AumspKVveiU9kDT-BAwXPgsyEhEOUKoJbUlReW5j3fZIN7W5jwOYIwoJ6fvoUrs5PYwmT8koWKv8-vuJavT23DTXPllVRfp1mXs7KOO2Y_ZmcrCxzjCsG8nDEBOKrqaigVuQZFczTauyvInFnK46J09nYCxoLtHbatdVVaLxewrO_7NPY1yysG49NKdlTq-0idUfKDGQuaLsTXDptVAcNiZsXLwXqyXE11uKNbcXjBx9Z07_H0GdR4GlGbEC95VhcG7vEcAA3HPPtUpPZNTszid82ZteRFEMOxMOuqUNVPzFiQTYXV5HG6OmiQRYB5oLkfoMB_iqYKe7b6fer7E6Ze7Uy9Hr42rW5DINl1GnAv4LZd9yCwDazFpYXaqxdPR3zW9vek43FwoFeTRDtlpjxKbiJuOFRfVPNTaZKbSuyhsBH9dv791qobn8yKxzpHru4sZx2jtVSoj9AMbiDypz-F8bHHiVNwzpuf9gTRr82eT7A2mQNRXkK0yaEtWETs5LAdv-expKKl0UJXIe4--YUgImxBhH8R_T_eP0RbXjLuL4XVgWH_buW081SUKaO3VHvO1CVL4cY89-j4TTg4pb2mtkuq1CjEf6nCA2uZ1dhoqWTG8uCcIdJUyiVUIXXu876aQeQuP5FPuo8ll5yugwoKSB3POrWvgYfsgwe4I6pAjcGKYXxwpNoBcwthJKgVyVqm50eiiT1fb5lF9bZDGy4Fk0AtT9UWkYL77HBvl6WU8GwVaYhCx-KF-GTAqmosxNTq3ZTf8-2VyydGEFq4V72gtUMer1OXy7FNKTjPT7nXkJZ__Ag42zbWtxc7zISfP1PyTAiEeMd__DJzVjaVAJYYIdkOKhqF6HWV3Y5SdnRSHNbwqi8BkOqUu2r9fvEzOXhjKcv9hodh4OLimJvxdsLprl7i5sG4dzH7_SgtEApL3h2-IgphNqVNZth_aa495xoKjw6FKkIX_pif1IDy2EkZNALcoJkK_4_z842QO0qLCHGMY9tpTtWV6LtcDgC1u5ImfpL8JlZNGZHyyNax3FU8rhhsV35nzawz5YG30WNWd3DoOzZt3cDmPtzyJmWpugMeMxJ_8TdEqLWyY_FPg6tyBoqyedATLkOUFJ5dTU4QBGEIN1TCGaBOuYMVhsC0P5sqtE1o5KY3bkkudZkSs6ApNpNW0SfOq8pDMVAc4MsQH44lQkmgOFXCu3JegPiKdyrjNnkWFbvqicvci_4H_A4TXdD0OG6IwVLVMzFTynIa3RAMpVofaMtO01qayrlifMGct7sL8NaoiOMOkk6teO2P3mkBSAqF-O5OSdW059nsh7iPIolAF_6CXAovHoPOLd1zoOe4N_t-XnvrHrLX959rPwCr5ydrZfYOmui9tmwqHli-GPrkUxT9OoCdVH8g5c-1E_6WDGNi6w9lq5IWBPlI1ak1Vf6VtAgoHkpKZQQIQUly5WAg02malj14hfvcH1xPrQnUemcfmIdL2NoIJsBPK6t8jmphIzep28s7NdGxqM9cYb8lN0-P8egybIxBbTUZWMAL1sg6XG2EqlW9ncyS-rqBshZQoTCrU0dArt0No5j91eYb82rOT6ebpuKY02uGNf8rvdAGeopLQQUoKCIMT4A65TQTgl7ZgLWo1oclDbIjnNZ_mzLSzdAagIm9G2SglIiTnkBbrioW5lqaewDZAeE31403RfpjopWMsfom2K9aj5MJf2Ml3JnHBX68AcZ-0AA9YCq4aC5z911RBWkgNPX-tCe_kI8mVYkKVgtq-_S_fh1CVYti4B21RRZ_7o9I6-YKtxbdmPC7Jk2BCR3JpKhvxpWFeNZQXBbI2oA2LlJjZnkLShH40byEMhzjHDfXYaJC_8BF-saaHDuG3-tEJJaso6np8OzEaLZ1p_iHpmKBV2wXx0vE3EpFUVa3zdOgzIw5ctTlC-kVzuHS31YZBYkgyP7BnbCMFNFbFCim0LPD__QIlWuUCC1OJ2_ZMJCKRCh3seVN8cp9CEv0ml-i9SREppv_9EcuMfv0VGFkxOCMa8bqg6DDlCJgYH_-7mjbroImW-KGIOgUrCNIiYAXnge1-B5xElAT_8&cid=CAASEuRoX6xeN-Kyk0weqajotNMDrw&rfl=1%2Chttps%253A%252F%252Fby-them.com%252F%240

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 13 Oct 2021 21:29:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 42892
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
expires: Thu, 13 Oct 2022 21:29:08 GMT

GET
H2 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 99DE 41 KB
15 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-B5GzFxjWg0kkzUWw4oUFFBWKWgHgvpj6CQR5W58Nf-NNuu_wXHbZivqW6EQQMquU-Rqk-nyLddYD4X25d5TSpvJmRx2k_2pVxaYyBMc7EIWDpDuJ8fY7rvr0xkqPtnYGkWS5ArScq0AlJNojPrBOGoEXF8Jw&dbm_d=AKAmf-CmR_z3qS7kUvPsIzDPMDKMUvPP9X36oN8PBoasGiVxISZYg8c-EpNzZMob5MLCXW8kI3F0YfpZjpik42vCrQH0Ny0n7cA-nx_E6gC0cWGz6Prgr4y_dEVjs1uPW4QwhtaOJTzBxzjRswhQfsazcDCN7ssDqyUBCQnXJmPBREuNcfjhDrnIm1YlKIV3hs6n2JpaGc_q0BTznpUxP6JwhAkornhtIVrOV_IgFPbXsFJJjLfo6cqp4jD9Ni7ojwDEaSx9straCEzqCnWE3ABqzXEoCEteTFnAwI7Xlko5SpIWrHHnFeRl3Yb4r3wK1jVNK9iLZmygnVikGjtbdevd8QnIENOz9_QZcGsMO3D0egXXxQA0vzVVw5rSoWRyvyyuMCnazI0_wS5FtV-fjF_ugaWP544EvfJKfhjwP9d5V4Eak0ECCJ4KdHxezUSoYUfhqDcgRun0CbLjTCUbsnW8_LMVz5XWhXLooYH8N2O7RJA6g1VfeRhAh4yGNJEpAK-iFRNF3hltrFCKregQFtjd5G8LJgmrNT2CxntWvvrwKkVxcc2zMO1ehdyK3v9Js8DuAeNcgG8XqFNHUOf9iIsWrGRGhXCkg6tYusawezs7g5WJY9Sumwfnnn4Ji9OHxP1_WPYlPZhaT5B9O-4KVCrUnm8VSJHbUWrFusvaC-hE9dhd05YNi25naMPWXygTrCnCrD9kUrJhBiNvBLS-yi1EV0onVxpX4TyzhgNbYvwYFhWHW_p1ZRtI9vXEJe1l0KjHH2AmOFzVAkuxUy2HQrb47NPhlvRtymetywpxCIcoJ_cSXikeiF5lRYYZ8ry-9cc81xWYzFODAFJNTvRW7QNryte1KpuVOy8w5fvU9BIwfv9s39Zk-7YfNXQxfvUA5VdRruT7-5ksdIbALRjiVG7wqrmsg02-0zmbT4wlKm2GvCqvK4Qjp9ix2-yExMst1yBvM_Lpt6jCpTivBpLtNLY6JqK2sEn82hB7utjdG1B-7NCQNf-Hd7C886WlIdKeW2j3HNrhwtxWrOwqR6vNpoD0uWXuH3iJEKFeVqjb74WLLWod-Ck8j_X_B0Y2Lo1VtgNqiXQxN0waGzP1XUrhr_aFV_PWxsmCYRK0HzypwGqm76fkTlUvZOMNi7SnH_JJJ3eVTwIX_yrohIxwV2Uc029RUl2tjKnJfU9Dz31pJLQxEb1Dil7lLM4wYRKz9gMANwJrmpxyysT9n3RRAL7cLHpNpzcYz0Xv_bv8oZJpnFvvbo2upIKo3nqRaJKBtcyXlXHVlJ2wWpxqfOMTbgktlf5MS7mW8koQI2TekAmOU_ecWfw8c7R3j6baoPygPYO702zGTYQGoAd7WjZt8IE9tV8EvNQyeAOnxxhM_VVE7zuPe2Rd4XKdf5EE-_1YUvjLwkeElrCJosygMzVKu5PkuVCpsJJSqpvsQvfOQYBQW2HO5j0N26p6rX8N7FIkTtF7tlVI2bzVwXJQ2tCUwPhrI1_eEhSSyqEND9ZqAaeeQ6HObHQwR2yn11cXy32X2yBAr26MuM9U-0GwoKHKyA3nG2oTE9SC53y5zuMpuAfEA072CTa7fwaJ8Q9Mxz5aj59h4L8Ojm8opwSUlmIkVpZEypaxEvSPfDQeKGhCRcVqSfAzEBnbFHyDtks9YIUpkebNS6tVachTUhkAALNr73DFSS40yOF5GejMVJbVg_b4ICv-ttcdoXxQHDOV85mvQ9am7IE0WUv0E0Nfmc5NJ8aOpxGoC1RyiioJszuONP35amhJwkzK5iyGkLfRRJVaF-qDca8H02gcyBryqW5hQYdyEvx_8VrSyT8BeONUAbToCjZFN1Aor0zreYCnm_MIUJl58TY_PEYsKcJ623hrth6D-4hjlET9i1NZFaFpkbp4GZzZtFmKopXpM3bnxtswmXw39ybyc0y_0SRKQVs1Q0s7Q4G8xJnQR0qyUUVL6jXJwVzIJGL7Vu5KfaDT_uffxQFRFgml1TEEb75I-v3eDDMDM2uX834BXXs4mvPWfuubY2F-SlBknSXhZ7dlYb4CQCuVURk7m9nhrcFc38OEeN748R8VyF27hBcAE70KsV_gjh4UeanXzWyWvM4nvwV9BHAkSXpJW0XR5oJ_RsBPnXrfEdShc1KkZm5tUxnS54E_KdGW8XftZepfh52PpYlDsUbIN-Dvn9fFk-Oqa-2YDvN1itRjWDcJfsdxxFlbrmKaEEdjDY6rJMqA33cbZ45nGgzC5M4MnkTSji9X4i0QEpicth0hGL1vtIRiI5_My3A2lLEP1Prs4-mxdRb25BODcN6wXFAwO48Gn8X7SE2eL5pSvw3mMdoumvRsA5NCHq77LmYyoT3GmnxZrbpNeZoCWalx_gV6oKYf0KSr_ylMjAiBJasAthXRzC6IcR2VNtwfBg5pwK1ju0hgTJvwOCJI13XdRIC3QysQ3QpM4CgLTsG_-2OIVKoIy8L4XVCpTht9kfs0bng82GIt0UfmOchmfD7Q2UDgb3Xz6lfCxeccIOAbJdPAqJ-FBtar-GI-QWDOcpm12zmr5fliGXl-WX8Gcg1ShC3GIsi2Uxc2X6Do5F24lOT7SXekhw0nGw&cid=CAASEuRoVszAty7NsC6ufD0r4RXqJg&rfl=1%2Chttps%253A%252F%252Fby-them.com%252F%240

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 13 Oct 2021 21:29:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 42892
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
expires: Thu, 13 Oct 2022 21:29:08 GMT

GET
H2 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame CAB7 41 KB
15 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BvCQ7YxJ5uzcTmeCXIELtwCIAcr_xRIz32xZPZD2f8vpcfrH070LsoxjBjXRAWuptcjUE9Ar4wu_AA1GD0-r6qnlsBrhuP6D9j9UfIaPXKHEZJgpYgb_oR1DBG7bDGDLxjGL70pkguIfD0X0OmqObYsfZsDA&dbm_d=AKAmf-BfBblkHwlEmuNizljZSQmksQfTCXiKUgh0OgzafYDBRQi5lbNcb4YNWggjxWgtlam5F6N00y1CHjf3VsyHC50BQrqgDzdpAANg1TpcRBOvN-BK7S87I1jTKN1_Gx3nkfAeG6dcLUYuK2phziXmwDB023KBpV8nraTQ2Rqra1gGOHTC_xsMmh-Oq3zo-0Mejr3PgBvV1qEbfd_px6AmFNcxyRAQFQdULwtvOLFyglxvPt1hU9hgEC_hjPyBchtyV6_NHdzsJYdErGWFq_3kzCJWBA8qfyOmJPKzFDS7frSQvjE8ckOf2ZyVZcgprYEWShn4WOmGG3AR2VtrbY3L4SldX6T4atQlElf3uLicMGAMdQt8eiDG0pKmuVHtXFgBwtKwinChso3KfLvMEHU9685fmnfZ1kgH4q00tFx7BPKHG-65WCxxseLBHuFhGNO6_w44ZEEmn8aDS4MIk4f3C8nCqMQwodKcRWbbTcFBJv79K7btN8176bxPv2EE8SH_j6Ehkuerom1ef6Nc-6-y0y2GE0LTUNDsy0hKtYo8IXIUCq3Sfyg7ojaq_Rd77iqRS4hAX_Trvcgz6-8AGQvzVxd7GrXA71_4qQwy4jXwmiJCJmXhUzD9desFhwDeobtbHXR_QU5g-IR7VDXf1ELhty0tTfyis9ps4Bc6TgOTTBy0VFIiB0GE7NPcowh9hE81SDDts7RFokj_P6hOeHLD33KO2AjnSxJMEon5E4nIQD7IvKy1F5wXbgsiQREPE8l68lJqB5zENLBqdmFZpryQclZ3a9tY680ZL57pPa4k7DDPGepF4RV5ENbXHpuzOK_uy4Xy0Oej_MRovnY_dZDMpGTL5wOiaf7kkx7y0O0pN1odS3EudnqcT4GXaIz3-h1JL7ockGzytREnqkpKfQi336mD1YMNF3hXh5CYbdzskiauhvXJqkEzfpTqidOp7ac48AZ0sbWgKG-livHnKQLrZDpNdRhhngvPEZJx2sfpuVSWzmMXQ4Og8ZCFpmQWCTkJ28KWrpEmoftZYpyFoM6o08LFD3lmoDr7PA1Cb2t9bBVlNhmLNR5ZsD8goNmQ7uJ6O67sEroHrwovsb0xLmr32xoA2IjZXA2426JdyGM7QbDdiK4ti1cbbsnSDHzE180yEwdX5tjIT3uEZ91nwvAZKlFVJ7nYdi01djSeMaTbmK-27JtiD2EdGeQfa1NCjk-mTTUlePfRbzN7Vx9Bv3AiC29zfxEaipN3AeobuVCV6CqzzFThYgZEnffUkIbWSIOO2JmgaRnQgf8n0zyG4jK06Nhrvo2A46efe7V97TxP187sGC77mSr95lBGBxh9txlFlkmU0lAl4hRM9ZHMjgykDqogi0cCqcAdnCt8vmX6HtLiY9cLbaxCzUaAjwQ4vAXnKplWJa5A740eR7OhPci7JB1PTEC9LPugNc3M8wmd5SkYjn5KiBdlvXyDu3wjxmvvj-AQzlWvTOrSgSHBU-U9Yxc2cKtdp1RvcYfozfxwsNgtZEAwFkhoIWPlVTsvYvKJh89nji42PL3Arf-w59G-5nA9yoMonuatnOhI6hZIQB4mJ-XsgtKwNB1RVSlE4cP4YQDHelDQ0T2DQa09YWnhCH4Ed-V83SWBvYzwnqfn6l472VZJyZNADeI1ItRx7JyqI24L_JgNJhhaWFIJ8SlynQ5Q9dVPWcdnR34AsG_H_j5LOd6Ybe5zy_Dq4_fj7D3qs2lxUroUI0EXMitvISXoV5E2PlxrqXYfOWmvNG0Lsek3-uJdXYGZ0vjjcvLYazuGxKVjacXEx7zr2ELBT17V-LKLnO5GWUUFEjQk9C1rb5U2Meg2rWBvjCgpeEh15lggmR4yEh1-HNYabsnI7mTR5l8QWO3FsqbeSldiuLil9hcwj18Zg46hrVW8r64RcAU9knxU9SQADACVbYWDJhVn_quCG4l4y9WTa30v5-5SIoszj0WfEudTQC0wGjO2JZKAP3i_yIKvnsfC8B-oAmB4AGV7WGHr81H1JhD46x-T1AtFl6licnllJZZB4FzEBBwct2c1b6VqdMVFQvMGORqNgTY5CVg-BGjFMonvdHj1zcQm6tNV2XKpLdbgJJUYJGHtJIJ4bLG-4JHo-b4-fqO840TMsMTwrhiKd-DmiJjSM_B-ep6jv1IXClv47WoaneGmdoVOY5F2IGEKN05nGG94e-_Biu92dURn99XhSAYZGi9idd8GcXUAZAYGWw3vc3tQGvk1Q19XE2kT1bVHGqhIQJ59fB8XZtmH5ZyyGBIqgOwvGYQApOOx5gQEyiajT7HNmt7JaWrTFLDGHRxctTtmh1S5gMihuY6EnUCig580PAp-vMKV3GKGHtZghhzT2lBCFxLfAentoWHbfM2dCNp_aY9sbhnAM_Yp3H9dEz7gd4mfKO_3_wT4kaWWCfsClIOFxNBL0uTAFSVX5OqHZOx-PGz_BOIhRJ1EUHKMxt_XwpQbIhpZtbG0qvWPxNGb3xuDJaoyYLSp60dZz8G9nmQFvhuaj3jTBIiCxc0EACoHW4Y3oqxrrWSuTe1ApWGDfCKSIJGab-NG0D7sVIVAQg09Pziu8-VvR8ZP5vFRMv1QHfjnT-Xlgmzgi8gyhygZnrXK44rKBSLS67-KAAR9vCLGab1KvhMHDWueVl4VpyGBT3zksCvjk2I&cid=CAASEuRoQMcnuG1cuTYwX5LLe30v-g&rfl=1%2Chttps%253A%252F%252Fby-them.com%252F%240

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 13 Oct 2021 21:29:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 42892
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
expires: Thu, 13 Oct 2022 21:29:08 GMT

GET
H2 200 html_inpage_rendering_lib_200_273.js Show response
s0.2mdn.net/879366/ Frame B1EF 169 KB
59 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_273.js

Requested by

Host: by-them.com
URL: https://by-them.com/430811?utm_medium=email&utm_source=mag_W000000003_thu&utm_campaign=mag_9999_0930&trflg=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2cff7ab03cb4e476b49ea05511c6cfcc71af6d5ed20d40e9b40ee31062149e77

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/
Origin: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 07:15:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 7739
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 59842
x-xss-protection: 0
last-modified: Wed, 30 Jun 2021 20:54:49 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 15 Oct 2021 07:15:01 GMT

GET
H2 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20211011/r20110914/elements/html/ Frame B1EF 8 KB
3 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20211011/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CcOodgqs7shYBJlqUTVBeLjxey_4OSoONVd6djRhaPkMkkUnAWaU7f8OzFFXJpIAtbApC3gF-d8x2FxyQRcGpOQhmLFE7xohC_YJbsUbYiRFFIWz4NLB6VPlrRopFhEDA3BYjUccBuW2UgqUR8LEz-n-drVA&dbm_d=AKAmf-AOBVFKsRgOogRmZvC9dDxE7yW5JX1OeWpj2muqZ0BNKcKf9qrnckUvCqDwI7jH9bQlnNQypU9GUS_MOl14Kj5UA6bK_0oASp2VFfri2t2I9RnCVh7xycloebkpCXGkoE5BpEYTmbKO_zrSruEnRHTwt1ViKnp3O35RVMFdYzAZQaCCBOXO_7rcfDDkU7X1hCwda4-LZxJ9crZceP-9Mkdqfp5pvSwq3VjxBU_miAQaa-abv5EYHH1-EftZhMY2wyfYubrtzN1R0wq4-0Pbqg-KXhEZzeP9N5DxoUFFJaKUVSS-6BSt26SXVBZqL2QdlEDjLagi3h7WXEi62DHu7NoZtROUpMhujW9Dxugnh2Q9Ikv2EWubiCwwV7uJKGpb9oRYLa_HLmT7gHWYdl2jZf4tvj5QkKSYYSiwmCC3ede4r4auLE4AaefmpVQR_30FFnjw9mY7-c6SdHWsjgsnXDr9hf7QkF4gc5FZVchUfdSMJZIXjEgwPLxcqvJD5kbuGFTaQy6ar11fVMBTBzJmzYNzYBs4fpUhcTTVD8Gu6GO-dSr-7R0GAAiuUB9Sb95sCx2RfVtteUeHs34Z5cEkBQrGDBBG6KSVWRzDg-OrgU-ywBlxAWLuSqiXtQmpKrVmMgfrc-tq0lDbNwHgLymbJcc6AV_UKla29I1MwnHvDf42d-PDEegKyPZ-pWsWdbr1Te_5IFmEUbUlL5jdcnRt6sIX-mjPxvz82ZHznuoNSE1CMOUalYZ6Vl3NtyIfFaQyk5rUEEyuM5yvtmIqDWmcml-ez6GKI7o4OcZLRlcI9duLJ-MaX4r05yzaYxJPupuIuxl8hv96ae1bQsmZya394IxEFFCkyRZqRIxfYb6UiqjY_fvX2U7pvPRgb0SgOrOpKPmpqqESYr5RkOkN3eL_OYTfAl3A9kVy0uHsrhia1vqKz6zWTZZ2ZR9hRpKrLTASN_yKI-Rcfs7Mw6dtojlozlDP4rHlhnLxCO1QJDTTmmYE6KpWAOgVikW3eCM9gBlFmWwNW6yVSKKIoWDf2iZ5bcWCHNNZTMrgTi6HbBBS2wGhxypAz2MIrm6jUVNLSXb0sqepmMuCrkAJO7fyCJgVNXVMneltiuYnDHiZa4yqSGpqqp914ZJCrRKZz8VWs1btoOXmaDiKuX3XlvTSMfTW8w4gp2VgMr9VB0Uc_sgKebGVMw9zm38ivoyJTl3YEC4dyYeZDq-HvbmAaqm1FvOAdqCJlVq9oXiA8hjaT6QIPqmK60vElviyeO2q9YtHMNNrX4C5NzWyIYG9Q2qVY52sZIrojIwsGO7FsYGCc8Cem7-PVOOWWVwYq7h22KmN4-q3Lhp81F-ekCTG-zY9WcIQE17_Wh01dQwTSTR69O6xkgvAxUBlVvHTFi5qwOSy3ta4DXggcfGtjXJiA_NMMBl21eO17bp88Dj-iE2tLOvWyCsWAZFLmnsVa94YIL7C8lMdEw3JkXqgEDIB4SY8rZcPX-Cdh68CQNj3Sr2rPs5pNbrLT4zniZx3GyfK693ojPFwpSt3jdZEmE-QMckWQ6zctYfUSkwgsgnDXmC2DdzHFf1N7tDnKBW61duPyAZYRvR23YlXoxxrTJGurKa5p4DkaP-htuNXJeqUd_NY60X6NBQ3yHMUGFip-mWLcz8e_Vm05cCqraV4i6s7MHvFCgsrbZ9d3A4bZ7CJ3-VD2kCHXtMWACTESvW_X5L9AI2WyxUP8-OCRrYtMsYbQlZ92JNSRGwaO5utjn9YeTIT1N8qqF2tLKiTvd8NIdYVHa2BKgZDHDIB89sO8YruQwgKmnnS6Yy3mqhmLoPQX0isD8VkZblNmAiBPkBXdQornrFj3-nvGefOvyIBeYKYk3THt3XSTa9A7ng3VeNkr9UX1PWULCZ0ZHb235kolIyLQ_Ly4ppm91Q6Db7QChrrt7QffNfohHVWoPXpvE42DJkkyy2564jVLb72lh-tQVaqhhGGP3r-JI2Jvsd-qEC6Nf2uYb9XbBuI2ZoiWHVEnAmQHAEp47Dr0hVfL3xBcOpM6xEOXN9Oyxp6D4PPBz1sSb4EcLEb6X_-xafA1WqLWtvMwmfIfyW5dVqEIYrSox2JOowCVBNpR9QAnP0bNZqd7ehp-4HxXSkNyRuaUhgDtp85n33gLze9-kSco5299kJsA4wp3wZ3i5uW8iiPu61Zfj9AA6lbcfhlfxbXzauS6EvvrB6J2KzgAIlhdb3QA2eakfX50jKLQ2cbOBbOED334PIA-mRElAqcCxh4yG1R-bH5pQFs3LPWPYsfKTGSUyUAY2u2vF4UR_Bp7jqkmIa6dbsGJ6RV3BGBrW2Uc3nrMPkHM6fnC_MG09gDTIpeuOppw5f-Poxt0G3czaEWRefciD8mo25RwlH5zNotpVgN5HrbfUlUjJzA_ezZXdCrHd9OEKnSvKde1R0pUP_DZJPVGeGu_aWCjqd7Dntu2ML4jytK2S0WU4mkQK-65SfE9wd-22WA6EOecUGC0yKUkAmpku2JYqKMEV3UzEGshJZVIAcleTEddwljbF_ZpMRNTwvcanNzNPzf_ZyVjkbNBmfN3scmQG-9F55KuqpjUD4z0r4cg7c9zEQcLSAcKfmgrj5PKm8FgTWoOZIVUv7TwnT0zei-kdl9fODdB-2Y5sSwIO4BwWyVEP-cJnaAKnSWa6V_sIaz4Smctn-vGbsi0MxHnvaUCSume4BS7tmEbv-lVOSrVHFn1FnJBluszJ3DspX-yr0XSUvP-vzSHC_16D28FSWK3FrF5a-I6sHT7efNyebvGCBuiQkRj44p_3vUIPlmjmPQQEoERIdHF3BJ3yaBvTuCTLMt3FMRQtIlNztsui9NBOxPTBBGz0cZQzOU9YPaVQRoNr1yFtf2xXBdCSd4_jkAxRGx1HU9PyAVEyPe62zdDXn1HK0VAldpNwIkOmqwk6sFnIogyZSQK_uUYJPDi36SMAtGXC46ulq5Vp04l68kKS3TewWJE0s6UEU3FBekZUiBB6ih3DmFoy8K&cid=CAASEuRoOUEk3maXDPaIZYMvOGZdZg&rfl=1%2Chttps%253A%252F%252Fby-them.com%252F%240

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

67cf5c21bfc71ee46210832792237e4a6ccd99e5c7bc198b046a38c9167fd0ab

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 09:23:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 37
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3128
x-xss-protection: 0
server: cafe
etag: 3658073882064373855
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 28 Oct 2021 09:23:23 GMT

GET
H2 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20211011/r20110914/ Frame B1EF 23 KB
9 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20211011/r20110914/abg_lite.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

599ad71fae7cb8d014f7c2d29b8450bc7c34f8e32d49fa103716becef8ae9964

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 09:22:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 100
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9283
x-xss-protection: 0
server: cafe
etag: 1044373809082006429
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 28 Oct 2021 09:22:20 GMT

GET
H2 200 html_inpage_rendering_lib_200_273.js Show response
s0.2mdn.net/879366/ Frame 773B 169 KB
59 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_273.js

Requested by

Host: by-them.com
URL: https://by-them.com/430811?utm_medium=email&utm_source=mag_W000000003_thu&utm_campaign=mag_9999_0930&trflg=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2cff7ab03cb4e476b49ea05511c6cfcc71af6d5ed20d40e9b40ee31062149e77

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/
Origin: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 07:15:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 7739
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 59842
x-xss-protection: 0
last-modified: Wed, 30 Jun 2021 20:54:49 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 15 Oct 2021 07:15:01 GMT

GET
H2 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20211011/r20110914/elements/html/ Frame 773B 8 KB
3 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20211011/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-ARb09gzUxXE7n2Q8wSwRzHgHwR8HR3o33lv99kzVrjrm9jkZnXY9aqlOthqrEasyBO-NYiiKlHa5RnNStd6a7ncuwPQNBjFHmPGv4Ar7oE6WFqKk1B1Ny4h6pc_JJltgzMLO9sHsUvqzSXL79LwTos-ZjxIw&dbm_d=AKAmf-AkZpEsjy-GVcP-_guXkcXhO7a3DmFCxPdRz1DWGCdaG3CWURuo_RaVRfxgUz5sK4KvLSp7JZ5wIlO7WMLjGxoAI6fm1zoC7XfHdQ-L8gZQ9QUG82bQVoWTWricYNF6TEcbVU9a-IdvIIY7ZND1Qgzs8ssNshaJJMSkNHDtgvzkMQ4byAEHVxN9DFCulemCbRWQolF0Zhz2vprC7iFqbRGGK5qiVaWijCFsmZ3Wi6UPvJBx0QAs_DNwzG37_cM40HgdzZ24pOSQf4sDTysSLh00B9-GvsFevaMp4bYZRhdmz4nR52RvYoXrBHaXTMOoC4B36UCaXNQOYTj8pSZO5zWTgSuMxCxrgj7kR8oe2dP_ynlKvoaSlnYaiSX9ZS1wmoSiq5DmzkR6OMrxa_vDsVJckrKCLL2S4HuAr0b5A4SnhpK4OcDpSepcTubIFT6ckqJxlTphRAQGqza_w3AfKLwx_QyejQqamuDAIlTw80fC2A8x5bwVr5qQmUtFxrLeZtBotk2OMhT_TE8EhW7xed38zA1mpKB_2bS6CFM_LhW1vAMO2ID3rLAGBdWABqkh0clYbFaWE2X2N1GLewdlv9ACFGAclTbTPGc1KVqyzgJ7K8fVsDrCobCBNhhjLGhBy7s-cW3-bNCxZvY4bHyOGTCQyI2Vs_iJIpkbjwxO5Ck8Bddz-WZiD1t3DMukSWTXsDINAa-DbjVTk-HG37lmC3bWWXDQgsnvftVxju05W-myOVlKs7PbjEH-qb8HYullHMC26h06jWME6PNVxnw9CP_vp2sVUvFkJ-MkQK4FmJsfJzCmP7pwiwB9FaliJeMvMugk-2pMaAoWRzHt2ynPVql9tI0KUILVQZ5D3UJWb5HRqclRozEKcB-nEcEmO0FxDfWA7uM2vd9SLkAYuEnoujXh8IW1eDHY9HPlAcj7zW4W-1F0ju3QYkG-V1by9Jt7x0gzjjE2tKrT8MdT19lCSSiZLYw1_tuahEqJiMJC2GTIrI92yQNcZ8sCcxx5xnXzNwvSUrNemqAKlCycWomCe1ZuLwb5snqu6jdIByE7RBAy8dkrT5kJy3mbCvBgEJiaiMyrmoimyEWFvRmYk5qmwzi5Qn0IqPuQYNWhNV6ISFephHwlB5gDouy2oYNUMmJMSuFsH8wzqpNB5MY4eM9hUGCA3lOMYeouoLjouIKOCbhgPIdlNMRq478HvbGNOz9wy4T-nRx0nMmYn_QVVieiSP0BFxEvyHndxlZ80KycZbnyggnEYr3nB4yGHSlv5Iz-5vSOAygvOThZChnGaFrfo1E63HHVFunREnCPZq5S5WwaVR1wW4Bgfbvy0G5VRgVEVPbckQic92z9geNf_zcjOIacVdSFA-6ZXegW9LnzB-8YFvTiL40dpqw8eIln6sw6Q1qZUhcfydP_hCycZROYATvOSQDjojAd9vDjjwtdvimEPrMb-XCwBCGkIVUpLr8NOXAljrW65QOWIABdUn_tcIQs-FM1bS-gmCzXySPeVwGRJR50oQMvVtlZb4t7pGNwJgC6QLw_UpNj0eQULLQu1IcCOUBBK8Xlsgb2v8pi0YZnnNKcw0OZaZSuaZzq6SgRuy-tLYwwf5od7Bc77WVYuKQpL46fjH5Ptwktin5K9C5J3zp7hCAw0YmD8Rr1Kxkl101iylr3_Q2FFNJNVHPfoJXgxQDsyXmqyJzZawyYJFgFWXnYaEY1ipQa_O4Jz3t5coVasCGBIYLGIgxsKg5bKKcp8bsPATl5zoyxoIXdP_NT8UoD61m7dzhCKCxpOHRWtZ-6xCDc51Mxwoo8EnwNy1Qh2EdE-L7NB5JqVpW3BiCh4wGpLiNaecRh63Xgru77mYtGrZXW1BA5lVZdnH9bNu2KEIcjNSAzmzoHEuFpI-n3XeVa-ejHXZxueeEP70vf11DrDfT6KIcwBHN2GpIyg8bQd3h1znolBxXhOOda85dtDmR3qz190xrbWJZ0u0w5tKHBbWM09EmVlbzC8zmWaPfCJuksvB4H_kliiFL_8cqKdN3HiZs9IPKiqowz1ZOYLv3q-exOjIgrYQDwZ7ntquAugF7qVaI-jNatN6j0a_7v9RQEQBscTSdAtxdywiZv1d-sHsleOw9Gsj5mBh50pEi_Bw53ooYe9VW4FKZivju74de1KcYN77EP6gr9pytccnGP70XjZYnXrnFi8mET_uQX4ZiCtv9dczzYaHj-LjX35WZ-s-MMbLA4f-u4zFRRO8gYNW3jOPmFjn-LKMzPIw0trWDojoGcy9U5JaW9hLILsaOXVsvmmLccvRbqV2WOOqLpEPQNss-CdQgZmPMc_0_9QremkP03-pC55bE4Ngvgq3P0akW7eH1IMaDLHqt_Srmz6PZC-0zYLXOCkYDO3vajpHCHHZP5TxqYpVUdibUQhHKLTrt3ngFXoeD4JdpbZDdo7bzN1R4gIGLk-LVYCDocj1kUI9H8oNbYK91U2dfu1lItGF1kB38RfswT90S92ODCfN-l_FsoWF987xOwc_ILMQhO07nk518VMGR9QIB26fwkZUfzfs8oSCrJ3jeBTrQ3EVE7PplkSiPT8UjGuwP2Hd-QOA9wlIMsG1jefbh73JLw8UKz0PfAA5-hAgSmcIs0e9LavpYkC_LrI2py22-h2emDJMWMgfLQi02B56RwRaL47ewwEsMwW53xmo9IQCnLYW4164BgRXDXTS0BL4g9gP7fprlXuq6jBIptVNopWgpIM7JMRUisvTHKWCo6OvJfdLmGvhLumEXP4-vc_imxHEYBEsn4cQgWP2oFeqbwTRVbjdVX-GTqjsI4YhlQIbTjTwyU2l8bbNiUJxNszP1CkjTE62ueaIIs5H3KhQC6K633yURfrM9TCdvfylzpb45mKAu214Kl83HXdcwkCw0jlJpIdx3d8p-R36Gjs7TQF5sVVLZNXay-vu7mqg8D0KXSG1a6CL53l__p4TLBFoXXqHcGkR-ezg83tQp0uPJjgNmjXeuW0S4lqp4sOiA43u62l0LOhUQdKgQSVKeiIMNy4f5uDVzv8CYAjCZoVBAacNKtLVqnnMZCmRUvKBNFj46uo9NU3_yR-eZ5pDUCjaOzSxQLtQ&cid=CAASEuRo8GPYUVjjNZcDritEFj0DZg&rfl=1%2Chttps%253A%252F%252Fby-them.com%252F%240

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

67cf5c21bfc71ee46210832792237e4a6ccd99e5c7bc198b046a38c9167fd0ab

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 09:23:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 37
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3128
x-xss-protection: 0
server: cafe
etag: 3658073882064373855
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 28 Oct 2021 09:23:23 GMT

GET
H2 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20211011/r20110914/ Frame 773B 23 KB
9 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20211011/r20110914/abg_lite.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

599ad71fae7cb8d014f7c2d29b8450bc7c34f8e32d49fa103716becef8ae9964

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 09:22:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 100
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9283
x-xss-protection: 0
server: cafe
etag: 1044373809082006429
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 28 Oct 2021 09:22:20 GMT

GET
H2 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 5900 0
0 31ms
31ms Image
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=224&li=gda_r20211011&jk=1741331419192314&rc=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

GET
H2 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 578C 22 KB
8 KB 7ms
7ms Document
text/html 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/Enqz_20U.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
timing-allow-origin: *
content-length: 8395
date: Wed, 13 Oct 2021 21:29:08 GMT
expires: Thu, 13 Oct 2022 21:29:08 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 42892
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame AB97 22 KB
8 KB 6ms
6ms Document
text/html 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/Enqz_20U.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
timing-allow-origin: *
content-length: 8395
date: Wed, 13 Oct 2021 21:29:08 GMT
expires: Thu, 13 Oct 2022 21:29:08 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 42892
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 76B3 0
255 B 30ms
29ms Ping
image/gif 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsv4UUHnkw5EaMkgQOxzRQ4N66ZIa8-jNVzTsrtO-YNN1uldJYEssdvDFji2xq5q6Mhi17UBohHXSDFmyfgoS43u-2szMEcUqGjbVD9a73om0o5sHYu_k-LjnPBbNp9SwHInc4JUh9213XB4Lhas-8SeJoyHXIkPrjv0NT0X0EsfjVmC_N5BM01a_-xOBh-Q1NwzlXX0lY2NePmwe0Pv_Jz3hMvK11oBKsSvRu5uedcf4f8Lg5QAc3-qRrbtVJm3MnaBGFlhF3_KglUKSpssR8II8c_adp_bQeFIkD4xQeNsYe6ZZcEQkD2DzjzaVieClriSS7cUXLJt3p9SYeUh3zaOOeqBVdb10hF9Au2gc2qGyocJLeIvBowtWR0ZqoRpUlXqGV4yzoIwW_05Z3qa8Pjicva_-V7X06XsvbW6tB_eeQpDWzqxicto6P0RixrATxJbss6Z-nLdcVE06a8cKE-wfrgvwso230EoQe3-McRnQDGv-czLGvPvrJSfvHsQmUPXsafEa3l66XxN78JyOfUelHAzX3-ezD87bGwtA1r8ZlfzYdf-0HI0SMDLLIQcAedoPt-gzQ8Evxg_qAT4Bn7VpdK16aKEbsZz0hLQ6EGuxrT5lU2QDKluBDniyAByVQCJhU0GKuAZP5NhRs7FFfVMdOH-qODFMI4OxTaHSRO3QZZ94UGoT8F7Tg1lNExPVasTZu8UooEoJ4YLjn-ieHZjt2lV4YBMd3k2HKIob9pj2ivl5kh0pg9uIW7Q0z4KDfCwL4_uyL1VvaLn788tdmsiAnZ_TH-rmVBWRL3QTGoX00QHy2L2ufewqlj3BDheVAiehZqAJdkhU-ZpCBf05yajniumDVkxedOpCr-MmcATQLHx73ECP-JkTHy_GZ8l2OuOq0Ah9AqOV6pF-QpYXRWveIgmsFx05IAGZz5CVrgTlEBG3l1gPdxiOyWYOu8fopyNbOPcm6stqQvSp9ozfm6fEGpxiCQBCpmDS933h6lGcd1E3NR9hU9eQO84KughsMwNiDG5fHY8KkmA5zQfgIq90sNqnYTlpeP_4W0DiwliSzFUR4dIuvwGzvssq4yvy3RnsF8sF0sLyQGvdAB4JEpnUzMKujV2Mt2xIizeoHnVHuPYpWIYpsUe1qIYH6Ig9TZ1TTV0RWGpX29_Sa4&sai=AMfl-YQHKPofyFT1Z061bybq_5bLJwMXBH10eYqE9M7gNDb5i7qu_Kx0IzCOkYl-u6gIA1tTq_PPqltowVPDThKSR6efZZ-os7_qYNlKlwtk-lV2CUJX2kg01neCKUE3hXJWToilp149NiI3C6HenSaLhK3UB_crVkC81hTpMLn1E4SwTW8gUzwoVZznJTkfZqtiS0TnAYIJq-f2ePQwkNWmgHQnthPVW2-rIl6rLdRuYG5j2KIiAc_GgfTlT1ePjQeZZBlZ6Rgin7y9BrMkFLDlAYn1H1hQt7wXKe0cmiOpiqWzwx0D&sig=Cg0ArKJSzLAOtmF2xKUmEAE&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=311&cbvp=1&cisv=r20211011.52285&adurl=

Requested by

Host: by-them.com
URL: https://by-them.com/430811?utm_medium=email&utm_source=mag_W000000003_thu&utm_campaign=mag_9999_0930&trflg=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
date: Thu, 14 Oct 2021 09:24:00 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H2 200 2046281053510560615
s0.2mdn.net/simgad/ Frame 76B3 35 KB
36 KB 35ms
9ms Image
image/jpeg 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/2046281053510560615

Requested by

Host: 3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com
URL: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b6d7d274daefd5f6f3e2a08ca8201d5dfbaa1b90ab030aa2a699fce936ec8ab1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 12 Oct 2021 03:14:08 GMT
x-content-type-options: nosniff
age: 194992
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36234
x-xss-protection: 0
last-modified: Wed, 29 Sep 2021 08:35:04 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 12 Oct 2022 03:14:08 GMT

GET
H2 200 express_html_inpage_rendering_lib_200_273.js Show response
s0.2mdn.net/879366/ Frame 37B5 114 KB
39 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_273.js

