www.123greetings.com Open in urlscan Pro
184.72.244.154 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.123greetings.com/events/harvest_moon_festival/?utm_source=esep_harvestmoonfest_remail
Submission: On September 12 via api (September 12th 2022, 10:16:53 am UTC) from US — Scanned from DE

Summary HTTP 453 Redirects Links 12 Behaviour Indicators

Summary

This website contacted 71 IPs in 13 countries across 51 domains to perform 453 HTTP transactions. The main IP is 184.72.244.154, located in Ashburn, United States and belongs to AMAZON-AES, US. The main domain is www.123greetings.com. The Cisco Umbrella rank of the primary domain is 366866.
TLS certificate: Issued by Go Daddy Secure Certificate Authority... on March 1st 2022. Valid for: a year.

This is the only time www.123greetings.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1	184.72.244.154 184.72.244.154	14618 (AMAZON-AES) (AMAZON-AES)
21	8.253.95.117 8.253.95.117	3356 (LEVEL3) (LEVEL3)
24	8.248.113.252 8.248.113.252	3356 (LEVEL3) (LEVEL3)
2	2a00:1450:400... 2a00:1450:4001:80e::2016	15169 (GOOGLE) (GOOGLE)
25	2a00:1450:400... 2a00:1450:4001:813::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:803::2008	15169 (GOOGLE) (GOOGLE)
15	34.248.176.243 34.248.176.243	16509 (AMAZON-02) (AMAZON-02)
2	2a03:2880:f01... 2a03:2880:f01c:216:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
1 3	3.225.202.210 3.225.202.210	14618 (AMAZON-AES) (AMAZON-AES)
10	2a00:1450:400... 2a00:1450:4001:806::2002	15169 (GOOGLE) (GOOGLE)
1	2001:4860:480... 2001:4860:4802:34::36	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:80f::200e	15169 (GOOGLE) (GOOGLE)
15	2a00:1450:400... 2a00:1450:4001:812::2002	15169 (GOOGLE) (GOOGLE)
9	2a00:1450:400... 2a00:1450:4001:829::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400c:c0c::9d	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:80f::2002	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:830::2001	15169 (GOOGLE) (GOOGLE)
2	142.250.185.66 142.250.185.66	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:812::200a	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:828::2003	15169 (GOOGLE) (GOOGLE)
37	2a00:1450:400... 2a00:1450:4001:811::2001	15169 (GOOGLE) (GOOGLE)
1 2	2a03:2880:f11... 2a03:2880:f11c:8083:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
10	2a00:1450:400... 2a00:1450:4001:80f::2001	15169 (GOOGLE) (GOOGLE)
10	2600:9000:249... 2600:9000:2490:a00:1c:38a0:8a40:93a1	16509 (AMAZON-02) (AMAZON-02)
2 9	2a00:1450:400... 2a00:1450:4001:82b::2004	15169 (GOOGLE) (GOOGLE)
4	2a02:2638::2 2a02:2638::2	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
5	2a02:2638:1::4 2a02:2638:1::4	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	2a02:2638:1::2 2a02:2638:1::2	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
4	2600:9000:225... 2600:9000:2250:9e00:8:9ed9:9c40:93a1	16509 (AMAZON-02) (AMAZON-02)
11	44.224.187.254 44.224.187.254	16509 (AMAZON-02) (AMAZON-02)
14	2600:9000:223... 2600:9000:223e:a00:3:748e:7940:93a1	16509 (AMAZON-02) (AMAZON-02)
39	2a02:2638:1::3 2a02:2638:1::3	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
5	178.250.2.148 178.250.2.148	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1 2	3.93.138.170 3.93.138.170	14618 (AMAZON-AES) (AMAZON-AES)
3	2600:9000:224... 2600:9000:2240:ee00:1e:a43d:b640:93a1	16509 (AMAZON-02) (AMAZON-02)
2	2606:4700::68... 2606:4700::6811:180e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
31	178.250.0.139 178.250.0.139	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
9	178.250.0.162 178.250.0.162	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
2	2a00:1450:400... 2a00:1450:4001:830::2003	15169 (GOOGLE) (GOOGLE)
3	52.223.40.198 52.223.40.198	16509 (AMAZON-02) (AMAZON-02)
2 2	213.155.156.183 213.155.156.183	1299 (TWELVE99 ...) (TWELVE99 Arelion)
3 9	142.250.185.162 142.250.185.162	15169 (GOOGLE) (GOOGLE)
2 2	37.157.6.242 37.157.6.242	198622 (ADFORM) (ADFORM)
2 4	18.156.0.31 18.156.0.31	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:810::2006	15169 (GOOGLE) (GOOGLE)
1 7	51.75.86.98 51.75.86.98	16276 (OVH) (OVH)
1	2a02:26f0:350... 2a02:26f0:3500:592::2c79	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
11	2a02:26f0:350... 2a02:26f0:3500:58c::2c79	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
12	34.233.129.244 34.233.129.244	14618 (AMAZON-AES) (AMAZON-AES)
2	44.193.192.96 44.193.192.96	14618 (AMAZON-AES) (AMAZON-AES)
2 2	185.89.211.132 185.89.211.132	29990 (ASN-APPNEX) (ASN-APPNEX)
4	52.204.117.10 52.204.117.10	14618 (AMAZON-AES) (AMAZON-AES)
1	216.52.2.48 216.52.2.48	30282 (AS-INAPCD...) (AS-INAPCDN-OCY)
1	150.136.156.92 150.136.156.92	31898 (ORACLE-BM...) (ORACLE-BMC-31898)
1 1	213.19.147.44 213.19.147.44	26120 (RHYTHMONE) (RHYTHMONE)
3	184.51.9.34 184.51.9.34	16625 (AKAMAI-AS) (AKAMAI-AS)
1 1	2606:4700::68... 2606:4700::6813:ac6c	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	34.98.64.218 34.98.64.218	15169 (GOOGLE) (GOOGLE)
1 1	198.148.27.140 198.148.27.140	19189 (PULSEPOINT) (PULSEPOINT)
8	35.157.246.167 35.157.246.167	16509 (AMAZON-02) (AMAZON-02)
8	185.89.210.180 185.89.210.180	29990 (ASN-APPNEX) (ASN-APPNEX)
6	18.184.57.192 18.184.57.192	16509 (AMAZON-02) (AMAZON-02)
2	198.47.127.22 198.47.127.22	3257 (GTT-BACKB...) (GTT-BACKBONE GTT)
2	2600:1f18:612... 2600:1f18:612b:4216:dd36:6ff:8a37:a38f	14618 (AMAZON-AES) (AMAZON-AES)
4 12	104.18.19.126 104.18.19.126	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	185.64.190.78 185.64.190.78	62713 (AS-PUBMATIC) (AS-PUBMATIC)
2	23.205.235.133 23.205.235.133	16625 (AKAMAI-AS) (AKAMAI-AS)
2	151.101.65.108 151.101.65.108	54113 (FASTLY) (FASTLY)
2	23.35.236.247 23.35.236.247	16625 (AKAMAI-AS) (AKAMAI-AS)
2	104.18.18.126 104.18.18.126	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	69.173.144.165 69.173.144.165	26667 (RUBICONPR...) (RUBICONPROJECT)
2 4	52.46.130.91 52.46.130.91	16509 (AMAZON-02) (AMAZON-02)
1	52.212.196.36 52.212.196.36	16509 (AMAZON-02) (AMAZON-02)
2 3	104.96.159.65 104.96.159.65	16625 (AKAMAI-AS) (AKAMAI-AS)
1 1	2620:116:800d... 2620:116:800d:21:de2e:c7b3:55c0:d5a0	16509 (AMAZON-02) (AMAZON-02)
2	2606:4700::68... 2606:4700::6812:c4c	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	52.204.122.115 52.204.122.115	14618 (AMAZON-AES) (AMAZON-AES)
1 1	2a02:fa8:8806... 2a02:fa8:8806:20::2010	41041 (VCLK-EU-SE) (VCLK-EU-SE)
1 1	193.0.160.129 193.0.160.129	54312 (ROCKETFUEL) (ROCKETFUEL)
1 1	34.111.151.213 34.111.151.213	15169 (GOOGLE) (GOOGLE)
453	71

1 184.72.244.154 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: www.123greetings.com

www.123greetings.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

21 8.253.95.117 (United States)

ASN3356 (LEVEL3, US)

c.123g.us	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

24 8.248.113.252 (United States)

ASN3356 (LEVEL3, US)

i.123g.us	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80e::2016 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

i.ytimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

25 2a00:1450:4001:813::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:803::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 34.248.176.243 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-248-176-243.eu-west-1.compute.amazonaws.com

s.gk.123greetings.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f01c:216:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 3.225.202.210 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-225-202-210.compute-1.amazonaws.com

trkn.us	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a00:1450:4001:806::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80f::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 2a00:1450:4001:812::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a00:1450:4001:829::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c0c::9d (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:80f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:830::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

30098436617e6bdbda20c622bf945430.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.185.66 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s48-in-f2.1e100.net

partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:812::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:828::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

37 2a00:1450:4001:811::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f11c:8083:face:b00c:0:25de (Frankfurt am Main, Germany) 1 redirects

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a00:1450:4001:80f::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

cdn.ampproject.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2600:9000:2490:a00:1c:38a0:8a40:93a1 (United States)

ASN16509 (AMAZON-02, US)

cdn.avantisvideo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdn1.avantisvideo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a00:1450:4001:82b::2004 (Frankfurt am Main, Germany) 2 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a02:2638::2 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

rtb.fr.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a02:2638:1::4 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

ads.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:2638:1::2 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

rtb.nl.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2600:9000:2250:9e00:8:9ed9:9c40:93a1 (United States)

ASN16509 (AMAZON-02, US)

static.avantisvideo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 44.224.187.254 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-44-224-187-254.us-west-2.compute.amazonaws.com

events1.avantisvideo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 2600:9000:223e:a00:3:748e:7940:93a1 (United States)

ASN16509 (AMAZON-02, US)

avm.avantisvideo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

39 2a02:2638:1::3 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

static.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 178.250.2.148 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

cat.nl.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.93.138.170 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-93-138-170.compute-1.amazonaws.com

adrta.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ipds.adrta.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2600:9000:2240:ee00:1e:a43d:b640:93a1 (United States)

ASN16509 (AMAZON-02, US)

secure-gl.imrworldwide.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6811:180e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

31 178.250.0.139 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
PTR: pix.par.vip.prod.criteo.com

pix.eu.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 178.250.0.162 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

csm.eu.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:830::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 52.223.40.198 (United States)

ASN16509 (AMAZON-02, US)
PTR: a6370ebea231e0c9a.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 213.155.156.183 (Uppsala, Sweden) 2 redirects

ASN1299 (TWELVE99 Arelion, fka Telia Carrier, SE)
PTR: 213-155-156-183.teliacarrier-cust.com

d5p.de17a.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 142.250.185.162 (United States) 3 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s51-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 37.157.6.242 (Denmark) 2 redirects

ASN198622 (ADFORM, DK)

c1.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 18.156.0.31 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-156-0-31.eu-central-1.compute.amazonaws.com

ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:810::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 51.75.86.98 (Istanbul, Turkey) 1 redirects

ASN16276 (OVH, FR)
PTR: ip98.ip-51-75-86.eu

onetag-sys.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:3500:592::2c79 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

play.aniview.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2a02:26f0:3500:58c::2c79 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

player.aniview.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 34.233.129.244 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-233-129-244.compute-1.amazonaws.com

track1.aniview.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 44.193.192.96 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-44-193-192-96.compute-1.amazonaws.com

go1.aniview.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.89.211.132 (Frankfurt am Main, Germany) 2 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 961.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 52.204.117.10 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-204-117-10.compute-1.amazonaws.com

sync.aniview.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 216.52.2.48 (United States)

ASN30282 (AS-INAPCDN-OCY, US)

ap.lijit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 150.136.156.92 (Ashburn, United States)

ASN31898 (ORACLE-BMC-31898, US)

sync.technoratimedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 213.19.147.44 (Beverwijk, Netherlands) 1 redirects

ASN26120 (RHYTHMONE, US)

sync.1rx.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 184.51.9.34 (Vienna, Austria)

ASN16625 (AKAMAI-AS, US)
PTR: a184-51-9-34.deploy.static.akamaitechnologies.com

ads.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6813:ac6c (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

csync.loopme.me	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.98.64.218 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 218.64.98.34.bc.googleusercontent.com

u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 198.148.27.140 (New York, United States) 1 redirects

ASN19189 (PULSEPOINT, US)

bh.contextweb.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 35.157.246.167 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-35-157-246-167.eu-central-1.compute.amazonaws.com

web.ssp.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c2shb.pubgw.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 185.89.210.180 (Frankfurt am Main, Germany)

ASN29990 (ASN-APPNEX, US)
PTR: 958.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 18.184.57.192 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-184-57-192.eu-central-1.compute.amazonaws.com

prebid-server.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 198.47.127.22 (United States)

ASN3257 (GTT-BACKBONE GTT, US)

hbopenbid.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:1f18:612b:4216:dd36:6ff:8a37:a38f (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

p4dt2-ha1hf.ads.tremorhub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 104.18.19.126 (None, ) 4 redirects

ASN13335 (CLOUDFLARENET, US)

htlb.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ssum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
dsum.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.64.190.78 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)

image6.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.205.235.133 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-205-235-133.deploy.static.akamaitechnologies.com

eus.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.65.108 (United States)

ASN54113 (FASTLY, US)

acdn.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.35.236.247 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-35-236-247.deploy.static.akamaitechnologies.com

js-sec.indexww.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.18.18.126 (None, )

ASN13335 (CLOUDFLARENET, US)

r.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.173.144.165 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)

token.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 52.46.130.91 (Ashburn, United States) 2 redirects

ASN16509 (AMAZON-02, US)

s.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.212.196.36 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-212-196-36.eu-west-1.compute.amazonaws.com

match.prod.bidr.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 104.96.159.65 (Vienna, Austria) 2 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a104-96-159-65.deploy.static.akamaitechnologies.com

px.owneriq.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:116:800d:21:de2e:c7b3:55c0:d5a0 (United States) 1 redirects

ASN16509 (AMAZON-02, US)

pixel.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6812:c4c (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.indexww.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.204.122.115 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-204-122-115.compute-1.amazonaws.com

rtb.adentifi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:fa8:8806:20::2010 (Singapore) 1 redirects

ASN41041 (VCLK-EU-SE, US)

casale-match.dotomi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 193.0.160.129 (United States) 1 redirects

ASN54312 (ROCKETFUEL, US)

p.rfihub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.111.151.213 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 213.151.111.34.bc.googleusercontent.com

dmp.brand-display.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
79	criteo.net static.criteo.net — Cisco Umbrella Rank: 782 pix.eu.criteo.net — Cisco Umbrella Rank: 5551 csm.eu.criteo.net — Cisco Umbrella Rank: 5700	621 KB
66	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 129 30098436617e6bdbda20c622bf945430.safeframe.googlesyndication.com tpc.googlesyndication.com — Cisco Umbrella Rank: 174	1 MB
45	123g.us c.123g.us — Cisco Umbrella Rank: 455282 i.123g.us — Cisco Umbrella Rank: 282557	844 KB
39	avantisvideo.com cdn.avantisvideo.com — Cisco Umbrella Rank: 30890 static.avantisvideo.com — Cisco Umbrella Rank: 31934 events1.avantisvideo.com — Cisco Umbrella Rank: 27283 cdn1.avantisvideo.com — Cisco Umbrella Rank: 36198 avm.avantisvideo.com — Cisco Umbrella Rank: 31489	273 KB
32	doubleclick.net 3 redirects securepubads.g.doubleclick.net — Cisco Umbrella Rank: 226 googleads.g.doubleclick.net — Cisco Umbrella Rank: 73 stats.g.doubleclick.net — Cisco Umbrella Rank: 188 cm.g.doubleclick.net — Cisco Umbrella Rank: 303	228 KB
30	aniview.com play.aniview.com — Cisco Umbrella Rank: 20226 player.aniview.com — Cisco Umbrella Rank: 2410 track1.aniview.com — Cisco Umbrella Rank: 2549 go1.aniview.com — Cisco Umbrella Rank: 5345 sync.aniview.com — Cisco Umbrella Rank: 3125	483 KB
16	123greetings.com www.123greetings.com — Cisco Umbrella Rank: 366866 s.gk.123greetings.com — Cisco Umbrella Rank: 825135	64 KB
15	criteo.com rtb.fr.eu.criteo.com — Cisco Umbrella Rank: 10082 ads.eu.criteo.com — Cisco Umbrella Rank: 5636 rtb.nl.eu.criteo.com — Cisco Umbrella Rank: 9447 cat.nl.eu.criteo.com — Cisco Umbrella Rank: 7591	274 KB
14	casalemedia.com 4 redirects htlb.casalemedia.com — Cisco Umbrella Rank: 755 ssum-sec.casalemedia.com — Cisco Umbrella Rank: 709 r.casalemedia.com — Cisco Umbrella Rank: 1020 dsum-sec.casalemedia.com — Cisco Umbrella Rank: 904 dsum.casalemedia.com — Cisco Umbrella Rank: 2337	11 KB
12	adnxs.com 2 redirects secure.adnxs.com — Cisco Umbrella Rank: 725 ib.adnxs.com — Cisco Umbrella Rank: 329 acdn.adnxs.com — Cisco Umbrella Rank: 876	44 KB
12	yahoo.com 2 redirects ups.analytics.yahoo.com — Cisco Umbrella Rank: 419 web.ssp.yahoo.com — Cisco Umbrella Rank: 4152 c2shb.pubgw.yahoo.com — Cisco Umbrella Rank: 1251	2 KB
12	google.com 2 redirects adservice.google.com — Cisco Umbrella Rank: 142 www.google.com — Cisco Umbrella Rank: 19	2 KB
10	ampproject.org cdn.ampproject.org — Cisco Umbrella Rank: 305	218 KB
10	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 234	422 KB
9	rubiconproject.com prebid-server.rubiconproject.com — Cisco Umbrella Rank: 1415 eus.rubiconproject.com — Cisco Umbrella Rank: 840 token.rubiconproject.com — Cisco Umbrella Rank: 1115	13 KB
7	onetag-sys.com 1 redirects onetag-sys.com — Cisco Umbrella Rank: 1117	1 KB
6	pubmatic.com ads.pubmatic.com — Cisco Umbrella Rank: 713 hbopenbid.pubmatic.com — Cisco Umbrella Rank: 702 image6.pubmatic.com — Cisco Umbrella Rank: 891	18 KB
5	gstatic.com www.gstatic.com fonts.gstatic.com	79 KB
4	amazon-adsystem.com 2 redirects s.amazon-adsystem.com — Cisco Umbrella Rank: 415	2 KB
4	indexww.com js-sec.indexww.com — Cisco Umbrella Rank: 942 cdn.indexww.com — Cisco Umbrella Rank: 2169	4 KB
4	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 120	3 KB
3	owneriq.net 2 redirects px.owneriq.net — Cisco Umbrella Rank: 1924	1 KB
3	adsrvr.org match.adsrvr.org — Cisco Umbrella Rank: 486	793 B
3	imrworldwide.com secure-gl.imrworldwide.com — Cisco Umbrella Rank: 2066	2 KB
3	google.de adservice.google.de — Cisco Umbrella Rank: 5202	1 KB
3	google-analytics.com region1.google-analytics.com — Cisco Umbrella Rank: 2119 www.google-analytics.com — Cisco Umbrella Rank: 94	20 KB
3	trkn.us 1 redirects trkn.us — Cisco Umbrella Rank: 3944	3 KB
2	tremorhub.com p4dt2-ha1hf.ads.tremorhub.com — Cisco Umbrella Rank: 153025	2 KB
2	adform.net 2 redirects c1.adform.net — Cisco Umbrella Rank: 1015	1 KB
2	de17a.com 2 redirects d5p.de17a.com — Cisco Umbrella Rank: 6721	647 B
2	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 355	10 KB
2	adrta.com 1 redirects adrta.com — Cisco Umbrella Rank: 1898 ipds.adrta.com — Cisco Umbrella Rank: 2968	914 B
2	facebook.com 1 redirects www.facebook.com — Cisco Umbrella Rank: 111	3 KB
2	googleadservices.com partner.googleadservices.com — Cisco Umbrella Rank: 972	700 B
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 208	87 KB
2	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 141	116 KB
2	ytimg.com i.ytimg.com — Cisco Umbrella Rank: 107	10 KB
1	brand-display.com 1 redirects dmp.brand-display.com — Cisco Umbrella Rank: 3356	366 B
1	rfihub.com 1 redirects p.rfihub.com — Cisco Umbrella Rank: 1205	757 B
1	dotomi.com 1 redirects casale-match.dotomi.com — Cisco Umbrella Rank: 3934	187 B
1	adentifi.com rtb.adentifi.com — Cisco Umbrella Rank: 2164	35 B
1	quantserve.com 1 redirects pixel.quantserve.com — Cisco Umbrella Rank: 691	507 B
1	bidr.io match.prod.bidr.io — Cisco Umbrella Rank: 846	430 B
1	contextweb.com 1 redirects bh.contextweb.com — Cisco Umbrella Rank: 838	509 B
1	openx.net u.openx.net — Cisco Umbrella Rank: 975	304 B
1	loopme.me 1 redirects csync.loopme.me — Cisco Umbrella Rank: 1389	382 B
1	1rx.io 1 redirects sync.1rx.io — Cisco Umbrella Rank: 807	243 B
1	technoratimedia.com sync.technoratimedia.com — Cisco Umbrella Rank: 1710
1	lijit.com ap.lijit.com — Cisco Umbrella Rank: 872
1	2mdn.net s0.2mdn.net — Cisco Umbrella Rank: 350	577 B
0	netmng.com Failed google2waycm.netmng.com Failed
453	51

	Domain	Requested by
39	static.criteo.net	ads.eu.criteo.com
37	tpc.googlesyndication.com	googleads.g.doubleclick.net www.123greetings.com securepubads.g.doubleclick.net 30098436617e6bdbda20c622bf945430.safeframe.googlesyndication.com tpc.googlesyndication.com cdn.ampproject.org pagead2.googlesyndication.com
31	pix.eu.criteo.net	ads.eu.criteo.com
24	pagead2.googlesyndication.com	www.123greetings.com pagead2.googlesyndication.com tpc.googlesyndication.com securepubads.g.doubleclick.net googleads.g.doubleclick.net www.googletagservices.com
24	i.123g.us	www.123greetings.com
21	c.123g.us	www.123greetings.com c.123g.us
15	securepubads.g.doubleclick.net	www.googletagservices.com securepubads.g.doubleclick.net www.123greetings.com
15	s.gk.123greetings.com	c.123g.us s.gk.123greetings.com
14	avm.avantisvideo.com	cdn1.avantisvideo.com cdn.avantisvideo.com
12	track1.aniview.com	player.aniview.com
11	player.aniview.com	cdn.avantisvideo.com player.aniview.com
11	events1.avantisvideo.com	www.123greetings.com
10	cdn.ampproject.org	securepubads.g.doubleclick.net
10	www.googletagservices.com	c.123g.us googleads.g.doubleclick.net securepubads.g.doubleclick.net 30098436617e6bdbda20c622bf945430.safeframe.googlesyndication.com
9	cm.g.doubleclick.net	3 redirects googleads.g.doubleclick.net r.casalemedia.com
9	csm.eu.criteo.net	ads.eu.criteo.com
9	www.google.com	2 redirects www.123greetings.com 30098436617e6bdbda20c622bf945430.safeframe.googlesyndication.com tpc.googlesyndication.com
8	ib.adnxs.com	player.aniview.com acdn.adnxs.com
8	cdn.avantisvideo.com	securepubads.g.doubleclick.net cdn.avantisvideo.com
7	dsum-sec.casalemedia.com	2 redirects r.casalemedia.com
7	onetag-sys.com	1 redirects googleads.g.doubleclick.net player.aniview.com
7	googleads.g.doubleclick.net	pagead2.googlesyndication.com googleads.g.doubleclick.net
6	prebid-server.rubiconproject.com	player.aniview.com
6	c2shb.pubgw.yahoo.com	player.aniview.com
5	cat.nl.eu.criteo.com	ads.eu.criteo.com
5	ads.eu.criteo.com	30098436617e6bdbda20c622bf945430.safeframe.googlesyndication.com googleads.g.doubleclick.net
5	30098436617e6bdbda20c622bf945430.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
4	s.amazon-adsystem.com	2 redirects r.casalemedia.com
4	sync.aniview.com	player.aniview.com
4	ups.analytics.yahoo.com	2 redirects player.aniview.com r.casalemedia.com
4	static.avantisvideo.com	cdn.avantisvideo.com
4	rtb.fr.eu.criteo.com	www.123greetings.com googleads.g.doubleclick.net
4	fonts.googleapis.com	pagead2.googlesyndication.com googleads.g.doubleclick.net cdnjs.cloudflare.com
3	px.owneriq.net	2 redirects r.casalemedia.com
3	ads.pubmatic.com	player.aniview.com
3	match.adsrvr.org	googleads.g.doubleclick.net r.casalemedia.com
3	secure-gl.imrworldwide.com	ads.eu.criteo.com
3	www.gstatic.com	googleads.g.doubleclick.net
3	adservice.google.com	securepubads.g.doubleclick.net pagead2.googlesyndication.com
3	adservice.google.de	securepubads.g.doubleclick.net pagead2.googlesyndication.com
3	trkn.us	1 redirects www.123greetings.com
2	cdn.indexww.com	r.casalemedia.com
2	r.casalemedia.com	js-sec.indexww.com
2	ssum-sec.casalemedia.com	2 redirects
2	js-sec.indexww.com	player.aniview.com
2	acdn.adnxs.com	player.aniview.com
2	eus.rubiconproject.com	player.aniview.com eus.rubiconproject.com
2	htlb.casalemedia.com	player.aniview.com
2	p4dt2-ha1hf.ads.tremorhub.com	player.aniview.com
2	hbopenbid.pubmatic.com	player.aniview.com
2	web.ssp.yahoo.com	player.aniview.com
2	secure.adnxs.com	2 redirects
2	go1.aniview.com	player.aniview.com
2	c1.adform.net	2 redirects
2	d5p.de17a.com	2 redirects
2	fonts.gstatic.com	fonts.googleapis.com
2	cdnjs.cloudflare.com	ads.eu.criteo.com
2	cdn1.avantisvideo.com	cdn.avantisvideo.com
2	www.facebook.com	1 redirects connect.facebook.net
2	partner.googleadservices.com	pagead2.googlesyndication.com
2	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
2	connect.facebook.net	www.123greetings.com connect.facebook.net
2	www.googletagmanager.com	www.123greetings.com
2	i.ytimg.com	www.123greetings.com
1	dmp.brand-display.com	1 redirects
1	p.rfihub.com	1 redirects
1	dsum.casalemedia.com	r.casalemedia.com
1	casale-match.dotomi.com	1 redirects
1	rtb.adentifi.com	r.casalemedia.com
1	pixel.quantserve.com	1 redirects
1	match.prod.bidr.io	r.casalemedia.com
1	token.rubiconproject.com	eus.rubiconproject.com
1	image6.pubmatic.com	ads.pubmatic.com
1	bh.contextweb.com	1 redirects
1	u.openx.net	player.aniview.com
1	csync.loopme.me	1 redirects
1	sync.1rx.io	1 redirects
1	sync.technoratimedia.com	player.aniview.com
1	ap.lijit.com	player.aniview.com
1	play.aniview.com	cdn.avantisvideo.com
1	s0.2mdn.net	googleads.g.doubleclick.net
1	ipds.adrta.com	ads.eu.criteo.com
1	adrta.com	1 redirects
1	rtb.nl.eu.criteo.com	www.123greetings.com
1	stats.g.doubleclick.net	www.google-analytics.com
1	region1.google-analytics.com	www.googletagmanager.com
1	www.123greetings.com
0	google2waycm.netmng.com Failed	googleads.g.doubleclick.net
453	88

This site contains links to these domains. Also see Links.

Domain
studio.123greetings.com
itunes.apple.com
play.google.com
nl.123greetings.com
www.addthis.com
info.123greetings.com
blog.123greetings.com
widgets.123greetings.com
help.123greetings.com

Subject Issuer	Validity	Valid
*.123greetings.com Go Daddy Secure Certificate Authority - G2	`2022-03-01` - `2023-04-02`	a year	crt.sh
*.123g.us Go Daddy Secure Certificate Authority - G2	`2022-08-13` - `2023-08-11`	a year	crt.sh
edgestatic.com GTS CA 1C3	`2022-08-22` - `2022-11-14`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-08-22` - `2022-11-14`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-08-22` - `2022-11-14`	3 months	crt.sh
gk.123greetings.com R3	`2022-07-19` - `2022-10-17`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2022-06-21` - `2022-09-19`	3 months	crt.sh
trkn.us Go Daddy Secure Certificate Authority - G2	`2022-01-19` - `2023-02-20`	a year	crt.sh
*.google.de GTS CA 1C3	`2022-08-22` - `2022-11-14`	3 months	crt.sh
*.google.com GTS CA 1C3	`2022-08-22` - `2022-11-14`	3 months	crt.sh
*.googleadservices.com GTS CA 1C3	`2022-08-22` - `2022-11-14`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2022-08-22` - `2022-11-14`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2022-08-22` - `2022-11-14`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2022-08-22` - `2022-11-14`	3 months	crt.sh
misc-sni.google.com GTS CA 1C3	`2022-08-22` - `2022-11-14`	3 months	crt.sh
*.avantisvideo.com Amazon	`2021-11-24` - `2022-12-22`	a year	crt.sh
www.google.com GTS CA 1C3	`2022-08-22` - `2022-11-14`	3 months	crt.sh
*.fr.eu.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-07-22` - `2022-10-19`	3 months	crt.sh
*.eu.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-08-03` - `2022-11-05`	3 months	crt.sh
*.nl.eu.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-08-02` - `2022-11-01`	3 months	crt.sh
*.criteo.net DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-09-01` - `2022-11-30`	3 months	crt.sh
*.imrworldwide.com DigiCert TLS RSA SHA256 2020 CA1	`2022-01-04` - `2023-02-03`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-08-03` - `2023-08-02`	a year	crt.sh
*.eu.criteo.net DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-08-21` - `2022-11-23`	3 months	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2022-03-31` - `2023-05-02`	a year	crt.sh
*.doubleclick.net GTS CA 1C3	`2022-08-22` - `2022-11-14`	3 months	crt.sh
*.aniview.com DigiCert SHA2 Secure Server CA	`2021-12-30` - `2023-01-03`	a year	crt.sh
*.lijit.com Go Daddy Secure Certificate Authority - G2	`2022-06-27` - `2023-06-05`	a year	crt.sh
ups.analytics.yahoo.com DigiCert SHA2 High Assurance Server CA	`2022-08-24` - `2023-02-15`	6 months	crt.sh
*.technoratimedia.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2021-09-17` - `2022-10-05`	a year	crt.sh
*.pubmatic.com DigiCert SHA2 Secure Server CA	`2022-02-04` - `2023-02-03`	a year	crt.sh
*.openx.net GeoTrust RSA CA 2018	`2022-07-21` - `2023-08-21`	a year	crt.sh
*.onetag-sys.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-01-10` - `2023-01-03`	a year	crt.sh
web.ssp.yahoo.com DigiCert SHA2 High Assurance Server CA	`2022-08-02` - `2023-01-25`	6 months	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2022-02-11` - `2023-03-14`	a year	crt.sh
*.rubiconproject.com DigiCert TLS RSA SHA256 2020 CA1	`2022-03-08` - `2023-04-04`	a year	crt.sh
*.tremorhub.com Amazon	`2022-03-24` - `2023-04-22`	a year	crt.sh
cdn.adnxs.com GeoTrust TLS RSA CA G1	`2022-03-11` - `2023-04-11`	a year	crt.sh
san.casalemedia.com GeoTrust RSA CA 2018	`2021-12-12` - `2022-12-13`	a year	crt.sh
*.match.prod.bidr.io Amazon	`2022-01-27` - `2023-02-25`	a year	crt.sh
adentifi.com Amazon	`2022-08-05` - `2023-09-03`	a year	crt.sh

This page contains 54 frames:

Primary Page: https://www.123greetings.com/events/harvest_moon_festival/?utm_source=esep_harvestmoonfest_remail
Frame ID: A43EF58F7D4A0FDD69532145FD734CD2
Requests: 146 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20220907/r20190131/zrt_lookup.html
Frame ID: 24710B3D0750E7E5EED424F6F09F7F93
Requests: 1 HTTP requests in this frame

Frame: https://30098436617e6bdbda20c622bf945430.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: D8EA4ABE1C67305E4CAA2469CDE7B432
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8275302107693664&output=html&adk=1812271804&adf=3025194257&lmt=1662977804&plat=1%3A16777216%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fwww.123greetings.com%2Fevents%2Fharvest_moon_festival%2F%3Futm_source%3Desep_harvestmoonfest_remail&ea=0&pra=5&wgl=1&easpi=1&easai=1&asntp=0&asntpv=0&asntpl=0&asntpm=0&asntpc=300&asna=5&asnd=5&asnp=5&asns=5&asmat=-1&asptt=-1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1662977804633&bpp=3&bdt=645&idt=223&shv=r20220907&mjsv=m202209060101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=5612363782282&frm=20&pv=2&ga_vid=1919503609.1662977805&ga_sid=1662977805&ga_hid=1106018444&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C42531706%2C44772488&oid=2&pvsid=1375290979530990&tmod=1849732783&uas=0&nvt=1&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=235
Frame ID: 36307A033CD4E89B93B5DD06CB88BF1E
Requests: 1 HTTP requests in this frame

Frame: blob://https://www.123greetings.com/82240a67-05a9-430e-b789-be47f9f392d7
Frame ID: A95A36C0C30650E29E33B11A4EF56158
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20220907/r20110914/zrt_lookup.html?fsb=1
Frame ID: 6FD901A63243723E2BD41451625BCFC0
Requests: 5 HTTP requests in this frame

Frame: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
Frame ID: C39A8262371B6DF11C31CC60DEE0E4E0
Requests: 8 HTTP requests in this frame

Frame: https://www.facebook.com/login/?next=https%3A%2F%2Fwww.facebook.com%2Fplugins%2Fpage.php%3Fadapt_container_width%3Dtrue%26app_id%3D6268317308%26channel%3Dhttps%253A%252F%252Fstaticxx.facebook.com%252Fx%252Fconnect%252Fxd_arbiter%252F%253Fversion%253D46%2523cb%253Df3e9a8afafb1e1c%2526domain%253Dwww.123greetings.com%2526is_canvas%253Dfalse%2526origin%253Dhttps%25253A%25252F%25252Fwww.123greetings.com%25252Ff36a5ce7310767%2526relation%253Dparent.parent%26container_width%3D320%26height%3D287%26hide_cover%3Dfalse%26href%3Dhttps%253A%252F%252Fwww.facebook.com%252F123GreetingsCom%26locale%3Den_US%26sdk%3Djoey%26show_facepile%3Dtrue%26show_posts%3Dtrue%26small_header%3Dtrue%26width%3D320
Frame ID: D26A4B698886B0FC2177D10D433416D0
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/JI0Pcydj_YJwFyiv8pAtPmsHnnPx6gDBxLt0n0XpIm8.js
Frame ID: E157361056B5C53EA48CD4BB8A75C2DD
Requests: 1 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssWy-J-VBjgIr-za6ZCwbaq4z2olpUMl8FJFZphZgo_Orn69ffu_ZNxQiiQNCyp-wAb9_1PzpBAneJoI79zrFyAF1D4z1soT_5psQxHkosrukE27SSACX7-Bz-Q1o7olBsevu6XeZYkUUqWtqsbV3RATn0PqxLPCaHi7kx0smvAqQ3o29iPHl5mO4T58NpKw9-zSaBHy0Vn-oCnj86ORNZ_lwZzbkjfOo2suk8oSxJLhLPrfGg-w9TWTNGA7FUn92sxwu1zMRei4BcHAu4qzv-JPO8wXwjsHkGwqYh3zDYe62p1FEBwrV1Y-CuMhhoFU10J_0sHzdQb8J0GDoGNfJkYbUmEzwg&sai=AMfl-YRm9HRV4fWxcQGB7i8hivBIqy7STqNdnKEIFoPV2UrCwFIJoEKcwDPFpHwqUvsL3EhSvVJN9j-k5tnZ_tew8vsOTGz596LGSMq5cTMSAJCEUH-beSa9bxiUHExhBTc4oA&sig=Cg0ArKJSzG7zSHHbRrHOEAE&uach_m=[UACH]&urlfix=1&adurl=
Frame ID: F3D0CB9E1921DC4FDE78820FB3DB0BE5
Requests: 13 HTTP requests in this frame

Frame: https://30098436617e6bdbda20c622bf945430.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: FF14814D2A4DAD8D84FBDF775EB5A175
Requests: 10 HTTP requests in this frame

Frame: https://30098436617e6bdbda20c622bf945430.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 3820E6E810B903E40C5DCA66B5D25084
Requests: 10 HTTP requests in this frame

Frame: https://30098436617e6bdbda20c622bf945430.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 767030EB1FE2977FEFD990AC92A3E602
Requests: 9 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012208121708000/amp4ads-v0.mjs
Frame ID: FD764A5A30665EC90319CE6A19A37D99
Requests: 15 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012208121708000/amp4ads-v0.mjs
Frame ID: CDDDC6FFCECE0C9D21690B8F5AB65213
Requests: 14 HTTP requests in this frame

Frame: https://30098436617e6bdbda20c622bf945430.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: DB9C50B887713790479E57A825176E11
Requests: 9 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuYII3aDe4i5SOxE0oWzOLuhgGpctyKJRebT7tPSCW-NXsnkdf9qWylEVOjr_Bqa9ljzlKPoBOVIL0EQZs_9OAgmPJzsxnrtrbyixvA_ucHXQ2CUh1DNB3DJVYBu9Kx6flyoXlUwbBwMRfuChqe4adykQ56IINVFVAuMG5PF9B_btG80aMLS5bzvLka_QAsPF4hupPsDoY0qojufsit_VdPe5L0a15ekdhCSIezxgNDGe5hxZJSEWdcZTPXJ4dS-o7A-_tOFVR9ORNWXQ2awvvGIlys5hKy1mzK0UwXGPH83rJgF12cKxIzyymGvnmEGJXS6NrM19YhHwxZnA4Uq_UKn2YVNz08h8-m&sai=AMfl-YQ6PQJ1ViK4o9j3C3L06PLOQy_T197TOPwTSr-dFwWjeYmZxDBRQk-prt3snJf9VsNz3WYF6LIazY3lzhxQVA6nrQ2k__zE971iAoSeywPkfrCLTkDVA9oE9OBLlrUXqA&sig=Cg0ArKJSzFw6YtT-arbTEAE&uach_m=[UACH]&urlfix=1&adurl=
Frame ID: C44BD27021D08DFCFFF931DEA99C687E
Requests: 14 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssCfunkdwdKo-Aid3Pj6-Rfwl915KMrUwsgcZmYtL8IPAOhCK6lFwI3GINC8z1qX9eJd_SMLkyfU3sW81PVqE89J-PP4RY9BWtpVQOmUFXxOe3cTwijtio6YEraq_hIh0uXu0neUoil_G7L7KrehrV6nixXVrtIatLVteoQx4PUp4ZYsJjdTjJOCi7h7uESMq53Z7Bk5DcqdDakwsvEpkE-vzJRSphz09rMbqbbWaMsaEV-007t7WcF5-_TjeX9ksAQlt8eQvmU_XJvTjDOcOdVUemyhPrxl0e8TMiDNfkTn5JhaD2hhg750nSXK3Ra0ZYfJpPlnRHTNrUBr0R2hAtVK0EKIySdtvaOuVC7RYgHX1km&sai=AMfl-YSN6BDvWmx1slWS-IvkcdkaytD4qC0n-hg78aWe0oL3GEx80rn-smz0fzizKe4y_2kFWsFIxViy9jfjl2EG7Xwkzx-5OoN2974UPvwIOOFWGdkHtV35HMIN_8l1lHWg0A&sig=Cg0ArKJSzCNzjuu8gkzjEAE&uach_m=[UACH]&urlfix=1&adurl=
Frame ID: FCB10DF145868C944AF137C34CAC7143
Requests: 16 HTTP requests in this frame

Frame: https://ads.eu.criteo.com/delivery/r/afr.php?z=Yx8HDAAOj_QKiwDMAAyQqfykzAzSadRIQ5QSDA&u=%7CSx%2BgiojftOy7KF9Tg1XuTSNRp0OGUteOoUbrH6%2Fo7SQ%3D%7C&c1=0n2XosTo5ckbeNFvq0zVIcsyhyT3WKD0PIixkNz--ZUG2JILUkurhaVHQ6RkVc1uRRN7U2tIy92afbib4fbn5EybKaRfoUCp6pZXFQMmnMggJeikCgjA3FfnNvswZvCPAKUQL7PvDAhICrPfe_zMulQs0SmRR-35qopft_4wp-aMN6amB84tVbmu-lRMd-jg6LvDpoS5n6wuNuilDfUyUr4Bf0-hNCkyO-CPV5yMDi8_Rn9YKAAOB6HFE35UCuNFuMltzFspCHK04KzC0zjz0SqVgGyfEEpV4EpsFGScJNG_GEP40lxQDN12HTSvVeuuTMcCkSlxYG57uG2XklHZ78pRMYYgUiMolza1R8wwSE2UewPsv7zrDF1jnRjD2vbsOnlw2xI_bkSJ8zERLsl9NUOdDtwlfT07x-vHyP7g3I5hFll_JwgHs2NlJzH4xmHkNjaij9_mWAG-r_Nb7RhTB-M7WUDy6mM8oP_uY4gW5bHLL1fpC9-X4JfwOaUzy3MNubZd9da_aOWNpl43AQvIy-tKt6LANLXFgqpH-xZTuDilq1DmVVyidOOuptzAh3UjnfRALRzGJZIXUtc6o9pN5nFLO-rA4xTsEDzDpeLndI1exM91IAGc044KfRS9b0gDI30iDsQvlWY&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCj3icDAcfY_SfOsyBrASpobJoyZ7SsVzVnZH3cMCNtwEQASAAYJXCpoKwB4IBF2NhLXB1Yi00NjI3NTE3NjgwMjQ5NjcwoAHVttLqA8gBCakChr7End3YsD7gAgCoAwGqBJECT9CXigtrG9VDXM7pYZNE8k-vPVob_XAyPUXL55Z1RPkb64gBvGSAEZD2CsXRzFaEhbgihuFLDS4gyKgvRkhpddTSX8Av20im2aLh5-U71_x1IUZulchGsWKZ4xrJGk_449nLTz2B7ujhb6_YsZPm6Ke7ldyHL45L2bUFHpulmYIBQCoofITKalt-91dhRGupqHQmCRm6y3BNMDCteNmZX5BuGYLSaKDvJFRGQ9J3sOFnN6UJz8cjcsev4hDZOyMNyByiuCFQISU8D0YXEGzbNtU6yHAS0pGXKjxXn9bmgsDHbUg_1WFoY0bc9t9CdKcuaQ0GQeT7mWr2A1gQVhizZBj78m27ru3SQPF_uZMxbDLR4AQBgAbHzc-Y357tqfkBoAYhqAeKmLECqAemvhuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHANIIEAiI4YAQEAEyA6qCAToCgED6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_2ZxoQzaRiL1V7DPvlooP0tznLqUw%26client%3Dca-pub-4627517680249670%26adurl%3D
Frame ID: 9088B25868E28928EC9C87F499957F22
Requests: 13 HTTP requests in this frame

Frame: https://ads.eu.criteo.com/delivery/r/afr.php?z=Yx8HDAAOkOIKiwDMAAyQqQYq-xbDL4oT9hr3Fw&u=%7CSx%2BgiojftOybcfzvsyTLmbQH0u1vEc0j0Bonk1PWGnQ%3D%7C&c1=0n2XosTo5ckbeNFvq0zVIcsyhyT3WKD0PIixkNz--ZUG2JILUkurhaVHQ6RkVc1uRRN7U2tIy92afbib4fbn5EybKaRfoUCp6pZXFQMmnMg_Cbd3OzeSIDKu6FdF_eX4RhcTmLp4SqPOKYa8Iv9-mqQ30q2VoZGUt4-lh2RFUtAF73y44CyHJLEpglgx9FB5NseqDH22hN61Ifraz12Ag0QG1ew1za06pYznl_UbF412P6NljCkMA963U2BvajveXG6bs-eXxCYLRSB9SArAMl5omNVWKgmADmEiDd_4yFUDe98agPBluCXFhhpu8tPGMLGs5FlLiAP_kpJI1U-EjGNzG34idfTL7cqcwXK2ilVYzxKE6zCEy0T43y0zwXzkONFPfbg4tyvwVbBmUoESXf0jK3qwNEJFqrPnzFreC2uUdciUhP5UMmW0gmSktj2eYCB4T9MfrIHUg1GGEM8FJVSJO7rUPpOZdVmnQV8BQq4eLnqb4QiG_qaqiCzuPHoqPiFSLIU8RqWrxvsFLjFGyuMeBmTCEIRWx8Q9Bo5z-XRQBERl1KDVDgOL70zLdJQjOVcwooG1vsjBEwzm_zVAyJ5xAQ14ZjYaN8CkIzO7KzXNt2uiJLzWFNNpTkGWsATZkWFi9XCVv9SMlvtLJKS6CQ&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCXRstDAcfY-KhOsyBrASpobJoyZ7SsVzVnZH3cMCNtwEQASAAYJXCpoKwB4IBF2NhLXB1Yi00NjI3NTE3NjgwMjQ5NjcwoAHVttLqA8gBCakChr7End3YsD7gAgCoAwGqBJcCT9AkqkUwPGrSXVC_-d_YoP_ola8sl4xuDPm5YbX7F9pPk1S5vCISFrjc8eX2h13YsTfGoTllcpafaRwdizJq0UQhuHz8rf4jCAf5z4hfTYLZLaDOnG-axvZ2IP041522xybXzkFrxlqQ94qOXxunGmmT0R-ja8lMflcPoNos_S4LRugkMiU0ZRsMwY7ftZub9GfLvUz3yw8Cvn7ScLd3RuHwJ57Zfef-W-NwL5285KZm91f-f30EeZdsXetBGyia5ETbOdD1wxfl0aG8L6rYWJbN0YkqDOZbf1hoJNCzMwKT-pbznouNgS5VfpktTuuTdb4mCLVdMQP8cSig4n3vrw8XWnxD58oc0lp5gSG4TS032r035prG4AQBgAbcioG9gIPG97YBoAYhqAeKmLECqAemvhuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHANIIEAiI4YAQEAEyA6qCAToCgED6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_2nIzpm7S9Ih1qGuJVJQCKX_5f-3A%26client%3Dca-pub-4627517680249670%26adurl%3D
Frame ID: C6A299E5AAA5E0C94A3BBCD8BB5E6463
Requests: 35 HTTP requests in this frame

Frame: https://ads.eu.criteo.com/delivery/r/afr.php?z=Yx8HDAAOkc4KiwDMAAyQqWfC3AofKbrxu_dGIg&u=%7CSx%2BgiojftOz0dl%2BLgmCAK0YZUK4uuFQWXIszVF9teuU%3D%7C&c1=0n2XosTo5ckbeNFvq0zVIcsyhyT3WKD0PIixkNz--ZUG2JILUkurhaVHQ6RkVc1uRRN7U2tIy92afbib4fbn5EybKaRfoUCp6pZXFQMmnMggJeikCgjA3AdT3TeTKF_pR7oMYIxtKfD77HV6uJnsU2yEZgWNsqZ6JhJT0ww5h5Q1_uimLgFOYPvo5GArOVvGFbyLSDo-PCK0aaUodR5V3iKHk_ReJ9xOoQrcM99yY9DBSn6pAdAySuiCjqfswdcFKQmTx3eKY5XMYZLP0p3xZ2uALerh3kcClUyovUNV69r7djf7FOjJqs6byZtL2AHZol-qfhnFEulfCgp9CmnaBq_jWMf6ueYqn6Sv11GqPJoZtiA7_iX8GnwZL1FlLL1MOMMc9mDM734f79Ai-YUL8l3WfSQvQOZMTGb3WhBRy09SRYB63eHWsLorQ5ncJRk2HCdW85kA5JmtFROeqUhwEZKOa3RVLIscL129fe_dnhxRNjczcDN86RkG6fDY4EBZ0amQtJvta4ZD4bWnwl3WD1a42Movv6LPd2qrgt-5a5BN8jQErIAbu8cT3zKjrHgPHDkTAL0R7zHPpH9TjPiEiS8GZAVvuhNvMnz-UrV_u0Eul9skZKjQBYcAQgK9bGLZ3GgEiNfa2N_zJ7YOvKdSZw&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC_isbDAcfY86jOsyBrASpobJoyZ7SsVzVnZH3cMCNtwEQASAAYJXCpoKwB4IBF2NhLXB1Yi00NjI3NTE3NjgwMjQ5NjcwoAHVttLqA8gBCakChr7End3YsD7gAgCoAwGqBJsCT9A5kQaYQ60hCBFscY238fQ6GMmDtDfWa7IIdaSYpu_0DbroXzv7JnJLVPmnKmzcSkQ9N5WG9HUswvPdtKq5cwGUQC2IV9tANh0vTGWtk-bt0X5asrjkb0C2Wl5ZQjZ02O9hW1h_6Qn5So41j5AMHPiL0R_djG6KTtTZ_NS8_uUIK_kgGLhBxBsTogfrwPNprWSsQ0U_VEA1Fjo7NIrmr5SFRdKdOVHPBfB5lX1F8ZYHPJLP-z7H0p-fdo0mqSdIN6DA1fzSVb1A33yS5UgK3iUPeL6wxcI5uEN-7S7rOEeRelFpw0F8Jq6OzM8Kjk6Cmo9_QPS6mUJqI9IuXXYb-w6m8HHie2pDLfJySoip6mNmJNA1snhos726euAEAYAGx83PmN-e7an5AaAGIagHipixAqgHpr4bqAeW2BuoB6qbsQKoB_-esQKoB9-fsQLYBwDSCBAIiOGAEBABMgOqggE6AoBA-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_3Uo9SS1oe_deq6ZTj64ELXuWkuyw%26client%3Dca-pub-4627517680249670%26adurl%3D
Frame ID: B9D6033FC4B2ECFB2A2A49FD0C8C8B2A
Requests: 13 HTTP requests in this frame

Frame: https://ads.eu.criteo.com/delivery/r/afr.php?z=Yx8HDAAOk6sKiwDMAAyQqd0t-ph48dRC5m9wtQ&u=%7CSx%2BgiojftOxMEYIr0oAKepA0G%2FWon%2FgM8vWIqbVarO4%3D%7C&c1=0n2XosTo5ckbeNFvq0zVIcsyhyT3WKD0PIixkNz--ZUG2JILUkurhaVHQ6RkVc1uRRN7U2tIy92afbib4fbn5EybKaRfoUCpWgROSpkK00uYfvevcoC6ZEiQLRqu-ImYCZFLEuf3c7eE0IdMDPbSnbzw7sN1RGoG7DGGZUXMPkvZZSxPZOLD2NQIqqbVomQoDtAKJo2aJb_crgBOIe7CzbKaCTz71sdYH3CaP6q955N2Uv8ORWVoUweaY6UON3vQesUf4e43348tnqRSU2R_dkOxo9MLggRsnOHgVxUfnHEaLw3MXaIBxVoI6n701oQ7IE098u2bcNSdBoUqN_are9VrBTChmnZGj82OaUjv5RLsVB9MXwMUzE02a6M8Vzn3VM9YudYknCjG8sJfhwDGSGVmjBHRMGzKWHN9jawE5FsXPBplAz95AFLW5Xep9hOV-zs3oZN2t66g8VKRh8COXYaR1wWlISbOgaa9IfHPMnLryLSITziY_0X3fQv0NzjYhjco9C10TGm62NfPutErFeWKagaXIalyN3P6O9f7i3oRSSKCwgWtX7pusd8tMaFaY9_AsmzMhrecBFLgXQD9NPvDUQy9RuOFFkZlSSu_EiRH096Z4vpDsDsDRo1G79sHxgJ54bN5Oiz8wR7LugPYmQ&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCpEm2DAcfY6unOsyBrASpobJoyZ7SsVzVnZH3cMCNtwEQASAAYJXCpoKwB4IBF2NhLXB1Yi00NjI3NTE3NjgwMjQ5NjcwoAHVttLqA8gBCakChr7End3YsD7gAgCoAwGqBJcCT9DL5ZWu8tGzJR7bcp_Brf_yUjhXhWwpR1XeUDkon7CuxCxl7FraFZRZ9qxr4G4CSgvS9gNgZKHnp35VhBOu3S0HQJ1ikkritMINSJT9dyRdp6y3dD2jErrcQxpjk0dfCrJjzQRE3m1bETu__4PLq_aqzBa3rOMc64Tn6WQtKt4ZnbDIXnvaHUgdzuh2pTCMicNTMZhdTmyipblOaTa6aZs9_pvI4GBFSFGtO5shsBDt8_ebNwEqXy9XsdtkR1NhXHuA-rOoEi0j8Lk0J1ORBp9o1dRIHZCp8jCrOg_TfI0706HIq7w7psIPMiwdQxIyenlSw5mbyda-HEx3Bxt9tUf4YO2TKPPU721qPwlCNi88_D165-On4AQBgAbHzc-Y357tqfkBoAYhqAeKmLECqAemvhuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHANIIEAiI4YAQEAEyA6qCAToCgED6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_1lzmt_kicg7118J0ju0QdCg4-SVg%26client%3Dca-pub-4627517680249670%26adurl%3D
Frame ID: A2321CA759E51DD3C7D73FC19518EE51
Requests: 22 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: BC952B6DF84A5420AA6D370FA79BC8AF
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 3F4675797238988616119EED35EA48B3
Requests: 2 HTTP requests in this frame

Frame: https://cdn1.avantisvideo.com/connect/u_d.html
Frame ID: 7050A08E149F5BDB167417B9D8925C37
Requests: 2 HTTP requests in this frame

Frame: https://cdn1.avantisvideo.com/connect/u_d.html
Frame ID: 87E89256F66C8412789FCA7DFB9226E8
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4627517680249670&output=html&h=90&slotname=Google_LB_15938Z&adk=4293758812&adf=272530243&pi=t.ma~as.Google_LB_15938Z&w=728&lmt=1662977806&url=https%3A%2F%2Fwww.123greetings.com%2Fevents%2Fharvest_moon_festival%2F%3Futm_source%3Desep_harvestmoonfest_remail&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1662977805815&bpp=12&bdt=138&idt=233&shv=r20220907&mjsv=m202209080101&ptt=5&saldr=sa&cookie=ID%3D73001d4d9d5c0a81-22bad6411ece0001%3AT%3D1662977804%3AS%3DALNI_Ma-X4CJPaoG8EeB_nq2qvBItZ7gdg&correlator=5612363782282&frm=23&ife=4&pv=2&ga_vid=1919503609.1662977805&ga_sid=1662977806&ga_hid=1572201324&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=560&ady=47&biw=1600&bih=1200&isw=728&ish=90&ifk=819492160&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31069448%2C44772928&oid=2&pvsid=3087219198593514&uas=0&nvt=1&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.byvmjqh7brbq&fsb=1&dtd=244
Frame ID: 9D8B435F4C00F43CC1692DFCEDEF4015
Requests: 8 HTTP requests in this frame

Frame: https://ads.eu.criteo.com/delivery/r/afr.php?z=Yx8HDgABigMKmrJCAAwHuXIiFajw-0cGW9xPhw&u=%7CYi8xxJG5YRWx4umBsDCObXkpKBKLunjZwj87TDmxq3o%3D%7C&c1=0n2XosTo5clc2Y5hvSIf5mYMGd9qs4qlgkCe6-ijoCTr6STXf6suZykjhxahJw4fZHU2f9-fyNNYWCv0Xi8RcOvJCV9JRWNMzzQeYl8DLmDeiJJmSLJfsjADRhQLIqZ4u-Xj6lsPk87H57SDDE88ieymZEC3zvWCZMqaS0uI6PVbLH_WdnC166Bqj3JyhnP6qQbKe1oe8Aa-IHHyai-jn7h8KqtxjCxxkmhfKCzqCD_MG2yLVnAkJvrNF8qCSWgHEw1_R0ztNb26Cte9qo76ueIGw78kHT71xlUu_LNse_SA84cH0ENq4Fs-YsSEM9rDFDuG3ql-nqhsIcO7eF21NX47OeuP0NR3TGIA_33442jO5YrA7gOq_4kJyJfy1BBqwxUW9gaPI1S1LnphwQBSRnqch51SivmRjP7psnmlFOZa2iLkvg8N133O--yceH13O3aALDGgTPbj_yyjqOOI9zeMx7Gp2Bz_wg3zQXneJ4OqDVBEpiQ6LNrkMrbZcrdXtOoXfyDjim7GVS5YI5IFtSaH1QtvKO9U5V27d_P3Bj1dCCF_s4_8Y1TS_DTxpMwMdkaomGq91oZbmF3bAQIDOXdxUtM4MEFZBnTpq7jVfLQEfrpJBQqSe6cOn4JKZHSdki865vz5BQlOTimdlfRyfQ&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCyAOBDgcfY4OUBsLk6gS5j7DAD8me0rFc1Z2R93DAjbcBEAEgAGCVwqaCsAeCARdjYS1wdWItNDYyNzUxNzY4MDI0OTY3MKAB1bbS6gPIAQmpAio8rrxJA7E-qAMBqgTcAU_Qw2jMDIfEK3oixeVOQ7pwc1kup3Lj90WVaAVxL2iPw9Yxm_OT5V2Oa5Yhl6kOvky7gKzYExdtKCxIrlsyGxsiJ_SZ3VAgcHr9p_WR7RXCbY6pMga6tnemGr9zKyecKZ8OfilhOJAjMlsLuh76U370Dki5YMNBXXcp7orkEu3w067EK95RjVVvckECN0N2kjgk-O9cmJYUqIx6w4xpmLIxnAJcKXzzIlZl0FnaCPkWF3KPFo7ghnnXyWIjbdCrNz4lQaGnhp4xyLABkRFVXLMrs9MgVEbEMkxkdg-ABvu3n5z5tZDzzQGgBiGoB4qYsQKoB6a-G6gHltgbqAeqm7ECqAf_nrECqAffn7EC2AcA0ggPCIDhgBAQATICqgI6AoBA-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_11OoeHY9DRpTB1RyAf3cZ4fsFoUQ%26client%3Dca-pub-4627517680249670%26adurl%3D
Frame ID: BF58C3B7C55575FC4C45B49F5923DB1A
Requests: 15 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 2FEC377CFD6A5DD9454179BA0770A961
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: A1C904983C9F195B4C2B68AF25B2CFC8
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 6642C1918B7764A667D61A8298908053
Requests: 2 HTTP requests in this frame

Frame: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=5e5bd02728a06124e30d85c3
Frame ID: 82FBC0F55FFCBEF683CA3F2D470798BC
Requests: 5 HTTP requests in this frame

Frame: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=5e5bd02728a06124e30d85c3
Frame ID: 5E394D04D8DCB08DEC488A430D1ED749
Requests: 5 HTTP requests in this frame

Frame: https://sync.aniview.com/cookiesyncendpoint?auid=1662977808015-982903183926-007666-012-007170&biddername=55&key=8436787681495434330
Frame ID: 4BD55245E3425B5D4749F0342E51C910
Requests: 1 HTTP requests in this frame

Frame: https://ap.lijit.com/pixel?us_privacy=1---&gdpr=1&gdpr_consent=&redir=https%3A%2F%2Fsync.aniview.com%2Fcookiesyncendpoint%3Fauid%3D1662977808015-982903183926-007666-012-007170%26biddername%3D18%26key%3D%24UID
Frame ID: 2A0F2FCE28D50D97C03D45348A5BC052
Requests: 1 HTTP requests in this frame

Frame: https://ups.analytics.yahoo.com/ups/58543/occ?gdpr=1&gdpr_consent=
Frame ID: 91557CED1B92E4097A8D794C3239D1E6
Requests: 1 HTTP requests in this frame

Frame: https://sync.technoratimedia.com/services?srv=cs&pid=70&uid=1662977808015-982903183926-007666-012-007170&cb=https%3A%2F%2Fsync.aniview.com%2Fcookiesyncendpoint%3Fauid%3D1662977808015-982903183926-007666-012-007170%26biddername%3D3%26key%3D%5BUSER_ID%5D
Frame ID: 6EEC2642C22EF7E77CE034D7AC71A306
Requests: 1 HTTP requests in this frame

Frame: https://sync.aniview.com/cookiesyncendpoint?auid=1662977808015-982903183926-007666-012-007170&biddername=200&key=OPTOUT
Frame ID: 0F00AD25E9F77D280A95E12A20AC536D
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=160993&gdpr=1&gdpr_consent=&predirect=https%3A%2F%2Fsync.aniview.com%2Fcookiesyncendpoint%3Fauid%3D1662977808015-982903183926-007666-012-007170%26biddername%3D1%26key%3D
Frame ID: D0C454E622AE809D0F6BEA07CEB1F499
Requests: 2 HTTP requests in this frame

Frame: https://sync.aniview.com/cookiesyncendpoint?auid=1662977808015-982903183926-007666-012-007170&biddername=56&pid=59c9148628a0612da3689288&key=bc7ea609-08bf-465b-95cc-8197174fb190
Frame ID: B4297A8A84402DE6399CAF91B299A41D
Requests: 1 HTTP requests in this frame

Frame: https://u.openx.net/w/1.0/cm?id=ec4c2ec9-18b8-454e-98be-3ee1e6bfea65&gdpr=1&gdpr_consent=&r=https%3A%2F%2Fsync.aniview.com%2Fcookiesyncendpoint%3Fauid%3D1662977808015-982903183926-007666-012-007170%26biddername%3D23%26key%3D
Frame ID: 0F49D04358594FD60974F65489D38A5A
Requests: 1 HTTP requests in this frame

Frame: https://sync.aniview.com/cookiesyncendpoint?auid=1662977808015-982903183926-007666-012-007170&biddername=10&pid=59c9148628a0612da3689288&key=F1fkRcR9vyZs&ev=1&us_privacy=${us_privacy}&pid=562704
Frame ID: 5FA146CC58EEE0DBB82209E7BEE5506E
Requests: 1 HTTP requests in this frame

Frame: https://onetag-sys.com/usync/?pubId=57e618150c70d90&gdpr=1&gdpr_consent=&us_privacy=1---
Frame ID: 01512A0268675B45372720C9FAD56B1B
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=161335
Frame ID: 068DF86C26BAEF06D7440BE8EA8AEA96
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html
Frame ID: 782B3107A5954F5AABD1DC58F2F32E5C
Requests: 3 HTTP requests in this frame

Frame: https://onetag-sys.com/usync/?cb=1662977808251
Frame ID: 78D0B8F2317A796D29015416C664C6B8
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: 2DB5C9172161A6B1AB6EE27E7620ED44
Requests: 3 HTTP requests in this frame

Frame: https://js-sec.indexww.com/um/ixmatch.html
Frame ID: 9711439E4C2EEE28263CBFA9D54F1E94
Requests: 1 HTTP requests in this frame

Frame: https://r.casalemedia.com/usermatch?d=https%3A%2F%2Fwww.123greetings.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Frame ID: A09733D7B09EA7FB346FA3ED057F0945
Requests: 10 HTTP requests in this frame

Frame: https://js-sec.indexww.com/um/ixmatch.html
Frame ID: 398EF577D65F7E33DB00D710A8C20A73
Requests: 1 HTTP requests in this frame

Frame: https://onetag-sys.com/usync/?cb=1662977808248
Frame ID: 98BD9B9FC32AEC527C6A17421EC0B2E4
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: E57AD42A53E010A3869538BAC89921BB
Requests: 3 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=161335
Frame ID: 1616E8B3809FBF330CD199630E2A44A2
Requests: 1 HTTP requests in this frame

Frame: https://r.casalemedia.com/usermatch?d=https%3A%2F%2Fwww.123greetings.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Frame ID: 853B7D41538D250A1982ABE0BFD09A39
Requests: 10 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Chinese Moon Festival Cards, Free Chinese Moon Festival Wishes | 123 Greetings

Detected technologies

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

DoubleClick Ad Exchange (AdX) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/pagead/show_ads\.js
tpc\.googlesyndication\.com/safeframe

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

DoubleClick for Publishers (DFP) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googletagservices\.com/tag/js/gpt(?:_mobile)?\.js

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

Prebid (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.com/[^"]*(?:prebid|/pb\.js)

PubMatic (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.pubmatic\.com

Rubicon Project (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.rubiconproject\.com

SWFObject (Miscellaneous) Expand

Overall confidence: 100%
Detected patterns

swfobject.*\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery Migrate (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

Page Statistics

453
Requests

96 %
HTTPS

45 %
IPv6

51
Domains

88
Subdomains

71
IPs

13
Countries

4940 kB
Transfer

11578 kB
Size

39
Cookies

12 Outgoing links

These are links going to different origins than the main page.