Requested by

Host: by-them.com
URL: https://by-them.com/430811?utm_medium=email&utm_source=mag_W000000003_thu&utm_campaign=mag_9999_0930&trflg=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2bc98b5956d216197013af35c909aa49d3aa7c26b48de9e9930eb4bd6b846391

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/
Origin: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 13 Oct 2021 11:05:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 80290
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 40185
x-xss-protection: 0
last-modified: Wed, 30 Jun 2021 20:54:50 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 14 Oct 2021 11:05:50 GMT

GET
H2 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20211011/r20110914/elements/html/ Frame 37B5 8 KB
3 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20211011/r20110914/elements/html/omrhp.js

Requested by

Host: bid.g.doubleclick.net
URL: https://bid.g.doubleclick.net/xbbe/creative/adj?p=APEucNWbq1HWXXFP03WF1i_d-ZOoSpqkzevi7qrB2aJ95VBByKiwxsU&d=CnkAoCZ_4EQ1-onbsWQ7bfiXuTNKrZ9twuulc4vxbGfQD3ZvrB3NmZ27FgY2vACdqcdays75WKwPzdZClmaFE29S_OrO2GcMQvGNAs9tLVf86Z8Ipqi6CfOH1a2Z9nNGJ1A7bPrvoPoDE4eeJQJ4TvEnXEnVE5tfQbB1EqkRAKAmf-AQw0JaAQIImSLWMmKxIkTPA7LvKmo49yQWasZk7UsakYGG0L3vyPYXFWvGq3CNNSOudYKlJPxHzsAoit93at84wNsx0lH-4ASKjzGNOlxyDyamn13RopKrHnyp9lJvd5DvoGlo_Y2K4YW10k10aMUhR-z77pnsPyj_L6H3310D3hzVOftkAKumAIXcfIQMfmezI5XWTIQhDpcitqzsIt8ng-T7PQsd9vRofHad-7iRfXaqPq6J-J1Gb97VjdbLxCAJNNw9QD11WoKaFvoQrqpoTpKZgv8MCP_nwmx9kM9no8UfBvJt0-eiqoMQtLzqXazkKwYsZ2UJH-iMuuvvQqYLQlnCADNB2nVb9ceg_fuEzd1am4iRNiGOtut9OvFkM9XDcszkWsi0E_xGGFHijbMccUBWYyK-ViKFhcspeooNglvfN1lJvj1UDsH3gboUKLf20-tgJ01aVyGcvACzR-vPWHvN8ICOd7QanAhDcUikk-lvdfUVpF6yklb6SLhBjsrJdeLQu0Y7T_LaGk0kWXSEwNu-u2QpIdOD7SaNQj9kihU1bm7zQmuHCzhENYC8jGWIKdGaWiSFpgQw0BwMPqbd3I6o_r8xmDwkXjtynLy1uFmlplXDfDVZs1VBCyVAgXsY5KPxcGUrEaqjLGyCMirWKexQ1GpU8Rc3nDlQLZEvRB5QbcXrlaWISYMrK69XNv6-HITyoXRy21e69QmcoHwbZEjsZB_4pa8OWRcZ66M2CChcchURIoeVnyIprE_Fi_om-r4Tg-_sb6mal1rnVYayNltN7UUWBFGZqT6tay92fFrgRNdhxvkerSGEfk-oyrsKbF3Ha_MuwghMP5LVlzZ6sNyKJBBSk_89qk_zOC91mazqTw_teBBWYrVu7YRfAR4oPKdLAstPSXJnh0FMIqk3Gu98dm9juXfUZEvUeKqr1B9rHffWisWjWU-6NIE-wGUeLSUEHeZ0fS-hC-HeFyK09gD2m47j-F0YpRVVOwFQJX5aMgddCAGbsSuCL75n7ItpdBhODABqR3h6D7g1QVlcwdcdJdEqzrQ4FsT8bKwiFZEUgx71Q5-DXrOTemEX8JDPxIIJbDvx8XFKz0KH43MnXybGcr85-TYTIk8g2waBgxUZPOUqAbdvATXcbak2cBlFWHWcTpuRtj8dulNz36dIS09umdFgsM6IXyD-XSYFtj8Mp0rtpNWZOfQg_JFqimAAmSIsnoSI18XyWIqDfDau7F2WDS5UfLs2M4O1QqZrJ15f-6ZRLf5eMI_m-k9rYN-otmlh-cpMUaJfDt610YJTyOdmTl39DHOk2pt7uvXDycd5XERumNx9w7UoN1gieaR99Rtyf33LwKjVluPFwQRI3BX2x4TJGzt0nFWA7l5UFWUtYkQfmKn1aeFRv-KUSkxjWYziAtMLm6SFjtOCaege8sFAcbBTJQsCZh7yIUziiG6ttcqotV3bI1KudOKPpJGsrlcAe6w2DyGnkAhx2T_r4yvFzCrLJYCqXpyBbVTy7ZNg8Wb2-rlBwMS5Ik1bHyWarWOajXPZZJ6hVG3BTD_FqwXGYyFXR0nYJQswi0kcFVC1yO7VWFNbjtLCn_vV5v4Iq5XJ6CMZMzGZq3vxX1lR3drFsU6gLmqmnb-TasoYDbyFB5-ya6LzyyouzQ7Up_PmyQ_oHyW7PWqPtdnOxxVo9G9WbmBN6M1Yzys6QHMLRbQkAB2x9ZKVCSzBMI3J9fhUwcTY7rcburkff08E6toI1vpwfKleuMyysEYKYoJHtE74s_XrCpZKY5ay_zMUCutfoM5EMlQxhzf1SLKAGGTXFXAdRpAQqNh3N_2uDixScO9bJ9Lw3IjR10dwQREtSDc9HALzvoNzZOelRInSzul3uE7tLmYOWTwbrajVbYindSo3r7mTNdm0A_G-8GGUvO05xgYvsc2j6jsYIQzEW3EbaFAYg-r_9nJh9A84ZSSf2HSMFZ9E_t1Ba0hAmS-eVps1bq9jRZmIs4Itkgy9VyS1CetQ6NtqvJ1QeDYYPeTm2-Bqo93aTHiuYif4SsCwPOJh4vM_PJeS52HeQArvI_w9uv2WgphgNq8FgfvDKJHuqj8e5mOMWkcp_VCxwV4c8LwpnQegbbCGdOs18f0rBOACRTNXQ2HTVebVxi1W2x_FeTdHPIHMGWkJyjFNYttmWJexnQRh3avhkfE5oMx1AKKGy5A7yUcwrzdglGAPF5eh3kUPt1jiNIb0NgTVMTNRhsR6MIF88FeD46rXmloKMVGzclumoO_IaM8VzVkGm922Q2fmqu2Ax39imSU_bKIdS09Mrj88TeEfWOkR_9ChV3ZnXWlWrvrK5pUw13PC45soYJ8AB5hQ-eHepTJEddZmxiy6SE3YfZYMSFIxFCW3RaHmHvE7buD4cXqAMKMPPjiirrBEOoPM2E9dd2mNyNYHI5um9WeiP_u-SlEx8xQ34jJ7xrsGp9Hya36EO6vs0lZ1TVQcsCqL8NVpYy6o7wZ7M_w2G3Y7bbNZrTmR3EXoyIvm9Vp4In1_N0sK5LDASkHZt1Zdrae8l1HPDQKEcjACS7q3Ta1kBrxXe6aHL0d7bOsHPj3pfgJLyJv3Ukv2PV115JoICezw08ek938CmLZWZd3sBy8XyWb4lfEW2iE2O_PEB2rKLhDTEeHSDU_isefvEWGsPuIv-h9B39Muy1pExdBNThLIHtZGOfIBSuwRZx7XtDOrFCphNHPjPwTOj_V8SRaHRx3eWaGMS1wcZ_r4TFHUHKuRy-PpHZvyKCTpXCn9q82p7uu4QqAVv75QprKGGrav7UkneXH7Z11b9-ksp1MbOv8V3wAL-2oR5IPU-xcJY9H-4Hj9b5z5XZOKACF9o1IcAOu69XLlQ3UJZyE6C1-GbNaG7-5r-OzHAHkIUUvpjaA84uBMifVD9B8LsUv0p-Od3vsF10SLmZxX51N19LzZWFeOGhYIABIS5Gi409SgZ62CdsRb1tHjmXCJYAE

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

67cf5c21bfc71ee46210832792237e4a6ccd99e5c7bc198b046a38c9167fd0ab

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 09:23:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 37
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3128
x-xss-protection: 0
server: cafe
etag: 3658073882064373855
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 28 Oct 2021 09:23:23 GMT

GET
H2 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20211011/r20110914/ Frame 37B5 23 KB
9 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20211011/r20110914/abg_lite.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

599ad71fae7cb8d014f7c2d29b8450bc7c34f8e32d49fa103716becef8ae9964

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 09:22:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 100
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9283
x-xss-protection: 0
server: cafe
etag: 1044373809082006429
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 28 Oct 2021 09:22:20 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 46FA
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEC53isMPgHMaabqNDvfMhQY&google_cver=1

43 B
894 B

19ms
19ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEC53isMPgHMaabqNDvfMhQY&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPnoIxCA2vS7AhiSsJG1ATAB&v=APEucNWzrUIoBhhjKhmDJaVQQUImutKJL97hxtV7gH9sNtl5s20-TsZ6-LUHITGXX0nVzQelIoPItH42666lEYgg8oVjKUIFBg34tTTmEINWgHM8FsR_I5kdB6NkBt5Dvw_Lc7_McbYWNjraC6YO4ooD0bXXPirvxH3Snw3mxy5Ao0UJaDPH7Cc
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 14 Oct 2021 09:24:00 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Thu, 14 Oct 2021 09:24:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 14 Oct 2021 09:24:00 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEC53isMPgHMaabqNDvfMhQY&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 46FA
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YWf3L.IJHAtuN0XGpVci-wAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEC53isMPgHMaabqNDvfMhQY&google_cver=1&google_hm=2

43 B
894 B

15ms
15ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEC53isMPgHMaabqNDvfMhQY&google_cver=1&google_hm=2
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPnoIxCA2vS7AhiSsJG1ATAB&v=APEucNWzrUIoBhhjKhmDJaVQQUImutKJL97hxtV7gH9sNtl5s20-TsZ6-LUHITGXX0nVzQelIoPItH42666lEYgg8oVjKUIFBg34tTTmEINWgHM8FsR_I5kdB6NkBt5Dvw_Lc7_McbYWNjraC6YO4ooD0bXXPirvxH3Snw3mxy5Ao0UJaDPH7Cc
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 14 Oct 2021 09:24:00 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Thu, 14 Oct 2021 09:24:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 14 Oct 2021 09:24:00 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEC53isMPgHMaabqNDvfMhQY&google_cver=1&google_hm=2
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame 46FA
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEJTmEejb12SZO6KvPwskECM&google_cver=1

43 B
1004 B

15ms
14ms

Image
image/gif

185.33.220.240
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEJTmEejb12SZO6KvPwskECM&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPnoIxCA2vS7AhiSsJG1ATAB&v=APEucNWzrUIoBhhjKhmDJaVQQUImutKJL97hxtV7gH9sNtl5s20-TsZ6-LUHITGXX0nVzQelIoPItH42666lEYgg8oVjKUIFBg34tTTmEINWgHM8FsR_I5kdB6NkBt5Dvw_Lc7_McbYWNjraC6YO4ooD0bXXPirvxH3Snw3mxy5Ao0UJaDPH7Cc

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.220.240 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

Software

nginx/1.17.9 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 14 Oct 2021 09:24:00 GMT
X-Proxy-Origin: 91.199.118.79; 91.199.118.79; 717.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 5148d81b-6cdc-4341-b7dd-39dccbb559a7
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 14 Oct 2021 09:24:00 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEJTmEejb12SZO6KvPwskECM&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 46FA
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTg3MzI5MDUyMDY4NjgwMTg4Mw%3D%3D

170 B
188 B

17ms
17ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTg3MzI5MDUyMDY4NjgwMTg4Mw%3D%3D

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Oct 2021 09:24:00 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Thu, 14 Oct 2021 09:24:00 GMT
X-Proxy-Origin: 91.199.118.79; 91.199.118.79; 717.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 2b751e90-c121-482d-a7db-6e33bf8cbda2
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTg3MzI5MDUyMDY4NjgwMTg4Mw%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame E03A
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEC53isMPgHMaabqNDvfMhQY&google_cver=1

43 B
894 B

17ms
17ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEC53isMPgHMaabqNDvfMhQY&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPnoIxCA2vS7AhiSsJG1ATAB&v=APEucNXGjk912I_NY7RPbu6FXVPBcJTcTw74KBLowNrZUThuu428WtOPV-4pdyJ6aBs7lTKnMlWiCn3O0dUecIUaCDpvG-nvvnGG77sdleDO97_WckA__RGrsmaiWHFYN68MbspwPRdw0X48WWwKOqqKshlYEdi8n3HsVt9f8oTtY7kr-AKHE7E
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 14 Oct 2021 09:24:00 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Thu, 14 Oct 2021 09:24:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 14 Oct 2021 09:24:00 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEC53isMPgHMaabqNDvfMhQY&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame E03A
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YWf3L.IJHAtuN0XGpVci-wAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEC53isMPgHMaabqNDvfMhQY&google_cver=1&google_hm=2

43 B
894 B

27ms
26ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEC53isMPgHMaabqNDvfMhQY&google_cver=1&google_hm=2
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPnoIxCA2vS7AhiSsJG1ATAB&v=APEucNXGjk912I_NY7RPbu6FXVPBcJTcTw74KBLowNrZUThuu428WtOPV-4pdyJ6aBs7lTKnMlWiCn3O0dUecIUaCDpvG-nvvnGG77sdleDO97_WckA__RGrsmaiWHFYN68MbspwPRdw0X48WWwKOqqKshlYEdi8n3HsVt9f8oTtY7kr-AKHE7E
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 14 Oct 2021 09:24:00 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Thu, 14 Oct 2021 09:24:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 14 Oct 2021 09:24:00 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEC53isMPgHMaabqNDvfMhQY&google_cver=1&google_hm=2
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame E03A
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEJTmEejb12SZO6KvPwskECM&google_cver=1

43 B
1004 B

17ms
17ms

Image
image/gif

185.33.220.240
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEJTmEejb12SZO6KvPwskECM&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPnoIxCA2vS7AhiSsJG1ATAB&v=APEucNXGjk912I_NY7RPbu6FXVPBcJTcTw74KBLowNrZUThuu428WtOPV-4pdyJ6aBs7lTKnMlWiCn3O0dUecIUaCDpvG-nvvnGG77sdleDO97_WckA__RGrsmaiWHFYN68MbspwPRdw0X48WWwKOqqKshlYEdi8n3HsVt9f8oTtY7kr-AKHE7E

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.220.240 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

Software

nginx/1.17.9 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 14 Oct 2021 09:24:00 GMT
X-Proxy-Origin: 91.199.118.79; 91.199.118.79; 717.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: fb9f2e8e-5711-4860-8200-ddffc6c99608
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 14 Oct 2021 09:24:00 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEJTmEejb12SZO6KvPwskECM&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame E03A
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTg3MzI5MDUyMDY4NjgwMTg4Mw%3D%3D

170 B
188 B

19ms
19ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTg3MzI5MDUyMDY4NjgwMTg4Mw%3D%3D

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Oct 2021 09:24:00 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Thu, 14 Oct 2021 09:24:00 GMT
X-Proxy-Origin: 91.199.118.79; 91.199.118.79; 717.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: b27f6ddc-28c8-467c-8e1b-752b7bdd6ede
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTg3MzI5MDUyMDY4NjgwMTg4Mw%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

sd
us-u.openx.net/w/1.0/ Frame 052A
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESECxvsMRegSy6GDRVM8AI05Q&google_cver=1

43 B
180 B

16ms
16ms

Image
image/gif

35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESECxvsMRegSy6GDRVM8AI05Q&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPnoIxCA2vS7AhiEkpG1ATAB&v=APEucNXDr64Fc0w_Hu2VJJMTnst1reVoK-dRZn7pMc9q-vQO-R01aFqxXi9rh8Dhda_JAOJEC38qaFXIdCHfuGxD0tAMVzhPGIhD_acgbJoHzapBIWK3LlrA5D9BloNsWxUXgOGE_mrvEpsj0zg_m54AbKlvtb1K3EizvWrQMtAMXqsE2n8KEVk
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/16.217.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Oct 2021 09:24:00 GMT
via: 1.1 google
server: OXGW/16.217.0
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: clear
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 14 Oct 2021 09:24:00 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESECxvsMRegSy6GDRVM8AI05Q&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 052A
Redirect Chain

https://us-u.openx.net/w/1.0/cm?id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D
https://us-u.openx.net/w/1.0/cm?cc=1&id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D
https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=MTEwNGE0Y2ItMmY2My0yM2NmLWRjMGQtNDUzYmEyN2I1M2I5

170 B
188 B

17ms
16ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=MTEwNGE0Y2ItMmY2My0yM2NmLWRjMGQtNDUzYmEyN2I1M2I5

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPnoIxCA2vS7AhiEkpG1ATAB&v=APEucNXDr64Fc0w_Hu2VJJMTnst1reVoK-dRZn7pMc9q-vQO-R01aFqxXi9rh8Dhda_JAOJEC38qaFXIdCHfuGxD0tAMVzhPGIhD_acgbJoHzapBIWK3LlrA5D9BloNsWxUXgOGE_mrvEpsj0zg_m54AbKlvtb1K3EizvWrQMtAMXqsE2n8KEVk

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Oct 2021 09:24:00 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Thu, 14 Oct 2021 09:24:00 GMT
content-encoding: gzip
server: OXGW/16.217.0
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
location: https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=MTEwNGE0Y2ItMmY2My0yM2NmLWRjMGQtNDUzYmEyN2I1M2I5
content-type: image/gif
alt-svc: clear
content-length: 0
via: 1.1 google

GET
H2

200

um
sync.teads.tv/ Frame 052A
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm
https://sync.teads.tv/um?eid=3&uid=CAESEIftNPQNf2YBTzYBA1Ni4t4&google_cver=1

23 B
172 B

36ms
36ms

Image
image/gif

104.111.242.245
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um?eid=3&uid=CAESEIftNPQNf2YBTzYBA1Ni4t4&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPnoIxCA2vS7AhiEkpG1ATAB&v=APEucNXDr64Fc0w_Hu2VJJMTnst1reVoK-dRZn7pMc9q-vQO-R01aFqxXi9rh8Dhda_JAOJEC38qaFXIdCHfuGxD0tAMVzhPGIhD_acgbJoHzapBIWK3LlrA5D9BloNsWxUXgOGE_mrvEpsj0zg_m54AbKlvtb1K3EizvWrQMtAMXqsE2n8KEVk
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.111.242.245 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-242-245.deploy.static.akamaitechnologies.com
Software: akka-http/10.2.6 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Oct 2021 09:24:00 GMT
cache-control: max-age=0, no-cache, no-store
expires: Thu, 14 Oct 2021 09:24:00 GMT
server: akka-http/10.2.6
content-length: 23
content-type: image/gif

Redirect headers

pragma: no-cache
date: Thu, 14 Oct 2021 09:24:00 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://sync.teads.tv/um?eid=3&uid=CAESEIftNPQNf2YBTzYBA1Ni4t4&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 281
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 um
sync.teads.tv/ Frame 052A 23 B
172 B 83ms
39ms Image
image/gif 104.111.242.245
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um?eid=3&uid=&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_dbm%26google_hm%3D%5BVID_B64%5D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPnoIxCA2vS7AhiEkpG1ATAB&v=APEucNXDr64Fc0w_Hu2VJJMTnst1reVoK-dRZn7pMc9q-vQO-R01aFqxXi9rh8Dhda_JAOJEC38qaFXIdCHfuGxD0tAMVzhPGIhD_acgbJoHzapBIWK3LlrA5D9BloNsWxUXgOGE_mrvEpsj0zg_m54AbKlvtb1K3EizvWrQMtAMXqsE2n8KEVk
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.111.242.245 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-242-245.deploy.static.akamaitechnologies.com
Software: akka-http/10.2.6 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Oct 2021 09:24:00 GMT
cache-control: max-age=0, no-cache, no-store
expires: Thu, 14 Oct 2021 09:24:00 GMT
server: akka-http/10.2.6
content-length: 23
content-type: image/gif

GET
H/1.1

200

partner
sync.search.spotxchange.com/ Frame 6763
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_cm&google_dbm
https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESEEbTGjDhgYdgvhdh00K9p9A&google_cver=1

43 B
548 B

49ms
21ms

Image
image/gif

185.94.180.125
SPOTX-AMS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESEEbTGjDhgYdgvhdh00K9p9A&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARiR7OioATAB&v=APEucNUNMUdO53PAU-Zb6dZXokPpHFVWbSYA9pAExd6WT9FKD06ck4Vj_xL0sRcNB0vooWYnZ3vNePP-dKLhldzZHhXeoysLdnl5_VA6CCbPrbfdSuybHQVXV7gpjw6IGLywhUFl2LSY5d63nF6IS4LUAM6Ruj4os-XXcWZ7P-FxnkujtFThKaM
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.94.180.125 Amsterdam, Netherlands, ASN35220 (SPOTX-AMS, US),
Reverse DNS
Software: nginx /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Thu, 14 Oct 2021 09:24:00 GMT
Server: nginx
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: image/gif
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials: false
X-fe: 29
Connection: keep-alive
Content-Length: 43

Redirect headers

pragma: no-cache
date: Thu, 14 Oct 2021 09:24:00 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESEEbTGjDhgYdgvhdh00K9p9A&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 306
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 6763
Redirect Chain

https://sync.search.spotxchange.com/partner?adv_id=7025&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dspotxchange_dbm%26google_hm%3D%24SPOTX_BASE64_USER_ID
https://sync.search.spotxchange.com/partner?adv_id=7025&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dspotxchange_dbm%26google_hm%3D%24SPOTX_BASE64_USER_ID&__user_check__=1&sync_i...
https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_hm=NzZmOTkyZTUtMmNkMC0xMWVjLWFhOWItMWRiYzU1NTkwNDA2

170 B
188 B

22ms
22ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_hm=NzZmOTkyZTUtMmNkMC0xMWVjLWFhOWItMWRiYzU1NTkwNDA2

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARiR7OioATAB&v=APEucNUNMUdO53PAU-Zb6dZXokPpHFVWbSYA9pAExd6WT9FKD06ck4Vj_xL0sRcNB0vooWYnZ3vNePP-dKLhldzZHhXeoysLdnl5_VA6CCbPrbfdSuybHQVXV7gpjw6IGLywhUFl2LSY5d63nF6IS4LUAM6Ruj4os-XXcWZ7P-FxnkujtFThKaM

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Oct 2021 09:24:00 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Thu, 14 Oct 2021 09:24:00 GMT
Server: nginx
Location: https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_hm=NzZmOTkyZTUtMmNkMC0xMWVjLWFhOWItMWRiYzU1NTkwNDA2
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/plain
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials: false
X-fe: 130
Connection: keep-alive
Content-Length: 0

GET
H2 204 v1
ads.yahoo.com/cms/ Frame 6763 0
446 B 28ms
8ms Image
text/plain 2a00:1288:80:800::7000
YAHOO-DEB

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ads.yahoo.com/cms/v1?esig=1~b04e41039133c73fafd60e0ed8cb49a70ecfb061&nwid=10000483131&sigv=1

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1288:80:800::7000 Frankfurt am Main, Germany, ASN203220 (YAHOO-DEB, GB),

Reverse DNS

Software

ATS /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 09:24:00 GMT
cache-control: no-store
x-content-type-options: nosniff
server: ATS
strict-transport-security: max-age=15552000
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-xss-protection: 1; mode=block

GET
H2 200 express_html_inpage_rendering_lib_200_273.js Show response
s0.2mdn.net/879366/ Frame 2BFD 114 KB
39 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_273.js

Requested by

Host: by-them.com
URL: https://by-them.com/430811?utm_medium=email&utm_source=mag_W000000003_thu&utm_campaign=mag_9999_0930&trflg=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2bc98b5956d216197013af35c909aa49d3aa7c26b48de9e9930eb4bd6b846391

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/
Origin: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 13 Oct 2021 11:05:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 80290
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 40185
x-xss-protection: 0
last-modified: Wed, 30 Jun 2021 20:54:50 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 14 Oct 2021 11:05:50 GMT

GET
H2 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20211011/r20110914/elements/html/ Frame 2BFD 8 KB
3 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20211011/r20110914/elements/html/omrhp.js

Requested by

Host: bid.g.doubleclick.net
URL: https://bid.g.doubleclick.net/xbbe/creative/adj?p=APEucNWbq1HWXXFP03WF1i_d-ZOoSpqkzevi7qrB2aJ95VBByKiwxsU&d=CnkAoCZ_4Gk_e2TZmOC_Gsp4H51z49_ZVaLYVdeki3NkwnVSSF-y6G5Ih2LV_YKYVhcz4XoBGgwTRIp1waBtR5EDkp7RzpIEWbGR71Q5y1KsTcgJhUtE9v9FLGbvESpfh6IsDdXmbT_ClTj5f99a5Az9UQYyP90HJqRREvkRAKAmf-CPf6VgCdTtbVzMTUM7qy4-Y2f5IDi49XLV0NCF0ZTs21BoxKSCbR_vCxlu6STBchMHb8ZlPQyBoqkPEMdHM3Z5eBLIWeftLAtoRDhWOgcwdh7y4QxcZi1TFFDwvwupl6WQp1gScf8kVTyI0hbibZsdUFAzIwWqXObQhS6tXdPa1RkoMFFZ0EWdW_YMFXBvL4pj4DTOqM55cGc3zSqBX54M2PR-bZABNPGicNDakH2jP24ZqFJ2gOsCiIaWZZVhYgd-Y9KSXduXwFyBhY09R-XAxJbkbvRbUoM3bZ7LjIou1nyKjv5DwdeKrtfcD-y0eV0KX1_RNxXJ8gCJP_t0Oe7MA70YCLK0XOoggY0wptJUujMVCzK1FPEj67UEkvYuz0yv-Y8Uo-fGqmreZIgioh21OSKniw437YuFLWr3H3zowmTb9-LqLXF-8yAiL8M0fnousJMSkMCE7gymgGxrWxlXJDTUYVgFieEaTa69b7Hd8zEnB_84M0rdsemZ7Nnb009FdBATxAjMk_pE94mG95C39fdr4OiXUW4cy3csxCaHTMnpcDKJL6HU8xJNSq0p1zts7uA7VQ3qe04yXisyXuTB4P1jGgDxZ4x-twehUy0ASIIDBsuUIVc6OhBhLN-1WWNbaGoXgwkgbC8dfXJgqRVPTOvPH-VwGkT3Hk7_A52DYCq4f9Me-h0RurNuCvJqfDHCGb5nY_W64fDx0PIrtptL8a3j3vf94ntjQlESdWe_kXV_uEaMD520rhY1MQ4ZDdMcEYcH9Nl18FnS4x-Z7h0gDju9VHCqr3y6grD9Ra8DZjmNcw6PjQTWUWv7TmvU4HvBQyMgu-bN3jrtEnwxlqyV-pc9mIip19SKws-s60plPbXowmRpmvjIrx-iu_tcapPEfYqFmCf4o8yqNZ9QVdQZ5PYrkL73_DjQ0U7g6QQUWZP4mFl3oA8vTkNqkg10DCnho4Oaod471sNn40gbD9ICxF2cOmHb7-jHbTcSqLxcS8HI8iZoTNPRZfx4xbhcX6XsaOG5NNXDUtxLL67bk3ag5H6zrc8H1hqoOddsmR5wT32g-EiV1AQu1m5phH44BRV2QGtxOKWgUiLwL8cqeGXZvo-sEOs8jt2mdFLV9GJxXf80CwGG9E9upscCbfj68MJVR8V_RTBERMmoiLqmHe6Mph8vDrB1VRAL1Nhbg5skiFFhUtyQcmk8ih75ca2fSWJyU86DCEAKlg3sYKNCTji8mssAa6p1fp756X4Z2O0tor_P16Yq2ksIyRK4mhIGaHt4CKUnIxvR6YmkdaeNNwfaA75kfQQYWxW9s7mIQvzEcgH7xxHaz-g6Co9cKL-q888NUm-CR-JnjG5n3i8zZ-VCYoRsF8KS6pPPIQ1xjIw2ppcH9tZSikYCFYv9P9qsHgWaqWg1NDAoPHB6icfKQDrQN2OlgyR90G6vECRTk07NkE_AYjfBistQ6kkLIbDVp_IlX9DLOZBKm9JDUIV76E63G1pSkoH7x0sMXy09GPazjF-CCVTxysWmCRkvkxWLjhSeOBwGs0WWE9E2uwAwbensPNzxMuBa5gIZ2LP38K6M7JTqm6BRDOlI3fRaJMwes8xcxwMoIwOob19niiZu0_pti4jytBzaWcG7VJraADGCHXOA2WpmhlvfzvCHO69fBTNVNMY23WTnRkLFh7OdRPmN7RDEIWZmfbXouwgbrFnvaraEJh7rmiXcXLu4HfzvJLC1YBYrqAO-igAtBtbth-95EwXft-rnzq0zbec1DQhM2L1SgfL28czed9B-Q0GoKV_2QEYVAz3mOyL36v-o12wn0Oi6s9XOECKlE_xlFGalagNShzotXlDgNbytf7UlScI6IObtbbpxDK_tE5PkFXsFfHIX31_X5zdQyKTQPGWf4MIhSgmdrqYJXI2tKKz8r4kVrzQ1NUI66u1K01awy-gTKe0A5gz1oalgPPvJ3Fs9EiGjdZskTQJY9hp4H-HDidHWwRXOh4dUDFXErAC-tpar8tbn05bk-WeDfCXLT7w8Red8qcjXN4bTAk8YLeduI5ZpqyE_VvFbzCCh8i4MTj-xd9tMXpLAqqVjFhMd7H6t1ATbQCSPh9WHiPHuCBOiYWh2TKNVmP2e3xMeTjdVl1jT-uUR6-aHfwYtCa8QSW4GSYwSKBECXDcNujyriqNmjUY5HN1o-QsJtm_BHKHcxlaC4kSFoimqT0ed6mO21dNuOKUHyq9OgIdOF1K78CvZoyFA89tFqfO4CQ9UQDlvFc_Mx4E5_LmxeKMH06dAHF_cPKinWdP6gf0YAxAGXyXyU3puXIC3-wy7Vh7FbYYGU1pNJRlBCuvo-lVH-823tEmkxtUfVN0e8R33RAjOxQ-J4q7BIQNS86I0ahViJEAyPgE9iMi7g3F75GfzlUIPl05y3968pb4F0se4db2u0FxLFn_u5t_-AF0OLel4Nuez4b8YN5Etn3StvDicoUiQ8RjDJ6VhCPNEmXrZWAukoA09gTIwSogP5e-9aJzxFp1SdAvSCm9S5-30oyXPP4E_TDlDVeskNoAF2qs6qYiPSbPCmzMWBkKvZdaPmpeolxlRC5eL_oy-B2vKdHzY9xR3ksvt5FgF_a6gl7XfhO1Y84zGsVeB60XY0Xgkyw03LiTGxZlkWStJmafvOVek4oSYLASITRmVVfgpXmdFQtc3v554PpNGGQ1vPTs_gt3_rhTLi6OYmVVt4mmpLyc0Zmm-xpsdNCZKSqHOnx9Ge9sOEQUPy8ouoYVMDmh8_mw4V_WOhq-IVdHIifdnqsvv5n9arclm-8BBj7Fl_1Zki95XvlsfOLUmc2LWq956Iz0bxBhZplpPcN86YMjayGRxZKdkzEKbix2rWGkW4KmKX_ox2O8v42qpeQqlq7udM6DEx8tyKDXSr6c9Tm03MeJJgqlc87qVN7Y0j4VBIO1y7IQlrJblKZq5fDH86RVkiscoALN_-j0v_27DkFe2mAh39LF-CtTrnNnyKtWrd7sB8Hn56PaUbk-phIllRcfM16DwxIhEPJA-vgBbemFmG3OnlagFYc67k8YXvCQaFggAEhLkaF-sXjfispNMHqmo6LTTA69gAQ

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

67cf5c21bfc71ee46210832792237e4a6ccd99e5c7bc198b046a38c9167fd0ab

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 09:23:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 37
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3128
x-xss-protection: 0
server: cafe
etag: 3658073882064373855
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 28 Oct 2021 09:23:23 GMT

GET
H2 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20211011/r20110914/ Frame 2BFD 23 KB
9 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20211011/r20110914/abg_lite.js

Requested by

Host: bid.g.doubleclick.net
URL: https://bid.g.doubleclick.net/xbbe/creative/adj?p=APEucNWbq1HWXXFP03WF1i_d-ZOoSpqkzevi7qrB2aJ95VBByKiwxsU&d=CnkAoCZ_4Gk_e2TZmOC_Gsp4H51z49_ZVaLYVdeki3NkwnVSSF-y6G5Ih2LV_YKYVhcz4XoBGgwTRIp1waBtR5EDkp7RzpIEWbGR71Q5y1KsTcgJhUtE9v9FLGbvESpfh6IsDdXmbT_ClTj5f99a5Az9UQYyP90HJqRREvkRAKAmf-CPf6VgCdTtbVzMTUM7qy4-Y2f5IDi49XLV0NCF0ZTs21BoxKSCbR_vCxlu6STBchMHb8ZlPQyBoqkPEMdHM3Z5eBLIWeftLAtoRDhWOgcwdh7y4QxcZi1TFFDwvwupl6WQp1gScf8kVTyI0hbibZsdUFAzIwWqXObQhS6tXdPa1RkoMFFZ0EWdW_YMFXBvL4pj4DTOqM55cGc3zSqBX54M2PR-bZABNPGicNDakH2jP24ZqFJ2gOsCiIaWZZVhYgd-Y9KSXduXwFyBhY09R-XAxJbkbvRbUoM3bZ7LjIou1nyKjv5DwdeKrtfcD-y0eV0KX1_RNxXJ8gCJP_t0Oe7MA70YCLK0XOoggY0wptJUujMVCzK1FPEj67UEkvYuz0yv-Y8Uo-fGqmreZIgioh21OSKniw437YuFLWr3H3zowmTb9-LqLXF-8yAiL8M0fnousJMSkMCE7gymgGxrWxlXJDTUYVgFieEaTa69b7Hd8zEnB_84M0rdsemZ7Nnb009FdBATxAjMk_pE94mG95C39fdr4OiXUW4cy3csxCaHTMnpcDKJL6HU8xJNSq0p1zts7uA7VQ3qe04yXisyXuTB4P1jGgDxZ4x-twehUy0ASIIDBsuUIVc6OhBhLN-1WWNbaGoXgwkgbC8dfXJgqRVPTOvPH-VwGkT3Hk7_A52DYCq4f9Me-h0RurNuCvJqfDHCGb5nY_W64fDx0PIrtptL8a3j3vf94ntjQlESdWe_kXV_uEaMD520rhY1MQ4ZDdMcEYcH9Nl18FnS4x-Z7h0gDju9VHCqr3y6grD9Ra8DZjmNcw6PjQTWUWv7TmvU4HvBQyMgu-bN3jrtEnwxlqyV-pc9mIip19SKws-s60plPbXowmRpmvjIrx-iu_tcapPEfYqFmCf4o8yqNZ9QVdQZ5PYrkL73_DjQ0U7g6QQUWZP4mFl3oA8vTkNqkg10DCnho4Oaod471sNn40gbD9ICxF2cOmHb7-jHbTcSqLxcS8HI8iZoTNPRZfx4xbhcX6XsaOG5NNXDUtxLL67bk3ag5H6zrc8H1hqoOddsmR5wT32g-EiV1AQu1m5phH44BRV2QGtxOKWgUiLwL8cqeGXZvo-sEOs8jt2mdFLV9GJxXf80CwGG9E9upscCbfj68MJVR8V_RTBERMmoiLqmHe6Mph8vDrB1VRAL1Nhbg5skiFFhUtyQcmk8ih75ca2fSWJyU86DCEAKlg3sYKNCTji8mssAa6p1fp756X4Z2O0tor_P16Yq2ksIyRK4mhIGaHt4CKUnIxvR6YmkdaeNNwfaA75kfQQYWxW9s7mIQvzEcgH7xxHaz-g6Co9cKL-q888NUm-CR-JnjG5n3i8zZ-VCYoRsF8KS6pPPIQ1xjIw2ppcH9tZSikYCFYv9P9qsHgWaqWg1NDAoPHB6icfKQDrQN2OlgyR90G6vECRTk07NkE_AYjfBistQ6kkLIbDVp_IlX9DLOZBKm9JDUIV76E63G1pSkoH7x0sMXy09GPazjF-CCVTxysWmCRkvkxWLjhSeOBwGs0WWE9E2uwAwbensPNzxMuBa5gIZ2LP38K6M7JTqm6BRDOlI3fRaJMwes8xcxwMoIwOob19niiZu0_pti4jytBzaWcG7VJraADGCHXOA2WpmhlvfzvCHO69fBTNVNMY23WTnRkLFh7OdRPmN7RDEIWZmfbXouwgbrFnvaraEJh7rmiXcXLu4HfzvJLC1YBYrqAO-igAtBtbth-95EwXft-rnzq0zbec1DQhM2L1SgfL28czed9B-Q0GoKV_2QEYVAz3mOyL36v-o12wn0Oi6s9XOECKlE_xlFGalagNShzotXlDgNbytf7UlScI6IObtbbpxDK_tE5PkFXsFfHIX31_X5zdQyKTQPGWf4MIhSgmdrqYJXI2tKKz8r4kVrzQ1NUI66u1K01awy-gTKe0A5gz1oalgPPvJ3Fs9EiGjdZskTQJY9hp4H-HDidHWwRXOh4dUDFXErAC-tpar8tbn05bk-WeDfCXLT7w8Red8qcjXN4bTAk8YLeduI5ZpqyE_VvFbzCCh8i4MTj-xd9tMXpLAqqVjFhMd7H6t1ATbQCSPh9WHiPHuCBOiYWh2TKNVmP2e3xMeTjdVl1jT-uUR6-aHfwYtCa8QSW4GSYwSKBECXDcNujyriqNmjUY5HN1o-QsJtm_BHKHcxlaC4kSFoimqT0ed6mO21dNuOKUHyq9OgIdOF1K78CvZoyFA89tFqfO4CQ9UQDlvFc_Mx4E5_LmxeKMH06dAHF_cPKinWdP6gf0YAxAGXyXyU3puXIC3-wy7Vh7FbYYGU1pNJRlBCuvo-lVH-823tEmkxtUfVN0e8R33RAjOxQ-J4q7BIQNS86I0ahViJEAyPgE9iMi7g3F75GfzlUIPl05y3968pb4F0se4db2u0FxLFn_u5t_-AF0OLel4Nuez4b8YN5Etn3StvDicoUiQ8RjDJ6VhCPNEmXrZWAukoA09gTIwSogP5e-9aJzxFp1SdAvSCm9S5-30oyXPP4E_TDlDVeskNoAF2qs6qYiPSbPCmzMWBkKvZdaPmpeolxlRC5eL_oy-B2vKdHzY9xR3ksvt5FgF_a6gl7XfhO1Y84zGsVeB60XY0Xgkyw03LiTGxZlkWStJmafvOVek4oSYLASITRmVVfgpXmdFQtc3v554PpNGGQ1vPTs_gt3_rhTLi6OYmVVt4mmpLyc0Zmm-xpsdNCZKSqHOnx9Ge9sOEQUPy8ouoYVMDmh8_mw4V_WOhq-IVdHIifdnqsvv5n9arclm-8BBj7Fl_1Zki95XvlsfOLUmc2LWq956Iz0bxBhZplpPcN86YMjayGRxZKdkzEKbix2rWGkW4KmKX_ox2O8v42qpeQqlq7udM6DEx8tyKDXSr6c9Tm03MeJJgqlc87qVN7Y0j4VBIO1y7IQlrJblKZq5fDH86RVkiscoALN_-j0v_27DkFe2mAh39LF-CtTrnNnyKtWrd7sB8Hn56PaUbk-phIllRcfM16DwxIhEPJA-vgBbemFmG3OnlagFYc67k8YXvCQaFggAEhLkaF-sXjfispNMHqmo6LTTA69gAQ

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

599ad71fae7cb8d014f7c2d29b8450bc7c34f8e32d49fa103716becef8ae9964

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 09:22:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 100
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9283
x-xss-protection: 0
server: cafe
etag: 1044373809082006429
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 28 Oct 2021 09:22:20 GMT

GET
H2 200 index.html Show response
s0.2mdn.net/10774078/1632247414120/ Frame BC55 13 KB
4 KB 10ms
9ms Document
text/html 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/10774078/1632247414120/index.html

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_273.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f36ccebafcb7b6f229f2da65f0a3a18f7d0eadf6a184873fc33669fdb6f62631

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: s0.2mdn.net
:scheme: https
:path: /10774078/1632247414120/index.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-length: 3732
date: Thu, 14 Oct 2021 09:00:16 GMT
expires: Fri, 15 Oct 2021 09:00:16 GMT
last-modified: Tue, 21 Sep 2021 18:03:34 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
age: 1424
cache-control: public, max-age=86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 897F 0
23 B 19ms
18ms Ping
image/gif 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvWWewBL7OwGK__N02s2iAM6u7Drf1e8z40_cYAgyCDtPWiihZes0xdAWvj4DbIe2kAxuNozCFcsHI1h_792dg74yygu2hnN3uOvbrNhfJiBB8WUURk-pXrh2dM1iU76Gxdh0d-3qa22ESjuliZ3w&sai=AMfl-YSfwsufqV1kXZlo3dO0P5YHGQQpLKwXNRUiy1WZquYxlcNn9DQ382iGAbl12Iwr7KOsPorIYLse35hvZSKxoYYHugeOsf-zC1w&sig=Cg0ArKJSzNFWfGaLmEQkEAE&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=314&cbvp=1&cstd=311&cisv=r20211011.44915&adurl=

Requested by

Host: by-them.com
URL: https://by-them.com/430811?utm_medium=email&utm_source=mag_W000000003_thu&utm_campaign=mag_9999_0930&trflg=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Thu, 14 Oct 2021 09:24:00 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H2 200 express_html_inpage_rendering_lib_200_273.js Show response
s0.2mdn.net/879366/ Frame 99DE 114 KB
39 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_273.js

Requested by

Host: by-them.com
URL: https://by-them.com/430811?utm_medium=email&utm_source=mag_W000000003_thu&utm_campaign=mag_9999_0930&trflg=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2bc98b5956d216197013af35c909aa49d3aa7c26b48de9e9930eb4bd6b846391

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/
Origin: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 13 Oct 2021 11:05:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 80290
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 40185
x-xss-protection: 0
last-modified: Wed, 30 Jun 2021 20:54:50 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 14 Oct 2021 11:05:50 GMT

GET
H2 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20211011/r20110914/elements/html/ Frame 99DE 8 KB
3 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20211011/r20110914/elements/html/omrhp.js

Requested by

Host: bid.g.doubleclick.net
URL: https://bid.g.doubleclick.net/xbbe/creative/adj?p=APEucNVLdPOzFTTB6sf8aEPJc2gliaLWUtovRx_Xp6s19gT5I6bmbcU&d=CnkAoCZ_4BGjuPnG8mPgdmOyJmIgnNkLqnFhDZW4VUdYngxPFq3ZCQFHgI7MTgcs-JgDWk1_Am-suH8EpgQYOcWWNZXEZORzfbgrr90MOt3SkwjJYet5sbIcGNs4mJId9Qbdgq_kB9CjZn6zbfZru-UfY3E-ag3LCEEdEqkRAKAmf-ASH0c6JSPVtZXdfKhABYtMt0rIv0H7dAdFcleCHPcMseX3YT-P8j3FSqFdBIdrmSZDtYQSv3rnAYHh2HwtUYcIFrRRR83ygZbuBOA8ttVoB7Df3_O12PcREJtZVZY1taWkwCI-xnRA6MeFJOEGkl32_TYjxNoagXVV8ue7Fuck3KcVuVy4eM3WAnqmZi1SHUwIJM9ZxF5db4hGUfp8T2u9im-UyMnKEmiGJAyOzC7c1JS55lxyS-pXr3-t8ywoAZGUVvzeaev-TqC0WjxozIm4tkrthGQmTLp9yVhjsrnCTU59QPu6Pos0VN01vZKAX4tAuKoHd6Cidza5Aq5-iYbO9-eoqUwgrg7TjAmFH45t3Z2osE9LQ1PcLOe77SgELFIe4Ri2HUk647d2Ccp7tNE-tCDhHaC-fs4yNgnnbpCZDC_rQIQ8TOveAVSZgj2Gsj94MjhtkcKHiFM2h8VVYzpq9LS3U4njFtvtewgjBfpc_2ug_fM_Pihk0m42RsM5d-WlgKfkWHR_eqLR0Gpd-4iOjILFSdPEtc7bUO2DP3Wrzj2ifwWhoT_F3vQggWmal3XddMML1hWlhY6yG9WTN9auAhAucONiKsaIST7-6jzqmV7mdK7RuzkD4HqHjHUE0yx-5z-Wi6oeImDafSUFbRCctY7jR1Jq4nqEUBHM_lAxurO6S941abhKepJiUel8kVhPLzBChlOGqMAGVmnWcRr-DTCLUuEfzq6Wb6UQZpXvPWJ6L-5lNyfqZ5r3791uzWcSNiOaRVjywYdtEM3WcPz3IoGFlk51zNvET0A3F6B9_fejQ59EL9XffGOG4uObAJVBerJb3QuXzyBIqQmFw2AIUf8h1y_yskzp9pXawF5ZkMWDPtSjfQr_uzlYYc5z7Ozmb5T5nDbtB_6JY0syxcyx6adDTWuc_Yr8jQcJclYDBidG4-_L83Yiq1lxaraetxs0pF4LVKNufOR14a95LDzVpD5WRMK7_fEXQTRuzkorvvpPUeU5tgG6Gz0tF5cYmA6G7494NabQ2us2xQgEbMw5_iFDU7cRefp2H6FVUpkLk7ZyZrxFtELMrnoTruvG_9uHgQX_y6r7HGnH6wzEvgTW1It_d99mDjOki3NAAs70LsLlQwMe4enNmUkQl6_dpHI-pL6m4vPRL8NpJWq5sc2qnBi_eeS6BMLRU72j5Q-BP9YkDqlcboIBRYQH3ctTiyOSf_VVaGXKR1_ecosULbTAknvTJuNFodjrphO9n6KJ95kFytIdSt6vq9e8W-BGKRXh_S1QloyxTCnQPsI7JfsVyx6b_8gjf22ICzpOUJ2U8lP4VUrlvQ-7wRW6PdKt8Hu2vXhD9EUuoKUF0iMoHCmLPuLxZEokzrzXAxzMXowyxzT0j4OuKDzas_UZlPZdYCPa_x8XYays-CtCYb1rKMo_t6MjEMZVhEdf8PYTkvhGQH_WyUR6wczlcTcdVW5t2EXE5yTpsYkiqC6PZ871ymvyiAcNXevdZbndD6-qcQ1GWUHV58gALeLjL435fU24wzAqJtOt3jItr_RAbFH-Fwlvd7OYYTgK5oYoZXLDNdcQqepIigQLFBjVYCSngYLZn2s3UvtkcnJHV_FFZ-_ekzvZTe4EnDuTW2RedVir5T-unxI2gCI5txzZcEnr0cGEBi3ZAqJWoWV2xuUrhEdneefOAUYjadYt7xkG0KWQM8WcwhR83829zMLHTTFigeiGKkb5uXJfAoudxHj-1eo5q05FiqWLsRsgKDudT8aa79QRz4fwT331dDA-FZ6j3yg52OTnlIypJLf7mBZMdfGKwesFMRmIJiW7pONQNsOJMMYlgNW9QNvWakWx1rkvzRMSfh1RSn-1BSqj_s7qLBb2GbvE2jlJlbn-D-TMiFMI413HTI5IDHL4yeGY_a-YGGfHmd2OWhHtmZYTxCDduNAa7y-NDMuXM5a8NaoGjQfy5tyyMkiswF0AKLxSgp59A2UQatjY2OkgaGpOCPueOtBqJ0go5vWkLhUMpTGtO3kbvteCOuRyGv9J1bk4nwrHD7qnjl5wB-1HGgOm8_C3Nb5cKxaJTGiCOjXhdlsg2crZu7OuI3jCGYaRFflQkhnCXsDg5eNxhD2cvrOHoo7koY1WOf7ICKE1LpSUgirdjTgdWPBvA-h00vMOYNsRJinaicvWwb2UPxF7ZAuD8sb4SnUC4KreZCSbUX-q9vkqchm9RQ0Em-SaVukF4h5Fh6OuRS2mvHGlpatjQHYFNYv1LJI7YT5Su11BgkpwCGszWQmxI1sfAgq9Ns12xRCkmu22Wv-k9fRrzE6LUUG_3Do_8XssoE_n1Ahdnkq5O8eZ36lg-6UL2S25raKfJFjfF7TdIM2ZQvKxl6gbK5KcbuRurSL1PQHVwoMcAySxSXx7uetLDVqMxN1_pPX-Atgr-xNs8ZDM6CPHQ2mDqLHCFxFIFzQ5jCp7wtXStJABAsPVxnqx-d6f5wFcqyoIjL6L8nlJV-7ruVuEoFCjp45Cc2jgjEk5T1lSp2yW0CFWAtc4DrxDXr2RIazVAxCH_i0mMiEbSmD4omSY2RaVn5GJ_wS7-kFZZ6GHuj70-JeroFp3wMpi0ZsbztFqv_1jIXuLmFU3fOLyi5sWJN9d2pfBaQzX3eNiktdbGDP2HfAhiPh4DZgKI5dhtv1MOdONplLqgfQz9UxGhAGV8mvrWKjdq-AUhHaXAW_SqkqQSZm7Q-opPR6crAH_9LUaFwVeU_F14Aq5SZP9W0q6N2_vJ5Y43ZeIsWzi7PBxwvHGgeB5QhpqDj9j6mbe05QYByIV7nvjvh3XSSVJhgPZPf8K3bjO75TUXd1EYOTJx54o8qF7E2H74NgiFusHG0Z20mrskBhr8_Cnx5g3jqUlDzW11NtYJuKgXErpFx_yY1ljvEEDSucDA4wh2dzPGVO_F5iQYrlo3McgB8j1LiZItG5fGhYIABIS5GhWzMC3Ls2wLq58PSvhFeomYAE

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

67cf5c21bfc71ee46210832792237e4a6ccd99e5c7bc198b046a38c9167fd0ab

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 09:23:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 37
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3128
x-xss-protection: 0
server: cafe
etag: 3658073882064373855
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 28 Oct 2021 09:23:23 GMT

GET
H2 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20211011/r20110914/ Frame 99DE 23 KB
9 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20211011/r20110914/abg_lite.js

Requested by

Host: bid.g.doubleclick.net
URL: https://bid.g.doubleclick.net/xbbe/creative/adj?p=APEucNVLdPOzFTTB6sf8aEPJc2gliaLWUtovRx_Xp6s19gT5I6bmbcU&d=CnkAoCZ_4BGjuPnG8mPgdmOyJmIgnNkLqnFhDZW4VUdYngxPFq3ZCQFHgI7MTgcs-JgDWk1_Am-suH8EpgQYOcWWNZXEZORzfbgrr90MOt3SkwjJYet5sbIcGNs4mJId9Qbdgq_kB9CjZn6zbfZru-UfY3E-ag3LCEEdEqkRAKAmf-ASH0c6JSPVtZXdfKhABYtMt0rIv0H7dAdFcleCHPcMseX3YT-P8j3FSqFdBIdrmSZDtYQSv3rnAYHh2HwtUYcIFrRRR83ygZbuBOA8ttVoB7Df3_O12PcREJtZVZY1taWkwCI-xnRA6MeFJOEGkl32_TYjxNoagXVV8ue7Fuck3KcVuVy4eM3WAnqmZi1SHUwIJM9ZxF5db4hGUfp8T2u9im-UyMnKEmiGJAyOzC7c1JS55lxyS-pXr3-t8ywoAZGUVvzeaev-TqC0WjxozIm4tkrthGQmTLp9yVhjsrnCTU59QPu6Pos0VN01vZKAX4tAuKoHd6Cidza5Aq5-iYbO9-eoqUwgrg7TjAmFH45t3Z2osE9LQ1PcLOe77SgELFIe4Ri2HUk647d2Ccp7tNE-tCDhHaC-fs4yNgnnbpCZDC_rQIQ8TOveAVSZgj2Gsj94MjhtkcKHiFM2h8VVYzpq9LS3U4njFtvtewgjBfpc_2ug_fM_Pihk0m42RsM5d-WlgKfkWHR_eqLR0Gpd-4iOjILFSdPEtc7bUO2DP3Wrzj2ifwWhoT_F3vQggWmal3XddMML1hWlhY6yG9WTN9auAhAucONiKsaIST7-6jzqmV7mdK7RuzkD4HqHjHUE0yx-5z-Wi6oeImDafSUFbRCctY7jR1Jq4nqEUBHM_lAxurO6S941abhKepJiUel8kVhPLzBChlOGqMAGVmnWcRr-DTCLUuEfzq6Wb6UQZpXvPWJ6L-5lNyfqZ5r3791uzWcSNiOaRVjywYdtEM3WcPz3IoGFlk51zNvET0A3F6B9_fejQ59EL9XffGOG4uObAJVBerJb3QuXzyBIqQmFw2AIUf8h1y_yskzp9pXawF5ZkMWDPtSjfQr_uzlYYc5z7Ozmb5T5nDbtB_6JY0syxcyx6adDTWuc_Yr8jQcJclYDBidG4-_L83Yiq1lxaraetxs0pF4LVKNufOR14a95LDzVpD5WRMK7_fEXQTRuzkorvvpPUeU5tgG6Gz0tF5cYmA6G7494NabQ2us2xQgEbMw5_iFDU7cRefp2H6FVUpkLk7ZyZrxFtELMrnoTruvG_9uHgQX_y6r7HGnH6wzEvgTW1It_d99mDjOki3NAAs70LsLlQwMe4enNmUkQl6_dpHI-pL6m4vPRL8NpJWq5sc2qnBi_eeS6BMLRU72j5Q-BP9YkDqlcboIBRYQH3ctTiyOSf_VVaGXKR1_ecosULbTAknvTJuNFodjrphO9n6KJ95kFytIdSt6vq9e8W-BGKRXh_S1QloyxTCnQPsI7JfsVyx6b_8gjf22ICzpOUJ2U8lP4VUrlvQ-7wRW6PdKt8Hu2vXhD9EUuoKUF0iMoHCmLPuLxZEokzrzXAxzMXowyxzT0j4OuKDzas_UZlPZdYCPa_x8XYays-CtCYb1rKMo_t6MjEMZVhEdf8PYTkvhGQH_WyUR6wczlcTcdVW5t2EXE5yTpsYkiqC6PZ871ymvyiAcNXevdZbndD6-qcQ1GWUHV58gALeLjL435fU24wzAqJtOt3jItr_RAbFH-Fwlvd7OYYTgK5oYoZXLDNdcQqepIigQLFBjVYCSngYLZn2s3UvtkcnJHV_FFZ-_ekzvZTe4EnDuTW2RedVir5T-unxI2gCI5txzZcEnr0cGEBi3ZAqJWoWV2xuUrhEdneefOAUYjadYt7xkG0KWQM8WcwhR83829zMLHTTFigeiGKkb5uXJfAoudxHj-1eo5q05FiqWLsRsgKDudT8aa79QRz4fwT331dDA-FZ6j3yg52OTnlIypJLf7mBZMdfGKwesFMRmIJiW7pONQNsOJMMYlgNW9QNvWakWx1rkvzRMSfh1RSn-1BSqj_s7qLBb2GbvE2jlJlbn-D-TMiFMI413HTI5IDHL4yeGY_a-YGGfHmd2OWhHtmZYTxCDduNAa7y-NDMuXM5a8NaoGjQfy5tyyMkiswF0AKLxSgp59A2UQatjY2OkgaGpOCPueOtBqJ0go5vWkLhUMpTGtO3kbvteCOuRyGv9J1bk4nwrHD7qnjl5wB-1HGgOm8_C3Nb5cKxaJTGiCOjXhdlsg2crZu7OuI3jCGYaRFflQkhnCXsDg5eNxhD2cvrOHoo7koY1WOf7ICKE1LpSUgirdjTgdWPBvA-h00vMOYNsRJinaicvWwb2UPxF7ZAuD8sb4SnUC4KreZCSbUX-q9vkqchm9RQ0Em-SaVukF4h5Fh6OuRS2mvHGlpatjQHYFNYv1LJI7YT5Su11BgkpwCGszWQmxI1sfAgq9Ns12xRCkmu22Wv-k9fRrzE6LUUG_3Do_8XssoE_n1Ahdnkq5O8eZ36lg-6UL2S25raKfJFjfF7TdIM2ZQvKxl6gbK5KcbuRurSL1PQHVwoMcAySxSXx7uetLDVqMxN1_pPX-Atgr-xNs8ZDM6CPHQ2mDqLHCFxFIFzQ5jCp7wtXStJABAsPVxnqx-d6f5wFcqyoIjL6L8nlJV-7ruVuEoFCjp45Cc2jgjEk5T1lSp2yW0CFWAtc4DrxDXr2RIazVAxCH_i0mMiEbSmD4omSY2RaVn5GJ_wS7-kFZZ6GHuj70-JeroFp3wMpi0ZsbztFqv_1jIXuLmFU3fOLyi5sWJN9d2pfBaQzX3eNiktdbGDP2HfAhiPh4DZgKI5dhtv1MOdONplLqgfQz9UxGhAGV8mvrWKjdq-AUhHaXAW_SqkqQSZm7Q-opPR6crAH_9LUaFwVeU_F14Aq5SZP9W0q6N2_vJ5Y43ZeIsWzi7PBxwvHGgeB5QhpqDj9j6mbe05QYByIV7nvjvh3XSSVJhgPZPf8K3bjO75TUXd1EYOTJx54o8qF7E2H74NgiFusHG0Z20mrskBhr8_Cnx5g3jqUlDzW11NtYJuKgXErpFx_yY1ljvEEDSucDA4wh2dzPGVO_F5iQYrlo3McgB8j1LiZItG5fGhYIABIS5GhWzMC3Ls2wLq58PSvhFeomYAE

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

599ad71fae7cb8d014f7c2d29b8450bc7c34f8e32d49fa103716becef8ae9964

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 09:22:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 100
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9283
x-xss-protection: 0
server: cafe
etag: 1044373809082006429
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 28 Oct 2021 09:22:20 GMT

GET
H2 200 index.html Show response
s0.2mdn.net/10774078/1632247291206/ Frame 9355 13 KB
4 KB 9ms
7ms Document
text/html 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/10774078/1632247291206/index.html

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_273.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2bb96ba8c0235c8edc63ca18df0e08d7309a2f2e8fddedd954a4101f1926ca6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: s0.2mdn.net
:scheme: https
:path: /10774078/1632247291206/index.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-length: 3720
date: Thu, 14 Oct 2021 09:01:05 GMT
expires: Fri, 15 Oct 2021 09:01:05 GMT
last-modified: Tue, 21 Sep 2021 18:01:31 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
age: 1375
cache-control: public, max-age=86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame BF5A 0
23 B 19ms
18ms Ping
image/gif 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsuJZl2eX-n0jqUvu6jbnhuQBAKLm3OU83EWPQfj6Rpf1atvb8E1CDgQDTfe9h35g-sU-EQrzKMDAqfjEeZoxcuh4Zfdw0dUr43rpBCKRP9SHt6m_3kqkpQ3BIqlvQBZirfYgb9KekA3CuPrXI947g&sai=AMfl-YTY3bN_YG3ZO656lkhba6e1o4qCjPfHQU97p7ygCYvY90V_nY0blxAg_sCt5_-peDhARsb8ZHEF_uzECsqaSBk4tBwFs5gcH3c&sig=Cg0ArKJSzO7aYD9YCFnbEAE&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=322&cbvp=1&cstd=319&cisv=r20211011.66722&adurl=

Requested by

Host: by-them.com
URL: https://by-them.com/430811?utm_medium=email&utm_source=mag_W000000003_thu&utm_campaign=mag_9999_0930&trflg=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ec2-3-126-56-137.eu-central-1.compute.amazonaws.com

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Thu, 14 Oct 2021 09:24:00 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H2 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 4279 143 B
226 B 7ms
6ms Document
text/html 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: 3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com
URL: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/s?v=r20120211
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
cookie: IDE=AHWqTUlopxitySf2MkNATtgMj4sCbW4PdSTqR7wFButfVKU5IY96dTnuVrJvps2xJUk
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/

Response headers

content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Thu, 14 Oct 2021 09:00:15 GMT
server: safe
content-length: 145
x-xss-protection: 0
cache-control: public, max-age=3600
age: 1425
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 exitapi-impl.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/api/ Frame 05B2 9 KB
3 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/api/exitapi-impl.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/10980269524931627100/index.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d661244532ddce6a92fb96fde511e23ea4de69ff2e41a5bffb884caa71166e01

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 01:24:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 28762
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3271
x-xss-protection: 0
server: cafe
etag: 7483759447172721109
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Fri, 15 Oct 2021 01:24:38 GMT

GET
H2 200 addata.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame 05B2 26 KB
10 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/10980269524931627100/index.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

54a66c4693bfd79901040269ae7d7304508cbd02859797a1780f2bbe72176e23

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 13 Oct 2021 23:30:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 35610
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10382
x-xss-protection: 0
server: cafe
etag: 12806417668659483808
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Thu, 14 Oct 2021 23:30:30 GMT

GET
H2 200 ad441fc03ceaa6a54a3d394ec6d54789.js Show response
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/10980269524931627100/ Frame 05B2 69 KB
18 KB 7ms
7ms Script
application/x-javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/10980269524931627100/ad441fc03ceaa6a54a3d394ec6d54789.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/10980269524931627100/index.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a83d1c5d7cdd73425cf4ae542e9544a7e3695653deafb8bad106886b06f38d44

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding: gzip
x-content-type-options: nosniff
age: 265823
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18130
x-xss-protection: 0
last-modified: Mon, 26 Apr 2021 10:35:39 GMT
server: sffe
date: Mon, 11 Oct 2021 07:33:37 GMT
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 11 Oct 2022 07:33:37 GMT

GET
H/1.1

204
No Content

sync
ups.analytics.yahoo.com/ups/55946/ Frame B92A
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=adtech_dbm&google_cm&google_dbm&_origin=1
https://pixel.advertising.com/ups/55946/sync?uid=CAESEPGWrRqpg_nMOd-WAjuAvuY&_origin=1&google_cver=1
https://ups.analytics.yahoo.com/ups/55946/sync?uid=CAESEPGWrRqpg_nMOd-WAjuAvuY&_origin=1&google_cver=1&apid=UP76fd6389-2cd0-11ec-b57c-02e8ad9e7d96

0
1 KB

10ms
10ms

Image
text/plain

3.126.56.137
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ups.analytics.yahoo.com/ups/55946/sync?uid=CAESEPGWrRqpg_nMOd-WAjuAvuY&_origin=1&google_cver=1&apid=UP76fd6389-2cd0-11ec-b57c-02e8ad9e7d96

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPnoIxCA2vS7AhiEkpG1ATAB&v=APEucNW2omP4Zo5dQJhBVVX7Zm713AqSqtMnz9c1ab6g5J6Y709ZNM245JewgOJEU_NAlDvcJpuDtGEzdRpISY8R9ETth8HRA31Ww1ww_Tru_VAagfLhiNjRRunsf5blFHNacND5sx65LvheCfHavJd9gV-Cwl0u3cP7fEi3EjAxGzFXafP-YKw

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

3.126.56.137 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

ATS/7.1.2.138 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Thu, 14 Oct 2021 09:24:00 GMT
Server: ATS/7.1.2.138
Connection: keep-alive
Age: 0
Strict-Transport-Security: max-age=31536000
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

Redirect headers

location: https://ups.analytics.yahoo.com/ups/55946/sync?uid=CAESEPGWrRqpg_nMOd-WAjuAvuY&_origin=1&google_cver=1&apid=UP76fd6389-2cd0-11ec-b57c-02e8ad9e7d96
date: Thu, 14 Oct 2021 09:24:00 GMT
content-length: 0
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame B92A
Redirect Chain

https://pixel.advertising.com/ups/55946/sync?_origin=1&redir=true
https://pixel.advertising.com/ups/55946/sync?_origin=1&redir=true&verify=true
https://ups.analytics.yahoo.com/ups/55946/sync?_origin=1&redir=true&apid=UP76fd6389-2cd0-11ec-b57c-02e8ad9e7d96
https://cm.g.doubleclick.net/pixel?google_nid=adtech_dbm&google_hm=VVA3NmZkNjM4OS0yY2QwLTExZWMtYjU3Yy0wMmU4YWQ5ZTdkOTY%3D

170 B
188 B

18ms
17ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=adtech_dbm&google_hm=VVA3NmZkNjM4OS0yY2QwLTExZWMtYjU3Yy0wMmU4YWQ5ZTdkOTY%3D

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Oct 2021 09:24:00 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Thu, 14 Oct 2021 09:24:00 GMT
Server: ATS/7.1.2.138
Age: 0
Strict-Transport-Security: max-age=31536000
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Location: https://cm.g.doubleclick.net/pixel?google_nid=adtech_dbm&google_hm=VVA3NmZkNjM4OS0yY2QwLTExZWMtYjU3Yy0wMmU4YWQ5ZTdkOTY%3D
Connection: keep-alive
Content-Length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame B92A
Redirect Chain

https://ups.analytics.yahoo.com/ups/58269/sync?_origin=1&redir=true
https://cm.g.doubleclick.net/pixel?google_nid=oath_dbm&google_hm=eS1WejdUeXZsRTJ1RnlaNnVJcFlWZEc0OVVpRjUuaHlla35B

170 B
188 B

23ms
23ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=oath_dbm&google_hm=eS1WejdUeXZsRTJ1RnlaNnVJcFlWZEc0OVVpRjUuaHlla35B

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ec2-3-126-56-137.eu-central-1.compute.amazonaws.com

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Oct 2021 09:24:00 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Thu, 14 Oct 2021 09:24:00 GMT
Server: ATS/7.1.2.138
Age: 0
Strict-Transport-Security: max-age=31536000
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Location: https://cm.g.doubleclick.net/pixel?google_nid=oath_dbm&google_hm=eS1WejdUeXZsRTJ1RnlaNnVJcFlWZEc0OVVpRjUuaHlla35B
Connection: keep-alive
Content-Length: 0

GET
H2 200 express_html_inpage_rendering_lib_200_273.js Show response
s0.2mdn.net/879366/ Frame CAB7 114 KB
39 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_273.js

Requested by

Host: by-them.com
URL: https://by-them.com/430811?utm_medium=email&utm_source=mag_W000000003_thu&utm_campaign=mag_9999_0930&trflg=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2bc98b5956d216197013af35c909aa49d3aa7c26b48de9e9930eb4bd6b846391

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/
Origin: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 13 Oct 2021 11:05:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 80290
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 40185
x-xss-protection: 0
last-modified: Wed, 30 Jun 2021 20:54:50 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 14 Oct 2021 11:05:50 GMT

GET
H2 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20211011/r20110914/elements/html/ Frame CAB7 8 KB
3 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20211011/r20110914/elements/html/omrhp.js

Requested by

Host: bid.g.doubleclick.net
URL: https://bid.g.doubleclick.net/xbbe/creative/adj?p=APEucNVLdPOzFTTB6sf8aEPJc2gliaLWUtovRx_Xp6s19gT5I6bmbcU&d=CnkAoCZ_4JXeUo47NFPl2mxpcVJ0KdpzhJmy8n2yJGDCJrPEBkS0tvj39QCIC9pnLpGdpHf8tRhJtw-LUMeMSg-JvggnKlct0RVZaxLcfwHbzKXzFkDZjgwrrKrjv2-_umkfUK5kyVnMy5nZjslg7sesLjOpZrref19cEvkRAKAmf-A6cerZKR_5mZ5sVcKza2SrQzvPtqv6oMCtAIZLS7NeZ_S6LhCWm84LnFb4EQSLdrEH7ER2pVDkP74g76_hQQ2rBByHTX5dlgImpE2wdOCCG048C_i-KMYvc9pNqEz6hdvnZDPSnFomZl2V8D_69ze4ZSWvkFSqw38bkdhz81BmtbEvMA_yml9Z8xjND6LcIe70Hsg06Q7LeN43jVBUXG23SmGQWOYAYRU9gmw91ctt3gLtVycq7zC7gsvAnVPBC8I9-5Ev0965CTCq1FjYBZE4Q6o50XDnXyjnbnu2s0F9lXiBsinMKRFR5goKEQImWp6i9K8Srfo8g8hlo5MdWYw9nCBT8HsFuIX7V1_DVj_B6wlsNhrI01h4ZSlG6E9xvqEa0yb9OYbHUzrffC4793S72jvsi_yMuRYN445xiWgAvu4sMbBuI06hN2lbNHWMzawPD21I4XuQ9cCZTRzroi-UvoRh1leJyoTpNL3Kx22cg3ro5vBN5gSJaRolOQo3oMDXeUpeFen2BSVvZY8HPP5c00F_bkEk2Y3gYInYEH9j_u3bvyNAm5IA3Mi_sMwlh3xxVplMzH1c462MQV4HYnNLRetVeA7hLxRDHERdO_ayzcucuQ07U4QkLZc1GdaNmts6442XQn_EtRdaRkPrkkHkGAEmK_K2HEI_KePUBBgWgjsdNkLw9vrPom4OTo8toTuHWdV0uztDsCLvO8_uIStj7oYYTxUmJ5sJch2xEDxF8bzBVxTgBhgTZzaA05etnLYVPnacgPDStYXJoXt2gOiKxmhv6DVzEjTKgqNf8-cub3UnWXk1bwQi3N7Hnyy58t9iYsKrKEQaKLyEEaOL4E7dWIVJPPrk-DtV-9T4kqCv20iX2zExQRzKnG0h7XIvp_OCP0maUWJcccCMeyHJa6NBCHN2wD63j034ODYAJ__TlI3NRHcxXOOTeTEM4TIHsGaDHKXFWPXOlEsVCWH4Kr3RKVqqP7jsV1h6ZwlkJ4I4m8PHTgzyJiXR-baTXs-4YeQCL3J-hVgm_GIZ9_M5yfkW6_yD1NfJWRhv7k16D3wlTfh0WqpoOh7ePEUugqpUgMKKVVxbEM5grY0t0xXk9tLYlvZKEPz2naTeMMA9oX1dNoxIiDJm6GXIwCq_yNefDmwJpE9ne-o-AKqWXSYkfp-8IpxS6J-rbrna4V3T342Wca9KF9LlrjruoY2kORzs9AUibfcBhpUF4FKyRLVAnZZzGKtC0XKoR-14gSDI7LSUtWAXU403mYIljJYqJsT4BO8ZPbbtzzFIe4oalupEstNXv0JdmnbRybFcV5Q8BJOY7VfFn4eHWZKrZda81JKrlJuEt1d8PpAE5fCUZeRpThUijNcHgaaMhKGcGQmu5AUK2Al3u5vNPY8itaBcTzmldREN5We9x2oRgYqtkaR_EON2pO9_-7c1fWivJP-T-yTNJVWO9vUQsKY1k1wr_gg7DgpjCIIP7apCOTYkN3yBZ3IbvAfe4I3dUh9YOQUuJkzc6mgM_aFBHmbRecvI8mEQSFTwwH5MsGonl8C-XVuS4Wbyv8B4tcknSxaLVME7Y6MNQWEON43i-RtAITBmwxO_9-5Y7hbozJ-lY6MTkVGVhSkLgboyMXbPNcvA2TLZW5_6egzkSaQVbuuHbV8LC3T5o94UtQ3jUSOB1Sn-6TXFvw8SJ3V_cgneOFI79_6QWb4ajfPAOa4UXPIIPxjAzhGDPNNqWRgTXLtKN3q-WckPE5nwN-EjxAa_j_Ld8Rnj8NAsvvjeQm5NP49wyeSnwqixpgyQ-LREOysfWBi1oe6bIvnZs6Xk2Y2YPDKYjziNAU3aZQHN2lAhuH6CFT9F6_CHcDyu90WPR24-amemh09CF5RCNcMHwZSVSEORp64Vy5IjN823bF6ZzToG6hVxZhnZXCheuyNIcKPP4K2sr1iJv2vEgDyxNLecIr-k1RENhp9HP6FLdVSpgkDyX_okMP_MupKcjMsgmVUEC9E-CFdkb6twtDJGcvRbLdvbvgjDT_KoJKwWEXYVNbkNOH_R1rRUcqW9JzBX1xMa9BOvhlqNPPSUkB4HxOGP3Nc9o8Zvk8FdVpz8iDdPzeH-v7OvmfpqN3Fn99piHXpNhsyp51DlW1gOGBPQXqmy9C0laprC64S5fVzksC767CxnszWsqkPU0CG5ruYuZsEybSHhR_kbaH_cEVSioos3zsJRXUJo4zbSfN-lEuUaiUYedrRqw6vH2ST1xGKJCkhF_k1_zejKAgi-mvtCv3Z8f5OuPGydiHowe1dlAz914gqIfRuXertMxpVNScBbHPcnqWubgBgEhfmSoMQu1bINwRWLZd__4tgobnAFe5vr6QPMsVSN8ZKfEFEZqH_0sOhThYyMYwXnof3jCc2ptySZ5_oMVaXCFgIdKY_GrO4aRFR3-jEdIsCx5DOjXyBrkDv9TJ5U2xf1MFSFJEod4yQVVzXbgrY0vSkzmjU2YlAo3K_JaOGkI-_z1kwBv__oQemOaaA6-GxlbCfwQL8qmj5l8-2eBk4lQoyBLnA4eAGeIgrJ-2wNeP-NU0fqSRqaofaksh_Iu6UDHsYngfCzalgREuZyRR1zrn6K2vpS6zkiS2nytcxqU51bIGr3AX5EEczfx92GPoM2ZKki5LYvAEWa_kLI8LU2GOd9vjnT4wqlZ-zOJKG5EN2fMNw_OwHTFU0YvPdiwR4RxBBJBpRuoTFzV0abrIhOq--cG5c8oVYoQ7co4DUt2fWRYtqFeA1k6at4ZPDYInhpdVTWN_A25iJg6c8ht0ZfgiyBtNsIYNInXTmTtSptOgrVbWv8WtAdQehyyoiVkjXyOgX65CNEUfALI3lPHcK5Cbu8aHA4HLwfp9ig--eAcHsX7OzjIriCPhyoYIe3a4JtqDHmsaY_uIbr7H_bKvtvF0T3CDvxJEx9h_7jW64U0swLLTBAdULUdOg17CUrB_RRrbA2K1fDEeZ1Xx7tXfYGLMjQ47bkVV8vOPoLiGuGbtQVukdlSBjlngBvPku8yjW1n5COI7t2v4TNR7Y08ml_iIFJeSRp0JYaFggAEhLkaEDHJ7htXLk2MF-Sy3t9L_pgAQ

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

67cf5c21bfc71ee46210832792237e4a6ccd99e5c7bc198b046a38c9167fd0ab

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 09:23:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 37
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3128
x-xss-protection: 0
server: cafe
etag: 3658073882064373855
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 28 Oct 2021 09:23:23 GMT

GET
H2 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20211011/r20110914/ Frame CAB7 23 KB
9 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20211011/r20110914/abg_lite.js

Requested by

Host: bid.g.doubleclick.net
URL: https://bid.g.doubleclick.net/xbbe/creative/adj?p=APEucNVLdPOzFTTB6sf8aEPJc2gliaLWUtovRx_Xp6s19gT5I6bmbcU&d=CnkAoCZ_4JXeUo47NFPl2mxpcVJ0KdpzhJmy8n2yJGDCJrPEBkS0tvj39QCIC9pnLpGdpHf8tRhJtw-LUMeMSg-JvggnKlct0RVZaxLcfwHbzKXzFkDZjgwrrKrjv2-_umkfUK5kyVnMy5nZjslg7sesLjOpZrref19cEvkRAKAmf-A6cerZKR_5mZ5sVcKza2SrQzvPtqv6oMCtAIZLS7NeZ_S6LhCWm84LnFb4EQSLdrEH7ER2pVDkP74g76_hQQ2rBByHTX5dlgImpE2wdOCCG048C_i-KMYvc9pNqEz6hdvnZDPSnFomZl2V8D_69ze4ZSWvkFSqw38bkdhz81BmtbEvMA_yml9Z8xjND6LcIe70Hsg06Q7LeN43jVBUXG23SmGQWOYAYRU9gmw91ctt3gLtVycq7zC7gsvAnVPBC8I9-5Ev0965CTCq1FjYBZE4Q6o50XDnXyjnbnu2s0F9lXiBsinMKRFR5goKEQImWp6i9K8Srfo8g8hlo5MdWYw9nCBT8HsFuIX7V1_DVj_B6wlsNhrI01h4ZSlG6E9xvqEa0yb9OYbHUzrffC4793S72jvsi_yMuRYN445xiWgAvu4sMbBuI06hN2lbNHWMzawPD21I4XuQ9cCZTRzroi-UvoRh1leJyoTpNL3Kx22cg3ro5vBN5gSJaRolOQo3oMDXeUpeFen2BSVvZY8HPP5c00F_bkEk2Y3gYInYEH9j_u3bvyNAm5IA3Mi_sMwlh3xxVplMzH1c462MQV4HYnNLRetVeA7hLxRDHERdO_ayzcucuQ07U4QkLZc1GdaNmts6442XQn_EtRdaRkPrkkHkGAEmK_K2HEI_KePUBBgWgjsdNkLw9vrPom4OTo8toTuHWdV0uztDsCLvO8_uIStj7oYYTxUmJ5sJch2xEDxF8bzBVxTgBhgTZzaA05etnLYVPnacgPDStYXJoXt2gOiKxmhv6DVzEjTKgqNf8-cub3UnWXk1bwQi3N7Hnyy58t9iYsKrKEQaKLyEEaOL4E7dWIVJPPrk-DtV-9T4kqCv20iX2zExQRzKnG0h7XIvp_OCP0maUWJcccCMeyHJa6NBCHN2wD63j034ODYAJ__TlI3NRHcxXOOTeTEM4TIHsGaDHKXFWPXOlEsVCWH4Kr3RKVqqP7jsV1h6ZwlkJ4I4m8PHTgzyJiXR-baTXs-4YeQCL3J-hVgm_GIZ9_M5yfkW6_yD1NfJWRhv7k16D3wlTfh0WqpoOh7ePEUugqpUgMKKVVxbEM5grY0t0xXk9tLYlvZKEPz2naTeMMA9oX1dNoxIiDJm6GXIwCq_yNefDmwJpE9ne-o-AKqWXSYkfp-8IpxS6J-rbrna4V3T342Wca9KF9LlrjruoY2kORzs9AUibfcBhpUF4FKyRLVAnZZzGKtC0XKoR-14gSDI7LSUtWAXU403mYIljJYqJsT4BO8ZPbbtzzFIe4oalupEstNXv0JdmnbRybFcV5Q8BJOY7VfFn4eHWZKrZda81JKrlJuEt1d8PpAE5fCUZeRpThUijNcHgaaMhKGcGQmu5AUK2Al3u5vNPY8itaBcTzmldREN5We9x2oRgYqtkaR_EON2pO9_-7c1fWivJP-T-yTNJVWO9vUQsKY1k1wr_gg7DgpjCIIP7apCOTYkN3yBZ3IbvAfe4I3dUh9YOQUuJkzc6mgM_aFBHmbRecvI8mEQSFTwwH5MsGonl8C-XVuS4Wbyv8B4tcknSxaLVME7Y6MNQWEON43i-RtAITBmwxO_9-5Y7hbozJ-lY6MTkVGVhSkLgboyMXbPNcvA2TLZW5_6egzkSaQVbuuHbV8LC3T5o94UtQ3jUSOB1Sn-6TXFvw8SJ3V_cgneOFI79_6QWb4ajfPAOa4UXPIIPxjAzhGDPNNqWRgTXLtKN3q-WckPE5nwN-EjxAa_j_Ld8Rnj8NAsvvjeQm5NP49wyeSnwqixpgyQ-LREOysfWBi1oe6bIvnZs6Xk2Y2YPDKYjziNAU3aZQHN2lAhuH6CFT9F6_CHcDyu90WPR24-amemh09CF5RCNcMHwZSVSEORp64Vy5IjN823bF6ZzToG6hVxZhnZXCheuyNIcKPP4K2sr1iJv2vEgDyxNLecIr-k1RENhp9HP6FLdVSpgkDyX_okMP_MupKcjMsgmVUEC9E-CFdkb6twtDJGcvRbLdvbvgjDT_KoJKwWEXYVNbkNOH_R1rRUcqW9JzBX1xMa9BOvhlqNPPSUkB4HxOGP3Nc9o8Zvk8FdVpz8iDdPzeH-v7OvmfpqN3Fn99piHXpNhsyp51DlW1gOGBPQXqmy9C0laprC64S5fVzksC767CxnszWsqkPU0CG5ruYuZsEybSHhR_kbaH_cEVSioos3zsJRXUJo4zbSfN-lEuUaiUYedrRqw6vH2ST1xGKJCkhF_k1_zejKAgi-mvtCv3Z8f5OuPGydiHowe1dlAz914gqIfRuXertMxpVNScBbHPcnqWubgBgEhfmSoMQu1bINwRWLZd__4tgobnAFe5vr6QPMsVSN8ZKfEFEZqH_0sOhThYyMYwXnof3jCc2ptySZ5_oMVaXCFgIdKY_GrO4aRFR3-jEdIsCx5DOjXyBrkDv9TJ5U2xf1MFSFJEod4yQVVzXbgrY0vSkzmjU2YlAo3K_JaOGkI-_z1kwBv__oQemOaaA6-GxlbCfwQL8qmj5l8-2eBk4lQoyBLnA4eAGeIgrJ-2wNeP-NU0fqSRqaofaksh_Iu6UDHsYngfCzalgREuZyRR1zrn6K2vpS6zkiS2nytcxqU51bIGr3AX5EEczfx92GPoM2ZKki5LYvAEWa_kLI8LU2GOd9vjnT4wqlZ-zOJKG5EN2fMNw_OwHTFU0YvPdiwR4RxBBJBpRuoTFzV0abrIhOq--cG5c8oVYoQ7co4DUt2fWRYtqFeA1k6at4ZPDYInhpdVTWN_A25iJg6c8ht0ZfgiyBtNsIYNInXTmTtSptOgrVbWv8WtAdQehyyoiVkjXyOgX65CNEUfALI3lPHcK5Cbu8aHA4HLwfp9ig--eAcHsX7OzjIriCPhyoYIe3a4JtqDHmsaY_uIbr7H_bKvtvF0T3CDvxJEx9h_7jW64U0swLLTBAdULUdOg17CUrB_RRrbA2K1fDEeZ1Xx7tXfYGLMjQ47bkVV8vOPoLiGuGbtQVukdlSBjlngBvPku8yjW1n5COI7t2v4TNR7Y08ml_iIFJeSRp0JYaFggAEhLkaEDHJ7htXLk2MF-Sy3t9L_pgAQ

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

599ad71fae7cb8d014f7c2d29b8450bc7c34f8e32d49fa103716becef8ae9964

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 09:22:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 100
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9283
x-xss-protection: 0
server: cafe
etag: 1044373809082006429
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 28 Oct 2021 09:22:20 GMT