URL: https://studio.123greetings.com/
Title: Studio

Search URL Search Domain Scan URL

URL: https://itunes.apple.com/in/app/123greetings/id718873921?mt=8

Search URL Search Domain Scan URL

URL: https://play.google.com/store/apps/details?id=com.g123

Search URL Search Domain Scan URL

URL: https://nl.123greetings.com/
Title: Newsletter

Search URL Search Domain Scan URL

URL: https://nl.123greetings.com/blog/
Title: Editor Bob's Blog

Search URL Search Domain Scan URL

URL: https://www.addthis.com/bookmark.php

Search URL Search Domain Scan URL

URL: https://info.123greetings.com/company/pressroom/
Title: Press Room

Search URL Search Domain Scan URL

URL: https://blog.123greetings.com/
Title: Blog

Search URL Search Domain Scan URL

URL: https://widgets.123greetings.com/
Title: Widgets

Search URL Search Domain Scan URL

URL: https://nl.123greetings.com/tell-a-friend
Title: Recommend Us

Search URL Search Domain Scan URL

URL: https://help.123greetings.com/
Title: Help

Search URL Search Domain Scan URL

URL: https://help.123greetings.com/contact_us.html
Title: Contact Us

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 74

https://trkn.us/info/?sid=1efbd474-f6d6-4c7a-ab0e-0a28232c817d&ord=119011733.42487192&ref=https%3A%2F%2Fwww.123greetings.com%2Fevents%2Fharvest_moon_festival%2F%3Futm_source%3Desep_harvestmoonfest_remail&dvis=visible HTTP 302
https://trkn.us/info/?sid=1efbd474-f6d6-4c7a-ab0e-0a28232c817d&ord=119011733.42487192&ref=https%3A%2F%2Fwww.123greetings.com%2Fevents%2Fharvest_moon_festival%2F%3Futm_source%3Desep_harvestmoonfest_remail&dvis=visible&ip=37.58.58.248&cuidchk=1

Request Chain 100

https://www.facebook.com/v2.4/plugins/page.php?adapt_container_width=true&app_id=6268317308&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3e9a8afafb1e1c%26domain%3Dwww.123greetings.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.123greetings.com%252Ff36a5ce7310767%26relation%3Dparent.parent&container_width=320&height=287&hide_cover=false&href=https%3A%2F%2Fwww.facebook.com%2F123GreetingsCom&locale=en_US&sdk=joey&show_facepile=true&show_posts=true&small_header=true&width=320 HTTP 302
https://www.facebook.com/login/?next=https%3A%2F%2Fwww.facebook.com%2Fplugins%2Fpage.php%3Fadapt_container_width%3Dtrue%26app_id%3D6268317308%26channel%3Dhttps%253A%252F%252Fstaticxx.facebook.com%252Fx%252Fconnect%252Fxd_arbiter%252F%253Fversion%253D46%2523cb%253Df3e9a8afafb1e1c%2526domain%253Dwww.123greetings.com%2526is_canvas%253Dfalse%2526origin%253Dhttps%25253A%25252F%25252Fwww.123greetings.com%25252Ff36a5ce7310767%2526relation%253Dparent.parent%26container_width%3D320%26height%3D287%26hide_cover%3Dfalse%26href%3Dhttps%253A%252F%252Fwww.facebook.com%252F123GreetingsCom%26locale%3Den_US%26sdk%3Djoey%26show_facepile%3Dtrue%26show_posts%3Dtrue%26small_header%3Dtrue%26width%3D320

Request Chain 185

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 192

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 217

https://adrta.com/i?cb=631f070d9052c2dbd0dc47ef9f3aed39&clid=co&paid=co&avid=2052&caid=270245&plid=10992190&publisherId=2892&kv1=300X250&kv2=https://30098436617e6bdbda20c622bf945430.safeframe.googlesyndication.com/&kv3=8eb90a36-c938-4256-ad81-8f98c251821d&kv4=2a00:c98:2030::&kv7=317&kv11=631f070d9052c2dbd0dc47ef9f3aed39&kv12=6855&kv19=&kv27=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/105.0.5195.102%20Safari/537.36&kv24=Windows_Web HTTP 302
https://ipds.adrta.com/i?__x=ILCMOCLPDHIMCG@NOMLFGLOJPOIOGLMJIICGLKGQNLOHLJHECINPPLOGKINLJQKIIMMG@HNLHNLOOEMLIF@IOIFIILLLIOJFOOMINLCHKMJOMLMHMIJHAF@ECG&cb=631f070d9052c2dbd0dc47ef9f3aed39&clid=co&paid=co&avid=2052&caid=270245&plid=10992190&publisherId=2892&kv1=300X250&kv2=https://30098436617e6bdbda20c622bf945430.safeframe.googlesyndication.com/&kv3=8eb90a36-c938-4256-ad81-8f98c251821d&kv4=2a00:c98:2030::&kv7=317&kv11=631f070d9052c2dbd0dc47ef9f3aed39&kv12=6855&kv19=&kv27=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/105.0.5195.102%20Safari/537.36&kv24=Windows_Web

Request Chain 308

https://d5p.de17a.com/cookies/google?google_gid=CAESEPnTD6a7GjebtfzDlsTREOI&google_cver=1&google_push=AehlK4BdEshzVngAIA9Vb_waq3kilytKhQDOFTzUEF4ogcOim-imTFOd2N05GplhapsRKIjfomS3wS7yQZiFjyDtopt7s4KhM6sg HTTP 302
https://d5p.de17a.com/cookies/google;c?google_gid=CAESEPnTD6a7GjebtfzDlsTREOI&google_cver=1&google_push=AehlK4BdEshzVngAIA9Vb_waq3kilytKhQDOFTzUEF4ogcOim-imTFOd2N05GplhapsRKIjfomS3wS7yQZiFjyDtopt7s4KhM6sg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=AehlK4BdEshzVngAIA9Vb_waq3kilytKhQDOFTzUEF4ogcOim-imTFOd2N05GplhapsRKIjfomS3wS7yQZiFjyDtopt7s4KhM6sg

Request Chain 309

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEKIAjcU-cmdHjChZJ800ioc&google_cver=1&google_push=AehlK4B9fu8hkg2LdVttYdCLCHLuVsUk-eF6a3ISMgfEX4bdOu40DeFV_RU-pxEKHthp3h04MiRryMsyHjLPPzZdKLzeOmVCYVuD HTTP 302
https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESEKIAjcU-cmdHjChZJ800ioc&google_cver=1&google_push=AehlK4B9fu8hkg2LdVttYdCLCHLuVsUk-eF6a3ISMgfEX4bdOu40DeFV_RU-pxEKHthp3h04MiRryMsyHjLPPzZdKLzeOmVCYVuD HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=NjE0ODg0OTA5Nzg3NjY0OTAzOQ&google_push=AehlK4B9fu8hkg2LdVttYdCLCHLuVsUk-eF6a3ISMgfEX4bdOu40DeFV_RU-pxEKHthp3h04MiRryMsyHjLPPzZdKLzeOmVCYVuD

Request Chain 310

https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEADGLJul88TiBpnFhCwtiAQ&google_cver=1&google_push=AehlK4AfjFmwKbU9RrmsaD0cVcxG8NRU0wbahGwkbiiIYrsNvX-k5NBqG5K_ABo08JbKPNs8GWb-m0z9hmM02OOt6dwpNLzacA87 HTTP 302
https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEADGLJul88TiBpnFhCwtiAQ&google_cver=1&google_push=AehlK4AfjFmwKbU9RrmsaD0cVcxG8NRU0wbahGwkbiiIYrsNvX-k5NBqG5K_ABo08JbKPNs8GWb-m0z9hmM02OOt6dwpNLzacA87&verify=true HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS13S01YX3BGRTJ1RnJJQko4ZkhDd0ZVcmNwdmREWlIxcX5B&google_push=AehlK4AfjFmwKbU9RrmsaD0cVcxG8NRU0wbahGwkbiiIYrsNvX-k5NBqG5K_ABo08JbKPNs8GWb-m0z9hmM02OOt6dwpNLzacA87

Request Chain 312

https://onetag-sys.com/match/?int_id=106&redir=1&google_gid=CAESEJNn1gvWtzKJFI2VpqUElZ4&google_cver=1&google_push=AehlK4Ap34GJZxMV16bdwnvVlZ5RaphUShNi6GDjEKH1b9iT_1WfMnci043i1f5l5lz7nfo3DeveAXpQLxbAuFOQGXeRsIA8UsB4bQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AehlK4Ap34GJZxMV16bdwnvVlZ5RaphUShNi6GDjEKH1b9iT_1WfMnci043i1f5l5lz7nfo3DeveAXpQLxbAuFOQGXeRsIA8UsB4bQ HTTP 302
https://onetag-sys.com/match/?int_id=19&google_error=5

Request Chain 375

https://secure.adnxs.com/getuid?https%3A%2F%2Fsync.aniview.com%2Fcookiesyncendpoint%3Fauid%3D1662977808015-982903183926-007666-012-007170%26biddername%3D55%26key%3D%24UID HTTP 307
https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fsync.aniview.com%252Fcookiesyncendpoint%253Fauid%253D1662977808015-982903183926-007666-012-007170%2526biddername%253D55%2526key%253D%2524UID HTTP 302
https://sync.aniview.com/cookiesyncendpoint?auid=1662977808015-982903183926-007666-012-007170&biddername=55&key=8436787681495434330

Request Chain 379

https://sync.1rx.io/usersync2/rmpssp?sub=aniview&gdpr=1&gdpr_pd=0&gdpr_consent=&redir=https%3A%2F%2Fsync.aniview.com%2Fcookiesyncendpoint%3Fauid%3D1662977808015-982903183926-007666-012-007170%26biddername%3D200%26key%3D%5BRX_UUID%5D HTTP 302
https://sync.aniview.com/cookiesyncendpoint?auid=1662977808015-982903183926-007666-012-007170&biddername=200&key=OPTOUT

Request Chain 381

https://csync.loopme.me/?redirect=https%3A%2F%2Fsync.aniview.com%2Fcookiesyncendpoint%3Fauid%3D1662977808015-982903183926-007666-012-007170%26biddername%3D56%26pid%3D59c9148628a0612da3689288%26key%3D%7Bdevice_id%7D HTTP 307
https://sync.aniview.com/cookiesyncendpoint?auid=1662977808015-982903183926-007666-012-007170&biddername=56&pid=59c9148628a0612da3689288&key=bc7ea609-08bf-465b-95cc-8197174fb190

Request Chain 383

https://bh.contextweb.com/bh/rtset?pid=562704&ev=1&us_privacy=${us_privacy}&rurl=https%3A%2F%2Fsync.aniview.com%2Fcookiesyncendpoint%3Fauid%3D1662977808015-982903183926-007666-012-007170%26biddername%3D10%26pid%3D59c9148628a0612da3689288%26key%3D%25%25VGUID%25%25 HTTP 302
https://sync.aniview.com/cookiesyncendpoint?auid=1662977808015-982903183926-007666-012-007170&biddername=10&pid=59c9148628a0612da3689288&key=F1fkRcR9vyZs&ev=1&us_privacy=${us_privacy}&pid=562704

Request Chain 435

https://ssum-sec.casalemedia.com/usermatch?d=https%3A%2F%2Fwww.123greetings.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F HTTP 302
https://r.casalemedia.com/usermatch?d=https%3A%2F%2Fwww.123greetings.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1

Request Chain 442

https://ssum-sec.casalemedia.com/usermatch?d=https%3A%2F%2Fwww.123greetings.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F HTTP 302
https://r.casalemedia.com/usermatch?d=https%3A%2F%2Fwww.123greetings.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1

Request Chain 445

https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D&gdpr=1 HTTP 302
https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=Yx8HEbrFRpptrYc1V.OpPAAA HTTP 302
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEOnpvYRphbHH4IkgQ17U_Po&google_cver=1&gdpr=1&google_hm=2

Request Chain 447

https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=Yx8HEWoa58CxlXxUBiKnxAAABGUAAAIB HTTP 302
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=Yx8HEWoa58CxlXxUBiKnxAAABGUAAAIB&dcc=t

Request Chain 450

https://px.owneriq.net/eucm/p/cc?redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Fcrum%3Fcm_dsp_id%3D31%26external_user_id%3D(OIQ_UUID) HTTP 302
https://px.owneriq.net/ecc?redir=https%3a%2f%2fdsum-sec.casalemedia.com%2fcrum%3fcm_dsp_id%3d31%26external_user_id%3dQ7162642092143547097&uid=Q7162642092143547097&ref=%2Feucm%2Fp%2Fcc HTTP 302
https://px.owneriq.net/noop?ct=image%2Fgif

Request Chain 451

https://pixel.quantserve.com/pixel/p-Z8PuJEk6U7Hyq.gif?idmatch=0&gdpr=1 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=81&&external_user_id=TqXtzUih7ZpVo-WaHPPxyh2ivshV8OuZSKTwPfqx

Request Chain 454

https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D&gdpr=1 HTTP 302
https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=Yx8HEbrFRpptrYc1V.OpPAAA HTTP 302
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEOnpvYRphbHH4IkgQ17U_Po&google_cver=1&gdpr=1&google_hm=2

Request Chain 455

https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=Yx8HEbrFRpptrYc1V-OpPAAABLQAAAAB HTTP 302
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=Yx8HEbrFRpptrYc1V-OpPAAABLQAAAAB&dcc=t

Request Chain 458

https://casale-match.dotomi.com/match/bounce/current?networkId=19998&version=1&gdpr=1 HTTP 302
https://dsum.casalemedia.com/rum?cm_dsp_id=65&external_user_id=&expiration=1663064209&gdpr=1

Request Chain 459

https://p.rfihub.com/cm?in=1&pub=2079&gdpr=1 HTTP 302
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=57&external_user_id=5123196423215382993

Request Chain 460

https://dmp.brand-display.com/cm/api/index?cm_dsp_id=191&cm_user_id=%3CIndex_user_id%3E&gdpr=1 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=191&expiration=63072000&external_user_id=d4def627-31eb-6215-725fa9ed

453 HTTP transactions
17 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request / Show response
www.123greetings.com/events/harvest_moon_festival/ 34 KB
9 KB 541ms
242ms Document
text/html 184.72.244.154
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://www.123greetings.com/events/harvest_moon_festival/?utm_source=esep_harvestmoonfest_remail

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

184.72.244.154 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

www.123greetings.com

Software

Apache/2.4.54 () OpenSSL/1.0.2k-fips PHP/5.4.16 / PHP/5.4.16

Resource Hash

fa3c5b47e00401eb40e1ed10c1ed63f28c25f6869d7fd0d4feb30b2a019a5b3e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Age: 0
Cache-Control: max-age=900
Connection: close
Content-Encoding: gzip
Content-Length: 8508
Content-Type: text/html; charset=UTF-8
Date: Mon, 12 Sep 2022 10:16:43 GMT
Expires: Mon, 12 Sep 2022 10:31:43 GMT
Server: Apache/2.4.54 () OpenSSL/1.0.2k-fips PHP/5.4.16
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Powered-By: PHP/5.4.16

GET
H/1.1 200
OK sub_categories_R1.css
c.123g.us/css/ 9 KB
3 KB 368ms
20ms Stylesheet
text/css 8.253.95.117
LEVEL3

General

Check archive.org

Show headers Download Go to

Full URL: https://c.123g.us/css/sub_categories_R1.css
Requested by: Host: www.123greetings.com
URL: https://www.123greetings.com/events/harvest_moon_festival/?utm_source=esep_harvestmoonfest_remail
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 8.253.95.117 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 0596974ea0a4aa88cce0d0683b3af837fb80d633788395a98723d319f39c8de4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date: Thu, 01 Sep 2022 10:11:07 GMT
Content-Encoding: gzip
Last-Modified: Thu, 19 Jul 2018 11:22:16 GMT
Server: Apache/2.2.15 (CentOS)
Age: 950737
ETag: "225f-571586437ea00"
Vary: Accept-Encoding
Content-Type: text/css
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2397
jake_test: Test_Pass
Expires: Thu, 01 Sep 2022 10:26:09 GMT

GET
H/1.1 200
OK chk_script.js Show response
c.123g.us/js2/ 3 KB
3 KB 370ms
22ms Script
text/javascript 8.253.95.117
LEVEL3

General

Check archive.org

Show headers Download Go to

Full URL: https://c.123g.us/js2/chk_script.js
Requested by: Host: www.123greetings.com
URL: https://www.123greetings.com/events/harvest_moon_festival/?utm_source=esep_harvestmoonfest_remail
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 8.253.95.117 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 13d4667177bf9777b7d9a0ce216beb8f877f4836ae8e234e689547abcbad7837

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date: Thu, 01 Sep 2022 10:10:35 GMT
Last-Modified: Thu, 28 Jul 2022 09:42:54 GMT
Server: Apache/2.2.15 (CentOS)
Age: 950769
ETag: "c3f-5e4da5b944380"
Content-Type: text/javascript
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3135
jake_test: Test_Pass
Expires: Thu, 01 Sep 2022 10:25:35 GMT

GET
H/1.1 200
OK 335488_th.jpg
i.123g.us/c/esep_harvestmoonfest/th/ 8 KB
8 KB 154ms
11ms Image
image/jpeg 8.248.113.252
LEVEL3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.123g.us/c/esep_harvestmoonfest/th/335488_th.jpg
Requested by: Host: www.123greetings.com
URL: https://www.123greetings.com/events/harvest_moon_festival/?utm_source=esep_harvestmoonfest_remail
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 8.248.113.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 57839cc464accf1951fdb130b14ab07a83d227c938adb09362bf186d347364a1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date: Wed, 17 Aug 2022 19:25:00 GMT
Last-Modified: Wed, 12 Sep 2018 13:15:32 GMT
Server: Apache/2.2.15 (CentOS)
Age: 2213504
ETag: "1f0f-575ac62904500"
Content-Type: image/jpeg
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 7951
jake_test: Test_Pass
Expires: Fri, 02 Sep 2022 09:12:13 GMT

GET
H/1.1 200
OK 115793_th.gif
i.123g.us/c/esep_harvestmoonfest/th/ 8 KB
8 KB 156ms
10ms Image
image/gif 8.248.113.252
LEVEL3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.123g.us/c/esep_harvestmoonfest/th/115793_th.gif
Requested by: Host: www.123greetings.com
URL: https://www.123greetings.com/events/harvest_moon_festival/?utm_source=esep_harvestmoonfest_remail
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 8.248.113.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 3605652bf6621ecefe4ff4f43c1c2623caca95b942cb32b39b7514a43dcb90fb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date: Sat, 03 Sep 2022 10:52:12 GMT
Last-Modified: Mon, 24 Feb 2014 09:45:42 GMT
Server: Apache/2.2.15 (CentOS)
Age: 775472
ETag: "1e7b-4f323d5ba3d80"
Content-Type: image/gif
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 7803
jake_test: Test_Pass
Expires: Sat, 03 Sep 2022 11:07:12 GMT

GET
H/1.1 200
OK 124567_th.gif
i.123g.us/c/esep_harvestmoonfest/th/ 8 KB
8 KB 156ms
10ms Image
image/gif 8.248.113.252
LEVEL3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.123g.us/c/esep_harvestmoonfest/th/124567_th.gif
Requested by: Host: www.123greetings.com
URL: https://www.123greetings.com/events/harvest_moon_festival/?utm_source=esep_harvestmoonfest_remail
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 8.248.113.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 1ae3aa2ed6f2bcaeef56190ad3e57309f9c4500012f8a41bc3379b65aaf1d5ef

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date: Sun, 14 Aug 2022 02:03:28 GMT
Last-Modified: Mon, 24 Feb 2014 08:25:15 GMT
Server: Apache/2.2.15 (CentOS)
Age: 2535196
ETag: "1fac-4f322b60410c0"
Content-Type: image/gif
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 8108
jake_test: Test_Pass
Expires: Thu, 18 Aug 2022 19:36:59 GMT

GET
H/1.1 200
OK 111843_th.gif
i.123g.us/c/esep_harvestmoonfest/th/ 3 KB
4 KB 157ms
11ms Image
image/gif 8.248.113.252
LEVEL3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.123g.us/c/esep_harvestmoonfest/th/111843_th.gif
Requested by: Host: www.123greetings.com
URL: https://www.123greetings.com/events/harvest_moon_festival/?utm_source=esep_harvestmoonfest_remail
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 8.248.113.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 2091052d5cc5b7d9e56a38a3a100c5015c5718995ac1d3255e51843ac50bdb16

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date: Fri, 09 Sep 2022 07:55:24 GMT
Last-Modified: Mon, 24 Feb 2014 09:45:42 GMT
Server: Apache/2.2.15 (CentOS)
Age: 267680
ETag: "d19-4f323d5ba3d80"
Content-Type: image/gif
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3353
jake_test: Test_Pass
Expires: Fri, 09 Sep 2022 08:10:24 GMT

GET
H/1.1 200
OK 119855_th.gif
i.123g.us/c/esep_harvestmoonfest/th/ 6 KB
6 KB 153ms
10ms Image
image/gif 8.248.113.252
LEVEL3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.123g.us/c/esep_harvestmoonfest/th/119855_th.gif
Requested by: Host: www.123greetings.com
URL: https://www.123greetings.com/events/harvest_moon_festival/?utm_source=esep_harvestmoonfest_remail
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 8.248.113.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: a9c2e99ea45f89b2f3e91c1314613e6798bf3b652be41d3360943007771aff9f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date: Fri, 26 Aug 2022 04:31:00 GMT
Last-Modified: Mon, 24 Feb 2014 09:45:42 GMT
Server: Apache/2.2.15 (CentOS)
Age: 1489544
ETag: "1793-4f323d5ba3d80"
Content-Type: image/gif
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 6035
jake_test: Test_Pass
Expires: Mon, 29 Aug 2022 04:29:18 GMT

GET
H/1.1 200
OK 340349_th.gif
i.123g.us/c/esep_harvestmoonfest/th/ 7 KB
7 KB 146ms
9ms Image
image/gif 8.248.113.252
LEVEL3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.123g.us/c/esep_harvestmoonfest/th/340349_th.gif
Requested by: Host: www.123greetings.com
URL: https://www.123greetings.com/events/harvest_moon_festival/?utm_source=esep_harvestmoonfest_remail
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 8.248.113.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.4.54 () OpenSSL/1.0.2k-fips /
Resource Hash: 8ef216dff1c6df9c75e919774c39b9df5cf404b74dc84cf7f5832325fcdab87b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date: Sat, 27 Aug 2022 13:19:50 GMT
Last-Modified: Thu, 12 Sep 2019 12:16:09 GMT
Server: Apache/2.4.54 () OpenSSL/1.0.2k-fips
Age: 1371414
ETag: "1c19-5925a1a451440"
Content-Type: image/gif
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 7193
jake_test: Test_Pass
Expires: Sat, 27 Aug 2022 13:34:51 GMT

GET
H/1.1 200
OK 119858_th.gif
i.123g.us/c/esep_harvestmoonfest/th/ 8 KB
8 KB 123ms
11ms Image
image/gif 8.248.113.252
LEVEL3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.123g.us/c/esep_harvestmoonfest/th/119858_th.gif
Requested by: Host: www.123greetings.com
URL: https://www.123greetings.com/events/harvest_moon_festival/?utm_source=esep_harvestmoonfest_remail
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 8.248.113.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 13f4143e51cc843efafd0366c45774fe88baf14d5f0a9a353816c4fb3810b61e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date: Mon, 22 Aug 2022 08:23:09 GMT
Last-Modified: Mon, 24 Feb 2014 08:25:15 GMT
Server: Apache/2.2.15 (CentOS)
Age: 1821215
ETag: "1f7c-4f322b60410c0"
Content-Type: image/gif
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 8060
jake_test: Test_Pass
Expires: Wed, 31 Aug 2022 14:11:02 GMT

GET
H/1.1 200
OK 103738_th.gif
i.123g.us/c/esep_harvestmoonfest/th/ 8 KB
8 KB 122ms
14ms Image
image/gif 8.248.113.252
LEVEL3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.123g.us/c/esep_harvestmoonfest/th/103738_th.gif
Requested by: Host: www.123greetings.com
URL: https://www.123greetings.com/events/harvest_moon_festival/?utm_source=esep_harvestmoonfest_remail
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 8.248.113.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: fe8fd4a9c528868e1284a329ac669e0a31aeffe5907497723c4a445445f63a44

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date: Sun, 14 Aug 2022 13:17:23 GMT
Last-Modified: Wed, 05 Aug 2015 11:08:11 GMT
Server: Apache/2.2.15 (CentOS)
Age: 2494761
ETag: "1eb3-51c8e6b149cc0"
Content-Type: image/gif
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 7859
jake_test: Test_Pass
Expires: Sun, 14 Aug 2022 13:32:23 GMT

GET
H/1.1 200
OK 348073_th.jpg
i.123g.us/c/esep_harvestmoonfest/th/ 5 KB
6 KB 123ms
11ms Image
image/jpeg 8.248.113.252
LEVEL3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.123g.us/c/esep_harvestmoonfest/th/348073_th.jpg
Requested by: Host: www.123greetings.com
URL: https://www.123greetings.com/events/harvest_moon_festival/?utm_source=esep_harvestmoonfest_remail
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 8.248.113.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: a35bc6dbd8e0b4f6d1577a1c55227442a4ea7427cbd15379b15d237edf201510

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date: Sat, 10 Sep 2022 08:37:33 GMT
Last-Modified: Tue, 14 Sep 2021 08:28:42 GMT
Server: Apache/2.2.15 (CentOS)
Age: 178751
ETag: "14c4-5cbf05e864280"
Content-Type: image/jpeg
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 5316
jake_test: Test_Pass
Expires: Sat, 10 Sep 2022 08:52:34 GMT

GET
H/1.1 200
OK 318724_th.jpg
i.123g.us/c/esep_harvestmoonfest/th/ 5 KB
6 KB 126ms
14ms Image
image/jpeg 8.248.113.252
LEVEL3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.123g.us/c/esep_harvestmoonfest/th/318724_th.jpg
Requested by: Host: www.123greetings.com
URL: https://www.123greetings.com/events/harvest_moon_festival/?utm_source=esep_harvestmoonfest_remail
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 8.248.113.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: de2cdfb664638aa888d41ec94ca0a372b730e6c431ec79de7a5a01a83aaeca39

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date: Sun, 04 Sep 2022 07:00:56 GMT
Last-Modified: Sat, 05 Sep 2015 09:04:32 GMT
Server: Apache/2.2.15 (CentOS)
Age: 702948
ETag: "14bf-51efc4df44800"
Content-Type: image/jpeg
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 5311
jake_test: Test_Pass
Expires: Fri, 09 Sep 2022 10:02:29 GMT

GET
H/1.1 200
OK cal_block2.gif
i.123g.us/images/special_block/ 24 KB
24 KB 102ms
9ms Image
image/gif 8.248.113.252
LEVEL3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.123g.us/images/special_block/cal_block2.gif
Requested by: Host: www.123greetings.com
URL: https://www.123greetings.com/events/harvest_moon_festival/?utm_source=esep_harvestmoonfest_remail
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 8.248.113.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 21026407398ed753d48cd817a1f47881738ab30f449b90aa3f83d179ff3ed267

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date: Sat, 20 Aug 2022 06:57:15 GMT
Last-Modified: Mon, 08 Aug 2022 07:13:23 GMT
Server: Apache/2.2.15 (CentOS)
Age: 1999169
ETag: "5fd2-5e5b58d1ecac0"
Content-Type: image/gif
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 24530
jake_test: Test_Pass
Expires: Wed, 07 Sep 2022 07:30:16 GMT

GET
H/1.1 200
OK 330336_ic.gif
i.123g.us/c/birth_happybirthday/ic/ 4 KB
4 KB 108ms
8ms Image
image/gif 8.248.113.252
LEVEL3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.123g.us/c/birth_happybirthday/ic/330336_ic.gif
Requested by: Host: www.123greetings.com
URL: https://www.123greetings.com/events/harvest_moon_festival/?utm_source=esep_harvestmoonfest_remail
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 8.248.113.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.4.54 () OpenSSL/1.0.2k-fips /
Resource Hash: 55297ecf8327a1d7755c0b4ac3ff5da39523af30332cd8194d709fa4a7014b82

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date: Mon, 29 Aug 2022 14:17:15 GMT
Last-Modified: Mon, 21 Aug 2017 13:39:22 GMT
Server: Apache/2.4.54 () OpenSSL/1.0.2k-fips
Age: 1195169
ETag: "fd9-557439b363680"
Content-Type: image/gif
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 4057
jake_test: Test_Pass
Expires: Mon, 29 Aug 2022 14:49:46 GMT

GET
H2 200 1.jpg
i.ytimg.com/vi/3kyn9Es4HoY/ 5 KB
5 KB 58ms
15ms Image
image/jpeg 2a00:1450:4001:80e::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.ytimg.com/vi/3kyn9Es4HoY/1.jpg

Requested by

Host: www.123greetings.com
URL: https://www.123greetings.com/events/harvest_moon_festival/?utm_source=esep_harvestmoonfest_remail

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2016 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fb5d03d066ef45cc4a474c9d16e85a005726c2182b20086718de4a02570085d2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Mon, 12 Sep 2022 09:55:01 GMT
x-content-type-options: nosniff
age: 1303
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4874
x-xss-protection: 0
server: sffe
etag: "1435419900"
vary: Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: image/jpeg
cache-control: public, max-age=7200
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Mon, 12 Sep 2022 11:55:01 GMT

GET
H/1.1 200
OK 103272_ic.gif
i.123g.us/c/esep_grandparents/ic/ 801 B
1 KB 9ms
9ms Image
image/gif 8.248.113.252
LEVEL3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.123g.us/c/esep_grandparents/ic/103272_ic.gif
Requested by: Host: www.123greetings.com
URL: https://www.123greetings.com/events/harvest_moon_festival/?utm_source=esep_harvestmoonfest_remail
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 8.248.113.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: f6fb9a3d8163fa605b08d1f596256052a7677ea3c1b945d2597f4aa5cc516cab

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date: Fri, 26 Aug 2022 13:20:44 GMT
Last-Modified: Mon, 24 Feb 2014 09:38:06 GMT
Server: Apache/2.2.15 (CentOS)
Age: 1457760
ETag: "321-4f323ba8c3b80"
Content-Type: image/gif
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 801
jake_test: Test_Pass
Expires: Fri, 26 Aug 2022 13:35:44 GMT

GET
H/1.1 200
OK 118996_ic.gif
i.123g.us/c/birth_wishes/ic/ 3 KB
3 KB 10ms
10ms Image
image/gif 8.248.113.252
LEVEL3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.123g.us/c/birth_wishes/ic/118996_ic.gif
Requested by: Host: www.123greetings.com
URL: https://www.123greetings.com/events/harvest_moon_festival/?utm_source=esep_harvestmoonfest_remail
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 8.248.113.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 6ec673d424147e19640e15aa01cc5d7fcded63feebc1db7a75e91cbbfd2f1151

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date: Wed, 31 Aug 2022 15:17:57 GMT
Last-Modified: Mon, 24 Feb 2014 09:47:17 GMT
Server: Apache/2.2.15 (CentOS)
Age: 1018727
ETag: "b97-4f323db63d340"
Content-Type: image/gif
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2967
jake_test: Test_Pass
Expires: Tue, 06 Sep 2022 12:16:43 GMT

GET
H2 200 1.jpg
i.ytimg.com/vi/tNqUORIFV4I/ 4 KB
4 KB 55ms
16ms Image
image/jpeg 2a00:1450:4001:80e::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.ytimg.com/vi/tNqUORIFV4I/1.jpg

Requested by

Host: www.123greetings.com
URL: https://www.123greetings.com/events/harvest_moon_festival/?utm_source=esep_harvestmoonfest_remail

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2016 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6e30fd50e0873194c063148d3eaae833b0ad4fd8f1d9997df3196948526c9928

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Mon, 12 Sep 2022 10:12:56 GMT
x-content-type-options: nosniff
age: 228
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4317
x-xss-protection: 0
server: sffe
etag: "0"
vary: Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: image/jpeg
cache-control: public, max-age=7200
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Mon, 12 Sep 2022 12:12:56 GMT

GET
H/1.1 200
OK 330286_ic.gif
i.123g.us/c/anniv_wedanniv_couple/ic/ 4 KB
4 KB 9ms
9ms Image
image/gif 8.248.113.252
LEVEL3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.123g.us/c/anniv_wedanniv_couple/ic/330286_ic.gif
Requested by: Host: www.123greetings.com
URL: https://www.123greetings.com/events/harvest_moon_festival/?utm_source=esep_harvestmoonfest_remail
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 8.248.113.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: dad4127a2c2ec0b83670955fd8934c6b1ecf84a09bbdf8ce4cf64d48d920a660

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date: Fri, 26 Aug 2022 08:37:56 GMT
Last-Modified: Wed, 16 Aug 2017 13:46:35 GMT
Server: Apache/2.2.15 (CentOS)
Age: 1474728
ETag: "ea0-556df1fd064c0"
Content-Type: image/gif
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3744
jake_test: Test_Pass
Expires: Tue, 06 Sep 2022 10:12:13 GMT

GET
H/1.1 200
OK 112108_ic.gif
i.123g.us/c/birth_sonanddaughter/ic/ 3 KB
3 KB 11ms
11ms Image
image/gif 8.248.113.252
LEVEL3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.123g.us/c/birth_sonanddaughter/ic/112108_ic.gif
Requested by: Host: www.123greetings.com
URL: https://www.123greetings.com/events/harvest_moon_festival/?utm_source=esep_harvestmoonfest_remail
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 8.248.113.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: d82ac656c0175d252d08f5a4c029cbada55a413df58910cdf0be7e6871226571

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date: Thu, 18 Aug 2022 11:30:58 GMT
Last-Modified: Mon, 24 Feb 2014 09:39:15 GMT
Server: Apache/2.2.15 (CentOS)
Age: 2155546
ETag: "a50-4f323bea916c0"
Content-Type: image/gif
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2640
jake_test: Test_Pass
Expires: Sat, 27 Aug 2022 10:26:02 GMT

GET
H/1.1 200
OK 350809_ic.jpg
i.123g.us/c/love_iloveyou_general/ic/ 2 KB
2 KB 11ms
11ms Image
image/jpeg 8.248.113.252
LEVEL3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.123g.us/c/love_iloveyou_general/ic/350809_ic.jpg
Requested by: Host: www.123greetings.com
URL: https://www.123greetings.com/events/harvest_moon_festival/?utm_source=esep_harvestmoonfest_remail
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 8.248.113.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 3a65bf5ba22c9190dc17ee1af4e09c9b3b9426c6d77c665ca25072dcdd43836c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date: Sat, 10 Sep 2022 15:14:21 GMT
Last-Modified: Thu, 11 Aug 2022 09:27:50 GMT
Server: Apache/2.2.15 (CentOS)
Age: 154943
ETag: "895-5e5f3c7799180"
Content-Type: image/jpeg
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2197
jake_test: Test_Pass
Expires: Sat, 10 Sep 2022 15:29:23 GMT

GET
H/1.1 200
OK 346130_ic.gif
i.123g.us/c/gen_thinkingofyou/ic/ 3 KB
3 KB 11ms
11ms Image
image/gif 8.248.113.252
LEVEL3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.123g.us/c/gen_thinkingofyou/ic/346130_ic.gif
Requested by: Host: www.123greetings.com
URL: https://www.123greetings.com/events/harvest_moon_festival/?utm_source=esep_harvestmoonfest_remail
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 8.248.113.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: c4e4bb8fadc43078cdaa7cf5724af61540fddfeffe414b4ab817655f532e2cea

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date: Fri, 09 Sep 2022 13:05:38 GMT
Last-Modified: Wed, 03 Mar 2021 10:23:12 GMT
Server: Apache/2.2.15 (CentOS)
Age: 249066
ETag: "c4f-5bc9f3cf40400"
Content-Type: image/gif
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3151
jake_test: Test_Pass
Expires: Fri, 09 Sep 2022 13:20:38 GMT

GET
H/1.1 200
OK 113600_ic.gif
i.123g.us/c/anniv_anniversaryetc/ic/ 3 KB
3 KB 9ms
9ms Image
image/gif 8.248.113.252
LEVEL3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.123g.us/c/anniv_anniversaryetc/ic/113600_ic.gif
Requested by: Host: www.123greetings.com
URL: https://www.123greetings.com/events/harvest_moon_festival/?utm_source=esep_harvestmoonfest_remail
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 8.248.113.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: ab6521d7f8270a417139743c6dfb2cf083d647b4d350a25e13faade0e857a9fb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date: Sat, 20 Aug 2022 15:33:18 GMT
Last-Modified: Mon, 24 Feb 2014 08:24:12 GMT
Server: Apache/2.2.15 (CentOS)
Age: 1968206
ETag: "b57-4f322b242c300"
Content-Type: image/gif
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2903
jake_test: Test_Pass
Expires: Sat, 20 Aug 2022 15:48:18 GMT

GET
H/1.1 200
OK 110222_ic.gif
i.123g.us/c/esep_chocolateday/ic/ 3 KB
3 KB 10ms
10ms Image
image/gif 8.248.113.252
LEVEL3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.123g.us/c/esep_chocolateday/ic/110222_ic.gif
Requested by: Host: www.123greetings.com
URL: https://www.123greetings.com/events/harvest_moon_festival/?utm_source=esep_harvestmoonfest_remail
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 8.248.113.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 420e8665c913d96f8f0f1e128aa850c0b7279c6491da6d3251b39ae4c479976c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date: Tue, 16 Aug 2022 17:43:03 GMT
Last-Modified: Mon, 24 Feb 2014 09:41:01 GMT
Server: Apache/2.2.15 (CentOS)
Age: 2306021
ETag: "ad7-4f323c4fa8540"
Content-Type: image/gif
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2775
jake_test: Test_Pass
Expires: Tue, 16 Aug 2022 17:58:04 GMT

GET
H/1.1 200
OK 349048_ic.gif
i.123g.us/c/birth_hubbywife/ic/ 3 KB
4 KB 9ms
9ms Image
image/gif 8.248.113.252
LEVEL3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.123g.us/c/birth_hubbywife/ic/349048_ic.gif
Requested by: Host: www.123greetings.com
URL: https://www.123greetings.com/events/harvest_moon_festival/?utm_source=esep_harvestmoonfest_remail
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 8.248.113.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 5996cba77fcff80cdb76e4555cda37d6cc86ebc4669ed9669fb438db4d3ea945

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date: Fri, 09 Sep 2022 12:09:33 GMT
Last-Modified: Tue, 21 Dec 2021 07:28:31 GMT
Server: Apache/2.2.15 (CentOS)
Age: 252431
ETag: "ce0-5d3a2f3bd85c0"
Content-Type: image/gif
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3296
jake_test: Test_Pass
Expires: Fri, 09 Sep 2022 21:11:34 GMT

GET
H/1.1 200
OK 121772_ic.gif
i.123g.us/c/birth_bronsis/ic/ 2 KB
3 KB 8ms
8ms Image
image/gif 8.248.113.252
LEVEL3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.123g.us/c/birth_bronsis/ic/121772_ic.gif
Requested by: Host: www.123greetings.com
URL: https://www.123greetings.com/events/harvest_moon_festival/?utm_source=esep_harvestmoonfest_remail
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 8.248.113.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: d504e20da3974e8c88147d37ec376347e8269fad099c9e60b67d9cf7c830aa5a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date: Sat, 13 Aug 2022 12:22:56 GMT
Last-Modified: Mon, 24 Feb 2014 09:36:07 GMT
Server: Apache/2.2.15 (CentOS)
Age: 2584428
ETag: "9fc-4f323b3746fc0"
Content-Type: image/gif
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2556
jake_test: Test_Pass
Expires: Fri, 19 Aug 2022 10:38:03 GMT

GET
H/1.1 200
OK 103105_ic.gif
i.123g.us/c/esep_flowerofthemonth/ic/ 3 KB
3 KB 9ms
8ms Image
image/gif 8.248.113.252
LEVEL3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.123g.us/c/esep_flowerofthemonth/ic/103105_ic.gif
Requested by: Host: www.123greetings.com
URL: https://www.123greetings.com/events/harvest_moon_festival/?utm_source=esep_harvestmoonfest_remail
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 8.248.113.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 3644c7d20e5506c54c5b0a56ee92f2346f93263115b1ca259c6138cffeabc6bb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date: Tue, 30 Aug 2022 19:26:06 GMT
Last-Modified: Wed, 05 Aug 2015 10:55:34 GMT
Server: Apache/2.2.15 (CentOS)
Age: 1090238
ETag: "a2b-51c8e3df5b580"
Content-Type: image/gif
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2603
jake_test: Test_Pass
Expires: Tue, 06 Sep 2022 18:46:22 GMT

GET
H/1.1 200
OK 103119_ic.gif
i.123g.us/c/esep_posthinkingday/ic/ 3 KB
3 KB 10ms
9ms Image
image/gif 8.248.113.252
LEVEL3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.123g.us/c/esep_posthinkingday/ic/103119_ic.gif
Requested by: Host: www.123greetings.com
URL: https://www.123greetings.com/events/harvest_moon_festival/?utm_source=esep_harvestmoonfest_remail
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 8.248.113.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 228d9ab2bd97935adc6a0db2d9431c500aa0969d220ed21882c3f684ea04b46e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date: Wed, 31 Aug 2022 06:15:28 GMT
Last-Modified: Wed, 05 Aug 2015 13:22:39 GMT
Server: Apache/2.2.15 (CentOS)
Age: 1051276
ETag: "ae2-51c904bf885c0"
Content-Type: image/gif
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2786
jake_test: Test_Pass
Expires: Fri, 02 Sep 2022 15:00:36 GMT

GET
H/1.1 200
OK jquery-1.11.1.js Show response
c.123g.us/js2/ 94 KB
94 KB 12ms
12ms Script
text/javascript 8.253.95.117
LEVEL3

General

Check archive.org

Show headers Download Go to

Full URL: https://c.123g.us/js2/jquery-1.11.1.js
Requested by: Host: www.123greetings.com
URL: https://www.123greetings.com/events/harvest_moon_festival/?utm_source=esep_harvestmoonfest_remail
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 8.253.95.117 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 91222f96f34735ebc88df208017e54d4329b9202e3e52367fb8b149698a1a5ef

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date: Thu, 01 Sep 2022 10:11:09 GMT
Last-Modified: Wed, 15 Jun 2022 10:42:43 GMT
Server: Apache/2.2.15 (CentOS)
Age: 950735
ETag: "1762e-5e17a2e52eec0"
Content-Type: text/javascript
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 95790
jake_test: Test_Pass
Expires: Thu, 01 Sep 2022 10:26:09 GMT

GET
H/1.1 200
OK jquery-migrate-1.2.1.min.js Show response
c.123g.us/js2/ 7 KB
8 KB 11ms
11ms Script
text/javascript 8.253.95.117
LEVEL3

General

Check archive.org

Show headers Download Go to

Full URL: https://c.123g.us/js2/jquery-migrate-1.2.1.min.js
Requested by: Host: www.123greetings.com
URL: https://www.123greetings.com/events/harvest_moon_festival/?utm_source=esep_harvestmoonfest_remail
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 8.253.95.117 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 5336fb757df91e343cca414c112da532ff47f3d40b0d6e1b3c39ea00c8e24ab6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date: Thu, 01 Sep 2022 10:11:45 GMT
Last-Modified: Wed, 15 Jun 2022 10:42:43 GMT
Server: Apache/2.2.15 (CentOS)
Age: 950699
ETag: "1cb3-5e17a2e52eec0"
Content-Type: text/javascript
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 7347
jake_test: Test_Pass
Expires: Thu, 01 Sep 2022 10:26:45 GMT

GET
H/1.1 200
OK swfobject.js Show response
c.123g.us/js2/ 10 KB
10 KB 8ms
8ms Script
text/javascript 8.253.95.117
LEVEL3

General

Check archive.org

Show headers Download Go to

Full URL: https://c.123g.us/js2/swfobject.js
Requested by: Host: www.123greetings.com
URL: https://www.123greetings.com/events/harvest_moon_festival/?utm_source=esep_harvestmoonfest_remail
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 8.253.95.117 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: cafd612ebd6bc497a7a05d3dfef133a0b793f1e04e277b31c424d6d8892a1d48

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date: Thu, 01 Sep 2022 10:10:56 GMT
Last-Modified: Wed, 15 Jun 2022 10:42:43 GMT
Server: Apache/2.2.15 (CentOS)
Age: 950748
ETag: "261f-5e17a2e52eec0"
Content-Type: text/javascript
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 9759
jake_test: Test_Pass
Expires: Thu, 01 Sep 2022 11:48:22 GMT

GET
H/1.1 200
OK 123g_utils_v1.js Show response
c.123g.us/js2/ 123 KB
30 KB 12ms
12ms Script
text/javascript 8.253.95.117
LEVEL3

General

Check archive.org

Show headers Download Go to

Full URL: https://c.123g.us/js2/123g_utils_v1.js
Requested by: Host: www.123greetings.com
URL: https://www.123greetings.com/events/harvest_moon_festival/?utm_source=esep_harvestmoonfest_remail
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 8.253.95.117 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 8118f9caab521097310cbd5980732e472a431511536759da6a7f475e2f9b1c2b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date: Thu, 01 Sep 2022 10:10:54 GMT
Content-Encoding: gzip
Last-Modified: Mon, 08 Aug 2022 06:15:37 GMT
Server: Apache/2.2.15 (CentOS)
Age: 950750
ETag: "1ed63-5e5b4be87d440"
Vary: Accept-Encoding
Content-Type: text/javascript
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 30681
jake_test: Test_Pass
Expires: Thu, 01 Sep 2022 10:25:54 GMT

GET
H/1.1 200
OK utilsopt.js Show response
c.123g.us/js2/ 22 KB
7 KB 17ms
10ms Script
application/javascript 8.253.95.117
LEVEL3

General

Check archive.org

Show headers Download Go to

Full URL: https://c.123g.us/js2/utilsopt.js
Requested by: Host: www.123greetings.com
URL: https://www.123greetings.com/events/harvest_moon_festival/?utm_source=esep_harvestmoonfest_remail
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 8.253.95.117 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.4.54 () OpenSSL/1.0.2k-fips /
Resource Hash: 0ae485367eb0862700624f4b18563586fe0fd2ecd7abd1efb8a4896ead71fdd3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date: Mon, 12 Sep 2022 06:29:30 GMT
Content-Encoding: gzip
Last-Modified: Sat, 03 Sep 2022 06:43:26 GMT
Server: Apache/2.4.54 () OpenSSL/1.0.2k-fips
Age: 13634
ETag: "57b2-5e7c029e2b0e5-gzip"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 6801
jake_test: Test_Pass
Expires: Mon, 12 Sep 2022 06:44:30 GMT

GET
H/1.1 200
OK 123g_subcategory_opt.js Show response
c.123g.us/js2/ 9 KB
3 KB 14ms
8ms Script
text/javascript 8.253.95.117
LEVEL3

General

Check archive.org

Show headers Download Go to

Full URL: https://c.123g.us/js2/123g_subcategory_opt.js
Requested by: Host: www.123greetings.com
URL: https://www.123greetings.com/events/harvest_moon_festival/?utm_source=esep_harvestmoonfest_remail
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 8.253.95.117 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 987a85ec33287307910313fc7b22a8ab6cd0dc24e9fe5945f8a42af4223c1550

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date: Thu, 01 Sep 2022 10:11:10 GMT
Content-Encoding: gzip
Last-Modified: Tue, 22 Sep 2020 12:15:33 GMT
Server: Apache/2.2.15 (CentOS)
Age: 950734
ETag: "2257-5afe5ec74c340"
Vary: Accept-Encoding
Content-Type: text/javascript
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2831
jake_test: Test_Pass
Expires: Thu, 01 Sep 2022 10:26:10 GMT

GET
H/1.1 200
OK rakpanel.js Show response
c.123g.us/js2/ 3 KB
2 KB 17ms
11ms Script
text/javascript 8.253.95.117
LEVEL3

General

Check archive.org

Show headers Download Go to

Full URL: https://c.123g.us/js2/rakpanel.js
Requested by: Host: www.123greetings.com
URL: https://www.123greetings.com/events/harvest_moon_festival/?utm_source=esep_harvestmoonfest_remail
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 8.253.95.117 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: f48f1b088976f2de3bb46a5c5bc609160ef0a6f919109e08f784596b0a93b7d8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date: Thu, 01 Sep 2022 10:10:55 GMT
Content-Encoding: gzip
Last-Modified: Thu, 09 Aug 2018 13:50:00 GMT
Server: Apache/2.2.15 (CentOS)
Age: 950749
ETag: "d4c-57300e738b200"
Vary: Accept-Encoding
Content-Type: text/javascript
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1626
jake_test: Test_Pass
Expires: Thu, 01 Sep 2022 10:25:56 GMT

GET
H/1.1 200
OK jquery.ajax_autocomplete.js Show response
c.123g.us/js2/ 20 KB
20 KB 36ms
23ms Script
text/javascript 8.253.95.117
LEVEL3

General

Check archive.org

Show headers Download Go to

Full URL: https://c.123g.us/js2/jquery.ajax_autocomplete.js
Requested by: Host: www.123greetings.com
URL: https://www.123greetings.com/events/harvest_moon_festival/?utm_source=esep_harvestmoonfest_remail
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 8.253.95.117 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 0ce879cfe7244a0a086ea8a95996d7ac5838d30a9b1cd8e85f045f51c41d0df8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date: Thu, 01 Sep 2022 10:10:42 GMT
Last-Modified: Wed, 15 Jun 2022 10:42:43 GMT
Server: Apache/2.2.15 (CentOS)
Age: 950762
ETag: "4ec6-5e17a2e52eec0"
Content-Type: text/javascript
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 20166
jake_test: Test_Pass
Expires: Thu, 01 Sep 2022 10:25:42 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 165 KB
57 KB 156ms
106ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: www.123greetings.com
URL: https://www.123greetings.com/events/harvest_moon_festival/?utm_source=esep_harvestmoonfest_remail

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e094de9197213758ab703f0ac0b3b69796e5537c60453a02f4ccdac5b22e334f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Mon, 12 Sep 2022 10:16:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 57614
x-xss-protection: 0
server: cafe
etag: 2772539905428563470
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Mon, 12 Sep 2022 10:16:44 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 105 KB
41 KB 82ms
46ms Script
application/javascript 2a00:1450:4001:803::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-5085183-1

Requested by

Host: www.123greetings.com
URL: https://www.123greetings.com/events/harvest_moon_festival/?utm_source=esep_harvestmoonfest_remail

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

1ee3f644382f9e19b6a4ebd974f531b117a28825d5f036b29d2e8100f77122aa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Mon, 12 Sep 2022 10:16:44 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 41876
x-xss-protection: 0
last-modified: Mon, 12 Sep 2022 09:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 12 Sep 2022 10:16:44 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 218 KB
75 KB 59ms
23ms Script
application/javascript 2a00:1450:4001:803::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-47Q5QDHYDP

Requested by

Host: www.123greetings.com
URL: https://www.123greetings.com/events/harvest_moon_festival/?utm_source=esep_harvestmoonfest_remail

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

a54ab62cc2fef2d31ad595c0664fe3559f4d07de80d440f443b1cf7467d53bc8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Mon, 12 Sep 2022 10:16:44 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 76645
x-xss-protection: 0
expires: Mon, 12 Sep 2022 10:16:44 GMT

GET
H/1.1 200
OK styleopt_R1.css
c.123g.us/css/ 81 KB
16 KB 13ms
12ms Stylesheet
text/css 8.253.95.117
LEVEL3

General

Check archive.org

Show headers Download Go to

Full URL: https://c.123g.us/css/styleopt_R1.css
Requested by: Host: c.123g.us
URL: https://c.123g.us/css/sub_categories_R1.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 8.253.95.117 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 81113214da7b946424bed9da1f2713c0e7280b577feb58cdc17ff672143aced7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c.123g.us/css/sub_categories_R1.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date: Thu, 01 Sep 2022 10:10:36 GMT
Content-Encoding: gzip
Last-Modified: Fri, 20 May 2022 05:14:03 GMT
Server: Apache/2.2.15 (CentOS)
Age: 950768
ETag: "14218-5df6a8f0bdcc0"
Vary: Accept-Encoding
Content-Type: text/css
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 16272
jake_test: Test_Pass
Expires: Thu, 01 Sep 2022 10:26:06 GMT

GET
H/1.1 200
OK modal_window_R1.css
c.123g.us/css/ 33 KB
7 KB 31ms
17ms Stylesheet
text/css 8.253.95.117
LEVEL3

General

Check archive.org

Show headers Download Go to

Full URL: https://c.123g.us/css/modal_window_R1.css
Requested by: Host: c.123g.us
URL: https://c.123g.us/css/sub_categories_R1.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 8.253.95.117 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: c40c9c0117af4abd3ab87c81eb1725c442ec682095d29cc8bc2206e3e5ac1c23

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c.123g.us/css/sub_categories_R1.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date: Thu, 01 Sep 2022 10:10:59 GMT
Content-Encoding: gzip
Last-Modified: Wed, 10 Jun 2020 09:38:46 GMT
Server: Apache/2.2.15 (CentOS)
Age: 950745
ETag: "8220-5a7b79c425580"
Vary: Accept-Encoding
Content-Type: text/css
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 6727
jake_test: Test_Pass
Expires: Thu, 01 Sep 2022 10:25:59 GMT

GET
H/1.1 200
OK clear.js Show response
s.gk.123greetings.com/2/945541/ 6 KB
3 KB 235ms
32ms Script
text/javascript 34.248.176.243
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://s.gk.123greetings.com/2/945541/clear.js?dt=9455411658248091559000&pd=mkt&mo=0&si=main

Requested by

Host: c.123g.us
URL: https://c.123g.us/js2/chk_script.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

34.248.176.243 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-248-176-243.eu-west-1.compute.amazonaws.com

Software

Resource Hash

1559f24ae22219c390c90a321e03fdaa82f8883b537161732957f9268cc35a12

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 12 Sep 2022 10:16:43 GMT
Content-Encoding: gzip
Accept-Ch: Viewport-Width, Viewport-Height, Width, DPR, RTT, ECT, Device-Memory, Downlink, Save-Data
Vary: *
Content-Type: text/javascript; charset=utf-8
Cache-Control: no-cache, no-store, must-revalidate, no-transform, private, max-age=0
Strict-Transport-Security: max-age=31536000; includeSubDomains
Timing-Allow-Origin: *
Content-Length: 2651
Expires: 0

GET
H2 200 sdk.js Show response
connect.facebook.net/en_US/ 3 KB
2 KB 30ms
9ms Script
application/x-javascript 2a03:2880:f01c:216:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/sdk.js

Requested by

Host: www.123greetings.com
URL: https://www.123greetings.com/events/harvest_moon_festival/?utm_source=esep_harvestmoonfest_remail

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:216:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

8e105a70dd6cb1cb31e7b572636f94324df7acc98ad45605483be9436ed900c4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: B7f1c6l5LBAeGgWa82o2Yg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length: 1687
x-fb-rlafr: 0
x-fb-debug: YxNXOej8oyHIN1JB16nalJA9EKdPYJZqykxWdo9qZbsOjZGvPQYJRM1mBVXX5LoWOCGICaBiqQRe2+VFkypSnQ==
x-fb-trip-id: 2050670934
x-fb-content-md5: fe7834cc973ec514ea7e599629317e62
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Mon, 12 Sep 2022 10:16:44 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=1200,stale-while-revalidate=3600
etag: "054ded5fdd4e19fdf3b828a67cbb5ca7"
timing-allow-origin: *
expires: Mon, 12 Sep 2022 10:25:38 GMT

GET
H/1.1 200
OK 123g_master_bg.png
c.123g.us/images/ 145 B
500 B 11ms
8ms Image
image/png 8.253.95.117
LEVEL3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.123g.us/images/123g_master_bg.png
Requested by: Host: c.123g.us
URL: https://c.123g.us/css/styleopt_R1.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 8.253.95.117 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: abfaa28e509b104c2edc0bd048809340d5e006ec872e1966baff8383ff8a0e22

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c.123g.us/css/styleopt_R1.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date: Thu, 01 Sep 2022 10:10:36 GMT
Last-Modified: Tue, 07 Mar 2017 11:40:45 GMT
Server: Apache/2.2.15 (CentOS)
Age: 950768
ETag: "91-54a227b81c940"
Content-Type: image/png
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 145
jake_test: Test_Pass
Expires: Thu, 01 Sep 2022 10:25:36 GMT

GET
H/1.1 200
OK master_img_menu.png
c.123g.us/images/ 6 KB
6 KB 9ms
8ms Image
image/png 8.253.95.117
LEVEL3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.123g.us/images/master_img_menu.png
Requested by: Host: c.123g.us
URL: https://c.123g.us/css/styleopt_R1.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 8.253.95.117 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 12ba93c7b0114439929f7ac0efcdc60e6eee9da57a2fe6ce68bb969f00f4a54e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c.123g.us/css/styleopt_R1.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date: Thu, 01 Sep 2022 10:11:46 GMT
Last-Modified: Wed, 15 Jun 2022 10:44:09 GMT
Server: Apache/2.2.15 (CentOS)
Age: 950698
ETag: "1861-5e17a33733040"
Content-Type: image/png
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 6241
jake_test: Test_Pass
Expires: Thu, 01 Sep 2022 10:26:46 GMT

GET
H/1.1 200
OK icon_set_R1.png
c.123g.us/images/ 139 KB
140 KB 15ms
9ms Image
image/png 8.253.95.117
LEVEL3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.123g.us/images/icon_set_R1.png
Requested by: Host: c.123g.us
URL: https://c.123g.us/css/styleopt_R1.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 8.253.95.117 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 254d41d323b97e21b036ccf367f7dc18d8ea96daaf756167bac6f0ebbf8fbcd1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c.123g.us/css/styleopt_R1.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date: Thu, 01 Sep 2022 10:10:36 GMT
Last-Modified: Fri, 20 May 2022 05:14:03 GMT
Server: Apache/2.2.15 (CentOS)
Age: 950768
ETag: "22ca6-5df6a8f0bdcc0"
Content-Type: image/png
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 142502
jake_test: Test_Pass
Expires: Thu, 01 Sep 2022 10:25:36 GMT

GET
H/1.1 200
OK big_img_sprite.png
c.123g.us/images/ 134 KB
134 KB 14ms
9ms Image
image/png 8.253.95.117
LEVEL3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.123g.us/images/big_img_sprite.png
Requested by: Host: c.123g.us
URL: https://c.123g.us/css/styleopt_R1.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 8.253.95.117 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 69303f97bf43e5d9fd7a0c8e6b5f4b49de4466684c7e2b8e2108de98e5c98483

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c.123g.us/css/styleopt_R1.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date: Thu, 01 Sep 2022 10:11:10 GMT
Last-Modified: Wed, 11 Sep 2019 08:42:36 GMT
Server: Apache/2.2.15 (CentOS)
Age: 950734
ETag: "21653-5924300b6d700"
Content-Type: image/png
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 136787
jake_test: Test_Pass
Expires: Thu, 01 Sep 2022 10:26:10 GMT

GET
H/1.1 200
OK master_icon_set_2.png
c.123g.us/images/ 88 KB
88 KB 13ms
9ms Image
image/png 8.253.95.117
LEVEL3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.123g.us/images/master_icon_set_2.png
Requested by: Host: c.123g.us
URL: https://c.123g.us/css/styleopt_R1.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 8.253.95.117 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 89b03d4a2f2ca3d04df1fda63a5247ef31cea689a0ca553e353122ab3d22b646

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c.123g.us/css/styleopt_R1.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date: Thu, 01 Sep 2022 10:10:57 GMT
Last-Modified: Tue, 15 Feb 2022 08:14:02 GMT
Server: Apache/2.2.15 (CentOS)
Age: 950747
ETag: "15fce-5d80a1da24680"
Content-Type: image/png
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 90062
jake_test: Test_Pass
Expires: Thu, 01 Sep 2022 10:25:57 GMT

GET
H/1.1 200
OK 123g_master_icon_set_2.png
c.123g.us/images/ 60 KB
61 KB 9ms
9ms Image
image/png 8.253.95.117
LEVEL3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.123g.us/images/123g_master_icon_set_2.png
Requested by: Host: c.123g.us
URL: https://c.123g.us/css/styleopt_R1.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 8.253.95.117 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 4330d4072d013510b91ca5648f210b614c2e4e8ecbea94a1f8a8373aa6068532

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c.123g.us/css/styleopt_R1.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date: Thu, 01 Sep 2022 10:10:36 GMT
Last-Modified: Tue, 15 Feb 2022 08:14:02 GMT
Server: Apache/2.2.15 (CentOS)
Age: 950768
ETag: "f1d2-5d80a1da24680"
Content-Type: image/png
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 61906
jake_test: Test_Pass
Expires: Thu, 01 Sep 2022 10:25:36 GMT

GET
H/1.1 200
OK request.js Show response
trkn.us/info/ 2 KB
1 KB 394ms
97ms Script
application/javascript 3.225.202.210
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://trkn.us/info/request.js?sid=1efbd474-f6d6-4c7a-ab0e-0a28232c817d&ord=119011733.42487192

Requested by

Host: www.123greetings.com
URL: https://www.123greetings.com/events/harvest_moon_festival/?utm_source=esep_harvestmoonfest_remail

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.225.202.210 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-3-225-202-210.compute-1.amazonaws.com

Software

Apache /

Resource Hash

dca79e4da88922a943261135b73b92418e87d9cec7008b0967e437b022892b8d

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 12 Sep 2022 10:16:44 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: Apache
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: keep-alive
Content-Length: 733
Expires: Sun, 01 Jan 2014 00:00:00 GMT

GET
H/1.1 200
OK addressbook.js Show response
c.123g.us/js2/ 401 KB
76 KB 11ms
10ms Script
text/javascript 8.253.95.117
LEVEL3

General

Check archive.org

Show headers Download Go to

Full URL: https://c.123g.us/js2/addressbook.js
Requested by: Host: c.123g.us
URL: https://c.123g.us/js2/jquery-1.11.1.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 8.253.95.117 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: d37a1d0a9caf1a7ab47cf71e03cb92dbce54797914e91c6ad6bf88dabd0814ca

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date: Thu, 01 Sep 2022 10:10:54 GMT
Content-Encoding: gzip
Last-Modified: Mon, 08 Aug 2022 06:15:37 GMT
Server: Apache/2.2.15 (CentOS)
Age: 950750
ETag: "64550-5e5b4be87d440"
Vary: Accept-Encoding
Content-Type: text/javascript
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 77410
jake_test: Test_Pass
Expires: Thu, 01 Sep 2022 10:25:54 GMT

GET
H2 200 gpt.js Show response
www.googletagservices.com/tag/js/ 84 KB
29 KB 75ms
23ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: c.123g.us
URL: https://c.123g.us/js2/123g_utils_v1.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d466a4b2b852286223f23f149a78587be16f7b24eb507fa9268bcccd6d60bc0d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Mon, 12 Sep 2022 10:16:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28684
x-xss-protection: 0
server: sffe
etag: "1331 / 762 of 1000 / last-modified: 1662972584"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Mon, 12 Sep 2022 10:16:44 GMT

GET
H/1.1 200
OK closeBtn_h.png
c.123g.us/images/ 1 KB
1 KB 9ms
8ms Image
image/png 8.253.95.117
LEVEL3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.123g.us/images/closeBtn_h.png
Requested by: Host: www.123greetings.com
URL: https://www.123greetings.com/events/harvest_moon_festival/?utm_source=esep_harvestmoonfest_remail
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 8.253.95.117 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 1e66c06ab180f7bf3da83626313d8c1b45efa2ddd191b430ffec9993a3f9675f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date: Thu, 01 Sep 2022 10:11:00 GMT
Last-Modified: Tue, 07 Mar 2017 11:40:43 GMT
Server: Apache/2.2.15 (CentOS)
Age: 950744
ETag: "42a-54a227b6344c0"
Content-Type: image/png
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1066
jake_test: Test_Pass
Expires: Thu, 01 Sep 2022 10:26:00 GMT

GET
H3 200 sdk.js Show response
connect.facebook.net/en_US/ 297 KB
85 KB 20ms
8ms Script
application/x-javascript 2a03:2880:f01c:216:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/sdk.js?hash=3c3ba88f341463ddf013198a709167ac

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f01c:216:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

fcad12586cd50631c69ff1e6e1b6ebbde2aa8624f4ff8ebcf237b6d49149bea7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.123greetings.com/
Origin: https://www.123greetings.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: 7Oq04UDGJyJ4O4vRkM135Q==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length: 86503
x-fb-rlafr: 0
x-fb-debug: lrSvSjQ0XcVTviQE8X/ijffzqfWaz8CTy5vYoP6Ei/CODm4IV/GWmuUFkGDp7ldoowbPlIhWwsnV+I0dT/O/Vw==
x-fb-content-md5: e298977170fe2d311d084400b99497ef
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Mon, 12 Sep 2022 10:16:44 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
etag: "d1d8fa070df05f703a596d00b3bc3f91"
timing-allow-origin: *
priority: u=3,i
expires: Tue, 12 Sep 2023 09:49:55 GMT

GET
H/1.1 200
OK connect_config.js Show response
c.123g.us/js2/ 203 B
564 B 10ms
10ms Script
text/javascript 8.253.95.117
LEVEL3

General

Check archive.org

Show headers Download Go to

Full URL: https://c.123g.us/js2/connect_config.js
Requested by: Host: c.123g.us
URL: https://c.123g.us/js2/jquery-1.11.1.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 8.253.95.117 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 0ae74371a872da00743b4c907dc6b5ea22377f13ede1ac75055a55f50676dba8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date: Thu, 01 Sep 2022 10:11:16 GMT
Last-Modified: Wed, 15 Jun 2022 10:42:43 GMT
Server: Apache/2.2.15 (CentOS)
Age: 950728
ETag: "cb-5e17a2e52eec0"
Content-Type: text/javascript
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 203
jake_test: Test_Pass
Expires: Thu, 01 Sep 2022 10:26:18 GMT

POST
H2 204 collect
region1.google-analytics.com/g/ 0
350 B 53ms
19ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-47Q5QDHYDP&gtm=2oe970&_p=1106018444&cid=1919503609.1662977805&ul=en-us&sr=1600x1200&_z=ccd.v9B&_s=1&sid=1662977804&sct=1&seg=0&dl=https%3A%2F%2Fwww.123greetings.com%2Fevents%2Fharvest_moon_festival%2F%3Futm_source%3Desep_harvestmoonfest_remail&dt=Chinese%20Moon%20Festival%20Cards%2C%20Free%20Chinese%20Moon%20Festival%20Wishes%20%7C%20123%20Greetings&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-47Q5QDHYDP
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 12 Sep 2022 10:16:44 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.123greetings.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 49ms
13ms Script
text/javascript 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-5085183-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 13 Apr 2022 21:02:38 GMT
server: Golfe2
age: 4484
date: Mon, 12 Sep 2022 09:02:00 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Mon, 12 Sep 2022 11:02:00 GMT

GET
H2 200 pubads_impl_2022090601.js Show response
securepubads.g.doubleclick.net/gpt/ 382 KB
131 KB 85ms
13ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022090601.js

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ce67b0786f14c7c1861eebd94f6557072e99e50ab95176a2f23d7444c4dc2741

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Mon, 12 Sep 2022 09:55:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1271
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 133157
x-xss-protection: 0
last-modified: Tue, 06 Sep 2022 08:35:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Tue, 12 Sep 2023 09:55:33 GMT

GET
H2 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 678 B
892 B 110ms
49ms XHR
application/json 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=www.123greetings.com

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9c1fd9ab364f0c8c0e19d6a8f6e6a504722b5b0583be0b7dff72005c72144a59

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 12 Sep 2022 10:16:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 255
x-xss-protection: 0
expires: Mon, 12 Sep 2022 10:16:44 GMT

GET
H3 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202209060101/ 345 KB
121 KB 102ms
74ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202209060101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-8275302107693664&plah=www.123greetings.com

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

76adbcf2390b5eac9e52a2ddc9bdb4bdb00bbd9a50921196fc5beae66cedc7e1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Mon, 12 Sep 2022 10:16:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 124239
x-xss-protection: 0
server: cafe
etag: 15954262419662777818
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Mon, 12 Sep 2022 10:16:44 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20220907/r20190131/ Frame 2471 10 KB
5 KB 54ms
14ms Document
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20220907/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

de317176fa6b64a8e89bbd45d20b6be2560bbfa96e7e53e63eb754e18bfe6c1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.123greetings.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 50698
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=1209600
content-encoding: gzip
content-length: 4412
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 11 Sep 2022 20:11:46 GMT
etag: 8616628553774171045
expires: Sun, 25 Sep 2022 20:11:46 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

POST
H/1.1 200
OK postback Show response
s.gk.123greetings.com/2/2.68.0/945541/AYHxlO8PEeQbmLmt/ 0
145 B 121ms
29ms XHR
text/plain 34.248.176.243
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.gk.123greetings.com/2/2.68.0/945541/AYHxlO8PEeQbmLmt/postback?oz_pl=1&dt=9455411658248091559000&pd=mkt&mo=0&si=main&ci=945541&_x=1
Requested by: Host: s.gk.123greetings.com
URL: https://s.gk.123greetings.com/2/945541/clear.js?dt=9455411658248091559000&pd=mkt&mo=0&si=main
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 34.248.176.243 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-248-176-243.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.123greetings.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: *
Date: Mon, 12 Sep 2022 10:16:43 GMT
Timing-Allow-Origin: *
Content-Length: 0
Vary: Origin

GET
H/1.1 200
OK main.js Show response
s.gk.123greetings.com/2/2.68.0/ 161 KB
51 KB 32ms
32ms Script
text/javascript 34.248.176.243
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://s.gk.123greetings.com/2/2.68.0/main.js

Requested by

Host: s.gk.123greetings.com
URL: https://s.gk.123greetings.com/2/945541/clear.js?dt=9455411658248091559000&pd=mkt&mo=0&si=main

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

34.248.176.243 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-248-176-243.eu-west-1.compute.amazonaws.com

Software

Resource Hash

cd6b83da7feb207b78af33f8270690be835a8fcdd34ad223489816b99b2e9064

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date: Mon, 12 Sep 2022 10:16:43 GMT
Content-Encoding: br
Accept-Ch: Viewport-Width, Viewport-Height, Width, DPR, RTT, ECT, Device-Memory, Downlink, Save-Data
Vary: Origin, Accept-Encoding
Content-Type: text/javascript; charset=utf-8
Cache-Control: public, no-transform, immutable, max-age=999999999
Strict-Transport-Security: max-age=31536000; includeSubDomains
Timing-Allow-Origin: *
Content-Length: 51475
Expires: Thu, 21 May 2054 08:14:40 GMT

POST
H3 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 50ms
21ms XHR
text/plain 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j96&a=1106018444&t=pageview&_s=1&dl=https%3A%2F%2Fwww.123greetings.com%2Fevents%2Fharvest_moon_festival%2F%3Futm_source%3Desep_harvestmoonfest_remail&ul=en-us&de=UTF-8&dt=Chinese%20Moon%20Festival%20Cards%2C%20Free%20Chinese%20Moon%20Festival%20Wishes%20%7C%20123%20Greetings&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YADAAUABAAAAAC~&jid=1078324012&gjid=1000514994&cid=1919503609.1662977805&tid=UA-5085183-1&_gid=781610094.1662977805&_r=1&gtm=2ou970&z=530259053

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.123greetings.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 12 Sep 2022 10:16:44 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.123greetings.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 1 B
442 B 58ms
18ms XHR
text/plain 2a00:1450:400c:c0c::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-5085183-1&cid=1919503609.1662977805&jid=1078324012&gjid=1000514994&_gid=781610094.1662977805&_u=YADAAUAAAAAAAC~&z=842556563

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c0c::9d Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.123greetings.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Mon, 12 Sep 2022 10:16:44 GMT
content-type: text/plain
access-control-allow-origin: https://www.123greetings.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H/1.1 200
OK postback Show response
s.gk.123greetings.com/2/2.68.0/945541/AYHxlO8PEeQbmLmt/ 0
145 B 33ms
33ms XHR
text/plain 34.248.176.243
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.gk.123greetings.com/2/2.68.0/945541/AYHxlO8PEeQbmLmt/postback?oz_pl=1&dt=9455411658248091559000&pd=mkt&mo=0&si=main&ci=945541&_x=1
Requested by: Host: s.gk.123greetings.com
URL: https://s.gk.123greetings.com/2/945541/clear.js?dt=9455411658248091559000&pd=mkt&mo=0&si=main
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 34.248.176.243 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-248-176-243.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.123greetings.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: *
Date: Mon, 12 Sep 2022 10:16:44 GMT
Timing-Allow-Origin: *
Content-Length: 0
Vary: Origin

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
792 B 76ms
24ms Script
application/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.123greetings.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022090601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 12 Sep 2022 10:16:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
549 B 87ms
24ms Script
application/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.123greetings.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022090601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 12 Sep 2022 10:16:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 236 KB
30 KB 808ms
755ms XHR
text/plain 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1375290979530990&correlator=103008383533648&eid=31068498%2C31068825&output=ldjh&gdfp_req=1&vrg=2022090601&ptt=17&impl=fifs&iu_parts=46400095%2CDesktopWeb_SubCategory_LB%2CDesktopWeb_SubCategory_Mrec%2CDesktopWeb_SubCategory_SecondMrec%2CDesktopWeb_SubCategory_LowerMrec%2CDesktopWeb_SubCategory_BottomLrec%2CDesktopWeb_SubCategory_BottomSecondLrec%2CDesktopWeb_SubCategory_LowerLB%2CDesktopWeb_SubCategory_Video%2CDesktopWeb_SubCategory_VideoInContent&enc_prev_ius=%2F0%2F1%2C%2F0%2F2%2C%2F0%2F3%2C%2F0%2F4%2C%2F0%2F5%2C%2F0%2F6%2C%2F0%2F7%2C%2F0%2F8%2C%2F0%2F9&prev_iu_szs=728x90%2C300x250%2C300x250%2C300x250%2C300x250%2C300x250%2C970x90%7C728x90%7C970x250%2C1x1%2C1x1&ifi=2&adks=3914305483%2C1127719608%2C4293624944%2C3694362538%2C3926068587%2C1178609660%2C2276923048%2C933155397%2C4230775942&sfv=1-0-38&fsapi=false&cust_params=site%3D123greetings.com%26section%3Desep_harvestmoonfest%26page%3Dsubcategory&sc=1&cookie_enabled=1&abxe=1&dt=1662977804822&lmt=1662977804&dlt=1662977803988&idt=807&adxs=560%2C970%2C970%2C970%2C970%2C970%2C310%2C0%2C320&adys=47%2C236%2C518%2C1870%2C2152%2C2434%2C2722%2C2916%2C1157&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0%7C0%7C0%7C1%7C2%7C3%7C4%7C5%7C0&ucis=1%7C2%7C3%7C4%7C5%7C6%7C7%7C8%7C9&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fwww.123greetings.com%2Fevents%2Fharvest_moon_festival%2F%3Futm_source%3Desep_harvestmoonfest_remail&frm=20&vis=1&psz=980x90%7C320x262%7C320x262%7C320x262%7C320x262%7C320x262%7C980x37%7C1600x2896%7C630x0&msz=728x90%7C300x250%7C300x250%7C300x250%7C300x250%7C300x250%7C980x0%7C1600x0%7C630x0&fws=4%2C4%2C4%2C4%2C4%2C4%2C0%2C0%2C0&ohw=728%2C300%2C300%2C300%2C300%2C300%2C0%2C0%2C0&ga_vid=1919503609.1662977805&ga_sid=1662977805&ga_hid=1106018444&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022090601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

db7a53f0310c1f5649700b8164fd2838c198f3ccf6b14874b74946f7b8f1ffac

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Mon, 12 Sep 2022 10:16:45 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2,-2,-2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 30717
x-xss-protection: 0
google-lineitem-id: 5292193851,-1,-1,-1,-1,-1,-1,5501288042,5461263814
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138302591891,-1,-1,-1,-1,-1,-1,138326033967,138321279906
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.123greetings.com
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
30098436617e6bdbda20c622bf945430.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame D8EA 6 KB
4 KB 123ms
22ms Document
text/html 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://30098436617e6bdbda20c622bf945430.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022090601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.123greetings.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 12 Sep 2022 10:16:44 GMT
expires: Tue, 12 Sep 2023 10:16:44 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

POST
H/1.1 200
OK postback Show response
s.gk.123greetings.com/2/2.68.0/945541/AYHxlO8PEeQbmLmt/ 0
145 B 31ms
30ms XHR
text/plain 34.248.176.243
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.gk.123greetings.com/2/2.68.0/945541/AYHxlO8PEeQbmLmt/postback?dt=9455411658248091559000&pd=mkt&mo=0&si=main&ci=945541&sid=AYHxlO8PEeQbmLmt&oz_sc=385e43d25de8494c566ad975&oz_df=1662977804787&oz_l=202&cv=3
Requested by: Host: s.gk.123greetings.com
URL: https://s.gk.123greetings.com/2/2.68.0/main.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 34.248.176.243 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-248-176-243.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.123greetings.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: *
Date: Mon, 12 Sep 2022 10:16:44 GMT
Timing-Allow-Origin: *
Content-Length: 0
Vary: Origin

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 220 B
647 B 146ms
33ms Script
text/javascript 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=www.123greetings.com&callback=_gfp_s_&client=ca-pub-8275302107693664

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202209060101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-8275302107693664&plah=www.123greetings.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

bb0da101273c8eea68593f9acce1d404af76523321acd70b9411c2d588f8359b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Mon, 12 Sep 2022 10:16:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 203
x-xss-protection: 0

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 48ms
48ms Image
image/gif 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=ach_evt&url=https%3A%2F%2Fwww.123greetings.com%2Fevents%2Fharvest_moon_festival%2F%3Futm_source%3Desep_harvestmoonfest_remail&tn=DIV&id=cookie_bar&cls=cookie_bar&ign=false&pw=1600&ph=1200&x=1575&y=1175

Requested by

Host: www.123greetings.com
URL: https://www.123greetings.com/events/harvest_moon_festival/?utm_source=esep_harvestmoonfest_remail

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 12 Sep 2022 10:16:44 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 3630 158 KB
44 KB 412ms
381ms Document
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8275302107693664&output=html&adk=1812271804&adf=3025194257&lmt=1662977804&plat=1%3A16777216%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fwww.123greetings.com%2Fevents%2Fharvest_moon_festival%2F%3Futm_source%3Desep_harvestmoonfest_remail&ea=0&pra=5&wgl=1&easpi=1&easai=1&asntp=0&asntpv=0&asntpl=0&asntpm=0&asntpc=300&asna=5&asnd=5&asnp=5&asns=5&asmat=-1&asptt=-1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1662977804633&bpp=3&bdt=645&idt=223&shv=r20220907&mjsv=m202209060101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=5612363782282&frm=20&pv=2&ga_vid=1919503609.1662977805&ga_sid=1662977805&ga_hid=1106018444&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C42531706%2C44772488&oid=2&pvsid=1375290979530990&tmod=1849732783&uas=0&nvt=1&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=235

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3c9e1063d9fa4741e793742cc0864b0b56d45daf551f660462f38fb6cf8ddad7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.123greetings.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: br
content-length: 45287
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 12 Sep 2022 10:16:45 GMT
expires: Mon, 12 Sep 2022 10:16:45 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H/1.1

200
OK

/
trkn.us/info/
Redirect Chain

https://trkn.us/info/?sid=1efbd474-f6d6-4c7a-ab0e-0a28232c817d&ord=119011733.42487192&ref=https%3A%2F%2Fwww.123greetings.com%2Fevents%2Fharvest_moon_festival%2F%3Futm_source%3Desep_harvestmoonfest_...
https://trkn.us/info/?sid=1efbd474-f6d6-4c7a-ab0e-0a28232c817d&ord=119011733.42487192&ref=https%3A%2F%2Fwww.123greetings.com%2Fevents%2Fharvest_moon_festival%2F%3Futm_source%3Desep_harvestmoonfest_...

42 B
780 B

129ms
128ms

Image
image/gif

3.225.202.210
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://trkn.us/info/?sid=1efbd474-f6d6-4c7a-ab0e-0a28232c817d&ord=119011733.42487192&ref=https%3A%2F%2Fwww.123greetings.com%2Fevents%2Fharvest_moon_festival%2F%3Futm_source%3Desep_harvestmoonfest_remail&dvis=visible&ip=37.58.58.248&cuidchk=1

Requested by

Host: www.123greetings.com
URL: https://www.123greetings.com/events/harvest_moon_festival/?utm_source=esep_harvestmoonfest_remail

Protocol

HTTP/1.1

Server

3.225.202.210 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-3-225-202-210.compute-1.amazonaws.com

Software

Apache /

Resource Hash

b2c78c910f5ea29e3a9d223dabc203c055c8708b1fe7d83788b490638126db4d

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 12 Sep 2022 10:16:45 GMT
X-Content-Type-Options: nosniff
Last-Modified: Sun, 9 Nov 1980 12:59:00 GMT
Server: Apache
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Cache-Control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Connection: keep-alive
Content-Type: image/gif
Content-Length: 42
Expires: Sun, 9 Nov 1980 12:58:00 GMT

Redirect headers

Date: Mon, 12 Sep 2022 10:16:44 GMT
X-Content-Type-Options: nosniff
Server: Apache
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Location: /info/?sid=1efbd474-f6d6-4c7a-ab0e-0a28232c817d&ord=119011733.42487192&ref=https%3A%2F%2Fwww.123greetings.com%2Fevents%2Fharvest_moon_festival%2F%3Futm_source%3Desep_harvestmoonfest_remail&dvis=visible&ip=37.58.58.248&cuidchk=1
Connection: keep-alive
Content-Type: text/html; charset=UTF-8
Content-Length: 0

GET
BLOB 200
OK 82240a67-05a9-430e-b789-be47f9f392d7
https://www.123greetings.com/ Frame A95A 185 B
0 Other
application/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://www.123greetings.com/82240a67-05a9-430e-b789-be47f9f392d7
Requested by: Host: www.123greetings.com
URL: https://www.123greetings.com/events/harvest_moon_festival/?utm_source=esep_harvestmoonfest_remail
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 848fe19ed492948709b881f504ce2eb6274baa694606ca88eb9b2990a2460caf

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Content-Length: 185
Content-Type: application/javascript

POST
H/1.1 200
OK postback Show response
s.gk.123greetings.com/2/2.68.0/945541/AYHxlO8PEeQbmLmt/ 0
145 B 32ms
31ms XHR
text/plain 34.248.176.243
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.gk.123greetings.com/2/2.68.0/945541/AYHxlO8PEeQbmLmt/postback?dt=9455411658248091559000&pd=mkt&mo=0&si=main&ci=945541&sid=AYHxlO8PEeQbmLmt&oz_sc=385e43d25de8494c566ad975&oz_df=1662977804939&oz_l=4455&cv=3
Requested by: Host: s.gk.123greetings.com
URL: https://s.gk.123greetings.com/2/2.68.0/main.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 34.248.176.243 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-248-176-243.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.123greetings.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: *
Date: Mon, 12 Sep 2022 10:16:44 GMT
Timing-Allow-Origin: *
Content-Length: 0
Vary: Origin

POST
H/1.1 200
OK postback Show response
s.gk.123greetings.com/2/2.68.0/945541/AYHxlO8PEeQbmLmt/ 0
145 B 31ms
31ms XHR
text/plain 34.248.176.243
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.gk.123greetings.com/2/2.68.0/945541/AYHxlO8PEeQbmLmt/postback?dt=9455411658248091559000&pd=mkt&mo=0&si=main&ci=945541&sid=AYHxlO8PEeQbmLmt&oz_sc=385e43d25de8494c566ad975&oz_df=1662977805113&oz_l=5523&cv=3
Requested by: Host: s.gk.123greetings.com
URL: https://s.gk.123greetings.com/2/2.68.0/main.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 34.248.176.243 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-248-176-243.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.123greetings.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: *
Date: Mon, 12 Sep 2022 10:16:44 GMT
Timing-Allow-Origin: *
Content-Length: 0
Vary: Origin

POST
H/1.1 200
OK postback Show response
s.gk.123greetings.com/2/2.68.0/945541/AYHxlO8PEeQbmLmt/ 0
145 B 31ms
30ms XHR
text/plain 34.248.176.243
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.gk.123greetings.com/2/2.68.0/945541/AYHxlO8PEeQbmLmt/postback?dt=9455411658248091559000&pd=mkt&mo=0&si=main&ci=945541&sid=AYHxlO8PEeQbmLmt&oz_sc=385e43d25de8494c566ad975&oz_df=1662977805268&oz_l=194&cv=3
Requested by: Host: s.gk.123greetings.com
URL: https://s.gk.123greetings.com/2/2.68.0/main.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 34.248.176.243 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-248-176-243.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.123greetings.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: *
Date: Mon, 12 Sep 2022 10:16:44 GMT
Timing-Allow-Origin: *
Content-Length: 0
Vary: Origin

GET
H3 200 reactive_library_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202209060101/ 149 KB
53 KB 74ms
74ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202209060101/reactive_library_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9756d7d3e134fd570e9755cafe0ea28dab16155451c8d8cdf95afa1aa429a9b9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Mon, 12 Sep 2022 10:16:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 54573
x-xss-protection: 0
server: cafe
etag: 11916104893462843917
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Mon, 12 Sep 2022 10:16:45 GMT

GET
H2 200 css2
fonts.googleapis.com/ 606 B
890 B 56ms
22ms Stylesheet
text/css 2a00:1450:4001:812::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Google+Material+Icons:wght@400;500;700

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

9e132e6ec1f3853fe883cd3eb4e56a97ef75da3de1f47c930b83a5e70dc886c5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 12 Sep 2022 10:16:45 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Mon, 12 Sep 2022 10:16:45 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 12 Sep 2022 10:16:45 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 48ms
47ms Image
image/gif 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: www.123greetings.com
URL: https://www.123greetings.com/events/harvest_moon_festival/?utm_source=esep_harvestmoonfest_remail

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 12 Sep 2022 10:16:45 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 48ms
48ms Image
image/gif 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=adfil-imp&wp=ca-pub-8275302107693664&c=2&e=44772488&h=www.123greetings.com&ld=en&lx=en&m=6&n=0&o=a&p=487&t=0&w=983&x=7&sap=0&tap=1&bap=0&nsr=0&im=0&mo=0&hesa=0

Requested by

Host: www.123greetings.com
URL: https://www.123greetings.com/events/harvest_moon_festival/?utm_source=esep_harvestmoonfest_remail

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 12 Sep 2022 10:16:45 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
122 B 54ms
23ms Script
application/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.123greetings.com

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 12 Sep 2022 10:16:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 52ms
23ms Script
application/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.123greetings.com

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 12 Sep 2022 10:16:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20220907/r20110914/ Frame 6FD9 10 KB
4 KB 14ms
14ms Document
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20220907/r20110914/zrt_lookup.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

de317176fa6b64a8e89bbd45d20b6be2560bbfa96e7e53e63eb754e18bfe6c1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.123greetings.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 45984
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=1209600
content-encoding: gzip
content-length: 4412
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 11 Sep 2022 21:30:21 GMT
etag: 8616628553774171045
expires: Sun, 25 Sep 2022 21:30:21 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 css2
fonts.googleapis.com/ Frame 6FD9 4 KB
636 B 50ms
22ms Stylesheet
text/css 2a00:1450:4001:812::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220907/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

c2777526a216d9692dd29697ebee7836fe8ae65f3a290faa20b75b64c0625205

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 12 Sep 2022 08:59:34 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Mon, 12 Sep 2022 10:16:45 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 12 Sep 2022 10:16:45 GMT

GET
H2 200 feedback_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame 6FD9 205 B
742 B 60ms
13ms Image
image/png 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/feedback_grey600_24dp.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220907/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Mon, 12 Sep 2022 09:38:36 GMT
x-content-type-options: nosniff
age: 2289
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 205
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Tue, 12 Sep 2023 09:38:36 GMT

GET
H2 200 settings_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame 6FD9 604 B
694 B 61ms
14ms Image
image/png 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/settings_grey600_24dp.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220907/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Mon, 12 Sep 2022 09:36:15 GMT
x-content-type-options: nosniff
age: 2430
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 604
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Tue, 12 Sep 2023 09:36:15 GMT

GET
H2 200 interstitial_ad_frame_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220907/r20110914/elements/html/ Frame 6FD9 19 KB
9 KB 51ms
15ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220907/r20110914/elements/html/interstitial_ad_frame_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220907/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ec9ae04448369cfd061688be0e2203a5696e42a15d1c179e7ba7849acb2c63cb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Mon, 12 Sep 2022 10:16:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 13
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8353
x-xss-protection: 0
server: cafe
etag: 17005385338368023289
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 26 Sep 2022 10:16:32 GMT

GET
BLOB 200
OK a53ef00f-7d85-437f-b559-6a0e2bbadb00
https://www.123greetings.com/ 787 B
0 Other
text/plain

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://www.123greetings.com/a53ef00f-7d85-437f-b559-6a0e2bbadb00
Requested by: Host: www.123greetings.com
URL: https://www.123greetings.com/events/harvest_moon_festival/?utm_source=esep_harvestmoonfest_remail
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: eda230dd867267de3ee51f6003c89cb0a60073e35674ef98d425111b5d40247a

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Content-Length: 787

POST
H/1.1 200
OK postback Show response
s.gk.123greetings.com/2/2.68.0/945541/AYHxlO8PEeQbmLmt/ 0
145 B 33ms
33ms XHR
text/plain 34.248.176.243
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.gk.123greetings.com/2/2.68.0/945541/AYHxlO8PEeQbmLmt/postback?dt=9455411658248091559000&pd=mkt&mo=0&si=main&ci=945541&sid=AYHxlO8PEeQbmLmt&oz_sc=385e43d25de8494c566ad975&oz_df=1662977805453&oz_l=1292&cv=3
Requested by: Host: s.gk.123greetings.com
URL: https://s.gk.123greetings.com/2/2.68.0/main.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 34.248.176.243 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-248-176-243.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.123greetings.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: *
Date: Mon, 12 Sep 2022 10:16:44 GMT
Timing-Allow-Origin: *
Content-Length: 0
Vary: Origin

GET
H3 200 css
fonts.googleapis.com/ Frame C39A 8 KB
893 B 24ms
23ms Stylesheet
text/css 2a00:1450:4001:812::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220907/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

4cf6f3dffbc65f9231255bf31f40ddc84a45bc57428b41d6786afc7153b90b7a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 12 Sep 2022 08:57:27 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Mon, 12 Sep 2022 10:16:45 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 12 Sep 2022 10:16:45 GMT

GET
H3 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220907/r20110914/client/ Frame C39A 2 KB
902 B 47ms
16ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220907/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220907/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

981c0bff12cb03203363a70e8ffe9b7fdf4af3b0b10c7a02a639eb13327574c0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Mon, 12 Sep 2022 10:15:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 62
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 875
x-xss-protection: 0
server: cafe
etag: 16974406330603315520
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 26 Sep 2022 10:15:43 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220907/r20110914/ Frame C39A 23 KB
9 KB 44ms
14ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220907/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220907/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8bdd5a651bcebd9e1ecd443172bd4c983d64765f04c28e1b55a0a63467e4d035

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Mon, 12 Sep 2022 10:08:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 506
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9632
x-xss-protection: 0
server: cafe
etag: 15013890920676311251
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 26 Sep 2022 10:08:19 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220907/r20110914/client/ Frame C39A 3 KB
1 KB 48ms
18ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220907/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220907/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Mon, 12 Sep 2022 10:01:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 888
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 26 Sep 2022 10:01:57 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame C39A 141 KB
44 KB 52ms
22ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220907/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

50f77fa9d32c1323f7e50da8d807f556cdddaea2161de6cf84a0c8b4c1dd6f79

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Mon, 12 Sep 2022 10:16:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44740
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1662550240112033"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 12 Sep 2022 10:16:45 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220907/r20110914/client/ Frame C39A 17 KB
7 KB 41ms
13ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220907/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220907/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e368951bc5918b3d9fbc8205bfdf0d8be8b79da09b457bb113307063f3b1bc89

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Mon, 12 Sep 2022 10:12:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 230
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7592
x-xss-protection: 0
server: cafe
etag: 7248493764890666469
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 26 Sep 2022 10:12:55 GMT

GET
H3 200 8e474446b56ed6ef0feeec2d987f1a60.js Show response
www.gstatic.com/mysidia/ Frame C39A 33 KB
13 KB 42ms
13ms Script
text/javascript 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/8e474446b56ed6ef0feeec2d987f1a60.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220907/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c84c1026e0a4c60ec0ee85c8b41c1904144aa63184260c95840924b42bd32d33

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Sun, 11 Sep 2022 10:34:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 85328
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13628
x-xss-protection: 0
last-modified: Thu, 08 Sep 2022 04:49:49 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Sat, 10 Dec 2022 10:34:37 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame C39A 0
20 B 48ms
48ms Ping
image/gif 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=jca&jc=26&version=r20220907&sample=0.01

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/pagead/js/r20220907/r20110914/client/load_preloaded_resource_fy2021.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 12 Sep 2022 10:16:45 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

/
www.facebook.com/login/ Frame D26A
Redirect Chain

https://www.facebook.com/v2.4/plugins/page.php?adapt_container_width=true&app_id=6268317308&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3e9a8afa...
https://www.facebook.com/login/?next=https%3A%2F%2Fwww.facebook.com%2Fplugins%2Fpage.php%3Fadapt_container_width%3Dtrue%26app_id%3D6268317308%26channel%3Dhttps%253A%252F%252Fstaticxx.facebook.com%2...

0
0

89ms
78ms

Document
text/html

2a03:2880:f11c:8083:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/login/?next=https%3A%2F%2Fwww.facebook.com%2Fplugins%2Fpage.php%3Fadapt_container_width%3Dtrue%26app_id%3D6268317308%26channel%3Dhttps%253A%252F%252Fstaticxx.facebook.com%252Fx%252Fconnect%252Fxd_arbiter%252F%253Fversion%253D46%2523cb%253Df3e9a8afafb1e1c%2526domain%253Dwww.123greetings.com%2526is_canvas%253Dfalse%2526origin%253Dhttps%25253A%25252F%25252Fwww.123greetings.com%25252Ff36a5ce7310767%2526relation%253Dparent.parent%26container_width%3D320%26height%3D287%26hide_cover%3Dfalse%26href%3Dhttps%253A%252F%252Fwww.facebook.com%252F123GreetingsCom%26locale%3Den_US%26sdk%3Djoey%26show_facepile%3Dtrue%26show_posts%3Dtrue%26small_header%3Dtrue%26width%3D320

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js?hash=3c3ba88f341463ddf013198a709167ac

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net wss://.facebook.com:* wss://.fbcdn.net attachment.fbsbx.com blob: .cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ .fbsbx.com;font-src data: .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com data:;frame-src .facebook.com .fbsbx.com fbsbx.com data: .fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.123greetings.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: private, no-cache, no-store, must-revalidate
content-encoding: br
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-type: text/html; charset="utf-8"
cross-origin-opener-policy: same-origin-allow-popups
date: Mon, 12 Sep 2022 10:16:45 GMT
expires: Sat, 01 Jan 2000 00:00:00 GMT
pragma: no-cache
priority: u=0
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
strict-transport-security: max-age=15552000; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-fb-debug: /0a3Cm24cAzTubRkT3HVSrkFWZ41BmAiIwN0n5fqwlHwzqq4znT9lLY713uJP8oc+05aQvzKC5LowgDH65rBUQ==
x-frame-options: DENY
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: private, no-cache, no-store, must-revalidate
content-length: 0
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
content-type: text/html; charset="utf-8"
cross-origin-opener-policy: unsafe-none
date: Mon, 12 Sep 2022 10:16:45 GMT
document-policy: force-load-at-top
expires: Sat, 01 Jan 2000 00:00:00 GMT
facebook-api-version: v8.0
location: https://www.facebook.com/login/?next=https%3A%2F%2Fwww.facebook.com%2Fplugins%2Fpage.php%3Fadapt_container_width%3Dtrue%26app_id%3D6268317308%26channel%3Dhttps%253A%252F%252Fstaticxx.facebook.com%252Fx%252Fconnect%252Fxd_arbiter%252F%253Fversion%253D46%2523cb%253Df3e9a8afafb1e1c%2526domain%253Dwww.123greetings.com%2526is_canvas%253Dfalse%2526origin%253Dhttps%25253A%25252F%25252Fwww.123greetings.com%25252Ff36a5ce7310767%2526relation%253Dparent.parent%26container_width%3D320%26height%3D287%26hide_cover%3Dfalse%26href%3Dhttps%253A%252F%252Fwww.facebook.com%252F123GreetingsCom%26locale%3Den_US%26sdk%3Djoey%26show_facepile%3Dtrue%26show_posts%3Dtrue%26small_header%3Dtrue%26width%3D320
pragma: no-cache
strict-transport-security: max-age=15552000; preload
x-content-type-options: nosniff
x-fb-debug: gpEaNEEwJyr9XMuk5WeJoYPshVfEGB7cB57yc++BQpb5V7dOYvp4i9a7/3o84pNdrXnxd2U4jfAuuaupH8iOwA==
x-fb-rlafr: 0
x-xss-protection: 0

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 14 KB
11 KB 91ms
63ms XHR
application/json 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022090601&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022090601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8c6800a9ca8057584fff549a21306d012ee784034f2b8adbbba29a3f2f51c437

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 12 Sep 2022 10:16:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11158
x-xss-protection: 0

GET
H3 200 JI0Pcydj_YJwFyiv8pAtPmsHnnPx6gDBxLt0n0XpIm8.js Show response
pagead2.googlesyndication.com/bg/ Frame E157 36 KB
16 KB 14ms
13ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/JI0Pcydj_YJwFyiv8pAtPmsHnnPx6gDBxLt0n0XpIm8.js

Requested by

Host: www.123greetings.com
URL: https://www.123greetings.com/events/harvest_moon_festival/?utm_source=esep_harvestmoonfest_remail

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

248d0f732763fd82701728aff2902d3e6b079e73f1ea00c1c4bb749f45e9226f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Mon, 12 Sep 2022 09:46:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1812
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15957
x-xss-protection: 0
last-modified: Mon, 29 Aug 2022 10:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 12 Sep 2023 09:46:33 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame F3D0 0
0 53ms
52ms Fetch
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssWy-J-VBjgIr-za6ZCwbaq4z2olpUMl8FJFZphZgo_Orn69ffu_ZNxQiiQNCyp-wAb9_1PzpBAneJoI79zrFyAF1D4z1soT_5psQxHkosrukE27SSACX7-Bz-Q1o7olBsevu6XeZYkUUqWtqsbV3RATn0PqxLPCaHi7kx0smvAqQ3o29iPHl5mO4T58NpKw9-zSaBHy0Vn-oCnj86ORNZ_lwZzbkjfOo2suk8oSxJLhLPrfGg-w9TWTNGA7FUn92sxwu1zMRei4BcHAu4qzv-JPO8wXwjsHkGwqYh3zDYe62p1FEBwrV1Y-CuMhhoFU10J_0sHzdQb8J0GDoGNfJkYbUmEzwg&sai=AMfl-YRm9HRV4fWxcQGB7i8hivBIqy7STqNdnKEIFoPV2UrCwFIJoEKcwDPFpHwqUvsL3EhSvVJN9j-k5tnZ_tew8vsOTGz596LGSMq5cTMSAJCEUH-beSa9bxiUHExhBTc4oA&sig=Cg0ArKJSzG7zSHHbRrHOEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: www.123greetings.com
URL: https://www.123greetings.com/events/harvest_moon_festival/?utm_source=esep_harvestmoonfest_remail

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 12 Sep 2022 10:16:45 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Mon, 12 Sep 2022 10:16:45 GMT

GET
H3 200 show_ads.js Show response
pagead2.googlesyndication.com/pagead/ Frame F3D0 116 KB
39 KB 85ms
84ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/show_ads.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022090601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

bd9ee85a59f68e2783a1ad8e2484cc3e006b562326cea477b6dfd1bf8cc82c61

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Mon, 12 Sep 2022 10:16:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 40134
x-xss-protection: 0
server: cafe
etag: 17143931991746849558
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Mon, 12 Sep 2022 10:16:45 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame F3D0 141 KB
44 KB 24ms
24ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022090601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

50f77fa9d32c1323f7e50da8d807f556cdddaea2161de6cf84a0c8b4c1dd6f79

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Mon, 12 Sep 2022 10:16:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44740
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1662550240112033"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 12 Sep 2022 10:16:45 GMT

GET
H3 200 container.html Show response
30098436617e6bdbda20c622bf945430.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame FF14 6 KB
3 KB 44ms
15ms Document
text/html 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://30098436617e6bdbda20c622bf945430.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022090601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.123greetings.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 12 Sep 2022 10:16:44 GMT
expires: Tue, 12 Sep 2023 10:16:44 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 container.html Show response
30098436617e6bdbda20c622bf945430.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 3820 6 KB
3 KB 42ms
16ms Document
text/html 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://30098436617e6bdbda20c622bf945430.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022090601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.123greetings.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 12 Sep 2022 10:16:44 GMT
expires: Tue, 12 Sep 2023 10:16:44 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 container.html Show response
30098436617e6bdbda20c622bf945430.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 7670 6 KB
3 KB 39ms
17ms Document
text/html 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://30098436617e6bdbda20c622bf945430.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022090601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.123greetings.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 12 Sep 2022 10:16:44 GMT
expires: Tue, 12 Sep 2023 10:16:44 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 amp4ads-v0.mjs Show response
cdn.ampproject.org/rtv/012208121708000/ Frame FD76 221 KB
61 KB 90ms
23ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012208121708000/amp4ads-v0.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022090601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

622cd4a2d30e2b367e91504a877c0284d39bf4ff04c3fdca849996e4df5553af

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 520220
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 61526
x-xss-protection: 0
server: sffe
date: Tue, 06 Sep 2022 09:46:25 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "b1753c5424806777"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Wed, 06 Sep 2023 09:46:25 GMT

GET
H2 200 amp-ad-exit-0.1.mjs Show response
cdn.ampproject.org/rtv/012208121708000/v0/ Frame FD76 14 KB
5 KB 124ms
57ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012208121708000/v0/amp-ad-exit-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022090601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2c6cd6437201b0cf35c1eccffc8e99291167d496c73ab43ecb3cfeec5a5dc28f

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 520220
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5202
x-xss-protection: 0
server: sffe
date: Tue, 06 Sep 2022 09:46:25 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "23fb7130d171a0c1"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Wed, 06 Sep 2023 09:46:25 GMT

GET
H2 200 amp-analytics-0.1.mjs Show response
cdn.ampproject.org/rtv/012208121708000/v0/ Frame FD76 94 KB
28 KB 124ms
57ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012208121708000/v0/amp-analytics-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022090601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3f2c0c4e4c89eae172edef7969867243fca9370249d772d7724ab3bca286e1e1

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 520220
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28840
x-xss-protection: 0
server: sffe
date: Tue, 06 Sep 2022 09:46:25 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "bd6960dd2dd8774b"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Wed, 06 Sep 2023 09:46:25 GMT

GET
H2 200 amp-fit-text-0.1.mjs Show response
cdn.ampproject.org/rtv/012208121708000/v0/ Frame FD76 5 KB
2 KB 128ms
61ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012208121708000/v0/amp-fit-text-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022090601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8de5be317de0e910d5ccea3ce5a604f6fe59df71dfc30b8d7272bd1fab48617e

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 520220
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1914
x-xss-protection: 0
server: sffe
date: Tue, 06 Sep 2022 09:46:25 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "6b6863aa0ddd5cf3"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Wed, 06 Sep 2023 09:46:25 GMT

GET
H2 200 amp-form-0.1.mjs Show response
cdn.ampproject.org/rtv/012208121708000/v0/ Frame FD76 40 KB
13 KB 128ms
62ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012208121708000/v0/amp-form-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022090601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c8356135a2910f429eaab41d100680627e417d126cbed99c410f0d5aad490ab2

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 520219
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12954
x-xss-protection: 0
server: sffe
date: Tue, 06 Sep 2022 09:46:26 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "008ca125395468a7"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Wed, 06 Sep 2023 09:46:26 GMT

GET
DATA 200
OK truncated
/ Frame FD76 208 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b289812b6afa4154103135b7b8f48f4e0349aa64b825479ceab16e1b1fd52c93

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 amp4ads-v0.mjs Show response
cdn.ampproject.org/rtv/012208121708000/ Frame CDDD 221 KB
60 KB 88ms
30ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012208121708000/amp4ads-v0.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022090601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

622cd4a2d30e2b367e91504a877c0284d39bf4ff04c3fdca849996e4df5553af

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 520220
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 61526
x-xss-protection: 0
server: sffe
date: Tue, 06 Sep 2022 09:46:25 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "b1753c5424806777"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Wed, 06 Sep 2023 09:46:25 GMT

GET
H2 200 amp-ad-exit-0.1.mjs Show response
cdn.ampproject.org/rtv/012208121708000/v0/ Frame CDDD 14 KB
5 KB 53ms
49ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012208121708000/v0/amp-ad-exit-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022090601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2c6cd6437201b0cf35c1eccffc8e99291167d496c73ab43ecb3cfeec5a5dc28f

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 520220
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5202
x-xss-protection: 0
server: sffe
date: Tue, 06 Sep 2022 09:46:25 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "23fb7130d171a0c1"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Wed, 06 Sep 2023 09:46:25 GMT

GET
H2 200 amp-analytics-0.1.mjs Show response
cdn.ampproject.org/rtv/012208121708000/v0/ Frame CDDD 94 KB
28 KB 54ms
50ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012208121708000/v0/amp-analytics-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022090601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3f2c0c4e4c89eae172edef7969867243fca9370249d772d7724ab3bca286e1e1

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 520220
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28840
x-xss-protection: 0
server: sffe
date: Tue, 06 Sep 2022 09:46:25 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "bd6960dd2dd8774b"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Wed, 06 Sep 2023 09:46:25 GMT

GET
H2 200 amp-fit-text-0.1.mjs Show response
cdn.ampproject.org/rtv/012208121708000/v0/ Frame CDDD 5 KB
2 KB 56ms
52ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012208121708000/v0/amp-fit-text-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022090601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8de5be317de0e910d5ccea3ce5a604f6fe59df71dfc30b8d7272bd1fab48617e

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 520220
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1914
x-xss-protection: 0
server: sffe
date: Tue, 06 Sep 2022 09:46:25 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "6b6863aa0ddd5cf3"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Wed, 06 Sep 2023 09:46:25 GMT

GET
H2 200 amp-form-0.1.mjs Show response
cdn.ampproject.org/rtv/012208121708000/v0/ Frame CDDD 40 KB
13 KB 57ms
52ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012208121708000/v0/amp-form-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022090601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c8356135a2910f429eaab41d100680627e417d126cbed99c410f0d5aad490ab2

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 520219
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12954
x-xss-protection: 0
server: sffe
date: Tue, 06 Sep 2022 09:46:26 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "008ca125395468a7"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Wed, 06 Sep 2023 09:46:26 GMT

GET
DATA 200
OK truncated
/ Frame CDDD 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b5d5999e429c2567d7b175963b0ac8e15ab92a79961b71134e8b4a0f9de3cc1f

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 container.html Show response
30098436617e6bdbda20c622bf945430.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame DB9C 6 KB
3 KB 16ms
14ms Document
text/html 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://30098436617e6bdbda20c622bf945430.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022090601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.123greetings.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 12 Sep 2022 10:16:44 GMT
expires: Tue, 12 Sep 2023 10:16:44 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame C44B 0
0 55ms
54ms Fetch
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuYII3aDe4i5SOxE0oWzOLuhgGpctyKJRebT7tPSCW-NXsnkdf9qWylEVOjr_Bqa9ljzlKPoBOVIL0EQZs_9OAgmPJzsxnrtrbyixvA_ucHXQ2CUh1DNB3DJVYBu9Kx6flyoXlUwbBwMRfuChqe4adykQ56IINVFVAuMG5PF9B_btG80aMLS5bzvLka_QAsPF4hupPsDoY0qojufsit_VdPe5L0a15ekdhCSIezxgNDGe5hxZJSEWdcZTPXJ4dS-o7A-_tOFVR9ORNWXQ2awvvGIlys5hKy1mzK0UwXGPH83rJgF12cKxIzyymGvnmEGJXS6NrM19YhHwxZnA4Uq_UKn2YVNz08h8-m&sai=AMfl-YQ6PQJ1ViK4o9j3C3L06PLOQy_T197TOPwTSr-dFwWjeYmZxDBRQk-prt3snJf9VsNz3WYF6LIazY3lzhxQVA6nrQ2k__zE971iAoSeywPkfrCLTkDVA9oE9OBLlrUXqA&sig=Cg0ArKJSzFw6YtT-arbTEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: www.123greetings.com
URL: https://www.123greetings.com/events/harvest_moon_festival/?utm_source=esep_harvestmoonfest_remail

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 12 Sep 2022 10:16:45 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Mon, 12 Sep 2022 10:16:45 GMT

GET
H2 200 video-loader.js Show response
cdn.avantisvideo.com/avm/js/ Frame C44B 32 KB
11 KB 92ms
8ms Script
application/javascript 2600:9000:2490:a00:1c:38a0:8a40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.avantisvideo.com/avm/js/video-loader.js?id=1c35f5e5-f7c0-4c97-8283-6c9f94ba8c53&tagId=1
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022090601.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2490:a00:1c:38a0:8a40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 2e4386cf56ad2612f0ad0526372b3d1cd96d6ecb3f32836f141aa28207b3907e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

x-amz-version-id: o3_UP5DBpj34HIRp37PMEele1xlw3U13
content-encoding: gzip
last-modified: Sun, 29 May 2022 06:35:41 GMT
server: AmazonS3
age: 10083
etag: W/"d29171b34ea93548beb17fd35f5b439b"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 6b85d8725dd6471c3db1f65d4096afc4.cloudfront.net (CloudFront)
date: Mon, 12 Sep 2022 07:28:43 GMT
x-amz-cf-pop: FRA56-P6
x-amz-cf-id: nCi8_p2ElG2o75Fnaob3-apMVvbMlidASZjj6IK-Z_u3pXKDlyb3YQ==

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame C44B 141 KB
44 KB 30ms
30ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022090601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

50f77fa9d32c1323f7e50da8d807f556cdddaea2161de6cf84a0c8b4c1dd6f79

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Mon, 12 Sep 2022 10:16:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44740
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1662550240112033"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 12 Sep 2022 10:16:45 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame FCB1 0
0 53ms
53ms Fetch
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssCfunkdwdKo-Aid3Pj6-Rfwl915KMrUwsgcZmYtL8IPAOhCK6lFwI3GINC8z1qX9eJd_SMLkyfU3sW81PVqE89J-PP4RY9BWtpVQOmUFXxOe3cTwijtio6YEraq_hIh0uXu0neUoil_G7L7KrehrV6nixXVrtIatLVteoQx4PUp4ZYsJjdTjJOCi7h7uESMq53Z7Bk5DcqdDakwsvEpkE-vzJRSphz09rMbqbbWaMsaEV-007t7WcF5-_TjeX9ksAQlt8eQvmU_XJvTjDOcOdVUemyhPrxl0e8TMiDNfkTn5JhaD2hhg750nSXK3Ra0ZYfJpPlnRHTNrUBr0R2hAtVK0EKIySdtvaOuVC7RYgHX1km&sai=AMfl-YSN6BDvWmx1slWS-IvkcdkaytD4qC0n-hg78aWe0oL3GEx80rn-smz0fzizKe4y_2kFWsFIxViy9jfjl2EG7Xwkzx-5OoN2974UPvwIOOFWGdkHtV35HMIN_8l1lHWg0A&sig=Cg0ArKJSzCNzjuu8gkzjEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: www.123greetings.com
URL: https://www.123greetings.com/events/harvest_moon_festival/?utm_source=esep_harvestmoonfest_remail

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 12 Sep 2022 10:16:45 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Mon, 12 Sep 2022 10:16:45 GMT

GET
H2 200 video-loader.js Show response
cdn.avantisvideo.com/avm/js/ Frame FCB1 32 KB
11 KB 87ms
9ms Script
application/javascript 2600:9000:2490:a00:1c:38a0:8a40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.avantisvideo.com/avm/js/video-loader.js?id=1c35f5e5-f7c0-4c97-8283-6c9f94ba8c53&tagId=1
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022090601.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2490:a00:1c:38a0:8a40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 2e4386cf56ad2612f0ad0526372b3d1cd96d6ecb3f32836f141aa28207b3907e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

x-amz-version-id: o3_UP5DBpj34HIRp37PMEele1xlw3U13
content-encoding: gzip
last-modified: Sun, 29 May 2022 06:35:41 GMT
server: AmazonS3
age: 10083
etag: W/"d29171b34ea93548beb17fd35f5b439b"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 6b85d8725dd6471c3db1f65d4096afc4.cloudfront.net (CloudFront)
date: Mon, 12 Sep 2022 07:28:43 GMT
x-amz-cf-pop: FRA56-P6
x-amz-cf-id: KGscryX1mimXtT_zXZOa2nRlGm4-vYQWbtDNAeTI8oX339Ro1a5mOw==

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame FCB1 141 KB
44 KB 34ms
33ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022090601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

50f77fa9d32c1323f7e50da8d807f556cdddaea2161de6cf84a0c8b4c1dd6f79

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Mon, 12 Sep 2022 10:16:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44740
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1662550240112033"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 12 Sep 2022 10:16:45 GMT

GET
H3 200 10653543094837859896
tpc.googlesyndication.com/simgad/ Frame FD76 120 KB
120 KB 15ms
14ms Image
image/gif 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/10653543094837859896

Requested by

Host: www.123greetings.com
URL: https://www.123greetings.com/events/harvest_moon_festival/?utm_source=esep_harvestmoonfest_remail

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4b13724f2ea08585691e54130bcbe33f7730f4f8a9aa6f598877bf51b5c47cbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Wed, 07 Sep 2022 08:49:47 GMT
x-content-type-options: nosniff
age: 437218
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 122376
x-xss-protection: 0
last-modified: Wed, 31 Aug 2022 08:20:40 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Thu, 07 Sep 2023 08:49:47 GMT

GET
H3 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame FD76 2 KB
2 KB 28ms
26ms Image
image/png 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: www.123greetings.com
URL: https://www.123greetings.com/events/harvest_moon_festival/?utm_source=esep_harvestmoonfest_remail

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Sun, 11 Sep 2022 19:03:14 GMT
x-content-type-options: nosniff
server: cafe
age: 54811
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
etag: 14819457070020093239
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Mon, 12 Sep 2022 19:03:14 GMT

GET
H3 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame FD76 295 B
319 B 22ms
20ms Image
image/png 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: www.123greetings.com
URL: https://www.123greetings.com/events/harvest_moon_festival/?utm_source=esep_harvestmoonfest_remail