GET
H/1.1

204
No Content

sync
ups.analytics.yahoo.com/ups/55946/ Frame D604
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=adtech_dbm&google_cm&google_dbm&_origin=1
https://pixel.advertising.com/ups/55946/sync?uid=CAESEPGWrRqpg_nMOd-WAjuAvuY&_origin=1&google_cver=1
https://ups.analytics.yahoo.com/ups/55946/sync?uid=CAESEPGWrRqpg_nMOd-WAjuAvuY&_origin=1&google_cver=1&apid=UP76fd6389-2cd0-11ec-b57c-02e8ad9e7d96

0
1 KB

10ms
10ms

Image
text/plain

3.126.56.137
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ups.analytics.yahoo.com/ups/55946/sync?uid=CAESEPGWrRqpg_nMOd-WAjuAvuY&_origin=1&google_cver=1&apid=UP76fd6389-2cd0-11ec-b57c-02e8ad9e7d96

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARiR7OioATAB&v=APEucNVZ-QQ6-fOdzTEKsmfm5R-gj_KUIC1CGWZHr8QuH5gKXtdz72aUchAZgkog2SdtsSyKiCKIz5-vdx6JY-J3LGjgYP3AytAIUNorNIjk5VMZIGHgVURZVjG8TrJ5AbNqp1UbOHAtB65dOg29EeX8qpeTHwV1pIbqWxujYvl7Y5xDisWAVIE

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

3.126.56.137 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

ATS/7.1.2.138 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Thu, 14 Oct 2021 09:24:00 GMT
Server: ATS/7.1.2.138
Connection: keep-alive
Age: 0
Strict-Transport-Security: max-age=31536000
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

Redirect headers

location: https://ups.analytics.yahoo.com/ups/55946/sync?uid=CAESEPGWrRqpg_nMOd-WAjuAvuY&_origin=1&google_cver=1&apid=UP76fd6389-2cd0-11ec-b57c-02e8ad9e7d96
date: Thu, 14 Oct 2021 09:24:00 GMT
content-length: 0
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame D604
Redirect Chain

https://pixel.advertising.com/ups/55946/sync?_origin=1&redir=true
https://pixel.advertising.com/ups/55946/sync?_origin=1&redir=true&verify=true
https://ups.analytics.yahoo.com/ups/55946/sync?_origin=1&redir=true&apid=UP76fd6389-2cd0-11ec-b57c-02e8ad9e7d96
https://cm.g.doubleclick.net/pixel?google_nid=adtech_dbm&google_hm=VVA3NmZkNjM4OS0yY2QwLTExZWMtYjU3Yy0wMmU4YWQ5ZTdkOTY%3D

170 B
188 B

17ms
17ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=adtech_dbm&google_hm=VVA3NmZkNjM4OS0yY2QwLTExZWMtYjU3Yy0wMmU4YWQ5ZTdkOTY%3D

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Oct 2021 09:24:00 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Thu, 14 Oct 2021 09:24:00 GMT
Server: ATS/7.1.2.138
Age: 0
Strict-Transport-Security: max-age=31536000
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Location: https://cm.g.doubleclick.net/pixel?google_nid=adtech_dbm&google_hm=VVA3NmZkNjM4OS0yY2QwLTExZWMtYjU3Yy0wMmU4YWQ5ZTdkOTY%3D
Connection: keep-alive
Content-Length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame D604
Redirect Chain

https://ups.analytics.yahoo.com/ups/58269/sync?_origin=1&redir=true
https://cm.g.doubleclick.net/pixel?google_nid=oath_dbm&google_hm=eS1WejdUeXZsRTJ1RnlaNnVJcFlWZEc0OVVpRjUuaHlla35B

170 B
188 B

23ms
23ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=oath_dbm&google_hm=eS1WejdUeXZsRTJ1RnlaNnVJcFlWZEc0OVVpRjUuaHlla35B

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Oct 2021 09:24:00 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Thu, 14 Oct 2021 09:24:00 GMT
Server: ATS/7.1.2.138
Age: 0
Strict-Transport-Security: max-age=31536000
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Location: https://cm.g.doubleclick.net/pixel?google_nid=oath_dbm&google_hm=eS1WejdUeXZsRTJ1RnlaNnVJcFlWZEc0OVVpRjUuaHlla35B
Connection: keep-alive
Content-Length: 0

GET
DATA 200
OK truncated
/ Frame F692 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bc7da8568312e503b03a5ecd7f94b78264b024e787ebb4e8ba764e5a5aa56669

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 6846 0
0 42ms
42ms Fetch
image/gif 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjss0JPEgAPFQb7faVgAHWy7_b60aWzQZLyy5fssU3RdF1gz4ujVZW7seQ5HoBgoA47vzKfe9b3KAv5jWaiOdNdIHDemomZZx83DhzijG2uJlPPXeLM82QjqBQi4kOaXMrFmRs96xmAj0hWiu3wZeOVHn5APO_W_qseAuMB4jXDcmvt1TlumnLqWLHwYhzAQNFlT3q-rRTukGAIk1IYZ9b7vQ0MxlW1U_B0lUzmilDiWe_t_pHKkSx6-0lS8f54dD9qlfyi15dhr-wUFCAg5fjPxcWH1kijuBxtJeTZHv8GpuydXXtS9FwPboRY69l3PPFQnV43abSw&sig=Cg0ArKJSzFkeqbNPkFQlEAE&urlfix=1&adurl=

Requested by

Host: 3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com
URL: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 14 Oct 2021 09:24:00 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
DATA 200
OK truncated
/ Frame 6846 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b2fe1a9b517fb16a2287c6f654dcd51410425ef7809cdce3875bf4152ebd8e58

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 6846 0
0 41ms
41ms Fetch
image/gif 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuAKsQCghR36xxEvRKIzJkpoYEpMiq-JxkKnJbx0RycCaHag5nifxJ593zP-W3vh1K8c55D7Tmun_1D1wtYJ2GSarTuYyfwkx1tF87rE44j8JXsMjIeJyEFqgfPnCZLg22bctMWmqPMdmPA92H5G7vSfmEiXOSrm6IRBQBkoPxBFbf95-BOg-JEYbuTdmnGVsXf-WPMo4bV-ut4GAHxdImp8ObndQcUzPgDrZxeqCuK4KDx_-jmKs5Ee6Tbblc06B4iQPbjEvmznz2RHQ157og-XLkvgupz60nHQNQ2x5WzAqBAd30QqqCODge6BrsdXS-n3lrOkLMk&sig=Cg0ArKJSzN2Ae7HwunGoEAE&urlfix=1&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 14 Oct 2021 09:24:00 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Thu, 14 Oct 2021 09:24:00 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 8CA2 0
0 42ms
41ms Fetch
image/gif 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssq72dS09LhLdtv4LxZee89BGmHI09A8DfGVp1o1m5W7OQSH4MPiS2r3xetRm1PWlKnqkDw22DPI_d9Zte3wlz-Ix8xTvyejCa3-CESZwizKGfB0aj5WTHBxwk9AjI7F7u314Ij984KpJHWqOLniWv7UIL4Cy_rWhbnLNUtr-ZGMtlzrE4-n6thesOUWlzemMuH1_8LTEkjISN2wZBGe-SW1Gm2PVP3Se-5-fjM0QQRTwKjWOii7bxv_BYmQMbYfeRspXWlYgznsxn5j51mr5vm_RrfpZZssfNX9MD2G6PDLic1lct3ma0LewVviiZPhAI&sig=Cg0ArKJSzOmih_m5PSi8EAE&urlfix=1&adurl=

Requested by

Host: 3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com
URL: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 14 Oct 2021 09:24:00 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 8CA2 0
0 42ms
42ms Fetch
image/gif 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjst-m5E1pkEGv9TVZAG_Z_Xv42sW5kl8A_jBlm-yiM5eBl9y1wf-sJ9oLV3-9VpygXn9Vssyo0PbdyNVU6ERqOOuIsHTm2Y06oNLSVgJ4JeWoOR45cJSoqT_UsSReHQb2Q5Zz0A7hc962DReucsFdB4HzvyAHc8y7lcIOZCc5Iw_DIU2-3xtlrzH2il3Vq2W27w_ADhSvpOmh9_vFAb3NFVJ1OfqFZp8V3hio8mykB_bkNe15AhaVgUWOH4sickgZMVaNs9b1_av95yUVtqW8BsgLOhVUHtKe8Zb5XjvPufB7U-maMfVcPGDQmKJL9vwtbXNKA&sig=Cg0ArKJSzJwsXQLYyjTmEAE&urlfix=1&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 14 Oct 2021 09:24:00 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Thu, 14 Oct 2021 09:24:00 GMT

GET
DATA 200
OK truncated
/ Frame 8CA2 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ca5d70ff636c0ae6a7481f63dbefc03a66e85c2ab1ea2bb23df4b24448e6e128

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type: image/png

GET
H/1.1

200
OK

/
rtb-csync.smartadserver.com/redir/ Frame 03C9
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=smartrtb_dbm&google_cm&google_dbm
https://rtb-csync.smartadserver.com/redir/?partnerid=76&partneruserid=CAESEFk-imgEzjiKF86i_DdjhhY&google_cver=1

43 B
163 B

16ms
16ms

Image
image/gif

185.86.137.133
SMARTADSERVER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb-csync.smartadserver.com/redir/?partnerid=76&partneruserid=CAESEFk-imgEzjiKF86i_DdjhhY&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CKjuaBCznHAY6uLqtQEwAQ&v=APEucNUSO3EFgPU9ev0Bw0BtpGR5us1kGAGCr6ib9RiB-q7jouBEVco-pElTUOF4vnU-bH_hdXGSFCq44G7NrpV0DY2mWmgGcRCSw0sCRu_NUYzeiQo9EYykQ-g3QhsTpS-IOCKIyRidJ87QF7g6Pbab36n1Id28aaNWrEc0H4EtOKZXLZ7psv0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.137.133 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: 89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 09:24:00 GMT
transfer-encoding: chunked
content-type: image/gif

Redirect headers

pragma: no-cache
date: Thu, 14 Oct 2021 09:24:00 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://rtb-csync.smartadserver.com/redir/?partnerid=76&partneruserid=CAESEFk-imgEzjiKF86i_DdjhhY&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 316
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK /
rtb-csync.smartadserver.com/redir/ Frame 03C9 43 B
163 B 60ms
16ms Image
image/gif 185.86.137.133
SMARTADSERVER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb-csync.smartadserver.com/redir/?partnerid=76&partneruserid=GOOGLE_HOSTED_PI&redirurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dsmartrtb_dbm%26google_cm%26google_hm%3DSMART_USER_ID_B64
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CKjuaBCznHAY6uLqtQEwAQ&v=APEucNUSO3EFgPU9ev0Bw0BtpGR5us1kGAGCr6ib9RiB-q7jouBEVco-pElTUOF4vnU-bH_hdXGSFCq44G7NrpV0DY2mWmgGcRCSw0sCRu_NUYzeiQo9EYykQ-g3QhsTpS-IOCKIyRidJ87QF7g6Pbab36n1Id28aaNWrEc0H4EtOKZXLZ7psv0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.137.133 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: 89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 09:23:59 GMT
transfer-encoding: chunked
content-type: image/gif

GET
H2 200 m_71LU70zG8G78x6hYSYf2B3ELc7BGRgbsZokPhgXAY.js Show response
pagead2.googlesyndication.com/bg/ Frame 9659 35 KB
13 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/m_71LU70zG8G78x6hYSYf2B3ELc7BGRgbsZokPhgXAY.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9bfef52d4ef4cc6f06efcc7a8584987f607710b73b0464606ec66890f8605c06

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 13 Oct 2021 23:22:10 GMT
content-encoding: br
x-content-type-options: nosniff
age: 36110
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13358
x-xss-protection: 0
last-modified: Tue, 05 Oct 2021 11:38:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="botguard-scs"
expires: Thu, 13 Oct 2022 23:22:10 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame B9D7 0
0 41ms
41ms Fetch
image/gif 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstAA-SLZGLwdHT9nXCYiwlbUTTtHUMw6ccCG4cqmNod4auGxJP4bFkR1Rd_qllKaEaHzYkDPcNjy0mjaKvA6fLubyiolkyEYSyq0YQ27hzkztLebm5YQBFU3QMccHkONstmNWYeemNGp6g-_fKwpGX5c7UUok-cfQ1GLK0zFDGoSYLfZ1p0PMSBnW7kbl1dbLyIsSIuHcoi2_9Mh0dYEhIn3pbOYHfx1212ApMFFMig9eEp_SUpq0Xsxw8qrqE4SpYLanaZcCImUv-fNv0oSUKp3KbbNp6duBD0uNdxf2jRtdEMwh4CPGbbqUsL3bzCzOg&sig=Cg0ArKJSzC8QZsgfLC34EAE&urlfix=1&adurl=

Requested by

Host: 3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com
URL: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 14 Oct 2021 09:24:00 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame B9D7 0
0 43ms
43ms Fetch
image/gif 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstIT06Vx2giz4oLXY-qbgJsYAkkqbO-BTiajwNU3IQxIkrFGFmOOzwRSJ1cSbnP2K8yakimAnOEOVshR6YGA1eBrF2eTbAUwQoYG2t2cskBFOQC_3W3HEVEO8NKZ9JajBQk5oEhEGlXIrlKrbKIoVRbEAr3B6c7j6S7Ogdsuw4mqazmC9dIo0n7nFhzJYoD0ALPxI3O8y27jZDJsw4O_qjbprwHm2sQcD3ULXmiEJtkZS1EWmC5a4YQ4HyRcTi0RHWHb4HfvDoiK5SxBgHx96DEkdG_8mPkVO1iO5mHW8cWHbrSObnDZEi-gXvMGSm_yIheVQ&sig=Cg0ArKJSzA3ffSrTeb-iEAE&urlfix=1&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 14 Oct 2021 09:24:00 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Thu, 14 Oct 2021 09:24:00 GMT

GET
DATA 200
OK truncated
/ Frame B9D7 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: eb9fbf5a4310c5ccc2c596aaf0ced03547665ec7bc4eab7cb3dd913911d08c74

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame C45A 0
0 42ms
42ms Fetch
image/gif 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstFx2PGf9Xmm_ZO3HymLfelomI8JpUFWQ7tBNZXFEf8T3_fDIPdvDaa3PKHwvBrKgFCkCh23flk6UDGBcvNu9ay8HtYfa6LV306nQmW9BAv3rE6FI4-TP9-3ZhLTgiTGZyge-9eWUfsUHGH0fEHm-HNzaX6I-OeoQfBroXzr6GnZ_ztwTOsJ75s9XOHgTtqDQUE0SCdYfmzm6-LRx1uLgxfAelsxKT-IWm_jYHMloIxNMR3Stngd38D9_oZEAhWK14kmMUCouw1USSPa6V9jY6GbOnVoyeRsKpC77UhVBUyQ0qLpWfuxlpJCOoIAZ4mHJs&sig=Cg0ArKJSzCch_4xHDc1EEAE&urlfix=1&adurl=

Requested by

Host: 3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com
URL: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 14 Oct 2021 09:24:00 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame C45A 0
0 41ms
41ms Fetch
image/gif 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvpK3Rxb-OHC-1YBlFPf-Lc5fkkj-r-C2UcvHACgFx8MawL9ewvseT1JQR9YKm7vSmo6SlTaDUbGCJCqa1qwCpDFf3bvPJeJXB9Q7NJGX5_WXF0jcxK5Npum3sA-hPyFg15858YSlslEnPb18PLXBu0uGQXU2dv35ULWUS9huWgLY2JHPWKHezq08fpprn6etr7U8cIe-ZwGVj1vJc1ZxCUJQIxDiQCwq5wrSfFb4NqSG63yZBzYZ4GApsI20P4j1RDHrkA1ZFn_f7TgpVh8IqgEPjzbCosMvf7kWZ4Qjl42-M8aQyXhANArhp2d8S27g4ZAg&sig=Cg0ArKJSzGPfPbfYGjYZEAE&urlfix=1&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 14 Oct 2021 09:24:00 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Thu, 14 Oct 2021 09:24:00 GMT

GET
DATA 200
OK truncated
/ Frame C45A 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: de4527abe05d82ee327a1b21c928253ea0715ca887887147559f4319a1c8fd1c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 9204 22 KB
8 KB 8ms
6ms Document
text/html 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/Enqz_20U.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
timing-allow-origin: *
content-length: 8395
date: Wed, 13 Oct 2021 21:29:08 GMT
expires: Thu, 13 Oct 2022 21:29:08 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 42892
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame AAD6 22 KB
8 KB 7ms
6ms Document
text/html 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/Enqz_20U.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
timing-allow-origin: *
content-length: 8395
date: Wed, 13 Oct 2021 21:29:08 GMT
expires: Thu, 13 Oct 2022 21:29:08 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 42892
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame E819 22 KB
8 KB 8ms
7ms Document
text/html 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/Enqz_20U.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
timing-allow-origin: *
content-length: 8395
date: Wed, 13 Oct 2021 21:29:08 GMT
expires: Thu, 13 Oct 2022 21:29:08 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 42892
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 0EC8 22 KB
8 KB 7ms
6ms Document
text/html 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/Enqz_20U.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
timing-allow-origin: *
content-length: 8395
date: Wed, 13 Oct 2021 21:29:08 GMT
expires: Thu, 13 Oct 2022 21:29:08 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 42892
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

OPTIONS
H2 200 imp
prebid.flux-analytics.com/analytics/v1/ Frame 0
0 245ms
245ms Preflight
text/html 35.186.217.60
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.flux-analytics.com/analytics/v1/imp
Protocol: H2
Server: 35.186.217.60 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 60.217.186.35.bc.googleusercontent.com
Software: / Express
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://by-them.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

x-powered-by: Express
access-control-allow-origin: https://by-them.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, set-cookie
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
allow: POST
content-type: text/html; charset=utf-8
content-length: 4
etag: W/"4-Yf+Bwwqjx254r+pisuO9HfpJ6FQ"
date: Thu, 14 Oct 2021 09:24:00 GMT
via: 1.1 google
alt-svc: clear

POST
H2 200 imp Show response
prebid.flux-analytics.com/analytics/v1/ 27 B
123 B 535ms
534ms XHR
text/html 35.186.217.60
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.flux-analytics.com/analytics/v1/imp
Requested by: Host: flux-cdn.com
URL: https://flux-cdn.com/client/mag2/flux_bythem_AS_TM_AT.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.186.217.60 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 60.217.186.35.bc.googleusercontent.com
Software: / Express
Resource Hash: a2f3ec3f7bcf48313566486f7f6b4c072bf83981f1c635bd2f609e69bc2c392b

Request headers

Referer: https://by-them.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: application/json

Response headers

date: Thu, 14 Oct 2021 09:24:01 GMT
via: 1.1 google
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, set-cookie
x-powered-by: Express
etag: W/"1b-OvpcuqYRLVKy1rOZ8whQztFhf1U"
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
content-type: text/html; charset=utf-8
access-control-allow-origin: https://by-them.com
access-control-allow-credentials: true
alt-svc: clear
content-length: 27

POST
H/1.1 200
OK hba Show response
pool.tsukiji.iponweb.net/ 43 B
325 B 247ms
246ms XHR
image/gif 34.84.37.177
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://pool.tsukiji.iponweb.net/hba
Requested by: Host: flux-cdn.com
URL: https://flux-cdn.com/client/mag2/flux_bythem_AS_TM_AT.min.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 34.84.37.177 Tokyo, Japan, ASN15169 (GOOGLE, US),
Reverse DNS: 177.37.84.34.bc.googleusercontent.com
Software: nginx /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Referer: https://by-them.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

Date: Thu, 14 Oct 2021 09:24:00 GMT
Server: nginx
Content-Type: image/gif
Access-Control-Allow-Origin: https://by-them.com
Cache-Control: no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 43

GET
H2 200 300x250.html Show response
s0.2mdn.net/ads/richmedia/studio/pv2/61703359/20210921074148298/ Frame A312 45 KB
11 KB 16ms
16ms Document
text/html 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/richmedia/studio/pv2/61703359/20210921074148298/300x250.html?e=69&leftOffset=0&topOffset=0&c=sFrhV7ZJHQ&t=1&renderingType=2

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_273.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b833bf2ea308a2069072ba515d43ecb947116c460763ed3d7ab0c02dadc9b021

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: s0.2mdn.net
:scheme: https
:path: /ads/richmedia/studio/pv2/61703359/20210921074148298/300x250.html?e=69&leftOffset=0&topOffset=0&c=sFrhV7ZJHQ&t=1&renderingType=2
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
timing-allow-origin: *
content-length: 10743
date: Thu, 14 Oct 2021 09:24:00 GMT
expires: Fri, 15 Oct 2021 09:24:00 GMT
cache-control: public, max-age=86400
last-modified: Tue, 21 Sep 2021 14:41:48 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame B1EF 0
24 B 33ms
33ms Ping
image/gif 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsuK4RONwc9LWb7u41b1mA25sQ0W6jXb11U8HYtiDIu6HRNmL64lRf3hQ1sYluZ9bAJmjlhA4Ye3ZE7gJADCK2JGsARzRkN8B95mWxfXxuhC3YqytCnkyM5WwPTneYr3jAYOHdiQYTUm3o9mUzx2_vvLe9qRVBqnQkq2J-kCYG7eNfjXGIFScDfqmolbinYMmCAGq-N2l2LjtBgPZ7u03dqqkd7VBEpDu63i-H0jFSIQRVB1pAZNxey0i9KfX_6tKGvCljn27pUyhqWeorBiSWenB7UR__ax3LbjZnMZn7jwsUM_Ic7IaPWyQTkpYhdOZbODh7WJ658RNAGxZpYvQrixhKd2dit_K20hjO3vlcNOiqmTRebHyHqvn-2pEuI3Az7mpqUgy39Sjqor7oKYsYjVfACLpaVv2-SwGuorwgN-KBk5CiPeAcqk_C22neRI22EfGHwdGzJ8dfqYxmuKfM_4wa5OeyF5wSQFXeYo16bzULQfT3ZDrIcLD_CCplcBwYgs_gWAgXqEmJfItgTxWC23WzHVfR4PhVRqrotSsVihHQK1KTJRCkJ4Ws-07vF76ayN9dgqZu2m05OvBEIkeJhWxmVtSByozsf9-j6nnOWu0uk0NkMYQfb1FuSr1MXDCj66MN-A3tevN-WHX6qBd4xgx33KjF5xSlmfy1Kxr_HzUXy1ok6QQTQlAZr9NwWF-tQ8MvEkhu8A2AZIJKbjoInyt6G6VVsQaQAgiuh0voTVLS-ki128Yi1K4DGH_3PyUtCCei4En_e1T6FAOxt4C7QfqkB9qFJYD9B8ZiPGx5rL04--yK46gVDuT9xzmuOszuTanWlPydrOUbSbF1wf2CbFKHPiC_ZcmHJJA-qMVvXjUrPZa5i--tDSW43RXckyICtYfebdwW3cukYPgpGsBUH6-rldk3dsMwY6Hsy2mrfy8cxukA2M2gRDEe4wn7nOkZSfbcnhRr2ihEfTG9ZYRTjrxJOA18KIaPsO228su16Jj_MPrTErbOWNVNgh7xSkHgEDHubkgUPo3SAFbe_8V6jTJ9UXKQ0OKeDSQoWeD3fq6z7abNANuDc6Y2w3JjUAT0_y9HJrpyqz6P0CWrM5wyq9mk_DM_ce3yWIIN-A1AkEprp1l9x6L8nYRo_Vc_F5YBf0vMKVKEAqcPVq62v5uXobNiHduVe7L_GnC38qMQ&sai=AMfl-YQRgKbVb2lcJ-vvPGMuQDteL15YjT34gWe0nJHg5ygQHgKpQ5M3i8JfJKBzVz6tsKnEszHEgt2ucVSj5D6gONzO1OiNkcnWW3oLPbfiIEnwWXOwLbB1CEYs-s8Ba7C7PV1QD2v7cOQRXyC-myWlv2nuTdiRrw&sig=Cg0ArKJSzAJpoVC10ftfEAE&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=512&cbvp=1&cstd=499&cisv=r20211011.75828&adurl=

Requested by

Host: by-them.com
URL: https://by-them.com/430811?utm_medium=email&utm_source=mag_W000000003_thu&utm_campaign=mag_9999_0930&trflg=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
date: Thu, 14 Oct 2021 09:24:00 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H2 200 300x250.html Show response
s0.2mdn.net/ads/richmedia/studio/pv2/61714332/20210921072105971/ Frame BD96 45 KB
11 KB 16ms
16ms Document
text/html 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/richmedia/studio/pv2/61714332/20210921072105971/300x250.html?e=69&leftOffset=0&topOffset=0&c=fcHuj9tsK7&t=1&renderingType=2

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_273.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2ce2de1ea7c350c0459ec29bad50cd0cbf2f753dfcfa17c62348e4e4c8074eaa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: s0.2mdn.net
:scheme: https
:path: /ads/richmedia/studio/pv2/61714332/20210921072105971/300x250.html?e=69&leftOffset=0&topOffset=0&c=fcHuj9tsK7&t=1&renderingType=2
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
timing-allow-origin: *
content-length: 10743
date: Thu, 14 Oct 2021 09:24:00 GMT
expires: Fri, 15 Oct 2021 09:24:00 GMT
cache-control: public, max-age=86400
last-modified: Tue, 21 Sep 2021 14:21:06 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 773B 0
24 B 33ms
33ms Ping
image/gif 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstNIsLXYgoTV-41mmZtnLq07hX5YAymJ5I85s2lAtKY5E1KP4LpiXv5PweyVo0AF8aDqNlAYH0oiO7yq11MzWW0IExJaWUtnRx9VmuwlHC9dBipgQ86PT6iOQXMwYBeWGQKs4gxqPn66qpkIhCWcZH-ECOJYZdnqxvJubPFkLXj6TCzKdeQGbbyfYj0Z8rvS55G6Gxfe1Di93UxVm4g0w02t5vkBV-UZS5g3CETA4KdFIOuX-GeEkvHFijRDF4y0H8AF2531-rNh-lMst6-Uf0PhBK1-1oNt6odyuc1-p7nqEoDY7Hs2I5SpspdsACoqZq-Wf5GelNvOev4x06_yd9D7RaqlbsKwAYucWaSP4ZaI6EaGwvIjb4nv_cldb8X95pKyvmQadjF9EPSYM0tkgN4uFxflk2UA3jceW6ZXkbsBkDEMzJxSgaPkP36bVNP-AJnx-F2TYaUha5iD4WYbCvWcVDSLr-Y2zJ-_UCJCgPrPf-VPf4l8p8Gg83QlWNimewoMueD95YiN301j8sBqSyr9Quw-5ugLpxLwXuW5rt00XFqkY92rkGBk_Mjj23tQ3yNNu1O0k67mYw9_K8e3iBjnb2bDO7SBYif-lE7igk3WkOuZWluSvDaWK2YX1gbk6m5wY56LBZJYtHpBM-IzeB1hXuuCDSJE8eEFeB9BMlKX9TTfwtEctM_iRXN_2BdP9qCzJZFlC6vZzZsCJkMrs8E5jmIepGBMtu0jYsul0Oi-zq2VSwXLoCp9B_786RFBrEURNjj1Rva9Mg9wqXEHSvCZPdER-Lu5Ao5PN3ckDjvWgfcQ_ckBVQ8HP2zikMibJxf_Ym2MGTr6jZAWIknZXDm4NfYhbqh9EulIpYiCwZTgZmvwKcXA_7yv8pG5AakV6jnZahZlxLQOg1Z0nfiAm-1a4TZ0t5r6SCwgTjABsJHVUKIGcp9Y_oxhmuSdK6CoBzJPcpY09aHPxJNgVuHzj-KxSBJ6tJyx61K1XgRHs5WPO7rZrV4klSYPasaexMC_i_y6ZoFC73HGs8qbBe1FJgvx64BtYJlK-_gCodpfNQMuZ_sehClnS2niWG74cKpkAmDAWkCUnl-ZEhfOMYi9oNmF1hhNThXX4zre5NfwvrJWdzI_gJSmUoMHauQjsaMgi9dtPvSBEek1xgu3-JTaFAIVqgQ-j0KtTOq4PY8u6uSrwznvNmzVfZfHMSSuJ4TWL6vXzNjTm6tTiW4EjFucYqSiQ&sai=AMfl-YSaRk35UC0txLweGgrqGyVpGewReuM5bnj2SIcKshOQCXVKGrr1ZPG8ZAVVeG1v52J-RrpnGfARpnBlvb3XQdsFKPPNf3e7__uppjrUExWZgN8fdfGs97fvQ-7BBLTPz0BmkFy-Wd89DClJjtltaXicjMKD7w&sig=Cg0ArKJSzIuxbyrTlk2pEAE&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=547&cbvp=1&cstd=541&cisv=r20211011.31064&adurl=

Requested by

Host: by-them.com
URL: https://by-them.com/430811?utm_medium=email&utm_source=mag_W000000003_thu&utm_campaign=mag_9999_0930&trflg=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
date: Thu, 14 Oct 2021 09:24:00 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H2 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 76B3 41 KB
15 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: 3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com
URL: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 13 Oct 2021 21:29:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 42892
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
expires: Thu, 13 Oct 2022 21:29:08 GMT

GET
H2 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 331F 1 KB
845 B 7ms
7ms Document
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com
URL: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: pagead2.googlesyndication.com
:scheme: https
:path: /pagead/s/cookie_push_onload.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Wed, 13 Oct 2021 21:06:15 GMT
expires: Thu, 14 Oct 2021 21:06:15 GMT
content-type: text/html; charset=UTF-8
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
age: 44265
cache-control: public, max-age=86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame 76B3 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4228044c55979894edbd0179376be35579c6a6577becb275d7fbf5f871209f4c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 https%3A%2F%2Fprod-m-node-3113.ssp.yahoo.com%2Fadmax%2FadClick.do%3Fdcn%3D8a96989e0179791f18f5243a99af00e7%26n%3DYahoo%2BSSP%26id%3Dbb9a3e917fa44a95acad1d3c0aa80462%26tid%3D8a9699f50176764de20050a3... Show response
pr.ybp.yahoo.com/ab/secure/true/imp/r2V8Q40wXb4bebSjAw96weRzIh2gG9yo5dYTkZBb_xWuDQIWK0kvVhGvbW6ohgvuSA_1x8b62ScEyLkjP39CCJODAIg9Yg_zWhJCYKJzksBzO9fbwQanWGzbLii_0lM1oOP3sJs7JyXaFCX2GngTJkilxaL1Yx6DU... Frame 2E7E 3 KB
4 KB 303ms
40ms Script
text/javascript 2a00:1288:80:800::7000
YAHOO-DEB

General

Check archive.org

Show headers Download Go to

Full URL

https://pr.ybp.yahoo.com/ab/secure/true/imp/r2V8Q40wXb4bebSjAw96weRzIh2gG9yo5dYTkZBb_xWuDQIWK0kvVhGvbW6ohgvuSA_1x8b62ScEyLkjP39CCJODAIg9Yg_zWhJCYKJzksBzO9fbwQanWGzbLii_0lM1oOP3sJs7JyXaFCX2GngTJkilxaL1Yx6DUe4ipKWWH_9FiTbEm8GUvR0ZcW3NLFFDkRAn-WS_7IP7f3TXr5TVgTG6nSJQUlH94iy2YqbpNjwsucihDb48GicSQHg0tmJErRF3T8JJUmNFCVFfbZz1iC1VbtGXXzre5wOp7zZ1QoT1UnEjJ6vY4fXldute8hSMapQQdROO_SThZ63rfeeetXpyMZsoVawiWg2TAhaLoXySOZ2KngTTlTTGGuIjhndqaU3vEoa7jWZlYHv4OT8rS4xmBIAFHeImh3UeGRL0hxALiblitctpo-9-7uJOqoCt6KBcP9XDFnjPAntIhA3PucAMWkOeJGcOnLW-_FSIYtc5TanE5wjBCdBIgsqnB7PSnsYayxdNCKYMnB8ym-g_JU14Horxx0dvyMV1kbwCKbbfIz_NcHjDm_1yFLYFvhEPwZKTik3c8KdLOvKuiHFFI79ZvZVj39JB_JRZ6TuK-rsjT5_2f1Tw4JRtP1uOiAq22yVBcCAzVc1q_jm83UQeJIIc3aIBYhkvOPd9NFpBTGuICroTAMFRGPXNrg3ON7DlFEhuPa7SNMrqtSHh0ksUFQetAMAwrGFuugGnd_RTF9vFAEom8admbRth1yh0qkDFyiNEdcAK_FtLNr6D5VWmIYxhnuH4KHNtXthPQJdKSN0lC3t5XLrJuBr6fH1v85j2ze15KI5VAvOh5iRa_CFCi6Yh-O91AeyI25pf7Z6q_m1lYUskHPJvFa-YKdExOf3KfB9Nv6kKAmFO2VU25TVvD3iZSXw4zCH35KO54pi2AxwpzYZvt7OwRxZztV5FPKOsrabGTw26m6FhZXsfPEWJA_OYe_EDUMyTx4ASGeQoMguASJQPcFdJbCZwTtJcyW5COyHnpcJ0onP4wCndJV0w-zgRfsaz_ZJJxc-lHc5a3mMKHSUnhXFd-eF9m6DZ3zbykkDJYIC0pa72af4q1sU8OqUI4A71ZDzGcUlOs_0Uh7zm-uipIHZBgo9srcjywEAymbzWP9BWFO9gOfaOtyuLW-XPTipM3UHXQqR8by48PHRRWjQoto_QRVNKNnalxXBgT9lxGE1P5mRuKfjnleXcoBjFTkc_eWztAoBW4PRe3xf-Qi1Lq6ZtbgqR1hFAlSXtcPd2Un1hPgHLtygCOuuIvydt4Mka2OZpD5Z1fP2ddMJ6CIkA6zbIXsuUV_w1zlyeGx7d99k4onLKhEuneIPpVgcqKYlfMvH09dFCo3ja9m9pH56Jam_QOHWBvXT3tpUxA9DOQt6pTVyQc2vuTmEXzFNv0IqHdZQJ8eiE2PWXUEbbquSQHZSl7_Hk6VMgXUaO/wp/0.061745/pclick/https%3A%2F%2Fprod-m-node-3113.ssp.yahoo.com%2Fadmax%2FadClick.do%3Fdcn%3D8a96989e0179791f18f5243a99af00e7%26n%3DYahoo%2BSSP%26id%3Dbb9a3e917fa44a95acad1d3c0aa80462%26tid%3D8a9699f50176764de20050a384b4001b%26nid%3D8a808aee2edf264a012f0d6ee4e87844%26pos%3D8a96989e0179791f18f5243dae1700f2%26grp%3D%253F%253F%253F%26type%3D0%26nl%3D1634203437470%26rts%3D1634203437399%26ari%3Da39e7584cf30472884c191be7fc90008%26b%3DMTMyMzQ7Ozs7Ozs7Mzc5NDcxMzE7Ozs7Ozs7Ozs.%26a%3D85882ed52a0146c8bea7b9778624ddc5%26rdm%3D1%26rd%3D

Requested by

Host: by-them.com
URL: https://by-them.com/430811?utm_medium=email&utm_source=mag_W000000003_thu&utm_campaign=mag_9999_0930&trflg=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1288:80:800::7000 Frankfurt am Main, Germany, ASN203220 (YAHOO-DEB, GB),

Reverse DNS

Software

ATS /

Resource Hash

89774b34f29c316d4660745e5f577da02fad9be14137ada30ab6f4b5c7347403

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Oct 2021 09:24:01 GMT
referrer-policy: no-referrer-when-downgrade
server: ATS
cache-control: no-store, no-cache, must-revalidate, private, max-age=0
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=15552000
content-type: text/javascript
x-xss-protection: 1; mode=block
expiry: Thu, 01 Jan 1970 00:00:00 GMT
public-key-pins-report-only: max-age=2592000; pin-sha256="2fRAUXyxl4A1/XHrKNBmc8bTkzA7y4FB/GLJuNAzCqY="; pin-sha256="2oALgLKofTmeZvoZ1y/fSZg7R9jPMix8eVA6DH4o/q8="; pin-sha256="Gtk3r1evlBrs0hG3fm3VoM19daHexDWP//OCmeeMr5M="; pin-sha256="I/Lt/z7ekCWanjD0Cvj5EqXls2lOaThEA0H2Bg4BT/o="; pin-sha256="JbQbUG5JMJUoI6brnx0x3vZF6jilxsapbXGVfjhN8Fg="; pin-sha256="SVqWumuteCQHvVIaALrOZXuzVVVeS7f4FGxxu6V+es4="; pin-sha256="UZJDjsNp1+4M5x9cbbdflB779y5YRBcV6Z6rBMLIrO4="; pin-sha256="Wd8xe/qfTwq3ylFNd3IpaqLHZbh2ZNCLluVzmeNkcpw="; pin-sha256="WoiWRyIOVNa9ihaBciRSC7XHjliYS9VwUGOIud4PB18="; pin-sha256="cAajgxHlj7GTSEIzIYIQxmEloOSoJq7VOaxWHfv72QM="; pin-sha256="dolnbtzEBnELx/9lOEQ22e6OZO/QNb6VSSX2XHA3E7A="; pin-sha256="i7WTqTvh0OioIruIfFR4kMPnBqrS2rdiVPl/s2uC/CY="; pin-sha256="iduNzFNKpwYZ3se/XV+hXcbUonlLw09QPa6AYUwpu4M="; pin-sha256="lnsM2T/O9/J84sJFdnrpsFp3awZJ+ZZbYpCWhGloaHI="; pin-sha256="r/mIkG3eEpVdm+u/ko/cwxzOMo1bk4TyHIlByibiA5E="; pin-sha256="uUwZgwDOxcBXrQcntwu+kYFpkiVkOaezL0WYEZ3anJc="; includeSubdomains; report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-hpkp-report-only"
content-length: 3335
x-content-type-options: nosniff
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 talon-1.0.37.js Show response
cdn.js7k.com/ix/ Frame 2E7E 76 KB
77 KB 115ms
8ms Script
application/javascript 2a00:1288:80:800::7000
YAHOO-DEB

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.js7k.com/ix/talon-1.0.37.js

Requested by

Host: by-them.com
URL: https://by-them.com/430811?utm_medium=email&utm_source=mag_W000000003_thu&utm_campaign=mag_9999_0930&trflg=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1288:80:800::7000 Frankfurt am Main, Germany, ASN203220 (YAHOO-DEB, GB),

Reverse DNS

Software

ATS /

Resource Hash

95980e999cb7c8e1d3ed8d1b392493b3720a4afca2a17a8ddaa14de12e8a4832

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 08:01:30 GMT
x-content-type-options: nosniff
age: 4951
x-amz-server-side-encryption: AES256
content-length: 78331
x-amz-id-2: 867PaHT8vXE/4aXQPbxojk2EWiaKKi7isSUvURUktOi+9denZe2ckNjmGuzRmvyJXc1+KH14QZU=
referrer-policy: no-referrer-when-downgrade
last-modified: Tue, 10 Aug 2021 15:57:38 GMT
server: ATS
etag: "89552f1206dff50a36eaa1887718e2c3"
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=15552000
x-amz-request-id: 7GQDWNPN39K6461F
x-xss-protection: 1; mode=block
cache-control: public,max-age=14400
accept-ranges: bytes
content-type: application/javascript; charset=utf-8

GET
H2 200 adEvent.do
prod-m-node-3113.ssp.yahoo.com/admax/ Frame 2E7E 43 B
176 B 156ms
8ms Image
image/gif 35.156.198.203
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://prod-m-node-3113.ssp.yahoo.com/admax/adEvent.do?tidi=770946023&dcn=8a96989e0179791f18f5243a99af00e7&posi=1513856&grp=%3F%3F%3F&nl=1634203437470&rts=1634203437399&pix=1&et=1&a=85882ed52a0146c8bea7b9778624ddc5&m=aXAtMTAtMjItMTEzLTQ.&p=MC4wMDAwNjE3NDU&b=MTMyMzQ7T0FUSDEwMjEzOTAwMDtwcmFtYWMuY29tOzs7O2EzOWU3NTg0Y2YzMDQ3Mjg4NGMxOTFiZTdmYzkwMDA4OzM3OTQ3MTMxOzE2MzQyMDAyMDE7OzAuMDAwMDQ2MzA5OzAuMjUwMDswOzszNTY1MjUzOzRiMGI0MWY3OWFiYjU2MmViMWRlMzkxOTc5ZDg3Nzg5ZTk5ZTUzZDA7MQ..&xdi=Q2hyb21lIC0gV2luZG93c3xHb29nbGV8TlQgMTAuMHwxNw..&xoi=MHxERVU.&hb=true&type=0&af=5&dety=2
Requested by: Host: by-them.com
URL: https://by-them.com/430811?utm_medium=email&utm_source=mag_W000000003_thu&utm_campaign=mag_9999_0930&trflg=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.156.198.203 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-156-198-203.eu-central-1.compute.amazonaws.com
Software: nginx/1.20.1 /
Resource Hash: f28236cf9fb53f0f4f4f35faf320aafaebca7c2f0679e6f13f8a4283ec5ed10b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 09:24:00 GMT
last-modified: Tue, 12 Oct 2021 17:56:26 GMT
server: nginx/1.20.1
accept-ranges: bytes
content-length: 43
content-type: image/gif

GET
H2 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 1C30 1 KB
783 B 8ms
8ms Document
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com
URL: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: pagead2.googlesyndication.com
:scheme: https
:path: /pagead/s/cookie_push_onload.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Wed, 13 Oct 2021 21:06:15 GMT
expires: Thu, 14 Oct 2021 21:06:15 GMT
content-type: text/html; charset=UTF-8
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
age: 44265
cache-control: public, max-age=86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame 897F 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7dfedbcca57194a4188b9a0cad4497449f45889cba540af0eaf97a39d19d0dbf

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame E0D7 1 KB
783 B 8ms
7ms Document
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com
URL: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: pagead2.googlesyndication.com
:scheme: https
:path: /pagead/s/cookie_push_onload.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Wed, 13 Oct 2021 21:06:15 GMT
expires: Thu, 14 Oct 2021 21:06:15 GMT
content-type: text/html; charset=UTF-8
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
age: 44265
cache-control: public, max-age=86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame BF5A 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8e3d94e02fdfda2df73ff282b1cb3df6ab10e00f4a67b90f6a1272b85ece577e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 index.html Show response
s0.2mdn.net/10774078/1632247781786/ Frame A300 13 KB
4 KB 8ms
8ms Document
text/html 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/10774078/1632247781786/index.html

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_273.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f86da8e46f03f5ec4380b413729666d389f86fcb711169be9d3d0ad43a58fb47

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: s0.2mdn.net
:scheme: https
:path: /10774078/1632247781786/index.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-length: 3721
date: Thu, 14 Oct 2021 09:00:27 GMT
expires: Fri, 15 Oct 2021 09:00:27 GMT
last-modified: Tue, 21 Sep 2021 18:09:41 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
age: 1413
cache-control: public, max-age=86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 2BFD 0
23 B 18ms
17ms Ping
image/gif 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsul3Fkl9h8YkFTVoEbkA1rvgfrfXz99PF_8eJMAI40aYm9tDaohMXayePBK3yTuvumbp2Ywn3Ki1cFSGR9nQGr4vfEiRmGGPrtSFg9WG8bjjuklo6udYetrdoh_MvDjDJlrm9ujdD12npfm93wP6Q&sai=AMfl-YQWGiY5ImOPB6lfPZ-E5INU8brTcN0o3qtaPsJGCSnqkLnMkx9X6brqC8fMwc0ckfGjbnIwbqqbQCV9gDaG_8RxDAqP2FndJyU&sig=Cg0ArKJSzEdlMsEqKFESEAE&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=644&cbvp=1&cstd=643&cisv=r20211011.60201&adurl=

Requested by

Host: by-them.com
URL: https://by-them.com/430811?utm_medium=email&utm_source=mag_W000000003_thu&utm_campaign=mag_9999_0930&trflg=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Thu, 14 Oct 2021 09:24:00 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H2 200 index.html Show response
s0.2mdn.net/10774078/1632247878285/ Frame A5C7 13 KB
4 KB 8ms
7ms Document
text/html 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/10774078/1632247878285/index.html

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_273.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ad9cf46bed17cb8169dfd83f79fceb424f140df57baeeed4ab15475592dfc950

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: s0.2mdn.net
:scheme: https
:path: /10774078/1632247878285/index.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-length: 3728
date: Wed, 13 Oct 2021 10:04:13 GMT
expires: Thu, 14 Oct 2021 10:04:13 GMT
last-modified: Tue, 21 Sep 2021 18:11:18 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=86400
age: 83987
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 37B5 0
23 B 19ms
19ms Ping
image/gif 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssWFtZEQrVgSVqtYMPOizZjugtH6BOjj0ZtT6ZMxH1ZItS-GP6QOr44EQk9uDv8XKhy0XuiVyY5B_M7R98MLw3YTcy-Y8d8JVZROr6PsxoW1mgVZIIurGyHpREjsiPJqQ4_iFrbQ5IGxNS3O1ty9w&sai=AMfl-YTGGx3jsTSYWgcbYGy7D7QXU5SzPzgaQ9WGqy8wgGpWbgpt01Xki3g9fv-DWXGFgmg5mRWd0epmXPKKtTMVm9gwGBErLpPANZk&sig=Cg0ArKJSzBZGw3WrpFsjEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=665&cbvp=1&cstd=662&cisv=r20211011.41952&adurl=

Requested by

Host: by-them.com
URL: https://by-them.com/430811?utm_medium=email&utm_source=mag_W000000003_thu&utm_campaign=mag_9999_0930&trflg=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Thu, 14 Oct 2021 09:24:00 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H2 200 index.html Show response
s0.2mdn.net/10774078/1632247291206/ Frame BECD 13 KB
4 KB 7ms
6ms Document
text/html 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/10774078/1632247291206/index.html

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_273.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2bb96ba8c0235c8edc63ca18df0e08d7309a2f2e8fddedd954a4101f1926ca6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: s0.2mdn.net
:scheme: https
:path: /10774078/1632247291206/index.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-length: 3720
date: Thu, 14 Oct 2021 09:01:05 GMT
expires: Fri, 15 Oct 2021 09:01:05 GMT
last-modified: Tue, 21 Sep 2021 18:01:31 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
age: 1375
cache-control: public, max-age=86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 99DE 0
23 B 17ms
17ms Ping
image/gif 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsttCwriHU9tpGGGY0i3BhZEN_QXpXYsv5XEBCsohes0NdDo8ejqB5FUOv0UclKQE-b4GKIgqwkR5uKbNCfagAtZeh9P0VIqM7d0vGDMOL6QeSB-yVDVo8gUrs96anwyQTvaOruBpPFCSsaO_3pOhw&sai=AMfl-YQaZ-LyB4nBIUfFJmtxhcp3U-kona9-4qwIFhFGpZJa-hVHPabFpezhGLXY795E-pd3mDVEsMKml2L3AauRnXKjAiWeV4vSrcg&sig=Cg0ArKJSzK9VTDGCCBKtEAE&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=633&cbvp=1&cstd=631&cisv=r20211011.71072&adurl=

Requested by

Host: by-them.com
URL: https://by-them.com/430811?utm_medium=email&utm_source=mag_W000000003_thu&utm_campaign=mag_9999_0930&trflg=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Thu, 14 Oct 2021 09:24:00 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H2 200 index.html Show response
s0.2mdn.net/10774078/1632247291206/ Frame 8C20 13 KB
4 KB 8ms
6ms Document
text/html 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/10774078/1632247291206/index.html

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_273.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2bb96ba8c0235c8edc63ca18df0e08d7309a2f2e8fddedd954a4101f1926ca6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: s0.2mdn.net
:scheme: https
:path: /10774078/1632247291206/index.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-length: 3720
date: Thu, 14 Oct 2021 09:01:05 GMT
expires: Fri, 15 Oct 2021 09:01:05 GMT
last-modified: Tue, 21 Sep 2021 18:01:31 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
age: 1375
cache-control: public, max-age=86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame CAB7 0
23 B 19ms
18ms Ping
image/gif 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsu0tRSodDKLPMKn7cHSVgQjttzfrVG8CbGJgAPubViG9BNJx-_V86YaY7dAERhOsCIoMKxYppZeSDlZbecFSKZK8mIsp8UrKClT4un4KyXNS1jZht-sHRoopjOSGLD3Pcp69A1pHtnlGy1gaNDTBg&sai=AMfl-YRABcFoIOChQW70cbBKV5lDHU0dOMBbsQW9Sv6R126PfWug5ZZ7-XWeghSQd56DM965bH39Rxh7Shk8LiTKY-XToNTONQKoTAI&sig=Cg0ArKJSzOht9w0vAjFcEAE&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=619&cbvp=1&cstd=617&cisv=r20211011.20006&adurl=

Requested by

Host: by-them.com
URL: https://by-them.com/430811?utm_medium=email&utm_source=mag_W000000003_thu&utm_campaign=mag_9999_0930&trflg=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Thu, 14 Oct 2021 09:24:00 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H2 200 d7f1c17162b23a1997e2a6527b94d5e7.js Show response
s0.2mdn.net/10774078/1632247414120/ Frame BC55 65 KB
17 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/10774078/1632247414120/d7f1c17162b23a1997e2a6527b94d5e7.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/10774078/1632247414120/index.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

89fcc0375149a3f29180c96159cca98bffe1e6bbb2ba93727628c90ccaa91db5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/10774078/1632247414120/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 09:00:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1425
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17207
x-xss-protection: 0
last-modified: Tue, 21 Sep 2021 18:03:34 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 15 Oct 2021 09:00:15 GMT

GET
H2 200 89c414db4c64bfa33b697839ff029bce.jpg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/10980269524931627100/media/ Frame 05B2 35 KB
36 KB 9ms
8ms Image
image/jpeg 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/10980269524931627100/media/89c414db4c64bfa33b697839ff029bce.jpg

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/10980269524931627100/index.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

05f71edcd4d3a95e85708f92296949a52a50ed44d4c6c7cc8867369af2fdca68

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 211503
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36238
x-xss-protection: 0
last-modified: Mon, 26 Apr 2021 10:35:39 GMT
server: sffe
date: Mon, 11 Oct 2021 22:38:57 GMT
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 11 Oct 2022 22:38:57 GMT

GET
H2 200 cd2a6543578bfe5bcd0359976e486543.jpg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/10980269524931627100/media/ Frame 05B2 2 KB
2 KB 8ms
7ms Image
image/jpeg 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/10980269524931627100/media/cd2a6543578bfe5bcd0359976e486543.jpg

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/10980269524931627100/index.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3770058fd3d847ae293530c33ea64b82ea12f39b789e21e9b0c85e320a40c6c1

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 338781
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2204
x-xss-protection: 0
last-modified: Mon, 26 Apr 2021 10:35:39 GMT
server: sffe
date: Sun, 10 Oct 2021 11:17:39 GMT
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Mon, 10 Oct 2022 11:17:39 GMT

GET
H2 200 7aea3848707ee5be685ed8455e4eee89.js Show response
s0.2mdn.net/10774078/1632247291206/ Frame 9355 65 KB
17 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/10774078/1632247291206/7aea3848707ee5be685ed8455e4eee89.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/10774078/1632247291206/index.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2bebd66fa14c28326d3bbeed6f458b834ff39ca2530282bb42dad895834712db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/10774078/1632247291206/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 09:01:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1375
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17205
x-xss-protection: 0
last-modified: Tue, 21 Sep 2021 18:01:31 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 15 Oct 2021 09:01:05 GMT

GET
H2 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame B1EF 41 KB
15 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: 3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com
URL: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 13 Oct 2021 21:29:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 42892
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
expires: Thu, 13 Oct 2022 21:29:08 GMT

GET
H2 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame B00A 1 KB
783 B 10ms
6ms Document
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com
URL: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: pagead2.googlesyndication.com
:scheme: https
:path: /pagead/s/cookie_push_onload.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Wed, 13 Oct 2021 21:06:15 GMT
expires: Thu, 14 Oct 2021 21:06:15 GMT
content-type: text/html; charset=UTF-8
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
age: 44265
cache-control: public, max-age=86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame B1EF 210 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 102570e9bcdab7203210170f22a2358e6106a72345da20c22bb71d9651c8a31c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 773B 41 KB
15 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: 3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com
URL: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 13 Oct 2021 21:29:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 42893
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
expires: Thu, 13 Oct 2022 21:29:08 GMT

GET
H2 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 7F9C 1 KB
788 B 6ms
6ms Document
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com
URL: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: pagead2.googlesyndication.com
:scheme: https
:path: /pagead/s/cookie_push_onload.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Wed, 13 Oct 2021 21:06:15 GMT
expires: Thu, 14 Oct 2021 21:06:15 GMT
content-type: text/html; charset=UTF-8
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
age: 44266
cache-control: public, max-age=86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame 773B 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d4ac7ce0c37b1b8a85a74e320365c4a346d79ab20cd50141ed10a407643b27e1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 m_71LU70zG8G78x6hYSYf2B3ELc7BGRgbsZokPhgXAY.js Show response
pagead2.googlesyndication.com/bg/ Frame 578C 35 KB
13 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/m_71LU70zG8G78x6hYSYf2B3ELc7BGRgbsZokPhgXAY.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9bfef52d4ef4cc6f06efcc7a8584987f607710b73b0464606ec66890f8605c06

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 13 Oct 2021 23:22:10 GMT
content-encoding: br
x-content-type-options: nosniff
age: 36111
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13358
x-xss-protection: 0
last-modified: Tue, 05 Oct 2021 11:38:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="botguard-scs"
expires: Thu, 13 Oct 2022 23:22:10 GMT

GET
H2 200 m_71LU70zG8G78x6hYSYf2B3ELc7BGRgbsZokPhgXAY.js Show response
pagead2.googlesyndication.com/bg/ Frame AB97 35 KB
13 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/m_71LU70zG8G78x6hYSYf2B3ELc7BGRgbsZokPhgXAY.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9bfef52d4ef4cc6f06efcc7a8584987f607710b73b0464606ec66890f8605c06

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 13 Oct 2021 23:22:10 GMT
content-encoding: br
x-content-type-options: nosniff
age: 36111
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13358
x-xss-protection: 0
last-modified: Tue, 05 Oct 2021 11:38:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="botguard-scs"
expires: Thu, 13 Oct 2022 23:22:10 GMT

GET
H2 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 827D 1 KB
784 B 6ms
6ms Document
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com
URL: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: pagead2.googlesyndication.com
:scheme: https
:path: /pagead/s/cookie_push_onload.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Wed, 13 Oct 2021 21:06:15 GMT
expires: Thu, 14 Oct 2021 21:06:15 GMT
content-type: text/html; charset=UTF-8
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
age: 44266
cache-control: public, max-age=86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame 37B5 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e6f8d37ba81f99c4fab6f6d6d6a6870a735dfd9b33b4516d7f11cb662cf2649c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame E0BD 1 KB
784 B 7ms
6ms Document
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com
URL: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: pagead2.googlesyndication.com
:scheme: https
:path: /pagead/s/cookie_push_onload.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Wed, 13 Oct 2021 21:06:15 GMT
expires: Thu, 14 Oct 2021 21:06:15 GMT
content-type: text/html; charset=UTF-8
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
age: 44266
cache-control: public, max-age=86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame 2BFD 210 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5985dcc9c302d730a89e02065574c368ce03547372545b83dfdafe370dde9040

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 6625 1 KB
784 B 7ms
6ms Document
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com
URL: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: pagead2.googlesyndication.com
:scheme: https
:path: /pagead/s/cookie_push_onload.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Wed, 13 Oct 2021 21:06:15 GMT
expires: Thu, 14 Oct 2021 21:06:15 GMT
content-type: text/html; charset=UTF-8
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
age: 44266
cache-control: public, max-age=86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame 99DE 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 894770f3378ef6a851ecf89996686e6b452e92dbc9f2ebb687eb1397e5410602

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 Enabler_01_246.js Show response
s0.2mdn.net/879366/ Frame A312 116 KB
39 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_246.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61703359/20210921074148298/300x250.html?e=69&leftOffset=0&topOffset=0&c=sFrhV7ZJHQ&t=1&renderingType=2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b64291fc91dc77833930ffcead244193c5cfd9e882af312ecc89b580160c22a1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61703359/20210921074148298/300x250.html?e=69&leftOffset=0&topOffset=0&c=sFrhV7ZJHQ&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 13 Oct 2021 11:08:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 80158
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 40237
x-xss-protection: 0
last-modified: Wed, 30 Jun 2021 20:54:51 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 14 Oct 2021 11:08:03 GMT

GET
H2 200 gsap_3.5.1_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame A312 60 KB
24 KB 19ms
18ms Script
text/javascript 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.5.1_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61703359/20210921074148298/300x250.html?e=69&leftOffset=0&topOffset=0&c=sFrhV7ZJHQ&t=1&renderingType=2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

341e0d761251ee538d0cad6322c66abdbf78dc7d6f3ca62f3459fab822a2103f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61703359/20210921074148298/300x250.html?e=69&leftOffset=0&topOffset=0&c=sFrhV7ZJHQ&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 09:24:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 24155
x-xss-protection: 0
last-modified: Mon, 31 Aug 2020 21:23:17 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 14 Oct 2021 09:24:01 GMT

GET
H2 200 068705ad7b7110fd3d2dd8559c250041.png
s0.2mdn.net/10774078/1632247414120/media/ Frame BC55 40 KB
40 KB 9ms
8ms Image
image/png 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/10774078/1632247414120/media/068705ad7b7110fd3d2dd8559c250041.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/10774078/1632247414120/index.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4b45c202fd4c07fa480c431ee712263284bdaf8c546600e45828c62f7a0539d5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/10774078/1632247414120/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 09:00:16 GMT
x-content-type-options: nosniff
age: 1425
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 41143
x-xss-protection: 0
last-modified: Tue, 21 Sep 2021 18:03:34 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 15 Oct 2021 09:00:16 GMT

GET
H2 200 020c18acbfb89981b85c8d7af8a26899.svg
s0.2mdn.net/10774078/1632247414120/media/ Frame BC55 3 KB
923 B 13ms
12ms Image
image/svg+xml 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/10774078/1632247414120/media/020c18acbfb89981b85c8d7af8a26899.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/10774078/1632247414120/index.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

78ade184ea09ec2b6fa1fbbe503999ad6d796c3257167f63fbf5975b2317284e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/10774078/1632247414120/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 04:00:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 19385
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 830
x-xss-protection: 0
last-modified: Tue, 21 Sep 2021 18:03:34 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 15 Oct 2021 04:00:56 GMT

GET
H2 200 d9cadcd73006eaee8afa9bf8f75ac3e4.svg
s0.2mdn.net/10774078/1632247414120/media/ Frame BC55 5 KB
1 KB 11ms
10ms Image
image/svg+xml 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/10774078/1632247414120/media/d9cadcd73006eaee8afa9bf8f75ac3e4.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/10774078/1632247414120/index.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c1fe17a09ede97b850b0150be970c308081e0730ac4076077b265c5796aa614f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/10774078/1632247414120/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 09:00:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1425
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1302
x-xss-protection: 0
last-modified: Tue, 21 Sep 2021 18:03:34 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 15 Oct 2021 09:00:16 GMT

GET
H2 200 9a752d5924f995e62b961842c072823b.svg
s0.2mdn.net/10774078/1632247414120/media/ Frame BC55 858 B
526 B 14ms
13ms Image
image/svg+xml 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/10774078/1632247414120/media/9a752d5924f995e62b961842c072823b.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/10774078/1632247414120/index.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d150f405e6e8d15f193151a7a1ccaec84e2c3eea4a941044e60890b23016f8ee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/10774078/1632247414120/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 09:00:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1425
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 461
x-xss-protection: 0
last-modified: Tue, 21 Sep 2021 18:03:34 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 15 Oct 2021 09:00:16 GMT

GET
H2 200 3986f8998b9de996c13efdbf72a05970.svg
s0.2mdn.net/10774078/1632247414120/media/ Frame BC55 7 KB
3 KB 13ms
12ms Image
image/svg+xml 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/10774078/1632247414120/media/3986f8998b9de996c13efdbf72a05970.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/10774078/1632247414120/index.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0007d23baa268a1cd61074407a65f5d2850f4f78a77d0cf141a0c0fdf8fc403f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/10774078/1632247414120/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 09:00:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1425
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3072
x-xss-protection: 0
last-modified: Tue, 21 Sep 2021 18:03:34 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 15 Oct 2021 09:00:16 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 05B2 3 KB
719 B 16ms
16ms Stylesheet
text/css 2a00:1450:4001:82b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans:700

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/10980269524931627100/ad441fc03ceaa6a54a3d394ec6d54789.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

3a25fe868fa4b4f1fb29c123271225b359f11cf10a8eb04d8e0e964d2ba6ae0e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 14 Oct 2021 08:48:30 GMT
server: ESF
date: Thu, 14 Oct 2021 09:24:01 GMT
x-frame-options: SAMEORIGIN
report-to: {"group":"AXrpQdfmR0fDhCOPhF1MuC4lh4qBOg6Nc66MCVJYeKk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/encsid_AXrpQdfmR0fDhCOPhF1MuC4lh4qBOg6Nc66MCVJYeKk"}]}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
cross-origin-opener-policy-report-only: same-origin; report-to="AXrpQdfmR0fDhCOPhF1MuC4lh4qBOg6Nc66MCVJYeKk"
expires: Thu, 14 Oct 2021 09:24:01 GMT

GET
H2 200 d1ac8ff3ba16fb21e7e75327c8fad535.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/10980269524931627100/media/ Frame 05B2 4 KB
4 KB 11ms
8ms Image
image/png 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/10980269524931627100/media/d1ac8ff3ba16fb21e7e75327c8fad535.png

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/10980269524931627100/index.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6d10741daabba9894826aee789fed4b15dae1af2a11c53235c020b7d01ca7425

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 335407
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4392
x-xss-protection: 0
last-modified: Mon, 26 Apr 2021 10:35:39 GMT
server: sffe
date: Sun, 10 Oct 2021 12:13:54 GMT
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Mon, 10 Oct 2022 12:13:54 GMT

GET
H2 200 8a93acd41770df562e6b15034558b1de.png
s0.2mdn.net/10774078/1632247291206/media/ Frame 9355 39 KB
39 KB 8ms
7ms Image
image/png 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/10774078/1632247291206/media/8a93acd41770df562e6b15034558b1de.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/10774078/1632247291206/index.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6e5b59b8546c78c1b8a7683b7d6bc3784e7ea4005785f6e2ad2c40096c198f2a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/10774078/1632247291206/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 09:00:08 GMT
x-content-type-options: nosniff
age: 1433
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 40153
x-xss-protection: 0
last-modified: Tue, 21 Sep 2021 18:01:31 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 15 Oct 2021 09:00:08 GMT

GET
H2 200 686aaeb7afb5266ed94a8b6b114eeaed.svg
s0.2mdn.net/10774078/1632247291206/media/ Frame 9355 7 KB
3 KB 8ms
4ms Image
image/svg+xml 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/10774078/1632247291206/media/686aaeb7afb5266ed94a8b6b114eeaed.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/10774078/1632247291206/index.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c35a8136a3c16c52265f3931d5304c9a932b58d366218afbd031fc300efb8695

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/10774078/1632247291206/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 09:01:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1373
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3102
x-xss-protection: 0
last-modified: Tue, 21 Sep 2021 18:01:31 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 15 Oct 2021 09:01:08 GMT

GET
H2 200 a55888eff24d1e07395d288bcd22afc0.svg
s0.2mdn.net/10774078/1632247291206/media/ Frame 9355 3 KB
900 B 11ms
7ms Image
image/svg+xml 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/10774078/1632247291206/media/a55888eff24d1e07395d288bcd22afc0.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/10774078/1632247291206/index.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4cd018cf2827d277a354427d936c171099fa5d2fad6cb64a670f8a7bb58b5424

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/10774078/1632247291206/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 09:00:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1433
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 831
x-xss-protection: 0
last-modified: Tue, 21 Sep 2021 18:01:31 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 15 Oct 2021 09:00:08 GMT

GET
H2 200 53129dad39b5c34cc29089587387d408.svg
s0.2mdn.net/10774078/1632247291206/media/ Frame 9355 4 KB
1 KB 13ms
8ms Image
image/svg+xml 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/10774078/1632247291206/media/53129dad39b5c34cc29089587387d408.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/10774078/1632247291206/index.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6c7e12ddef2af625e2132ca0494f7363668b3538798dffbde86cd5533e818749

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/10774078/1632247291206/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 09:01:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1373
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1320
x-xss-protection: 0
last-modified: Tue, 21 Sep 2021 18:01:31 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 15 Oct 2021 09:01:08 GMT

GET
H2 200 fc83f287fbe43fd0e229fc7bf762d2df.svg
s0.2mdn.net/10774078/1632247291206/media/ Frame 9355 931 B
562 B 12ms
8ms Image
image/svg+xml 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/10774078/1632247291206/media/fc83f287fbe43fd0e229fc7bf762d2df.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/10774078/1632247291206/index.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f7d68350eaa58944f3129909e03b7baeb6f26a58e84a3cb1cbae567639cd66fc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/10774078/1632247291206/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 09:01:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1373
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 492
x-xss-protection: 0
last-modified: Tue, 21 Sep 2021 18:01:31 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 15 Oct 2021 09:01:08 GMT

GET
H2 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 0D96 1 KB
784 B 8ms
7ms Document
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com
URL: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: pagead2.googlesyndication.com
:scheme: https
:path: /pagead/s/cookie_push_onload.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Wed, 13 Oct 2021 21:06:15 GMT
expires: Thu, 14 Oct 2021 21:06:15 GMT
content-type: text/html; charset=UTF-8
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
age: 44266
cache-control: public, max-age=86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame CAB7 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a069c0b36a8879e2176adfea7d492b0c4c1fb0b79ae4f23fd31f85042aa5bca0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 inside-20.js Show response
cdn.js7k.com/rq/iv/ Frame 2E7E 43 KB
14 KB 8ms
8ms Script
application/javascript 2a00:1288:80:800::7000
YAHOO-DEB

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.js7k.com/rq/iv/inside-20.js

Requested by

Host: pr.ybp.yahoo.com
URL: https://pr.ybp.yahoo.com/ab/secure/true/imp/r2V8Q40wXb4bebSjAw96weRzIh2gG9yo5dYTkZBb_xWuDQIWK0kvVhGvbW6ohgvuSA_1x8b62ScEyLkjP39CCJODAIg9Yg_zWhJCYKJzksBzO9fbwQanWGzbLii_0lM1oOP3sJs7JyXaFCX2GngTJkilxaL1Yx6DUe4ipKWWH_9FiTbEm8GUvR0ZcW3NLFFDkRAn-WS_7IP7f3TXr5TVgTG6nSJQUlH94iy2YqbpNjwsucihDb48GicSQHg0tmJErRF3T8JJUmNFCVFfbZz1iC1VbtGXXzre5wOp7zZ1QoT1UnEjJ6vY4fXldute8hSMapQQdROO_SThZ63rfeeetXpyMZsoVawiWg2TAhaLoXySOZ2KngTTlTTGGuIjhndqaU3vEoa7jWZlYHv4OT8rS4xmBIAFHeImh3UeGRL0hxALiblitctpo-9-7uJOqoCt6KBcP9XDFnjPAntIhA3PucAMWkOeJGcOnLW-_FSIYtc5TanE5wjBCdBIgsqnB7PSnsYayxdNCKYMnB8ym-g_JU14Horxx0dvyMV1kbwCKbbfIz_NcHjDm_1yFLYFvhEPwZKTik3c8KdLOvKuiHFFI79ZvZVj39JB_JRZ6TuK-rsjT5_2f1Tw4JRtP1uOiAq22yVBcCAzVc1q_jm83UQeJIIc3aIBYhkvOPd9NFpBTGuICroTAMFRGPXNrg3ON7DlFEhuPa7SNMrqtSHh0ksUFQetAMAwrGFuugGnd_RTF9vFAEom8admbRth1yh0qkDFyiNEdcAK_FtLNr6D5VWmIYxhnuH4KHNtXthPQJdKSN0lC3t5XLrJuBr6fH1v85j2ze15KI5VAvOh5iRa_CFCi6Yh-O91AeyI25pf7Z6q_m1lYUskHPJvFa-YKdExOf3KfB9Nv6kKAmFO2VU25TVvD3iZSXw4zCH35KO54pi2AxwpzYZvt7OwRxZztV5FPKOsrabGTw26m6FhZXsfPEWJA_OYe_EDUMyTx4ASGeQoMguASJQPcFdJbCZwTtJcyW5COyHnpcJ0onP4wCndJV0w-zgRfsaz_ZJJxc-lHc5a3mMKHSUnhXFd-eF9m6DZ3zbykkDJYIC0pa72af4q1sU8OqUI4A71ZDzGcUlOs_0Uh7zm-uipIHZBgo9srcjywEAymbzWP9BWFO9gOfaOtyuLW-XPTipM3UHXQqR8by48PHRRWjQoto_QRVNKNnalxXBgT9lxGE1P5mRuKfjnleXcoBjFTkc_eWztAoBW4PRe3xf-Qi1Lq6ZtbgqR1hFAlSXtcPd2Un1hPgHLtygCOuuIvydt4Mka2OZpD5Z1fP2ddMJ6CIkA6zbIXsuUV_w1zlyeGx7d99k4onLKhEuneIPpVgcqKYlfMvH09dFCo3ja9m9pH56Jam_QOHWBvXT3tpUxA9DOQt6pTVyQc2vuTmEXzFNv0IqHdZQJ8eiE2PWXUEbbquSQHZSl7_Hk6VMgXUaO/wp/0.061745/pclick/https%3A%2F%2Fprod-m-node-3113.ssp.yahoo.com%2Fadmax%2FadClick.do%3Fdcn%3D8a96989e0179791f18f5243a99af00e7%26n%3DYahoo%2BSSP%26id%3Dbb9a3e917fa44a95acad1d3c0aa80462%26tid%3D8a9699f50176764de20050a384b4001b%26nid%3D8a808aee2edf264a012f0d6ee4e87844%26pos%3D8a96989e0179791f18f5243dae1700f2%26grp%3D%253F%253F%253F%26type%3D0%26nl%3D1634203437470%26rts%3D1634203437399%26ari%3Da39e7584cf30472884c191be7fc90008%26b%3DMTMyMzQ7Ozs7Ozs7Mzc5NDcxMzE7Ozs7Ozs7Ozs.%26a%3D85882ed52a0146c8bea7b9778624ddc5%26rdm%3D1%26rd%3D

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1288:80:800::7000 Frankfurt am Main, Germany, ASN203220 (YAHOO-DEB, GB),

Reverse DNS

Software

ATS /

Resource Hash

b881933fe54cb1f5fff57af861b24625152804dc14462501e7f1fde3b11fe4a1

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 05:48:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 12948
x-amz-server-side-encryption: AES256
vary: Origin, Accept-Encoding
content-length: 14351
x-amz-id-2: Y2TkEiZSM8b9ofFHDwHlWUGBAEmpPoHb+L9dxk1CgIFKxoiEPyT3dnQZZtBd69ZwW9clXBH+J34=
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 09 Sep 2021 15:05:50 GMT
server: ATS
etag: "f881746c8b26f5492cfb9be16c44dbcc-df"
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=15552000
x-amz-request-id: 63VAJXFDM5AR2RZD
x-xss-protection: 1; mode=block
cache-control: public,max-age=14400
accept-ranges: bytes
content-type: application/javascript; charset=utf-8

GET
H2 200 2b88db20-3f90-4c10-bac9-4a259dad727d.jpeg
s.yimg.com/ch/ Frame 2E7E 62 KB
63 KB 21ms
9ms Image
image/jpeg 2a00:1288:80:800::7000
YAHOO-DEB

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.yimg.com/ch/2b88db20-3f90-4c10-bac9-4a259dad727d.jpeg

Requested by

Host: 3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com
URL: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1288:80:800::7000 Frankfurt am Main, Germany, ASN203220 (YAHOO-DEB, GB),

Reverse DNS

Software

ATS /

Resource Hash

22f1739c6b09a4218f4c52544bd53a66ac73282dce87d46dee3ac1eff3004939

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

ats-carp-promotion: 1
date: Mon, 27 Sep 2021 12:24:28 GMT
x-content-type-options: nosniff
age: 1457974
x-amz-server-side-encryption: AES256
vary: Origin
content-length: 63998
x-amz-id-2: 5QTmqagmGAyTyhpNVncFdYn0suN1WK4o+GhJa93uKZQHlvPPeqenqB8Qpoa6tl1wjfLoALwD7vs=
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 25 Aug 2021 13:33:06 GMT
server: ATS
etag: "988d8de064182d6b3cc4a0554d237c00"
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=15552000
x-amz-request-id: BVYV1XN8281NXPZS
x-xss-protection: 1; mode=block
cache-control: max-age=15552000, public
x-amz-version-id: null
accept-ranges: bytes
content-type: image/jpeg

GET
H2 200 adchoicesblue.png
s.yimg.com/ch/icons/adchoices/ Frame 2E7E 565 B
793 B 26ms
25ms Image
image/png 2a00:1288:80:800::7000
YAHOO-DEB

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.yimg.com/ch/icons/adchoices/adchoicesblue.png

Requested by

Host: 3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com
URL: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1288:80:800::7000 Frankfurt am Main, Germany, ASN203220 (YAHOO-DEB, GB),

Reverse DNS

Software

ATS /

Resource Hash

b8954ed878ae615531f62b8d9a95a79d9a86a84f4af1504bcbec32d8e62d7ebd

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

ats-carp-promotion: 1
date: Sun, 03 Oct 2021 13:55:50 GMT
x-content-type-options: nosniff
age: 934092
x-amz-server-side-encryption: AES256
vary: Origin
content-length: 565
x-amz-id-2: WJVEgxozdh8oN5Tt1dBu9G/TsqPPM4Ob7xX5poPwQ6JrjV5wZU8XUV9Aw2KPLf3rarTFW3naCoE=
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 22 Jul 2020 18:15:42 GMT
server: ATS
etag: "349bad1100a940608cb9109eb2b166a2"
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=15552000
x-amz-request-id: DA38ZBT03QYRZFDR
x-xss-protection: 1; mode=block
cache-control: max-age=15552000, public
x-amz-version-id: null
accept-ranges: bytes
content-type: image/png

GET
H2 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame E442 22 KB
8 KB 6ms
6ms Document
text/html 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/Enqz_20U.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
timing-allow-origin: *
content-length: 8395
date: Wed, 13 Oct 2021 21:29:08 GMT
expires: Thu, 13 Oct 2022 21:29:08 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 42893
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 Enabler_01_246.js Show response
s0.2mdn.net/879366/ Frame BD96 116 KB
39 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_246.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61714332/20210921072105971/300x250.html?e=69&leftOffset=0&topOffset=0&c=fcHuj9tsK7&t=1&renderingType=2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b64291fc91dc77833930ffcead244193c5cfd9e882af312ecc89b580160c22a1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61714332/20210921072105971/300x250.html?e=69&leftOffset=0&topOffset=0&c=fcHuj9tsK7&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 13 Oct 2021 11:08:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 80158
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 40237
x-xss-protection: 0
last-modified: Wed, 30 Jun 2021 20:54:51 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 14 Oct 2021 11:08:03 GMT

GET
H2 200 gsap_3.5.1_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame BD96 60 KB
24 KB 15ms
15ms Script
text/javascript 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.5.1_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61714332/20210921072105971/300x250.html?e=69&leftOffset=0&topOffset=0&c=fcHuj9tsK7&t=1&renderingType=2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

341e0d761251ee538d0cad6322c66abdbf78dc7d6f3ca62f3459fab822a2103f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61714332/20210921072105971/300x250.html?e=69&leftOffset=0&topOffset=0&c=fcHuj9tsK7&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 09:24:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 24155
x-xss-protection: 0
last-modified: Mon, 31 Aug 2020 21:23:17 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 14 Oct 2021 09:24:01 GMT

GET
H2

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 4279
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
167 B

22ms
22ms

Document
text/html

2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Host: 3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com
URL: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/si?st=NO_DATA
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
cookie: IDE=AHWqTUlopxitySf2MkNATtgMj4sCbW4PdSTqR7wFButfVKU5IY96dTnuVrJvps2xJUk
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Thu, 14 Oct 2021 09:24:01 GMT
server: safe
content-length: 0
x-xss-protection: 0
set-cookie: DSID=NO_DATA; expires=Thu, 14-Oct-2021 10:24:01 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Thu, 14 Oct 2021 09:24:01 GMT
cache-control: private

Redirect headers

location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
cache-control: private
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Thu, 14 Oct 2021 09:24:01 GMT
server: safe
content-length: 257
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 27E7 22 KB
8 KB 7ms
7ms Document
text/html 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/Enqz_20U.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
timing-allow-origin: *
content-length: 8395
date: Wed, 13 Oct 2021 21:29:08 GMT
expires: Thu, 13 Oct 2022 21:29:08 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 42893
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 d7f1c17162b23a1997e2a6527b94d5e7.js Show response
s0.2mdn.net/10774078/1632247781786/ Frame A300 65 KB
17 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/10774078/1632247781786/d7f1c17162b23a1997e2a6527b94d5e7.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/10774078/1632247781786/index.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

89fcc0375149a3f29180c96159cca98bffe1e6bbb2ba93727628c90ccaa91db5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/10774078/1632247781786/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 09:00:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1414
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17207
x-xss-protection: 0
last-modified: Tue, 21 Sep 2021 18:09:41 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 15 Oct 2021 09:00:27 GMT

GET
H2 200 d7f1c17162b23a1997e2a6527b94d5e7.js Show response
s0.2mdn.net/10774078/1632247878285/ Frame A5C7 65 KB
17 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/10774078/1632247878285/d7f1c17162b23a1997e2a6527b94d5e7.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/10774078/1632247878285/index.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

89fcc0375149a3f29180c96159cca98bffe1e6bbb2ba93727628c90ccaa91db5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/10774078/1632247878285/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 09:00:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1424
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17207
x-xss-protection: 0
last-modified: Tue, 21 Sep 2021 18:11:18 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 15 Oct 2021 09:00:17 GMT

GET
H2 200 7aea3848707ee5be685ed8455e4eee89.js Show response
s0.2mdn.net/10774078/1632247291206/ Frame BECD 65 KB
17 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/10774078/1632247291206/7aea3848707ee5be685ed8455e4eee89.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/10774078/1632247291206/index.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2bebd66fa14c28326d3bbeed6f458b834ff39ca2530282bb42dad895834712db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/10774078/1632247291206/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 09:01:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1376
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17205
x-xss-protection: 0
last-modified: Tue, 21 Sep 2021 18:01:31 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 15 Oct 2021 09:01:05 GMT

GET
H2 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 5FFF 22 KB
8 KB 6ms
6ms Document
text/html 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/Enqz_20U.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
timing-allow-origin: *
content-length: 8395
date: Wed, 13 Oct 2021 21:29:08 GMT
expires: Thu, 13 Oct 2022 21:29:08 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 42893
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 7aea3848707ee5be685ed8455e4eee89.js Show response
s0.2mdn.net/10774078/1632247291206/ Frame 8C20 65 KB
17 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/10774078/1632247291206/7aea3848707ee5be685ed8455e4eee89.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/10774078/1632247291206/index.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2bebd66fa14c28326d3bbeed6f458b834ff39ca2530282bb42dad895834712db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/10774078/1632247291206/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 09:01:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1376
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17205
x-xss-protection: 0
last-modified: Tue, 21 Sep 2021 18:01:31 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 15 Oct 2021 09:01:05 GMT

GET
H2 200 m_71LU70zG8G78x6hYSYf2B3ELc7BGRgbsZokPhgXAY.js Show response
pagead2.googlesyndication.com/bg/ Frame 9204 35 KB
13 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/m_71LU70zG8G78x6hYSYf2B3ELc7BGRgbsZokPhgXAY.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9bfef52d4ef4cc6f06efcc7a8584987f607710b73b0464606ec66890f8605c06

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 13 Oct 2021 23:22:10 GMT
content-encoding: br
x-content-type-options: nosniff
age: 36111
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13358
x-xss-protection: 0
last-modified: Tue, 05 Oct 2021 11:38:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="botguard-scs"
expires: Thu, 13 Oct 2022 23:22:10 GMT

GET
H2 200 dpixel
cms.quantserve.com/ Frame 331F 35 B
463 B 46ms
14ms Image
image/gif 2620:116:800d:21:f916:5049:f87f:108e
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEAjYnFlvPiR4NF25xW794ak&google_cver=1&google_push=AYg5qPJMLnQKS5lpKlzBjFlNKA07-87PjxydoNhArp5yDlPG9q23PH1p2LYLltcNY3V_PHEO5icoCcqUh45pOHaHPO12jVxd_Ldf

Requested by

Host: 3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com
URL: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:f916:5049:f87f:108e , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Oct 2021 09:24:01 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
cache-control: private, no-cache, no-store, proxy-revalidate
content-type: image/gif
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 331F
Redirect Chain

https://pixel.everesttech.net/1/m?url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Deverest%26google_hm%3D__EFGSURFER_USB64__%26google_push%3DAYg5qPL1F6T-gJLP3yOna6EG719SLAdapUx7Wr0T2LD...
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WVdmM01RQUFBSGZYNVVJbQ&google_push=AYg5qPL1F6T-gJLP3yOna6EG719SLAdapUx7Wr0T2LDTGY10V80wSi0LxwEGvrpWDvJOhCGhejMIPceECBvDNoT6ZnXAERwWh16A

170 B
188 B

17ms
16ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WVdmM01RQUFBSGZYNVVJbQ&google_push=AYg5qPL1F6T-gJLP3yOna6EG719SLAdapUx7Wr0T2LDTGY10V80wSi0LxwEGvrpWDvJOhCGhejMIPceECBvDNoT6ZnXAERwWh16A

Requested by

Host: 3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com
URL: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Oct 2021 09:24:01 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WVdmM01RQUFBSGZYNVVJbQ&google_push=AYg5qPL1F6T-gJLP3yOna6EG719SLAdapUx7Wr0T2LDTGY10V80wSi0LxwEGvrpWDvJOhCGhejMIPceECBvDNoT6ZnXAERwWh16A
Date: Thu, 14 Oct 2021 09:24:01 GMT
Server: Apache
Connection: keep-alive
Content-Length: 391
Content-Type: text/html; charset=iso-8859-1

GET
H2 200 google
match.adsrvr.org/track/cmf/ Frame 331F 70 B
264 B 115ms
27ms Image
image/gif 13.248.242.197
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/google?google_gid=CAESEGBHFpInoL43bcHimkdvHjg&google_cver=1&google_push=AYg5qPIOTe-2A1NwRZOS4OokNhM56LLfP9OlRZnebO6F876qY_huGwO4ZRzleI-WGfNPopohaj7iYu2rVwzs5ca9613uMfp1RMH6
Requested by: Host: 3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com
URL: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.248.242.197 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a97adde81b00f2ca4.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Oct 2021 09:24:01 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H2 204 pixelSync
pixel-sync.sitescout.com/dmp/ Frame 331F 0
191 B 76ms
25ms Image
text/plain 66.155.71.25
COGECO-PEER1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel-sync.sitescout.com/dmp/pixelSync?nid=8&google_gid=CAESEAJ8gx1sFpKrgB7Y2bOtmIk&google_cver=1&google_push=AYg5qPIzeGvdEGw9YxM8h_OZPfAvTgxheUV1VxGlmdBMjUi5ZG42ggOc2_t1mjeqTg9X3BLqjj0KQ1dMZv44nFz57f1cxsDe5Na1
Requested by: Host: 3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com
URL: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 66.155.71.25 Portsmouth, United Kingdom, ASN13768 (COGECO-PEER1, CA),
Reverse DNS
Software: AC1.1 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Oct 2021 09:24:01 GMT
cache-control: max-age=0,no-cache,no-store
server: AC1.1
p3p: CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
expires: Tue, 11 Oct 1977 12:34:56 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 331F
Redirect Chain

https://sync.tidaltv.com/genericusersync.ashx?dpid=glrdr&google_gid=CAESEJHoH95pXhpWSaTzYy15EcA&google_cver=1&google_push=AYg5qPLdiBpa3LNv_zQQ9_ij3CznI9tzi_6C1sjByCD8LF9JyIXcPFC8KGF1rRJ2y2u8Ua2-R33...
https://sync.tidaltv.com/genericusersync.ashx?dpid=glrdr&google_gid=CAESEJHoH95pXhpWSaTzYy15EcA&google_cver=1&google_push=AYg5qPLdiBpa3LNv_zQQ9_ij3CznI9tzi_6C1sjByCD8LF9JyIXcPFC8KGF1rRJ2y2u8Ua2-R33...
https://cm.g.doubleclick.net/pixel?google_nid=lucid1&google_push&google_hm=5hliCRscRlm2SQpvIDMwAQ&gdpr=1&gdpr_consent=

170 B
188 B

19ms
18ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=lucid1&google_push&google_hm=5hliCRscRlm2SQpvIDMwAQ&gdpr=1&gdpr_consent=

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Oct 2021 09:24:02 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 14 Oct 2021 09:24:02 GMT
server: Apache-Coyote/1.1
location: https://cm.g.doubleclick.net/pixel?google_nid=lucid1&google_push&google_hm=5hliCRscRlm2SQpvIDMwAQ&gdpr=1&gdpr_consent=
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-length: 0
x-xss-protection: 1; mode=block
expires: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 331F
Redirect Chain

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEMMXwWU8CTP5pWv5_e8Vd9Q&google_cver=1&google_push=AYg5qPIkkYs19rYf5nveSkmu28l-GOlbg17W0thw3R6nS7wJcfJ9HCAUlED-iw4vO_Bh5HEo4em08HhGFrYKfdMpiz3_xpz...
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AYg5qPIkkYs19rYf5nveSkmu28l-GOlbg17W0thw3R6nS7wJcfJ9HCAUlED-iw4vO_Bh5HEo4em08HhGFrYKfdMpiz3_xpz9e7o&google_hm=MjY5MjQ0MTQxMTQwNzQ4MTg5

170 B
188 B

17ms
16ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AYg5qPIkkYs19rYf5nveSkmu28l-GOlbg17W0thw3R6nS7wJcfJ9HCAUlED-iw4vO_Bh5HEo4em08HhGFrYKfdMpiz3_xpz9e7o&google_hm=MjY5MjQ0MTQxMTQwNzQ4MTg5

Requested by

Host: 3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com
URL: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Oct 2021 09:24:01 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Thu, 14 Oct 2021 09:24:01 GMT
referrer-policy: strict-origin-when-cross-origin
server: ATS
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=31536000
location: https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AYg5qPIkkYs19rYf5nveSkmu28l-GOlbg17W0thw3R6nS7wJcfJ9HCAUlED-iw4vO_Bh5HEo4em08HhGFrYKfdMpiz3_xpz9e7o&google_hm=MjY5MjQ0MTQxMTQwNzQ4MTg5
x-xss-protection: 1; mode=block
content-length: 0
x-content-type-options: nosniff
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 331F
Redirect Chain

https://eb2.3lift.com/ebda?sync=1&google_gid=CAESEM-haXFWLUtpb5OvoiqX3og&google_cver=1&google_push=AYg5qPJLsxdsNt9xvxxFCw6pMvCWyg_PQqJ22R1oExenNdagrnYOqCNyZOpsZPz-DalvXw_wYJBmnRsHbajJkCdvi5BZYRIsZ98
https://eb2.3lift.com/sync/google/supply?ld=1&gdpr=1&cmp_cs=&us_privacy=&sync=1&google_push=AYg5qPJLsxdsNt9xvxxFCw6pMvCWyg_PQqJ22R1oExenNdagrnYOqCNyZOpsZPz-DalvXw_wYJBmnRsHbajJkCdvi5BZYRIsZ98&googl...
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MjgxODgwNzc1MzkyNzY4OTE2NQ%3D%3D&google_push=AYg5qPJLsxdsNt9xvxxFCw6pMvCWyg_PQqJ22R1oExenNdagrnYOqCNyZOps...