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Sun, 11 Sep 2022 16:52:08 GMT
x-content-type-options: nosniff
server: cafe
age: 62677
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
etag: 426692510519060060
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Mon, 12 Sep 2022 16:52:08 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame FD76 0
0 64ms
23ms Image
text/html 2a00:1450:4001:82b::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSDFIZ0rBUBZ66diRIuZ6eSSjHuzeEJZTyc7_3oyjAWJt_jNvORuqI7237sit02zBlos1GjCwdERIqHKCNwWTR2N5rC7A
Requested by: Host: www.123greetings.com
URL: https://www.123greetings.com/events/harvest_moon_festival/?utm_source=esep_harvestmoonfest_remail
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:82b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame FD76 0
0 60ms
59ms Image
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=Ckf2zDAcfY5OlOsyBrASpobJon6rjoWyTjqSC1BDIv8HwkQ4QASDv9pAhYJXCpoKwB6ABv8vmhQLIAQPgAgCoAwHIAwiqBJkCT9DFYjnb1oGWuDvFaEwbyJtkfWR8MCdBw-I_2DJ04JC9daVSYypDUlPu2B65nCEJC1ZIJkZQCXQAaiLxuG8igaRPwC9uQeds2M3I90kX_h8FMgVbCCe5UULABE2zlOYWYO6fx-8963at1MPD5NKRLJCIhpf5UDlvrQnijPoHJ9SQzIjxVhap1mcgw21jPyTJyblUBQO_VDaOPpxZrRc_HzJDL6hwao6_JlKdjcZKLuCw13M997Tb-4d1v1-QbSw-eplLMkkvfaNNxQLxX4c2rGNTxcIQFMxrtbuebR7SI0ITvGOtjrsMelStdflew5Omj23UmFUaZ57g2sbU83H85dmU7E-5-RR8eMRgtMq34ZTDp_ehjRorQm3ABL6uvISFBOAEAZIFBAgEGAGSBQQIBRgEkgUECAUYGJIFBQgFGKgBoAYDgAf_vIGzAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4b2AcB8gcEEJT1BtIIEgiI4YAQEAEYHTIDqoIBOgKAQIAKA8gLAdgTDNAVAYAXAbIXHgocCAASFHB1Yi00NjI3NTE3NjgwMjQ5NjcwGP_XFw&sigh=LSEIHIsVzDw&uach_m=[UACH]
Requested by: Host: www.123greetings.com
URL: https://www.123greetings.com/events/harvest_moon_festival/?utm_source=esep_harvestmoonfest_remail
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

GET
H3 200 10653543094837859896
tpc.googlesyndication.com/simgad/ Frame CDDD 120 KB
120 KB 22ms
21ms Image
image/gif 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/10653543094837859896

Requested by

Host: www.123greetings.com
URL: https://www.123greetings.com/events/harvest_moon_festival/?utm_source=esep_harvestmoonfest_remail

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4b13724f2ea08585691e54130bcbe33f7730f4f8a9aa6f598877bf51b5c47cbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Wed, 07 Sep 2022 08:49:47 GMT
x-content-type-options: nosniff
age: 437218
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 122376
x-xss-protection: 0
last-modified: Wed, 31 Aug 2022 08:20:40 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Thu, 07 Sep 2023 08:49:47 GMT

GET
H3 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame CDDD 2 KB
2 KB 27ms
26ms Image
image/png 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: www.123greetings.com
URL: https://www.123greetings.com/events/harvest_moon_festival/?utm_source=esep_harvestmoonfest_remail

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Sun, 11 Sep 2022 19:03:14 GMT
x-content-type-options: nosniff
server: cafe
age: 54811
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
etag: 14819457070020093239
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Mon, 12 Sep 2022 19:03:14 GMT

GET
H3 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame CDDD 295 B
319 B 26ms
25ms Image
image/png 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: www.123greetings.com
URL: https://www.123greetings.com/events/harvest_moon_festival/?utm_source=esep_harvestmoonfest_remail

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Sun, 11 Sep 2022 16:52:08 GMT
x-content-type-options: nosniff
server: cafe
age: 62677
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
etag: 426692510519060060
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Mon, 12 Sep 2022 16:52:08 GMT

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame CDDD 0
0 60ms
59ms Image
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CTIN4DAcfY6imOsyBrASpobJov46kqWy67O_svhCM7O28ySgQASCF7JICYJXCpoKwB6ABv8vmhQLIAQPgAgCoAwHIAwiqBJMCT9BzUH8g69gOng0MY7FhYdbr4HaKD18kt4ZPsG1v4Qy52UQsH41rGjbEQJUnSqGXRohrkkdodtZ1vDKv54ZAF7WgVoX4-ZuWQx_Zba3ztIHwFrL6pQ7oRz38xU9I0aA3bV0U9Sw4ukM6s8HN3WuybTA-lke9Xsj9Vz-EewtSgPk85RrPbju9F3CXspEhA7w3msZ7vlintxaE8vJacjPILMSczgKFwZlo8R6354A5iGaf0uqjiwUwCPOB78nNwxaavV5C2sJmtQrEZDeYNtMz8Cmb5BIh8WNO78tmnkzSzNYGmHNI7hB5CljvkhTBr2PRepxexUaUDPZCE2sljbTc1KDrDKfrU2IOCFix6LM-GzL6NzbABIyPr7v_A-AEAZIFBAgEGAGSBQQIBRgEkgUECAUYGJIFBQgFGKgBoAYDgAf_vIGzAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4b2AcB8gcEEIK3B9IIEgiI4YAQEAEYHTIDqoIBOgKAQIAKAcgLAdgTDNAVAYAXAbIXHgocCAASFHB1Yi04Mjc1MzAyMTA3NjkzNjY0GP_XFw&sigh=hGVfDdFwcmA&uach_m=[UACH]
Requested by: Host: www.123greetings.com
URL: https://www.123greetings.com/events/harvest_moon_festival/?utm_source=esep_harvestmoonfest_remail
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 45ms
45ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022090601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Mon, 12 Sep 2022 10:16:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 12 Sep 2022 10:16:45 GMT

POST
H/1.1 200
OK postback Show response
s.gk.123greetings.com/2/2.68.0/945541/AYHxlO8PEeQbmLmt/ 0
145 B 32ms
30ms XHR
text/plain 34.248.176.243
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.gk.123greetings.com/2/2.68.0/945541/AYHxlO8PEeQbmLmt/postback?dt=9455411658248091559000&pd=mkt&mo=0&si=main&ci=945541&sid=AYHxlO8PEeQbmLmt&oz_sc=385e43d25de8494c566ad975&oz_df=1662977805734&oz_l=5932&cv=3
Requested by: Host: s.gk.123greetings.com
URL: https://s.gk.123greetings.com/2/2.68.0/main.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 34.248.176.243 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-248-176-243.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.123greetings.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: *
Date: Mon, 12 Sep 2022 10:16:44 GMT
Timing-Allow-Origin: *
Content-Length: 0
Vary: Origin

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame FF14 0
0 58ms
57ms Fetch
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CheRyDAcfY_SfOsyBrASpobJoyZ7SsVzVnZH3cMCNtwEQASAAYJXCpoKwB4IBF2NhLXB1Yi00NjI3NTE3NjgwMjQ5NjcwoAHVttLqA8gBCakChr7End3YsD7gAgCoAwGqBI4CT9CXigtrG9VDXM7pYZNE8k-vPVob_XAyPUXL55Z1RPkb64gBvGSAEZD2CsXRzFaEhbgihuFLDS4gyKgvRkhpddTSX8Av20im2aLh5-U71_x1IUZulchGsWKZ4xrJGk_449nLTz2B7ujhb6_YsZPm6Ke7ldyHL45L2bUFHpulmYIBQCoofITKalt-91dhRGupqHQmCRm6y3BNMDCteNmZX5BuGYLSaKDvJFRGQ9J3sOFnN6UJz8cjcsev4hDZOyMNyByiuCFQISU8D0YXEGzbNtU6yHAS0pGXKjxXn9bmgsDHbUg_1WFoYwTe103F-zs91pES4jTGP5L_F1KmXDar5qwzz8tJEfP-WHTVPYCO4AQBgAbHzc-Y357tqfkBoAYhqAeKmLECqAemvhuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHANIIEAiI4YAQEAEyA6qCAToCgECACgP6CwIIAYAMAdAVAYAXAbIXHAoaEhRwdWItNDYyNzUxNzY4MDI0OTY3MBj_1xc&sigh=HjS2Sq5iOt4&uach_m=[UACH]&cid=CAQSPgCsnQUxkrn9IwfjCHxHnnXjGgafuUt1KySRggXvXxcW-D2JSyMilXiHdDbIOurzY_eVIFWuW2h7T6Ly9MmTGAE
Requested by: Host: www.123greetings.com
URL: https://www.123greetings.com/events/harvest_moon_festival/?utm_source=esep_harvestmoonfest_remail
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://30098436617e6bdbda20c622bf945430.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

GET
H2 200 notify
rtb.fr.eu.criteo.com/google/auction/ Frame FF14 0
0 68ms
16ms Fetch 2a02:2638::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://rtb.fr.eu.criteo.com/google/auction/notify?profile=14&payload=k5CTFMc1rAL6AZ2DYgICAAAAoVE7jJl3H1IffN3qK-WvnBAMBx9ji-OrreNiyiSBiJMAEgAA&wp=Yx8HDAAOj_QKiwDMAAyQqfykzAzSadRIQ5QSDA

Requested by

Host: www.123greetings.com
URL: https://www.123greetings.com/events/harvest_moon_festival/?utm_source=esep_harvestmoonfest_remail

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://30098436617e6bdbda20c622bf945430.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Mon, 12 Sep 2022 10:16:45 GMT
server: Kestrel
server-processing-duration-in-ticks: 228558
content-length: 0
strict-transport-security: max-age=31536000; preload;

GET
H2 200 afr.php Show response
ads.eu.criteo.com/delivery/r/ Frame 9088 174 KB
55 KB 407ms
181ms Document
text/html 2a02:2638:1::4
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://ads.eu.criteo.com/delivery/r/afr.php?z=Yx8HDAAOj_QKiwDMAAyQqfykzAzSadRIQ5QSDA&u=%7CSx%2BgiojftOy7KF9Tg1XuTSNRp0OGUteOoUbrH6%2Fo7SQ%3D%7C&c1=0n2XosTo5ckbeNFvq0zVIcsyhyT3WKD0PIixkNz--ZUG2JILUkurhaVHQ6RkVc1uRRN7U2tIy92afbib4fbn5EybKaRfoUCp6pZXFQMmnMggJeikCgjA3FfnNvswZvCPAKUQL7PvDAhICrPfe_zMulQs0SmRR-35qopft_4wp-aMN6amB84tVbmu-lRMd-jg6LvDpoS5n6wuNuilDfUyUr4Bf0-hNCkyO-CPV5yMDi8_Rn9YKAAOB6HFE35UCuNFuMltzFspCHK04KzC0zjz0SqVgGyfEEpV4EpsFGScJNG_GEP40lxQDN12HTSvVeuuTMcCkSlxYG57uG2XklHZ78pRMYYgUiMolza1R8wwSE2UewPsv7zrDF1jnRjD2vbsOnlw2xI_bkSJ8zERLsl9NUOdDtwlfT07x-vHyP7g3I5hFll_JwgHs2NlJzH4xmHkNjaij9_mWAG-r_Nb7RhTB-M7WUDy6mM8oP_uY4gW5bHLL1fpC9-X4JfwOaUzy3MNubZd9da_aOWNpl43AQvIy-tKt6LANLXFgqpH-xZTuDilq1DmVVyidOOuptzAh3UjnfRALRzGJZIXUtc6o9pN5nFLO-rA4xTsEDzDpeLndI1exM91IAGc044KfRS9b0gDI30iDsQvlWY&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCj3icDAcfY_SfOsyBrASpobJoyZ7SsVzVnZH3cMCNtwEQASAAYJXCpoKwB4IBF2NhLXB1Yi00NjI3NTE3NjgwMjQ5NjcwoAHVttLqA8gBCakChr7End3YsD7gAgCoAwGqBJECT9CXigtrG9VDXM7pYZNE8k-vPVob_XAyPUXL55Z1RPkb64gBvGSAEZD2CsXRzFaEhbgihuFLDS4gyKgvRkhpddTSX8Av20im2aLh5-U71_x1IUZulchGsWKZ4xrJGk_449nLTz2B7ujhb6_YsZPm6Ke7ldyHL45L2bUFHpulmYIBQCoofITKalt-91dhRGupqHQmCRm6y3BNMDCteNmZX5BuGYLSaKDvJFRGQ9J3sOFnN6UJz8cjcsev4hDZOyMNyByiuCFQISU8D0YXEGzbNtU6yHAS0pGXKjxXn9bmgsDHbUg_1WFoY0bc9t9CdKcuaQ0GQeT7mWr2A1gQVhizZBj78m27ru3SQPF_uZMxbDLR4AQBgAbHzc-Y357tqfkBoAYhqAeKmLECqAemvhuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHANIIEAiI4YAQEAEyA6qCAToCgED6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_2ZxoQzaRiL1V7DPvlooP0tznLqUw%26client%3Dca-pub-4627517680249670%26adurl%3D

Requested by

Host: 30098436617e6bdbda20c622bf945430.safeframe.googlesyndication.com
URL: https://30098436617e6bdbda20c622bf945430.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::4 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

64c3ab10913497a3bb7b1bbfca94c4819a32cdef228e5e4c493774bca6c4d8fd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://30098436617e6bdbda20c622bf945430.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
access-control-max-age: 1000
cache-control: private, max-age=0, no-cache
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
date: Mon, 12 Sep 2022 10:16:45 GMT
expires: Mon, 26 Jul 1997 05:00:00 GMT
link: <pix.eu.criteo.net>; rel=preconnect; crossorigin, <static.criteo.net>; rel=preconnect; crossorigin
p3p: CP='CUR ADM OUR NOR STA NID'
pragma: no-cache
report-to: {"endpoints":[{"url":"https://csm.eu.criteo.net/heavyad?cppv=3&cpp=ujfKrJ4qTrAtEcrDXEV2bQWr72PLJiJxZ37MLClgFSlfhOQVEPidSrxxSKHjNjZWmf7HXGfGcOwF1bJJ4BBzivbiBLZnTE0Aogs-zZSC9OcnvhXciXICbJJSgitO5NUH7Vuw1yg-sUjvgoj1J3mH-YrFcF9xq6FQXRaZrg12uJ5bdeUsQchQE29hxMomCwQlGoya0QFKFypEGqMjQRNcpkk6nTIUlDGDlmx9x4pqBxNEzp_FOMWzMw7oBp-kgfgYf0zwHQ"}], "max_age": 86400}
server: Kestrel
server-processing-duration-in-ticks: 137676005
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220907/r20110914/client/ Frame FF14 3 KB
1 KB 17ms
15ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220907/r20110914/client/window_focus_fy2021.js

Requested by

Host: 30098436617e6bdbda20c622bf945430.safeframe.googlesyndication.com
URL: https://30098436617e6bdbda20c622bf945430.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://30098436617e6bdbda20c622bf945430.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Mon, 12 Sep 2022 10:01:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 888
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 26 Sep 2022 10:01:57 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220907/r20110914/client/ Frame FF14 17 KB
7 KB 17ms
12ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220907/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 30098436617e6bdbda20c622bf945430.safeframe.googlesyndication.com
URL: https://30098436617e6bdbda20c622bf945430.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e368951bc5918b3d9fbc8205bfdf0d8be8b79da09b457bb113307063f3b1bc89

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://30098436617e6bdbda20c622bf945430.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Mon, 12 Sep 2022 10:12:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 230
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7592
x-xss-protection: 0
server: cafe
etag: 7248493764890666469
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 26 Sep 2022 10:12:55 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame FF14 0
0 28ms
21ms Image
text/html 2a00:1450:4001:82b::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSI6qjvjP9TBNo5i8Fd9WLMH7yzgpnuvMhDT-QMg4WxA7EkaFVz1-HhWDnA_HtRZ4afT_8MSV2EYdUhp8-c_zoR7m23kw
Requested by: Host: 30098436617e6bdbda20c622bf945430.safeframe.googlesyndication.com
URL: https://30098436617e6bdbda20c622bf945430.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:82b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://30098436617e6bdbda20c622bf945430.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

GET
H3 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-38/js/ Frame FF14 22 KB
7 KB 17ms
13ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-38/js/ext.js

Requested by

Host: 30098436617e6bdbda20c622bf945430.safeframe.googlesyndication.com
URL: https://30098436617e6bdbda20c622bf945430.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0bcac89d72d5f0b2bef20f815406384ff05489e4294acee57409060c2eccffc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://30098436617e6bdbda20c622bf945430.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Tue, 06 Sep 2022 11:07:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 515376
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7022
x-xss-protection: 0
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Wed, 06 Sep 2023 11:07:09 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame FF14 141 KB
44 KB 29ms
25ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 30098436617e6bdbda20c622bf945430.safeframe.googlesyndication.com
URL: https://30098436617e6bdbda20c622bf945430.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

50f77fa9d32c1323f7e50da8d807f556cdddaea2161de6cf84a0c8b4c1dd6f79

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://30098436617e6bdbda20c622bf945430.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Mon, 12 Sep 2022 10:16:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44740
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1662550240112033"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 12 Sep 2022 10:16:45 GMT

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 3820 0
0 62ms
57ms Fetch
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CAnrRDAcfY-KhOsyBrASpobJoyZ7SsVzVnZH3cMCNtwEQASAAYJXCpoKwB4IBF2NhLXB1Yi00NjI3NTE3NjgwMjQ5NjcwoAHVttLqA8gBCakChr7End3YsD7gAgCoAwGqBJQCT9AkqkUwPGrSXVC_-d_YoP_ola8sl4xuDPm5YbX7F9pPk1S5vCISFrjc8eX2h13YsTfGoTllcpafaRwdizJq0UQhuHz8rf4jCAf5z4hfTYLZLaDOnG-axvZ2IP041522xybXzkFrxlqQ94qOXxunGmmT0R-ja8lMflcPoNos_S4LRugkMiU0ZRsMwY7ftZub9GfLvUz3yw8Cvn7ScLd3RuHwJ57Zfef-W-NwL5285KZm91f-f30EeZdsXetBGyia5ETbOdD1wxfl0aG8L6rYWJbN0YkqDOZbf1hoJNCzMwKT-pbznouNgS5VfpktTqmRVCyhhylOjp_o0vidRIXmuwWhUFJbZX7U7_yLPj-UVaidXq6I4AQBgAbcioG9gIPG97YBoAYhqAeKmLECqAemvhuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHANIIEAiI4YAQEAEyA6qCAToCgECACgP6CwIIAYAMAdAVAYAXAbIXHAoaEhRwdWItNDYyNzUxNzY4MDI0OTY3MBj_1xc&sigh=WJmh0qSmq4E&uach_m=[UACH]&cid=CAQSPgCsnQUxkrn9IwfjCHxHnnXjGgafuUt1KySRggXvXxcW-D2JSyMilXiHdDbIOurzY_eVIFWuW2h7T6Ly9MmTGAE
Requested by: Host: www.123greetings.com
URL: https://www.123greetings.com/events/harvest_moon_festival/?utm_source=esep_harvestmoonfest_remail
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://30098436617e6bdbda20c622bf945430.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

GET
H2 200 notify
rtb.fr.eu.criteo.com/google/auction/ Frame 3820 0
0 64ms
16ms Fetch 2a02:2638::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://rtb.fr.eu.criteo.com/google/auction/notify?profile=14&payload=k6W_EMc1rAL6AZ2DYgICAAAAoVE7jJl3H1IffN3qK-WvnBAMBx9jkjC65MEOa-U9dM4AEgAA&wp=Yx8HDAAOkOIKiwDMAAyQqQYq-xbDL4oT9hr3Fw

Requested by

Host: www.123greetings.com
URL: https://www.123greetings.com/events/harvest_moon_festival/?utm_source=esep_harvestmoonfest_remail

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://30098436617e6bdbda20c622bf945430.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Mon, 12 Sep 2022 10:16:44 GMT
server: Kestrel
server-processing-duration-in-ticks: 253233
content-length: 0
strict-transport-security: max-age=31536000; preload;

GET
H2 200 afr.php Show response
ads.eu.criteo.com/delivery/r/ Frame C6A2 185 KB
56 KB 370ms
147ms Document
text/html 2a02:2638:1::4
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://ads.eu.criteo.com/delivery/r/afr.php?z=Yx8HDAAOkOIKiwDMAAyQqQYq-xbDL4oT9hr3Fw&u=%7CSx%2BgiojftOybcfzvsyTLmbQH0u1vEc0j0Bonk1PWGnQ%3D%7C&c1=0n2XosTo5ckbeNFvq0zVIcsyhyT3WKD0PIixkNz--ZUG2JILUkurhaVHQ6RkVc1uRRN7U2tIy92afbib4fbn5EybKaRfoUCp6pZXFQMmnMg_Cbd3OzeSIDKu6FdF_eX4RhcTmLp4SqPOKYa8Iv9-mqQ30q2VoZGUt4-lh2RFUtAF73y44CyHJLEpglgx9FB5NseqDH22hN61Ifraz12Ag0QG1ew1za06pYznl_UbF412P6NljCkMA963U2BvajveXG6bs-eXxCYLRSB9SArAMl5omNVWKgmADmEiDd_4yFUDe98agPBluCXFhhpu8tPGMLGs5FlLiAP_kpJI1U-EjGNzG34idfTL7cqcwXK2ilVYzxKE6zCEy0T43y0zwXzkONFPfbg4tyvwVbBmUoESXf0jK3qwNEJFqrPnzFreC2uUdciUhP5UMmW0gmSktj2eYCB4T9MfrIHUg1GGEM8FJVSJO7rUPpOZdVmnQV8BQq4eLnqb4QiG_qaqiCzuPHoqPiFSLIU8RqWrxvsFLjFGyuMeBmTCEIRWx8Q9Bo5z-XRQBERl1KDVDgOL70zLdJQjOVcwooG1vsjBEwzm_zVAyJ5xAQ14ZjYaN8CkIzO7KzXNt2uiJLzWFNNpTkGWsATZkWFi9XCVv9SMlvtLJKS6CQ&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCXRstDAcfY-KhOsyBrASpobJoyZ7SsVzVnZH3cMCNtwEQASAAYJXCpoKwB4IBF2NhLXB1Yi00NjI3NTE3NjgwMjQ5NjcwoAHVttLqA8gBCakChr7End3YsD7gAgCoAwGqBJcCT9AkqkUwPGrSXVC_-d_YoP_ola8sl4xuDPm5YbX7F9pPk1S5vCISFrjc8eX2h13YsTfGoTllcpafaRwdizJq0UQhuHz8rf4jCAf5z4hfTYLZLaDOnG-axvZ2IP041522xybXzkFrxlqQ94qOXxunGmmT0R-ja8lMflcPoNos_S4LRugkMiU0ZRsMwY7ftZub9GfLvUz3yw8Cvn7ScLd3RuHwJ57Zfef-W-NwL5285KZm91f-f30EeZdsXetBGyia5ETbOdD1wxfl0aG8L6rYWJbN0YkqDOZbf1hoJNCzMwKT-pbznouNgS5VfpktTuuTdb4mCLVdMQP8cSig4n3vrw8XWnxD58oc0lp5gSG4TS032r035prG4AQBgAbcioG9gIPG97YBoAYhqAeKmLECqAemvhuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHANIIEAiI4YAQEAEyA6qCAToCgED6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_2nIzpm7S9Ih1qGuJVJQCKX_5f-3A%26client%3Dca-pub-4627517680249670%26adurl%3D

Requested by

Host: 30098436617e6bdbda20c622bf945430.safeframe.googlesyndication.com
URL: https://30098436617e6bdbda20c622bf945430.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::4 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

925fbeacd399485033fec84dda453c7878b21be3d261ea9d01b832153eea22a2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://30098436617e6bdbda20c622bf945430.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
access-control-max-age: 1000
cache-control: private, max-age=0, no-cache
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
date: Mon, 12 Sep 2022 10:16:45 GMT
expires: Mon, 26 Jul 1997 05:00:00 GMT
link: <pix.eu.criteo.net>; rel=preconnect; crossorigin, <static.criteo.net>; rel=preconnect; crossorigin
p3p: CP='CUR ADM OUR NOR STA NID'
pragma: no-cache
report-to: {"endpoints":[{"url":"https://csm.eu.criteo.net/heavyad?cppv=3&cpp=UC-9P54qTrAtEcrD35TOcMtHlkfPo8t8cQIGgZ0NmN2IJxFCP2PlGYndWfpg5xWfERrJE_L0A0sWqCBNXQOwtf4Cy8eS60sYqG8LwFh8DTGzrVzvOitRoZgY-5OHM_9TCMWNpXhdihsD1egeDo1phdEiL0HbxoEu8rQaJJTJ2VhZPQjOfB_ZruHGAFFu1RThVlY7iLLmV9zO_Biz3WN_RWW6trKBN0Omb-astWCLFYWI8t_4t8xKrAXJ0kyauPs1UJc7VQ"}], "max_age": 86400}
server: Kestrel
server-processing-duration-in-ticks: 132081996
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220907/r20110914/client/ Frame 3820 3 KB
1 KB 18ms
14ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220907/r20110914/client/window_focus_fy2021.js

Requested by

Host: 30098436617e6bdbda20c622bf945430.safeframe.googlesyndication.com
URL: https://30098436617e6bdbda20c622bf945430.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://30098436617e6bdbda20c622bf945430.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Mon, 12 Sep 2022 10:01:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 888
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 26 Sep 2022 10:01:57 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220907/r20110914/client/ Frame 3820 17 KB
7 KB 18ms
14ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220907/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 30098436617e6bdbda20c622bf945430.safeframe.googlesyndication.com
URL: https://30098436617e6bdbda20c622bf945430.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e368951bc5918b3d9fbc8205bfdf0d8be8b79da09b457bb113307063f3b1bc89

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://30098436617e6bdbda20c622bf945430.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Mon, 12 Sep 2022 10:12:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 230
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7592
x-xss-protection: 0
server: cafe
etag: 7248493764890666469
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 26 Sep 2022 10:12:55 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame 3820 0
0 25ms
20ms Image
text/html 2a00:1450:4001:82b::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaRoHyPnq6qFOJJ61kY91e1p8n9eOAFyLuobUNSef6NKMsSlg2GqG4x6hGIsLKUaexOSABHbnC21BwqVX3p8t3u3ppfLuw
Requested by: Host: 30098436617e6bdbda20c622bf945430.safeframe.googlesyndication.com
URL: https://30098436617e6bdbda20c622bf945430.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:82b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://30098436617e6bdbda20c622bf945430.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

GET
H3 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-38/js/ Frame 3820 22 KB
7 KB 18ms
15ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-38/js/ext.js

Requested by

Host: 30098436617e6bdbda20c622bf945430.safeframe.googlesyndication.com
URL: https://30098436617e6bdbda20c622bf945430.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0bcac89d72d5f0b2bef20f815406384ff05489e4294acee57409060c2eccffc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://30098436617e6bdbda20c622bf945430.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Tue, 06 Sep 2022 11:07:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 515376
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7022
x-xss-protection: 0
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Wed, 06 Sep 2023 11:07:09 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 3820 141 KB
44 KB 45ms
42ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 30098436617e6bdbda20c622bf945430.safeframe.googlesyndication.com
URL: https://30098436617e6bdbda20c622bf945430.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

50f77fa9d32c1323f7e50da8d807f556cdddaea2161de6cf84a0c8b4c1dd6f79

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://30098436617e6bdbda20c622bf945430.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Mon, 12 Sep 2022 10:16:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44740
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1662550240112033"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 12 Sep 2022 10:16:45 GMT

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 7670 0
0 58ms
57ms Fetch
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=Cp7aqDAcfY86jOsyBrASpobJoyZ7SsVzVnZH3cMCNtwEQASAAYJXCpoKwB4IBF2NhLXB1Yi00NjI3NTE3NjgwMjQ5NjcwoAHVttLqA8gBCakChr7End3YsD7gAgCoAwGqBJgCT9A5kQaYQ60hCBFscY238fQ6GMmDtDfWa7IIdaSYpu_0DbroXzv7JnJLVPmnKmzcSkQ9N5WG9HUswvPdtKq5cwGUQC2IV9tANh0vTGWtk-bt0X5asrjkb0C2Wl5ZQjZ02O9hW1h_6Qn5So41j5AMHPiL0R_djG6KTtTZ_NS8_uUIK_kgGLhBxBsTogfrwPNprWSsQ0U_VEA1Fjo7NIrmr5SFRdKdOVHPBfB5lX1F8ZYHPJLP-z7H0p-fdo0mqSdIN6DA1fzSVb1A33yS5UgK3iUPeL6wxcI5uEN-7S7rOEeRelFpw0F8Jq6OzM8Kjk6Cmo89QtUoHs32MG2ySdXLxqhe-WXozWBtNXDGgrUPGNx4CMiwGPx7DOAEAYAGx83PmN-e7an5AaAGIagHipixAqgHpr4bqAeW2BuoB6qbsQKoB_-esQKoB9-fsQLYBwDSCBAIiOGAEBABMgOqggE6AoBAgAoD-gsCCAGADAHQFQGAFwGyFxwKGhIUcHViLTQ2Mjc1MTc2ODAyNDk2NzAY_9cX&sigh=P_rbGDP42yQ&uach_m=[UACH]&cid=CAQSPgCsnQUxkrn9IwfjCHxHnnXjGgafuUt1KySRggXvXxcW-D2JSyMilXiHdDbIOurzY_eVIFWuW2h7T6Ly9MmTGAE
Requested by: Host: www.123greetings.com
URL: https://www.123greetings.com/events/harvest_moon_festival/?utm_source=esep_harvestmoonfest_remail
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://30098436617e6bdbda20c622bf945430.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

GET
H2 200 notify
rtb.nl.eu.criteo.com/google/auction/ Frame 7670 0
0 205ms
14ms Fetch 2a02:2638:1::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://rtb.nl.eu.criteo.com/google/auction/notify?profile=14&payload=k5CTFMc1rAL6AZ2DYgICAAAAoVE7jJl3H1IffN3qK-WvnBAMBx9j0DeoPGjzz8vlQiIAEgAA&wp=Yx8HDAAOkc4KiwDMAAyQqWfC3AofKbrxu_dGIg

Requested by

Host: www.123greetings.com
URL: https://www.123greetings.com/events/harvest_moon_festival/?utm_source=esep_harvestmoonfest_remail

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://30098436617e6bdbda20c622bf945430.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Mon, 12 Sep 2022 10:16:45 GMT
server: Kestrel
server-processing-duration-in-ticks: 271781
content-length: 0
strict-transport-security: max-age=31536000; preload;

GET
H2 200 afr.php Show response
ads.eu.criteo.com/delivery/r/ Frame B9D6 214 KB
59 KB 389ms
171ms Document
text/html 2a02:2638:1::4
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://ads.eu.criteo.com/delivery/r/afr.php?z=Yx8HDAAOkc4KiwDMAAyQqWfC3AofKbrxu_dGIg&u=%7CSx%2BgiojftOz0dl%2BLgmCAK0YZUK4uuFQWXIszVF9teuU%3D%7C&c1=0n2XosTo5ckbeNFvq0zVIcsyhyT3WKD0PIixkNz--ZUG2JILUkurhaVHQ6RkVc1uRRN7U2tIy92afbib4fbn5EybKaRfoUCp6pZXFQMmnMggJeikCgjA3AdT3TeTKF_pR7oMYIxtKfD77HV6uJnsU2yEZgWNsqZ6JhJT0ww5h5Q1_uimLgFOYPvo5GArOVvGFbyLSDo-PCK0aaUodR5V3iKHk_ReJ9xOoQrcM99yY9DBSn6pAdAySuiCjqfswdcFKQmTx3eKY5XMYZLP0p3xZ2uALerh3kcClUyovUNV69r7djf7FOjJqs6byZtL2AHZol-qfhnFEulfCgp9CmnaBq_jWMf6ueYqn6Sv11GqPJoZtiA7_iX8GnwZL1FlLL1MOMMc9mDM734f79Ai-YUL8l3WfSQvQOZMTGb3WhBRy09SRYB63eHWsLorQ5ncJRk2HCdW85kA5JmtFROeqUhwEZKOa3RVLIscL129fe_dnhxRNjczcDN86RkG6fDY4EBZ0amQtJvta4ZD4bWnwl3WD1a42Movv6LPd2qrgt-5a5BN8jQErIAbu8cT3zKjrHgPHDkTAL0R7zHPpH9TjPiEiS8GZAVvuhNvMnz-UrV_u0Eul9skZKjQBYcAQgK9bGLZ3GgEiNfa2N_zJ7YOvKdSZw&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC_isbDAcfY86jOsyBrASpobJoyZ7SsVzVnZH3cMCNtwEQASAAYJXCpoKwB4IBF2NhLXB1Yi00NjI3NTE3NjgwMjQ5NjcwoAHVttLqA8gBCakChr7End3YsD7gAgCoAwGqBJsCT9A5kQaYQ60hCBFscY238fQ6GMmDtDfWa7IIdaSYpu_0DbroXzv7JnJLVPmnKmzcSkQ9N5WG9HUswvPdtKq5cwGUQC2IV9tANh0vTGWtk-bt0X5asrjkb0C2Wl5ZQjZ02O9hW1h_6Qn5So41j5AMHPiL0R_djG6KTtTZ_NS8_uUIK_kgGLhBxBsTogfrwPNprWSsQ0U_VEA1Fjo7NIrmr5SFRdKdOVHPBfB5lX1F8ZYHPJLP-z7H0p-fdo0mqSdIN6DA1fzSVb1A33yS5UgK3iUPeL6wxcI5uEN-7S7rOEeRelFpw0F8Jq6OzM8Kjk6Cmo9_QPS6mUJqI9IuXXYb-w6m8HHie2pDLfJySoip6mNmJNA1snhos726euAEAYAGx83PmN-e7an5AaAGIagHipixAqgHpr4bqAeW2BuoB6qbsQKoB_-esQKoB9-fsQLYBwDSCBAIiOGAEBABMgOqggE6AoBA-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_3Uo9SS1oe_deq6ZTj64ELXuWkuyw%26client%3Dca-pub-4627517680249670%26adurl%3D

Requested by

Host: 30098436617e6bdbda20c622bf945430.safeframe.googlesyndication.com
URL: https://30098436617e6bdbda20c622bf945430.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::4 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

9ebf2dcf768ed72aba5f557f7f08f38a3b62c9574b94801693cc681446da64a8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://30098436617e6bdbda20c622bf945430.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
access-control-max-age: 1000
cache-control: private, max-age=0, no-cache
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
date: Mon, 12 Sep 2022 10:16:46 GMT
expires: Mon, 26 Jul 1997 05:00:00 GMT
link: <pix.eu.criteo.net>; rel=preconnect; crossorigin, <static.criteo.net>; rel=preconnect; crossorigin
p3p: CP='CUR ADM OUR NOR STA NID'
pragma: no-cache
report-to: {"endpoints":[{"url":"https://csm.eu.criteo.net/heavyad?cppv=3&cpp=3dq5WJ4qTrAtEcrD2gMyQQ8EVQEt-f656PdATvvf8193eNw9y9sLCXKEAdie6lsXponPhtmTL62XsUaSwoQmeBGuIVLwseGVwmWzE9K8vHFmyM35bAKRVELVvkbWtP_x3TTxoFmqtdf0XGSII4mQBdf3LvDV-e7364D6k48jMmdzyCb9Hid6I2zKd8bf5iK2AEH8yxLPUCD3n95YBOiBwqNRr5zZCPrGZkHN2en5Ps0jlY3Wq4hVo4c3H7WXDPQ6r2V_sQ"}], "max_age": 86400}
server: Kestrel
server-processing-duration-in-ticks: 135621333
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220907/r20110914/client/ Frame 7670 3 KB
1 KB 15ms
13ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220907/r20110914/client/window_focus_fy2021.js

Requested by

Host: 30098436617e6bdbda20c622bf945430.safeframe.googlesyndication.com
URL: https://30098436617e6bdbda20c622bf945430.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://30098436617e6bdbda20c622bf945430.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Mon, 12 Sep 2022 10:01:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 888
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 26 Sep 2022 10:01:57 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220907/r20110914/client/ Frame 7670 17 KB
7 KB 16ms
13ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220907/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 30098436617e6bdbda20c622bf945430.safeframe.googlesyndication.com
URL: https://30098436617e6bdbda20c622bf945430.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e368951bc5918b3d9fbc8205bfdf0d8be8b79da09b457bb113307063f3b1bc89

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://30098436617e6bdbda20c622bf945430.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Mon, 12 Sep 2022 10:12:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 230
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7592
x-xss-protection: 0
server: cafe
etag: 7248493764890666469
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 26 Sep 2022 10:12:55 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame 7670 0
0 26ms
21ms Image
text/html 2a00:1450:4001:82b::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSA5gaDZWabtJeRRYwv2P2ZuNdVF4eWSqXuLimA47DUnPxzDz4Lqe6iGdx6JdAIdHomLgzhVVywW9bDz-7sHrSSGB53gQ
Requested by: Host: 30098436617e6bdbda20c622bf945430.safeframe.googlesyndication.com
URL: https://30098436617e6bdbda20c622bf945430.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:82b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://30098436617e6bdbda20c622bf945430.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

GET
H3 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-38/js/ Frame 7670 22 KB
7 KB 16ms
14ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-38/js/ext.js

Requested by

Host: 30098436617e6bdbda20c622bf945430.safeframe.googlesyndication.com
URL: https://30098436617e6bdbda20c622bf945430.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0bcac89d72d5f0b2bef20f815406384ff05489e4294acee57409060c2eccffc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://30098436617e6bdbda20c622bf945430.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Tue, 06 Sep 2022 11:07:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 515376
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7022
x-xss-protection: 0
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Wed, 06 Sep 2023 11:07:09 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 7670 141 KB
44 KB 42ms
40ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 30098436617e6bdbda20c622bf945430.safeframe.googlesyndication.com
URL: https://30098436617e6bdbda20c622bf945430.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

50f77fa9d32c1323f7e50da8d807f556cdddaea2161de6cf84a0c8b4c1dd6f79

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://30098436617e6bdbda20c622bf945430.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Mon, 12 Sep 2022 10:16:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44740
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1662550240112033"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 12 Sep 2022 10:16:45 GMT

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame DB9C 0
0 58ms
55ms Fetch
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CJ3R2DAcfY6unOsyBrASpobJoyZ7SsVzVnZH3cMCNtwEQASAAYJXCpoKwB4IBF2NhLXB1Yi00NjI3NTE3NjgwMjQ5NjcwoAHVttLqA8gBCakChr7End3YsD7gAgCoAwGqBJQCT9DL5ZWu8tGzJR7bcp_Brf_yUjhXhWwpR1XeUDkon7CuxCxl7FraFZRZ9qxr4G4CSgvS9gNgZKHnp35VhBOu3S0HQJ1ikkritMINSJT9dyRdp6y3dD2jErrcQxpjk0dfCrJjzQRE3m1bETu__4PLq_aqzBa3rOMc64Tn6WQtKt4ZnbDIXnvaHUgdzuh2pTCMicNTMZhdTmyipblOaTa6aZs9_pvI4GBFSFGtO5shsBDt8_ebNwEqXy9XsdtkR1NhXHuA-rOoEi0j8Lk0J1ORBp9o1dRIHZCp8jCrOg_TfI0706HIq7w7psIPMiwdQ1AwW-vVTAWIdkqqv5xKoeN0oU1OasOLqkcc0suYgBduLqqWeC7F4AQBgAbHzc-Y357tqfkBoAYhqAeKmLECqAemvhuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHANIIEAiI4YAQEAEyA6qCAToCgECACgP6CwIIAYAMAdAVAYAXAbIXHAoaEhRwdWItNDYyNzUxNzY4MDI0OTY3MBj_1xc&sigh=BHd31DkO8A8&uach_m=[UACH]&cid=CAQSPgCsnQUxkrn9IwfjCHxHnnXjGgafuUt1KySRggXvXxcW-D2JSyMilXiHdDbIOurzY_eVIFWuW2h7T6Ly9MmTGAE
Requested by: Host: www.123greetings.com
URL: https://www.123greetings.com/events/harvest_moon_festival/?utm_source=esep_harvestmoonfest_remail
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://30098436617e6bdbda20c622bf945430.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

GET
H2 200 notify
rtb.fr.eu.criteo.com/google/auction/ Frame DB9C 0
0 74ms
34ms Fetch 2a02:2638::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://rtb.fr.eu.criteo.com/google/auction/notify?profile=14&payload=k5CTFOv_CsoH-gGdg2ICAgAAAKFRO4yZdx9SH3zd6ivlr5wQDAcfYzmWOa2oNl6uiGXZABIAAA&wp=Yx8HDAAOk6sKiwDMAAyQqd0t-ph48dRC5m9wtQ

Requested by

Host: www.123greetings.com
URL: https://www.123greetings.com/events/harvest_moon_festival/?utm_source=esep_harvestmoonfest_remail

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://30098436617e6bdbda20c622bf945430.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Mon, 12 Sep 2022 10:16:44 GMT
server: Kestrel
server-processing-duration-in-ticks: 212988
content-length: 0
strict-transport-security: max-age=31536000; preload;

GET
H2 200 afr.php Show response
ads.eu.criteo.com/delivery/r/ Frame A232 218 KB
58 KB 398ms
183ms Document
text/html 2a02:2638:1::4
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://ads.eu.criteo.com/delivery/r/afr.php?z=Yx8HDAAOk6sKiwDMAAyQqd0t-ph48dRC5m9wtQ&u=%7CSx%2BgiojftOxMEYIr0oAKepA0G%2FWon%2FgM8vWIqbVarO4%3D%7C&c1=0n2XosTo5ckbeNFvq0zVIcsyhyT3WKD0PIixkNz--ZUG2JILUkurhaVHQ6RkVc1uRRN7U2tIy92afbib4fbn5EybKaRfoUCpWgROSpkK00uYfvevcoC6ZEiQLRqu-ImYCZFLEuf3c7eE0IdMDPbSnbzw7sN1RGoG7DGGZUXMPkvZZSxPZOLD2NQIqqbVomQoDtAKJo2aJb_crgBOIe7CzbKaCTz71sdYH3CaP6q955N2Uv8ORWVoUweaY6UON3vQesUf4e43348tnqRSU2R_dkOxo9MLggRsnOHgVxUfnHEaLw3MXaIBxVoI6n701oQ7IE098u2bcNSdBoUqN_are9VrBTChmnZGj82OaUjv5RLsVB9MXwMUzE02a6M8Vzn3VM9YudYknCjG8sJfhwDGSGVmjBHRMGzKWHN9jawE5FsXPBplAz95AFLW5Xep9hOV-zs3oZN2t66g8VKRh8COXYaR1wWlISbOgaa9IfHPMnLryLSITziY_0X3fQv0NzjYhjco9C10TGm62NfPutErFeWKagaXIalyN3P6O9f7i3oRSSKCwgWtX7pusd8tMaFaY9_AsmzMhrecBFLgXQD9NPvDUQy9RuOFFkZlSSu_EiRH096Z4vpDsDsDRo1G79sHxgJ54bN5Oiz8wR7LugPYmQ&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCpEm2DAcfY6unOsyBrASpobJoyZ7SsVzVnZH3cMCNtwEQASAAYJXCpoKwB4IBF2NhLXB1Yi00NjI3NTE3NjgwMjQ5NjcwoAHVttLqA8gBCakChr7End3YsD7gAgCoAwGqBJcCT9DL5ZWu8tGzJR7bcp_Brf_yUjhXhWwpR1XeUDkon7CuxCxl7FraFZRZ9qxr4G4CSgvS9gNgZKHnp35VhBOu3S0HQJ1ikkritMINSJT9dyRdp6y3dD2jErrcQxpjk0dfCrJjzQRE3m1bETu__4PLq_aqzBa3rOMc64Tn6WQtKt4ZnbDIXnvaHUgdzuh2pTCMicNTMZhdTmyipblOaTa6aZs9_pvI4GBFSFGtO5shsBDt8_ebNwEqXy9XsdtkR1NhXHuA-rOoEi0j8Lk0J1ORBp9o1dRIHZCp8jCrOg_TfI0706HIq7w7psIPMiwdQxIyenlSw5mbyda-HEx3Bxt9tUf4YO2TKPPU721qPwlCNi88_D165-On4AQBgAbHzc-Y357tqfkBoAYhqAeKmLECqAemvhuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHANIIEAiI4YAQEAEyA6qCAToCgED6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_1lzmt_kicg7118J0ju0QdCg4-SVg%26client%3Dca-pub-4627517680249670%26adurl%3D

Requested by

Host: 30098436617e6bdbda20c622bf945430.safeframe.googlesyndication.com
URL: https://30098436617e6bdbda20c622bf945430.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::4 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

9af575ce8e68020fb6fe59dd81decfa86402db785f2c8b88f9d62feaacec8fe3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://30098436617e6bdbda20c622bf945430.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
access-control-max-age: 1000
cache-control: private, max-age=0, no-cache
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
date: Mon, 12 Sep 2022 10:16:45 GMT
expires: Mon, 26 Jul 1997 05:00:00 GMT
link: <pix.eu.criteo.net>; rel=preconnect; crossorigin, <static.criteo.net>; rel=preconnect; crossorigin
p3p: CP='CUR ADM OUR NOR STA NID'
pragma: no-cache
report-to: {"endpoints":[{"url":"https://csm.eu.criteo.net/heavyad?cppv=3&cpp=jAtkdp4qTrAtEcrDa1UDq_yMqT5KopXRJUcETEHap9LAy4MitEDjykisRAfycpHu0wNyAKjDS6K3PSibr6cpU5vC8f6uUc3_99TpMpRLLqGqA4ZEPobRgrBj2mgd_dOuOlwiHIqyz30ruRxiIIpOVYkideJjRXPIhdggCL0o5nnyCfdy9JO6iuozpDnN1hpkT1xndwhhlIhkljTMV_Cfld_mZZA06-7chbH-VvOcmfXw8t0J478sYn0HESoaktWxEKXpjg"}], "max_age": 86400}
server: Kestrel
server-processing-duration-in-ticks: 142097136
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220907/r20110914/client/ Frame DB9C 3 KB
1 KB 15ms
14ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220907/r20110914/client/window_focus_fy2021.js

Requested by

Host: 30098436617e6bdbda20c622bf945430.safeframe.googlesyndication.com
URL: https://30098436617e6bdbda20c622bf945430.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://30098436617e6bdbda20c622bf945430.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Mon, 12 Sep 2022 10:01:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 888
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 26 Sep 2022 10:01:57 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220907/r20110914/client/ Frame DB9C 17 KB
7 KB 16ms
14ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220907/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 30098436617e6bdbda20c622bf945430.safeframe.googlesyndication.com
URL: https://30098436617e6bdbda20c622bf945430.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e368951bc5918b3d9fbc8205bfdf0d8be8b79da09b457bb113307063f3b1bc89

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://30098436617e6bdbda20c622bf945430.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Mon, 12 Sep 2022 10:12:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 230
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7592
x-xss-protection: 0
server: cafe
etag: 7248493764890666469
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 26 Sep 2022 10:12:55 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame DB9C 0
0 21ms
20ms Image
text/html 2a00:1450:4001:82b::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaTvVKjqeV60MiUeJTs1ar2jPnjEK_T0iCWzfqa8bp2gng5brYzJRiNrrPZUKbClJpyyIh7hZmz7maqx4fs2h9r2Hcw82w
Requested by: Host: 30098436617e6bdbda20c622bf945430.safeframe.googlesyndication.com
URL: https://30098436617e6bdbda20c622bf945430.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:82b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://30098436617e6bdbda20c622bf945430.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

GET
H3 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-38/js/ Frame DB9C 22 KB
7 KB 15ms
15ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-38/js/ext.js

Requested by

Host: 30098436617e6bdbda20c622bf945430.safeframe.googlesyndication.com
URL: https://30098436617e6bdbda20c622bf945430.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0bcac89d72d5f0b2bef20f815406384ff05489e4294acee57409060c2eccffc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://30098436617e6bdbda20c622bf945430.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Tue, 06 Sep 2022 11:07:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 515376
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7022
x-xss-protection: 0
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Wed, 06 Sep 2023 11:07:09 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame DB9C 141 KB
44 KB 36ms
35ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 30098436617e6bdbda20c622bf945430.safeframe.googlesyndication.com
URL: https://30098436617e6bdbda20c622bf945430.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

50f77fa9d32c1323f7e50da8d807f556cdddaea2161de6cf84a0c8b4c1dd6f79

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://30098436617e6bdbda20c622bf945430.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Mon, 12 Sep 2022 10:16:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44740
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1662550240112033"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 12 Sep 2022 10:16:45 GMT

GET
DATA 200
OK truncated
/ Frame C44B 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6c7eda804f91f5e1687e00de641a2b6c8c50ebd5643dc899b5b8680d77b72b23

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame FCB1 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: beb0022df8dc0fc70f2cccf48134b5150a1c7da666ac975b0127278bea8dc8d6

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202209080101/ Frame F3D0 346 KB
122 KB 71ms
69ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202209080101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-4627517680249670&plah=www.123greetings.com&bust=31069448

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/show_ads.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4a85a086bd99d58e42f1f99aec170c0da4911032a8a4f34e38e7e9ae40cdf3f3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Mon, 12 Sep 2022 10:16:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 124742
x-xss-protection: 0
server: cafe
etag: 9352804512083561557
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Mon, 12 Sep 2022 10:16:45 GMT

GET
DATA 200
OK truncated
/ Frame F3D0 207 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d62410db1c48970ff265796ed3a891c434906abed51ccbe30b9a203dcdbcc17d

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame BC95 13 KB
5 KB 15ms
14ms Document
text/html 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.123greetings.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 764
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 12 Sep 2022 10:04:01 GMT
expires: Tue, 12 Sep 2023 10:04:01 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 3F46 783 B
536 B 55ms
25ms Document
text/html 2a00:1450:4001:82b::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

cf8a0c275768bb883d31553f151de7e4062d5e85f24dff6327d18d3effa7639f

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-sTaWZjfqLYKTvoXYRGd3WA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.123greetings.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=300
content-encoding: gzip
content-length: 514
content-security-policy: script-src 'report-sample' 'nonce-sTaWZjfqLYKTvoXYRGd3WA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Mon, 12 Sep 2022 10:16:45 GMT
expires: Mon, 12 Sep 2022 10:16:45 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
DATA 200
OK truncated
/ Frame FF14 210 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6712d3df89fe6a6bf3e93965319ad0fb61f8fe8666afee15e4f85278b9fee9f0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 abc.txt Show response
static.avantisvideo.com/data/ Frame C44B 9 KB
4 KB 51ms
8ms XHR
text/plain 2600:9000:2250:9e00:8:9ed9:9c40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.avantisvideo.com/data/abc.txt
Requested by: Host: cdn.avantisvideo.com
URL: https://cdn.avantisvideo.com/avm/js/video-loader.js?id=1c35f5e5-f7c0-4c97-8283-6c9f94ba8c53&tagId=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2250:9e00:8:9ed9:9c40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 90b98930822e26b799b358fb5eb5fc8d9571db357986b771156651977f43c2fb

Request headers

Referer: https://www.123greetings.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 12 Sep 2022 07:43:18 GMT
content-encoding: gzip
last-modified: Sun, 11 Sep 2022 07:40:03 GMT
server: AmazonS3
age: 9287
etag: W/"aea53b2b83eada019a7b5d305655a4ae"
vary: Accept-Encoding,Origin
access-control-allow-methods: GET
content-type: text/plain
access-control-allow-origin: https://www.123greetings.com
access-control-allow-credentials: true
x-cache: Hit from cloudfront
x-amz-cf-pop: FRA60-P2
x-amz-cf-id: 52u-mth-34Rko13iIDx2xjJcDBHYFh5JTkVY3Y4v2s9EIsyCdgspJA==
via: 1.1 8ac93eaf91328abbc6951d3fbab21e80.cloudfront.net (CloudFront)

GET
H2 200 abc.txt Show response
static.avantisvideo.com/data/ Frame C44B 9 KB
4 KB 51ms
9ms XHR
text/plain 2600:9000:2250:9e00:8:9ed9:9c40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.avantisvideo.com/data/abc.txt
Requested by: Host: cdn.avantisvideo.com
URL: https://cdn.avantisvideo.com/avm/js/video-loader.js?id=1c35f5e5-f7c0-4c97-8283-6c9f94ba8c53&tagId=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2250:9e00:8:9ed9:9c40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 90b98930822e26b799b358fb5eb5fc8d9571db357986b771156651977f43c2fb

Request headers

Referer: https://www.123greetings.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 12 Sep 2022 07:43:18 GMT
content-encoding: gzip
last-modified: Sun, 11 Sep 2022 07:40:03 GMT
server: AmazonS3
age: 9287
etag: W/"aea53b2b83eada019a7b5d305655a4ae"
vary: Accept-Encoding,Origin
access-control-allow-methods: GET
content-type: text/plain
access-control-allow-origin: https://www.123greetings.com
access-control-allow-credentials: true
x-cache: Hit from cloudfront
x-amz-cf-pop: FRA60-P2
x-amz-cf-id: IaNOoVPyx5Xqr2F98VBEVU-wF17-N6DClQ5ynf9WBAgs_fw-n52HyQ==
via: 1.1 8ac93eaf91328abbc6951d3fbab21e80.cloudfront.net (CloudFront)

GET
H2 200 abc.txt Show response
static.avantisvideo.com/data/ Frame FCB1 9 KB
4 KB 50ms
10ms XHR
text/plain 2600:9000:2250:9e00:8:9ed9:9c40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.avantisvideo.com/data/abc.txt
Requested by: Host: cdn.avantisvideo.com
URL: https://cdn.avantisvideo.com/avm/js/video-loader.js?id=1c35f5e5-f7c0-4c97-8283-6c9f94ba8c53&tagId=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2250:9e00:8:9ed9:9c40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 90b98930822e26b799b358fb5eb5fc8d9571db357986b771156651977f43c2fb

Request headers

Referer: https://www.123greetings.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 12 Sep 2022 10:16:45 GMT
content-encoding: gzip
last-modified: Sun, 11 Sep 2022 07:40:03 GMT
server: AmazonS3
age: 9287
etag: W/"aea53b2b83eada019a7b5d305655a4ae"
vary: Accept-Encoding,Origin
access-control-allow-methods: GET
content-type: text/plain
access-control-allow-origin: https://www.123greetings.com
access-control-allow-credentials: true
x-cache: Hit from cloudfront
x-amz-cf-pop: FRA60-P2
x-amz-cf-id: GbJFKWr61voJyhXVdzNXhBCcZT22SLpp9LoJfoH0m9ockrI5UCH1wA==
via: 1.1 8ac93eaf91328abbc6951d3fbab21e80.cloudfront.net (CloudFront)

GET
H2 200 abc.txt Show response
static.avantisvideo.com/data/ Frame FCB1 9 KB
4 KB 50ms
10ms XHR
text/plain 2600:9000:2250:9e00:8:9ed9:9c40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.avantisvideo.com/data/abc.txt
Requested by: Host: cdn.avantisvideo.com
URL: https://cdn.avantisvideo.com/avm/js/video-loader.js?id=1c35f5e5-f7c0-4c97-8283-6c9f94ba8c53&tagId=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2250:9e00:8:9ed9:9c40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 90b98930822e26b799b358fb5eb5fc8d9571db357986b771156651977f43c2fb

Request headers

Referer: https://www.123greetings.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 12 Sep 2022 10:16:45 GMT
content-encoding: gzip
last-modified: Sun, 11 Sep 2022 07:40:03 GMT
server: AmazonS3
age: 9287
etag: W/"aea53b2b83eada019a7b5d305655a4ae"
vary: Accept-Encoding,Origin
access-control-allow-methods: GET
content-type: text/plain
access-control-allow-origin: https://www.123greetings.com
access-control-allow-credentials: true
x-cache: Hit from cloudfront
x-amz-cf-pop: FRA60-P2
x-amz-cf-id: uO6V3EgRuJCOPsgYNGajiH-3AnUnFG68tfruJsd36NlznWQASPTG5Q==
via: 1.1 8ac93eaf91328abbc6951d3fbab21e80.cloudfront.net (CloudFront)

GET
DATA 200
OK truncated
/ Frame 3820 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ec7d9ddde4048b3fe32a6876f3288b03810d898d1c9e86e349e33b3e8a9b739e

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 7670 210 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 13a3a8f29716713903b033e5dc0e2a4c85e5d9658d708f21cdfc9db85704d486

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame DB9C 209 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 482204dc40d50fed72927d051e00153705cd6885a18d5eee304504a4ef39ea09

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Content-Type: image/png

GET
H3

200

si
googleads.g.doubleclick.net/pagead/drt/ Frame CDDD
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
0

29ms
28ms

Image
text/html

2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Protocol: H3
Server: 2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Redirect headers

date: Mon, 12 Sep 2022 10:16:46 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

POST
H2 204 /
events1.avantisvideo.com/ Frame C44B 0
34 B 540ms
162ms Ping
text/plain 44.224.187.254
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://events1.avantisvideo.com/
Requested by: Host: www.123greetings.com
URL: https://www.123greetings.com/events/harvest_moon_festival/?utm_source=esep_harvestmoonfest_remail
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 44.224.187.254 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-224-187-254.us-west-2.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.123greetings.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Mon, 12 Sep 2022 10:16:46 GMT

POST
H2 204 /
events1.avantisvideo.com/ Frame C44B 0
34 B 541ms
163ms Ping
text/plain 44.224.187.254
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://events1.avantisvideo.com/
Requested by: Host: www.123greetings.com
URL: https://www.123greetings.com/events/harvest_moon_festival/?utm_source=esep_harvestmoonfest_remail
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 44.224.187.254 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-224-187-254.us-west-2.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.123greetings.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Mon, 12 Sep 2022 10:16:46 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame C44B 0
0 80ms
52ms Fetch
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsts7V_yEdVYLEG80HczIchrASw9uymnegEq5EsuT8kZnK5EvXDh16YLCPrvgF5ryX5-g4I-rH_8vFjw5hza2GDMgTHbR2ow2uWSCWXxE99C7f01DnLijaU8pEg-7lzXu60hT9R0CsIfifvmJ-QcsUpVEnkWjcg1VyDra4U87n9H8HEH3VSzG8VFvfvS31dQ0rLpCBYh4sTMslsISByC0npqOreMJ4hP8fR08z_ifKkVqGnVt9zTcc9n-s8pNXQn1z3Y5kZ8WpjGZYPoiM26eit1YiLqklFNd_hhDJw5BIbviMxkyb4lS80y5ME_6y-gB6HfZHaASwZpqH55C2QN5PRnLQ826JSkjhVjFok&sai=AMfl-YQOwAgn_JdnUd8Zlu8SLJdGFMRirVUZh6e1rlkt4vWMa_JXz9XxAXJcZIQdcCNFE76-8unIt_rerzODl9Xdgt357_TCu5mYXNhXVO5dvV26zIW48zX6jIUWPF98Qelldg&sig=Cg0ArKJSzP6JY20OuOvmEAE&uach_m=[UACH]&urlfix=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 12 Sep 2022 10:16:46 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Mon, 12 Sep 2022 10:16:46 GMT

POST
H2 204 /
events1.avantisvideo.com/ Frame FCB1 0
35 B 537ms
162ms Ping
text/plain 44.224.187.254
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://events1.avantisvideo.com/
Requested by: Host: www.123greetings.com
URL: https://www.123greetings.com/events/harvest_moon_festival/?utm_source=esep_harvestmoonfest_remail
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 44.224.187.254 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-224-187-254.us-west-2.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.123greetings.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Mon, 12 Sep 2022 10:16:46 GMT

POST
H2 204 /
events1.avantisvideo.com/ Frame FCB1 0
34 B 538ms
163ms Ping
text/plain 44.224.187.254
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://events1.avantisvideo.com/
Requested by: Host: www.123greetings.com
URL: https://www.123greetings.com/events/harvest_moon_festival/?utm_source=esep_harvestmoonfest_remail
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 44.224.187.254 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-224-187-254.us-west-2.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.123greetings.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Mon, 12 Sep 2022 10:16:46 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame FCB1 0
0 77ms
51ms Fetch
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssLwn_gitKmV4wsCMItK0NIapGFc2FwdfYjW2eF5eG3DLoqdtqlTPtxngltRyHu3IH0U-RVuw4pRyPrSA1tCX5C05UklV7f-bG4Yof3-pHOTsZjBDh-UGc5Rs071PeE9q1xJ9IpdOo6gPR8I0aqv9OzZNVJYKDPcTR6J7DH21pZAxCg0Q-0_59kJu1FztEDuFcnXeadSZgABUiW3eYnvGXHpucM310p_z1U926OZQ-I2WkRYjtysgeca5b-PV0Ws_dW_1LZdx2ZssueE1LUERuyw-3k3Wg06retXpCZ-v311P4aTVebU2j00TcK3JWKOQNpWMOMdZD3EkMiPS-ssYUbAqKnSwiOfwWHo_hAhsXPxN3efLs&sai=AMfl-YTB6zfcV9RoJTAa0o_bedO7vSz-yagElv7CNnC_mvM1tyfPEDvZekTF5nbJ2xPmZymfpnDpt8Ap6Yo78J51JCeaa_NSmojnFOnKy2CtLEtrvzFxhLQbT0oLNr7hgGU0tQ&sig=Cg0ArKJSzGUKy4yqO3R0EAE&uach_m=[UACH]&urlfix=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 12 Sep 2022 10:16:46 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Mon, 12 Sep 2022 10:16:46 GMT