170 B
188 B

17ms
17ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MjgxODgwNzc1MzkyNzY4OTE2NQ%3D%3D&google_push=AYg5qPJLsxdsNt9xvxxFCw6pMvCWyg_PQqJ22R1oExenNdagrnYOqCNyZOpsZPz-DalvXw_wYJBmnRsHbajJkCdvi5BZYRIsZ98

Requested by

Host: 3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com
URL: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Oct 2021 09:24:01 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MjgxODgwNzc1MzkyNzY4OTE2NQ%3D%3D&google_push=AYg5qPJLsxdsNt9xvxxFCw6pMvCWyg_PQqJ22R1oExenNdagrnYOqCNyZOpsZPz-DalvXw_wYJBmnRsHbajJkCdvi5BZYRIsZ98
date: Thu, 14 Oct 2021 09:24:01 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 331F 0
12 B 14ms
14ms Image
text/html 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13IPlptujyGkBgTRgf0ThT_Bfzuua_ppIfHw22hZPoWRAAVnn5isAHdpE5FovFpafik9PhcZ

Requested by

Host: 3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com
URL: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 09:24:01 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H2 200 m_71LU70zG8G78x6hYSYf2B3ELc7BGRgbsZokPhgXAY.js Show response
pagead2.googlesyndication.com/bg/ Frame AAD6 35 KB
13 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/m_71LU70zG8G78x6hYSYf2B3ELc7BGRgbsZokPhgXAY.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9bfef52d4ef4cc6f06efcc7a8584987f607710b73b0464606ec66890f8605c06

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 13 Oct 2021 23:22:10 GMT
content-encoding: br
x-content-type-options: nosniff
age: 36111
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13358
x-xss-protection: 0
last-modified: Tue, 05 Oct 2021 11:38:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="botguard-scs"
expires: Thu, 13 Oct 2022 23:22:10 GMT

GET
H2 200 m_71LU70zG8G78x6hYSYf2B3ELc7BGRgbsZokPhgXAY.js Show response
pagead2.googlesyndication.com/bg/ Frame E819 35 KB
13 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/m_71LU70zG8G78x6hYSYf2B3ELc7BGRgbsZokPhgXAY.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9bfef52d4ef4cc6f06efcc7a8584987f607710b73b0464606ec66890f8605c06

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 13 Oct 2021 23:22:10 GMT
content-encoding: br
x-content-type-options: nosniff
age: 36111
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13358
x-xss-protection: 0
last-modified: Tue, 05 Oct 2021 11:38:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="botguard-scs"
expires: Thu, 13 Oct 2022 23:22:10 GMT

GET
H2 200 m_71LU70zG8G78x6hYSYf2B3ELc7BGRgbsZokPhgXAY.js Show response
pagead2.googlesyndication.com/bg/ Frame 0EC8 35 KB
13 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/m_71LU70zG8G78x6hYSYf2B3ELc7BGRgbsZokPhgXAY.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9bfef52d4ef4cc6f06efcc7a8584987f607710b73b0464606ec66890f8605c06

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 13 Oct 2021 23:22:10 GMT
content-encoding: br
x-content-type-options: nosniff
age: 36111
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13358
x-xss-protection: 0
last-modified: Tue, 05 Oct 2021 11:38:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="botguard-scs"
expires: Thu, 13 Oct 2022 23:22:10 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 1C30
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=4&google_gid=CAESEFdGoEp47IPXTjCtkOkfHWc&google_cver=1&google_push=AYg5qPJl6JLBZn0amtM94HeGeWEfgTRDSm_lE4B9GHizq3ycuyZk1hL0vHRXQg8WFceL6dt4zTj9pEZIJvBi1qrk...
https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=AYg5qPJl6JLBZn0amtM94HeGeWEfgTRDSm_lE4B9GHizq3ycuyZk1hL0vHRXQg8WFceL6dt4zTj9pEZIJvBi1qrkkym2a14oRw

170 B
188 B

17ms
16ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=AYg5qPJl6JLBZn0amtM94HeGeWEfgTRDSm_lE4B9GHizq3ycuyZk1hL0vHRXQg8WFceL6dt4zTj9pEZIJvBi1qrkkym2a14oRw

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Oct 2021 09:24:01 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Thu, 14 Oct 2021 09:24:01 GMT
Server: MT3 4033 f73cd20 master cdg-pixel-x1 config:1.0.1
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=AYg5qPJl6JLBZn0amtM94HeGeWEfgTRDSm_lE4B9GHizq3ycuyZk1hL0vHRXQg8WFceL6dt4zTj9pEZIJvBi1qrkkym2a14oRw
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Thu, 14 Oct 2021 09:24:00 GMT

GET
H2 200 google
match.adsrvr.org/track/cmf/ Frame 1C30 70 B
265 B 101ms
27ms Image
image/gif 13.248.242.197
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/google?google_gid=CAESEGBHFpInoL43bcHimkdvHjg&google_cver=1&google_push=AYg5qPIM09RSKUPtOzoNPdB9RZ66XplCpHqm6mTKutItOM2n672K6g6n_kpvP1cF4zMyvznSZuLhnMLx4vhg6IJaA7cAmUtGVsg
Requested by: Host: 3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com
URL: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.248.242.197 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a97adde81b00f2ca4.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Oct 2021 09:24:01 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 1C30
Redirect Chain

https://rtb.openx.net/sync/dds?google_gid=CAESEJ_U62KNZUpkHgWbWL8xwKI&google_cver=1&google_push=AYg5qPIigXA1bCveDb4ZGtppk2q99BGzFKXycV2-jp2NEKObjehyKYESUKAQFUciLzEnBOL_ZoLRcjqcaky1WOLftLOm9qo7V7I
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPIigXA1bCveDb4ZGtppk2q99BGzFKXycV2-jp2NEKObjehyKYESUKAQFUciLzEnBOL_ZoLRcjqcaky1WOLftLOm9qo7V7I&google_hm=4j39PU-SxEUvmVM1u4CnYw==

170 B
188 B

24ms
23ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPIigXA1bCveDb4ZGtppk2q99BGzFKXycV2-jp2NEKObjehyKYESUKAQFUciLzEnBOL_ZoLRcjqcaky1WOLftLOm9qo7V7I&google_hm=4j39PU-SxEUvmVM1u4CnYw==

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Oct 2021 09:24:01 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 14 Oct 2021 09:24:01 GMT
via: 1.1 google
server: Cowboy
access-control-allow-origin: null
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
location: https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPIigXA1bCveDb4ZGtppk2q99BGzFKXycV2-jp2NEKObjehyKYESUKAQFUciLzEnBOL_ZoLRcjqcaky1WOLftLOm9qo7V7I&google_hm=4j39PU-SxEUvmVM1u4CnYw==
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
alt-svc: clear
content-length: 0
x-request-id: fuokj1d98eqfjob2oviff3p43uea77rt

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 1C30
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=bA8_UmtMS7GU-5VkDDymLg%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

17ms
17ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=bA8_UmtMS7GU-5VkDDymLg%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPJ-nGh-1AKFsQlt8mHAc3ZytGAB0UsXVdH4rZ0iJ4nGcqcs_LaqkMLmJrtDkGJQON9Mi_QsXd9TeWXbdueGQAb3N3C1D98

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Oct 2021 09:24:01 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=bA8_UmtMS7GU-5VkDDymLg%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPJ-nGh-1AKFsQlt8mHAc3ZytGAB0UsXVdH4rZ0iJ4nGcqcs_LaqkMLmJrtDkGJQON9Mi_QsXd9TeWXbdueGQAb3N3C1D98
date: Thu, 14 Oct 2021 09:24:01 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET

pixel
cm.g.doubleclick.net/ Frame 1C30
Redirect Chain

https://match.360yield.com/match/ebda?google_gid=CAESEP-noxAu48zyXqHyryPi-RE&google_cver=1&google_push=AYg5qPJLoSt8sSHV5XUPzJIRyRr-F2P-CgrjdQZwYrU8XqP5jmClOk3LLRjaUVrgJTTyD2eyEx0_J_bRYS_M9_BEQmYb6_...
https://match.360yield.com/ul_cb/match/ebda?google_gid=CAESEP-noxAu48zyXqHyryPi-RE&google_cver=1&google_push=AYg5qPJLoSt8sSHV5XUPzJIRyRr-F2P-CgrjdQZwYrU8XqP5jmClOk3LLRjaUVrgJTTyD2eyEx0_J_bRYS_M9_BE...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=hUOdT7ouQB-JAgRnuELd4g&google_push=AYg5qPJLoSt8sSHV5XUPzJIRyRr-F2P-CgrjdQZwYrU8XqP5jmClOk3LLRjaUVrgJTTyD2eyEx0_J_bRYS_M9_B...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=hUOdT7ouQB-JAgRnuELd4g&google_push=AYg5qPJLoSt8sSHV5XUPzJIRyRr-F2P-CgrjdQZwYrU8XqP5jmClOk3LLRjaUVrgJTTyD2eyEx0_J_bRYS_M9_B...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=hUOdT7ouQB-JAgRnuELd4g&google_push=AYg5qPJLoSt8sSHV5XUPzJIRyRr-F2P-CgrjdQZwYrU8XqP5jmClOk3LLRjaUVrgJTTyD2eyEx0_J_bRYS_M9_B...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=hUOdT7ouQB-JAgRnuELd4g&google_push=AYg5qPJLoSt8sSHV5XUPzJIRyRr-F2P-CgrjdQZwYrU8XqP5jmClOk3LLRjaUVrgJTTyD2eyEx0_J_bRYS_M9_B...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=hUOdT7ouQB-JAgRnuELd4g&google_push=AYg5qPJLoSt8sSHV5XUPzJIRyRr-F2P-CgrjdQZwYrU8XqP5jmClOk3LLRjaUVrgJTTyD2eyEx0_J_bRYS_M9_B...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=hUOdT7ouQB-JAgRnuELd4g&google_push=AYg5qPJLoSt8sSHV5XUPzJIRyRr-F2P-CgrjdQZwYrU8XqP5jmClOk3LLRjaUVrgJTTyD2eyEx0_J_bRYS_M9_B...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=hUOdT7ouQB-JAgRnuELd4g&google_push=AYg5qPJLoSt8sSHV5XUPzJIRyRr-F2P-CgrjdQZwYrU8XqP5jmClOk3LLRjaUVrgJTTyD2eyEx0_J_bRYS_M9_B...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=hUOdT7ouQB-JAgRnuELd4g&google_push=AYg5qPJLoSt8sSHV5XUPzJIRyRr-F2P-CgrjdQZwYrU8XqP5jmClOk3LLRjaUVrgJTTyD2eyEx0_J_bRYS_M9_B...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=hUOdT7ouQB-JAgRnuELd4g&google_push=AYg5qPJLoSt8sSHV5XUPzJIRyRr-F2P-CgrjdQZwYrU8XqP5jmClOk3LLRjaUVrgJTTyD2eyEx0_J_bRYS_M9_B...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=hUOdT7ouQB-JAgRnuELd4g&google_push=AYg5qPJLoSt8sSHV5XUPzJIRyRr-F2P-CgrjdQZwYrU8XqP5jmClOk3LLRjaUVrgJTTyD2eyEx0_J_bRYS_M9_B...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=hUOdT7ouQB-JAgRnuELd4g&google_push=AYg5qPJLoSt8sSHV5XUPzJIRyRr-F2P-CgrjdQZwYrU8XqP5jmClOk3LLRjaUVrgJTTyD2eyEx0_J_bRYS_M9_B...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=hUOdT7ouQB-JAgRnuELd4g&google_push=AYg5qPJLoSt8sSHV5XUPzJIRyRr-F2P-CgrjdQZwYrU8XqP5jmClOk3LLRjaUVrgJTTyD2eyEx0_J_bRYS_M9_B...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=hUOdT7ouQB-JAgRnuELd4g&google_push=AYg5qPJLoSt8sSHV5XUPzJIRyRr-F2P-CgrjdQZwYrU8XqP5jmClOk3LLRjaUVrgJTTyD2eyEx0_J_bRYS_M9_B...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=hUOdT7ouQB-JAgRnuELd4g&google_push=AYg5qPJLoSt8sSHV5XUPzJIRyRr-F2P-CgrjdQZwYrU8XqP5jmClOk3LLRjaUVrgJTTyD2eyEx0_J_bRYS_M9_B...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=hUOdT7ouQB-JAgRnuELd4g&google_push=AYg5qPJLoSt8sSHV5XUPzJIRyRr-F2P-CgrjdQZwYrU8XqP5jmClOk3LLRjaUVrgJTTyD2eyEx0_J_bRYS_M9_B...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=hUOdT7ouQB-JAgRnuELd4g&google_push=AYg5qPJLoSt8sSHV5XUPzJIRyRr-F2P-CgrjdQZwYrU8XqP5jmClOk3LLRjaUVrgJTTyD2eyEx0_J_bRYS_M9_B...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=hUOdT7ouQB-JAgRnuELd4g&google_push=AYg5qPJLoSt8sSHV5XUPzJIRyRr-F2P-CgrjdQZwYrU8XqP5jmClOk3LLRjaUVrgJTTyD2eyEx0_J_bRYS_M9_B...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=hUOdT7ouQB-JAgRnuELd4g&google_push=AYg5qPJLoSt8sSHV5XUPzJIRyRr-F2P-CgrjdQZwYrU8XqP5jmClOk3LLRjaUVrgJTTyD2eyEx0_J_bRYS_M9_B...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=hUOdT7ouQB-JAgRnuELd4g&google_push=AYg5qPJLoSt8sSHV5XUPzJIRyRr-F2P-CgrjdQZwYrU8XqP5jmClOk3LLRjaUVrgJTTyD2eyEx0_J_bRYS_M9_B...

0
0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 1C30
Redirect Chain

https://pixel.advertising.com/ups/58202/sync?gdpr=&gdpr_consent=&redir=true&google_gid=CAESEM3GUF5fSXG3sBf8xBPdWd4&google_cver=1&google_push=AYg5qPKPjYE-2unhM18YkHQSPrxm_BumOQeLCUaqvMN__BQlNLM3xxB6...
https://ups.analytics.yahoo.com/ups/58202/sync?gdpr=&gdpr_consent=&redir=true&google_gid=CAESEM3GUF5fSXG3sBf8xBPdWd4&google_cver=1&google_push=AYg5qPKPjYE-2unhM18YkHQSPrxm_BumOQeLCUaqvMN__BQlNLM3xx...
https://cm.g.doubleclick.net/pixel?google_nid=oath_eb&google_hm=VVA3NmZkNjM4OS0yY2QwLTExZWMtYjU3Yy0wMmU4YWQ5ZTdkOTY%3D&google_push=AYg5qPKPjYE-2unhM18YkHQSPrxm_BumOQeLCUaqvMN__BQlNLM3xxB6DGo47OY1Ht...

170 B
188 B

18ms
18ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=oath_eb&google_hm=VVA3NmZkNjM4OS0yY2QwLTExZWMtYjU3Yy0wMmU4YWQ5ZTdkOTY%3D&google_push=AYg5qPKPjYE-2unhM18YkHQSPrxm_BumOQeLCUaqvMN__BQlNLM3xxB6DGo47OY1HtJHF9iyKJWL7ka24UhDr4V-2kBXQlwa-D5_

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Oct 2021 09:24:01 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Thu, 14 Oct 2021 09:24:01 GMT
Server: ATS/7.1.2.138
Age: 0
Strict-Transport-Security: max-age=31536000
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Location: https://cm.g.doubleclick.net/pixel?google_nid=oath_eb&google_hm=VVA3NmZkNjM4OS0yY2QwLTExZWMtYjU3Yy0wMmU4YWQ5ZTdkOTY%3D&google_push=AYg5qPKPjYE-2unhM18YkHQSPrxm_BumOQeLCUaqvMN__BQlNLM3xxB6DGo47OY1HtJHF9iyKJWL7ka24UhDr4V-2kBXQlwa-D5_
Connection: keep-alive
Content-Length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 1C30
Redirect Chain

https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEFCllLQeRtTHh-UQjlDBFes&google_cver=1&google_push=AYg5qPIGjBSTs6x-hfkx-VTQqjh9_0uDYzX4ydkBuklZjVEWBi1UCraZgYq-CXk9e3oto9EeFC...
https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS1OUXN2RU1KRTJ1SHVmREtWblc3OGxlejRRTS5KcHdPT35B&google_push=AYg5qPIGjBSTs6x-hfkx-VTQqjh9_0uDYzX4ydkBuklZjVEWBi1UCraZg...

170 B
188 B

18ms
17ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS1OUXN2RU1KRTJ1SHVmREtWblc3OGxlejRRTS5KcHdPT35B&google_push=AYg5qPIGjBSTs6x-hfkx-VTQqjh9_0uDYzX4ydkBuklZjVEWBi1UCraZgYq-CXk9e3oto9EeFC71KUiOmzkiL6OscziAK--hbNCg

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Oct 2021 09:24:01 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Thu, 14 Oct 2021 09:24:01 GMT
Server: ATS/7.1.2.138
Age: 0
Strict-Transport-Security: max-age=31536000
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Location: https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS1OUXN2RU1KRTJ1SHVmREtWblc3OGxlejRRTS5KcHdPT35B&google_push=AYg5qPIGjBSTs6x-hfkx-VTQqjh9_0uDYzX4ydkBuklZjVEWBi1UCraZgYq-CXk9e3oto9EeFC71KUiOmzkiL6OscziAK--hbNCg
Connection: keep-alive
Content-Length: 0

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 1C30 0
12 B 15ms
14ms Image
text/html 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13Klm0n3s3hdbXGUs0QqqAl3k0B68fk3Bx0xdQZU6fwK8AvUHp3GBg-Uk39voxT4f9oxfGsJEtE

Requested by

Host: 3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com
URL: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 09:24:01 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET /
google2waycm.netmng.com/cm/ Frame E0D7 0
0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame E0D7
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESE...
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESECeGbH3GHU4MjPe-HDiKmks&google_push=AYg5qPJYX5NZpHRmKm2D77aFy-_TO3kok3AQdVKQxTtRNZJp9336xSUMyN...

170 B
188 B

19ms
18ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESECeGbH3GHU4MjPe-HDiKmks&google_push=AYg5qPJYX5NZpHRmKm2D77aFy-_TO3kok3AQdVKQxTtRNZJp9336xSUMyNq7zr7pOWFQ9dmkpT0_hZ9SsOn_8c6sHYoRpVbBj97c

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Oct 2021 09:24:01 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 14 Oct 2021 09:24:01 GMT
via: 1.1 varnish
server: Jetty(9.4.35.v20201120)
x-timer: S1634203441.163360,VS0,VE91
x-served-by: cache-fra19181-FRA
x-cache: MISS
p3p: CP="NOI DSP COR LAW PSAo PSDo IVAo IVDo OUR BUS UNI DEM"
location: https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESECeGbH3GHU4MjPe-HDiKmks&google_push=AYg5qPJYX5NZpHRmKm2D77aFy-_TO3kok3AQdVKQxTtRNZJp9336xSUMyNq7zr7pOWFQ9dmkpT0_hZ9SsOn_8c6sHYoRpVbBj97c
cache-control: no-cache
accept-ranges: bytes
access-control-allow-origin: *
content-length: 0
x-cache-hits: 0

GET
H2 200 google
match.adsrvr.org/track/cmf/ Frame E0D7 70 B
264 B 101ms
34ms Image
image/gif 13.248.242.197
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/google?google_gid=CAESEGBHFpInoL43bcHimkdvHjg&google_cver=1&google_push=AYg5qPIsB_5KEXlPssrsGMP3rlDpYX9aWh1mkDLS3ktctLbt47URX2-U1EaUNr5D-ZOIWFdH8qBtAtGR9VJYxzMQoaDUPkaA6d4
Requested by: Host: 3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com
URL: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.248.242.197 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a97adde81b00f2ca4.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Oct 2021 09:24:01 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame E0D7
Redirect Chain

https://gcm.ctnsnet.com/int/cm?exc=1&acc=crimtan&google_gid=CAESECIEj05zGyDJ5lp-N5W2Ct8&google_cver=1&google_push=AYg5qPI5oamFq_mpSQ3CrSKaHsY6fkKdfP1BBQQjWfmAFRa2EYFjuO0JmjP0_n1eYmCkOJmA6_ZL2n8wLsw...
https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AYg5qPI5oamFq_mpSQ3CrSKaHsY6fkKdfP1BBQQjWfmAFRa2EYFjuO0JmjP0_n1eYmCkOJmA6_ZL2n8wLswBDMJUCA9zuKUChQ1y&google_hm=SPTrDGffSOq07mvtGpJI0k8

170 B
188 B

17ms
17ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AYg5qPI5oamFq_mpSQ3CrSKaHsY6fkKdfP1BBQQjWfmAFRa2EYFjuO0JmjP0_n1eYmCkOJmA6_ZL2n8wLswBDMJUCA9zuKUChQ1y&google_hm=SPTrDGffSOq07mvtGpJI0k8

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Oct 2021 09:24:01 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 14 Oct 2021 09:24:01 GMT
via: 1.1 google
server: Apache-Coyote/1.1
status: 302
p3p: CP="NOI DSP COR NID CUR OUR NOR"
location: https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AYg5qPI5oamFq_mpSQ3CrSKaHsY6fkKdfP1BBQQjWfmAFRa2EYFjuO0JmjP0_n1eYmCkOJmA6_ZL2n8wLswBDMJUCA9zuKUChQ1y&google_hm=SPTrDGffSOq07mvtGpJI0k8
cache-control: no-cache, must-revalidate
content-type: text/html;charset=UTF-8
alt-svc: clear
content-length: 0
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame E0D7
Redirect Chain

https://ads.travelaudience.com/google_pixel?google_gid=CAESEPsN8yD6N7IPROGvifUmib4&google_cver=1&google_push=AYg5qPIbGfPeicBAAi497RPUQbYBFRaxcQ7Xk2FXTVifEHNz4ewsV4IalP5ZxA7hVKrMGNAQ2QHuZAUGDnUZxwJe...
https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=eiQGYwbrTCK5vD3zSuGBXQ2&google_push=AYg5qPIbGfPeicBAAi497RPUQbYBFRaxcQ7Xk2FXTVifEHNz4ewsV4IalP5ZxA7hVKrMGNAQ2QHuZAUGDnUZxwJeYk-GNtVJi7s4

170 B
188 B

19ms
18ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=eiQGYwbrTCK5vD3zSuGBXQ2&google_push=AYg5qPIbGfPeicBAAi497RPUQbYBFRaxcQ7Xk2FXTVifEHNz4ewsV4IalP5ZxA7hVKrMGNAQ2QHuZAUGDnUZxwJeYk-GNtVJi7s4

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Oct 2021 09:24:01 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Thu, 14 Oct 2021 09:24:01 GMT
via: 1.1 google
x-engine-version: 0.0.0
server: nginx/1.15.12
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR LAW CUR DEV PSA PSD IVA OUR BUS UNI COM NAV INT CNT LOC"
location: https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=eiQGYwbrTCK5vD3zSuGBXQ2&google_push=AYg5qPIbGfPeicBAAi497RPUQbYBFRaxcQ7Xk2FXTVifEHNz4ewsV4IalP5ZxA7hVKrMGNAQ2QHuZAUGDnUZxwJeYk-GNtVJi7s4
x-host: tde-deliveryengine-production-7f8fcb5db4-fz9pv
alt-svc: clear
content-length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame E0D7
Redirect Chain

https://tracking.m6r.eu/sync/adxRedirect?gdprFallback=true&google_gid=&google_gid=CAESEM3z3zsYGbFyOV-Qt9CCB7c&google_cver=1&google_push=AYg5qPJr_A5e6W-HPa34Nja5DoGZN818C-vXldQurBhQNqjSBuNOaPt5WUmPV...
https://tracking.m6r.eu/sync/adxRedirect?gdprFallback=true&google_gid=&google_gid=CAESEM3z3zsYGbFyOV-Qt9CCB7c&google_cver=1&google_push=AYg5qPJr_A5e6W-HPa34Nja5DoGZN818C-vXldQurBhQNqjSBuNOaPt5WUmPV...
https://cm.g.doubleclick.net/pixel?google_nid=m6r&google_ula=158217889&google_hm=TAO5O3QCu8lGE768YGwkFg&google_push=AYg5qPJr_A5e6W-HPa34Nja5DoGZN818C-vXldQurBhQNqjSBuNOaPt5WUmPVVatk_lcCGSvj8-f7iw_X...

170 B
188 B

19ms
18ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=m6r&google_ula=158217889&google_hm=TAO5O3QCu8lGE768YGwkFg&google_push=AYg5qPJr_A5e6W-HPa34Nja5DoGZN818C-vXldQurBhQNqjSBuNOaPt5WUmPVVatk_lcCGSvj8-f7iw_XHJ2B13PY8DNIeaOzbsV

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Oct 2021 09:24:02 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Thu, 14 Oct 2021 09:24:01 GMT
Server: nginx
Vary: Accept
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=m6r&google_ula=158217889&google_hm=TAO5O3QCu8lGE768YGwkFg&google_push=AYg5qPJr_A5e6W-HPa34Nja5DoGZN818C-vXldQurBhQNqjSBuNOaPt5WUmPVVatk_lcCGSvj8-f7iw_XHJ2B13PY8DNIeaOzbsV
Connection: close
Content-Type: text/plain; charset=utf-8
Content-Length: 238

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame E0D7
Redirect Chain

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEAH8jQM8dzZXBDPPIVy2XQU&google_cver=1&google_push=AYg5qPLZzxI50Y4JFChSAl-wNnwyI5lKIUJbg_m740AbOi9zYq4J39KfCm4mtgCtp0YRuBC27mILVDmK...
https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESEAH8jQM8dzZXBDPPIVy2XQU&google_cver=1&google_push=AYg5qPLZzxI50Y4JFChSAl-wNnwyI5lKIUJbg_m740AbOi9zYq4J39KfCm4mtgCtp0YRuBC27mI...
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=ODkxOTczOTczOTc2NjM5NDcwOA&google_push=AYg5qPLZzxI50Y4JFChSAl-wNnwyI5lKIUJbg_m740AbOi9zYq4J39KfCm4mtgCtp0YRuBC27mILVD...

170 B
188 B

18ms
18ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=ODkxOTczOTczOTc2NjM5NDcwOA&google_push=AYg5qPLZzxI50Y4JFChSAl-wNnwyI5lKIUJbg_m740AbOi9zYq4J39KfCm4mtgCtp0YRuBC27mILVDmKMzeh82teLTy1pXYnLz-8

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Oct 2021 09:24:01 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 14 Oct 2021 09:24:01 GMT
server: nginx
location: https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=ODkxOTczOTczOTc2NjM5NDcwOA&google_push=AYg5qPLZzxI50Y4JFChSAl-wNnwyI5lKIUJbg_m740AbOi9zYq4J39KfCm4mtgCtp0YRuBC27mILVDmKMzeh82teLTy1pXYnLz-8
access-control-max-age: 86400
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame E0D7 0
12 B 18ms
16ms Image
text/html 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13IL91KdRHXuNDgooggvo5YMAiemO2RZeNMwyCLBGyBsfV-B4u4-G9A83-peZrdl6snz5Wqs

Requested by

Host: 3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com
URL: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 09:24:01 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 897F 0
23 B 21ms
21ms Ping
image/gif 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: by-them.com
URL: https://by-them.com/430811?utm_medium=email&utm_source=mag_W000000003_thu&utm_campaign=mag_9999_0930&trflg=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Thu, 14 Oct 2021 09:24:01 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame BF5A 0
23 B 19ms
18ms Ping
image/gif 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: by-them.com
URL: https://by-them.com/430811?utm_medium=email&utm_source=mag_W000000003_thu&utm_campaign=mag_9999_0930&trflg=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Thu, 14 Oct 2021 09:24:01 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H2 200 d94d0765ceab5d513e58b0a93073a63a.png
s0.2mdn.net/10774078/1632247781786/media/ Frame A300 46 KB
46 KB 10ms
8ms Image
image/png 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/10774078/1632247781786/media/d94d0765ceab5d513e58b0a93073a63a.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/10774078/1632247781786/index.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3fec05550dbb546488dc40743ec15f08fc21d027ebb85db88e9b9a5618da91e7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/10774078/1632247781786/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 09:00:11 GMT
x-content-type-options: nosniff
age: 1430
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 47431
x-xss-protection: 0
last-modified: Tue, 21 Sep 2021 18:09:42 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 15 Oct 2021 09:00:11 GMT

GET
H2 200 020c18acbfb89981b85c8d7af8a26899.svg
s0.2mdn.net/10774078/1632247781786/media/ Frame A300 3 KB
899 B 11ms
8ms Image
image/svg+xml 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/10774078/1632247781786/media/020c18acbfb89981b85c8d7af8a26899.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/10774078/1632247781786/index.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

78ade184ea09ec2b6fa1fbbe503999ad6d796c3257167f63fbf5975b2317284e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/10774078/1632247781786/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 09:00:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1414
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 830
x-xss-protection: 0
last-modified: Tue, 21 Sep 2021 18:09:42 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 15 Oct 2021 09:00:27 GMT

GET
H2 200 eb661e226628b430c1340ae2cc8bae61.svg
s0.2mdn.net/10774078/1632247781786/media/ Frame A300 4 KB
1 KB 12ms
10ms Image
image/svg+xml 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/10774078/1632247781786/media/eb661e226628b430c1340ae2cc8bae61.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/10774078/1632247781786/index.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2c07923761a981499d0904c12f6a98320ee8fe2d46ca8fe8e94943778a972284

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/10774078/1632247781786/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 09:00:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1430
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1119
x-xss-protection: 0
last-modified: Tue, 21 Sep 2021 18:09:41 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 15 Oct 2021 09:00:11 GMT

GET
H2 200 9a752d5924f995e62b961842c072823b.svg
s0.2mdn.net/10774078/1632247781786/media/ Frame A300 858 B
532 B 12ms
11ms Image
image/svg+xml 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/10774078/1632247781786/media/9a752d5924f995e62b961842c072823b.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/10774078/1632247781786/index.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d150f405e6e8d15f193151a7a1ccaec84e2c3eea4a941044e60890b23016f8ee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/10774078/1632247781786/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 13 Oct 2021 10:00:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 84188
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 461
x-xss-protection: 0
last-modified: Tue, 21 Sep 2021 18:09:41 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 14 Oct 2021 10:00:53 GMT

GET
H2 200 3986f8998b9de996c13efdbf72a05970.svg
s0.2mdn.net/10774078/1632247781786/media/ Frame A300 7 KB
3 KB 11ms
10ms Image
image/svg+xml 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/10774078/1632247781786/media/3986f8998b9de996c13efdbf72a05970.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/10774078/1632247781786/index.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0007d23baa268a1cd61074407a65f5d2850f4f78a77d0cf141a0c0fdf8fc403f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/10774078/1632247781786/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 13 Oct 2021 10:00:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 84188
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3072
x-xss-protection: 0
last-modified: Tue, 21 Sep 2021 18:09:41 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 14 Oct 2021 10:00:53 GMT

GET
H2 200 673de27f1e4e316a448682a778fdbd41.png
s0.2mdn.net/10774078/1632247878285/media/ Frame A5C7 41 KB
41 KB 13ms
11ms Image
image/png 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/10774078/1632247878285/media/673de27f1e4e316a448682a778fdbd41.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/10774078/1632247878285/index.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a55f8e43b0bc01c50b449060be09e2a66842a5b366ba0196b1fd9711a8c522cd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/10774078/1632247878285/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 09:00:30 GMT
x-content-type-options: nosniff
age: 1411
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42083
x-xss-protection: 0
last-modified: Tue, 21 Sep 2021 18:11:18 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 15 Oct 2021 09:00:30 GMT

GET
H2 200 020c18acbfb89981b85c8d7af8a26899.svg
s0.2mdn.net/10774078/1632247878285/media/ Frame A5C7 3 KB
902 B 11ms
10ms Image
image/svg+xml 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/10774078/1632247878285/media/020c18acbfb89981b85c8d7af8a26899.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/10774078/1632247878285/index.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

78ade184ea09ec2b6fa1fbbe503999ad6d796c3257167f63fbf5975b2317284e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/10774078/1632247878285/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 09:00:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1410
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 830
x-xss-protection: 0
last-modified: Tue, 21 Sep 2021 18:11:18 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 15 Oct 2021 09:00:31 GMT

GET
H2 200 99abcb439c5e4351675341ef32760b8b.svg
s0.2mdn.net/10774078/1632247878285/media/ Frame A5C7 5 KB
2 KB 10ms
9ms Image
image/svg+xml 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/10774078/1632247878285/media/99abcb439c5e4351675341ef32760b8b.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/10774078/1632247878285/index.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8901f531391db3257a32b8c1183280443eab8a00dd14ba61fa2e864016977045

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/10774078/1632247878285/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 13 Oct 2021 10:04:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 83986
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1554
x-xss-protection: 0
last-modified: Tue, 21 Sep 2021 18:11:18 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 14 Oct 2021 10:04:15 GMT

GET
H2 200 a813ea22ce1af9d0d0516dceb5c97da9.svg
s0.2mdn.net/10774078/1632247878285/media/ Frame A5C7 843 B
527 B 11ms
10ms Image
image/svg+xml 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/10774078/1632247878285/media/a813ea22ce1af9d0d0516dceb5c97da9.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/10774078/1632247878285/index.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c76c4cc09678bc4c66a3a8f9641f92382b4f1508e359253339fc993f62305fb8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/10774078/1632247878285/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 13 Oct 2021 10:04:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 83986
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 451
x-xss-protection: 0
last-modified: Tue, 21 Sep 2021 18:11:18 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 14 Oct 2021 10:04:15 GMT

GET
H2 200 3986f8998b9de996c13efdbf72a05970.svg
s0.2mdn.net/10774078/1632247878285/media/ Frame A5C7 7 KB
3 KB 9ms
9ms Image
image/svg+xml 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/10774078/1632247878285/media/3986f8998b9de996c13efdbf72a05970.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/10774078/1632247878285/index.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0007d23baa268a1cd61074407a65f5d2850f4f78a77d0cf141a0c0fdf8fc403f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/10774078/1632247878285/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 09:00:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1410
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3072
x-xss-protection: 0
last-modified: Tue, 21 Sep 2021 18:11:18 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 15 Oct 2021 09:00:31 GMT

GET
H2 200 8a93acd41770df562e6b15034558b1de.png
s0.2mdn.net/10774078/1632247291206/media/ Frame BECD 39 KB
39 KB 12ms
11ms Image
image/png 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/10774078/1632247291206/media/8a93acd41770df562e6b15034558b1de.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/10774078/1632247291206/7aea3848707ee5be685ed8455e4eee89.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6e5b59b8546c78c1b8a7683b7d6bc3784e7ea4005785f6e2ad2c40096c198f2a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/10774078/1632247291206/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 09:00:08 GMT
x-content-type-options: nosniff
age: 1433
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 40153
x-xss-protection: 0
last-modified: Tue, 21 Sep 2021 18:01:31 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 15 Oct 2021 09:00:08 GMT

GET
H2 200 686aaeb7afb5266ed94a8b6b114eeaed.svg
s0.2mdn.net/10774078/1632247291206/media/ Frame BECD 7 KB
3 KB 15ms
14ms Image
image/svg+xml 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/10774078/1632247291206/media/686aaeb7afb5266ed94a8b6b114eeaed.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/10774078/1632247291206/7aea3848707ee5be685ed8455e4eee89.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c35a8136a3c16c52265f3931d5304c9a932b58d366218afbd031fc300efb8695

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/10774078/1632247291206/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 09:01:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1373
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3102
x-xss-protection: 0
last-modified: Tue, 21 Sep 2021 18:01:31 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 15 Oct 2021 09:01:08 GMT

GET
H2 200 a55888eff24d1e07395d288bcd22afc0.svg
s0.2mdn.net/10774078/1632247291206/media/ Frame BECD 3 KB
904 B 16ms
15ms Image
image/svg+xml 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/10774078/1632247291206/media/a55888eff24d1e07395d288bcd22afc0.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/10774078/1632247291206/7aea3848707ee5be685ed8455e4eee89.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4cd018cf2827d277a354427d936c171099fa5d2fad6cb64a670f8a7bb58b5424

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/10774078/1632247291206/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 09:00:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1433
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 831
x-xss-protection: 0
last-modified: Tue, 21 Sep 2021 18:01:31 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 15 Oct 2021 09:00:08 GMT

GET
H2 200 53129dad39b5c34cc29089587387d408.svg
s0.2mdn.net/10774078/1632247291206/media/ Frame BECD 4 KB
1 KB 16ms
16ms Image
image/svg+xml 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/10774078/1632247291206/media/53129dad39b5c34cc29089587387d408.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/10774078/1632247291206/7aea3848707ee5be685ed8455e4eee89.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6c7e12ddef2af625e2132ca0494f7363668b3538798dffbde86cd5533e818749

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/10774078/1632247291206/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 09:01:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1373
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1320
x-xss-protection: 0
last-modified: Tue, 21 Sep 2021 18:01:31 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 15 Oct 2021 09:01:08 GMT

GET
H2 200 fc83f287fbe43fd0e229fc7bf762d2df.svg
s0.2mdn.net/10774078/1632247291206/media/ Frame BECD 931 B
565 B 17ms
16ms Image
image/svg+xml 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/10774078/1632247291206/media/fc83f287fbe43fd0e229fc7bf762d2df.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/10774078/1632247291206/7aea3848707ee5be685ed8455e4eee89.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f7d68350eaa58944f3129909e03b7baeb6f26a58e84a3cb1cbae567639cd66fc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/10774078/1632247291206/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 09:01:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1373
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 492
x-xss-protection: 0
last-modified: Tue, 21 Sep 2021 18:01:31 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 15 Oct 2021 09:01:08 GMT

GET
H2 200 8a93acd41770df562e6b15034558b1de.png
s0.2mdn.net/10774078/1632247291206/media/ Frame 8C20 39 KB
39 KB 17ms
8ms Image
image/png 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/10774078/1632247291206/media/8a93acd41770df562e6b15034558b1de.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/10774078/1632247291206/7aea3848707ee5be685ed8455e4eee89.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6e5b59b8546c78c1b8a7683b7d6bc3784e7ea4005785f6e2ad2c40096c198f2a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/10774078/1632247291206/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 09:00:08 GMT
x-content-type-options: nosniff
age: 1433
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 40153
x-xss-protection: 0
last-modified: Tue, 21 Sep 2021 18:01:31 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 15 Oct 2021 09:00:08 GMT

GET
H2 200 686aaeb7afb5266ed94a8b6b114eeaed.svg
s0.2mdn.net/10774078/1632247291206/media/ Frame 8C20 7 KB
3 KB 18ms
5ms Image
image/svg+xml 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/10774078/1632247291206/media/686aaeb7afb5266ed94a8b6b114eeaed.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/10774078/1632247291206/7aea3848707ee5be685ed8455e4eee89.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c35a8136a3c16c52265f3931d5304c9a932b58d366218afbd031fc300efb8695

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/10774078/1632247291206/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 09:01:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1373
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3102
x-xss-protection: 0
last-modified: Tue, 21 Sep 2021 18:01:31 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 15 Oct 2021 09:01:08 GMT

GET
H2 200 a55888eff24d1e07395d288bcd22afc0.svg
s0.2mdn.net/10774078/1632247291206/media/ Frame 8C20 3 KB
904 B 17ms
6ms Image
image/svg+xml 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/10774078/1632247291206/media/a55888eff24d1e07395d288bcd22afc0.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/10774078/1632247291206/7aea3848707ee5be685ed8455e4eee89.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4cd018cf2827d277a354427d936c171099fa5d2fad6cb64a670f8a7bb58b5424

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/10774078/1632247291206/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 09:00:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1433
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 831
x-xss-protection: 0
last-modified: Tue, 21 Sep 2021 18:01:31 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 15 Oct 2021 09:00:08 GMT

GET
H2 200 53129dad39b5c34cc29089587387d408.svg
s0.2mdn.net/10774078/1632247291206/media/ Frame 8C20 4 KB
1 KB 18ms
6ms Image
image/svg+xml 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/10774078/1632247291206/media/53129dad39b5c34cc29089587387d408.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/10774078/1632247291206/7aea3848707ee5be685ed8455e4eee89.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6c7e12ddef2af625e2132ca0494f7363668b3538798dffbde86cd5533e818749

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/10774078/1632247291206/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 09:01:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1373
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1320
x-xss-protection: 0
last-modified: Tue, 21 Sep 2021 18:01:31 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 15 Oct 2021 09:01:08 GMT

GET
H2 200 fc83f287fbe43fd0e229fc7bf762d2df.svg
s0.2mdn.net/10774078/1632247291206/media/ Frame 8C20 931 B
565 B 18ms
7ms Image
image/svg+xml 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/10774078/1632247291206/media/fc83f287fbe43fd0e229fc7bf762d2df.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/10774078/1632247291206/7aea3848707ee5be685ed8455e4eee89.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f7d68350eaa58944f3129909e03b7baeb6f26a58e84a3cb1cbae567639cd66fc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/10774078/1632247291206/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 09:01:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1373
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 492
x-xss-protection: 0
last-modified: Tue, 21 Sep 2021 18:01:31 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 15 Oct 2021 09:01:08 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame B00A
Redirect Chain

https://pixel.everesttech.net/1/m?url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Deverest%26google_hm%3D__EFGSURFER_USB64__%26google_push%3DAYg5qPLaX-I6uYghDch0zkDziAhKVhsQBD4zNdYi8EV...
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WVdmM01RQUFCSDdUYTBOQA&google_push=AYg5qPLaX-I6uYghDch0zkDziAhKVhsQBD4zNdYi8EVEMchYsXjoYYLEa-QyNrn-XwgnllgksHOVm3nnFmqw3hFrwBF1zWxCbwIk

170 B
188 B

19ms
18ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WVdmM01RQUFCSDdUYTBOQA&google_push=AYg5qPLaX-I6uYghDch0zkDziAhKVhsQBD4zNdYi8EVEMchYsXjoYYLEa-QyNrn-XwgnllgksHOVm3nnFmqw3hFrwBF1zWxCbwIk

Requested by

Host: 3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com
URL: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Oct 2021 09:24:01 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WVdmM01RQUFCSDdUYTBOQA&google_push=AYg5qPLaX-I6uYghDch0zkDziAhKVhsQBD4zNdYi8EVEMchYsXjoYYLEa-QyNrn-XwgnllgksHOVm3nnFmqw3hFrwBF1zWxCbwIk
Date: Thu, 14 Oct 2021 09:24:01 GMT
Server: Apache
Connection: keep-alive
Content-Length: 391
Content-Type: text/html; charset=iso-8859-1

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame B00A
Redirect Chain

https://pm.w55c.net/ping_match.gif?ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEGq_umzvTpc0iJ1KRTUIw8g&google_cve...
https://pm.w55c.net/ping_match.gif?scc=1&ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEGq_umzvTpc0iJ1KRTUIw8g&goog...
https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=MnlGNHA5T24xTUFXWTE1&google_gid=CAESEGq_umzvTpc0iJ1KRTUIw8g&google_cver=1&google_push=AYg5qPJdBZ55ogNPFAEpWYbl_CBlZzJjyw-7Ueuhwb2VrMd...