GET
H3

200

si
googleads.g.doubleclick.net/pagead/drt/ Frame FD76
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
0

30ms
27ms

Image
text/html

2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Protocol: H3
Server: 2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Redirect headers

date: Mon, 12 Sep 2022 10:16:46 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H2 200 u_d.html Show response
cdn1.avantisvideo.com/connect/ Frame 7050 46 KB
17 KB 62ms
10ms Document
text/html 2600:9000:2490:a00:1c:38a0:8a40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn1.avantisvideo.com/connect/u_d.html
Requested by: Host: cdn.avantisvideo.com
URL: https://cdn.avantisvideo.com/avm/js/video-loader.js?id=1c35f5e5-f7c0-4c97-8283-6c9f94ba8c53&tagId=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2490:a00:1c:38a0:8a40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 24374f583eeb0c88723c3cb830828d5798ce87144c8ce4e32076df4786f72848

Request headers

Referer: https://www.123greetings.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 27104
content-encoding: gzip
content-type: text/html
date: Mon, 12 Sep 2022 02:45:06 GMT
etag: W/"f9678e3c391d61d33ed4b6129f75c60e"
last-modified: Wed, 06 Apr 2022 12:25:53 GMT
server: AmazonS3
vary: Accept-Encoding
via: 1.1 6b85d8725dd6471c3db1f65d4096afc4.cloudfront.net (CloudFront)
x-amz-cf-id: lq2Raw96lu9Z9f3nHkPO2CYJ5Nei39MBS8vz7KrRW91BgqARe4n5mQ==
x-amz-cf-pop: FRA56-P6
x-amz-version-id: dem0VvOWe0jwgvR1YOcBwtPtUobNlIGA
x-cache: Hit from cloudfront

GET
H2 200 u_d.html Show response
cdn1.avantisvideo.com/connect/ Frame 87E8 46 KB
17 KB 58ms
8ms Document
text/html 2600:9000:2490:a00:1c:38a0:8a40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn1.avantisvideo.com/connect/u_d.html
Requested by: Host: cdn.avantisvideo.com
URL: https://cdn.avantisvideo.com/avm/js/video-loader.js?id=1c35f5e5-f7c0-4c97-8283-6c9f94ba8c53&tagId=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2490:a00:1c:38a0:8a40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 24374f583eeb0c88723c3cb830828d5798ce87144c8ce4e32076df4786f72848

Request headers

Referer: https://www.123greetings.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 27104
content-encoding: gzip
content-type: text/html
date: Mon, 12 Sep 2022 02:45:06 GMT
etag: W/"f9678e3c391d61d33ed4b6129f75c60e"
last-modified: Wed, 06 Apr 2022 12:25:53 GMT
server: AmazonS3
vary: Accept-Encoding
via: 1.1 6b85d8725dd6471c3db1f65d4096afc4.cloudfront.net (CloudFront)
x-amz-cf-id: 2RRNEDkTqnM2LKqjvkwKZqVkYAcyCV4TSp9jNfalLTQhjWs8mgtB3Q==
x-amz-cf-pop: FRA56-P6
x-amz-version-id: dem0VvOWe0jwgvR1YOcBwtPtUobNlIGA
x-cache: Hit from cloudfront

GET
H3 200 10653543094837859896
tpc.googlesyndication.com/simgad/ Frame FD76 120 KB
120 KB 13ms
13ms Image
image/gif 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/10653543094837859896

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012208121708000/amp4ads-v0.mjs

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4b13724f2ea08585691e54130bcbe33f7730f4f8a9aa6f598877bf51b5c47cbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Wed, 07 Sep 2022 08:49:47 GMT
x-content-type-options: nosniff
age: 437219
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 122376
x-xss-protection: 0
last-modified: Wed, 31 Aug 2022 08:20:40 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Thu, 07 Sep 2023 08:49:47 GMT

GET
H3 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame FD76 2 KB
2 KB 17ms
17ms Image
image/png 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012208121708000/amp4ads-v0.mjs

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Sun, 11 Sep 2022 19:03:14 GMT
x-content-type-options: nosniff
server: cafe
age: 54812
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
etag: 14819457070020093239
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Mon, 12 Sep 2022 19:03:14 GMT

GET
H3 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame FD76 295 B
324 B 17ms
17ms Image
image/png 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012208121708000/amp4ads-v0.mjs

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Sun, 11 Sep 2022 16:52:08 GMT
x-content-type-options: nosniff
server: cafe
age: 62678
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
etag: 426692510519060060
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Mon, 12 Sep 2022 16:52:08 GMT

GET
H3 200 10653543094837859896
tpc.googlesyndication.com/simgad/ Frame CDDD 120 KB
120 KB 18ms
17ms Image
image/gif 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/10653543094837859896

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012208121708000/amp4ads-v0.mjs

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4b13724f2ea08585691e54130bcbe33f7730f4f8a9aa6f598877bf51b5c47cbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Wed, 07 Sep 2022 08:49:47 GMT
x-content-type-options: nosniff
age: 437219
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 122376
x-xss-protection: 0
last-modified: Wed, 31 Aug 2022 08:20:40 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Thu, 07 Sep 2023 08:49:47 GMT

GET
H3 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame CDDD 2 KB
2 KB 19ms
18ms Image
image/png 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012208121708000/amp4ads-v0.mjs

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Sun, 11 Sep 2022 19:03:14 GMT
x-content-type-options: nosniff
server: cafe
age: 54812
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
etag: 14819457070020093239
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Mon, 12 Sep 2022 19:03:14 GMT

GET
H3 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame CDDD 295 B
324 B 19ms
19ms Image
image/png 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012208121708000/amp4ads-v0.mjs

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Sun, 11 Sep 2022 16:52:08 GMT
x-content-type-options: nosniff
server: cafe
age: 62678
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
etag: 426692510519060060
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Mon, 12 Sep 2022 16:52:08 GMT

GET
H3 200 cookie.js Show response
partner.googleadservices.com/gampad/ Frame F3D0 12 B
53 B 52ms
22ms Script
text/javascript 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=www.123greetings.com&callback=_gfp_s_&client=ca-pub-4627517680249670&cookie=ID%3D73001d4d9d5c0a81-22bad6411ece0001%3AT%3D1662977804%3AS%3DALNI_Ma-X4CJPaoG8EeB_nq2qvBItZ7gdg

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202209080101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-4627517680249670&plah=www.123greetings.com&bust=31069448

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

daa795332e5dbcf893adf2d5f3349f02b8c1cb957ff3b5f4c11b742e33c3376f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Mon, 12 Sep 2022 10:16:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 32
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ Frame F3D0 107 B
122 B 25ms
25ms Script
application/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.123greetings.com

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 12 Sep 2022 10:16:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ Frame F3D0 107 B
122 B 23ms
23ms Script
application/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.123greetings.com

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 12 Sep 2022 10:16:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 9D8B 25 KB
11 KB 222ms
221ms Document
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4627517680249670&output=html&h=90&slotname=Google_LB_15938Z&adk=4293758812&adf=272530243&pi=t.ma~as.Google_LB_15938Z&w=728&lmt=1662977806&url=https%3A%2F%2Fwww.123greetings.com%2Fevents%2Fharvest_moon_festival%2F%3Futm_source%3Desep_harvestmoonfest_remail&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1662977805815&bpp=12&bdt=138&idt=233&shv=r20220907&mjsv=m202209080101&ptt=5&saldr=sa&cookie=ID%3D73001d4d9d5c0a81-22bad6411ece0001%3AT%3D1662977804%3AS%3DALNI_Ma-X4CJPaoG8EeB_nq2qvBItZ7gdg&correlator=5612363782282&frm=23&ife=4&pv=2&ga_vid=1919503609.1662977805&ga_sid=1662977806&ga_hid=1572201324&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=560&ady=47&biw=1600&bih=1200&isw=728&ish=90&ifk=819492160&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31069448%2C44772928&oid=2&pvsid=3087219198593514&uas=0&nvt=1&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.byvmjqh7brbq&fsb=1&dtd=244

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0b8282ed5da25b76a5c971af0d90b12babbf0f0adad38b495a6d195379f3b489

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.123greetings.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-encoding: br
content-length: 11354
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 12 Sep 2022 10:16:46 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 3F46 0
0 48ms
48ms Image
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2022090601&jk=1375290979530990&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

GET
H3 200 JI0Pcydj_YJwFyiv8pAtPmsHnnPx6gDBxLt0n0XpIm8.js Show response
pagead2.googlesyndication.com/bg/ Frame BC95 36 KB
16 KB 14ms
14ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/JI0Pcydj_YJwFyiv8pAtPmsHnnPx6gDBxLt0n0XpIm8.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

248d0f732763fd82701728aff2902d3e6b079e73f1ea00c1c4bb749f45e9226f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Mon, 12 Sep 2022 09:46:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1813
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15957
x-xss-protection: 0
last-modified: Mon, 29 Aug 2022 10:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 12 Sep 2023 09:46:33 GMT

GET
H2 200 geoip Show response
avm.avantisvideo.com/api/v1/ Frame 87E8 216 B
969 B 152ms
152ms XHR
application/json 2600:9000:223e:a00:3:748e:7940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://avm.avantisvideo.com/api/v1/geoip

Requested by

Host: cdn1.avantisvideo.com
URL: https://cdn1.avantisvideo.com/connect/u_d.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223e:a00:3:748e:7940:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

e23681164d34e4bd95bfdc7d1c1a2f9b4a1d521a1c2266db74175e162b3638da

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://cdn1.avantisvideo.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type: application/json

Response headers

content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
via: 1.1 a89f27dcb39a061266ddc18ab5416cba.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-permitted-cross-domain-policies: none
x-amz-cf-pop: FRA56-P4
x-dns-prefetch-control: off
x-cache: Miss from cloudfront
vary: Origin
content-length: 216
x-xss-protection: 0
referrer-policy: no-referrer
x-frame-options: SAMEORIGIN
date: Mon, 12 Sep 2022 10:16:46 GMT
expect-ct: max-age=0
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
content-type: application/json; charset=utf-8
access-control-allow-origin: https://cdn1.avantisvideo.com
access-control-allow-credentials: true
x-amz-cf-id: -oih8tdZKOv5s-sq9lVceuv_V8G7zA1XiFBoU5VFTyw9ubCuIeYksg==

OPTIONS
H2 204 geoip
avm.avantisvideo.com/api/v1/ Frame 0
0 190ms
149ms Preflight 2600:9000:223e:a00:3:748e:7940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://avm.avantisvideo.com/api/v1/geoip

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223e:a00:3:748e:7940:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: GET
Origin: https://cdn1.avantisvideo.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET,HEAD,PUT,POST,DELETE,PATCH
access-control-allow-origin: https://cdn1.avantisvideo.com
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
date: Mon, 12 Sep 2022 10:16:46 GMT
expect-ct: max-age=0
referrer-policy: no-referrer
strict-transport-security: max-age=15552000; includeSubDomains
vary: Origin
via: 1.1 a89f27dcb39a061266ddc18ab5416cba.cloudfront.net (CloudFront)
x-amz-cf-id: pZlB6lIrfp65okx15CGJgsGDfvV8C-6uy1HNzI7Y_wRLnVaiqkuEnQ==
x-amz-cf-pop: FRA56-P4
x-cache: Miss from cloudfront
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-xss-protection: 0

GET
H2 200 geoip Show response
avm.avantisvideo.com/api/v1/ Frame 7050 216 B
969 B 154ms
154ms XHR
application/json 2600:9000:223e:a00:3:748e:7940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://avm.avantisvideo.com/api/v1/geoip

Requested by

Host: cdn1.avantisvideo.com
URL: https://cdn1.avantisvideo.com/connect/u_d.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223e:a00:3:748e:7940:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

e23681164d34e4bd95bfdc7d1c1a2f9b4a1d521a1c2266db74175e162b3638da

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://cdn1.avantisvideo.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type: application/json

Response headers

content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
via: 1.1 a89f27dcb39a061266ddc18ab5416cba.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-permitted-cross-domain-policies: none
x-amz-cf-pop: FRA56-P4
x-dns-prefetch-control: off
x-cache: Miss from cloudfront
vary: Origin
content-length: 216
x-xss-protection: 0
referrer-policy: no-referrer
x-frame-options: SAMEORIGIN
date: Mon, 12 Sep 2022 10:16:46 GMT
expect-ct: max-age=0
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
content-type: application/json; charset=utf-8
access-control-allow-origin: https://cdn1.avantisvideo.com
access-control-allow-credentials: true
x-amz-cf-id: FXmolb5-zDbT1YetwfbLt1Ae354mqPDbHhMbasNZcShYIXbHellsyA==

OPTIONS
H2 204 geoip
avm.avantisvideo.com/api/v1/ Frame 0
0 175ms
150ms Preflight 2600:9000:223e:a00:3:748e:7940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://avm.avantisvideo.com/api/v1/geoip

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223e:a00:3:748e:7940:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: GET
Origin: https://cdn1.avantisvideo.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET,HEAD,PUT,POST,DELETE,PATCH
access-control-allow-origin: https://cdn1.avantisvideo.com
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
date: Mon, 12 Sep 2022 10:16:46 GMT
expect-ct: max-age=0
referrer-policy: no-referrer
strict-transport-security: max-age=15552000; includeSubDomains
vary: Origin
via: 1.1 a89f27dcb39a061266ddc18ab5416cba.cloudfront.net (CloudFront)
x-amz-cf-id: WNfnXXgOpbeJREoaCiJUNZpTD5tcfHxLj4umSCQsvx-STCwUhdRCWw==
x-amz-cf-pop: FRA56-P4
x-cache: Miss from cloudfront
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-xss-protection: 0

POST
H/1.1 200
OK postback Show response
s.gk.123greetings.com/2/2.68.0/945541/AYHxlO8PEeQbmLmt/ 0
145 B 31ms
30ms XHR
text/plain 34.248.176.243
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.gk.123greetings.com/2/2.68.0/945541/AYHxlO8PEeQbmLmt/postback?dt=9455411658248091559000&pd=mkt&mo=0&si=main&ci=945541&sid=AYHxlO8PEeQbmLmt&oz_sc=385e43d25de8494c566ad975&oz_df=1662977806133&oz_l=2439&cv=3
Requested by: Host: s.gk.123greetings.com
URL: https://s.gk.123greetings.com/2/2.68.0/main.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 34.248.176.243 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-248-176-243.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.123greetings.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: *
Date: Mon, 12 Sep 2022 10:16:45 GMT
Timing-Allow-Origin: *
Content-Length: 0
Vary: Origin

GET
H2 200 privacy_small.svg
static.criteo.net/flash/icon/ Frame C6A2 2 KB
1 KB 54ms
20ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy_small.svg

Requested by

Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Yx8HDAAOkOIKiwDMAAyQqQYq-xbDL4oT9hr3Fw&u=%7CSx%2BgiojftOybcfzvsyTLmbQH0u1vEc0j0Bonk1PWGnQ%3D%7C&c1=0n2XosTo5ckbeNFvq0zVIcsyhyT3WKD0PIixkNz--ZUG2JILUkurhaVHQ6RkVc1uRRN7U2tIy92afbib4fbn5EybKaRfoUCp6pZXFQMmnMg_Cbd3OzeSIDKu6FdF_eX4RhcTmLp4SqPOKYa8Iv9-mqQ30q2VoZGUt4-lh2RFUtAF73y44CyHJLEpglgx9FB5NseqDH22hN61Ifraz12Ag0QG1ew1za06pYznl_UbF412P6NljCkMA963U2BvajveXG6bs-eXxCYLRSB9SArAMl5omNVWKgmADmEiDd_4yFUDe98agPBluCXFhhpu8tPGMLGs5FlLiAP_kpJI1U-EjGNzG34idfTL7cqcwXK2ilVYzxKE6zCEy0T43y0zwXzkONFPfbg4tyvwVbBmUoESXf0jK3qwNEJFqrPnzFreC2uUdciUhP5UMmW0gmSktj2eYCB4T9MfrIHUg1GGEM8FJVSJO7rUPpOZdVmnQV8BQq4eLnqb4QiG_qaqiCzuPHoqPiFSLIU8RqWrxvsFLjFGyuMeBmTCEIRWx8Q9Bo5z-XRQBERl1KDVDgOL70zLdJQjOVcwooG1vsjBEwzm_zVAyJ5xAQ14ZjYaN8CkIzO7KzXNt2uiJLzWFNNpTkGWsATZkWFi9XCVv9SMlvtLJKS6CQ&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCXRstDAcfY-KhOsyBrASpobJoyZ7SsVzVnZH3cMCNtwEQASAAYJXCpoKwB4IBF2NhLXB1Yi00NjI3NTE3NjgwMjQ5NjcwoAHVttLqA8gBCakChr7End3YsD7gAgCoAwGqBJcCT9AkqkUwPGrSXVC_-d_YoP_ola8sl4xuDPm5YbX7F9pPk1S5vCISFrjc8eX2h13YsTfGoTllcpafaRwdizJq0UQhuHz8rf4jCAf5z4hfTYLZLaDOnG-axvZ2IP041522xybXzkFrxlqQ94qOXxunGmmT0R-ja8lMflcPoNos_S4LRugkMiU0ZRsMwY7ftZub9GfLvUz3yw8Cvn7ScLd3RuHwJ57Zfef-W-NwL5285KZm91f-f30EeZdsXetBGyia5ETbOdD1wxfl0aG8L6rYWJbN0YkqDOZbf1hoJNCzMwKT-pbznouNgS5VfpktTuuTdb4mCLVdMQP8cSig4n3vrw8XWnxD58oc0lp5gSG4TS032r035prG4AQBgAbcioG9gIPG97YBoAYhqAeKmLECqAemvhuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHANIIEAiI4YAQEAEyA6qCAToCgED6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_2nIzpm7S9Ih1qGuJVJQCKX_5f-3A%26client%3Dca-pub-4627517680249670%26adurl%3D

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Mon, 12 Sep 2022 10:16:46 GMT
content-encoding: gzip
last-modified: Tue, 11 Feb 2020 14:30:28 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42ba84-6aa"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 07 Sep 2023 10:16:46 GMT

GET
H2 200 adchoices_de.svg
static.criteo.net/flash/icon/ Frame C6A2 2 KB
1 KB 58ms
24ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/adchoices_de.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

f5ac04f16be2eb0fbb4477e9e100a88674bda296ce7acf2419ec2898858b37f1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Mon, 12 Sep 2022 10:16:46 GMT
content-encoding: gzip
last-modified: Tue, 11 Feb 2020 14:27:58 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42b9ee-763"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 07 Sep 2023 10:16:46 GMT

GET
H2 200 close_button.svg
static.criteo.net/flash/icon/ Frame C6A2 308 B
637 B 41ms
15ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/close_button.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Mon, 12 Sep 2022 10:16:46 GMT
last-modified: Fri, 14 Feb 2020 13:51:32 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "5e46a5e4-134"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 308
expires: Thu, 07 Sep 2023 10:16:46 GMT

GET
H2 200 back_button2.svg
static.criteo.net/flash/icon/ Frame C6A2 293 B
621 B 42ms
16ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/back_button2.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

725e869434fef8013208ed4c233d29744f9b363f867dcfb8f23e862880fa699a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Mon, 12 Sep 2022 10:16:46 GMT
last-modified: Thu, 28 Apr 2022 09:09:48 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "626a59dc-125"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 293
expires: Thu, 07 Sep 2023 10:16:46 GMT

GET
H2 200 lg.php
cat.nl.eu.criteo.com/delivery/ Frame C6A2 43 B
348 B 67ms
16ms Image
image/gif 178.250.2.148
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cat.nl.eu.criteo.com/delivery/lg.php?cppv=3&cpp=PutfJ38WJ7ScdiDVDfcN1PeaoUAraNcczUznM5JL2qw_inJM73spStwd57rYYn4iIHjg_0xNJ81yVEyrbUtxhgvFIoI1j_CzxsWFrECXRAQlBlXBoFuj9X56CDCR9xuyNrLmqmGRaDmnqjatUR5ZxbMI5bBKCSZ_60Zyv4w2dh99iC9ax7Lrs4B22ljoC_WTbof6h73v8EuuvZeROQSVjuv5pisA-GhNJXZmFDV_eezDQKOv1Esd1UsfUTAMpWRRjxXPYb9QHwGQsvNuUvJg9yeLIDznSooe04picmnrdCKlpB9VJVuHQ21jc3wkWJuDmyludfSVFgwnfpLVt_Ik8PTuy0-0oX-hyFtKzQ89fGg6b_uyjE5YPV7HNYKShOk19YVHbBqH14LZ5JcO7pDw18H-jN_fGTdCaqpna6TjmPGv702zaF2g1n9i59XAZyYo-M7COA

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.148 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 12 Sep 2022 10:16:45 GMT
server: Kestrel
strict-transport-security: max-age=31536000; preload;
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 2919882
content-type: image/gif
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2

200

i
ipds.adrta.com/ Frame C6A2
Redirect Chain

https://adrta.com/i?cb=631f070d9052c2dbd0dc47ef9f3aed39&clid=co&paid=co&avid=2052&caid=270245&plid=10992190&publisherId=2892&kv1=300X250&kv2=https://30098436617e6bdbda20c622bf945430.safeframe.googl...
https://ipds.adrta.com/i?__x=ILCMOCLPDHIMCG@NOMLFGLOJPOIOGLMJIICGLKGQNLOHLJHECINPPLOGKINLJQKIIMMG@HNLHNLOOEMLIF@IOIFIILLLIOJFOOMINLCHKMJOMLMHMIJHAF@ECG&cb=631f070d9052c2dbd0dc47ef9f3aed39&clid=co&p...

43 B
182 B

127ms
94ms

Image
image/gif

3.93.138.170
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ipds.adrta.com/i?__x=ILCMOCLPDHIMCG@NOMLFGLOJPOIOGLMJIICGLKGQNLOHLJHECINPPLOGKINLJQKIIMMG@HNLHNLOOEMLIF@IOIFIILLLIOJFOOMINLCHKMJOMLMHMIJHAF@ECG&cb=631f070d9052c2dbd0dc47ef9f3aed39&clid=co&paid=co&avid=2052&caid=270245&plid=10992190&publisherId=2892&kv1=300X250&kv2=https://30098436617e6bdbda20c622bf945430.safeframe.googlesyndication.com/&kv3=8eb90a36-c938-4256-ad81-8f98c251821d&kv4=2a00:c98:2030::&kv7=317&kv11=631f070d9052c2dbd0dc47ef9f3aed39&kv12=6855&kv19=&kv27=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/105.0.5195.102%20Safari/537.36&kv24=Windows_Web
Requested by: Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Yx8HDAAOkOIKiwDMAAyQqQYq-xbDL4oT9hr3Fw&u=%7CSx%2BgiojftOybcfzvsyTLmbQH0u1vEc0j0Bonk1PWGnQ%3D%7C&c1=0n2XosTo5ckbeNFvq0zVIcsyhyT3WKD0PIixkNz--ZUG2JILUkurhaVHQ6RkVc1uRRN7U2tIy92afbib4fbn5EybKaRfoUCp6pZXFQMmnMg_Cbd3OzeSIDKu6FdF_eX4RhcTmLp4SqPOKYa8Iv9-mqQ30q2VoZGUt4-lh2RFUtAF73y44CyHJLEpglgx9FB5NseqDH22hN61Ifraz12Ag0QG1ew1za06pYznl_UbF412P6NljCkMA963U2BvajveXG6bs-eXxCYLRSB9SArAMl5omNVWKgmADmEiDd_4yFUDe98agPBluCXFhhpu8tPGMLGs5FlLiAP_kpJI1U-EjGNzG34idfTL7cqcwXK2ilVYzxKE6zCEy0T43y0zwXzkONFPfbg4tyvwVbBmUoESXf0jK3qwNEJFqrPnzFreC2uUdciUhP5UMmW0gmSktj2eYCB4T9MfrIHUg1GGEM8FJVSJO7rUPpOZdVmnQV8BQq4eLnqb4QiG_qaqiCzuPHoqPiFSLIU8RqWrxvsFLjFGyuMeBmTCEIRWx8Q9Bo5z-XRQBERl1KDVDgOL70zLdJQjOVcwooG1vsjBEwzm_zVAyJ5xAQ14ZjYaN8CkIzO7KzXNt2uiJLzWFNNpTkGWsATZkWFi9XCVv9SMlvtLJKS6CQ&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCXRstDAcfY-KhOsyBrASpobJoyZ7SsVzVnZH3cMCNtwEQASAAYJXCpoKwB4IBF2NhLXB1Yi00NjI3NTE3NjgwMjQ5NjcwoAHVttLqA8gBCakChr7End3YsD7gAgCoAwGqBJcCT9AkqkUwPGrSXVC_-d_YoP_ola8sl4xuDPm5YbX7F9pPk1S5vCISFrjc8eX2h13YsTfGoTllcpafaRwdizJq0UQhuHz8rf4jCAf5z4hfTYLZLaDOnG-axvZ2IP041522xybXzkFrxlqQ94qOXxunGmmT0R-ja8lMflcPoNos_S4LRugkMiU0ZRsMwY7ftZub9GfLvUz3yw8Cvn7ScLd3RuHwJ57Zfef-W-NwL5285KZm91f-f30EeZdsXetBGyia5ETbOdD1wxfl0aG8L6rYWJbN0YkqDOZbf1hoJNCzMwKT-pbznouNgS5VfpktTuuTdb4mCLVdMQP8cSig4n3vrw8XWnxD58oc0lp5gSG4TS032r035prG4AQBgAbcioG9gIPG97YBoAYhqAeKmLECqAemvhuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHANIIEAiI4YAQEAEyA6qCAToCgED6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_2nIzpm7S9Ih1qGuJVJQCKX_5f-3A%26client%3Dca-pub-4627517680249670%26adurl%3D
Protocol: H2
Server: 3.93.138.170 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-93-138-170.compute-1.amazonaws.com
Software: nginx /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 12 Sep 2022 10:16:46 GMT
cache-control: no-cache
server: nginx
content-type: image/gif
content-length: 43
expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

location: https://ipds.adrta.com/i?__x=ILCMOCLPDHIMCG@NOMLFGLOJPOIOGLMJIICGLKGQNLOHLJHECINPPLOGKINLJQKIIMMG@HNLHNLOOEMLIF@IOIFIILLLIOJFOOMINLCHKMJOMLMHMIJHAF@ECG&cb=631f070d9052c2dbd0dc47ef9f3aed39&clid=co&paid=co&avid=2052&caid=270245&plid=10992190&publisherId=2892&kv1=300X250&kv2=https://30098436617e6bdbda20c622bf945430.safeframe.googlesyndication.com/&kv3=8eb90a36-c938-4256-ad81-8f98c251821d&kv4=2a00:c98:2030::&kv7=317&kv11=631f070d9052c2dbd0dc47ef9f3aed39&kv12=6855&kv19=&kv27=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/105.0.5195.102%20Safari/537.36&kv24=Windows_Web
date: Mon, 12 Sep 2022 10:16:46 GMT
server: nginx
content-length: 0

GET
H2 200 privacy_small.svg
static.criteo.net/flash/icon/ Frame B9D6 2 KB
1 KB 15ms
14ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy_small.svg

Requested by

Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Yx8HDAAOkc4KiwDMAAyQqWfC3AofKbrxu_dGIg&u=%7CSx%2BgiojftOz0dl%2BLgmCAK0YZUK4uuFQWXIszVF9teuU%3D%7C&c1=0n2XosTo5ckbeNFvq0zVIcsyhyT3WKD0PIixkNz--ZUG2JILUkurhaVHQ6RkVc1uRRN7U2tIy92afbib4fbn5EybKaRfoUCp6pZXFQMmnMggJeikCgjA3AdT3TeTKF_pR7oMYIxtKfD77HV6uJnsU2yEZgWNsqZ6JhJT0ww5h5Q1_uimLgFOYPvo5GArOVvGFbyLSDo-PCK0aaUodR5V3iKHk_ReJ9xOoQrcM99yY9DBSn6pAdAySuiCjqfswdcFKQmTx3eKY5XMYZLP0p3xZ2uALerh3kcClUyovUNV69r7djf7FOjJqs6byZtL2AHZol-qfhnFEulfCgp9CmnaBq_jWMf6ueYqn6Sv11GqPJoZtiA7_iX8GnwZL1FlLL1MOMMc9mDM734f79Ai-YUL8l3WfSQvQOZMTGb3WhBRy09SRYB63eHWsLorQ5ncJRk2HCdW85kA5JmtFROeqUhwEZKOa3RVLIscL129fe_dnhxRNjczcDN86RkG6fDY4EBZ0amQtJvta4ZD4bWnwl3WD1a42Movv6LPd2qrgt-5a5BN8jQErIAbu8cT3zKjrHgPHDkTAL0R7zHPpH9TjPiEiS8GZAVvuhNvMnz-UrV_u0Eul9skZKjQBYcAQgK9bGLZ3GgEiNfa2N_zJ7YOvKdSZw&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC_isbDAcfY86jOsyBrASpobJoyZ7SsVzVnZH3cMCNtwEQASAAYJXCpoKwB4IBF2NhLXB1Yi00NjI3NTE3NjgwMjQ5NjcwoAHVttLqA8gBCakChr7End3YsD7gAgCoAwGqBJsCT9A5kQaYQ60hCBFscY238fQ6GMmDtDfWa7IIdaSYpu_0DbroXzv7JnJLVPmnKmzcSkQ9N5WG9HUswvPdtKq5cwGUQC2IV9tANh0vTGWtk-bt0X5asrjkb0C2Wl5ZQjZ02O9hW1h_6Qn5So41j5AMHPiL0R_djG6KTtTZ_NS8_uUIK_kgGLhBxBsTogfrwPNprWSsQ0U_VEA1Fjo7NIrmr5SFRdKdOVHPBfB5lX1F8ZYHPJLP-z7H0p-fdo0mqSdIN6DA1fzSVb1A33yS5UgK3iUPeL6wxcI5uEN-7S7rOEeRelFpw0F8Jq6OzM8Kjk6Cmo9_QPS6mUJqI9IuXXYb-w6m8HHie2pDLfJySoip6mNmJNA1snhos726euAEAYAGx83PmN-e7an5AaAGIagHipixAqgHpr4bqAeW2BuoB6qbsQKoB_-esQKoB9-fsQLYBwDSCBAIiOGAEBABMgOqggE6AoBA-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_3Uo9SS1oe_deq6ZTj64ELXuWkuyw%26client%3Dca-pub-4627517680249670%26adurl%3D

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Mon, 12 Sep 2022 10:16:46 GMT
content-encoding: gzip
last-modified: Tue, 11 Feb 2020 14:30:28 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42ba84-6aa"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 07 Sep 2023 10:16:46 GMT

GET
H2 200 adchoices_de.svg
static.criteo.net/flash/icon/ Frame B9D6 2 KB
1 KB 16ms
16ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/adchoices_de.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

f5ac04f16be2eb0fbb4477e9e100a88674bda296ce7acf2419ec2898858b37f1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Mon, 12 Sep 2022 10:16:46 GMT
content-encoding: gzip
last-modified: Tue, 11 Feb 2020 14:27:58 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42b9ee-763"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 07 Sep 2023 10:16:46 GMT

GET
H2 200 close_button.svg
static.criteo.net/flash/icon/ Frame B9D6 308 B
636 B 19ms
18ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/close_button.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Mon, 12 Sep 2022 10:16:46 GMT
last-modified: Fri, 14 Feb 2020 13:51:32 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "5e46a5e4-134"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 308
expires: Thu, 07 Sep 2023 10:16:46 GMT

GET
H2 200 back_button2.svg
static.criteo.net/flash/icon/ Frame B9D6 293 B
621 B 16ms
15ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/back_button2.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

725e869434fef8013208ed4c233d29744f9b363f867dcfb8f23e862880fa699a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Mon, 12 Sep 2022 10:16:46 GMT
last-modified: Thu, 28 Apr 2022 09:09:48 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "626a59dc-125"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 293
expires: Thu, 07 Sep 2023 10:16:46 GMT

GET
H2 200 lg.php
cat.nl.eu.criteo.com/delivery/ Frame B9D6 43 B
347 B 21ms
19ms Image
image/gif 178.250.2.148
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cat.nl.eu.criteo.com/delivery/lg.php?cppv=3&cpp=Juz-WDmYDt9TqtwzdgNM_JClOpwKR7bW5HH7U5K7e9phxzzrefgCGKgHpHdCxS8OEE27qvhPqBvmk8pI4DOulXpdhEJI1EGQ718tG0npltbn9Bozn0GsbxpBNJxbh2Ks7USnKu7kn-VvKkXSkBRmCVNTqbPONUGpiZ9oQy-U9pNAWIbH-2_-CCjLhi7VEM4ubaOqjlyKpc_9T2pqiizmR62oXrDyUyHtsp2nvZejlTfbMX9zLXEOTbwDVBnJEkdhD4Ga9NLq25ZMGMkFlB0AxWjVT6p6eR1M1iPYqAxdKF2JuRQujSQ3godZzQZhRtWL9Nv4F6VEqLL4Cw5uug9urdMQuFO-hLxuKpCHzO3qUYl-1mmh4RzCFXZ_10pjLHHGTZLKtR8Ovab3UhfWQRTw5v-Uk8GEYgG9irsfMcaBVoDPuilK

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.148 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 12 Sep 2022 10:16:45 GMT
server: Kestrel
strict-transport-security: max-age=31536000; preload;
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 3727333
content-type: image/gif
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 m
secure-gl.imrworldwide.com/cgi-bin/ Frame B9D6 0
679 B 168ms
103ms Image
text/plain 2600:9000:2240:ee00:1e:a43d:b640:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure-gl.imrworldwide.com/cgi-bin/m?ca=nlsn184820&cr=crtve&ce=criteo&pc=criteo_plc0001&ci=nlsnci162&am=3&at=view&rt=banner&st=image&r=1662977805
Requested by: Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Yx8HDAAOkc4KiwDMAAyQqWfC3AofKbrxu_dGIg&u=%7CSx%2BgiojftOz0dl%2BLgmCAK0YZUK4uuFQWXIszVF9teuU%3D%7C&c1=0n2XosTo5ckbeNFvq0zVIcsyhyT3WKD0PIixkNz--ZUG2JILUkurhaVHQ6RkVc1uRRN7U2tIy92afbib4fbn5EybKaRfoUCp6pZXFQMmnMggJeikCgjA3AdT3TeTKF_pR7oMYIxtKfD77HV6uJnsU2yEZgWNsqZ6JhJT0ww5h5Q1_uimLgFOYPvo5GArOVvGFbyLSDo-PCK0aaUodR5V3iKHk_ReJ9xOoQrcM99yY9DBSn6pAdAySuiCjqfswdcFKQmTx3eKY5XMYZLP0p3xZ2uALerh3kcClUyovUNV69r7djf7FOjJqs6byZtL2AHZol-qfhnFEulfCgp9CmnaBq_jWMf6ueYqn6Sv11GqPJoZtiA7_iX8GnwZL1FlLL1MOMMc9mDM734f79Ai-YUL8l3WfSQvQOZMTGb3WhBRy09SRYB63eHWsLorQ5ncJRk2HCdW85kA5JmtFROeqUhwEZKOa3RVLIscL129fe_dnhxRNjczcDN86RkG6fDY4EBZ0amQtJvta4ZD4bWnwl3WD1a42Movv6LPd2qrgt-5a5BN8jQErIAbu8cT3zKjrHgPHDkTAL0R7zHPpH9TjPiEiS8GZAVvuhNvMnz-UrV_u0Eul9skZKjQBYcAQgK9bGLZ3GgEiNfa2N_zJ7YOvKdSZw&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC_isbDAcfY86jOsyBrASpobJoyZ7SsVzVnZH3cMCNtwEQASAAYJXCpoKwB4IBF2NhLXB1Yi00NjI3NTE3NjgwMjQ5NjcwoAHVttLqA8gBCakChr7End3YsD7gAgCoAwGqBJsCT9A5kQaYQ60hCBFscY238fQ6GMmDtDfWa7IIdaSYpu_0DbroXzv7JnJLVPmnKmzcSkQ9N5WG9HUswvPdtKq5cwGUQC2IV9tANh0vTGWtk-bt0X5asrjkb0C2Wl5ZQjZ02O9hW1h_6Qn5So41j5AMHPiL0R_djG6KTtTZ_NS8_uUIK_kgGLhBxBsTogfrwPNprWSsQ0U_VEA1Fjo7NIrmr5SFRdKdOVHPBfB5lX1F8ZYHPJLP-z7H0p-fdo0mqSdIN6DA1fzSVb1A33yS5UgK3iUPeL6wxcI5uEN-7S7rOEeRelFpw0F8Jq6OzM8Kjk6Cmo9_QPS6mUJqI9IuXXYb-w6m8HHie2pDLfJySoip6mNmJNA1snhos726euAEAYAGx83PmN-e7an5AaAGIagHipixAqgHpr4bqAeW2BuoB6qbsQKoB_-esQKoB9-fsQLYBwDSCBAIiOGAEBABMgOqggE6AoBA-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_3Uo9SS1oe_deq6ZTj64ELXuWkuyw%26client%3Dca-pub-4627517680249670%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2240:ee00:1e:a43d:b640:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 12 Sep 2022 10:16:46 GMT
via: 1.1 9ef1b108656dc6d0707b168b862883dc.cloudfront.net (CloudFront)
server: nginx
x-amz-cf-pop: FRA60-P1
access-control-allow-methods: POST, OPTIONS
p3p: P3P policyref="http://secure-gl.imrworldwide.com/w3c/p3p.xml", CP="NOI DSP COR NID PSA ADM OUR IND UNI NAV COM"
access-control-allow-origin: *
cache-control: no-cache
cross-origin-resource-policy: cross-origin
x-cache: Miss from cloudfront
accept-ch: Sec-CH-Save-Data, Sec-CH-DPR, Sec-CH-Width, Sec-CH-Viewport-Width, Sec-CH-Viewport-Height, Sec-CH-Device-Memory, Sec-CH-RTT, Sec-CH-Downlink, Sec-CH-ECT, Sec-CH-Prefers-Color-Scheme, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
content-length: 0
x-amz-cf-id: v9GTNpk0sdsoqLbmJnk4gKe7IEc0w54dh7Owd2GxXOtsTO4Y_X_f0w==
expires: Thu, 01 Dec 1994 16:00:00 GMT

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame BC95 0
11 B 14ms
13ms Image
text/plain 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?qb_RqA
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Mon, 12 Sep 2022 10:16:46 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H2 200 webfontloader.js Show response
cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/ Frame C6A2 12 KB
5 KB 37ms
18ms Script
application/javascript 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/webfontloader.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e0ee294b5487df566aad23b603fd902535634cfa957be8e7620396515afb1047

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Mon, 12 Sep 2022 10:16:46 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 533693
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 4420
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:17:52 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb04030-30d9"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=amjPTyhpyqF%2F%2BUiyPzCRhmBFN5G68dtNkwqBg%2FhaUlfsx1sYms6ILnE3qm%2BKi6O%2BzKvC4qAqMid%2B%2F8yb4PrnyXNDgL%2F2EKL3EUKTC5WnLeVQeM0cl7%2FgX4hfXboJX3T1%2FVWuoH7BK%2FPa3%2BJCLYL9ouP0"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 7497e3b8f9fabbad-FRA
expires: Sat, 02 Sep 2023 10:16:46 GMT

GET
H2 200 animejs.js Show response
static.criteo.net/animejs/ Frame C6A2 12 KB
6 KB 20ms
20ms Script
text/javascript 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/animejs/animejs.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a2e14a498cfcc1b6920f069a9d657ad3c6fbbe217dd26dbfe54815db5107fed6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Mon, 12 Sep 2022 10:16:46 GMT
content-encoding: gzip
last-modified: Tue, 26 Mar 2019 17:44:11 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5c9a64eb-3181"
strict-transport-security: max-age=31536000; preload;
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 07 Sep 2023 10:16:46 GMT

GET
H2 200 a4d7665e0ece4dc2be9953e10b4c1e2f_cpn_300x250_1.jpg
static.criteo.net/design/dt/3018/220831/ Frame C6A2 14 KB
14 KB 20ms
18ms Image
image/jpeg 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/design/dt/3018/220831/a4d7665e0ece4dc2be9953e10b4c1e2f_cpn_300x250_1.jpg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

77c7da6187a48d7554619498273728d47ca7b04acb37fa6cb816d18eae54de99

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Mon, 12 Sep 2022 10:16:46 GMT
last-modified: Wed, 31 Aug 2022 13:56:08 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "630f6878-362b"
strict-transport-security: max-age=31536000; preload;
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 13867
expires: Thu, 07 Sep 2023 10:16:46 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame C6A2 12 KB
13 KB 69ms
16ms Image
image/png 178.250.0.139
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?h=132&m=0&partner=3018&q=80&r=0&u=http%3A%2F%2Fstatic.nl.eu.criteo.net%2Fdesign%2Fdt%2F3018%2F220816%2F9a4e6f4abb4f42218d2b58ef8b0d9305_logo_colorset_2_square.png&v=3&w=596&s=0WbE4RHYUJUFoTeiXoNf7zDL

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.par.vip.prod.criteo.com

Software

Finatra /

Resource Hash

df702ab2748ddbb01919212d57f053928688567e29e72a1407d6b6301678066b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Mon, 12 Sep 2022 10:16:45 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/png
cache-control: public, max-age=28784148
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 12553
expires: Fri, 11 Aug 2023 13:52:34 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame C6A2 15 KB
15 KB 81ms
28ms Image
image/webp 178.250.0.139
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=3018&q=80&r=2&u=https%3A%2F%2Fimage01.bonprix.de%2Fassets%2F1400x1960%2F1661235911%2F22166396-IaqV3Tlx.jpg&v=3&w=400&s=EiNdUrHHNErFwBahk7ctURLE&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.par.vip.prod.criteo.com

Software

Finatra /

Resource Hash

97c01ad85ff0561e53f3eb7b42bdadf30ad1ed82690d8b321f5305c8077916c2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Mon, 12 Sep 2022 10:16:45 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=251274
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 15584
expires: Thu, 15 Sep 2022 08:04:40 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame C6A2 11 KB
11 KB 83ms
30ms Image
image/webp 178.250.0.139
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=3018&q=80&r=2&u=https%3A%2F%2Fimage01.bonprix.de%2Fassets%2F1400x1960%2F0%2F22166397-QhFAwlzv.jpg&v=3&w=400&s=KRpyeya300PF_OKSM2Tykh8S&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.par.vip.prod.criteo.com

Software

Finatra /

Resource Hash

36393b5d209ede79623f120fde0d1ba59f97642504b7cc11903595fae72f1d88

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Mon, 12 Sep 2022 10:16:46 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=252067
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 10992
expires: Thu, 15 Sep 2022 08:17:53 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame C6A2 18 KB
18 KB 105ms
53ms Image
image/webp 178.250.0.139
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=3018&q=80&r=2&u=https%3A%2F%2Fimage01.bonprix.de%2Fassets%2F1400x1960%2F1657523599%2F22151964-ZbE4cpk1.jpg&v=3&w=400&s=9KvAhWzqtpz7aNU14zVRkxnA&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.par.vip.prod.criteo.com

Software

Finatra /

Resource Hash

726914179cd8e7ef3dc160d63e9a23550835a29bbc00879e90d3eb57d9027d14

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Mon, 12 Sep 2022 10:16:45 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=273231
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 17958
expires: Thu, 15 Sep 2022 14:10:37 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame C6A2 20 KB
20 KB 101ms
48ms Image
image/webp 178.250.0.139
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=3018&q=80&r=2&u=https%3A%2F%2Fimage01.bonprix.de%2Fassets%2F1400x1960%2F1657523584%2F22151966-xRtxnZAV.jpg&v=3&w=400&s=5RDP9n-WEWOrK7KyWhtaHLDV&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.par.vip.prod.criteo.com

Software

Finatra /

Resource Hash

decbc52a0959825d78ee15a97a13384aa04510509db5bd8184166c01033961df

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Mon, 12 Sep 2022 10:16:46 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=273323
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 20494
expires: Thu, 15 Sep 2022 14:12:09 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame C6A2 26 KB
26 KB 88ms
36ms Image
image/webp 178.250.0.139
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=3018&q=80&r=2&u=https%3A%2F%2Fimage01.bonprix.de%2Fassets%2F1400x1960%2F0%2F20266421-SFFeKXd4.jpg&v=3&w=400&s=pDUTbeGSX7guL1Uy7IrgBgd0&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.par.vip.prod.criteo.com

Software

Finatra /

Resource Hash

eb370d0cf8a89e349d3fa9ce2f3901ad5e890aec3eb38c94f286fff00617ce18

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Mon, 12 Sep 2022 10:16:45 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=99298
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 26196
expires: Tue, 13 Sep 2022 13:51:44 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame C6A2 15 KB
15 KB 39ms
35ms Image
image/webp 178.250.0.139
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=3018&q=80&r=2&u=https%3A%2F%2Fimage01.bonprix.de%2Fassets%2F1400x1960%2F1606465840%2F20266426-uiAnXaLs.jpg&v=3&w=400&s=t5JWJQq3gI3rN3CoZZwwFY9E&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.par.vip.prod.criteo.com

Software

Finatra /

Resource Hash

8bfadf29262ac0c22314bd5abe91f18fdfb92a4bf692c44d3fc08762ddc39f8a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Mon, 12 Sep 2022 10:16:45 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=107207
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 15464
expires: Tue, 13 Sep 2022 16:03:33 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame C6A2 4 KB
5 KB 97ms
94ms Image
image/webp 178.250.0.139
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=3018&q=80&r=2&u=https%3A%2F%2Fimage01.bonprix.de%2Fassets%2F1400x1960%2F1527095102%2F16103813-VAL4nu2W.jpg&v=3&w=400&s=L8-oi6Pev688vkKICG3LnjNI&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.par.vip.prod.criteo.com

Software

Finatra /

Resource Hash

419df137a5c7a86e90f57e2eb6992fd1298b88a2e3836cb91c24c1e2081b4c2f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Mon, 12 Sep 2022 10:16:45 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=99386
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 4454
expires: Tue, 13 Sep 2022 13:53:12 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame C6A2 14 KB
14 KB 30ms
27ms Image
image/webp 178.250.0.139
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=3018&q=80&r=2&u=https%3A%2F%2Fimage01.bonprix.de%2Fassets%2F1400x1960%2F0%2F17302703-YwImTsIf.jpg&v=3&w=400&s=Gr92bb4Btjz7NS1VNYCrpFJZ&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.par.vip.prod.criteo.com

Software

Finatra /

Resource Hash

7d2ce5eb5f3127a0aa46d294d58711833a3bc7d01503de5234c38972642eba8b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Mon, 12 Sep 2022 10:16:46 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=114400
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 14532
expires: Tue, 13 Sep 2022 18:03:27 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame C6A2 27 KB
27 KB 32ms
29ms Image
image/webp 178.250.0.139
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=3018&q=80&r=2&u=https%3A%2F%2Fimage01.bonprix.de%2Fassets%2F1400x1960%2F0%2F19192511-ENfJkMTJ.jpg&v=3&w=400&s=NjfGq4_XVeGxeIebtsDX90gT&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.par.vip.prod.criteo.com

Software

Finatra /

Resource Hash

0f623b8ae7d150916a760ad6d8472562faea8bafd650e29b423779bb779002eb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Mon, 12 Sep 2022 10:16:45 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=99698
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 27728
expires: Tue, 13 Sep 2022 13:58:24 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame C6A2 18 KB
18 KB 47ms
44ms Image
image/webp 178.250.0.139
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=3018&q=80&r=2&u=https%3A%2F%2Fimage01.bonprix.de%2Fassets%2F1400x1960%2F0%2F19193306-9aFAMSZ0.jpg&v=3&w=400&s=_DiVEMlp7lrvBq4VC9_Ji74M&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.par.vip.prod.criteo.com

Software

Finatra /

Resource Hash

4bd9d6c75f87b5f21f3948b5970bc4ad053c260e721c39d36c442cee1e74ade8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Mon, 12 Sep 2022 10:16:46 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=118342
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 18356
expires: Tue, 13 Sep 2022 19:09:09 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame C6A2 67 KB
67 KB 35ms
32ms Image
image/webp 178.250.0.139
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=3018&q=80&r=2&u=https%3A%2F%2Fimage01.bonprix.de%2Fassets%2F1400x1960%2F0%2F21138325-PdxV4n6f.jpg&v=3&w=400&s=v76xR6kY1rJfhX6L1mpvfOSf&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.par.vip.prod.criteo.com

Software

Finatra /

Resource Hash

5bb209377bb073e4911c5e3fb1b407981d232276a6390debab25d062483d5683

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Mon, 12 Sep 2022 10:16:45 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=185789
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 68444
expires: Wed, 14 Sep 2022 13:53:15 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame C6A2 26 KB
26 KB 45ms
42ms Image
image/webp 178.250.0.139
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=3018&q=80&r=2&u=https%3A%2F%2Fimage01.bonprix.de%2Fassets%2F1400x1960%2F0%2F20007198-TfGuPEcB.jpg&v=3&w=400&s=LxRscdNELUsbrd8S9NT2K4bP&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.par.vip.prod.criteo.com

Software

Finatra /

Resource Hash

3a4df587177e952039990cee3d5912fb995c30bb318362d8181ff6a2b34769ae

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Mon, 12 Sep 2022 10:16:46 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=7288
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 26582
expires: Mon, 12 Sep 2022 12:18:15 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame C6A2 29 KB
30 KB 48ms
45ms Image
image/webp 178.250.0.139
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=3018&q=80&r=2&u=https%3A%2F%2Fimage01.bonprix.de%2Fassets%2F1400x1960%2F0%2F18276513-Hovf2Dl3.jpg&v=3&w=400&s=ggq011jA1EjZdRS6V_5YscYy&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.par.vip.prod.criteo.com

Software

Finatra /

Resource Hash

429d1a4a738d8ea92812063351302b1c95d39677f1adcb25c5811af787520357

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Mon, 12 Sep 2022 10:16:45 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=99103
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 30160
expires: Tue, 13 Sep 2022 13:48:29 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame C6A2 13 KB
13 KB 54ms
51ms Image
image/webp 178.250.0.139
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=3018&q=80&r=2&u=https%3A%2F%2Fimage01.bonprix.de%2Fassets%2F1400x1960%2F0%2F18248383-mJlUfzMk.jpg&v=3&w=400&s=4rMj3LZDCuYkYsvRoNwKkEaF&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.par.vip.prod.criteo.com

Software

Finatra /

Resource Hash

17e75ada74535f579a90eb81a0c95fa979bade0003c00c0f1cc76b1bda482b87

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Mon, 12 Sep 2022 10:16:45 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=100519
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 12948
expires: Tue, 13 Sep 2022 14:12:05 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame C6A2 27 KB
27 KB 52ms
49ms Image
image/webp 178.250.0.139
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=3018&q=80&r=2&u=https%3A%2F%2Fimage01.bonprix.de%2Fassets%2F1400x1960%2F1655794714%2F22133667-gDruB8FY.jpg&v=3&w=400&s=2K2vFHgK2s_-WvaNLQCCKo8u&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.par.vip.prod.criteo.com

Software

Finatra /

Resource Hash

eb49145a50143cc825bff75942644a7221fec9d03dfd69a335972cab2c081c1a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Mon, 12 Sep 2022 10:16:46 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=248340
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 27244
expires: Thu, 15 Sep 2022 07:15:47 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame C6A2 12 KB
12 KB 53ms
50ms Image
image/webp 178.250.0.139
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=3018&q=80&r=2&u=https%3A%2F%2Fimage01.bonprix.de%2Fassets%2F1400x1960%2F1655960659%2F22137112-3HyAKdRj.jpg&v=3&w=400&s=bc13qSmwQnokSE3hG5ZXHWo-&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.par.vip.prod.criteo.com

Software

Finatra /

Resource Hash

8d5e4cdb753775b9aa254e8e3edb2377ebdffc81e6f60e99ce2b6f9a9304ee83

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Mon, 12 Sep 2022 10:16:45 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=249369
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 12352
expires: Thu, 15 Sep 2022 07:32:56 GMT

POST
H2 200 all
csm.eu.criteo.net/ Frame C6A2 0
128 B 81ms
17ms Ping
text/plain 178.250.0.162
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://csm.eu.criteo.net/all?cppv=3&cpp=UC-9P54qTrAtEcrD35TOcMtHlkfPo8t8cQIGgZ0NmN2IJxFCP2PlGYndWfpg5xWfERrJE_L0A0sWqCBNXQOwtf4Cy8eS60sYqG8LwFh8DTGzrVzvOitRoZgY-5OHM_9TCMWNpXhdihsD1egeDo1phdEiL0HbxoEu8rQaJJTJ2VhZPQjOfB_ZruHGAFFu1RThVlY7iLLmV9zO_Biz3WN_RWW6trKBN0Omb-astWCLFYWI8t_4t8xKrAXJ0kyauPs1UJc7VQ&sds=2&rev=82694&sendBeacon=true

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.162 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Mon, 12 Sep 2022 10:16:46 GMT
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0
strict-transport-security: max-age=31536000; preload;

GET
H2 200 criteo_logo_2021.svg
static.criteo.net/flash/icon/ Frame C6A2 2 KB
1 KB 15ms
14ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/criteo_logo_2021.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Mon, 12 Sep 2022 10:16:46 GMT
content-encoding: gzip
last-modified: Thu, 27 May 2021 13:21:59 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"60af9cf7-891"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 07 Sep 2023 10:16:46 GMT

GET
H2 200 privacy.svg
static.criteo.net/flash/icon/ Frame C6A2 2 KB
1 KB 19ms
19ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Mon, 12 Sep 2022 10:16:46 GMT
content-encoding: gzip
last-modified: Wed, 19 Feb 2020 10:57:21 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e4d1491-646"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 07 Sep 2023 10:16:46 GMT

GET
H2 200 privacy_small.svg
static.criteo.net/flash/icon/ Frame 9088 2 KB
1 KB 14ms
14ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy_small.svg

Requested by

Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Yx8HDAAOj_QKiwDMAAyQqfykzAzSadRIQ5QSDA&u=%7CSx%2BgiojftOy7KF9Tg1XuTSNRp0OGUteOoUbrH6%2Fo7SQ%3D%7C&c1=0n2XosTo5ckbeNFvq0zVIcsyhyT3WKD0PIixkNz--ZUG2JILUkurhaVHQ6RkVc1uRRN7U2tIy92afbib4fbn5EybKaRfoUCp6pZXFQMmnMggJeikCgjA3FfnNvswZvCPAKUQL7PvDAhICrPfe_zMulQs0SmRR-35qopft_4wp-aMN6amB84tVbmu-lRMd-jg6LvDpoS5n6wuNuilDfUyUr4Bf0-hNCkyO-CPV5yMDi8_Rn9YKAAOB6HFE35UCuNFuMltzFspCHK04KzC0zjz0SqVgGyfEEpV4EpsFGScJNG_GEP40lxQDN12HTSvVeuuTMcCkSlxYG57uG2XklHZ78pRMYYgUiMolza1R8wwSE2UewPsv7zrDF1jnRjD2vbsOnlw2xI_bkSJ8zERLsl9NUOdDtwlfT07x-vHyP7g3I5hFll_JwgHs2NlJzH4xmHkNjaij9_mWAG-r_Nb7RhTB-M7WUDy6mM8oP_uY4gW5bHLL1fpC9-X4JfwOaUzy3MNubZd9da_aOWNpl43AQvIy-tKt6LANLXFgqpH-xZTuDilq1DmVVyidOOuptzAh3UjnfRALRzGJZIXUtc6o9pN5nFLO-rA4xTsEDzDpeLndI1exM91IAGc044KfRS9b0gDI30iDsQvlWY&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCj3icDAcfY_SfOsyBrASpobJoyZ7SsVzVnZH3cMCNtwEQASAAYJXCpoKwB4IBF2NhLXB1Yi00NjI3NTE3NjgwMjQ5NjcwoAHVttLqA8gBCakChr7End3YsD7gAgCoAwGqBJECT9CXigtrG9VDXM7pYZNE8k-vPVob_XAyPUXL55Z1RPkb64gBvGSAEZD2CsXRzFaEhbgihuFLDS4gyKgvRkhpddTSX8Av20im2aLh5-U71_x1IUZulchGsWKZ4xrJGk_449nLTz2B7ujhb6_YsZPm6Ke7ldyHL45L2bUFHpulmYIBQCoofITKalt-91dhRGupqHQmCRm6y3BNMDCteNmZX5BuGYLSaKDvJFRGQ9J3sOFnN6UJz8cjcsev4hDZOyMNyByiuCFQISU8D0YXEGzbNtU6yHAS0pGXKjxXn9bmgsDHbUg_1WFoY0bc9t9CdKcuaQ0GQeT7mWr2A1gQVhizZBj78m27ru3SQPF_uZMxbDLR4AQBgAbHzc-Y357tqfkBoAYhqAeKmLECqAemvhuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHANIIEAiI4YAQEAEyA6qCAToCgED6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_2ZxoQzaRiL1V7DPvlooP0tznLqUw%26client%3Dca-pub-4627517680249670%26adurl%3D

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Mon, 12 Sep 2022 10:16:46 GMT
content-encoding: gzip
last-modified: Tue, 11 Feb 2020 14:30:28 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42ba84-6aa"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 07 Sep 2023 10:16:46 GMT

GET
H2 200 adchoices_de.svg
static.criteo.net/flash/icon/ Frame 9088 2 KB
1 KB 15ms
14ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/adchoices_de.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

f5ac04f16be2eb0fbb4477e9e100a88674bda296ce7acf2419ec2898858b37f1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Mon, 12 Sep 2022 10:16:46 GMT
content-encoding: gzip
last-modified: Tue, 11 Feb 2020 14:27:58 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42b9ee-763"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 07 Sep 2023 10:16:46 GMT

GET
H2 200 close_button.svg
static.criteo.net/flash/icon/ Frame 9088 308 B
636 B 15ms
14ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/close_button.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Mon, 12 Sep 2022 10:16:46 GMT
last-modified: Fri, 14 Feb 2020 13:51:32 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "5e46a5e4-134"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 308
expires: Thu, 07 Sep 2023 10:16:46 GMT

GET
H2 200 back_button2.svg
static.criteo.net/flash/icon/ Frame 9088 293 B
621 B 22ms
21ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/back_button2.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

725e869434fef8013208ed4c233d29744f9b363f867dcfb8f23e862880fa699a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Mon, 12 Sep 2022 10:16:46 GMT
last-modified: Thu, 28 Apr 2022 09:09:48 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "626a59dc-125"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 293
expires: Thu, 07 Sep 2023 10:16:46 GMT

GET
H2 200 lg.php
cat.nl.eu.criteo.com/delivery/ Frame 9088 43 B
347 B 18ms
17ms Image
image/gif 178.250.2.148
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cat.nl.eu.criteo.com/delivery/lg.php?cppv=3&cpp=zrxKxjmYDt9TqtwzdgNM_JClOpwwOrGfKT3T4A9vjMFxMGdiC79tQ63fospvT2o2ZPbRPjUmwe0YxfP5rEI5rkww0l7vGRNzkVxlktNJqaU9YB5NmxdliiCxRJ83ron1eaKdBAqRUDsnBPNLHDTsmHERwARYCcgnsoNnxrIDWMH9K7T4l3ikyD74Nc33ABLr9uUQGVnjftwKlUwoR4MVsHJluTH92fUZA-uv0jvHQOmKQaNiOKl03SJA5oJQRnCVl3ORRJpS4amR9-gicEtT_ukgLVHIVqZ27r1CWSht-w3fZlm7daeIxZhBIKwGOOnrXUPrvRSVowo-isnIalM-GA-Ck6prBQ6zPW6pKfuwdt3yHHwMJlNm1hABlQM51vKdudnoZWExNaOXbx7yl7uUo6XU71enXpX31ygI2n_lry4mHeLdVDY5dRYB7hFKT-gm8Ay7Vw

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.148 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 12 Sep 2022 10:16:46 GMT
server: Kestrel
strict-transport-security: max-age=31536000; preload;
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 3764437
content-type: image/gif
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 m
secure-gl.imrworldwide.com/cgi-bin/ Frame 9088 0
681 B 143ms
102ms Image
text/plain 2600:9000:2240:ee00:1e:a43d:b640:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure-gl.imrworldwide.com/cgi-bin/m?ca=nlsn184820&cr=crtve&ce=criteo&pc=criteo_plc0001&ci=nlsnci162&am=3&at=view&rt=banner&st=image&r=1662977806
Requested by: Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Yx8HDAAOj_QKiwDMAAyQqfykzAzSadRIQ5QSDA&u=%7CSx%2BgiojftOy7KF9Tg1XuTSNRp0OGUteOoUbrH6%2Fo7SQ%3D%7C&c1=0n2XosTo5ckbeNFvq0zVIcsyhyT3WKD0PIixkNz--ZUG2JILUkurhaVHQ6RkVc1uRRN7U2tIy92afbib4fbn5EybKaRfoUCp6pZXFQMmnMggJeikCgjA3FfnNvswZvCPAKUQL7PvDAhICrPfe_zMulQs0SmRR-35qopft_4wp-aMN6amB84tVbmu-lRMd-jg6LvDpoS5n6wuNuilDfUyUr4Bf0-hNCkyO-CPV5yMDi8_Rn9YKAAOB6HFE35UCuNFuMltzFspCHK04KzC0zjz0SqVgGyfEEpV4EpsFGScJNG_GEP40lxQDN12HTSvVeuuTMcCkSlxYG57uG2XklHZ78pRMYYgUiMolza1R8wwSE2UewPsv7zrDF1jnRjD2vbsOnlw2xI_bkSJ8zERLsl9NUOdDtwlfT07x-vHyP7g3I5hFll_JwgHs2NlJzH4xmHkNjaij9_mWAG-r_Nb7RhTB-M7WUDy6mM8oP_uY4gW5bHLL1fpC9-X4JfwOaUzy3MNubZd9da_aOWNpl43AQvIy-tKt6LANLXFgqpH-xZTuDilq1DmVVyidOOuptzAh3UjnfRALRzGJZIXUtc6o9pN5nFLO-rA4xTsEDzDpeLndI1exM91IAGc044KfRS9b0gDI30iDsQvlWY&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCj3icDAcfY_SfOsyBrASpobJoyZ7SsVzVnZH3cMCNtwEQASAAYJXCpoKwB4IBF2NhLXB1Yi00NjI3NTE3NjgwMjQ5NjcwoAHVttLqA8gBCakChr7End3YsD7gAgCoAwGqBJECT9CXigtrG9VDXM7pYZNE8k-vPVob_XAyPUXL55Z1RPkb64gBvGSAEZD2CsXRzFaEhbgihuFLDS4gyKgvRkhpddTSX8Av20im2aLh5-U71_x1IUZulchGsWKZ4xrJGk_449nLTz2B7ujhb6_YsZPm6Ke7ldyHL45L2bUFHpulmYIBQCoofITKalt-91dhRGupqHQmCRm6y3BNMDCteNmZX5BuGYLSaKDvJFRGQ9J3sOFnN6UJz8cjcsev4hDZOyMNyByiuCFQISU8D0YXEGzbNtU6yHAS0pGXKjxXn9bmgsDHbUg_1WFoY0bc9t9CdKcuaQ0GQeT7mWr2A1gQVhizZBj78m27ru3SQPF_uZMxbDLR4AQBgAbHzc-Y357tqfkBoAYhqAeKmLECqAemvhuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHANIIEAiI4YAQEAEyA6qCAToCgED6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_2ZxoQzaRiL1V7DPvlooP0tznLqUw%26client%3Dca-pub-4627517680249670%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2240:ee00:1e:a43d:b640:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 12 Sep 2022 10:16:46 GMT
via: 1.1 9ef1b108656dc6d0707b168b862883dc.cloudfront.net (CloudFront)
server: nginx
x-amz-cf-pop: FRA60-P1
access-control-allow-methods: POST, OPTIONS
p3p: P3P policyref="http://secure-gl.imrworldwide.com/w3c/p3p.xml", CP="NOI DSP COR NID PSA ADM OUR IND UNI NAV COM"
access-control-allow-origin: *
cache-control: no-cache
cross-origin-resource-policy: cross-origin
x-cache: Miss from cloudfront
accept-ch: Sec-CH-Save-Data, Sec-CH-DPR, Sec-CH-Width, Sec-CH-Viewport-Width, Sec-CH-Viewport-Height, Sec-CH-Device-Memory, Sec-CH-RTT, Sec-CH-Downlink, Sec-CH-ECT, Sec-CH-Prefers-Color-Scheme, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
content-length: 0
x-amz-cf-id: p_5RgiNMoy6Jeh3V4Km7Ckur0p-UlQTwqpGlHmGC-RYgHfx483F-_g==
expires: Thu, 01 Dec 1994 16:00:00 GMT

GET
H2 200 privacy_small.svg
static.criteo.net/flash/icon/ Frame A232 2 KB
1 KB 17ms
16ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy_small.svg

Requested by

Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Yx8HDAAOk6sKiwDMAAyQqd0t-ph48dRC5m9wtQ&u=%7CSx%2BgiojftOxMEYIr0oAKepA0G%2FWon%2FgM8vWIqbVarO4%3D%7C&c1=0n2XosTo5ckbeNFvq0zVIcsyhyT3WKD0PIixkNz--ZUG2JILUkurhaVHQ6RkVc1uRRN7U2tIy92afbib4fbn5EybKaRfoUCpWgROSpkK00uYfvevcoC6ZEiQLRqu-ImYCZFLEuf3c7eE0IdMDPbSnbzw7sN1RGoG7DGGZUXMPkvZZSxPZOLD2NQIqqbVomQoDtAKJo2aJb_crgBOIe7CzbKaCTz71sdYH3CaP6q955N2Uv8ORWVoUweaY6UON3vQesUf4e43348tnqRSU2R_dkOxo9MLggRsnOHgVxUfnHEaLw3MXaIBxVoI6n701oQ7IE098u2bcNSdBoUqN_are9VrBTChmnZGj82OaUjv5RLsVB9MXwMUzE02a6M8Vzn3VM9YudYknCjG8sJfhwDGSGVmjBHRMGzKWHN9jawE5FsXPBplAz95AFLW5Xep9hOV-zs3oZN2t66g8VKRh8COXYaR1wWlISbOgaa9IfHPMnLryLSITziY_0X3fQv0NzjYhjco9C10TGm62NfPutErFeWKagaXIalyN3P6O9f7i3oRSSKCwgWtX7pusd8tMaFaY9_AsmzMhrecBFLgXQD9NPvDUQy9RuOFFkZlSSu_EiRH096Z4vpDsDsDRo1G79sHxgJ54bN5Oiz8wR7LugPYmQ&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCpEm2DAcfY6unOsyBrASpobJoyZ7SsVzVnZH3cMCNtwEQASAAYJXCpoKwB4IBF2NhLXB1Yi00NjI3NTE3NjgwMjQ5NjcwoAHVttLqA8gBCakChr7End3YsD7gAgCoAwGqBJcCT9DL5ZWu8tGzJR7bcp_Brf_yUjhXhWwpR1XeUDkon7CuxCxl7FraFZRZ9qxr4G4CSgvS9gNgZKHnp35VhBOu3S0HQJ1ikkritMINSJT9dyRdp6y3dD2jErrcQxpjk0dfCrJjzQRE3m1bETu__4PLq_aqzBa3rOMc64Tn6WQtKt4ZnbDIXnvaHUgdzuh2pTCMicNTMZhdTmyipblOaTa6aZs9_pvI4GBFSFGtO5shsBDt8_ebNwEqXy9XsdtkR1NhXHuA-rOoEi0j8Lk0J1ORBp9o1dRIHZCp8jCrOg_TfI0706HIq7w7psIPMiwdQxIyenlSw5mbyda-HEx3Bxt9tUf4YO2TKPPU721qPwlCNi88_D165-On4AQBgAbHzc-Y357tqfkBoAYhqAeKmLECqAemvhuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHANIIEAiI4YAQEAEyA6qCAToCgED6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_1lzmt_kicg7118J0ju0QdCg4-SVg%26client%3Dca-pub-4627517680249670%26adurl%3D

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Mon, 12 Sep 2022 10:16:46 GMT
content-encoding: gzip
last-modified: Tue, 11 Feb 2020 14:30:28 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42ba84-6aa"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 07 Sep 2023 10:16:46 GMT

GET
H2 200 adchoices_de.svg
static.criteo.net/flash/icon/ Frame A232 2 KB
1 KB 23ms
23ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/adchoices_de.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

f5ac04f16be2eb0fbb4477e9e100a88674bda296ce7acf2419ec2898858b37f1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Mon, 12 Sep 2022 10:16:46 GMT
content-encoding: gzip
last-modified: Tue, 11 Feb 2020 14:27:58 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42b9ee-763"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 07 Sep 2023 10:16:46 GMT

GET
H2 200 close_button.svg
static.criteo.net/flash/icon/ Frame A232 308 B
636 B 14ms
13ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/close_button.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Mon, 12 Sep 2022 10:16:46 GMT
last-modified: Fri, 14 Feb 2020 13:51:32 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "5e46a5e4-134"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 308
expires: Thu, 07 Sep 2023 10:16:46 GMT

GET
H2 200 back_button2.svg
static.criteo.net/flash/icon/ Frame A232 293 B
621 B 17ms
16ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/back_button2.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

725e869434fef8013208ed4c233d29744f9b363f867dcfb8f23e862880fa699a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Mon, 12 Sep 2022 10:16:46 GMT
last-modified: Thu, 28 Apr 2022 09:09:48 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "626a59dc-125"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 293
expires: Thu, 07 Sep 2023 10:16:46 GMT

GET
H2 200 lg.php
cat.nl.eu.criteo.com/delivery/ Frame A232 43 B
347 B 17ms
17ms Image
image/gif 178.250.2.148
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cat.nl.eu.criteo.com/delivery/lg.php?cppv=3&cpp=YO1eeKakDsbZ4BraU9MWJoTlYqBNDale5m73nsx9IJwwQy9rdNLVpJNFM08Dc7-qMj8kv8duqEgwaOxBX7v31bHdHTv4XONbpohiTZT-deSNisVGKRGwGq5O5JH94TRfYsyA745EftidGreaLHnck_axzTIj7esM3D1a0zeMRqPeFofbqrWlyYx7PnZeU5EU8X9zaSLf2v-L08yeUCoux9HTAGS9nRLNXNwt0vDjMjzHZp8UH3mD59UimmAd0nWZjNK4sew8F4aaajVACFPGr77bgNRO6MH917MyyLxkRQw7ZsC2FaKaAy9QzmlFHSE4nmP7bp6e7ucUUL7rhrq-KE65dhH68I1AzYUkB5H5iXy3QSQQBDQc1TjwhgFRiKWonnNcbfRPytxRVmkDf39ebyG7x-tRsQXLd4k-clfyZfb0el54Qpx-PLOMEdHWHvJlKcH12w

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.148 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 12 Sep 2022 10:16:45 GMT
server: Kestrel
strict-transport-security: max-age=31536000; preload;
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 3144823
content-type: image/gif
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 m
secure-gl.imrworldwide.com/cgi-bin/ Frame A232 0
680 B 321ms
283ms Image
text/plain 2600:9000:2240:ee00:1e:a43d:b640:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure-gl.imrworldwide.com/cgi-bin/m?ca=nlsn184820&cr=crtve&ce=criteo&pc=criteo_plc0001&ci=nlsnci162&am=3&at=view&rt=banner&st=image&r=1662977805
Requested by: Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Yx8HDAAOk6sKiwDMAAyQqd0t-ph48dRC5m9wtQ&u=%7CSx%2BgiojftOxMEYIr0oAKepA0G%2FWon%2FgM8vWIqbVarO4%3D%7C&c1=0n2XosTo5ckbeNFvq0zVIcsyhyT3WKD0PIixkNz--ZUG2JILUkurhaVHQ6RkVc1uRRN7U2tIy92afbib4fbn5EybKaRfoUCpWgROSpkK00uYfvevcoC6ZEiQLRqu-ImYCZFLEuf3c7eE0IdMDPbSnbzw7sN1RGoG7DGGZUXMPkvZZSxPZOLD2NQIqqbVomQoDtAKJo2aJb_crgBOIe7CzbKaCTz71sdYH3CaP6q955N2Uv8ORWVoUweaY6UON3vQesUf4e43348tnqRSU2R_dkOxo9MLggRsnOHgVxUfnHEaLw3MXaIBxVoI6n701oQ7IE098u2bcNSdBoUqN_are9VrBTChmnZGj82OaUjv5RLsVB9MXwMUzE02a6M8Vzn3VM9YudYknCjG8sJfhwDGSGVmjBHRMGzKWHN9jawE5FsXPBplAz95AFLW5Xep9hOV-zs3oZN2t66g8VKRh8COXYaR1wWlISbOgaa9IfHPMnLryLSITziY_0X3fQv0NzjYhjco9C10TGm62NfPutErFeWKagaXIalyN3P6O9f7i3oRSSKCwgWtX7pusd8tMaFaY9_AsmzMhrecBFLgXQD9NPvDUQy9RuOFFkZlSSu_EiRH096Z4vpDsDsDRo1G79sHxgJ54bN5Oiz8wR7LugPYmQ&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCpEm2DAcfY6unOsyBrASpobJoyZ7SsVzVnZH3cMCNtwEQASAAYJXCpoKwB4IBF2NhLXB1Yi00NjI3NTE3NjgwMjQ5NjcwoAHVttLqA8gBCakChr7End3YsD7gAgCoAwGqBJcCT9DL5ZWu8tGzJR7bcp_Brf_yUjhXhWwpR1XeUDkon7CuxCxl7FraFZRZ9qxr4G4CSgvS9gNgZKHnp35VhBOu3S0HQJ1ikkritMINSJT9dyRdp6y3dD2jErrcQxpjk0dfCrJjzQRE3m1bETu__4PLq_aqzBa3rOMc64Tn6WQtKt4ZnbDIXnvaHUgdzuh2pTCMicNTMZhdTmyipblOaTa6aZs9_pvI4GBFSFGtO5shsBDt8_ebNwEqXy9XsdtkR1NhXHuA-rOoEi0j8Lk0J1ORBp9o1dRIHZCp8jCrOg_TfI0706HIq7w7psIPMiwdQxIyenlSw5mbyda-HEx3Bxt9tUf4YO2TKPPU721qPwlCNi88_D165-On4AQBgAbHzc-Y357tqfkBoAYhqAeKmLECqAemvhuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHANIIEAiI4YAQEAEyA6qCAToCgED6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_1lzmt_kicg7118J0ju0QdCg4-SVg%26client%3Dca-pub-4627517680249670%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2240:ee00:1e:a43d:b640:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 12 Sep 2022 10:16:46 GMT
via: 1.1 9ef1b108656dc6d0707b168b862883dc.cloudfront.net (CloudFront)
server: nginx
x-amz-cf-pop: FRA60-P1
access-control-allow-methods: POST, OPTIONS
p3p: P3P policyref="http://secure-gl.imrworldwide.com/w3c/p3p.xml", CP="NOI DSP COR NID PSA ADM OUR IND UNI NAV COM"
access-control-allow-origin: *
cache-control: no-cache
cross-origin-resource-policy: cross-origin
x-cache: Miss from cloudfront
accept-ch: Sec-CH-Save-Data, Sec-CH-DPR, Sec-CH-Width, Sec-CH-Viewport-Width, Sec-CH-Viewport-Height, Sec-CH-Device-Memory, Sec-CH-RTT, Sec-CH-Downlink, Sec-CH-ECT, Sec-CH-Prefers-Color-Scheme, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
content-length: 0
x-amz-cf-id: 98TyqODQq7gSFsxo5PusG5ZevMkUfh_NCKwaM6Cbt8q7oJuuVzl48g==
expires: Thu, 01 Dec 1994 16:00:00 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame C6A2 3 KB
556 B 23ms
22ms Stylesheet
text/css 2a00:1450:4001:812::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Ubuntu:400,700&subset=latin,cyrillic,latin-ext,cyrillic-ext,vietnamese,greek-ext,greek

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/webfontloader.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

387b160853ac745a823784df8b45b28f35670b19183a76dd64d15ad11bea9273

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 12 Sep 2022 09:34:34 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Mon, 12 Sep 2022 10:16:46 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 12 Sep 2022 10:16:46 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220907/r20110914/client/ Frame 9D8B 3 KB
1 KB 13ms
13ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220907/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4627517680249670&output=html&h=90&slotname=Google_LB_15938Z&adk=4293758812&adf=272530243&pi=t.ma~as.Google_LB_15938Z&w=728&lmt=1662977806&url=https%3A%2F%2Fwww.123greetings.com%2Fevents%2Fharvest_moon_festival%2F%3Futm_source%3Desep_harvestmoonfest_remail&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1662977805815&bpp=12&bdt=138&idt=233&shv=r20220907&mjsv=m202209080101&ptt=5&saldr=sa&cookie=ID%3D73001d4d9d5c0a81-22bad6411ece0001%3AT%3D1662977804%3AS%3DALNI_Ma-X4CJPaoG8EeB_nq2qvBItZ7gdg&correlator=5612363782282&frm=23&ife=4&pv=2&ga_vid=1919503609.1662977805&ga_sid=1662977806&ga_hid=1572201324&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=560&ady=47&biw=1600&bih=1200&isw=728&ish=90&ifk=819492160&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31069448%2C44772928&oid=2&pvsid=3087219198593514&uas=0&nvt=1&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.byvmjqh7brbq&fsb=1&dtd=244

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Mon, 12 Sep 2022 10:01:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 889
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 26 Sep 2022 10:01:57 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220907/r20110914/client/ Frame 9D8B 17 KB
7 KB 14ms
13ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220907/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e368951bc5918b3d9fbc8205bfdf0d8be8b79da09b457bb113307063f3b1bc89

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Mon, 12 Sep 2022 10:12:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 231
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7592
x-xss-protection: 0
server: cafe
etag: 7248493764890666469
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 26 Sep 2022 10:12:55 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 9D8B 141 KB
44 KB 22ms
22ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

50f77fa9d32c1323f7e50da8d807f556cdddaea2161de6cf84a0c8b4c1dd6f79

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Mon, 12 Sep 2022 10:16:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44740
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1662550240112033"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 12 Sep 2022 10:16:46 GMT

GET
H2 200 animejs.js Show response
static.criteo.net/animejs/ Frame 9088 12 KB
6 KB 17ms
16ms Script
text/javascript 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/animejs/animejs.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a2e14a498cfcc1b6920f069a9d657ad3c6fbbe217dd26dbfe54815db5107fed6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Mon, 12 Sep 2022 10:16:46 GMT
content-encoding: gzip
last-modified: Tue, 26 Mar 2019 17:44:11 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5c9a64eb-3181"
strict-transport-security: max-age=31536000; preload;
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 07 Sep 2023 10:16:46 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 9088 11 KB
11 KB 20ms
20ms Image
image/png 178.250.0.139
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?h=76&m=0&partner=2861&q=80&r=0&u=http%3A%2F%2Fstatic.nl.eu.criteo.net%2Fdesign%2Fdt%2F2861%2F190124%2F8d6bc06124f044d4973e0db21c495799_logo.png&v=3&w=596&s=y9MaZ2kysatRTgIoZYWcMJ4C

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.par.vip.prod.criteo.com

Software

Finatra /

Resource Hash

093da471f5256cc2c4143fef0a012c247888761f0d398659582dc56da5769a16

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Mon, 12 Sep 2022 10:16:45 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/png
cache-control: public, max-age=29703812
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 10911
expires: Tue, 22 Aug 2023 05:20:19 GMT

POST
H2 200 all
csm.eu.criteo.net/ Frame 9088 0
127 B 16ms
16ms Ping
text/plain 178.250.0.162
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://csm.eu.criteo.net/all?cppv=3&cpp=ujfKrJ4qTrAtEcrDXEV2bQWr72PLJiJxZ37MLClgFSlfhOQVEPidSrxxSKHjNjZWmf7HXGfGcOwF1bJJ4BBzivbiBLZnTE0Aogs-zZSC9OcnvhXciXICbJJSgitO5NUH7Vuw1yg-sUjvgoj1J3mH-YrFcF9xq6FQXRaZrg12uJ5bdeUsQchQE29hxMomCwQlGoya0QFKFypEGqMjQRNcpkk6nTIUlDGDlmx9x4pqBxNEzp_FOMWzMw7oBp-kgfgYf0zwHQ&sds=2&rev=82694&sendBeacon=true

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.162 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Mon, 12 Sep 2022 10:16:45 GMT
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0
strict-transport-security: max-age=31536000; preload;

GET
H2 200 criteo_logo_2021.svg
static.criteo.net/flash/icon/ Frame 9088 2 KB
1 KB 30ms
30ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/criteo_logo_2021.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Mon, 12 Sep 2022 10:16:46 GMT
content-encoding: gzip
last-modified: Thu, 27 May 2021 13:21:59 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"60af9cf7-891"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 07 Sep 2023 10:16:46 GMT

GET
H2 200 privacy.svg
static.criteo.net/flash/icon/ Frame 9088 2 KB
1 KB 16ms
16ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Mon, 12 Sep 2022 10:16:46 GMT
content-encoding: gzip
last-modified: Wed, 19 Feb 2020 10:57:21 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e4d1491-646"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 07 Sep 2023 10:16:46 GMT

POST
H/1.1 200
OK postback Show response
s.gk.123greetings.com/2/2.68.0/945541/AYHxlO8PEeQbmLmt/ 0
145 B 30ms
30ms XHR
text/plain 34.248.176.243
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.gk.123greetings.com/2/2.68.0/945541/AYHxlO8PEeQbmLmt/postback?dt=9455411658248091559000&pd=mkt&mo=0&si=main&ci=945541&sid=AYHxlO8PEeQbmLmt&oz_sc=385e43d25de8494c566ad975&oz_df=1662977806314&oz_l=123&cv=3
Requested by: Host: s.gk.123greetings.com
URL: https://s.gk.123greetings.com/2/2.68.0/main.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 34.248.176.243 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-248-176-243.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.123greetings.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: *
Date: Mon, 12 Sep 2022 10:16:45 GMT
Timing-Allow-Origin: *
Content-Length: 0
Vary: Origin

GET
H2 200 animejs.js Show response
static.criteo.net/animejs/ Frame B9D6 12 KB
6 KB 18ms
18ms Script
text/javascript 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/animejs/animejs.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a2e14a498cfcc1b6920f069a9d657ad3c6fbbe217dd26dbfe54815db5107fed6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Mon, 12 Sep 2022 10:16:46 GMT
content-encoding: gzip
last-modified: Tue, 26 Mar 2019 17:44:11 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5c9a64eb-3181"
strict-transport-security: max-age=31536000; preload;
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 07 Sep 2023 10:16:46 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame B9D6 11 KB
11 KB 17ms
17ms Image
image/png 178.250.0.139
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.par.vip.prod.criteo.com

Software

Finatra /

Resource Hash

093da471f5256cc2c4143fef0a012c247888761f0d398659582dc56da5769a16

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Mon, 12 Sep 2022 10:16:46 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/png
cache-control: public, max-age=29703812
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 10911
expires: Tue, 22 Aug 2023 05:20:19 GMT

POST
H2 200 all
csm.eu.criteo.net/ Frame B9D6 0
127 B 18ms
18ms Ping
text/plain 178.250.0.162
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://csm.eu.criteo.net/all?cppv=3&cpp=3dq5WJ4qTrAtEcrD2gMyQQ8EVQEt-f656PdATvvf8193eNw9y9sLCXKEAdie6lsXponPhtmTL62XsUaSwoQmeBGuIVLwseGVwmWzE9K8vHFmyM35bAKRVELVvkbWtP_x3TTxoFmqtdf0XGSII4mQBdf3LvDV-e7364D6k48jMmdzyCb9Hid6I2zKd8bf5iK2AEH8yxLPUCD3n95YBOiBwqNRr5zZCPrGZkHN2en5Ps0jlY3Wq4hVo4c3H7WXDPQ6r2V_sQ&sds=2&rev=82694&sendBeacon=true

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.162 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Mon, 12 Sep 2022 10:16:46 GMT
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0
strict-transport-security: max-age=31536000; preload;

GET
H2 200 criteo_logo_2021.svg
static.criteo.net/flash/icon/ Frame B9D6 2 KB
1 KB 15ms
14ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/criteo_logo_2021.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Mon, 12 Sep 2022 10:16:46 GMT
content-encoding: gzip
last-modified: Thu, 27 May 2021 13:21:59 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"60af9cf7-891"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 07 Sep 2023 10:16:46 GMT

GET
H2 200 privacy.svg
static.criteo.net/flash/icon/ Frame B9D6 2 KB
1 KB 18ms
18ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Mon, 12 Sep 2022 10:16:46 GMT
content-encoding: gzip
last-modified: Wed, 19 Feb 2020 10:57:21 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e4d1491-646"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 07 Sep 2023 10:16:46 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 9D8B 0
0 57ms
57ms Fetch
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CeZqJDgcfY4OUBsLk6gS5j7DAD8me0rFc1Z2R93DAjbcBEAEgAGCVwqaCsAeCARdjYS1wdWItNDYyNzUxNzY4MDI0OTY3MKAB1bbS6gPIAQmpAio8rrxJA7E-qAMBqgTZAU_Qw2jMDIfEK3oixeVOQ7pwc1kup3Lj90WVaAVxL2iPw9Yxm_OT5V2Oa5Yhl6kOvky7gKzYExdtKCxIrlsyGxsiJ_SZ3VAgcHr9p_WR7RXCbY6pMga6tnemGr9zKyecKZ8OfilhOJAjMlsLuh76U370Dki5YMNBXXcp7orkEu3w067EK95RjVVvckECN0N2kjgk-O9cmJYUqIx6w4xpmLIxnAJcKXzzIlZl0FnaCPkWF3KPVIzBFP5YVXGc8cQI5wODuaizjCg75qiDJdlo-kGUrf840exAIfOABvu3n5z5tZDzzQGgBiGoB4qYsQKoB6a-G6gHltgbqAeqm7ECqAf_nrECqAffn7EC2AcA0ggPCIDhgBAQATICqgI6AoBAgAoD-gsCCAGADAHQFQGAFwGyFxwKGhIUcHViLTQ2Mjc1MTc2ODAyNDk2NzAY_9cX&sigh=UVodUQxGSTM&uach_m=[UACH]&cid=CAQSOwCsnQUxYfloJ5xFcieO5tbVHIkPUPM1BER0VvDSnV18Yc7zLlC4fznhnVPFfNds0fKyZqBwTV4MBfO1GAE

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4627517680249670&output=html&h=90&slotname=Google_LB_15938Z&adk=4293758812&adf=272530243&pi=t.ma~as.Google_LB_15938Z&w=728&lmt=1662977806&url=https%3A%2F%2Fwww.123greetings.com%2Fevents%2Fharvest_moon_festival%2F%3Futm_source%3Desep_harvestmoonfest_remail&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1662977805815&bpp=12&bdt=138&idt=233&shv=r20220907&mjsv=m202209080101&ptt=5&saldr=sa&cookie=ID%3D73001d4d9d5c0a81-22bad6411ece0001%3AT%3D1662977804%3AS%3DALNI_Ma-X4CJPaoG8EeB_nq2qvBItZ7gdg&correlator=5612363782282&frm=23&ife=4&pv=2&ga_vid=1919503609.1662977805&ga_sid=1662977806&ga_hid=1572201324&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=560&ady=47&biw=1600&bih=1200&isw=728&ish=90&ifk=819492160&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31069448%2C44772928&oid=2&pvsid=3087219198593514&uas=0&nvt=1&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.byvmjqh7brbq&fsb=1&dtd=244
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Mon, 12 Sep 2022 10:16:46 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H2 200 notify
rtb.fr.eu.criteo.com/google/auction/ Frame 9D8B 0
0 17ms
16ms Fetch 2a02:2638::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://rtb.fr.eu.criteo.com/google/auction/notify?profile=14&payload=k8mVD8g12AVanYNiAgIAAAChUTuMmXcfUh983eor5a-cEA0HH2N10VrvsDnJyCfZqQASAAA&wp=Yx8HDgABigMKmrJCAAwHuXIiFajw-0cGW9xPhw

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Mon, 12 Sep 2022 10:16:46 GMT
server: Kestrel
server-processing-duration-in-ticks: 267735
content-length: 0
strict-transport-security: max-age=31536000; preload;

GET
H2 200 afr.php Show response
ads.eu.criteo.com/delivery/r/ Frame BF58 131 KB
44 KB 118ms
118ms Document
text/html 2a02:2638:1::4
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://ads.eu.criteo.com/delivery/r/afr.php?z=Yx8HDgABigMKmrJCAAwHuXIiFajw-0cGW9xPhw&u=%7CYi8xxJG5YRWx4umBsDCObXkpKBKLunjZwj87TDmxq3o%3D%7C&c1=0n2XosTo5clc2Y5hvSIf5mYMGd9qs4qlgkCe6-ijoCTr6STXf6suZykjhxahJw4fZHU2f9-fyNNYWCv0Xi8RcOvJCV9JRWNMzzQeYl8DLmDeiJJmSLJfsjADRhQLIqZ4u-Xj6lsPk87H57SDDE88ieymZEC3zvWCZMqaS0uI6PVbLH_WdnC166Bqj3JyhnP6qQbKe1oe8Aa-IHHyai-jn7h8KqtxjCxxkmhfKCzqCD_MG2yLVnAkJvrNF8qCSWgHEw1_R0ztNb26Cte9qo76ueIGw78kHT71xlUu_LNse_SA84cH0ENq4Fs-YsSEM9rDFDuG3ql-nqhsIcO7eF21NX47OeuP0NR3TGIA_33442jO5YrA7gOq_4kJyJfy1BBqwxUW9gaPI1S1LnphwQBSRnqch51SivmRjP7psnmlFOZa2iLkvg8N133O--yceH13O3aALDGgTPbj_yyjqOOI9zeMx7Gp2Bz_wg3zQXneJ4OqDVBEpiQ6LNrkMrbZcrdXtOoXfyDjim7GVS5YI5IFtSaH1QtvKO9U5V27d_P3Bj1dCCF_s4_8Y1TS_DTxpMwMdkaomGq91oZbmF3bAQIDOXdxUtM4MEFZBnTpq7jVfLQEfrpJBQqSe6cOn4JKZHSdki865vz5BQlOTimdlfRyfQ&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCyAOBDgcfY4OUBsLk6gS5j7DAD8me0rFc1Z2R93DAjbcBEAEgAGCVwqaCsAeCARdjYS1wdWItNDYyNzUxNzY4MDI0OTY3MKAB1bbS6gPIAQmpAio8rrxJA7E-qAMBqgTcAU_Qw2jMDIfEK3oixeVOQ7pwc1kup3Lj90WVaAVxL2iPw9Yxm_OT5V2Oa5Yhl6kOvky7gKzYExdtKCxIrlsyGxsiJ_SZ3VAgcHr9p_WR7RXCbY6pMga6tnemGr9zKyecKZ8OfilhOJAjMlsLuh76U370Dki5YMNBXXcp7orkEu3w067EK95RjVVvckECN0N2kjgk-O9cmJYUqIx6w4xpmLIxnAJcKXzzIlZl0FnaCPkWF3KPFo7ghnnXyWIjbdCrNz4lQaGnhp4xyLABkRFVXLMrs9MgVEbEMkxkdg-ABvu3n5z5tZDzzQGgBiGoB4qYsQKoB6a-G6gHltgbqAeqm7ECqAf_nrECqAffn7EC2AcA0ggPCIDhgBAQATICqgI6AoBA-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_11OoeHY9DRpTB1RyAf3cZ4fsFoUQ%26client%3Dca-pub-4627517680249670%26adurl%3D

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::4 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

621169b0508c317dbd245a0c7e88f7a5c4743a183d887c9493a4f9ead22a6c00

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
access-control-max-age: 1000
cache-control: private, max-age=0, no-cache
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
date: Mon, 12 Sep 2022 10:16:46 GMT
expires: Mon, 26 Jul 1997 05:00:00 GMT
link: <pix.eu.criteo.net>; rel=preconnect; crossorigin, <static.criteo.net>; rel=preconnect; crossorigin
p3p: CP='CUR ADM OUR NOR STA NID'
pragma: no-cache
report-to: {"endpoints":[{"url":"https://csm.eu.criteo.net/heavyad?cppv=3&cpp=3xC_pJ4qTrAtEcrD-vbwJd4l6y6d3nho4ZVow43FFAqjsAjlEEtK9fV51Vc_nzzokHvrf0IP0Y-uZXOC-8jKsp1XJS3PAnrOJhp2A5P1Ffpwkk05UrKFRPe-lBphQS3Sb2vnBzuVpHlXqnrIzQYPME99noTxGi30FT6fGi9qaVXWdLhfHo6kaT2hwJkqTHPf8UBZCWfkhDTKcqZqWT85VYfgjQs1pKdNUG-h6zMneZxCp3h2G8yl02F9oULrN4VNmvsSvg"}], "max_age": 86400}
server: Kestrel
server-processing-duration-in-ticks: 103750081
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 2FEC 1 KB
749 B 15ms
13ms Document
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 85309
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=86400
content-encoding: gzip
content-length: 724
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 11 Sep 2022 10:34:57 GMT
etag: 48472445140208031
expires: Mon, 12 Sep 2022 10:34:57 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 animejs.js Show response
static.criteo.net/animejs/ Frame A232 12 KB
6 KB 15ms
15ms Script
text/javascript 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/animejs/animejs.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a2e14a498cfcc1b6920f069a9d657ad3c6fbbe217dd26dbfe54815db5107fed6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Mon, 12 Sep 2022 10:16:46 GMT
content-encoding: gzip
last-modified: Tue, 26 Mar 2019 17:44:11 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5c9a64eb-3181"
strict-transport-security: max-age=31536000; preload;
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 07 Sep 2023 10:16:46 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame A232 11 KB
11 KB 19ms
17ms Image
image/png 178.250.0.139
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?h=496&m=0&partner=2861&q=80&r=0&u=http%3A%2F%2Fstatic.nl.eu.criteo.net%2Fdesign%2Fdt%2F2861%2F190124%2F8d6bc06124f044d4973e0db21c495799_logo.png&v=3&w=356&s=RvgLKdjxsCa071ptabsHOAat

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.par.vip.prod.criteo.com

Software

Finatra /

Resource Hash

cdeac9e009d394737c133d4f4692a8fe3ee3c88df825af37b647e2610b9082e2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Mon, 12 Sep 2022 10:16:46 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/png
cache-control: public, max-age=29703812
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 11301
expires: Tue, 22 Aug 2023 05:20:19 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame A232 5 KB
5 KB 19ms
16ms Image
image/png 178.250.0.139
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=2861&q=80&r=0&u=http%3A%2F%2Fwww.stepstone.de%2Fupload_DE%2Flogo%2F7%2FlogoRasenBallsport-Leipzig-GmbH-112203DE-2011231618.gif%3Feb%3D1&v=3&w=800&s=uL1eBielVmNzs4UCUlbGoce6&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.par.vip.prod.criteo.com

Software

Finatra /

Resource Hash

049197d27fc218a1fc7185322d281d1f12d8cb637cce49e815600869e12e463a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Mon, 12 Sep 2022 10:16:45 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/png
cache-control: public, max-age=0
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 5240
expires: Mon, 12 Sep 2022 10:16:46 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame A232 2 KB
2 KB 21ms
18ms Image
image/webp 178.250.0.139
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=2861&q=80&r=0&u=http%3A%2F%2Fwww.stepstone.de%2Fupload_DE%2Flogo%2FM%2FlogoMBG_INTERNATIONAL_PREMIUM_BRANDS_50177DE.gif%3Feb%3D1&v=3&w=800&s=lXs1Bpi4AV_UJulwv6lFoiTD&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.par.vip.prod.criteo.com

Software

Finatra /

Resource Hash

c9e46e4d525aaaac2f0d8e1ad054ca27712e468d332c9cff9f3c9555836a3d16

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Mon, 12 Sep 2022 10:16:45 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=853282
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 1954
expires: Thu, 22 Sep 2022 07:18:08 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame A232 1 KB
2 KB 20ms
17ms Image
image/webp 178.250.0.139
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=2861&q=80&r=0&u=http%3A%2F%2Fwww.stepstone.de%2Fupload_DE%2Flogo%2FD%2FlogoDienstleistungs-Center-Halle-GmbH-DLC-Halle-153157DE.gif%3Feb%3D1&v=3&w=800&s=5ZBJ5qniP8NhN_Q2K8FX3HYz&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.par.vip.prod.criteo.com

Software

Finatra /

Resource Hash

5f5654d3095dcc7a871f7d4c1355b2c9eea3eb0d8f72f87e65b0cf51961aefd6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Mon, 12 Sep 2022 10:16:45 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=549123
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 1382
expires: Sun, 18 Sep 2022 18:48:49 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame A232 2 KB
2 KB 19ms
17ms Image
image/webp 178.250.0.139
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=2861&q=80&r=0&u=http%3A%2F%2Fwww.stepstone.de%2Fupload_DE%2Flogo%2F6%2FlogoBosch-Gruppe-2804DE-1909091413.gif%3Feb%3D1&v=3&w=800&s=HYbmSDVtbe5wAnm1TH3AhaIB&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.par.vip.prod.criteo.com

Software

Finatra /

Resource Hash

490319aff00a55cfc00d9e24f71f39fc0801858055c62c07bec8fabf2f6e24ff

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Mon, 12 Sep 2022 10:16:45 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=650977
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 1584
expires: Mon, 19 Sep 2022 23:06:23 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame A232 3 KB
3 KB 21ms
18ms Image
image/webp 178.250.0.139
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=2861&q=80&r=0&u=http%3A%2F%2Fwww.stepstone.de%2Fupload_DE%2Flogo%2F4%2FlogoVerbund-freier-Trainer-und-Coaches-UG-haftungsbeschraenkt-307324DE-2206131139.gif%3Feb%3D1&v=3&w=800&s=Op8RAgVtnaaFG3sAfLcpOTqr&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.par.vip.prod.criteo.com

Software

Finatra /

Resource Hash

bf6ef9f2ec28cdef4f1e3b49e7c0b2a6f05c027fed9f2d685dc7815a2a76c355

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Mon, 12 Sep 2022 10:16:45 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=1029841
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 2732
expires: Sat, 24 Sep 2022 08:20:47 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame A232 1 KB
1 KB 21ms
19ms Image
image/webp 178.250.0.139
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=2861&q=80&r=0&u=http%3A%2F%2Fwww.stepstone.de%2Fupload_DE%2Flogo%2FC%2FlogoMercedes-Benz-AG-237414DE-2106010949.gif%3Feb%3D1&v=3&w=800&s=JIAYYix35VmzVzG5CogYs-G7&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.par.vip.prod.criteo.com

Software

Finatra /

Resource Hash

9a73fe4f2b3f00d5f680adb3d4affae2a924b6ae4e8d3ea009c36f2f9177c0ea

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Mon, 12 Sep 2022 10:16:45 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=1358961
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 1052
expires: Wed, 28 Sep 2022 03:46:08 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame A232 2 KB
2 KB 22ms
20ms Image
image/webp 178.250.0.139
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=2861&q=80&r=0&u=http%3A%2F%2Fwww.stepstone.de%2Fupload_DE%2Flogo%2FR%2FlogoRhenus-KundenProfi-Hof-GmbH-193699DE.gif%3Feb%3D1&v=3&w=800&s=_fqvdkV3ovd3AZbTucxmdsLl&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.par.vip.prod.criteo.com

Software

Finatra /

Resource Hash

3d8f29fb8954a69f281ac639abbb6dbbad52217b8e459b041532d2be67a2f94c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Mon, 12 Sep 2022 10:16:45 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=988537
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 1788
expires: Fri, 23 Sep 2022 20:52:23 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame A232 1 KB
1 KB 23ms
21ms Image
image/webp 178.250.0.139
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=2861&q=80&r=0&u=http%3A%2F%2Fwww.stepstone.de%2Fupload_DE%2Flogo%2FZ%2FlogoZEISS-3427DE.gif%3Feb%3D1&v=3&w=800&s=RrXO-dKDwT9QyY0iBiT47Xw6&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.par.vip.prod.criteo.com

Software

Finatra /

Resource Hash

a6c11502463f3445d37d3184cef1016bb3c77dbc12b88636788632bfe5e87b98

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Mon, 12 Sep 2022 10:16:45 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=24085
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 1244
expires: Mon, 12 Sep 2022 16:58:12 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame A232 2 KB
2 KB 22ms
20ms Image
image/webp 178.250.0.139
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=2861&q=80&r=0&u=http%3A%2F%2Fwww.stepstone.de%2Fupload_DE%2Flogo%2FG%2FlogoGEFTA-Gesellschaft-fur-Telearbeit-144662DE.gif%3Feb%3D1&v=3&w=800&s=hxWj7p5WaCYx56fmRFMBdgb5&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.par.vip.prod.criteo.com

Software

Finatra /

Resource Hash

500d3279302f66fc7a11529941e7d156e45f9b20a70ac0134fbe7fd85caa20a5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Mon, 12 Sep 2022 10:16:45 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=12228
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 1794
expires: Mon, 12 Sep 2022 13:40:34 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame A232 1 KB
2 KB 21ms
19ms Image
image/webp 178.250.0.139
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=2861&q=80&r=0&u=http%3A%2F%2Fwww.stepstone.de%2Fupload_DE%2Flogo%2F7%2FlogoZentiva-Pharma-GmbH-215794DE.gif%3Feb%3D1&v=3&w=800&s=LD2vQo3-rvRzlFX6-xPzXG6u&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.par.vip.prod.criteo.com

Software

Finatra /

Resource Hash

0d168e8f8438f0cc683f74eed223e4dbda39d8c51c36b2f4019f73c9682bee59

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Mon, 12 Sep 2022 10:16:46 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=1718758
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 1288
expires: Sun, 02 Oct 2022 07:42:45 GMT

POST
H2 200 all
csm.eu.criteo.net/ Frame A232 0
127 B 22ms
21ms Ping
text/plain 178.250.0.162
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://csm.eu.criteo.net/all?cppv=3&cpp=jAtkdp4qTrAtEcrDa1UDq_yMqT5KopXRJUcETEHap9LAy4MitEDjykisRAfycpHu0wNyAKjDS6K3PSibr6cpU5vC8f6uUc3_99TpMpRLLqGqA4ZEPobRgrBj2mgd_dOuOlwiHIqyz30ruRxiIIpOVYkideJjRXPIhdggCL0o5nnyCfdy9JO6iuozpDnN1hpkT1xndwhhlIhkljTMV_Cfld_mZZA06-7chbH-VvOcmfXw8t0J478sYn0HESoaktWxEKXpjg&sds=2&rev=82694&sendBeacon=true

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.162 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Mon, 12 Sep 2022 10:16:46 GMT
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0
strict-transport-security: max-age=31536000; preload;

GET
H2 200 criteo_logo_2021.svg
static.criteo.net/flash/icon/ Frame A232 2 KB
1 KB 14ms
13ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/criteo_logo_2021.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Mon, 12 Sep 2022 10:16:46 GMT
content-encoding: gzip
last-modified: Thu, 27 May 2021 13:21:59 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"60af9cf7-891"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 07 Sep 2023 10:16:46 GMT

GET
H2 200 privacy.svg
static.criteo.net/flash/icon/ Frame A232 2 KB
1 KB 14ms
14ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Mon, 12 Sep 2022 10:16:46 GMT
content-encoding: gzip
last-modified: Wed, 19 Feb 2020 10:57:21 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e4d1491-646"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 07 Sep 2023 10:16:46 GMT

GET
H2 200 4iCs6KVjbNBYlgoKfw72.woff2
fonts.gstatic.com/s/ubuntu/v20/ Frame C6A2 34 KB
34 KB 67ms
28ms Font
font/woff2 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/ubuntu/v20/4iCs6KVjbNBYlgoKfw72.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Ubuntu:400,700&subset=latin,cyrillic,latin-ext,cyrillic-ext,vietnamese,greek-ext,greek

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7f653b3ce9d3277457fc6da4edb246ae2f6c913f088c42dcb8cd2e96267aa21a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://ads.eu.criteo.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Tue, 06 Sep 2022 08:45:37 GMT
x-content-type-options: nosniff
age: 523869
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 34852
x-xss-protection: 0
last-modified: Wed, 27 Apr 2022 16:31:23 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 06 Sep 2023 08:45:37 GMT

GET
H2 200 4iCv6KVjbNBYlgoCxCvjsGyN.woff2
fonts.gstatic.com/s/ubuntu/v20/ Frame C6A2 29 KB
30 KB 53ms
14ms Font
font/woff2 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/ubuntu/v20/4iCv6KVjbNBYlgoCxCvjsGyN.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Ubuntu:400,700&subset=latin,cyrillic,latin-ext,cyrillic-ext,vietnamese,greek-ext,greek

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7c00752ce82d6abaed0b9766d35b906b16675facdbe24115b410d1fab975effa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://ads.eu.criteo.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Wed, 07 Sep 2022 19:26:42 GMT
x-content-type-options: nosniff
age: 399004
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29752
x-xss-protection: 0
last-modified: Wed, 27 Apr 2022 17:05:11 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 07 Sep 2023 19:26:42 GMT

GET
DATA 200
OK truncated
/ Frame 9D8B 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1bff78e811485dec4d82003e0a8a70850edf0c00457547ebd33f7d1973dd50c1

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Content-Type: image/png

POST
H/1.1 200
OK postback Show response
s.gk.123greetings.com/2/2.68.0/945541/AYHxlO8PEeQbmLmt/ 0
145 B 29ms
29ms XHR
text/plain 34.248.176.243
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.gk.123greetings.com/2/2.68.0/945541/AYHxlO8PEeQbmLmt/postback?dt=9455411658248091559000&pd=mkt&mo=0&si=main&ci=945541&sid=AYHxlO8PEeQbmLmt&oz_sc=385e43d25de8494c566ad975&oz_df=1662977806550&oz_l=62&cv=3
Requested by: Host: s.gk.123greetings.com
URL: https://s.gk.123greetings.com/2/2.68.0/main.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 34.248.176.243 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-248-176-243.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.123greetings.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: *
Date: Mon, 12 Sep 2022 10:16:45 GMT
Timing-Allow-Origin: *
Content-Length: 0
Vary: Origin

GET
H2 200 privacy_small.svg
static.criteo.net/flash/icon/ Frame BF58 2 KB
1 KB 15ms
14ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy_small.svg

Requested by

Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Yx8HDgABigMKmrJCAAwHuXIiFajw-0cGW9xPhw&u=%7CYi8xxJG5YRWx4umBsDCObXkpKBKLunjZwj87TDmxq3o%3D%7C&c1=0n2XosTo5clc2Y5hvSIf5mYMGd9qs4qlgkCe6-ijoCTr6STXf6suZykjhxahJw4fZHU2f9-fyNNYWCv0Xi8RcOvJCV9JRWNMzzQeYl8DLmDeiJJmSLJfsjADRhQLIqZ4u-Xj6lsPk87H57SDDE88ieymZEC3zvWCZMqaS0uI6PVbLH_WdnC166Bqj3JyhnP6qQbKe1oe8Aa-IHHyai-jn7h8KqtxjCxxkmhfKCzqCD_MG2yLVnAkJvrNF8qCSWgHEw1_R0ztNb26Cte9qo76ueIGw78kHT71xlUu_LNse_SA84cH0ENq4Fs-YsSEM9rDFDuG3ql-nqhsIcO7eF21NX47OeuP0NR3TGIA_33442jO5YrA7gOq_4kJyJfy1BBqwxUW9gaPI1S1LnphwQBSRnqch51SivmRjP7psnmlFOZa2iLkvg8N133O--yceH13O3aALDGgTPbj_yyjqOOI9zeMx7Gp2Bz_wg3zQXneJ4OqDVBEpiQ6LNrkMrbZcrdXtOoXfyDjim7GVS5YI5IFtSaH1QtvKO9U5V27d_P3Bj1dCCF_s4_8Y1TS_DTxpMwMdkaomGq91oZbmF3bAQIDOXdxUtM4MEFZBnTpq7jVfLQEfrpJBQqSe6cOn4JKZHSdki865vz5BQlOTimdlfRyfQ&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCyAOBDgcfY4OUBsLk6gS5j7DAD8me0rFc1Z2R93DAjbcBEAEgAGCVwqaCsAeCARdjYS1wdWItNDYyNzUxNzY4MDI0OTY3MKAB1bbS6gPIAQmpAio8rrxJA7E-qAMBqgTcAU_Qw2jMDIfEK3oixeVOQ7pwc1kup3Lj90WVaAVxL2iPw9Yxm_OT5V2Oa5Yhl6kOvky7gKzYExdtKCxIrlsyGxsiJ_SZ3VAgcHr9p_WR7RXCbY6pMga6tnemGr9zKyecKZ8OfilhOJAjMlsLuh76U370Dki5YMNBXXcp7orkEu3w067EK95RjVVvckECN0N2kjgk-O9cmJYUqIx6w4xpmLIxnAJcKXzzIlZl0FnaCPkWF3KPFo7ghnnXyWIjbdCrNz4lQaGnhp4xyLABkRFVXLMrs9MgVEbEMkxkdg-ABvu3n5z5tZDzzQGgBiGoB4qYsQKoB6a-G6gHltgbqAeqm7ECqAf_nrECqAffn7EC2AcA0ggPCIDhgBAQATICqgI6AoBA-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_11OoeHY9DRpTB1RyAf3cZ4fsFoUQ%26client%3Dca-pub-4627517680249670%26adurl%3D

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Mon, 12 Sep 2022 10:16:46 GMT
content-encoding: gzip
last-modified: Tue, 11 Feb 2020 14:30:28 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42ba84-6aa"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 07 Sep 2023 10:16:46 GMT

GET
H2 200 adchoices_de.svg
static.criteo.net/flash/icon/ Frame BF58 2 KB
1 KB 15ms
15ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/adchoices_de.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

f5ac04f16be2eb0fbb4477e9e100a88674bda296ce7acf2419ec2898858b37f1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Mon, 12 Sep 2022 10:16:46 GMT
content-encoding: gzip
last-modified: Tue, 11 Feb 2020 14:27:58 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42b9ee-763"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 07 Sep 2023 10:16:46 GMT

GET
H2 200 close_button.svg
static.criteo.net/flash/icon/ Frame BF58 308 B
636 B 22ms
22ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/close_button.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Mon, 12 Sep 2022 10:16:46 GMT
last-modified: Fri, 14 Feb 2020 13:51:32 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "5e46a5e4-134"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 308
expires: Thu, 07 Sep 2023 10:16:46 GMT

GET
H2 200 back_button2.svg
static.criteo.net/flash/icon/ Frame BF58 293 B
621 B 17ms
16ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/back_button2.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

725e869434fef8013208ed4c233d29744f9b363f867dcfb8f23e862880fa699a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Mon, 12 Sep 2022 10:16:46 GMT
last-modified: Thu, 28 Apr 2022 09:09:48 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "626a59dc-125"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 293
expires: Thu, 07 Sep 2023 10:16:46 GMT

GET
H2 200 lg.php
cat.nl.eu.criteo.com/delivery/ Frame BF58 43 B
347 B 19ms
18ms Image
image/gif 178.250.2.148
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cat.nl.eu.criteo.com/delivery/lg.php?cppv=3&cpp=qoDTI5u2IlWWaO66vRO66NKsC5xBSDYn7JBd2m8AbA6mXpAF_CdrLfDeVsqXAO-W0Muv9q85cH-iAFIOCxUJ94MoAvZBn4mf_8usas4MIx2Sy8E9D7XKEtpQAZouxzhCgjle2HSArFvPp8ANmZfdWcaXi8IE_-TrsbH9X40E8omgT-qayidGSt1yKaDxdfSJf7epbkIPt-VCKe-Le4u-Mcbd6IaieN1-gl1RmCeXDXLG3u6IM_sp0ngFnZmtc3Pn-nQrJDVvBBuxT2OXhE6P6WD06zygKne9scpCKGwkmQzevFl6E9SqBrtCERvOHfsJmLjayO3qYVBQqai8_b8Z2xZUGHJGDa52pGZHoKTypHJbPxdd4pcHDmcignLh4QQuY5uLR5sTFpGnzG6O2ehlG3vk4ybyXpn08Rbk-YYaXmGwPEUH

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.148 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 12 Sep 2022 10:16:45 GMT
server: Kestrel
strict-transport-security: max-age=31536000; preload;
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 3163559
content-type: image/gif
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 video-loader2-cr.js Show response
cdn.avantisvideo.com/js/ Frame FCB1 115 KB
37 KB 8ms
8ms Script
application/javascript 2600:9000:2490:a00:1c:38a0:8a40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.avantisvideo.com/js/video-loader2-cr.js?id=1c35f5e5-f7c0-4c97-8283-6c9f94ba8c53&tagId=1
Requested by: Host: cdn.avantisvideo.com
URL: https://cdn.avantisvideo.com/avm/js/video-loader.js?id=1c35f5e5-f7c0-4c97-8283-6c9f94ba8c53&tagId=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2490:a00:1c:38a0:8a40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: b2675f2bc3393449a44784c7815f9c36449024e4397d7f174812c42c6bbaa148

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Sun, 11 Sep 2022 10:35:56 GMT
content-encoding: gzip
last-modified: Wed, 10 Aug 2022 07:12:05 GMT
server: AmazonS3
age: 85251
etag: W/"34fc05e1a66d53097cb2d428812d10e3"
vary: Accept-Encoding
x-cache: Hit from cloudfront
x-amz-version-id: 23HYQ0o2ylfY4CikTtNpDIRIBjFm3stq
via: 1.1 6b85d8725dd6471c3db1f65d4096afc4.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P6
content-type: application/javascript
x-amz-cf-id: Rgc0mibwMxW-O7c8U9eIw4i1AyO5N647RByc5ptgNCTd80ibt8hQiw==

GET
H2 200 video-loader2.1-cr.js Show response
cdn.avantisvideo.com/js/ Frame FCB1 115 KB
37 KB 10ms
9ms Script
application/javascript 2600:9000:2490:a00:1c:38a0:8a40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.avantisvideo.com/js/video-loader2.1-cr.js?id=1c35f5e5-f7c0-4c97-8283-6c9f94ba8c53&tagId=1
Requested by: Host: cdn.avantisvideo.com
URL: https://cdn.avantisvideo.com/avm/js/video-loader.js?id=1c35f5e5-f7c0-4c97-8283-6c9f94ba8c53&tagId=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2490:a00:1c:38a0:8a40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 9f85b446cf7c5640aa90f2663bf232af45a2d4ebd65fcf60a3105f400ea8bdac

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

x-amz-version-id: R3srv_l_.CCJ9VrYZEKFH47S4Xn_qYV0
content-encoding: gzip
last-modified: Mon, 15 Aug 2022 08:52:18 GMT
server: AmazonS3
age: 34292
etag: W/"e47a13a604e4ac4e6ccdc005c9e93287"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 6b85d8725dd6471c3db1f65d4096afc4.cloudfront.net (CloudFront)
date: Mon, 12 Sep 2022 00:45:17 GMT
x-amz-cf-pop: FRA56-P6
x-amz-cf-id: K6griBx5jEN-O9TaE9VUPs21a7_bIAnxuGk51cplpnEe4O_uyK2lvw==

GET
H2 200 video-loader2-cr.js Show response
cdn.avantisvideo.com/js/ Frame C44B 115 KB
37 KB 8ms
8ms Script
application/javascript 2600:9000:2490:a00:1c:38a0:8a40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.avantisvideo.com/js/video-loader2-cr.js?id=1c35f5e5-f7c0-4c97-8283-6c9f94ba8c53&tagId=1
Requested by: Host: cdn.avantisvideo.com
URL: https://cdn.avantisvideo.com/avm/js/video-loader.js?id=1c35f5e5-f7c0-4c97-8283-6c9f94ba8c53&tagId=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2490:a00:1c:38a0:8a40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: b2675f2bc3393449a44784c7815f9c36449024e4397d7f174812c42c6bbaa148

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Sun, 11 Sep 2022 10:35:56 GMT
content-encoding: gzip
last-modified: Wed, 10 Aug 2022 07:12:05 GMT
server: AmazonS3
age: 85251
etag: W/"34fc05e1a66d53097cb2d428812d10e3"
vary: Accept-Encoding
x-cache: Hit from cloudfront
x-amz-version-id: 23HYQ0o2ylfY4CikTtNpDIRIBjFm3stq
via: 1.1 6b85d8725dd6471c3db1f65d4096afc4.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P6
content-type: application/javascript
x-amz-cf-id: EofrU80nYxhZcrdCt7yqZpMLEDyvLFTzhQXfxMeLRUrZIMLozdHUZA==

GET /
google2waycm.netmng.com/cm/ Frame 2FEC 0
0

GET
H2 200 google
match.adsrvr.org/track/cmf/ Frame 2FEC 70 B
265 B 111ms
34ms Image
image/gif 52.223.40.198
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/google?google_gid=CAESENfQt4hR61wMIYZKknj3-6s&google_cver=1&google_push=AehlK4Az3amMJJRvpOFBb0Zoo_U1k77VHucBlJk8eMJNGlnk2iqQcmgBhvNNc7azxcZe_Telb9Ivtb5uWCTWkHF1J2B3KX91DbY0
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4627517680249670&output=html&h=90&slotname=Google_LB_15938Z&adk=4293758812&adf=272530243&pi=t.ma~as.Google_LB_15938Z&w=728&lmt=1662977806&url=https%3A%2F%2Fwww.123greetings.com%2Fevents%2Fharvest_moon_festival%2F%3Futm_source%3Desep_harvestmoonfest_remail&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1662977805815&bpp=12&bdt=138&idt=233&shv=r20220907&mjsv=m202209080101&ptt=5&saldr=sa&cookie=ID%3D73001d4d9d5c0a81-22bad6411ece0001%3AT%3D1662977804%3AS%3DALNI_Ma-X4CJPaoG8EeB_nq2qvBItZ7gdg&correlator=5612363782282&frm=23&ife=4&pv=2&ga_vid=1919503609.1662977805&ga_sid=1662977806&ga_hid=1572201324&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=560&ady=47&biw=1600&bih=1200&isw=728&ish=90&ifk=819492160&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31069448%2C44772928&oid=2&pvsid=3087219198593514&uas=0&nvt=1&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.byvmjqh7brbq&fsb=1&dtd=244
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.223.40.198 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 12 Sep 2022 10:16:46 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 2FEC
Redirect Chain

https://d5p.de17a.com/cookies/google?google_gid=CAESEPnTD6a7GjebtfzDlsTREOI&google_cver=1&google_push=AehlK4BdEshzVngAIA9Vb_waq3kilytKhQDOFTzUEF4ogcOim-imTFOd2N05GplhapsRKIjfomS3wS7yQZiFjyDtopt7s4K...
https://d5p.de17a.com/cookies/google;c?google_gid=CAESEPnTD6a7GjebtfzDlsTREOI&google_cver=1&google_push=AehlK4BdEshzVngAIA9Vb_waq3kilytKhQDOFTzUEF4ogcOim-imTFOd2N05GplhapsRKIjfomS3wS7yQZiFjyDtopt7s...
https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=AehlK4BdEshzVngAIA9Vb_waq3kilytKhQDOFTzUEF4ogcOim-imTFOd2N05GplhapsRKIjfomS3wS7yQZiFjyDtopt7s4KhM6sg

170 B
188 B

25ms
24ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=AehlK4BdEshzVngAIA9Vb_waq3kilytKhQDOFTzUEF4ogcOim-imTFOd2N05GplhapsRKIjfomS3wS7yQZiFjyDtopt7s4KhM6sg

Protocol

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 12 Sep 2022 10:16:46 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=AehlK4BdEshzVngAIA9Vb_waq3kilytKhQDOFTzUEF4ogcOim-imTFOd2N05GplhapsRKIjfomS3wS7yQZiFjyDtopt7s4KhM6sg
content-length: 0
p3p: CP=NON CURa ADMa DEVa TAIa OUR STP IND UNI COM NAV

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 2FEC
Redirect Chain

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEKIAjcU-cmdHjChZJ800ioc&google_cver=1&google_push=AehlK4B9fu8hkg2LdVttYdCLCHLuVsUk-eF6a3ISMgfEX4bdOu40DeFV_RU-pxEKHthp3h04MiRryMsy...
https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESEKIAjcU-cmdHjChZJ800ioc&google_cver=1&google_push=AehlK4B9fu8hkg2LdVttYdCLCHLuVsUk-eF6a3ISMgfEX4bdOu40DeFV_RU-pxEKHthp3h04MiR...
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=NjE0ODg0OTA5Nzg3NjY0OTAzOQ&google_push=AehlK4B9fu8hkg2LdVttYdCLCHLuVsUk-eF6a3ISMgfEX4bdOu40DeFV_RU-pxEKHthp3h04MiRryM...