170 B
188 B

20ms
19ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=MnlGNHA5T24xTUFXWTE1&google_gid=CAESEGq_umzvTpc0iJ1KRTUIw8g&google_cver=1&google_push=AYg5qPJdBZ55ogNPFAEpWYbl_CBlZzJjyw-7Ueuhwb2VrMdPL8rll6-sSCPlHnghTQu_psC_jUBV_G-tgfHz1bVNmC44fb7YHqvG

Requested by

Host: 3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com
URL: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Oct 2021 09:24:02 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Thu, 14 Oct 2021 09:24:01 GMT
Server: PingMatch/8a430fa#rel-ec2-master i-0d1d523a9a3a6e567@eu-central-1a@dxedge-app-eu-central-1-prod-asg
Strict-Transport-Security: max-age=2592000; includeSubDomains
P3P: policyref="https://cts.w55c.net/ct/p3p_policy_ref.xml", CP="UNI PUR COM INT STA OTC STP OUR CUR TAIo COR DSP NOI"
Location: https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=MnlGNHA5T24xTUFXWTE1&google_gid=CAESEGq_umzvTpc0iJ1KRTUIw8g&google_cver=1&google_push=AYg5qPJdBZ55ogNPFAEpWYbl_CBlZzJjyw-7Ueuhwb2VrMdPL8rll6-sSCPlHnghTQu_psC_jUBV_G-tgfHz1bVNmC44fb7YHqvG
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame B00A
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEAYNtEUlm_I-aI2n_36uT6o&google_cver=1&google_push=AYg5qPLWwsiRphzpf0dLpK2k-oCoB0MdbA8P__64UKJ9LWw11fCYFNXeiHrfyMANs_opyd5uMFt...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1VRUUo5UkotMVYtQVM2RA==&google_push=AYg5qPLWwsiRphzpf0dLpK2k-oCoB0MdbA8P__64UKJ9LWw11fCYFNXeiHrfyMANs_opyd5uMFt61psCJQwVC6buARwtC_lduHE

170 B
188 B

19ms
18ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1VRUUo5UkotMVYtQVM2RA==&google_push=AYg5qPLWwsiRphzpf0dLpK2k-oCoB0MdbA8P__64UKJ9LWw11fCYFNXeiHrfyMANs_opyd5uMFt61psCJQwVC6buARwtC_lduHE

Requested by

Host: 3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com
URL: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Oct 2021 09:24:01 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1VRUUo5UkotMVYtQVM2RA==&google_push=AYg5qPLWwsiRphzpf0dLpK2k-oCoB0MdbA8P__64UKJ9LWw11fCYFNXeiHrfyMANs_opyd5uMFt61psCJQwVC6buARwtC_lduHE
Cache-Control: no-cache,no-store,must-revalidate
Content-Type: text/html
content-length: 0
X-RPHost: 6f9fd0201ed801884e5299d5aabca094
Expires: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame B00A
Redirect Chain

https://sync.1rx.io/usersync2/rmpssp?sub=google&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3D%5BRX_SPD%5D%26google_hm%3D%5BRX_UUID_B64_BIN%5D&google_gid=CAESEE...
https://sync.targeting.unrulymedia.com/csync/RX-132324a8-8a9c-453d-862e-d95df14e454e-003?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3DAYg5qPJ1uD8Aw6rxl5W_22yFK...
https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AYg5qPJ1uD8Aw6rxl5W_22yFKhNL0gfq-iLwMP4-ACfQ5fDAgaxfDYLoCBoCSUMjLRlhb6mVrH4ZkZRqxLK5hy5Ke8MvaZLt5HI&google_hm=AxMjJKiKnEU9hi7ZXfFORU4

170 B
188 B

23ms
22ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AYg5qPJ1uD8Aw6rxl5W_22yFKhNL0gfq-iLwMP4-ACfQ5fDAgaxfDYLoCBoCSUMjLRlhb6mVrH4ZkZRqxLK5hy5Ke8MvaZLt5HI&google_hm=AxMjJKiKnEU9hi7ZXfFORU4

Requested by

Host: 3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com
URL: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Oct 2021 09:24:02 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AYg5qPJ1uD8Aw6rxl5W_22yFKhNL0gfq-iLwMP4-ACfQ5fDAgaxfDYLoCBoCSUMjLRlhb6mVrH4ZkZRqxLK5hy5Ke8MvaZLt5HI&google_hm=AxMjJKiKnEU9hi7ZXfFORU4
date: Thu, 14 Oct 2021 09:24:01 GMT
server: Tengine
p3p: CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
etag: RX132324a88a9c453d862ed95df14e454e003
content-type: text/html

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame B00A
Redirect Chain

https://eb2.3lift.com/ebda?sync=1&google_gid=CAESEM-haXFWLUtpb5OvoiqX3og&google_cver=1&google_push=AYg5qPIyAcnVZdyxHVPY8C320bnItd7QHUxbsPjy75Iv9EDbWfhb31VJXjvjFPd0RI-s87L71JLaNT0XM37YyS3XxIgo9u6wWJYa
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MjgxODgwNzc1MzkyNzY4OTE2NQ%3D%3D&google_push=AYg5qPIyAcnVZdyxHVPY8C320bnItd7QHUxbsPjy75Iv9EDbWfhb31VJXjvj...

170 B
188 B

17ms
17ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MjgxODgwNzc1MzkyNzY4OTE2NQ%3D%3D&google_push=AYg5qPIyAcnVZdyxHVPY8C320bnItd7QHUxbsPjy75Iv9EDbWfhb31VJXjvjFPd0RI-s87L71JLaNT0XM37YyS3XxIgo9u6wWJYa

Requested by

Host: 3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com
URL: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Oct 2021 09:24:01 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MjgxODgwNzc1MzkyNzY4OTE2NQ%3D%3D&google_push=AYg5qPIyAcnVZdyxHVPY8C320bnItd7QHUxbsPjy75Iv9EDbWfhb31VJXjvjFPd0RI-s87L71JLaNT0XM37YyS3XxIgo9u6wWJYa
date: Thu, 14 Oct 2021 09:24:01 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame B00A
Redirect Chain

https://ssbsync.smartadserver.com/api/sync?callerId=3&google_gid=CAESEARmxy8r1NbQLGqFyJUTVes&google_cver=1&google_push=AYg5qPKP7lgaYSx6EmoB1NAdIwWrBeyIrfEGIeW0q7MXWw9PNlTFHN89bnao-EU4ROXsMYnRPheArD...
https://cm.g.doubleclick.net/pixel?google_nid=smart_adserver_eb&google_push=AYg5qPKP7lgaYSx6EmoB1NAdIwWrBeyIrfEGIeW0q7MXWw9PNlTFHN89bnao-EU4ROXsMYnRPheArDHXfAAeeGXJOoAjwmmWXDlB&google_hm=NTYzMjk2MD...

170 B
188 B

16ms
16ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=smart_adserver_eb&google_push=AYg5qPKP7lgaYSx6EmoB1NAdIwWrBeyIrfEGIeW0q7MXWw9PNlTFHN89bnao-EU4ROXsMYnRPheArDHXfAAeeGXJOoAjwmmWXDlB&google_hm=NTYzMjk2MDMyODkwNjQyMTI2OQ%3D%3D

Requested by

Host: 3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com
URL: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Oct 2021 09:24:01 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=smart_adserver_eb&google_push=AYg5qPKP7lgaYSx6EmoB1NAdIwWrBeyIrfEGIeW0q7MXWw9PNlTFHN89bnao-EU4ROXsMYnRPheArDHXfAAeeGXJOoAjwmmWXDlB&google_hm=NTYzMjk2MDMyODkwNjQyMTI2OQ%3D%3D
date: Thu, 14 Oct 2021 09:24:01 GMT
content-length: 0

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame B00A 0
12 B 20ms
18ms Image
text/html 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13KUEVu_uvp9h2ZMu-kU0-qk3m2rDaX3kEHokFEqggPR7J9TA-DC4vUCY_va9nSHBQ

Requested by

Host: 3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com
URL: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 09:24:01 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame B1EF 0
23 B 19ms
18ms Ping
image/gif 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: by-them.com
URL: https://by-them.com/430811?utm_medium=email&utm_source=mag_W000000003_thu&utm_campaign=mag_9999_0930&trflg=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Thu, 14 Oct 2021 09:24:01 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H2 200 google
match.adsrvr.org/track/cmf/ Frame 7F9C 70 B
264 B 31ms
22ms Image
image/gif 13.248.242.197
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/google?google_gid=CAESEGBHFpInoL43bcHimkdvHjg&google_cver=1&google_push=AYg5qPLbffY9w5tHTADklNCZ_UUh25sklsjX5lJB7MK4DJdDRHI1q2HpbwDe9qnCUcjTcMIWhFMHEyomuOXPNuB71zWc-snlHZIY
Requested by: Host: 3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com
URL: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.248.242.197 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a97adde81b00f2ca4.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Oct 2021 09:24:01 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 7F9C
Redirect Chain

https://gcm.ctnsnet.com/int/cm?exc=1&acc=crimtan&google_gid=CAESECIEj05zGyDJ5lp-N5W2Ct8&google_cver=1&google_push=AYg5qPIszw8efT1fqNHpcpeLEZCJ3hxbuxJhzPy7WCLKtEIGPKBE3p1A4oau_vDjSWCAjKZuFVDiiY1Sc3g...
https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AYg5qPIszw8efT1fqNHpcpeLEZCJ3hxbuxJhzPy7WCLKtEIGPKBE3p1A4oau_vDjSWCAjKZuFVDiiY1Sc3g_zpYmnfIVx_OGt0mD&google_hm=SPTrDGffSOq07mvtGpJI0k8

170 B
188 B

19ms
17ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AYg5qPIszw8efT1fqNHpcpeLEZCJ3hxbuxJhzPy7WCLKtEIGPKBE3p1A4oau_vDjSWCAjKZuFVDiiY1Sc3g_zpYmnfIVx_OGt0mD&google_hm=SPTrDGffSOq07mvtGpJI0k8

Requested by

Host: 3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com
URL: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Oct 2021 09:24:01 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 14 Oct 2021 09:24:01 GMT
via: 1.1 google
server: Apache-Coyote/1.1
status: 302
p3p: CP="NOI DSP COR NID CUR OUR NOR"
location: https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AYg5qPIszw8efT1fqNHpcpeLEZCJ3hxbuxJhzPy7WCLKtEIGPKBE3p1A4oau_vDjSWCAjKZuFVDiiY1Sc3g_zpYmnfIVx_OGt0mD&google_hm=SPTrDGffSOq07mvtGpJI0k8
cache-control: no-cache, must-revalidate
content-type: text/html;charset=UTF-8
alt-svc: clear
content-length: 0
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 7F9C
Redirect Chain

https://dsp.adfarm1.adition.com/cookie/?ssp=2&google_gid=CAESENyozLDRUxibME9MY-5LIMk&google_cver=1&google_push=AYg5qPLU-esM3Epc5-NQw6x9J4i3cID8OLRzgosTh7uj3vARBIFMQ4h0lRmeVz9j2pb2v6ec95vZWawr1kLRI0...
https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzAxODg1MDMzNDEyMTU4ODg3Nw%3D%3D&google_push=AYg5qPLU-esM3Epc5-NQw6x9J4i3cID8OLRzgosTh7uj3vARBIFMQ4h0lRmeVz9j2pb2v6ec95vZWawr1kLRI0rWaO...

170 B
188 B

18ms
17ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzAxODg1MDMzNDEyMTU4ODg3Nw%3D%3D&google_push=AYg5qPLU-esM3Epc5-NQw6x9J4i3cID8OLRzgosTh7uj3vARBIFMQ4h0lRmeVz9j2pb2v6ec95vZWawr1kLRI0rWaOqvSwIx1sx1

Requested by

Host: 3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com
URL: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Oct 2021 09:24:02 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzAxODg1MDMzNDEyMTU4ODg3Nw%3D%3D&google_push=AYg5qPLU-esM3Epc5-NQw6x9J4i3cID8OLRzgosTh7uj3vARBIFMQ4h0lRmeVz9j2pb2v6ec95vZWawr1kLRI0rWaOqvSwIx1sx1
Date: Thu, 14 Oct 2021 09:24:01 GMT
Server: nginx
Connection: keep-alive
Transfer-Encoding: chunked
p3p: policyref="http://imagesrv.adition.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"

GET
H2 200 dot.gif
s0.2mdn.net/ Frame 7F9C 43 B
168 B 31ms
20ms Image
image/gif 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/dot.gif?google_gid=CAESECjhZE70Vt2TJy_sFCzRZpc&google_cver=1&google_push=AYg5qPK2X9dkFJMxFEfiXxmFg2eMkqMXZQiS9_u4DijwsNB84s8OduyOTNnscr2JMlOTf-w7QC3at8wkXgsRt-4sysvT0o7FiowO

Requested by

Host: 3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com
URL: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 09:24:01 GMT
x-content-type-options: nosniff
last-modified: Sun, 01 Feb 2009 08:00:00 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 43
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 15 Oct 2021 09:24:01 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 7F9C
Redirect Chain

https://d5p.de17a.com/cookies/google?google_gid=CAESEEoAjoa-VvabstY7m4CGaVs&google_cver=1&google_push=AYg5qPIMJGNWdD9PJBRDdpvkX-WfDb3ppVwO96Fn9Secd0Ga9HaWBq5lx7dcElPFxyDU7TO22pOPO-f10mN1lqH8ZVJmGWj...
https://d5p.de17a.com/cookies/google;c?google_gid=CAESEEoAjoa-VvabstY7m4CGaVs&google_cver=1&google_push=AYg5qPIMJGNWdD9PJBRDdpvkX-WfDb3ppVwO96Fn9Secd0Ga9HaWBq5lx7dcElPFxyDU7TO22pOPO-f10mN1lqH8ZVJmG...
https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=AYg5qPIMJGNWdD9PJBRDdpvkX-WfDb3ppVwO96Fn9Secd0Ga9HaWBq5lx7dcElPFxyDU7TO22pOPO-f10mN1lqH8ZVJmGWjBgKQ

170 B
188 B

17ms
16ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=AYg5qPIMJGNWdD9PJBRDdpvkX-WfDb3ppVwO96Fn9Secd0Ga9HaWBq5lx7dcElPFxyDU7TO22pOPO-f10mN1lqH8ZVJmGWjBgKQ

Requested by

Host: 3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com
URL: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Oct 2021 09:24:02 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=AYg5qPIMJGNWdD9PJBRDdpvkX-WfDb3ppVwO96Fn9Secd0Ga9HaWBq5lx7dcElPFxyDU7TO22pOPO-f10mN1lqH8ZVJmGWjBgKQ
content-length: 0
p3p: CP=NON CURa ADMa DEVa TAIa OUR STP IND UNI COM NAV

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 7F9C
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=bA8_UmtMS7GU-5VkDDymLg%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

17ms
17ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=bA8_UmtMS7GU-5VkDDymLg%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPLFaXBSlbdCkU4FjJKphudyCfmxA0-e05ZyHl8IJEnqqnJC6DP2rNMLVU4g9gw8gQbDrcmf4YllXxG_dvgsqWRei8cWCHc

Requested by

Host: 3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com
URL: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Oct 2021 09:24:01 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=bA8_UmtMS7GU-5VkDDymLg%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPLFaXBSlbdCkU4FjJKphudyCfmxA0-e05ZyHl8IJEnqqnJC6DP2rNMLVU4g9gw8gQbDrcmf4YllXxG_dvgsqWRei8cWCHc
date: Thu, 14 Oct 2021 09:24:01 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET

pixel
cm.g.doubleclick.net/ Frame 7F9C
Redirect Chain

https://match.360yield.com/match/ebda?google_gid=CAESEP-noxAu48zyXqHyryPi-RE&google_cver=1&google_push=AYg5qPIlvb4qd3mocn1BWBwysIbrptO6L0EEO9qsFVocwLZzV3ZXX43XzOtCDGcdafYAFv6_o9O-rdu1nM-YKTfvmdruLH...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=hUOdT7ouQB-JAgRnuELd4g&google_push=AYg5qPIlvb4qd3mocn1BWBwysIbrptO6L0EEO9qsFVocwLZzV3ZXX43XzOtCDGcdafYAFv6_o9O-rdu1nM-YKTf...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=hUOdT7ouQB-JAgRnuELd4g&google_push=AYg5qPIlvb4qd3mocn1BWBwysIbrptO6L0EEO9qsFVocwLZzV3ZXX43XzOtCDGcdafYAFv6_o9O-rdu1nM-YKTf...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=hUOdT7ouQB-JAgRnuELd4g&google_push=AYg5qPIlvb4qd3mocn1BWBwysIbrptO6L0EEO9qsFVocwLZzV3ZXX43XzOtCDGcdafYAFv6_o9O-rdu1nM-YKTf...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=hUOdT7ouQB-JAgRnuELd4g&google_push=AYg5qPIlvb4qd3mocn1BWBwysIbrptO6L0EEO9qsFVocwLZzV3ZXX43XzOtCDGcdafYAFv6_o9O-rdu1nM-YKTf...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=hUOdT7ouQB-JAgRnuELd4g&google_push=AYg5qPIlvb4qd3mocn1BWBwysIbrptO6L0EEO9qsFVocwLZzV3ZXX43XzOtCDGcdafYAFv6_o9O-rdu1nM-YKTf...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=hUOdT7ouQB-JAgRnuELd4g&google_push=AYg5qPIlvb4qd3mocn1BWBwysIbrptO6L0EEO9qsFVocwLZzV3ZXX43XzOtCDGcdafYAFv6_o9O-rdu1nM-YKTf...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=hUOdT7ouQB-JAgRnuELd4g&google_push=AYg5qPIlvb4qd3mocn1BWBwysIbrptO6L0EEO9qsFVocwLZzV3ZXX43XzOtCDGcdafYAFv6_o9O-rdu1nM-YKTf...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=hUOdT7ouQB-JAgRnuELd4g&google_push=AYg5qPIlvb4qd3mocn1BWBwysIbrptO6L0EEO9qsFVocwLZzV3ZXX43XzOtCDGcdafYAFv6_o9O-rdu1nM-YKTf...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=hUOdT7ouQB-JAgRnuELd4g&google_push=AYg5qPIlvb4qd3mocn1BWBwysIbrptO6L0EEO9qsFVocwLZzV3ZXX43XzOtCDGcdafYAFv6_o9O-rdu1nM-YKTf...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=hUOdT7ouQB-JAgRnuELd4g&google_push=AYg5qPIlvb4qd3mocn1BWBwysIbrptO6L0EEO9qsFVocwLZzV3ZXX43XzOtCDGcdafYAFv6_o9O-rdu1nM-YKTf...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=hUOdT7ouQB-JAgRnuELd4g&google_push=AYg5qPIlvb4qd3mocn1BWBwysIbrptO6L0EEO9qsFVocwLZzV3ZXX43XzOtCDGcdafYAFv6_o9O-rdu1nM-YKTf...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=hUOdT7ouQB-JAgRnuELd4g&google_push=AYg5qPIlvb4qd3mocn1BWBwysIbrptO6L0EEO9qsFVocwLZzV3ZXX43XzOtCDGcdafYAFv6_o9O-rdu1nM-YKTf...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=hUOdT7ouQB-JAgRnuELd4g&google_push=AYg5qPIlvb4qd3mocn1BWBwysIbrptO6L0EEO9qsFVocwLZzV3ZXX43XzOtCDGcdafYAFv6_o9O-rdu1nM-YKTf...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=hUOdT7ouQB-JAgRnuELd4g&google_push=AYg5qPIlvb4qd3mocn1BWBwysIbrptO6L0EEO9qsFVocwLZzV3ZXX43XzOtCDGcdafYAFv6_o9O-rdu1nM-YKTf...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=hUOdT7ouQB-JAgRnuELd4g&google_push=AYg5qPIlvb4qd3mocn1BWBwysIbrptO6L0EEO9qsFVocwLZzV3ZXX43XzOtCDGcdafYAFv6_o9O-rdu1nM-YKTf...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=hUOdT7ouQB-JAgRnuELd4g&google_push=AYg5qPIlvb4qd3mocn1BWBwysIbrptO6L0EEO9qsFVocwLZzV3ZXX43XzOtCDGcdafYAFv6_o9O-rdu1nM-YKTf...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=hUOdT7ouQB-JAgRnuELd4g&google_push=AYg5qPIlvb4qd3mocn1BWBwysIbrptO6L0EEO9qsFVocwLZzV3ZXX43XzOtCDGcdafYAFv6_o9O-rdu1nM-YKTf...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=hUOdT7ouQB-JAgRnuELd4g&google_push=AYg5qPIlvb4qd3mocn1BWBwysIbrptO6L0EEO9qsFVocwLZzV3ZXX43XzOtCDGcdafYAFv6_o9O-rdu1nM-YKTf...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=hUOdT7ouQB-JAgRnuELd4g&google_push=AYg5qPIlvb4qd3mocn1BWBwysIbrptO6L0EEO9qsFVocwLZzV3ZXX43XzOtCDGcdafYAFv6_o9O-rdu1nM-YKTf...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=hUOdT7ouQB-JAgRnuELd4g&google_push=AYg5qPIlvb4qd3mocn1BWBwysIbrptO6L0EEO9qsFVocwLZzV3ZXX43XzOtCDGcdafYAFv6_o9O-rdu1nM-YKTf...

0
0

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 7F9C 0
12 B 21ms
18ms Image
text/html 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13IOGErmsoLhk4Xj5JhXqacfL_ROdG-hVhpvp9DOsoMNmXBENLYiEjqp9d0xULznyTvXPq5Z

Requested by

Host: 3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com
URL: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 09:24:01 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 773B 0
23 B 18ms
17ms Ping
image/gif 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: by-them.com
URL: https://by-them.com/430811?utm_medium=email&utm_source=mag_W000000003_thu&utm_campaign=mag_9999_0930&trflg=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

96.248.178.107.bc.googleusercontent.com

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Thu, 14 Oct 2021 09:24:01 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H2

200

actualizar Show response
penta.a.one.impact-ad.jp/psm/1.0/ Frame 7B81
Redirect Chain

https://y.one.impact-ad.jp/push_sync
https://pixel.mathtag.com/sync/img?redir=https%3A%2F%2Fy.one.impact-ad.jp%2Fcs%3Fd%3D288%26uid%3D%5BMM_UUID%5D%26r%3Dno
https://y.one.impact-ad.jp/cs?d=288&uid=e7ff6167-f731-4a00-baa5-f6346e9e63bd&r=no
https://penta.a.one.impact-ad.jp/psm/1.0/actualizar

42 B
263 B

290ms
273ms

Document
image/gif

107.178.248.96
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://penta.a.one.impact-ad.jp/psm/1.0/actualizar

Requested by

Host: flux-cdn.com
URL: https://flux-cdn.com/client/mag2/flux_bythem_AS_TM_AT.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

107.178.248.96 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

nginx /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains;

Request headers

:method: GET
:authority: penta.a.one.impact-ad.jp
:scheme: https
:path: /psm/1.0/actualizar
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://by-them.com/
accept-encoding: gzip, deflate, br
cookie: c=1634203437; tuuid=8d805571-0f39-4f85-a9be-16f56ee9f7d3; tuuid_lu=1634203442
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://by-them.com/

Response headers

server: nginx
date: Thu, 14 Oct 2021 09:24:02 GMT
content-type: image/gif
content-length: 42
set-cookie: psm=0; Max-Age=1209600; Expires=Thu, 28 Oct 2021 09:24:02 GMT; Path=/; Domain=.impact-ad.jp; Secure; HTTPOnly; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains;
via: 1.1 google
alt-svc: clear

Redirect headers

Server: nginx
Date: Thu, 14 Oct 2021 09:24:02 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-cache, no-store, must-revalidate
Location: https://penta.a.one.impact-ad.jp/psm/1.0/actualizar
Set-Cookie: tuuid=8d805571-0f39-4f85-a9be-16f56ee9f7d3; path=/; expires=Sat, 14-Oct-2023 09:24:02 GMT; domain=.impact-ad.jp; samesite=none; secure tuuid_lu=1634203442; path=/; expires=Sat, 14-Oct-2023 09:24:02 GMT; domain=.impact-ad.jp; samesite=none; secure cmt=!288,e7ff6167-f731-4a00-baa5-f6346e9e63bd,0,434982242,0; path=/; expires=Sat, 14-Oct-2023 09:24:02 GMT; samesite=none; secure

GET
H/1.1 200
OK ixmatch.html Show response
js-sec.indexww.com/um/ Frame B04F 2 KB
1 KB 24ms
7ms Document
text/html 2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://js-sec.indexww.com/um/ixmatch.html
Requested by: Host: flux-cdn.com
URL: https://flux-cdn.com/client/mag2/flux_bythem_AS_TM_AT.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 7eca7977c6ade416c20775a7fd7cfa2291c5752cd1225d5c4342b057c37a000c

Request headers

Host: js-sec.indexww.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://by-them.com/
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://by-them.com/

Response headers

Server: Apache
Last-Modified: Thu, 11 Feb 2021 16:12:45 GMT
ETag: "e20015-90b-5bb11ca420f07"
Accept-Ranges: bytes
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1151
Date: Thu, 14 Oct 2021 09:24:01 GMT
Connection: keep-alive

GET
H2 200 showad.js Show response
ads.pubmatic.com/AdServer/js/ Frame 8EDC 38 KB
14 KB 35ms
8ms Document
text/html 2.18.233.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/showad.js
Requested by: Host: flux-cdn.com
URL: https://flux-cdn.com/client/mag2/flux_bythem_AS_TM_AT.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-180.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 9005ef18fcfb3897cd13c7ec73f90d2b0da0cc7d6153be58cdbe90ad5e2741c8

Request headers

:method: GET
:authority: ads.pubmatic.com
:scheme: https
:path: /AdServer/js/showad.js
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://by-them.com/
accept-encoding: gzip, deflate, br
cookie: KTPCACOOKIE=YES; KADUSERCOOKIE=6C0F3F52-6B4C-4BB1-94FB-95640C3CA62E
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://by-them.com/

Response headers

last-modified: Tue, 15 Jun 2021 06:07:52 GMT
etag: "13006b6-974e-5c4c7cb53d8cb"
server: Apache/2.2.15 (CentOS)
accept-ranges: bytes
content-encoding: gzip
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 13946
content-type: text/html; charset=UTF-8
cache-control: public, max-age=25427
expires: Thu, 14 Oct 2021 16:27:48 GMT
date: Thu, 14 Oct 2021 09:24:01 GMT
vary: Accept-Encoding

GET
H2

302

31
cr-pall.ladsp.com/cookiesender/
Redirect Chain

https://cr-p31.ladsp.jp/cookiesender/31
https://cr-pall.ladsp.com/cookiesender/31
https://cr-pall.ladsp.com/cookiesender/31?cr=true

0
448 B

229ms
229ms

Image
text/plain

18.66.112.34
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cr-pall.ladsp.com/cookiesender/31?cr=true
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.112.34 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Logicad /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://by-them.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Oct 2021 09:24:02 GMT
via: 1.1 da9380f22ff2303fc2fd4652bf7ec7ba.cloudfront.net (CloudFront)
server: Logicad
x-amz-cf-pop: FRA56-P5
x-cache: Miss from cloudfront
p3p: CP="NOI DEVo TAIo PSAo PSDo OUR IND UNI NAV", policyref="http://cd.ladsp.com/xml/w3c/p3p.xml"
cache-control: no-cache
content-length: 0
x-amz-cf-id: _9QNRJRBHJ8WBgYal88LOmcMjVK86XLILE4h5OSq7RN1daxhJFpgvA==
expires: -1

Redirect headers

pragma: no-cache
date: Thu, 14 Oct 2021 09:24:02 GMT
via: 1.1 da9380f22ff2303fc2fd4652bf7ec7ba.cloudfront.net (CloudFront)
server: Logicad
x-amz-cf-pop: FRA56-P5
x-cache: Miss from cloudfront
p3p: CP="NOI DEVo TAIo PSAo PSDo OUR IND UNI NAV", policyref="http://cd.ladsp.com/xml/w3c/p3p.xml"
location: https://cr-pall.ladsp.com/cookiesender/31?cr=true
cache-control: no-cache
content-type: text/html;charset=utf-8
content-length: 0
x-amz-cf-id: j2B7B8vazxdFyGJRrQeCfJDrftmhiw1IUiSUtrxzPkhV0arvWCSqcg==
expires: -1

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 827D
Redirect Chain

https://pm.w55c.net/ping_match.gif?ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEGq_umzvTpc0iJ1KRTUIw8g&google_cve...
https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=MnlGNHA5T24xTUFXWTE1&google_gid=CAESEGq_umzvTpc0iJ1KRTUIw8g&google_cver=1&google_push=AYg5qPLhAWnJishHMcSk8vKtL1wQThZszyQhlPLhhHvEj_M...

170 B
188 B

18ms
18ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=MnlGNHA5T24xTUFXWTE1&google_gid=CAESEGq_umzvTpc0iJ1KRTUIw8g&google_cver=1&google_push=AYg5qPLhAWnJishHMcSk8vKtL1wQThZszyQhlPLhhHvEj_MbxIIc53ekL1y_NGfTbF0HAw4snPNbDI8KAUbLNJ4Aav905r7Ly4GE

Requested by

Host: 3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com
URL: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Oct 2021 09:24:01 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Thu, 14 Oct 2021 09:24:01 GMT
Server: PingMatch/8a430fa#rel-ec2-master i-0d1d523a9a3a6e567@eu-central-1a@dxedge-app-eu-central-1-prod-asg
Strict-Transport-Security: max-age=2592000; includeSubDomains
P3P: policyref="https://cts.w55c.net/ct/p3p_policy_ref.xml", CP="UNI PUR COM INT STA OTC STP OUR CUR TAIo COR DSP NOI"
Location: https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=MnlGNHA5T24xTUFXWTE1&google_gid=CAESEGq_umzvTpc0iJ1KRTUIw8g&google_cver=1&google_push=AYg5qPLhAWnJishHMcSk8vKtL1wQThZszyQhlPLhhHvEj_MbxIIc53ekL1y_NGfTbF0HAw4snPNbDI8KAUbLNJ4Aav905r7Ly4GE
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 827D
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESE...
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=WVdmM01RQUpBelZzTXdBNg==&google_gid=CAESECeGbH3GHU4MjPe-HDiKmks&google_cver=1&google_push=AYg5qPK9RmKuhTOKAF6OSZI8V6ng_XnrIy...

170 B
188 B

18ms
18ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=WVdmM01RQUpBelZzTXdBNg==&google_gid=CAESECeGbH3GHU4MjPe-HDiKmks&google_cver=1&google_push=AYg5qPK9RmKuhTOKAF6OSZI8V6ng_XnrIyhUSJWlgsw3fhRYd9p4NO4V2AofChRrL0hVHxmYztOlsX_4GTBslRF4l713I8PPlKB5

Requested by

Host: 3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com
URL: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Oct 2021 09:24:01 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 14 Oct 2021 09:24:01 GMT
via: 1.1 varnish
server: Varnish
x-timer: S1634203441.369876,VS0,VE0
x-served-by: cache-fra19181-FRA
x-cache: HIT
location: https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=WVdmM01RQUpBelZzTXdBNg==&google_gid=CAESECeGbH3GHU4MjPe-HDiKmks&google_cver=1&google_push=AYg5qPK9RmKuhTOKAF6OSZI8V6ng_XnrIyhUSJWlgsw3fhRYd9p4NO4V2AofChRrL0hVHxmYztOlsX_4GTBslRF4l713I8PPlKB5
cache-control: no-cache
accept-ranges: bytes
content-length: 0
retry-after: 0
x-cache-hits: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 827D
Redirect Chain

https://um.simpli.fi/gp_match?google_gid=CAESEExQWp4XoUW0qk_D-EeLNEI&google_cver=1&google_push=AYg5qPKTpE77lLMl5kRafzUXGkOJUDBFb5nm-aB1yQKz6PJ05FGadJzpQNKYAuFdBRXPX_6h_uHTvD-9uE3g4C4a9NjSZhxgRgD7
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=84907354BD4A4971A845602DAD1D3AA1&google_push=AYg5qPKTpE77lLMl5kRafzUXGkOJUDBFb5nm-aB1yQKz6PJ05FGadJzpQNKYAuFdBRXPX_6h_uHTvD-9uE3g4C4...

170 B
188 B

22ms
21ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=84907354BD4A4971A845602DAD1D3AA1&google_push=AYg5qPKTpE77lLMl5kRafzUXGkOJUDBFb5nm-aB1yQKz6PJ05FGadJzpQNKYAuFdBRXPX_6h_uHTvD-9uE3g4C4a9NjSZhxgRgD7

Requested by

Host: 3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com
URL: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Oct 2021 09:24:02 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Thu, 14 Oct 2021 09:24:01 GMT
x-content-type-options: nosniff
server: openresty
location: https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=84907354BD4A4971A845602DAD1D3AA1&google_push=AYg5qPKTpE77lLMl5kRafzUXGkOJUDBFb5nm-aB1yQKz6PJ05FGadJzpQNKYAuFdBRXPX_6h_uHTvD-9uE3g4C4a9NjSZhxgRgD7
strict-transport-security: max-age=63072000; includeSubdomains; preload
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 142
expires: Wed, 13 Oct 2021 09:24:01 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 827D
Redirect Chain

https://gcm.ctnsnet.com/int/cm?exc=1&acc=crimtan&google_gid=CAESECIEj05zGyDJ5lp-N5W2Ct8&google_cver=1&google_push=AYg5qPLaYKPF_yNnXANNDBft9kw8vkPlw8ByQU1eMGSKWK8QX4O7WJa2_ztulCcVxGNQt3niJo_opn78VS1...
https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AYg5qPLaYKPF_yNnXANNDBft9kw8vkPlw8ByQU1eMGSKWK8QX4O7WJa2_ztulCcVxGNQt3niJo_opn78VS1DM0C0hXFQymFiufw&google_hm=SPTrDGffSOq07mvtGpJI0k8

170 B
188 B

17ms
17ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AYg5qPLaYKPF_yNnXANNDBft9kw8vkPlw8ByQU1eMGSKWK8QX4O7WJa2_ztulCcVxGNQt3niJo_opn78VS1DM0C0hXFQymFiufw&google_hm=SPTrDGffSOq07mvtGpJI0k8

Requested by

Host: 3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com
URL: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Oct 2021 09:24:01 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 14 Oct 2021 09:24:01 GMT
via: 1.1 google
server: Apache-Coyote/1.1
status: 302
p3p: CP="NOI DSP COR NID CUR OUR NOR"
location: https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AYg5qPLaYKPF_yNnXANNDBft9kw8vkPlw8ByQU1eMGSKWK8QX4O7WJa2_ztulCcVxGNQt3niJo_opn78VS1DM0C0hXFQymFiufw&google_hm=SPTrDGffSOq07mvtGpJI0k8
cache-control: no-cache, must-revalidate
content-type: text/html;charset=UTF-8
alt-svc: clear
content-length: 0
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 827D
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=bA8_UmtMS7GU-5VkDDymLg%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

17ms
16ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=bA8_UmtMS7GU-5VkDDymLg%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPKwQlTFbXejDAwkFyvKpkI5q3KspkwJImY12p-kMHATo7LOVd-yfGOHzT-f0fxh8oYpjD8iyS3xXVk3rHO-Kwv0jtRbXZTQ

Requested by

Host: 3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com
URL: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Oct 2021 09:24:02 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=bA8_UmtMS7GU-5VkDDymLg%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPKwQlTFbXejDAwkFyvKpkI5q3KspkwJImY12p-kMHATo7LOVd-yfGOHzT-f0fxh8oYpjD8iyS3xXVk3rHO-Kwv0jtRbXZTQ
date: Thu, 14 Oct 2021 09:24:00 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 827D
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEAYNtEUlm_I-aI2n_36uT6o&google_cver=1&google_push=AYg5qPJhkyeiONvMYIvvQfLSfyr9rfeVUiCsvKCAppkgS9_wBvMv3NTsxKGkuPTtDytc9LHTUGs...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1VRUUo5VU8tOS1MRTFD&google_push=AYg5qPJhkyeiONvMYIvvQfLSfyr9rfeVUiCsvKCAppkgS9_wBvMv3NTsxKGkuPTtDytc9LHTUGscGkKDzCaKFvlg-BPLV1sca-g

170 B
188 B

19ms
19ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1VRUUo5VU8tOS1MRTFD&google_push=AYg5qPJhkyeiONvMYIvvQfLSfyr9rfeVUiCsvKCAppkgS9_wBvMv3NTsxKGkuPTtDytc9LHTUGscGkKDzCaKFvlg-BPLV1sca-g

Requested by

Host: 3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com
URL: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Oct 2021 09:24:02 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1VRUUo5VU8tOS1MRTFD&google_push=AYg5qPJhkyeiONvMYIvvQfLSfyr9rfeVUiCsvKCAppkgS9_wBvMv3NTsxKGkuPTtDytc9LHTUGscGkKDzCaKFvlg-BPLV1sca-g
Cache-Control: no-cache,no-store,must-revalidate
Content-Type: text/html
content-length: 0
X-RPHost: 6f9fd0201ed801884e5299d5aabca094
Expires: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 827D
Redirect Chain

https://s.ad.smaato.net/c/n///-?adNetInit=g&google_gid=CAESEKi-lY8iWUwYimjPEnDMnLo&google_cver=1&google_push=AYg5qPIW-15JqkWDf67fdYj1BjQgXG03lYqlrzpFJostuuVZaPvDIydDL87tCxOmF_Zk_KwF7lXh2tKz2oKcvmPl...
https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=AYg5qPIW-15JqkWDf67fdYj1BjQgXG03lYqlrzpFJostuuVZaPvDIydDL87tCxOmF_Zk_KwF7lXh2tKz2oKcvmPl_GqvxjCvxL-U

170 B
188 B

19ms
18ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=AYg5qPIW-15JqkWDf67fdYj1BjQgXG03lYqlrzpFJostuuVZaPvDIydDL87tCxOmF_Zk_KwF7lXh2tKz2oKcvmPl_GqvxjCvxL-U

Requested by

Host: 3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com
URL: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Oct 2021 09:24:02 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Thu, 14 Oct 2021 09:24:01 GMT
via: 1.1 ab985bb6f3435d42701015dfa6015878.cloudfront.net (CloudFront)
server: CloudFront
x-amz-cf-pop: FRA56-P5
x-cache: FunctionGeneratedResponse from cloudfront
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=AYg5qPIW-15JqkWDf67fdYj1BjQgXG03lYqlrzpFJostuuVZaPvDIydDL87tCxOmF_Zk_KwF7lXh2tKz2oKcvmPl_GqvxjCvxL-U
cache-control: no-cache, must-revalidate
content-length: 0
x-amz-cf-id: W1UgazkiMyaqJBq2EMguVh11mSKRt6xDJ6jkwiQtoightPo7qllQ4w==

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 827D 0
12 B 16ms
16ms Image
text/html 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13JJs0kpK8blmxEEVK2jfj7fGr7ka8JrqlLhWdwaOaZh_JeF27xbl-jhugSqhYwHy-nFgBXu

Requested by

Host: 3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com
URL: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 09:24:01 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame E0BD
Redirect Chain

https://pm.w55c.net/ping_match.gif?ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEGq_umzvTpc0iJ1KRTUIw8g&google_cve...
https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=MnlGNHA5T24xTUFXWTE1&google_gid=CAESEGq_umzvTpc0iJ1KRTUIw8g&google_cver=1&google_push=AYg5qPIXJDgHAKlEzYR6VUMNTPdqLh07Iyi6mAfAKjmw0R_...