170 B
188 B

25ms
24ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=NjE0ODg0OTA5Nzg3NjY0OTAzOQ&google_push=AehlK4B9fu8hkg2LdVttYdCLCHLuVsUk-eF6a3ISMgfEX4bdOu40DeFV_RU-pxEKHthp3h04MiRryMsyHjLPPzZdKLzeOmVCYVuD

Protocol

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 12 Sep 2022 10:16:46 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 12 Sep 2022 10:16:46 GMT
server: nginx
location: https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=NjE0ODg0OTA5Nzg3NjY0OTAzOQ&google_push=AehlK4B9fu8hkg2LdVttYdCLCHLuVsUk-eF6a3ISMgfEX4bdOu40DeFV_RU-pxEKHthp3h04MiRryMsyHjLPPzZdKLzeOmVCYVuD
access-control-max-age: 86400
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 2FEC
Redirect Chain

https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEADGLJul88TiBpnFhCwtiAQ&google_cver=1&google_push=AehlK4AfjFmwKbU9RrmsaD0cVcxG8NRU0wbahGwkbiiIYrsNvX-k5NBqG5K_ABo08JbKPNs8GW...
https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEADGLJul88TiBpnFhCwtiAQ&google_cver=1&google_push=AehlK4AfjFmwKbU9RrmsaD0cVcxG8NRU0wbahGwkbiiIYrsNvX-k5NBqG5K_ABo08JbKPNs8GW...
https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS13S01YX3BGRTJ1RnJJQko4ZkhDd0ZVcmNwdmREWlIxcX5B&google_push=AehlK4AfjFmwKbU9RrmsaD0cVcxG8NRU0wbahGwkbiiIYrsNvX-k5NBqG...

170 B
188 B

52ms
24ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS13S01YX3BGRTJ1RnJJQko4ZkhDd0ZVcmNwdmREWlIxcX5B&google_push=AehlK4AfjFmwKbU9RrmsaD0cVcxG8NRU0wbahGwkbiiIYrsNvX-k5NBqG5K_ABo08JbKPNs8GWb-m0z9hmM02OOt6dwpNLzacA87

Requested by

Protocol

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 12 Sep 2022 10:16:46 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS13S01YX3BGRTJ1RnJJQko4ZkhDd0ZVcmNwdmREWlIxcX5B&google_push=AehlK4AfjFmwKbU9RrmsaD0cVcxG8NRU0wbahGwkbiiIYrsNvX-k5NBqG5K_ABo08JbKPNs8GWb-m0z9hmM02OOt6dwpNLzacA87
date: Mon, 12 Sep 2022 10:16:46 GMT
server: ATS/9.1.10.25
age: 0
content-length: 0
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H2 200 dot.gif
s0.2mdn.net/ Frame 2FEC 43 B
577 B 96ms
20ms Image
image/gif 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/dot.gif?google_gid=CAESEGthWzfeCHT8fPNTFP51Td0&google_cver=1&google_push=AehlK4AJRB1pi62RlDBfUZZbQCd1bwlITVTyz7Ez2mYN5DpcqIUi43S8K2nKLXC1vtal1GQEl9oG0UQYeUh3jFq_ppI7khHDDxyH

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Mon, 12 Sep 2022 10:16:46 GMT
x-content-type-options: nosniff
last-modified: Sun, 01 Feb 2009 08:00:00 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 43
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 13 Sep 2022 10:16:46 GMT

GET
H2

200

/
onetag-sys.com/match/ Frame 2FEC
Redirect Chain

https://onetag-sys.com/match/?int_id=106&redir=1&google_gid=CAESEJNn1gvWtzKJFI2VpqUElZ4&google_cver=1&google_push=AehlK4Ap34GJZxMV16bdwnvVlZ5RaphUShNi6GDjEKH1b9iT_1WfMnci043i1f5l5lz7nfo3DeveAXpQLxb...
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AehlK4Ap34GJZxMV16bdwnvVlZ5RaphUShNi6GDjEKH1b9iT_1WfMnci043i1f5l5lz7nfo3DeveAXpQLxbAuFOQGXeRsIA8UsB4bQ
https://onetag-sys.com/match/?int_id=19&google_error=5

0
151 B

15ms
14ms

Image
text/plain

51.75.86.98
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://onetag-sys.com/match/?int_id=19&google_error=5

Requested by

Protocol

Server

51.75.86.98 Istanbul, Turkey, ASN16276 (OVH, FR),

Reverse DNS

ip98.ip-51-75-86.eu

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Redirect headers

pragma: no-cache
date: Mon, 12 Sep 2022 10:16:46 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://onetag-sys.com/match/?int_id=19&google_error=5
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 255
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 attr
cm.g.doubleclick.net/pixel/ Frame 2FEC 0
223 B 84ms
32ms Image
text/html 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13LuKZGGd2ldcUwmV1IIIfXQ3R-sBUkhinP44aBGabUX71WNOxu3yo-Il5I25QYOv66yYLZz45t9

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Mon, 12 Sep 2022 10:16:46 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 webfontloader.js Show response
cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/ Frame BF58 12 KB
5 KB 26ms
15ms Script
application/javascript 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/webfontloader.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e0ee294b5487df566aad23b603fd902535634cfa957be8e7620396515afb1047

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Mon, 12 Sep 2022 10:16:46 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 1694562
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 4420
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:17:52 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb04030-30d9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VnvR4A3vDds9FkhOg%2FcF0FaVwM3ki4e89zt8Nx%2FP6cRFGsgRsaAqNW9hr0P%2F1NwbWpXC7Dh27ybGbaXU%2F%2FrkNXMlGcsa6K0SKiveVKh%2F2y5dH4A140%2BjkJHP8MIj3DjUo%2FWA4nZo6dGRjwaS%2BoQMR6iF"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 7497e3bbab699211-FRA
expires: Sat, 02 Sep 2023 10:16:46 GMT

GET
H2 200 animejs.js Show response
static.criteo.net/animejs/ Frame BF58 12 KB
6 KB 21ms
21ms Script
text/javascript 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/animejs/animejs.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a2e14a498cfcc1b6920f069a9d657ad3c6fbbe217dd26dbfe54815db5107fed6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Mon, 12 Sep 2022 10:16:46 GMT
content-encoding: gzip
last-modified: Tue, 26 Mar 2019 17:44:11 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5c9a64eb-3181"
strict-transport-security: max-age=31536000; preload;
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 07 Sep 2023 10:16:46 GMT

GET
H2 200 cf30020f90e44d2a9f2f7b3f469312a3_futurapt-book.woff
static.criteo.net/design/dt/ Frame BF58 56 KB
56 KB 49ms
17ms Font
application/octet-stream 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/design/dt/cf30020f90e44d2a9f2f7b3f469312a3_futurapt-book.woff

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

c6dce203eff7d8b8f5dcefa115f94dfe9782d033eba8704874619d6ba3a7acdf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
Origin: https://ads.eu.criteo.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Mon, 12 Sep 2022 10:16:46 GMT
content-encoding: gzip
last-modified: Thu, 09 Apr 2020 09:17:15 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e8ee81b-df6f"
strict-transport-security: max-age=31536000; preload;
content-type: text/plain; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 07 Sep 2023 10:16:46 GMT

GET
H2 200 9a58e16888ae408b81625a8aa64d7fe5_futurapt-light.woff
static.criteo.net/design/dt/ Frame BF58 56 KB
57 KB 70ms
39ms Font
application/octet-stream 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/design/dt/9a58e16888ae408b81625a8aa64d7fe5_futurapt-light.woff

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

0085913a44e60ae8a0f4d384c41b13fd45c206648a664de76916055789dafbf5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
Origin: https://ads.eu.criteo.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Mon, 12 Sep 2022 10:16:46 GMT
content-encoding: gzip
last-modified: Thu, 09 Apr 2020 09:17:15 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e8ee81b-e1cf"
strict-transport-security: max-age=31536000; preload;
content-type: text/plain; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 07 Sep 2023 10:16:46 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame BF58 4 KB
5 KB 17ms
17ms Image
image/png 178.250.0.139
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?h=176&m=0&partner=78987&q=80&r=0&u=http%3A%2F%2Fstatic.nl.eu.criteo.net%2Fdesign%2Fdt%2F46479%2F200421%2Fd3152dd467de44ed9cae21c72c7f2963_vitkac.png&v=3&w=256&s=JtwRrfS9unMbiKhvuKqPAzYm

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.par.vip.prod.criteo.com

Software

Finatra /

Resource Hash

cf466fafa1bb73ab0233a268045f4c082c33eccadbfd833d4d75503284f8605c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Mon, 12 Sep 2022 10:16:46 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/png
cache-control: public, max-age=29432866
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 4359
expires: Sat, 19 Aug 2023 02:04:32 GMT

POST
H2 200 all
csm.eu.criteo.net/ Frame BF58 0
127 B 18ms
18ms Ping
text/plain 178.250.0.162
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://csm.eu.criteo.net/all?cppv=3&cpp=3xC_pJ4qTrAtEcrD-vbwJd4l6y6d3nho4ZVow43FFAqjsAjlEEtK9fV51Vc_nzzokHvrf0IP0Y-uZXOC-8jKsp1XJS3PAnrOJhp2A5P1Ffpwkk05UrKFRPe-lBphQS3Sb2vnBzuVpHlXqnrIzQYPME99noTxGi30FT6fGi9qaVXWdLhfHo6kaT2hwJkqTHPf8UBZCWfkhDTKcqZqWT85VYfgjQs1pKdNUG-h6zMneZxCp3h2G8yl02F9oULrN4VNmvsSvg&sds=2&rev=82694&sendBeacon=true

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.162 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Mon, 12 Sep 2022 10:16:46 GMT
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0
strict-transport-security: max-age=31536000; preload;

GET
H2 200 criteo_logo_2021.svg
static.criteo.net/flash/icon/ Frame BF58 2 KB
1 KB 18ms
18ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/criteo_logo_2021.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Mon, 12 Sep 2022 10:16:46 GMT
content-encoding: gzip
last-modified: Thu, 27 May 2021 13:21:59 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"60af9cf7-891"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 07 Sep 2023 10:16:46 GMT

GET
H2 200 privacy.svg
static.criteo.net/flash/icon/ Frame BF58 2 KB
1 KB 15ms
15ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Mon, 12 Sep 2022 10:16:46 GMT
content-encoding: gzip
last-modified: Wed, 19 Feb 2020 10:57:21 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e4d1491-646"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 07 Sep 2023 10:16:46 GMT

GET
H2 200 geoip Show response
avm.avantisvideo.com/api/v1/ Frame FCB1 216 B
968 B 292ms
290ms XHR
application/json 2600:9000:223e:a00:3:748e:7940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://avm.avantisvideo.com/api/v1/geoip

Requested by

Host: cdn.avantisvideo.com
URL: https://cdn.avantisvideo.com/js/video-loader2-cr.js?id=1c35f5e5-f7c0-4c97-8283-6c9f94ba8c53&tagId=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223e:a00:3:748e:7940:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

e23681164d34e4bd95bfdc7d1c1a2f9b4a1d521a1c2266db74175e162b3638da

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.123greetings.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type: application/json

Response headers

content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
via: 1.1 a89f27dcb39a061266ddc18ab5416cba.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-permitted-cross-domain-policies: none
x-amz-cf-pop: FRA56-P4
x-dns-prefetch-control: off
x-cache: Miss from cloudfront
vary: Origin
content-length: 216
x-xss-protection: 0
referrer-policy: no-referrer
x-frame-options: SAMEORIGIN
date: Mon, 12 Sep 2022 10:16:47 GMT
expect-ct: max-age=0
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.123greetings.com
access-control-allow-credentials: true
x-amz-cf-id: KaF9d51-H65Yeda9Qc68QS1l2gfu771S6U18LG7vVn-Rjf-InaC9Ew==

OPTIONS
H2 204 geoip
avm.avantisvideo.com/api/v1/ Frame 0
0 154ms
151ms Preflight 2600:9000:223e:a00:3:748e:7940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://avm.avantisvideo.com/api/v1/geoip

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223e:a00:3:748e:7940:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: GET
Origin: https://www.123greetings.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET,HEAD,PUT,POST,DELETE,PATCH
access-control-allow-origin: https://www.123greetings.com
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
date: Mon, 12 Sep 2022 10:16:46 GMT
expect-ct: max-age=0
referrer-policy: no-referrer
strict-transport-security: max-age=15552000; includeSubDomains
vary: Origin
via: 1.1 a89f27dcb39a061266ddc18ab5416cba.cloudfront.net (CloudFront)
x-amz-cf-id: vcLVda8HrgrkMNtv3Bf1uqMDV_TqDK8wPJFigvE3aI8mstkQInXT_Q==
x-amz-cf-pop: FRA56-P4
x-cache: Miss from cloudfront
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-xss-protection: 0

POST
H2 204 /
events1.avantisvideo.com/ Frame FCB1 0
34 B 161ms
161ms Ping
text/plain 44.224.187.254
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://events1.avantisvideo.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 44.224.187.254 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-224-187-254.us-west-2.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.123greetings.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Mon, 12 Sep 2022 10:16:46 GMT

GET
H2 200 geoip Show response
avm.avantisvideo.com/api/v1/ Frame C44B 216 B
968 B 294ms
293ms XHR
application/json 2600:9000:223e:a00:3:748e:7940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://avm.avantisvideo.com/api/v1/geoip

Requested by

Host: cdn.avantisvideo.com
URL: https://cdn.avantisvideo.com/js/video-loader2-cr.js?id=1c35f5e5-f7c0-4c97-8283-6c9f94ba8c53&tagId=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223e:a00:3:748e:7940:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

e23681164d34e4bd95bfdc7d1c1a2f9b4a1d521a1c2266db74175e162b3638da

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.123greetings.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type: application/json

Response headers

content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
via: 1.1 a89f27dcb39a061266ddc18ab5416cba.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-permitted-cross-domain-policies: none
x-amz-cf-pop: FRA56-P4
x-dns-prefetch-control: off
x-cache: Miss from cloudfront
vary: Origin
content-length: 216
x-xss-protection: 0
referrer-policy: no-referrer
x-frame-options: SAMEORIGIN
date: Mon, 12 Sep 2022 10:16:47 GMT
expect-ct: max-age=0
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.123greetings.com
access-control-allow-credentials: true
x-amz-cf-id: PV8_8_Q10B2Ge7_m418BIcM1kxdsUjcB3YguRh6RNbNbw9ecyeuYlQ==

OPTIONS
H2 204 geoip
avm.avantisvideo.com/api/v1/ Frame 0
0 149ms
149ms Preflight 2600:9000:223e:a00:3:748e:7940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://avm.avantisvideo.com/api/v1/geoip

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223e:a00:3:748e:7940:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: GET
Origin: https://www.123greetings.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET,HEAD,PUT,POST,DELETE,PATCH
access-control-allow-origin: https://www.123greetings.com
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
date: Mon, 12 Sep 2022 10:16:46 GMT
expect-ct: max-age=0
referrer-policy: no-referrer
strict-transport-security: max-age=15552000; includeSubDomains
vary: Origin
via: 1.1 a89f27dcb39a061266ddc18ab5416cba.cloudfront.net (CloudFront)
x-amz-cf-id: 9vP9tcEpxkKftxrdVkK37pvXs-A-3rP_UIWPNQSOQsOqnjgafJT5jw==
x-amz-cf-pop: FRA56-P4
x-cache: Miss from cloudfront
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-xss-protection: 0

OPTIONS
H2 204 geoip
avm.avantisvideo.com/api/v1/ Frame 0
0 148ms
148ms Preflight 2600:9000:223e:a00:3:748e:7940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://avm.avantisvideo.com/api/v1/geoip

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223e:a00:3:748e:7940:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: GET
Origin: https://www.123greetings.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET,HEAD,PUT,POST,DELETE,PATCH
access-control-allow-origin: https://www.123greetings.com
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
date: Mon, 12 Sep 2022 10:16:46 GMT
expect-ct: max-age=0
referrer-policy: no-referrer
strict-transport-security: max-age=15552000; includeSubDomains
vary: Origin
via: 1.1 a89f27dcb39a061266ddc18ab5416cba.cloudfront.net (CloudFront)
x-amz-cf-id: rkIyDqBD5NV-SbpdRMmFxuXSNOiPK3RXiSSwxNUqo_kojJlJgybTWA==
x-amz-cf-pop: FRA56-P4
x-cache: Miss from cloudfront
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-xss-protection: 0

GET
H2 200 geoip Show response
avm.avantisvideo.com/api/v1/ Frame C44B 216 B
968 B 295ms
294ms XHR
application/json 2600:9000:223e:a00:3:748e:7940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://avm.avantisvideo.com/api/v1/geoip

Requested by

Host: cdn.avantisvideo.com
URL: https://cdn.avantisvideo.com/js/video-loader2-cr.js?id=1c35f5e5-f7c0-4c97-8283-6c9f94ba8c53&tagId=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223e:a00:3:748e:7940:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

e23681164d34e4bd95bfdc7d1c1a2f9b4a1d521a1c2266db74175e162b3638da

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.123greetings.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type: application/json

Response headers

content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
via: 1.1 a89f27dcb39a061266ddc18ab5416cba.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-permitted-cross-domain-policies: none
x-amz-cf-pop: FRA56-P4
x-dns-prefetch-control: off
x-cache: Miss from cloudfront
vary: Origin
content-length: 216
x-xss-protection: 0
referrer-policy: no-referrer
x-frame-options: SAMEORIGIN
date: Mon, 12 Sep 2022 10:16:47 GMT
expect-ct: max-age=0
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.123greetings.com
access-control-allow-credentials: true
x-amz-cf-id: 2bAce9gz_DlmPKBjZ9fCUg2PIcptXCF9mWK21Ow9nloGcTwrthsR_g==

GET
H2 200 geoip Show response
avm.avantisvideo.com/api/v1/ Frame FCB1 216 B
970 B 288ms
287ms XHR
application/json 2600:9000:223e:a00:3:748e:7940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://avm.avantisvideo.com/api/v1/geoip

Requested by

Host: cdn.avantisvideo.com
URL: https://cdn.avantisvideo.com/js/video-loader2.1-cr.js?id=1c35f5e5-f7c0-4c97-8283-6c9f94ba8c53&tagId=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223e:a00:3:748e:7940:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

e23681164d34e4bd95bfdc7d1c1a2f9b4a1d521a1c2266db74175e162b3638da

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.123greetings.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type: application/json

Response headers

content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
via: 1.1 a89f27dcb39a061266ddc18ab5416cba.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-permitted-cross-domain-policies: none
x-amz-cf-pop: FRA56-P4
x-dns-prefetch-control: off
x-cache: Miss from cloudfront
vary: Origin
content-length: 216
x-xss-protection: 0
referrer-policy: no-referrer
x-frame-options: SAMEORIGIN
date: Mon, 12 Sep 2022 10:16:47 GMT
expect-ct: max-age=0
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.123greetings.com
access-control-allow-credentials: true
x-amz-cf-id: 0y7Jk2tvynPCXZZyd6xbPwaAg54bEJPhlbPKDpAdIZQ-9xjpatBAjA==

OPTIONS
H2 204 geoip
avm.avantisvideo.com/api/v1/ Frame 0
0 284ms
284ms Preflight 2600:9000:223e:a00:3:748e:7940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://avm.avantisvideo.com/api/v1/geoip

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223e:a00:3:748e:7940:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: GET
Origin: https://www.123greetings.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET,HEAD,PUT,POST,DELETE,PATCH
access-control-allow-origin: https://www.123greetings.com
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
date: Mon, 12 Sep 2022 10:16:46 GMT
expect-ct: max-age=0
referrer-policy: no-referrer
strict-transport-security: max-age=15552000; includeSubDomains
vary: Origin
via: 1.1 a89f27dcb39a061266ddc18ab5416cba.cloudfront.net (CloudFront)
x-amz-cf-id: JM12MeDNya6KTrGkPiIXV0ohzVKTAiOMcz_M7v1D3XPkCVOEXknGVA==
x-amz-cf-pop: FRA56-P4
x-cache: Miss from cloudfront
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-xss-protection: 0

POST
H2 204 /
events1.avantisvideo.com/ Frame C44B 0
34 B 162ms
162ms Ping
text/plain 44.224.187.254
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://events1.avantisvideo.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 44.224.187.254 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-224-187-254.us-west-2.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.123greetings.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Mon, 12 Sep 2022 10:16:46 GMT

POST
H2 204 /
events1.avantisvideo.com/ Frame C44B 0
34 B 162ms
162ms Ping
text/plain 44.224.187.254
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://events1.avantisvideo.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 44.224.187.254 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-224-187-254.us-west-2.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.123greetings.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Mon, 12 Sep 2022 10:16:46 GMT

POST
H2 204 /
events1.avantisvideo.com/ Frame FCB1 0
34 B 161ms
161ms Ping
text/plain 44.224.187.254
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://events1.avantisvideo.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 44.224.187.254 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-224-187-254.us-west-2.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.123greetings.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Mon, 12 Sep 2022 10:16:46 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame F3D0 0
0 50ms
50ms Fetch
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvH5NPatCQTMl1cZNh0MLqOzKCn4LQO6uoXxVlsz1uFvodsT9jOYWYuSrLsi38YLXlcDKEZHi1gcSMt1mk6lYDrUOfEVRLfRBPaxC2RlRZYbWZabSFMj-SjTnwC40B1aYVJxMoe6CP8ZMI8_d8ju6fHkyTMV5ePBHfLWVN36LWYsBG9Y8ECxJKEXVNQkgl4mz-zi34C-mNHmapGaLcTX2H8tMI4PerM4j5xqtSN5crYwvMrk2-tdsJ9QplpHeIbclZa24_VFRv7ErstPposetuQ-Qf2uO2kI6obZonIvyxwA6bWmHTDFvhPltacgJiT7-e97K4qPnlRNP-wtP130z0E2Jdmh4EckQ&sai=AMfl-YTj7RMVHvp7OhajspI6k1sJ6MT5KQzFHD_znLUOfwCECVrive7IveW4Xgg08jvfdb2CFQmdMJn-VcHXwGUlSmHPxFo1C7SmQ9FqBKKCMPJyeXum-q7--MnPvWGocnOFJw&sig=Cg0ArKJSzGqPmDwboWifEAE&uach_m=[UACH]&urlfix=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 12 Sep 2022 10:16:46 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Mon, 12 Sep 2022 10:16:46 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame F3D0 14 KB
11 KB 62ms
61ms XHR
application/json 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20220907&st=env

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b16a1bc802c7e26f8f8cd62d5bee529edc7289ce8ec71e2d555ed395fe08c000

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 12 Sep 2022 10:16:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11080
x-xss-protection: 0

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame F3D0 17 KB
6 KB 28ms
28ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Mon, 12 Sep 2022 10:16:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 12 Sep 2022 10:16:46 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame A1C9 13 KB
5 KB 14ms
13ms Document
text/html 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.123greetings.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 765
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 12 Sep 2022 10:04:01 GMT
expires: Tue, 12 Sep 2023 10:04:01 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 6642 783 B
538 B 23ms
23ms Document
text/html 2a00:1450:4001:82b::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

496f617fad1a2c002036d7f523deb79540cb38038a05b04d5990fb9464ef7623

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-A47k-Pjx1-6j20UDp3OfXQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.123greetings.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=300
content-encoding: gzip
content-length: 516
content-security-policy: script-src 'report-sample' 'nonce-A47k-Pjx1-6j20UDp3OfXQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Mon, 12 Sep 2022 10:16:46 GMT
expires: Mon, 12 Sep 2022 10:16:46 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 JI0Pcydj_YJwFyiv8pAtPmsHnnPx6gDBxLt0n0XpIm8.js Show response
pagead2.googlesyndication.com/bg/ Frame A1C9 36 KB
16 KB 14ms
13ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/JI0Pcydj_YJwFyiv8pAtPmsHnnPx6gDBxLt0n0XpIm8.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

248d0f732763fd82701728aff2902d3e6b079e73f1ea00c1c4bb749f45e9226f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Mon, 12 Sep 2022 09:46:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1813
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15957
x-xss-protection: 0
last-modified: Mon, 29 Aug 2022 10:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 12 Sep 2023 09:46:33 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame FF14 42 B
64 B 47ms
47ms Fetch
image/gif 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvO5QPWTe2S2UE8MBBQdB596x28_IfDKcUKDyLMtYtHEs8iIAukk9Z1OPxT2zl7uIgPJZofn52Ysl5tq8B6uRo2deA&sig=Cg0ArKJSzM4Hk57WVKS1EAE&id=lidar2&mcvt=1005&p=236,970,486,1270&mtos=1005,1005,1005,1005,1005&tos=1005,0,0,0,0&v=20220907&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=1127719608&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1662977805686&rpt=193&isd=0&lsd=0&met=ie&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://30098436617e6bdbda20c622bf945430.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 12 Sep 2022 10:16:46 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 6642 0
0 48ms
48ms Image
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20220907&jk=3087219198593514&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 52ms
52ms Image
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_2022090601&jk=1375290979530990&bg=!bm2lbSnNAAZTikH4c4o7ACkAdvg8WnvJZzCPUBSRckk-QvO-St63FmsbF4ywAOy5lh2srSfk_R8yVgIAAADKUgAAAAJoAQcKAJeYAgM8Qau2_PGMGI_zpicH1NInbNQDDMl8vvH7rok8QhHUP4qXg2gZn54fKdDJ3N_jcRjA2CL0jU5QLg6kQULTdtj5YYbVBp5DVHMgPnCYkrfXnohTDuiwariY2Gyt7iJyGGkkIqsQ7UViGGdxODGmEzPouUgoILEAGdHrciJvvnuohoDzFKlWhVKI80FOXSCUu5hxKuBqmQLa2ZXonTQFEXZcD6DX63dt_TimxQ8YYjKCKxdp9k0blQwQ-QeIBVSw9vC0IeNQz5u1sadMUEsDsPw1zX9z2IuwW5IiuHdGKz12GQJ1Pf6QstKJZfhl-tUcp9FxdxJRvX0kmfy3aDPO0VuUVzWaP-DgigIxnvStKPURigRFTcl7tGgsWiMkXoePjeHw96uKSVsly5dA8TqMM_0F4-b5ZMXNnoNyXCs7KY_yggSaaR7kgaYByfPsD3vcZ_-msOYg47bAO6tYrBpmzp56mN5AMEEQuhVdqZRqpsC1e7PphjxvoaRucRK7TCw0gB4Vddcdq5aWZYVyG5z7X259IUy76uzHtFU3MJ2pjAVDhAEYWHjJeRTtjIywQpRKfvLM8tknfRyv--YcZFmIh2Gr7Jq-BAT2eQ545AMZ6pb8NH8MEviN3rZ_Y7gJQL8AxSHZiZ0IwVcjxSDhnRBPPremimVPs-gB2lv6_3mAW8YQQmiDIgeTuT5CbYibOJoU0fpwllw7pdF5bIXeCkLAK1wzLshR_5joolayA8PfAMv35lAs_c9l0ocxfKG02w9plWVm9h_n52NseZffpDMEnAJ8idN2RoVH22p3sa0OWnc8cm65rqA1TUpQ-zUif_Cn3IbVk0m_KGUJC1CcByMS-E5EHyHkMuIT1wdmG54CsSi7SqcU153CBrpKdS6iErZXo7u4eLM-TPYUUPYQVRzNG1amOnuobwEPkseSS-EnpH2BaaWH5iH946VDzqVbwJ-KpsVc9__z36b6RuiLnDs-9KWfdvKJcCuuvL6DQrJi4j5O_Xdk73mUk_qWAp8X1j3xx5ZOOtV0SEdamFurv8JU5903F33vqjarqG8O-3C37GMwnZacXMiPCqQPoWApMTVp7vEOx6964Hu0xU1GsT5SH7b6RAaEp2Xr_lxYPsX5EzjkTZp3nSa94FAROIN_eC-xctAhJ5_6ZzJjo1aE_aYgPdpqfg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame A1C9 0
11 B 14ms
14ms Image
text/plain 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?JMHxAQ
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Mon, 12 Sep 2022 10:16:46 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 3820 42 B
64 B 48ms
47ms Fetch
image/gif 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsv8CNQut1ADS0TVBIK-gTB3n9U7NcOPOMwTq_W0I2m7yLnp2EfjTMA6GlCuR-d80evL99SyWvwjUvxohFWwe7S2bHU&sig=Cg0ArKJSzKhREZ7xg3WTEAE&id=lidar2&mcvt=1013&p=518,970,768,1270&mtos=1013,1013,1013,1013,1013&tos=1013,0,0,0,0&v=20220907&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=4293624944&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1662977805689&rpt=241&isd=0&lsd=0&met=ie&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://30098436617e6bdbda20c622bf945430.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 12 Sep 2022 10:16:47 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame FCB1 42 B
64 B 48ms
48ms Fetch
image/gif 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuDK91B9Yzx3MeSfAOiNkfYF3F2wOBFvjSID66w3vOb2GrD3X_LKt6C-juArQN491aDzii-1uuJbuZ_TmRkmFIahpxMrGabeNNm3NE_EoDadTyp8o_K&sig=Cg0ArKJSzH7XOuXFRzLLEAE&id=lidar2&mcvt=1000&p=1172,635,1173,636&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20220907&bin=7&avms=nio&bs=1600,1200&mc=1&vu=1&app=0&itpl=19&adk=4230775942&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1662977805721&rpt=276&isd=0&lsd=0&met=ce&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 12 Sep 2022 10:16:47 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 video-loader2-cr.js Show response
cdn.avantisvideo.com/js/ 115 KB
37 KB 9ms
9ms Script
application/javascript 2600:9000:2490:a00:1c:38a0:8a40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.avantisvideo.com/js/video-loader2-cr.js?id=1c35f5e5-f7c0-4c97-8283-6c9f94ba8c53&tagId=1
Requested by: Host: cdn.avantisvideo.com
URL: https://cdn.avantisvideo.com/js/video-loader2-cr.js?id=1c35f5e5-f7c0-4c97-8283-6c9f94ba8c53&tagId=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2490:a00:1c:38a0:8a40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: b2675f2bc3393449a44784c7815f9c36449024e4397d7f174812c42c6bbaa148

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Sun, 11 Sep 2022 10:35:56 GMT
content-encoding: gzip
last-modified: Wed, 10 Aug 2022 07:12:05 GMT
server: AmazonS3
age: 85252
etag: W/"34fc05e1a66d53097cb2d428812d10e3"
vary: Accept-Encoding
x-cache: Hit from cloudfront
x-amz-version-id: 23HYQ0o2ylfY4CikTtNpDIRIBjFm3stq
via: 1.1 6b85d8725dd6471c3db1f65d4096afc4.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P6
content-type: application/javascript
x-amz-cf-id: XtqaDN2QZeiLdX-7rudxcmhcBd3cdpoRfugpw_hTwtCkqpSxwZRnIg==

GET
H2 200 t Show response
avm.avantisvideo.com/api/v1/tag/1c35f5e5-f7c0-4c97-8283-6c9f94ba8c53/1/desktop/generate/ 3 KB
3 KB 149ms
149ms XHR
text/plain 2600:9000:223e:a00:3:748e:7940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://avm.avantisvideo.com/api/v1/tag/1c35f5e5-f7c0-4c97-8283-6c9f94ba8c53/1/desktop/generate/t?subId=esep_harvestmoonfest_remail&browser=chrome&utm=esep_harvestmoonfest_remail&os=windows&url=https%3A%2F%2Fwww.123greetings.com%2Fevents%2Fharvest_moon_festival%2F%3Futm_source%3Desep_harvestmoonfest_remail&eu=true&country=DE&hour=10&amp=false

Requested by

Host: cdn.avantisvideo.com
URL: https://cdn.avantisvideo.com/js/video-loader2-cr.js?id=1c35f5e5-f7c0-4c97-8283-6c9f94ba8c53&tagId=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223e:a00:3:748e:7940:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

f5cc0170d9bebf7d43aa74b381ff2899cc5a3d3fec051e7f7966451db10f0257

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.123greetings.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type: application/json

Response headers

content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
via: 1.1 a89f27dcb39a061266ddc18ab5416cba.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-permitted-cross-domain-policies: none
x-amz-cf-pop: FRA56-P4
x-dns-prefetch-control: off
x-cache: Miss from cloudfront
vary: Origin
content-length: 2771
x-xss-protection: 0
referrer-policy: no-referrer
x-frame-options: SAMEORIGIN
date: Mon, 12 Sep 2022 10:16:47 GMT
expect-ct: max-age=0
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
content-type: text/plain; charset=utf-8
access-control-allow-origin: https://www.123greetings.com
access-control-allow-credentials: true
x-amz-cf-id: c0xeqvCaktJTZAxVZBspnef8Yw6FLm5RvWjE8bIs1g-YLnDhKpfXqw==

OPTIONS
H2 204 t
avm.avantisvideo.com/api/v1/tag/1c35f5e5-f7c0-4c97-8283-6c9f94ba8c53/1/desktop/generate/ Frame 0
0 147ms
147ms Preflight 2600:9000:223e:a00:3:748e:7940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223e:a00:3:748e:7940:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: GET
Origin: https://www.123greetings.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET,HEAD,PUT,POST,DELETE,PATCH
access-control-allow-origin: https://www.123greetings.com
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
date: Mon, 12 Sep 2022 10:16:47 GMT
expect-ct: max-age=0
referrer-policy: no-referrer
strict-transport-security: max-age=15552000; includeSubDomains
vary: Origin
via: 1.1 a89f27dcb39a061266ddc18ab5416cba.cloudfront.net (CloudFront)
x-amz-cf-id: o6mS1t6Tlbhb_dBsBZSnFker61VSnR_-YwQoJOaRp-8h7Vq5QVhjBA==
x-amz-cf-pop: FRA56-P4
x-cache: Miss from cloudfront
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-xss-protection: 0

POST
H2 204 /
events1.avantisvideo.com/ 0
34 B 162ms
162ms Ping
text/plain 44.224.187.254
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://events1.avantisvideo.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 44.224.187.254 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-224-187-254.us-west-2.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.123greetings.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Mon, 12 Sep 2022 10:16:47 GMT

GET
H2 200 video-loader2.1-cr.js Show response
cdn.avantisvideo.com/js/ 115 KB
37 KB 7ms
7ms Script
application/javascript 2600:9000:2490:a00:1c:38a0:8a40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.avantisvideo.com/js/video-loader2.1-cr.js?id=1c35f5e5-f7c0-4c97-8283-6c9f94ba8c53&tagId=1
Requested by: Host: cdn.avantisvideo.com
URL: https://cdn.avantisvideo.com/js/video-loader2.1-cr.js?id=1c35f5e5-f7c0-4c97-8283-6c9f94ba8c53&tagId=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2490:a00:1c:38a0:8a40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 9f85b446cf7c5640aa90f2663bf232af45a2d4ebd65fcf60a3105f400ea8bdac

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

x-amz-version-id: R3srv_l_.CCJ9VrYZEKFH47S4Xn_qYV0
content-encoding: gzip
last-modified: Mon, 15 Aug 2022 08:52:18 GMT
server: AmazonS3
age: 34293
etag: W/"e47a13a604e4ac4e6ccdc005c9e93287"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 6b85d8725dd6471c3db1f65d4096afc4.cloudfront.net (CloudFront)
date: Mon, 12 Sep 2022 00:45:17 GMT
x-amz-cf-pop: FRA56-P6
x-amz-cf-id: 1jl69LSlZLFfIB8erR0RPRUTOyI-a4mulpUx9wwuA0vhB-MN64nD-w==

POST
H2 200 all
csm.eu.criteo.net/ Frame C6A2 0
127 B 16ms
15ms Ping
text/plain 178.250.0.162
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.162 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Mon, 12 Sep 2022 10:16:46 GMT
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0
strict-transport-security: max-age=31536000; preload;

GET
H2 200 3.071a3bdd9711b74edbd4-video-loader2-cr.js Show response
cdn.avantisvideo.com/js/ 22 KB
8 KB 7ms
7ms Script
application/javascript 2600:9000:2490:a00:1c:38a0:8a40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.avantisvideo.com/js/3.071a3bdd9711b74edbd4-video-loader2-cr.js
Requested by: Host: cdn.avantisvideo.com
URL: https://cdn.avantisvideo.com/js/video-loader2-cr.js?id=1c35f5e5-f7c0-4c97-8283-6c9f94ba8c53&tagId=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2490:a00:1c:38a0:8a40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: df9967e26296ab6659acbbecd377f7933cd3743d50935a5c44c800f90b9c6687

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

x-amz-version-id: vGDGbENE468pAhP.jbDfEWCVTKLZO.Eo
content-encoding: gzip
last-modified: Wed, 10 Aug 2022 07:12:04 GMT
server: AmazonS3
age: 31986
etag: W/"97f2ecd515fcc6a9d26763251ef08b4f"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 6b85d8725dd6471c3db1f65d4096afc4.cloudfront.net (CloudFront)
date: Mon, 12 Sep 2022 01:23:43 GMT
x-amz-cf-pop: FRA56-P6
x-amz-cf-id: anRXuMv8wjuLbvcT0uJ756zi3KmLjV4uHyV5EDDfg1LmzDxszbP4Qg==

GET
H/1.1 200
OK adb.js Show response
play.aniview.com/59918a0e073ef4782e4e347f/5ebd46100b22d93ee56a465f/ 2 B
765 B 118ms
8ms Script
text/javascript 2a02:26f0:3500:592::2c79
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://play.aniview.com/59918a0e073ef4782e4e347f/5ebd46100b22d93ee56a465f/adb.js
Requested by: Host: cdn.avantisvideo.com
URL: https://cdn.avantisvideo.com/js/3.071a3bdd9711b74edbd4-video-loader2-cr.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2a02:26f0:3500:592::2c79 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: UploadServer /
Resource Hash: d8a957038679125d4840554fc43375697e662283121561afdefc2c3fbecaf729

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Unused62: 8096267
Date: Mon, 12 Sep 2022 10:16:47 GMT
X-GUploader-UploadID: ABg5-UyceNYD8FEdWQb3EsKqZxhyLaQsoF5fAeemPciJDGSGGF4ULfrcEwEz_akWP2UPcpXtifCcA1iL2DSxDFRze85Z1ot-ZA
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
Connection: keep-alive
Content-Length: 2
Last-Modified: Thu, 14 May 2020 13:22:36 GMT
Server: UploadServer
ETag: "56f785241d0ed9fe51a8170b9dd50272"
x-goog-hash: crc32c=cz4mSA==
x-goog-generation: 1589462556858294
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Type
Cache-Control: public, max-age=1800
x-goog-stored-content-length: 2
Accept-Ranges: bytes
Content-Type: text/javascript
Expires: Mon, 12 Sep 2022 10:46:47 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame F3D0 0
0 49ms
49ms Image
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20220907&jk=3087219198593514&bg=!fH-lfzvNAAZTikH4c4o7ACkAdvg8WjMaMnHvJzISKBuPkaEW_Pc_dQJdCi0mrp2FmCMawd8ASk8jbwIAAABhUgAAAAJoAQeZAxHUrw9ETDd9AhUWHb9S7iaaNGQpM7HSFrHh7Zqzk6gshBUl94jJxVDEvfUHiQKkd5S5EHUIfL6YIRvPdR6huh0dG8M-eu0P0o-c8bcmy65nKsCCDnjpfmpwM2YSAOc6LCY4ZwtZhf_rgEIVtb448kr5JJcPqQft3D-3h-wM3pK6UlxjCMeCOlzaBAmGPJNJCtAuif0zZTegY05P2B92X8Uwklb_L4237Y5X204uy0UXtDhTay67dTKOxp7R8AHUNT35mKyUkDmf2EXr5H3ruvuVVgLl9UWSA8IhE31NJj4AqB3q5Th5Yy9kDoueQOjrBf45GXIlCW6sSE69EXwjhQyl-Ct2y7PHR5qA5fu3d3Cl8e-LjsfnS0thKmpmh6e-JokbuV7WUMNUBkeqSqW-WH205IGjNZCl_PBW9pA0tDV3WE1rZPAt84LTxdjNZLG5NuB0qF_LbVoa6BANUYUOeAAi_OAx9qsgeobzZ5QnE7j2QQ-HhuJjFvK175azzgFZFwtUul9lDV3PrP60lv0kkSamvmdiWo6drnEvtUfQFi6IydySmfGzgvNSjTr-aUPU1D5VtzdG9mywU905xQGOySLJSGvO6aoiuf_QYnEoUlXODUUrUBdBcpNIJ4E8M3F_zBiUkAe_pdzIFKYAmeiSESDwqy1MTy-fbLjDGH6JFsEdXGq_Rz6BOS18nyMgK17vTzNdLijj2r_AoeQw-1pBkhGoiwuMpMU1II-wKvAgHNb3CoDAm5raugizGXkrBzCDONPoR-zr0uZ62PzqiXWsciiYyqOEu7h9frD79ds89Kbj50wdiAd-_ya3ootL1WtI4F4DeHYD4TEp9e8vfIkNBiB_uXUIBWHoJBJzbK7UREfKGd7Adzl21V8jVCAMLHlZ_ii0zHPR-qxPpexi_QywTR8yDzr3FdNShLQuTs8mFZgxxuPez3MPcs_592AILWNL75FYAyq8hGp13_4CSALFdMbwPaK2_GossnmrzSe4n01lns--C7DKiJMYM0Ae14_KFwJ6uJvW4pZPQHyKXt8VnSHPpQ
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

POST
H2 200 all
csm.eu.criteo.net/ Frame 9088 0
127 B 16ms
16ms Ping
text/plain 178.250.0.162
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.162 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Mon, 12 Sep 2022 10:16:46 GMT
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0
strict-transport-security: max-age=31536000; preload;

GET
H2 200 aniview.js Show response
player.aniview.com/script/6.1/ 28 KB
10 KB 33ms
8ms Script
application/javascript 2a02:26f0:3500:58c::2c79
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://player.aniview.com/script/6.1/aniview.js
Requested by: Host: cdn.avantisvideo.com
URL: https://cdn.avantisvideo.com/js/video-loader2-cr.js?id=1c35f5e5-f7c0-4c97-8283-6c9f94ba8c53&tagId=1
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2a02:26f0:3500:58c::2c79 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: UploadServer /
Resource Hash: b4238fce65430ce1851ded4b19658654d53a08095b6c2a282d0f8f3fe41f60a7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Mon, 12 Sep 2022 10:16:47 GMT
content-encoding: gzip
x-guploader-uploadid: ADPycdsztwbhUA36Jd2wCHk_-piY5DRJyMlfoZSk8meTcfq5457Pc-OyFRcmUQYPTbpKp-Io5eOqXE8B1cH0pRndRNDwkA
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
content-length: 9906
last-modified: Mon, 12 Sep 2022 09:57:57 GMT
server: UploadServer
etag: "da9b60060114b168c1690a1b3bf85a4e"
vary: Accept-Encoding
x-goog-hash: crc32c=YrT6tQ==, md5=2ptgBgEUsWjBaQobO/haTg==
x-goog-generation: 1662976677842937
access-control-allow-origin: *
access-control-expose-headers: Content-Type
cache-control: public, max-age=300
x-goog-stored-content-length: 9906
accept-ranges: bytes
content-type: application/javascript
expires: Mon, 12 Sep 2022 10:21:47 GMT

GET
H2 200 AVmanager.js Show response
player.aniview.com/script/6.1/ Frame 82FB 390 KB
111 KB 8ms
7ms Script
application/javascript 2a02:26f0:3500:58c::2c79
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=5e5bd02728a06124e30d85c3
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/aniview.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2a02:26f0:3500:58c::2c79 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: UploadServer /
Resource Hash: 8d77272e667edbd250940ee04a90ca18c05443eb72775e1b19c9999b57983226

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Mon, 12 Sep 2022 10:16:47 GMT
content-encoding: gzip
x-guploader-uploadid: ADPycdud059-662Wwh96Hq-y0-R82vWi70HRN-4ILH8FmLRaZqqfDXIrceTedsFl5AN_DcgDmLPfE6mcHXr8wkroE6ke0gURpFkk
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
content-length: 112393
last-modified: Mon, 12 Sep 2022 09:57:57 GMT
server: UploadServer
etag: "821f136decc9ce574806359a9e44142a"
vary: Accept-Encoding
x-goog-hash: crc32c=6STPyg==, md5=gh8TbezJzldIBjWankQUKg==
x-goog-generation: 1662976677830731
access-control-allow-origin: *
access-control-expose-headers: Content-Type
cache-control: public, max-age=300
x-goog-stored-content-length: 112393
accept-ranges: bytes
content-type: application/javascript
expires: Mon, 12 Sep 2022 10:21:47 GMT

GET
H2 200 AVmanager.js Show response
player.aniview.com/script/6.1/ Frame 5E39 390 KB
111 KB 15ms
15ms Script
application/javascript 2a02:26f0:3500:58c::2c79
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=5e5bd02728a06124e30d85c3
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/aniview.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2a02:26f0:3500:58c::2c79 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: UploadServer /
Resource Hash: 8d77272e667edbd250940ee04a90ca18c05443eb72775e1b19c9999b57983226

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Mon, 12 Sep 2022 10:16:47 GMT
content-encoding: gzip
x-guploader-uploadid: ADPycdud059-662Wwh96Hq-y0-R82vWi70HRN-4ILH8FmLRaZqqfDXIrceTedsFl5AN_DcgDmLPfE6mcHXr8wkroE6ke0gURpFkk
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
content-length: 112393
last-modified: Mon, 12 Sep 2022 09:57:57 GMT
server: UploadServer
etag: "821f136decc9ce574806359a9e44142a"
vary: Accept-Encoding
x-goog-hash: crc32c=6STPyg==, md5=gh8TbezJzldIBjWankQUKg==
x-goog-generation: 1662976677830731
access-control-allow-origin: *
access-control-expose-headers: Content-Type
cache-control: public, max-age=300
x-goog-stored-content-length: 112393
accept-ranges: bytes
content-type: application/javascript
expires: Mon, 12 Sep 2022 10:21:47 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 9D8B 42 B
64 B 53ms
52ms Fetch
image/gif 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsu5sWGvjgul0RtSp-zsCdCWdL3IvAy0qwfogPL2OTB-r5yNvgj0ifQoKhNHqsl47a8dlQWMRgxKuOpKHJM3OmIU74s&sig=Cg0ArKJSzGct1-_KYMrVEAE&cid=CAASF-Ro4YGMqoRBHPosRJr66gYtGmMeeXeX&id=lidar2&mcvt=1005&p=0,0,90,728&mtos=1005,1005,1005,1005,1005&tos=1005,0,0,0,0&v=20220907&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=4293758812&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1662977806060&rpt=552&met=ie&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 12 Sep 2022 10:16:47 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 track
track1.aniview.com/ 0
70 B 289ms
92ms Image
text/plain 34.233.129.244
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track1.aniview.com/track?r=www.123greetings.com&sn=esep_harvestmoonfest_remail&ic=0&tgt=0&app=&wi=400&he=225&test=&d36=6.2.54&apppkg=&fv=3&proto=https&clsid=a4539e1b-84b7-452a-a2f4-35f94f2a62ec&rando=40&pid=5e5bd02728a06124e30d85c3&cid=5e5bd1f528a0610dd725f7d8&stagid=&stplid=&e=inventory&vi=100&cb=1662977807666
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.233.129.244 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-233-129-244.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Mon, 12 Sep 2022 10:16:47 GMT
cache-control: max-age=0, no-cache, no-store
content-length: 0

GET
H2 200 track
track1.aniview.com/ 0
71 B 275ms
91ms Image
text/plain 34.233.129.244
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track1.aniview.com/track?r=www.123greetings.com&sn=esep_harvestmoonfest_remail&ic=0&tgt=0&app=&wi=600&he=338&test=&d36=6.2.54&apppkg=&fv=3&proto=https&clsid=1430e621-e5ad-4f1a-85a2-e59158cc73b4&rando=62&pid=5e5bd02728a06124e30d85c3&cid=5ec3e3871f5e5c792c20f9f7&stagid=&stplid=&e=inventory&vi=100&cb=1662977807679
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.233.129.244 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-233-129-244.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Mon, 12 Sep 2022 10:16:47 GMT
cache-control: max-age=0, no-cache, no-store
content-length: 0

GET
DATA 200
OK truncated
/ 331 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c9e42e2c7cd3ec42f6febe248c715522b2e5f6bc92b389b101fbd33a069ee7ed

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 740 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7a9054758a4808c97c188f5be469879eef19a2f7cbd9bb0e740cee3199a6c747

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 384 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8030594b4999eca38901464b09383ca988c454a4f7ab6b963be75e6c42da011d

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 782 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5028f77ac0afdac1bb66eaeeef41e77cea0f2487a66cb1df354d8680db1bb64e

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 395 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f0d7d05ef7ae154e283b8c8e462aeb6e9b5bca53225c42743e2028c34828c08a

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 449 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f86a1105ed755e9ae9b75708a5b19d5c478212605b9f8d7c98796b451de18c63

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 577 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d23484cf0f36a73cc699ceffc6da8f0e9ffd6b372dcb615ec942cdc287845505

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 / Show response
go1.aniview.com/api/adserver/tag/ 30 KB
5 KB 426ms
171ms XHR
application/json 44.193.192.96
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://go1.aniview.com/api/adserver/tag/?AV_URL=https%3A%2F%2Fwww.123greetings.com%2Fevents%2Fharvest_moon_festival%2F%3Futm_source&AV_SUBID=esep_harvestmoonfest_remail&AV_SECURED=1&AV_LANGUAGE=en&AV_PUBLISHERID=5e5bd02728a06124e30d85c3&AV_CHANNELID=5e5bd1f528a0610dd725f7d8&tgt=0&AV_CDIM1=&AV_CDIM2=&AV_CDIM3=&AV_ABT=&pce=1&npx=1&AV_DETDOMAIN=www.123greetings.com&AV_DADPOS=3&d36=6.2.54&responsive=1&sver=2&avtoken=807666&omv=1.0.1&clsid=a4539e1b-84b7-452a-a2f4-35f94f2a62ec&rando=40&AV_WIDTH=400&AV_HEIGHT=225&AV_DNT=0&cb=1662977807692&wfc=1
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=5e5bd02728a06124e30d85c3
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 44.193.192.96 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-44-193-192-96.compute-1.amazonaws.com
Software: /
Resource Hash: 9acf8224f0648dc6d6a32a5dfef5c96994c08f2bdf319795890934b82919b07a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Mon, 12 Sep 2022 10:16:48 GMT
content-encoding: gzip
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://www.123greetings.com
cache-control: no-cache
access-control-allow-credentials: true
expires: Wed, 31 Aug 2022 20:30:08 GMT

POST
H2 200 all
csm.eu.criteo.net/ Frame BF58 0
127 B 16ms
16ms Ping
text/plain 178.250.0.162
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.162 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Mon, 12 Sep 2022 10:16:47 GMT
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0
strict-transport-security: max-age=31536000; preload;

GET
H2 200 / Show response
go1.aniview.com/api/adserver/tag/ 33 KB
6 KB 440ms
192ms XHR
application/json 44.193.192.96
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://go1.aniview.com/api/adserver/tag/?AV_URL=https%3A%2F%2Fwww.123greetings.com%2Fevents%2Fharvest_moon_festival%2F%3Futm_source&AV_SUBID=esep_harvestmoonfest_remail&AV_SECURED=1&AV_LANGUAGE=en&AV_PUBLISHERID=5e5bd02728a06124e30d85c3&AV_CHANNELID=5ec3e3871f5e5c792c20f9f7&tgt=0&AV_CDIM1=&AV_CDIM2=&AV_CDIM3=&AV_ABT=&pce=1&npx=1&AV_DETDOMAIN=www.123greetings.com&AV_DADPOS=3&d36=6.2.54&responsive=1&sver=2&avtoken=807679&omv=1.0.1&clsid=1430e621-e5ad-4f1a-85a2-e59158cc73b4&rando=62&AV_WIDTH=600&AV_HEIGHT=338&AV_DNT=0&cb=1662977807699&wfc=1
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=5e5bd02728a06124e30d85c3
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 44.193.192.96 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-44-193-192-96.compute-1.amazonaws.com
Software: /
Resource Hash: c206b5c002a539f2d16b70f014713d889bb0bae0d663007aa62b0ff53f6167a9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Mon, 12 Sep 2022 10:16:48 GMT
content-encoding: gzip
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://www.123greetings.com
cache-control: no-cache
access-control-allow-credentials: true
expires: Wed, 31 Aug 2022 20:30:08 GMT

POST
H2 204 /
events1.avantisvideo.com/ 0
34 B 162ms
162ms Ping
text/plain 44.224.187.254
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://events1.avantisvideo.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 44.224.187.254 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-224-187-254.us-west-2.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.123greetings.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Mon, 12 Sep 2022 10:16:47 GMT

POST
H2 204 /
events1.avantisvideo.com/ 0
34 B 162ms
162ms Ping
text/plain 44.224.187.254
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://events1.avantisvideo.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 44.224.187.254 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-224-187-254.us-west-2.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.123greetings.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Mon, 12 Sep 2022 10:16:47 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame F3D0 42 B
64 B 48ms
47ms Fetch
image/gif 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstpZ5VpwgM9C44i9icVp8D2UOADbv2lFFZLu2QgNkWiI8AXBj7vDhLBwnGC8YMFsj7oskzBwGhT6RbjhqyjXARgM6WvdJkNHqpMOy8qdzy5Ai0ZN-nf&sig=Cg0ArKJSzBlm_I9g3BhkEAE&id=lidar2&mcvt=1000&p=47,560,137,1288&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20220907&bin=7&avms=nio&bs=1600,1200&mc=1&vu=1&app=0&itpl=19&adk=3914305483&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1662977805677&rpt=1080&isd=0&lsd=0&met=ie&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 12 Sep 2022 10:16:47 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

cookiesyncendpoint Show response
sync.aniview.com/ Frame 4BD5
Redirect Chain

https://secure.adnxs.com/getuid?https%3A%2F%2Fsync.aniview.com%2Fcookiesyncendpoint%3Fauid%3D1662977808015-982903183926-007666-012-007170%26biddername%3D55%26key%3D%24UID
https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fsync.aniview.com%252Fcookiesyncendpoint%253Fauid%253D1662977808015-982903183926-007666-012-007170%2526biddername%253D55%2526key%253D%...
https://sync.aniview.com/cookiesyncendpoint?auid=1662977808015-982903183926-007666-012-007170&biddername=55&key=8436787681495434330

0
37 B

310ms
93ms

Document
text/plain

52.204.117.10
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://sync.aniview.com/cookiesyncendpoint?auid=1662977808015-982903183926-007666-012-007170&biddername=55&key=8436787681495434330
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=5e5bd02728a06124e30d85c3
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.204.117.10 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-204-117-10.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.123greetings.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

content-length: 0
date: Mon, 12 Sep 2022 10:16:48 GMT

Redirect headers

AN-X-Request-Uuid: 266ddf3f-894b-4c8d-8a70-07b32d6237cf
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Length: 0
Content-Type: text/html; charset=utf-8
Date: Mon, 12 Sep 2022 10:16:48 GMT
Expires: Sat, 15 Nov 2008 16:00:00 GMT
Location: https://sync.aniview.com/cookiesyncendpoint?auid=1662977808015-982903183926-007666-012-007170&biddername=55&key=8436787681495434330
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Pragma: no-cache
Server: nginx/1.21.3
X-Proxy-Origin: 37.58.58.248; 37.58.58.248; 961.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
X-XSS-Protection: 0

GET
H/1.1 204
No Content pixel
ap.lijit.com/ Frame 2A0F 0
0 54ms
16ms Document
text/plain 216.52.2.48
AS-INAPCDN-OCY

General

Check archive.org

Show headers Download Go to

Full URL: https://ap.lijit.com/pixel?us_privacy=1---&gdpr=1&gdpr_consent=&redir=https%3A%2F%2Fsync.aniview.com%2Fcookiesyncendpoint%3Fauid%3D1662977808015-982903183926-007666-012-007170%26biddername%3D18%26key%3D%24UID
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=5e5bd02728a06124e30d85c3
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.48 , United States, ASN30282 (AS-INAPCDN-OCY, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://www.123greetings.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: X-Requested-With, Content-Type
access-control-allow-methods: GET, POST, DELETE, PUT
access-control-allow-origin: *
date: Mon, 12 Sep 2022 10:16:48 GMT
pod: X-Sovrn-Pod: ad_ap5ams1

GET
H2 204 occ
ups.analytics.yahoo.com/ups/58543/ Frame 9155 0
0 11ms
10ms Document
text/plain 18.156.0.31
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://ups.analytics.yahoo.com/ups/58543/occ?gdpr=1&gdpr_consent=

Requested by

Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=5e5bd02728a06124e30d85c3

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

18.156.0.31 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-156-0-31.eu-central-1.compute.amazonaws.com

Software

ATS/9.1.10.25 /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://www.123greetings.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 0
date: Mon, 12 Sep 2022 10:16:48 GMT
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
server: ATS/9.1.10.25
strict-transport-security: max-age=31536000

GET
H2 204 services
sync.technoratimedia.com/ Frame 6EEC 0
0 398ms
94ms Document
text/plain 150.136.156.92
ORACLE-BMC-31898

General

Check archive.org

Show headers Download Go to

Full URL: https://sync.technoratimedia.com/services?srv=cs&pid=70&uid=1662977808015-982903183926-007666-012-007170&cb=https%3A%2F%2Fsync.aniview.com%2Fcookiesyncendpoint%3Fauid%3D1662977808015-982903183926-007666-012-007170%26biddername%3D3%26key%3D%5BUSER_ID%5D
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=5e5bd02728a06124e30d85c3
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 150.136.156.92 Ashburn, United States, ASN31898 (ORACLE-BMC-31898, US),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Referer: https://www.123greetings.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-methods: POST,GET,HEAD,OPTIONS
access-control-allow-origin: https://www.123greetings.com/
age: 0
date: Mon, 12 Sep 2022 10:16:48 GMT
server: nginx
via: 1.1 varnish
x-varnish: 371557666

GET
H2

200

cookiesyncendpoint Show response
sync.aniview.com/ Frame 0F00
Redirect Chain

https://sync.1rx.io/usersync2/rmpssp?sub=aniview&gdpr=1&gdpr_pd=0&gdpr_consent=&redir=https%3A%2F%2Fsync.aniview.com%2Fcookiesyncendpoint%3Fauid%3D1662977808015-982903183926-007666-012-007170%26bid...
https://sync.aniview.com/cookiesyncendpoint?auid=1662977808015-982903183926-007666-012-007170&biddername=200&key=OPTOUT

0
200 B

346ms
92ms

Document
text/plain

52.204.117.10
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://sync.aniview.com/cookiesyncendpoint?auid=1662977808015-982903183926-007666-012-007170&biddername=200&key=OPTOUT
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=5e5bd02728a06124e30d85c3
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.204.117.10 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-204-117-10.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.123greetings.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

content-length: 0
date: Mon, 12 Sep 2022 10:16:48 GMT

Redirect headers

cache-control: no-store, no-cache, must-revalidate
content-type: text/html
date: Mon, 12 Sep 2022 10:16:48 GMT
etag: OPTOUT
expires: 0
location: https://sync.aniview.com/cookiesyncendpoint?auid=1662977808015-982903183926-007666-012-007170&biddername=200&key=OPTOUT
pragma: no-cache

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame D0C4 15 KB
6 KB 80ms
18ms Document
text/html 184.51.9.34
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=160993&gdpr=1&gdpr_consent=&predirect=https%3A%2F%2Fsync.aniview.com%2Fcookiesyncendpoint%3Fauid%3D1662977808015-982903183926-007666-012-007170%26biddername%3D1%26key%3D
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=5e5bd02728a06124e30d85c3
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 184.51.9.34 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-51-9-34.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: ec24ec80719b83e32448bd568739a6b7c36f96cc746c3003a9d32a1ef4535152

Request headers

Referer: https://www.123greetings.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
cache-control: max-age=71314
content-encoding: gzip
content-length: 5549
content-type: text/html; charset=UTF-8
date: Mon, 12 Sep 2022 10:16:48 GMT
etag: "1300708-3de4-5d6ef246ef4cf"
expires: Tue, 13 Sep 2022 06:05:22 GMT
last-modified: Tue, 01 Feb 2022 06:38:00 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: Apache
vary: Accept-Encoding

GET
H2

200

cookiesyncendpoint Show response
sync.aniview.com/ Frame B429
Redirect Chain

https://csync.loopme.me/?redirect=https%3A%2F%2Fsync.aniview.com%2Fcookiesyncendpoint%3Fauid%3D1662977808015-982903183926-007666-012-007170%26biddername%3D56%26pid%3D59c9148628a0612da3689288%26key%...
https://sync.aniview.com/cookiesyncendpoint?auid=1662977808015-982903183926-007666-012-007170&biddername=56&pid=59c9148628a0612da3689288&key=bc7ea609-08bf-465b-95cc-8197174fb190

0
37 B

345ms
92ms

Document
text/plain

52.204.117.10
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://sync.aniview.com/cookiesyncendpoint?auid=1662977808015-982903183926-007666-012-007170&biddername=56&pid=59c9148628a0612da3689288&key=bc7ea609-08bf-465b-95cc-8197174fb190
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=5e5bd02728a06124e30d85c3
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.204.117.10 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-204-117-10.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.123greetings.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

content-length: 0
date: Mon, 12 Sep 2022 10:16:48 GMT

Redirect headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 7497e3c5083d693f-FRA
content-length: 0
date: Mon, 12 Sep 2022 10:16:48 GMT
location: https://sync.aniview.com/cookiesyncendpoint?auid=1662977808015-982903183926-007666-012-007170&biddername=56&pid=59c9148628a0612da3689288&key=bc7ea609-08bf-465b-95cc-8197174fb190
server: cloudflare

GET
H2 200 cm Show response
u.openx.net/w/1.0/ Frame 0F49 43 B
304 B 61ms
20ms Document
text/html 34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://u.openx.net/w/1.0/cm?id=ec4c2ec9-18b8-454e-98be-3ee1e6bfea65&gdpr=1&gdpr_consent=&r=https%3A%2F%2Fsync.aniview.com%2Fcookiesyncendpoint%3Fauid%3D1662977808015-982903183926-007666-012-007170%26biddername%3D23%26key%3D
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=5e5bd02728a06124e30d85c3
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: e963e7196beb9123059ec3534b042ebcd1ef0a470fa568bfbebfeab2f33c4fda

Request headers

Referer: https://www.123greetings.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=0, no-cache
content-encoding: gzip
content-length: 56
content-type: text/html
date: Mon, 12 Sep 2022 10:16:48 GMT
expires: Mon, 26 Jul 1997 05:00:00 GMT
p3p: CP="CUR ADM OUR NOR STA NID"
pragma: no-cache
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
via: 1.1 google

GET
H2

200

cookiesyncendpoint Show response
sync.aniview.com/ Frame 5FA1
Redirect Chain

https://bh.contextweb.com/bh/rtset?pid=562704&ev=1&us_privacy=${us_privacy}&rurl=https%3A%2F%2Fsync.aniview.com%2Fcookiesyncendpoint%3Fauid%3D1662977808015-982903183926-007666-012-007170%26bidderna...
https://sync.aniview.com/cookiesyncendpoint?auid=1662977808015-982903183926-007666-012-007170&biddername=10&pid=59c9148628a0612da3689288&key=F1fkRcR9vyZs&ev=1&us_privacy=${us_privacy}&pid=562704

0
37 B

91ms
90ms

Document
text/plain

52.204.117.10
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://sync.aniview.com/cookiesyncendpoint?auid=1662977808015-982903183926-007666-012-007170&biddername=10&pid=59c9148628a0612da3689288&key=F1fkRcR9vyZs&ev=1&us_privacy=${us_privacy}&pid=562704
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=5e5bd02728a06124e30d85c3
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.204.117.10 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-204-117-10.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.123greetings.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

content-length: 0
date: Mon, 12 Sep 2022 10:16:48 GMT

Redirect headers

cache-control: private, max-age=0, no-cache, no-store
content-language: de-DE
cw-server: bh-deployment-dd6bdcf45-fn22g
expires: -1
location: https://sync.aniview.com/cookiesyncendpoint?auid=1662977808015-982903183926-007666-012-007170&biddername=10&pid=59c9148628a0612da3689288&key=F1fkRcR9vyZs&ev=1&us_privacy=${us_privacy}&pid=562704
p3p: policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
server: Jetty(9.4.14.v20181114)
strict-transport-security: max-age=15768000

GET
H2 204 /
onetag-sys.com/usync/ Frame 0151 0
0 17ms
17ms Document
text/plain 51.75.86.98
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://onetag-sys.com/usync/?pubId=57e618150c70d90&gdpr=1&gdpr_consent=&us_privacy=1---

Requested by

Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=5e5bd02728a06124e30d85c3

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.75.86.98 Istanbul, Turkey, ASN16276 (OVH, FR),

Reverse DNS

ip98.ip-51-75-86.eu

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://www.123greetings.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-store
strict-transport-security: max-age=15552000

GET
H2 200 avpb7.12.0.js Show response
player.aniview.com/script/6.1/libs/prebid/ Frame 82FB 174 KB
55 KB 9ms
8ms Script
application/javascript 2a02:26f0:3500:58c::2c79
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://player.aniview.com/script/6.1/libs/prebid/avpb7.12.0.js
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=5e5bd02728a06124e30d85c3
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2a02:26f0:3500:58c::2c79 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: UploadServer /
Resource Hash: 02fc09dfabfbab52f8760422f0e2f1d8a5009cfee409e7e03effdc567579f681

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Mon, 12 Sep 2022 10:16:48 GMT
content-encoding: gzip
x-guploader-uploadid: ADPycduVCmMqF-N3GmJqOF0kTIEzwCH58QDLvGGbpTSM9axBMTpCSTzqMLp9-lagT_KE3eTXYnjEqLGlV28XQ7nq5Di5jd5O_egd
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
content-length: 55752
last-modified: Mon, 12 Sep 2022 09:57:58 GMT
server: UploadServer
etag: "90f51fa2d1aa98d0551ea61d932b3758"
vary: Accept-Encoding
x-goog-hash: crc32c=gR1vIw==, md5=kPUfotGqmNBVHqYdkys3WA==
x-goog-generation: 1662976678380982
access-control-allow-origin: *
access-control-expose-headers: Content-Type
cache-control: public, max-age=300
x-goog-stored-content-length: 55752
accept-ranges: bytes
content-type: application/javascript
expires: Mon, 12 Sep 2022 10:21:48 GMT

GET
H2 200 avpb7.12.0a0.js Show response
player.aniview.com/script/6.1/libs/prebid/ Frame 82FB 70 KB
24 KB 12ms
11ms Script
application/javascript 2a02:26f0:3500:58c::2c79
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://player.aniview.com/script/6.1/libs/prebid/avpb7.12.0a0.js
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=5e5bd02728a06124e30d85c3
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2a02:26f0:3500:58c::2c79 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: UploadServer /
Resource Hash: 88512810d8338e837273ffd5f6e896fac568468af72ad38192cd16b0b5408f52

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Mon, 12 Sep 2022 10:16:48 GMT
content-encoding: gzip
x-guploader-uploadid: ADPycdv6ZOpez1Apo-L1r3yDhbiPZokTWvR6LsUGSX2vQNnHwn3zS_ecqwM6SRvdWGgRzzMxJ-FV9buhwJZxAq-f6GPamg
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
content-length: 23786
last-modified: Mon, 12 Sep 2022 09:57:58 GMT
server: UploadServer
etag: "0c5d0d53596c4b1a998570b05c2d57e9"
vary: Accept-Encoding
x-goog-hash: crc32c=03j/JQ==, md5=DF0NU1lsSxqZhXCwXC1X6Q==
x-goog-generation: 1662976678581293
access-control-allow-origin: *
access-control-expose-headers: Content-Type
cache-control: public, max-age=300
x-goog-stored-content-length: 23786
accept-ranges: bytes
content-type: application/javascript
expires: Mon, 12 Sep 2022 10:21:48 GMT

GET
H2 200 avpb7.12.0a1.js Show response
player.aniview.com/script/6.1/libs/prebid/ Frame 82FB 62 KB
21 KB 12ms
11ms Script
application/javascript 2a02:26f0:3500:58c::2c79
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://player.aniview.com/script/6.1/libs/prebid/avpb7.12.0a1.js
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=5e5bd02728a06124e30d85c3
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2a02:26f0:3500:58c::2c79 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: UploadServer /
Resource Hash: 255eef079d3f18e253c2b3288b4ed0d621b1266c2845679b66af9db6d8faea2e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Mon, 12 Sep 2022 10:16:48 GMT
content-encoding: gzip
x-guploader-uploadid: ADPycdvDHiaqKEqA5HfkLC4MLZAzjRnKZP1NFutXAq4OaJOIYkqZ9SxIzrfvFEGdda00_SVKAtZ51KqlVbvt3rTyK8SAEZ0g9YcA
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
content-length: 20450
last-modified: Mon, 12 Sep 2022 09:57:58 GMT
server: UploadServer
etag: "2825d70ab2819e8897bb9086bbbc28dd"
vary: Accept-Encoding
x-goog-hash: crc32c=pVFUbQ==, md5=KCXXCrKBnoiXu5CGu7wo3Q==
x-goog-generation: 1662976678583381
access-control-allow-origin: *
access-control-expose-headers: Content-Type
cache-control: public, max-age=300
x-goog-stored-content-length: 20450
accept-ranges: bytes
content-type: application/javascript
expires: Mon, 12 Sep 2022 10:21:48 GMT

GET
H2 200 avpb7.12.0a3.js Show response
player.aniview.com/script/6.1/libs/prebid/ Frame 82FB 62 KB
20 KB 13ms
13ms Script
application/javascript 2a02:26f0:3500:58c::2c79
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://player.aniview.com/script/6.1/libs/prebid/avpb7.12.0a3.js
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=5e5bd02728a06124e30d85c3
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2a02:26f0:3500:58c::2c79 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: UploadServer /
Resource Hash: 0688c689d53abf96083b536daceff19a6e0d73b041089128cdd65e01b4f93aa7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Mon, 12 Sep 2022 10:16:48 GMT
content-encoding: gzip
x-guploader-uploadid: ADPycduWBv99_b_Z4RiX3SZMXvhc-E_v8PbDynV4SM5Z_PcvI6xq5KeMZlgymjL6A8xpo7_2ro2fz4EUBLl9sN9LLqJZNA
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
content-length: 19946
last-modified: Mon, 12 Sep 2022 09:57:58 GMT
server: UploadServer
etag: "79f07f5c1ed5884058785107838f55a3"
vary: Accept-Encoding
x-goog-hash: crc32c=7iO2pA==, md5=efB/XB7ViEBYeFEHg49Vow==
x-goog-generation: 1662976678607507
access-control-allow-origin: *
access-control-expose-headers: Content-Type
cache-control: public, max-age=300
x-goog-stored-content-length: 19946
accept-ranges: bytes
content-type: application/javascript
expires: Mon, 12 Sep 2022 10:21:48 GMT

GET
H2 200 adServe.do Show response
web.ssp.yahoo.com/admax/ 240 B
276 B 225ms
84ms Fetch
text/xml 35.157.246.167
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://web.ssp.yahoo.com/admax/adServe.do?dcn=8a969558018080038b3c07fe379f0081&pos=8a969558018080038b3c07ff3c3d0083&secure=1&euconsent=&gdpr=1&us_privacy=1---&d(id24)=&ht=225&wd=400&reserve=4.8&req(url)=123greetings.com&schain=1.0,1!avantisvideo.com,8079,1,,,!aniview.com,59918a0e073ef4782e4e347f,1,,,&cbb=2977808135&imp_id=1697bb1e-2432-4c24-9c38-8359f2f8f527
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=5e5bd02728a06124e30d85c3
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 35.157.246.167 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-157-246-167.eu-central-1.compute.amazonaws.com
Software: ATS/9.1.10.25 /
Resource Hash: 1dbfeb07cd50a1857b9576b5415f8a4c6ef010279666f39448fa0aa125d433b7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 12 Sep 2022 10:16:48 GMT
server: ATS/9.1.10.25
age: 0
access-control-allow-methods: GET,POST
content-type: text/xml;charset=utf-8
access-control-allow-origin: https://www.123greetings.com
access-control-expose-headers: X-Nexage-AdTid
cache-control: no-store, no-cache, must-revalidate, max-age=0, no-transform, post-check=0, pre-check=0
access-control-allow-credentials: true
content-length: 240
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK ptv Show response
ib.adnxs.com/ 85 B
1 KB 156ms
94ms Fetch
application/xml 185.89.210.180
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ptv?id=19012622&referrer=https%3A%2F%2Fwww.123greetings.com%2Fevents%2Fharvest_moon_festival%2F%3Futm_source&us_privacy=1---&cbb=2977808138&imp_id=1697bb1e-2432-4c24-9c38-8359f2f8f527

Requested by

Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=5e5bd02728a06124e30d85c3

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.89.210.180 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

958.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

b2effcb18f514a7896e737bdda537f2ef3b5bb989eb247f4ab2aa3facf1148ea

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 12 Sep 2022 10:16:48 GMT
X-Proxy-Origin: 37.58.58.248; 37.58.58.248; 958.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
AN-X-Request-Uuid: 3ecff199-c06f-4117-baf7-3f2c9e0e81c8
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.123greetings.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/xml; charset=utf-8
Content-Length: 85
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 track
track1.aniview.com/ 0
70 B 92ms
91ms Image
text/plain 34.233.129.244
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track1.aniview.com/track?d=Chrome&cou=DE&cos=Windows&r=www.123greetings.com&rs=www.123greetings.com&sid=19541&t=1662977808&cip=37.58.58.248&sn=esep_harvestmoonfest_remail&tgt=0&osv=10&bv=105.0&brn=Chrome&wi=400&he=225&app=&AV_PUBLISHERID=5e5bd02728a06124e30d85c3&test=&aafaid=&proto=https&uid=1662977808015-982903183926-007666-012-007170&cha=0.7&stagid=&stplid=&d35=&d36=6.2.54&cb=15477655411&d39=&d65=&apppkg=&d9=1000&AV_WIDTH=400&AV_HEIGHT=225&&ppid=5e5bd02728a06124e30d85c3&nid=59918a0e073ef4782e4e347f&pcid=5e5bd1f528a0610dd725f7d8&ncid=5e8b3e740cd6ad6132403f66&pasid=5e8b42ae145a8138e61d4a85&e=request&cb=1662977808139&asid=6102687900a33569ec0d3097%2C60e594da4123720f2e250d24%2C628b7da850e97943a83f7d3b%2C626a7b5c1576bc4c20574e49%2C62d3f4e0d8665b0ec66c9327%2C62b86e392f65d47a516f6f3b%2C5e9030afdc817965520eb855%2C626a7b7bc98a5f17f9370c17%2C6114f48c04b3691b08691b7c%2C6114f476dd0eb2621e735342&ofpr=%2C%2C1.3%2C0.35%2C0.3%2C0.2%2C%2C0.15%2C0.13%2C0.12&fpo=%2C%2C%2C%2C%2C%2C%2C%2C%2C
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.233.129.244 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-233-129-244.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Mon, 12 Sep 2022 10:16:48 GMT
cache-control: max-age=0, no-cache, no-store
content-length: 0

GET
H2 200 track
track1.aniview.com/ 0
70 B 92ms
91ms Image
text/plain 34.233.129.244
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track1.aniview.com/track?d=Chrome&cou=DE&cos=Windows&r=www.123greetings.com&rs=www.123greetings.com&sid=19541&t=1662977808&cip=37.58.58.248&sn=esep_harvestmoonfest_remail&tgt=0&osv=10&bv=105.0&brn=Chrome&wi=400&he=225&app=&AV_PUBLISHERID=5e5bd02728a06124e30d85c3&test=&aafaid=&proto=https&uid=1662977808015-982903183926-007666-012-007170&cha=0.7&stagid=&stplid=&d35=&d36=6.2.54&cb=15477655411&d39=&d65=&apppkg=&d9=1000&AV_WIDTH=400&AV_HEIGHT=225&&copid=59918a0e073ef4782e4e347f&nid=59c9148628a0612da3689288&cocid=5e8b3e740cd6ad6132403f66&ncid=6252cd490f4ad400b27f24ae&coasid=628cec03ef40666330025114&e=request&cb=1662977808139&asid=62b1a8beecf705053613baa5%2C6250243f0f4db040a1785fc9%2C62a704a4e22df13bef59f407%2C6252bf57e35a4e32222ec526&ofpr=%2C5%2C%2C4&fpo=%2C%2C%2C
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.233.129.244 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-233-129-244.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Mon, 12 Sep 2022 10:16:48 GMT
cache-control: max-age=0, no-cache, no-store
content-length: 0

GET
H2 200 avpb7.12.0.js Show response
player.aniview.com/script/6.1/libs/prebid/ Frame 5E39 174 KB
55 KB 11ms
8ms Script
application/javascript 2a02:26f0:3500:58c::2c79
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://player.aniview.com/script/6.1/libs/prebid/avpb7.12.0.js
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=5e5bd02728a06124e30d85c3
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2a02:26f0:3500:58c::2c79 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: UploadServer /
Resource Hash: 02fc09dfabfbab52f8760422f0e2f1d8a5009cfee409e7e03effdc567579f681

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Mon, 12 Sep 2022 10:16:48 GMT
content-encoding: gzip
x-guploader-uploadid: ADPycduVCmMqF-N3GmJqOF0kTIEzwCH58QDLvGGbpTSM9axBMTpCSTzqMLp9-lagT_KE3eTXYnjEqLGlV28XQ7nq5Di5jd5O_egd
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
content-length: 55752
last-modified: Mon, 12 Sep 2022 09:57:58 GMT
server: UploadServer
etag: "90f51fa2d1aa98d0551ea61d932b3758"
vary: Accept-Encoding
x-goog-hash: crc32c=gR1vIw==, md5=kPUfotGqmNBVHqYdkys3WA==
x-goog-generation: 1662976678380982
access-control-allow-origin: *
access-control-expose-headers: Content-Type
cache-control: public, max-age=300
x-goog-stored-content-length: 55752
accept-ranges: bytes
content-type: application/javascript
expires: Mon, 12 Sep 2022 10:21:48 GMT

GET
H2 200 avpb7.12.0a0.js Show response
player.aniview.com/script/6.1/libs/prebid/ Frame 5E39 70 KB
24 KB 12ms
9ms Script
application/javascript 2a02:26f0:3500:58c::2c79
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://player.aniview.com/script/6.1/libs/prebid/avpb7.12.0a0.js
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=5e5bd02728a06124e30d85c3
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2a02:26f0:3500:58c::2c79 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: UploadServer /
Resource Hash: 88512810d8338e837273ffd5f6e896fac568468af72ad38192cd16b0b5408f52

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Mon, 12 Sep 2022 10:16:48 GMT
content-encoding: gzip
x-guploader-uploadid: ADPycdv6ZOpez1Apo-L1r3yDhbiPZokTWvR6LsUGSX2vQNnHwn3zS_ecqwM6SRvdWGgRzzMxJ-FV9buhwJZxAq-f6GPamg
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
content-length: 23786
last-modified: Mon, 12 Sep 2022 09:57:58 GMT
server: UploadServer
etag: "0c5d0d53596c4b1a998570b05c2d57e9"
vary: Accept-Encoding
x-goog-hash: crc32c=03j/JQ==, md5=DF0NU1lsSxqZhXCwXC1X6Q==
x-goog-generation: 1662976678581293
access-control-allow-origin: *
access-control-expose-headers: Content-Type
cache-control: public, max-age=300
x-goog-stored-content-length: 23786
accept-ranges: bytes
content-type: application/javascript
expires: Mon, 12 Sep 2022 10:21:48 GMT

GET
H2 200 avpb7.12.0a1.js Show response
player.aniview.com/script/6.1/libs/prebid/ Frame 5E39 62 KB
21 KB 13ms
10ms Script
application/javascript 2a02:26f0:3500:58c::2c79
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://player.aniview.com/script/6.1/libs/prebid/avpb7.12.0a1.js
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=5e5bd02728a06124e30d85c3
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2a02:26f0:3500:58c::2c79 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: UploadServer /
Resource Hash: 255eef079d3f18e253c2b3288b4ed0d621b1266c2845679b66af9db6d8faea2e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Mon, 12 Sep 2022 10:16:48 GMT
content-encoding: gzip
x-guploader-uploadid: ADPycdvDHiaqKEqA5HfkLC4MLZAzjRnKZP1NFutXAq4OaJOIYkqZ9SxIzrfvFEGdda00_SVKAtZ51KqlVbvt3rTyK8SAEZ0g9YcA
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
content-length: 20450
last-modified: Mon, 12 Sep 2022 09:57:58 GMT
server: UploadServer
etag: "2825d70ab2819e8897bb9086bbbc28dd"
vary: Accept-Encoding
x-goog-hash: crc32c=pVFUbQ==, md5=KCXXCrKBnoiXu5CGu7wo3Q==
x-goog-generation: 1662976678583381
access-control-allow-origin: *
access-control-expose-headers: Content-Type
cache-control: public, max-age=300
x-goog-stored-content-length: 20450
accept-ranges: bytes
content-type: application/javascript
expires: Mon, 12 Sep 2022 10:21:48 GMT

GET
H2 200 avpb7.12.0a3.js Show response
player.aniview.com/script/6.1/libs/prebid/ Frame 5E39 62 KB
20 KB 17ms
14ms Script
application/javascript 2a02:26f0:3500:58c::2c79
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://player.aniview.com/script/6.1/libs/prebid/avpb7.12.0a3.js
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=5e5bd02728a06124e30d85c3
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2a02:26f0:3500:58c::2c79 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: UploadServer /
Resource Hash: 0688c689d53abf96083b536daceff19a6e0d73b041089128cdd65e01b4f93aa7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Mon, 12 Sep 2022 10:16:48 GMT
content-encoding: gzip
x-guploader-uploadid: ADPycduWBv99_b_Z4RiX3SZMXvhc-E_v8PbDynV4SM5Z_PcvI6xq5KeMZlgymjL6A8xpo7_2ro2fz4EUBLl9sN9LLqJZNA
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
content-length: 19946
last-modified: Mon, 12 Sep 2022 09:57:58 GMT
server: UploadServer
etag: "79f07f5c1ed5884058785107838f55a3"
vary: Accept-Encoding
x-goog-hash: crc32c=7iO2pA==, md5=efB/XB7ViEBYeFEHg49Vow==
x-goog-generation: 1662976678607507
access-control-allow-origin: *
access-control-expose-headers: Content-Type
cache-control: public, max-age=300
x-goog-stored-content-length: 19946
accept-ranges: bytes
content-type: application/javascript
expires: Mon, 12 Sep 2022 10:21:48 GMT

GET
H2 200 adServe.do Show response
web.ssp.yahoo.com/admax/ 240 B
546 B 207ms
76ms Fetch
text/xml 35.157.246.167
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://web.ssp.yahoo.com/admax/adServe.do?dcn=8a969558018080038b3c07fe379f0081&pos=8a969558018080038b3c07ff3c3d0083&secure=1&euconsent=&gdpr=1&us_privacy=1---&d(id24)=&ht=338&wd=600&reserve=4.8&req(url)=123greetings.com&schain=1.0,1!avantisvideo.com,8079,1,,,!aniview.com,59918a0e073ef4782e4e347f,1,,,&cbb=2977808150&imp_id=86a122ca-64ec-4ebd-9041-2a17b269f59c
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=5e5bd02728a06124e30d85c3
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 35.157.246.167 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-157-246-167.eu-central-1.compute.amazonaws.com
Software: ATS/9.1.10.25 /
Resource Hash: 1dbfeb07cd50a1857b9576b5415f8a4c6ef010279666f39448fa0aa125d433b7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 12 Sep 2022 10:16:48 GMT
server: ATS/9.1.10.25
age: 0
access-control-allow-methods: GET,POST
content-type: text/xml;charset=utf-8
access-control-allow-origin: https://www.123greetings.com
access-control-expose-headers: X-Nexage-AdTid
cache-control: no-store, no-cache, must-revalidate, max-age=0, no-transform, post-check=0, pre-check=0
access-control-allow-credentials: true
content-length: 240
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK ptv Show response
ib.adnxs.com/ 85 B
1 KB 169ms
118ms Fetch
application/xml 185.89.210.180
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=5e5bd02728a06124e30d85c3

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.89.210.180 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

958.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

b2effcb18f514a7896e737bdda537f2ef3b5bb989eb247f4ab2aa3facf1148ea

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 12 Sep 2022 10:16:48 GMT
X-Proxy-Origin: 37.58.58.248; 37.58.58.248; 958.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
AN-X-Request-Uuid: ec334025-da7f-453e-8e49-2fdbbb075339
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.123greetings.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/xml; charset=utf-8
Content-Length: 85
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 track
track1.aniview.com/ 0
70 B 93ms
92ms Image
text/plain 34.233.129.244
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track1.aniview.com/track?d=Chrome&cou=DE&cos=Windows&r=www.123greetings.com&rs=www.123greetings.com&sid=82179&t=1662977807&cip=37.58.58.248&sn=esep_harvestmoonfest_remail&tgt=0&osv=10&bv=105.0&brn=Chrome&wi=600&he=338&app=&AV_PUBLISHERID=5e5bd02728a06124e30d85c3&test=&aafaid=&proto=https&uid=1662977807998-920457583926-008342-007-006858&cha=0.7&stagid=&stplid=&d35=&d36=6.2.54&cb=87434007283&d39=&d65=&apppkg=&d9=1000&AV_WIDTH=600&AV_HEIGHT=338&&ppid=5e5bd02728a06124e30d85c3&nid=59918a0e073ef4782e4e347f&pcid=5ec3e3871f5e5c792c20f9f7&ncid=5e8b3e740cd6ad6132403f66&pasid=5e8b42ae145a8138e61d4a85&e=request&cb=1662977808152&asid=6102687900a33569ec0d3097%2C60e594da4123720f2e250d24%2C628b7da850e97943a83f7d3b%2C626a7b5c1576bc4c20574e49%2C62d3f4e0d8665b0ec66c9327%2C62b86e392f65d47a516f6f3b%2C5e9030afdc817965520eb855%2C626a7b7bc98a5f17f9370c17%2C6114f48c04b3691b08691b7c%2C6114f476dd0eb2621e735342&ofpr=%2C%2C1.3%2C0.35%2C0.3%2C0.2%2C%2C0.15%2C0.13%2C0.12&fpo=%2C%2C%2C%2C%2C%2C%2C%2C%2C
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.233.129.244 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-233-129-244.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Mon, 12 Sep 2022 10:16:48 GMT
cache-control: max-age=0, no-cache, no-store
content-length: 0

GET
H2 200 track
track1.aniview.com/ 0
70 B 92ms
92ms Image
text/plain 34.233.129.244
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track1.aniview.com/track?d=Chrome&cou=DE&cos=Windows&r=www.123greetings.com&rs=www.123greetings.com&sid=82179&t=1662977807&cip=37.58.58.248&sn=esep_harvestmoonfest_remail&tgt=0&osv=10&bv=105.0&brn=Chrome&wi=600&he=338&app=&AV_PUBLISHERID=5e5bd02728a06124e30d85c3&test=&aafaid=&proto=https&uid=1662977807998-920457583926-008342-007-006858&cha=0.7&stagid=&stplid=&d35=&d36=6.2.54&cb=87434007283&d39=&d65=&apppkg=&d9=1000&AV_WIDTH=600&AV_HEIGHT=338&&copid=59918a0e073ef4782e4e347f&nid=59c9148628a0612da3689288&cocid=5e8b3e740cd6ad6132403f66&ncid=6252cd490f4ad400b27f24ae&coasid=628cec03ef40666330025114&e=request&cb=1662977808152&asid=62b1a8beecf705053613baa5%2C6250243f0f4db040a1785fc9%2C62a704a4e22df13bef59f407%2C6252bf57e35a4e32222ec526%2C628e3b5996c9f44c030284f5&ofpr=%2C5%2C%2C4%2C3&fpo=%2C%2C%2C%2C
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.233.129.244 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-233-129-244.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Mon, 12 Sep 2022 10:16:48 GMT
cache-control: max-age=0, no-cache, no-store
content-length: 0

OPTIONS
H2 200 PBJS
c2shb.pubgw.yahoo.com/admax/bid/partners/ Frame 0
0 252ms
9ms Preflight 35.157.246.167
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c2shb.pubgw.yahoo.com/admax/bid/partners/PBJS
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 35.157.246.167 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-157-246-167.eu-central-1.compute.amazonaws.com
Software: ATS/9.1.10.25 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,x-openrtb-version
Access-Control-Request-Method: POST
Origin: https://www.123greetings.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: X-Requested-With,Content-Type,X-Openrtb-Version
access-control-allow-methods: GET,POST,OPTIONS
access-control-allow-origin: https://www.123greetings.com
access-control-max-age: 600
age: 0
content-length: 0
date: Mon, 12 Sep 2022 10:16:48 GMT
server: ATS/9.1.10.25

POST
H2 200 auction Show response
prebid-server.rubiconproject.com/openrtb2/ 186 B
412 B 102ms
10ms XHR
application/json 18.184.57.192
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-server.rubiconproject.com/openrtb2/auction
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/libs/prebid/avpb7.12.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.184.57.192 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-184-57-192.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: fb8bcc874cb007969773d5310bbe7da7eb6a80a931e03f3cc50d7e8c10d25d6c

Request headers

Referer: https://www.123greetings.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 12 Sep 2022 10:16:48 GMT
content-encoding: gzip
x-prebid: pbs-java/1.97.0
content-type: application/json
access-control-allow-origin: https://www.123greetings.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-length: 174
expires: 0

POST
H2 200 auction Show response
prebid-server.rubiconproject.com/openrtb2/ 184 B
410 B 109ms
17ms XHR
application/json 18.184.57.192
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-server.rubiconproject.com/openrtb2/auction
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/libs/prebid/avpb7.12.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.184.57.192 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-184-57-192.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: c6860dc125931854bcdb6b2a96547339f191aa133e3425358e0010e36c0b9a8c

Request headers

Referer: https://www.123greetings.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 12 Sep 2022 10:16:48 GMT
content-encoding: gzip
x-prebid: pbs-java/1.97.0
content-type: application/json
access-control-allow-origin: https://www.123greetings.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-length: 173
expires: 0

POST
H2 200 prebid-request Show response
onetag-sys.com/ 15 B
367 B 15ms
15ms XHR
application/json 51.75.86.98
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://onetag-sys.com/prebid-request

Requested by

Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/libs/prebid/avpb7.12.0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.75.86.98 Istanbul, Turkey, ASN16276 (OVH, FR),

Reverse DNS

ip98.ip-51-75-86.eu

Software

Resource Hash

663dab1310a7e64c3bdd7dfdc81b7fc9a28884d4ee290b96077c7b32bbe84707

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://www.123greetings.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type: text/plain

Response headers

strict-transport-security: max-age=15552000
content-encoding: gzip
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'
access-control-allow-origin: https://www.123greetings.com
cache-control: no-transform, no-cache
access-control-allow-credentials: true
content-type: application/json
access-control-allow-headers: content-type, origin, referer, user-agent
content-length: 41

POST
H2 204 PBJS Show response
c2shb.pubgw.yahoo.com/admax/bid/partners/ 0
19 B 102ms
101ms XHR
text/plain 35.157.246.167
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c2shb.pubgw.yahoo.com/admax/bid/partners/PBJS
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/libs/prebid/avpb7.12.0.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 35.157.246.167 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-157-246-167.eu-central-1.compute.amazonaws.com
Software: ATS/9.1.10.25 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.123greetings.com/
x-openrtb-version: 2.5
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type: application/json

Response headers

access-control-allow-origin: https://www.123greetings.com
date: Mon, 12 Sep 2022 10:16:48 GMT
access-control-allow-credentials: true
server: ATS/9.1.10.25
age: 0
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods: POST,GET,HEAD,OPTIONS

POST
H2 200 auction Show response
prebid-server.rubiconproject.com/openrtb2/ 186 B
413 B 106ms
16ms XHR
application/json 18.184.57.192
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-server.rubiconproject.com/openrtb2/auction
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/libs/prebid/avpb7.12.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.184.57.192 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-184-57-192.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 2a783e469e289346db2725c57aa0727c67ab136484b5bb424fd6b0c6ea70b57c

Request headers

Referer: https://www.123greetings.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 12 Sep 2022 10:16:48 GMT
content-encoding: gzip
x-prebid: pbs-java/1.97.0
content-type: application/json
access-control-allow-origin: https://www.123greetings.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-length: 176
expires: 0

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ 0
119 B 247ms
16ms XHR
text/plain 198.47.127.22
GTT-BACKBONE GTT

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/libs/prebid/avpb7.12.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 198.47.127.22 , United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.123greetings.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://www.123greetings.com
date: Mon, 12 Sep 2022 10:16:48 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 145 B
1 KB 110ms
83ms XHR
application/json 185.89.210.180
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/libs/prebid/avpb7.12.0.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.89.210.180 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

958.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

61c218c6f925c1eaea0f15d934e4365074e936f20af5c09e430188d65b6b2da3

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.123greetings.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Mon, 12 Sep 2022 10:16:48 GMT
X-Proxy-Origin: 37.58.58.248; 37.58.58.248; 958.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
AN-X-Request-Uuid: 9e56dacd-184e-4e7d-a3f1-c8f4b00522cb
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.123greetings.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 145
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 tag Show response
p4dt2-ha1hf.ads.tremorhub.com/ad/ 55 B
411 B 501ms
205ms XHR
application/json 2600:1f18:612b:4216:dd36:6ff:8a37:a38f
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://p4dt2-ha1hf.ads.tremorhub.com/ad/tag?adCode=p4dt2-3dhcf&playerWidth=400&playerHeight=225&srcPageUrl=https%3A%2F%2Fwww.123greetings.com%2Fevents%2Fharvest_moon_festival%2F%3Futm_source%3Desep_harvestmoonfest_remail&supplyCode=p4dt2-ha1hf&mediaId=VideoId&schain=1.0,1!avantisvideo.com,8079,1,,,!spotim.market,isp_avantis,1,,,&transactionId=a42c37e6-6458-404c-b8e9-21a32df46fd3&floor=USD:0.2&referrer=https%3A%2F%2Fwww.123greetings.com%2Fevents%2Fharvest_moon_festival%2F%3Futm_source&hb=1&fmt=json
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/libs/prebid/avpb7.12.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:612b:4216:dd36:6ff:8a37:a38f Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: Apache-Coyote/1.1 /
Resource Hash: 700f98969c4fbde7a1dbebe9e1777a22e226a42965d8c34f1980a7b85a5541b2

Request headers

Referer: https://www.123greetings.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 12 Sep 2022 10:16:48 GMT
content-encoding: gzip
server: Apache-Coyote/1.1
vary: accept-encoding
p3p: CP='This is not a P3P policy. See https://telaria.com/privacy-policy/'
access-control-allow-origin: https://www.123greetings.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-tremorvideo-status: NO_AD
content-type: application/json;charset=UTF-8

GET
H2 200 pbjs Show response
htlb.casalemedia.com/openrtb/ 37 B
572 B 87ms
57ms XHR
application/json 104.18.19.126
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://htlb.casalemedia.com/openrtb/pbjs?s=512884&v=8.1&ac=j&sd=1&nf=1&r=%7B%22id%22%3A%22172ac048527bd02%22%2C%22site%22%3A%7B%22ref%22%3A%22https%3A%2F%2Fwww.123greetings.com%2Fevents%2Fharvest_moon_festival%2F%3Futm_source%3Desep_harvestmoonfest_remail%22%2C%22page%22%3A%22https%3A%2F%2Fwww.123greetings.com%2Fevents%2Fharvest_moon_festival%2F%3Futm_source%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%2C%22ixdiag%22%3A%7B%22msd%22%3A0%2C%22msi%22%3A0%2C%22mfu%22%3A0%2C%22bu%22%3A0%2C%22iu%22%3A0%2C%22nu%22%3A0%2C%22ou%22%3A1%2C%22allu%22%3A1%2C%22ren%22%3Atrue%2C%22version%22%3A%227.12.0%22%2C%22userIds%22%3A%5B%5D%2C%22url%22%3A%22https%3A%2F%2Fwww.123greetings.com%2Fevents%2Fharvest_moon_festival%2F%22%2C%22tmax%22%3A8000%2C%22syncsPerBidder%22%3A5%2C%22adunitcode%22%3A%225e8b42ae145a8138e61d4a85%7C6114f476dd0eb2621e735342%22%7D%7D%2C%22imp%22%3A%5B%7B%22id%22%3A%2218fee5fe1a9e95a%22%2C%22ext%22%3A%7B%22siteID%22%3A%22512884%22%2C%22tid%22%3A%2242b053f8-7e08-4223-94b8-6a2d4121295c%22%2C%22fl%22%3A%22p%22%7D%2C%22video%22%3A%7B%22mimes%22%3A%5B%22video%2Fmp4%22%2C%22video%2Fwebm%22%2C%22application%2Fjavascript%22%5D%2C%22minduration%22%3A1%2C%22maxduration%22%3A60%2C%22api%22%3A%5B2%5D%2C%22protocols%22%3A%5B2%2C3%2C5%2C6%5D%2C%22playerSize%22%3A%5B%5B400%2C225%5D%5D%2C%22w%22%3A400%2C%22h%22%3A225%2C%22placement%22%3A4%7D%2C%22bidfloor%22%3A0.12%2C%22bidfloorcur%22%3A%22USD%22%7D%5D%2C%22at%22%3A1%2C%22source%22%3A%7B%22ext%22%3A%7B%22schain%22%3A%7B%22nodes%22%3A%5B%7B%22hp%22%3A1%2C%22asi%22%3A%22avantisvideo.com%22%2C%22sid%22%3A%228079%22%7D%5D%2C%22complete%22%3A1%2C%22ver%22%3A%221.0%22%7D%7D%7D%7D
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/libs/prebid/avpb7.12.0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.19.126 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0751fadaed5e19058901201d1ba33344dad6da6045d401bfb2ccadfe671d1037

Request headers

Referer: https://www.123greetings.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 12 Sep 2022 10:16:48 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Anrs%2FPiYbRSrZX77aRBaqL45OrR0qa4wTdBkOPV9BCC7%2F9wjReND2g2FfeSs9CvDFgnBlRnuhKpL0jWqtLGz%2FciQQjPo%2B2fcRnPob9i4fgaK1NETcvu%2FAOkvjOxhSvyPErhshL%2Bb"}],"group":"cf-nel","max_age":604800}
content-type: application/json
access-control-allow-origin: https://www.123greetings.com
cache-control: no-cache
access-control-allow-credentials: true
cf-ray: 7497e3c57c3dbbb6-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 37
expires: 0

OPTIONS
H2 200 PBJS
c2shb.pubgw.yahoo.com/admax/bid/partners/ Frame 0
0 230ms
12ms Preflight 35.157.246.167
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c2shb.pubgw.yahoo.com/admax/bid/partners/PBJS
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 35.157.246.167 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-157-246-167.eu-central-1.compute.amazonaws.com
Software: ATS/9.1.10.25 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,x-openrtb-version
Access-Control-Request-Method: POST
Origin: https://www.123greetings.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: X-Requested-With,Content-Type,X-Openrtb-Version
access-control-allow-methods: GET,POST,OPTIONS
access-control-allow-origin: https://www.123greetings.com
access-control-max-age: 600
age: 0
content-length: 0
date: Mon, 12 Sep 2022 10:16:48 GMT
server: ATS/9.1.10.25

OPTIONS
H2 200 PBJS
c2shb.pubgw.yahoo.com/admax/bid/partners/ Frame 0
0 227ms
10ms Preflight 35.157.246.167
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c2shb.pubgw.yahoo.com/admax/bid/partners/PBJS
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 35.157.246.167 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-157-246-167.eu-central-1.compute.amazonaws.com
Software: ATS/9.1.10.25 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,x-openrtb-version
Access-Control-Request-Method: POST
Origin: https://www.123greetings.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: X-Requested-With,Content-Type,X-Openrtb-Version
access-control-allow-methods: GET,POST,OPTIONS
access-control-allow-origin: https://www.123greetings.com
access-control-max-age: 600
age: 0
content-length: 0
date: Mon, 12 Sep 2022 10:16:48 GMT
server: ATS/9.1.10.25

POST
H2 204 PBJS Show response
c2shb.pubgw.yahoo.com/admax/bid/partners/ 0
110 B 83ms
83ms XHR
text/plain 35.157.246.167
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c2shb.pubgw.yahoo.com/admax/bid/partners/PBJS
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/libs/prebid/avpb7.12.0.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 35.157.246.167 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-157-246-167.eu-central-1.compute.amazonaws.com
Software: ATS/9.1.10.25 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.123greetings.com/
x-openrtb-version: 2.5
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type: application/json

Response headers

access-control-allow-origin: https://www.123greetings.com
date: Mon, 12 Sep 2022 10:16:48 GMT
access-control-allow-credentials: true
server: ATS/9.1.10.25
age: 0
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods: POST,GET,HEAD,OPTIONS

POST
H2 204 PBJS Show response
c2shb.pubgw.yahoo.com/admax/bid/partners/ 0
19 B 109ms
109ms XHR
text/plain 35.157.246.167
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c2shb.pubgw.yahoo.com/admax/bid/partners/PBJS
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/libs/prebid/avpb7.12.0.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 35.157.246.167 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-157-246-167.eu-central-1.compute.amazonaws.com
Software: ATS/9.1.10.25 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.123greetings.com/
x-openrtb-version: 2.5
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type: application/json

Response headers

access-control-allow-origin: https://www.123greetings.com
date: Mon, 12 Sep 2022 10:16:48 GMT
access-control-allow-credentials: true
server: ATS/9.1.10.25
age: 0
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods: POST,GET,HEAD,OPTIONS

POST
H2 200 prebid-request Show response
onetag-sys.com/ 15 B
367 B 15ms
14ms XHR
application/json 51.75.86.98
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://onetag-sys.com/prebid-request

Requested by

Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/libs/prebid/avpb7.12.0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.75.86.98 Istanbul, Turkey, ASN16276 (OVH, FR),

Reverse DNS

ip98.ip-51-75-86.eu

Software

Resource Hash

663dab1310a7e64c3bdd7dfdc81b7fc9a28884d4ee290b96077c7b32bbe84707

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://www.123greetings.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type: text/plain

Response headers

strict-transport-security: max-age=15552000
content-encoding: gzip
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'
access-control-allow-origin: https://www.123greetings.com
cache-control: no-transform, no-cache
access-control-allow-credentials: true
content-type: application/json
access-control-allow-headers: content-type, origin, referer, user-agent
content-length: 41

GET
H2 403 tag Show response
p4dt2-ha1hf.ads.tremorhub.com/ad/ 949 B
1 KB 370ms
97ms XHR
text/html 2600:1f18:612b:4216:dd36:6ff:8a37:a38f
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://p4dt2-ha1hf.ads.tremorhub.com/ad/tag?adCode=p4dt2-3dhcf&playerWidth=600&playerHeight=338&srcPageUrl=https%3A%2F%2Fwww.123greetings.com%2Fevents%2Fharvest_moon_festival%2F%3Futm_source%3Desep_harvestmoonfest_remail&supplyCode=p4dt2-ha1hf&mediaId=VideoId&schain=1.0,1!avantisvideo.com,8079,1,,,!spotim.market,isp_avantis,1,,,&transactionId=5d946969-c501-4cce-9a02-a4dd163f7b46&floor=USD:0.2&referrer=https%3A%2F%2Fwww.123greetings.com%2Fevents%2Fharvest_moon_festival%2F%3Futm_source&hb=1&fmt=json
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/libs/prebid/avpb7.12.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:612b:4216:dd36:6ff:8a37:a38f Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: Apache-Coyote/1.1 /
Resource Hash: 9d60ac0d334c77a039cad6f125f940635ff0043a610271fc0729d61cc9546401

Request headers

Referer: https://www.123greetings.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 12 Sep 2022 10:16:48 GMT
server: Apache-Coyote/1.1
p3p: CP='This is not a P3P policy. See https://telaria.com/privacy-policy/'
content-language: en
access-control-allow-origin: https://www.123greetings.com
access-control-allow-credentials: true
x-tremorvideo-status: REJECTED_BY_SEAT_QPS_LIMIT
content-type: text/html;charset=utf-8
content-length: 949

POST
H2 200 auction Show response
prebid-server.rubiconproject.com/openrtb2/ 184 B
411 B 79ms
16ms XHR
application/json 18.184.57.192
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-server.rubiconproject.com/openrtb2/auction
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/libs/prebid/avpb7.12.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.184.57.192 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-184-57-192.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 8dcf6ef9fdb5841eeaada0343e1700e9c5f116d9dbb5b01f7601246494619da0

Request headers

Referer: https://www.123greetings.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 12 Sep 2022 10:16:48 GMT
content-encoding: gzip
x-prebid: pbs-java/1.97.0
content-type: application/json
access-control-allow-origin: https://www.123greetings.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-length: 174
expires: 0

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ 0
63 B 221ms
17ms XHR
text/plain 198.47.127.22
GTT-BACKBONE GTT

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/libs/prebid/avpb7.12.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 198.47.127.22 , United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.123greetings.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://www.123greetings.com
date: Mon, 12 Sep 2022 10:16:48 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 145 B
1 KB 202ms
175ms XHR
application/json 185.89.210.180
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/libs/prebid/avpb7.12.0.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.89.210.180 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

958.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

069134da58aebc4d668d5bab98f83a95034023bf34e860a8058c6150002183c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.123greetings.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Mon, 12 Sep 2022 10:16:48 GMT
X-Proxy-Origin: 37.58.58.248; 37.58.58.248; 958.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
AN-X-Request-Uuid: 2a881854-4c54-4b9e-940b-4569ef7e3526
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.123greetings.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 145
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 200 auction Show response
prebid-server.rubiconproject.com/openrtb2/ 186 B
413 B 81ms
20ms XHR
application/json 18.184.57.192
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-server.rubiconproject.com/openrtb2/auction
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/libs/prebid/avpb7.12.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.184.57.192 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-184-57-192.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 97e0e4da419bd39b90b76f7c6618ffdff33ec2ac3032a7d2b236cab890605439

Request headers

Referer: https://www.123greetings.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 12 Sep 2022 10:16:48 GMT
content-encoding: gzip
x-prebid: pbs-java/1.97.0
content-type: application/json
access-control-allow-origin: https://www.123greetings.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-length: 176
expires: 0

GET
H2 200 pbjs Show response
htlb.casalemedia.com/openrtb/ 37 B
314 B 66ms
60ms XHR
application/json 104.18.19.126
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://htlb.casalemedia.com/openrtb/pbjs?s=512884&v=8.1&ac=j&sd=1&nf=1&r=%7B%22id%22%3A%22175d47e98bc7efa%22%2C%22site%22%3A%7B%22ref%22%3A%22https%3A%2F%2Fwww.123greetings.com%2Fevents%2Fharvest_moon_festival%2F%3Futm_source%3Desep_harvestmoonfest_remail%22%2C%22page%22%3A%22https%3A%2F%2Fwww.123greetings.com%2Fevents%2Fharvest_moon_festival%2F%3Futm_source%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%2C%22ixdiag%22%3A%7B%22msd%22%3A0%2C%22msi%22%3A0%2C%22mfu%22%3A0%2C%22bu%22%3A0%2C%22iu%22%3A0%2C%22nu%22%3A0%2C%22ou%22%3A1%2C%22allu%22%3A1%2C%22ren%22%3Atrue%2C%22version%22%3A%227.12.0%22%2C%22userIds%22%3A%5B%5D%2C%22url%22%3A%22https%3A%2F%2Fwww.123greetings.com%2Fevents%2Fharvest_moon_festival%2F%22%2C%22tmax%22%3A8000%2C%22syncsPerBidder%22%3A5%2C%22adunitcode%22%3A%225e8b42ae145a8138e61d4a85%7C6114f476dd0eb2621e735342%22%7D%7D%2C%22imp%22%3A%5B%7B%22id%22%3A%2218df0604ffb9db%22%2C%22ext%22%3A%7B%22siteID%22%3A%22512884%22%2C%22tid%22%3A%220e3658cf-6366-4386-9aef-f8b9119acc79%22%2C%22fl%22%3A%22p%22%7D%2C%22video%22%3A%7B%22mimes%22%3A%5B%22video%2Fmp4%22%2C%22video%2Fwebm%22%2C%22application%2Fjavascript%22%5D%2C%22minduration%22%3A1%2C%22maxduration%22%3A60%2C%22api%22%3A%5B2%5D%2C%22protocols%22%3A%5B2%2C3%2C5%2C6%5D%2C%22playerSize%22%3A%5B%5B600%2C338%5D%5D%2C%22w%22%3A600%2C%22h%22%3A338%2C%22placement%22%3A4%7D%2C%22bidfloor%22%3A0.12%2C%22bidfloorcur%22%3A%22USD%22%7D%5D%2C%22at%22%3A1%2C%22source%22%3A%7B%22ext%22%3A%7B%22schain%22%3A%7B%22nodes%22%3A%5B%7B%22asi%22%3A%22avantisvideo.com%22%2C%22sid%22%3A%228079%22%2C%22hp%22%3A1%7D%5D%2C%22ver%22%3A%221.0%22%2C%22complete%22%3A1%7D%7D%7D%7D
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/libs/prebid/avpb7.12.0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.19.126 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ae9d4e5534ff9542677f447812fec184ddbeae375a3eed2d4722ffb4126520a3

Request headers

Referer: https://www.123greetings.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 12 Sep 2022 10:16:48 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QshemVMuoLx8gxiu%2BYKUwG6tP%2BUauUxXDV%2BUQQIw%2BPSiBiS2aXT6S0KnipdVIJzGrM3sIR5NUdR4mVh%2FHWwkDpmiMyZ9uJJZ5AzIG9hbUGklgt%2BN9nt9nbEt8DWiKUQW6FIAYXxc"}],"group":"cf-nel","max_age":604800}
content-type: application/json
access-control-allow-origin: https://www.123greetings.com
cache-control: no-cache
access-control-allow-credentials: true
cf-ray: 7497e3c57c3ebbb6-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 37
expires: 0

POST
H2 200 auction Show response
prebid-server.rubiconproject.com/openrtb2/ 186 B
413 B 79ms
18ms XHR
application/json 18.184.57.192
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-server.rubiconproject.com/openrtb2/auction
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/libs/prebid/avpb7.12.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.184.57.192 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-184-57-192.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 2041f2f81192177bc02d8129efbbd261cabe2b848c6f390431f92c1503ac6415

Request headers

Referer: https://www.123greetings.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 12 Sep 2022 10:16:48 GMT
content-encoding: gzip
x-prebid: pbs-java/1.97.0
content-type: application/json
access-control-allow-origin: https://www.123greetings.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-length: 176
expires: 0

GET
H2 200 PugMaster Show response
image6.pubmatic.com/AdServer/ Frame D0C4 0
42 B 262ms
18ms Script
text/plain 185.64.190.78
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=9174024&p=160993&s=0&a=0&ptask=ALL&np=0&fp=0&rp=0&mpc=0&spug=1&coppa=0&gdpr=1&gdpr_consent=&us_privacy=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=160993&gdpr=1&gdpr_consent=&predirect=https%3A%2F%2Fsync.aniview.com%2Fcookiesyncendpoint%3Fauid%3D1662977808015-982903183926-007666-012-007170%26biddername%3D1%26key%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.78 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Mon, 12 Sep 2022 10:16:48 GMT
content-length: 0

POST
H2 200 all
csm.eu.criteo.net/ Frame B9D6 0
127 B 17ms
16ms Ping
text/plain 178.250.0.162
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.162 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Mon, 12 Sep 2022 10:16:48 GMT
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0
strict-transport-security: max-age=31536000; preload;

GET
H2 200 track
track1.aniview.com/ 0
70 B 92ms
91ms Image
text/plain 34.233.129.244
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track1.aniview.com/track?d=Chrome&cou=DE&cos=Windows&r=www.123greetings.com&rs=www.123greetings.com&sid=82179&t=1662977807&cip=37.58.58.248&sn=esep_harvestmoonfest_remail&tgt=0&osv=10&bv=105.0&brn=Chrome&wi=600&he=338&app=&AV_PUBLISHERID=5e5bd02728a06124e30d85c3&test=&aafaid=&proto=https&uid=1662977807998-920457583926-008342-007-006858&cha=0.7&stagid=&stplid=&d35=&d36=6.2.54&cb=87434007283&d39=&d65=&apppkg=&d9=1000&AV_WIDTH=600&AV_HEIGHT=338&&ppid=5e5bd02728a06124e30d85c3&nid=59918a0e073ef4782e4e347f&pcid=5ec3e3871f5e5c792c20f9f7&ncid=5e8b3e740cd6ad6132403f66&pasid=5e8b42ae145a8138e61d4a85&e=bid&cb=1662977808605&asid=6102687900a33569ec0d3097%2C60e594da4123720f2e250d24&ofpr=%2C&fpo=%2C
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.233.129.244 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-233-129-244.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Mon, 12 Sep 2022 10:16:48 GMT
cache-control: max-age=0, no-cache, no-store
content-length: 0

GET
H2 200 track
track1.aniview.com/ 0
70 B 91ms
91ms Image
text/plain 34.233.129.244
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track1.aniview.com/track?d=Chrome&cou=DE&cos=Windows&r=www.123greetings.com&rs=www.123greetings.com&sid=82179&t=1662977807&cip=37.58.58.248&sn=esep_harvestmoonfest_remail&tgt=0&osv=10&bv=105.0&brn=Chrome&wi=600&he=338&app=&AV_PUBLISHERID=5e5bd02728a06124e30d85c3&test=&aafaid=&proto=https&uid=1662977807998-920457583926-008342-007-006858&cha=0.7&stagid=&stplid=&d35=&d36=6.2.54&cb=87434007283&d39=&d65=&apppkg=&d9=1000&AV_WIDTH=600&AV_HEIGHT=338&&copid=59918a0e073ef4782e4e347f&nid=59c9148628a0612da3689288&cocid=5e8b3e740cd6ad6132403f66&ncid=6252cd490f4ad400b27f24ae&coasid=628cec03ef40666330025114&e=bid&cb=1662977808605&asid=62b1a8beecf705053613baa5&ofpr=&fpo=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.233.129.244 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-233-129-244.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Mon, 12 Sep 2022 10:16:48 GMT
cache-control: max-age=0, no-cache, no-store
content-length: 0

GET
H2 200 track
track1.aniview.com/ 0
70 B 93ms
92ms Image
text/plain 34.233.129.244
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track1.aniview.com/track?d=Chrome&cou=DE&cos=Windows&r=www.123greetings.com&rs=www.123greetings.com&sid=19541&t=1662977808&cip=37.58.58.248&sn=esep_harvestmoonfest_remail&tgt=0&osv=10&bv=105.0&brn=Chrome&wi=400&he=225&app=&AV_PUBLISHERID=5e5bd02728a06124e30d85c3&test=&aafaid=&proto=https&uid=1662977808015-982903183926-007666-012-007170&cha=0.7&stagid=&stplid=&d35=&d36=6.2.54&cb=15477655411&d39=&d65=&apppkg=&d9=1000&AV_WIDTH=400&AV_HEIGHT=225&&ppid=5e5bd02728a06124e30d85c3&nid=59918a0e073ef4782e4e347f&pcid=5e5bd1f528a0610dd725f7d8&ncid=5e8b3e740cd6ad6132403f66&pasid=5e8b42ae145a8138e61d4a85&e=bid&cb=1662977808708&asid=6102687900a33569ec0d3097%2C60e594da4123720f2e250d24&ofpr=%2C&fpo=%2C
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.233.129.244 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-233-129-244.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Mon, 12 Sep 2022 10:16:48 GMT
cache-control: max-age=0, no-cache, no-store
content-length: 0

GET
H2 200 track
track1.aniview.com/ 0
70 B 92ms
92ms Image
text/plain 34.233.129.244
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track1.aniview.com/track?d=Chrome&cou=DE&cos=Windows&r=www.123greetings.com&rs=www.123greetings.com&sid=19541&t=1662977808&cip=37.58.58.248&sn=esep_harvestmoonfest_remail&tgt=0&osv=10&bv=105.0&brn=Chrome&wi=400&he=225&app=&AV_PUBLISHERID=5e5bd02728a06124e30d85c3&test=&aafaid=&proto=https&uid=1662977808015-982903183926-007666-012-007170&cha=0.7&stagid=&stplid=&d35=&d36=6.2.54&cb=15477655411&d39=&d65=&apppkg=&d9=1000&AV_WIDTH=400&AV_HEIGHT=225&&copid=59918a0e073ef4782e4e347f&nid=59c9148628a0612da3689288&cocid=5e8b3e740cd6ad6132403f66&ncid=6252cd490f4ad400b27f24ae&coasid=628cec03ef40666330025114&e=bid&cb=1662977808708&asid=62b1a8beecf705053613baa5&ofpr=&fpo=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.233.129.244 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-233-129-244.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Mon, 12 Sep 2022 10:16:48 GMT
cache-control: max-age=0, no-cache, no-store
content-length: 0

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame 068D 15 KB
6 KB 19ms
18ms Document
text/html 184.51.9.34
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=161335
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/libs/prebid/avpb7.12.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 184.51.9.34 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-51-9-34.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: ec24ec80719b83e32448bd568739a6b7c36f96cc746c3003a9d32a1ef4535152

Request headers

Referer: https://www.123greetings.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
cache-control: max-age=71313
content-encoding: gzip
content-length: 5549
content-type: text/html; charset=UTF-8
date: Mon, 12 Sep 2022 10:16:49 GMT
etag: "1300708-3de4-5d6ef246ef4cf"
expires: Tue, 13 Sep 2022 06:05:22 GMT
last-modified: Tue, 01 Feb 2022 06:38:00 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: Apache
vary: Accept-Encoding

GET
H/1.1 200
OK usync.html Show response
eus.rubiconproject.com/ Frame 782B 281 B
554 B 65ms
8ms Document
text/html 23.205.235.133
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/libs/prebid/avpb7.12.0.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.205.235.133 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-205-235-133.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer: https://www.123greetings.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Mon, 12 Sep 2022 10:16:49 GMT
ETag: "40014-119-5d32342a551c0"
Last-Modified: Tue, 14 Dec 2021 23:07:59 GMT
Server: Apache/2.2.15 (CentOS)
Vary: Accept-Encoding

GET
H2 204 /
onetag-sys.com/usync/ Frame 78D0 0
0 15ms
14ms Document
text/plain 51.75.86.98
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://onetag-sys.com/usync/?cb=1662977808251

Requested by

Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/libs/prebid/avpb7.12.0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.75.86.98 Istanbul, Turkey, ASN16276 (OVH, FR),

Reverse DNS

ip98.ip-51-75-86.eu

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://www.123greetings.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-store
strict-transport-security: max-age=15552000

GET
H/1.1 200
OK async_usersync.html Show response
acdn.adnxs.com/dmp/ Frame 2DB5 52 KB
17 KB 37ms
6ms Document
text/html 151.101.65.108
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/libs/prebid/avpb7.12.0.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.65.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Referer: https://www.123greetings.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Age: 20317
Cache-Control: max-age=86402
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 17053
Content-Type: text/html
Date: Mon, 12 Sep 2022 10:16:49 GMT
ETag: W/"623de86a-cf34"
Expires: Thu, 08 Sep 2022 04:38:03 GMT
Last-Modified: Fri, 25 Mar 2022 16:06:02 GMT
Server: nginx/1.18.0 (Ubuntu)
Vary: Accept-Encoding
Via: 1.1 varnish, 1.1 varnish
X-Cache: HIT, HIT
X-Cache-Hits: 1, 204537
X-Served-By: cache-lga21958-LGA, cache-fra19144-FRA
X-Timer: S1662977809.138188,VS0,VE0

GET
H/1.1 200
OK ixmatch.html Show response
js-sec.indexww.com/um/ Frame 9711 3 KB
2 KB 39ms
10ms Document
text/html 23.35.236.247
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://js-sec.indexww.com/um/ixmatch.html
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/libs/prebid/avpb7.12.0.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.35.236.247 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-236-247.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 82d2dc44aae1eda52abc17afd30c6031b7175c13ee6955410164c66ae755adfb

Request headers

Referer: https://www.123greetings.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 1387
Content-Type: text/html; charset=UTF-8
Date: Mon, 12 Sep 2022 10:16:49 GMT
ETag: "e20015-b68-5e4a60c97afb7"
Last-Modified: Mon, 25 Jul 2022 19:18:30 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Server: Apache
Vary: Accept-Encoding

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame 2DB5 0
741 B 35ms
35ms