170 B
188 B

19ms
17ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=MnlGNHA5T24xTUFXWTE1&google_gid=CAESEGq_umzvTpc0iJ1KRTUIw8g&google_cver=1&google_push=AYg5qPIXJDgHAKlEzYR6VUMNTPdqLh07Iyi6mAfAKjmw0R_TYMBKTyNmScOMJh-RhCfGN22Os3m8MtiHCmwhgCGhCj7sx0F53TE

Requested by

Host: 3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com
URL: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Oct 2021 09:24:02 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Thu, 14 Oct 2021 09:24:00 GMT
Server: PingMatch/8a430fa#rel-ec2-master i-05ae7cfac7fab7b17@eu-central-1b@dxedge-app-eu-central-1-prod-asg
Strict-Transport-Security: max-age=2592000; includeSubDomains
P3P: policyref="https://cts.w55c.net/ct/p3p_policy_ref.xml", CP="UNI PUR COM INT STA OTC STP OUR CUR TAIo COR DSP NOI"
Location: https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=MnlGNHA5T24xTUFXWTE1&google_gid=CAESEGq_umzvTpc0iJ1KRTUIw8g&google_cver=1&google_push=AYg5qPIXJDgHAKlEzYR6VUMNTPdqLh07Iyi6mAfAKjmw0R_TYMBKTyNmScOMJh-RhCfGN22Os3m8MtiHCmwhgCGhCj7sx0F53TE
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame E0BD
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=4&google_gid=CAESEFdGoEp47IPXTjCtkOkfHWc&google_cver=1&google_push=AYg5qPJdQhPuVvW6_p_kw3OKoT1EejyO7JRpUmGcFSUGUVPRapHuODxxJUBmxy2kw0Fza4HCivG4E-zqh47zM6Wk...
https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=5_9hZ_cxSgC6pfY0bp5jvQ&google_push=AYg5qPJdQhPuVvW6_p_kw3OKoT1EejyO7JRpUmGcFSUGUVPRapHuODxxJUBmxy2kw0Fza4HCivG4E-zqh47zM6Wkjs9hvBkZ2AM

170 B
188 B

20ms
18ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=5_9hZ_cxSgC6pfY0bp5jvQ&google_push=AYg5qPJdQhPuVvW6_p_kw3OKoT1EejyO7JRpUmGcFSUGUVPRapHuODxxJUBmxy2kw0Fza4HCivG4E-zqh47zM6Wkjs9hvBkZ2AM

Requested by

Host: 3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com
URL: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Oct 2021 09:24:02 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Thu, 14 Oct 2021 09:24:01 GMT
Server: MT3 3984 0e3af3b master cdg-pixel-x30 config:1.0.0
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=5_9hZ_cxSgC6pfY0bp5jvQ&google_push=AYg5qPJdQhPuVvW6_p_kw3OKoT1EejyO7JRpUmGcFSUGUVPRapHuODxxJUBmxy2kw0Fza4HCivG4E-zqh47zM6Wkjs9hvBkZ2AM
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Thu, 14 Oct 2021 09:24:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame E0BD
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESE...
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=WVdmM01RQUpBelZzTXdBNg==&google_gid=CAESECeGbH3GHU4MjPe-HDiKmks&google_cver=1&google_push=AYg5qPI0R0OJpqfZraF88JHysbeRzieSwD...

170 B
188 B

18ms
18ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=WVdmM01RQUpBelZzTXdBNg==&google_gid=CAESECeGbH3GHU4MjPe-HDiKmks&google_cver=1&google_push=AYg5qPI0R0OJpqfZraF88JHysbeRzieSwDPi-uZhlysBF4xzq1xnhOSnQjgx-oxFSR_vBpUXU7q1Nyi8Do_Cmiv3BBuiP3FZKA

Requested by

Host: 3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com
URL: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Oct 2021 09:24:02 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 14 Oct 2021 09:24:01 GMT
via: 1.1 varnish
server: Varnish
x-timer: S1634203441.388529,VS0,VE0
x-served-by: cache-fra19181-FRA
x-cache: HIT
location: https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=WVdmM01RQUpBelZzTXdBNg==&google_gid=CAESECeGbH3GHU4MjPe-HDiKmks&google_cver=1&google_push=AYg5qPI0R0OJpqfZraF88JHysbeRzieSwDPi-uZhlysBF4xzq1xnhOSnQjgx-oxFSR_vBpUXU7q1Nyi8Do_Cmiv3BBuiP3FZKA
cache-control: no-cache
accept-ranges: bytes
content-length: 0
retry-after: 0
x-cache-hits: 0

GET
H2 204 AdxPixel
tr.blismedia.com/v1/api/sync/ Frame E0BD 0
141 B 44ms
16ms Image
text/plain 34.96.105.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tr.blismedia.com/v1/api/sync/AdxPixel?google_gid=CAESEF9hxioXjeE_gzKswaCE0jI&google_cver=1&google_push=AYg5qPJb93N4ur7lyR4fziAynv5dgT72anxkk0fgsIQ45DStRIDHrsfJ8wMc3pITOhO0x5hNJYAP0nvqeAjecb0JMRXb_OI_8B4
Requested by: Host: 3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com
URL: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.96.105.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.105.96.34.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 09:24:01 GMT
via: 1.1 google
alt-svc: clear

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame E0BD
Redirect Chain

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEAH8jQM8dzZXBDPPIVy2XQU&google_cver=1&google_push=AYg5qPI_3gvHld4aCYIT22FgkLKAjjy_g1VjkBHzIBmu7h8IBMs5rpM-sjfTFcwHXK5yISN6Lm5PszeJ...
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=ODkxOTczOTczOTc2NjM5NDcwOA&google_push=AYg5qPI_3gvHld4aCYIT22FgkLKAjjy_g1VjkBHzIBmu7h8IBMs5rpM-sjfTFcwHXK5yISN6Lm5Psz...

170 B
188 B

20ms
18ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=ODkxOTczOTczOTc2NjM5NDcwOA&google_push=AYg5qPI_3gvHld4aCYIT22FgkLKAjjy_g1VjkBHzIBmu7h8IBMs5rpM-sjfTFcwHXK5yISN6Lm5PszeJjFUomRivWRBcAxBUfJk

Requested by

Host: 3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com
URL: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Oct 2021 09:24:02 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 14 Oct 2021 09:24:01 GMT
server: nginx
location: https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=ODkxOTczOTczOTc2NjM5NDcwOA&google_push=AYg5qPI_3gvHld4aCYIT22FgkLKAjjy_g1VjkBHzIBmu7h8IBMs5rpM-sjfTFcwHXK5yISN6Lm5PszeJjFUomRivWRBcAxBUfJk
access-control-max-age: 86400
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET

pixel
cm.g.doubleclick.net/ Frame E0BD
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEORKAflOX3WFjnZDasqJXrk&google_cver=1&googl...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWf3L-IJHAtuN0XGpVci_wAABHsAAAAB&google_gid=CAESEORKAflOX3WFjnZDasqJXrk&google_push=AYg5qPJ2ussQ6IcwYDFvjonUTIdQt-cHVVbd-qGaEMOOTx6MRPE...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWf3L-IJHAtuN0XGpVci_wAABHsAAAAB&google_gid=CAESEORKAflOX3WFjnZDasqJXrk&google_push=AYg5qPJ2ussQ6IcwYDFvjonUTIdQt-cHVVbd-qGaEMOOTx6MRPE...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWf3L-IJHAtuN0XGpVci_wAABHsAAAAB&google_gid=CAESEORKAflOX3WFjnZDasqJXrk&google_push=AYg5qPJ2ussQ6IcwYDFvjonUTIdQt-cHVVbd-qGaEMOOTx6MRPE...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWf3L-IJHAtuN0XGpVci_wAABHsAAAAB&google_gid=CAESEORKAflOX3WFjnZDasqJXrk&google_push=AYg5qPJ2ussQ6IcwYDFvjonUTIdQt-cHVVbd-qGaEMOOTx6MRPE...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWf3L-IJHAtuN0XGpVci_wAABHsAAAAB&google_gid=CAESEORKAflOX3WFjnZDasqJXrk&google_push=AYg5qPJ2ussQ6IcwYDFvjonUTIdQt-cHVVbd-qGaEMOOTx6MRPE...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWf3L-IJHAtuN0XGpVci_wAABHsAAAAB&google_gid=CAESEORKAflOX3WFjnZDasqJXrk&google_push=AYg5qPJ2ussQ6IcwYDFvjonUTIdQt-cHVVbd-qGaEMOOTx6MRPE...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWf3L-IJHAtuN0XGpVci_wAABHsAAAAB&google_gid=CAESEORKAflOX3WFjnZDasqJXrk&google_push=AYg5qPJ2ussQ6IcwYDFvjonUTIdQt-cHVVbd-qGaEMOOTx6MRPE...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWf3L-IJHAtuN0XGpVci_wAABHsAAAAB&google_gid=CAESEORKAflOX3WFjnZDasqJXrk&google_push=AYg5qPJ2ussQ6IcwYDFvjonUTIdQt-cHVVbd-qGaEMOOTx6MRPE...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWf3L-IJHAtuN0XGpVci_wAABHsAAAAB&google_gid=CAESEORKAflOX3WFjnZDasqJXrk&google_push=AYg5qPJ2ussQ6IcwYDFvjonUTIdQt-cHVVbd-qGaEMOOTx6MRPE...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWf3L-IJHAtuN0XGpVci_wAABHsAAAAB&google_gid=CAESEORKAflOX3WFjnZDasqJXrk&google_push=AYg5qPJ2ussQ6IcwYDFvjonUTIdQt-cHVVbd-qGaEMOOTx6MRPE...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWf3L-IJHAtuN0XGpVci_wAABHsAAAAB&google_gid=CAESEORKAflOX3WFjnZDasqJXrk&google_push=AYg5qPJ2ussQ6IcwYDFvjonUTIdQt-cHVVbd-qGaEMOOTx6MRPE...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWf3L-IJHAtuN0XGpVci_wAABHsAAAAB&google_gid=CAESEORKAflOX3WFjnZDasqJXrk&google_push=AYg5qPJ2ussQ6IcwYDFvjonUTIdQt-cHVVbd-qGaEMOOTx6MRPE...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWf3L-IJHAtuN0XGpVci_wAABHsAAAAB&google_gid=CAESEORKAflOX3WFjnZDasqJXrk&google_push=AYg5qPJ2ussQ6IcwYDFvjonUTIdQt-cHVVbd-qGaEMOOTx6MRPE...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWf3L-IJHAtuN0XGpVci_wAABHsAAAAB&google_gid=CAESEORKAflOX3WFjnZDasqJXrk&google_push=AYg5qPJ2ussQ6IcwYDFvjonUTIdQt-cHVVbd-qGaEMOOTx6MRPE...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWf3L-IJHAtuN0XGpVci_wAABHsAAAAB&google_gid=CAESEORKAflOX3WFjnZDasqJXrk&google_push=AYg5qPJ2ussQ6IcwYDFvjonUTIdQt-cHVVbd-qGaEMOOTx6MRPE...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWf3L-IJHAtuN0XGpVci_wAABHsAAAAB&google_gid=CAESEORKAflOX3WFjnZDasqJXrk&google_push=AYg5qPJ2ussQ6IcwYDFvjonUTIdQt-cHVVbd-qGaEMOOTx6MRPE...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWf3L-IJHAtuN0XGpVci_wAABHsAAAAB&google_gid=CAESEORKAflOX3WFjnZDasqJXrk&google_push=AYg5qPJ2ussQ6IcwYDFvjonUTIdQt-cHVVbd-qGaEMOOTx6MRPE...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWf3L-IJHAtuN0XGpVci_wAABHsAAAAB&google_gid=CAESEORKAflOX3WFjnZDasqJXrk&google_push=AYg5qPJ2ussQ6IcwYDFvjonUTIdQt-cHVVbd-qGaEMOOTx6MRPE...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWf3L-IJHAtuN0XGpVci_wAABHsAAAAB&google_gid=CAESEORKAflOX3WFjnZDasqJXrk&google_push=AYg5qPJ2ussQ6IcwYDFvjonUTIdQt-cHVVbd-qGaEMOOTx6MRPE...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWf3L-IJHAtuN0XGpVci_wAABHsAAAAB&google_gid=CAESEORKAflOX3WFjnZDasqJXrk&google_push=AYg5qPJ2ussQ6IcwYDFvjonUTIdQt-cHVVbd-qGaEMOOTx6MRPE...

0
0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame E0BD
Redirect Chain

https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEFCllLQeRtTHh-UQjlDBFes&google_cver=1&google_push=AYg5qPJ3FW63JwV0RNFHn38fSPbnMheRlI0m2yES8mBL9gAxl9v7DopYUyrw_ArS-ihf5ndK2u...
https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS1OUXN2RU1KRTJ1SHVmREtWblc3OGxlejRRTS5KcHdPT35B&google_push=AYg5qPJ3FW63JwV0RNFHn38fSPbnMheRlI0m2yES8mBL9gAxl9v7DopYU...

170 B
188 B

18ms
17ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS1OUXN2RU1KRTJ1SHVmREtWblc3OGxlejRRTS5KcHdPT35B&google_push=AYg5qPJ3FW63JwV0RNFHn38fSPbnMheRlI0m2yES8mBL9gAxl9v7DopYUyrw_ArS-ihf5ndK2umSOSR2diPqHmj6nScIz8JMxZAX

Requested by

Host: 3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com
URL: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Oct 2021 09:24:02 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Thu, 14 Oct 2021 09:24:01 GMT
Server: ATS/7.1.2.138
Age: 0
Strict-Transport-Security: max-age=31536000
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Location: https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS1OUXN2RU1KRTJ1SHVmREtWblc3OGxlejRRTS5KcHdPT35B&google_push=AYg5qPJ3FW63JwV0RNFHn38fSPbnMheRlI0m2yES8mBL9gAxl9v7DopYUyrw_ArS-ihf5ndK2umSOSR2diPqHmj6nScIz8JMxZAX
Connection: keep-alive
Content-Length: 0

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame E0BD 0
12 B 15ms
14ms Image
text/html 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13J5moxnfVsVEZmnaT8i1phc89oCMUYpET8VfOmsrSY8hK2nhZKAS9aXZyq1MuFbaA7qGbRFlg

Requested by

Host: 3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com
URL: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 09:24:01 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 6625
Redirect Chain

https://pm.w55c.net/ping_match.gif?ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEGq_umzvTpc0iJ1KRTUIw8g&google_cve...
https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=MnlGNHA5T24xTUFXWTE1&google_gid=CAESEGq_umzvTpc0iJ1KRTUIw8g&google_cver=1&google_push=AYg5qPIC7xSrhndppyK6Y6R-2NJfuabO52L6mE-1qW0VU7m...

170 B
188 B

18ms
16ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=MnlGNHA5T24xTUFXWTE1&google_gid=CAESEGq_umzvTpc0iJ1KRTUIw8g&google_cver=1&google_push=AYg5qPIC7xSrhndppyK6Y6R-2NJfuabO52L6mE-1qW0VU7mmX8JjBHl6_nA4rkkFe_ilJhpTTKgmXsylNpKDWSS7oWiyyuyU868

Requested by

Host: 3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com
URL: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Oct 2021 09:24:02 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Thu, 14 Oct 2021 09:24:01 GMT
Server: PingMatch/8a430fa#rel-ec2-master i-0d1d523a9a3a6e567@eu-central-1a@dxedge-app-eu-central-1-prod-asg
Strict-Transport-Security: max-age=2592000; includeSubDomains
P3P: policyref="https://cts.w55c.net/ct/p3p_policy_ref.xml", CP="UNI PUR COM INT STA OTC STP OUR CUR TAIo COR DSP NOI"
Location: https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=MnlGNHA5T24xTUFXWTE1&google_gid=CAESEGq_umzvTpc0iJ1KRTUIw8g&google_cver=1&google_push=AYg5qPIC7xSrhndppyK6Y6R-2NJfuabO52L6mE-1qW0VU7mmX8JjBHl6_nA4rkkFe_ilJhpTTKgmXsylNpKDWSS7oWiyyuyU868
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

i.match
s.tribalfusion.com/z/ Frame 6625
Redirect Chain

https://a.tribalfusion.com/i.match?p=b6&u=CAESEK2TBaWQTvxIo0wzlc7jA3s&google_cver=1&google_push=AYg5qPIyYqsyqWTi7Fl93aekCSD03j35jXwFZgshNWDRuHhKU6pxm5P4KbRy_8XcryNnqMmFYRc9XMkcI7oVDFD4CuR_a4qKDszS&...
https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEK2TBaWQTvxIo0wzlc7jA3s&google_cver=1&google_push=AYg5qPIyYqsyqWTi7Fl93aekCSD03j35jXwFZgshNWDRuHhKU6pxm5P4KbRy_8XcryNnqMmFYRc9XMkcI7oVDFD4CuR_a4qKDsz...

43 B
417 B

170ms
169ms

Image
image/gif

2606:4700::6812:c05
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEK2TBaWQTvxIo0wzlc7jA3s&google_cver=1&google_push=AYg5qPIyYqsyqWTi7Fl93aekCSD03j35jXwFZgshNWDRuHhKU6pxm5P4KbRy_8XcryNnqMmFYRc9XMkcI7oVDFD4CuR_a4qKDszS&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAYg5qPIyYqsyqWTi7Fl93aekCSD03j35jXwFZgshNWDRuHhKU6pxm5P4KbRy_8XcryNnqMmFYRc9XMkcI7oVDFD4CuR_a4qKDszS%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:c05 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Oct 2021 09:24:02 GMT
cf-cache-status: DYNAMIC
x-function: 302
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
cf-ray: 69dfc0996af25373-FRA
p3p: CP="NOI DEVo TAIa OUR BUS"
cache-control: no-cache, private
content-type: image/gif; charset=utf-8
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 43
expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 14 Oct 2021 09:24:02 GMT
cf-cache-status: DYNAMIC
x-function: 206
server: cloudflare
x-reuse-index: 41
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
cf-ray: 69dfc09788015373-FRA
p3p: CP="NOI DEVo TAIa OUR BUS"
location: https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEK2TBaWQTvxIo0wzlc7jA3s&google_cver=1&google_push=AYg5qPIyYqsyqWTi7Fl93aekCSD03j35jXwFZgshNWDRuHhKU6pxm5P4KbRy_8XcryNnqMmFYRc9XMkcI7oVDFD4CuR_a4qKDszS&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAYg5qPIyYqsyqWTi7Fl93aekCSD03j35jXwFZgshNWDRuHhKU6pxm5P4KbRy_8XcryNnqMmFYRc9XMkcI7oVDFD4CuR_a4qKDszS%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
cache-control: no-cache, private
content-type: text/html
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 6625
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESE...
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=WVdmM01RQUpBelZzTXdBNg==&google_gid=CAESECeGbH3GHU4MjPe-HDiKmks&google_cver=1&google_push=AYg5qPIDTth4h7vgkWpLKWUu49R4K1Vcxo...

170 B
188 B

18ms
16ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=WVdmM01RQUpBelZzTXdBNg==&google_gid=CAESECeGbH3GHU4MjPe-HDiKmks&google_cver=1&google_push=AYg5qPIDTth4h7vgkWpLKWUu49R4K1Vcxops2ix951ng3QENkK-9lFSjZ8XcJnZ65vNRhwORtIhSxsU4nE4iJ-7NzjFKDctGkmk

Requested by

Host: 3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com
URL: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Oct 2021 09:24:02 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 14 Oct 2021 09:24:01 GMT
via: 1.1 varnish
server: Varnish
x-timer: S1634203441.393184,VS0,VE0
x-served-by: cache-fra19181-FRA
x-cache: HIT
location: https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=WVdmM01RQUpBelZzTXdBNg==&google_gid=CAESECeGbH3GHU4MjPe-HDiKmks&google_cver=1&google_push=AYg5qPIDTth4h7vgkWpLKWUu49R4K1Vcxops2ix951ng3QENkK-9lFSjZ8XcJnZ65vNRhwORtIhSxsU4nE4iJ-7NzjFKDctGkmk
cache-control: no-cache
accept-ranges: bytes
content-length: 0
retry-after: 0
x-cache-hits: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 6625
Redirect Chain

https://tracking.m6r.eu/sync/adxRedirect?gdprFallback=true&google_gid=&google_gid=CAESEM3z3zsYGbFyOV-Qt9CCB7c&google_cver=1&google_push=AYg5qPJF3eoL768mroDB7gVB8_B1oCPtS0on0hZMI4jqnVIPrruDJpsX1AW4I...
https://tracking.m6r.eu/sync/adxRedirect?gdprFallback=true&google_gid=&google_gid=CAESEM3z3zsYGbFyOV-Qt9CCB7c&google_cver=1&google_push=AYg5qPJF3eoL768mroDB7gVB8_B1oCPtS0on0hZMI4jqnVIPrruDJpsX1AW4I...
https://cm.g.doubleclick.net/pixel?google_nid=m6r&google_ula=158217889&google_hm=TAO5O3QCu8lGE768YGwkFg&google_push=AYg5qPJF3eoL768mroDB7gVB8_B1oCPtS0on0hZMI4jqnVIPrruDJpsX1AW4Icbji3Ncqn2jXHNk-Bs-L...

170 B
188 B

16ms
16ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=m6r&google_ula=158217889&google_hm=TAO5O3QCu8lGE768YGwkFg&google_push=AYg5qPJF3eoL768mroDB7gVB8_B1oCPtS0on0hZMI4jqnVIPrruDJpsX1AW4Icbji3Ncqn2jXHNk-Bs-LzcukEywoDda5I4jFfo

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Oct 2021 09:24:02 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Thu, 14 Oct 2021 09:24:02 GMT
Server: nginx
Vary: Accept
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=m6r&google_ula=158217889&google_hm=TAO5O3QCu8lGE768YGwkFg&google_push=AYg5qPJF3eoL768mroDB7gVB8_B1oCPtS0on0hZMI4jqnVIPrruDJpsX1AW4Icbji3Ncqn2jXHNk-Bs-LzcukEywoDda5I4jFfo
Connection: close
Content-Type: text/plain; charset=utf-8
Content-Length: 237

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 6625
Redirect Chain

https://x.bidswitch.net/sync?ssp=google&google_gid=CAESEHAKvu9CENnLwkQiEdSeNts&google_cver=1&google_push=AYg5qPJ4uF07Pau0uUTIGiRSsWxlgcAA5GI5mXvXBmpkARRnd-5v-Y3H5slOXb11H1RFwBpFZKucWcALKPd9OAfM7q2V...
https://x.bidswitch.net/ul_cb/sync?ssp=google&google_gid=CAESEHAKvu9CENnLwkQiEdSeNts&google_cver=1&google_push=AYg5qPJ4uF07Pau0uUTIGiRSsWxlgcAA5GI5mXvXBmpkARRnd-5v-Y3H5slOXb11H1RFwBpFZKucWcALKPd9OA...
https://a.volvelle.tech/sync?ssp=bidswitch&bidswitch_ssp_id=google&bsw_uid=905dfd53-7d0b-43d0-af0d-134f9f5c93ac
https://a.volvelle.tech/ul_cb/sync?ssp=bidswitch&bidswitch_ssp_id=google&bsw_uid=905dfd53-7d0b-43d0-af0d-134f9f5c93ac
https://x.bidswitch.net/sync?dsp_id=190&expires=14&user_group=1&user_id=50ef145b-32c6-483e-acbe-3d073fe57a36&ssp=google
https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=AYg5qPJ4uF07Pau0uUTIGiRSsWxlgcAA5GI5mXvXBmpkARRnd-5v-Y3H5slOXb11H1RFwBpFZKucWcALKPd9OAfM7q2VCx3Gm9ly&google_hm=kF39U30LQ9CvDRNPn1yTrA==

170 B
188 B

21ms
18ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=AYg5qPJ4uF07Pau0uUTIGiRSsWxlgcAA5GI5mXvXBmpkARRnd-5v-Y3H5slOXb11H1RFwBpFZKucWcALKPd9OAfM7q2VCx3Gm9ly&google_hm=kF39U30LQ9CvDRNPn1yTrA==

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Oct 2021 09:24:02 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: //cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=AYg5qPJ4uF07Pau0uUTIGiRSsWxlgcAA5GI5mXvXBmpkARRnd-5v-Y3H5slOXb11H1RFwBpFZKucWcALKPd9OAfM7q2VCx3Gm9ly&google_hm=kF39U30LQ9CvDRNPn1yTrA==
Date: Thu, 14 Oct 2021 09:24:02 GMT
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 0

GET
H2 200 dot.gif
s0.2mdn.net/ Frame 6625 43 B
120 B 16ms
14ms Image
image/gif 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/dot.gif?google_gid=CAESECjhZE70Vt2TJy_sFCzRZpc&google_cver=1&google_push=AYg5qPIxGadY4lzimy2wK42hGsqLhHyBOfDEDy2I-aHevfWhNofwVPawaqewCMM94qMr9b-0421IgENj2TLsk2JTd_bq6SHw1gA

Requested by

Host: 3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com
URL: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 09:24:01 GMT
x-content-type-options: nosniff
last-modified: Sun, 01 Feb 2009 08:00:00 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 43
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 15 Oct 2021 09:24:01 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 6625
Redirect Chain

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEAH8jQM8dzZXBDPPIVy2XQU&google_cver=1&google_push=AYg5qPLLD7rcZdBK5xEjpD2RdSVpadYv-f-USno1AqMNuAGxgG_mvCkV9eeVR-U4IuHDjI8JZjvoPyEB...
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=ODkxOTczOTczOTc2NjM5NDcwOA&google_push=AYg5qPLLD7rcZdBK5xEjpD2RdSVpadYv-f-USno1AqMNuAGxgG_mvCkV9eeVR-U4IuHDjI8JZjvoPy...

170 B
188 B

21ms
20ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=ODkxOTczOTczOTc2NjM5NDcwOA&google_push=AYg5qPLLD7rcZdBK5xEjpD2RdSVpadYv-f-USno1AqMNuAGxgG_mvCkV9eeVR-U4IuHDjI8JZjvoPyEBdp5yywdpOmhnq0YtaSJZ

Requested by

Host: 3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com
URL: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Oct 2021 09:24:02 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 14 Oct 2021 09:24:01 GMT
server: nginx
location: https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=ODkxOTczOTczOTc2NjM5NDcwOA&google_push=AYg5qPLLD7rcZdBK5xEjpD2RdSVpadYv-f-USno1AqMNuAGxgG_mvCkV9eeVR-U4IuHDjI8JZjvoPyEBdp5yywdpOmhnq0YtaSJZ
access-control-max-age: 86400
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 6625 0
12 B 14ms
14ms Image
text/html 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13I5-ck43eIyLeVS4sFpQpMvn-DcL9rv3ZWUIc4yKQbALO4RfewtUf11TFv6RxNDpVg-G4Q3

Requested by

Host: 3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com
URL: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 09:24:01 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame A312 6 KB
4 KB 17ms
17ms XHR
application/json 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_246&st=int

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_246.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8e84490b0f0dd5e37c4e067fc2523fc1aefdf874b356746eb12c9eedc24383e8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 14 Oct 2021 09:24:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4492
x-xss-protection: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 0D96
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESE...
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=WVdmM01RQUpBelZzTXdBNg==&google_gid=CAESECeGbH3GHU4MjPe-HDiKmks&google_cver=1&google_push=AYg5qPKZw3Phk5NqDcJ1SLUamsdDSZc0g2...

170 B
188 B

19ms
19ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=WVdmM01RQUpBelZzTXdBNg==&google_gid=CAESECeGbH3GHU4MjPe-HDiKmks&google_cver=1&google_push=AYg5qPKZw3Phk5NqDcJ1SLUamsdDSZc0g2PgVXVLlL1nt19xagLa4WxNZwThKVu7gfZjk7puy5_9FGcddIBFPHxodoOFCN-_t4k

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Oct 2021 09:24:02 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 14 Oct 2021 09:24:01 GMT
via: 1.1 varnish
server: Varnish
x-timer: S1634203442.542134,VS0,VE0
x-served-by: cache-fra19181-FRA
x-cache: HIT
location: https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=WVdmM01RQUpBelZzTXdBNg==&google_gid=CAESECeGbH3GHU4MjPe-HDiKmks&google_cver=1&google_push=AYg5qPKZw3Phk5NqDcJ1SLUamsdDSZc0g2PgVXVLlL1nt19xagLa4WxNZwThKVu7gfZjk7puy5_9FGcddIBFPHxodoOFCN-_t4k
cache-control: no-cache
accept-ranges: bytes
content-length: 0
retry-after: 0
x-cache-hits: 0

GET
H2 200 google
match.adsrvr.org/track/cmf/ Frame 0D96 70 B
264 B 32ms
31ms Image
image/gif 13.248.242.197
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/google?google_gid=CAESEGBHFpInoL43bcHimkdvHjg&google_cver=1&google_push=AYg5qPLcbii4YLodvMkIzJEDPPjkqatYivNEbHi8mLZX4Of-ccYUM0RsUgB7XgCMdADgxMugjRXmF8MU9ifaINJv99gCGW58wWZN
Requested by: Host: 3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com
URL: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.248.242.197 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a97adde81b00f2ca4.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Oct 2021 09:24:01 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H2 204 pixelSync
pixel-sync.sitescout.com/dmp/ Frame 0D96 0
191 B 22ms
21ms Image
text/plain 66.155.71.25
COGECO-PEER1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel-sync.sitescout.com/dmp/pixelSync?nid=8&google_gid=CAESEAJ8gx1sFpKrgB7Y2bOtmIk&google_cver=1&google_push=AYg5qPJs7X-Sj3OWLRFRqckOFoiuVaK_g7OpB-p5ebpQmnFzMJ0poFuCgq57seqCcUBDqhp3hGNGv5ahAiz2SOj4aIcnFb72HW1H
Requested by: Host: 3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com
URL: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 66.155.71.25 Portsmouth, United Kingdom, ASN13768 (COGECO-PEER1, CA),
Reverse DNS
Software: AC1.1 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Oct 2021 09:24:01 GMT
cache-control: max-age=0,no-cache,no-store
server: AC1.1
p3p: CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
expires: Tue, 11 Oct 1977 12:34:56 GMT

GET
H2 200 dot.gif
s0.2mdn.net/ Frame 0D96 43 B
111 B 17ms
16ms Image
image/gif 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/dot.gif?google_gid=CAESECjhZE70Vt2TJy_sFCzRZpc&google_cver=1&google_push=AYg5qPKtWn24pZ999FMv4D8__D5hjkg_z1Y_uPo-STIXNqECAIY91hmtyMNuqtbXEv22m4msPICqxh15roTdxIDYnHzL-ro_NME

Requested by

Host: 3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com
URL: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 09:24:01 GMT
x-content-type-options: nosniff
last-modified: Sun, 01 Feb 2009 08:00:00 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 43
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 15 Oct 2021 09:24:01 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 0D96
Redirect Chain

https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEHInTnepCAeo-jc7ez39dcw&google_cver=1&google_push=AYg5qPJl0VK4ELgvfMy3OXJE3VOmBvVh3KpDL5BwGqVI0m24flnficn3bVl7L9y_DJ6tK0fGq4D-KA8OU4_mGzkpW...
https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEHInTnepCAeo-jc7ez39dcw&google_cver=1&google_push=AYg5qPJl0VK4ELgvfMy3OXJE3VOmBvVh3KpDL5BwGqVI0m24flnficn3bVl7L9y_DJ6tK0fGq4D-KA8OU4_mGzkpW...
https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AYg5qPJl0VK4ELgvfMy3OXJE3VOmBvVh3KpDL5BwGqVI0m24flnficn3bVl7L9y_DJ6tK0fGq4D-KA8OU4_mGzkpWbksw6VIG5U2&google_hm=c35728bd8eed94ee32d7ab9c

170 B
188 B

17ms
17ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AYg5qPJl0VK4ELgvfMy3OXJE3VOmBvVh3KpDL5BwGqVI0m24flnficn3bVl7L9y_DJ6tK0fGq4D-KA8OU4_mGzkpWbksw6VIG5U2&google_hm=c35728bd8eed94ee32d7ab9c

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Oct 2021 09:24:02 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Thu, 14 Oct 2021 09:24:02 GMT
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Location: https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AYg5qPJl0VK4ELgvfMy3OXJE3VOmBvVh3KpDL5BwGqVI0m24flnficn3bVl7L9y_DJ6tK0fGq4D-KA8OU4_mGzkpWbksw6VIG5U2&google_hm=c35728bd8eed94ee32d7ab9c
Access-Control-Allow-Credentials: true
Connection: close
X-Sovrn-Pod: ad_ap7ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 0D96
Redirect Chain

https://s.ad.smaato.net/c/n///-?adNetInit=g&google_gid=CAESEKi-lY8iWUwYimjPEnDMnLo&google_cver=1&google_push=AYg5qPLBm3yZ-9YWS-zky6kAXIoO8ZMPplalrNA61Ui_-ir-0Pf0mFQsIVqD_Q4NaK5SjsSq92Ww2X-ZpZgE1n-f...
https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=AYg5qPLBm3yZ-9YWS-zky6kAXIoO8ZMPplalrNA61Ui_-ir-0Pf0mFQsIVqD_Q4NaK5SjsSq92Ww2X-ZpZgE1n-fGwKeDgQIAjiG

170 B
188 B

17ms
16ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=AYg5qPLBm3yZ-9YWS-zky6kAXIoO8ZMPplalrNA61Ui_-ir-0Pf0mFQsIVqD_Q4NaK5SjsSq92Ww2X-ZpZgE1n-fGwKeDgQIAjiG

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Oct 2021 09:24:02 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Thu, 14 Oct 2021 09:24:01 GMT
via: 1.1 ab985bb6f3435d42701015dfa6015878.cloudfront.net (CloudFront)
server: CloudFront
x-amz-cf-pop: FRA56-P5
x-cache: FunctionGeneratedResponse from cloudfront
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=AYg5qPLBm3yZ-9YWS-zky6kAXIoO8ZMPplalrNA61Ui_-ir-0Pf0mFQsIVqD_Q4NaK5SjsSq92Ww2X-ZpZgE1n-fGwKeDgQIAjiG
cache-control: no-cache, must-revalidate
content-length: 0
x-amz-cf-id: u3Ub3s9ci2V-mjqjGwXGj2Z7X52GMbwDYVXbmb8rJOUMFUjwd_Q9lA==

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 0D96
Redirect Chain

https://eb2.3lift.com/ebda?sync=1&google_gid=CAESEM-haXFWLUtpb5OvoiqX3og&google_cver=1&google_push=AYg5qPImRh1lDjAVfy5CZqBhkpWW4fU8JB8MyYlocIrNhaxvVnb0RDm50kaA9MOgwvn9nFUe8D0Z2g9j913fx65_MvUPGwVNfJFR
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MjgxODgwNzc1MzkyNzY4OTE2NQ%3D%3D&google_push=AYg5qPImRh1lDjAVfy5CZqBhkpWW4fU8JB8MyYlocIrNhaxvVnb0RDm50kaA...

170 B
188 B

18ms
18ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MjgxODgwNzc1MzkyNzY4OTE2NQ%3D%3D&google_push=AYg5qPImRh1lDjAVfy5CZqBhkpWW4fU8JB8MyYlocIrNhaxvVnb0RDm50kaA9MOgwvn9nFUe8D0Z2g9j913fx65_MvUPGwVNfJFR

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Oct 2021 09:24:02 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MjgxODgwNzc1MzkyNzY4OTE2NQ%3D%3D&google_push=AYg5qPImRh1lDjAVfy5CZqBhkpWW4fU8JB8MyYlocIrNhaxvVnb0RDm50kaA9MOgwvn9nFUe8D0Z2g9j913fx65_MvUPGwVNfJFR
date: Thu, 14 Oct 2021 09:24:01 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 0D96 0
12 B 15ms
15ms Image
text/html 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13LrcnmYAE1Xl6kksWVKUN3I5y1quObvA4VyC_LHe42TK6LMTNthtANyP_YAs8mjPNe1HV7o

Requested by

Host: 3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com
URL: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 09:24:01 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 2BFD 0
23 B 17ms
16ms Ping
image/gif 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: by-them.com
URL: https://by-them.com/430811?utm_medium=email&utm_source=mag_W000000003_thu&utm_campaign=mag_9999_0930&trflg=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Thu, 14 Oct 2021 09:24:02 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 37B5 0
23 B 18ms
17ms Ping
image/gif 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: by-them.com
URL: https://by-them.com/430811?utm_medium=email&utm_source=mag_W000000003_thu&utm_campaign=mag_9999_0930&trflg=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Thu, 14 Oct 2021 09:24:02 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 99DE 0
23 B 18ms
18ms Ping
image/gif 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: by-them.com
URL: https://by-them.com/430811?utm_medium=email&utm_source=mag_W000000003_thu&utm_campaign=mag_9999_0930&trflg=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Thu, 14 Oct 2021 09:24:02 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame BD96 6 KB
4 KB 19ms
19ms XHR
application/json 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_246&st=int

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_246.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

dec70e46e1ec9cb0b0d747fd5db0eb337c65eb1b0ca43524c802b7de168abe70

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 14 Oct 2021 09:24:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4506
x-xss-protection: 0

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 76B3 0
23 B 19ms
18ms Ping
image/gif 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: by-them.com
URL: https://by-them.com/430811?utm_medium=email&utm_source=mag_W000000003_thu&utm_campaign=mag_9999_0930&trflg=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Thu, 14 Oct 2021 09:24:02 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H2 200 index.html Show response
s0.2mdn.net/sadbundle/5225912271283230821/ Frame 2444 4 KB
2 KB 7ms
7ms Document
text/html 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/5225912271283230821/index.html

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_273.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e039ecc058db6b79512af5dffc4bf7f9fe53fd6009c037181797c623ce2ff499

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: s0.2mdn.net
:scheme: https
:path: /sadbundle/5225912271283230821/index.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://3a2a78fc2db035109a7b891ce40a8dfe.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-type: text/html
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
timing-allow-origin: *
content-length: 1699
date: Wed, 13 Oct 2021 21:33:08 GMT
expires: Thu, 13 Oct 2022 21:33:08 GMT
last-modified: Wed, 29 Sep 2021 08:35:03 GMT
x-content-type-options: nosniff
x-dns-prefetch-control: off
content-encoding: gzip
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 42654
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame CAB7 0
23 B 19ms
18ms Ping
image/gif 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: by-them.com
URL: https://by-them.com/430811?utm_medium=email&utm_source=mag_W000000003_thu&utm_campaign=mag_9999_0930&trflg=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS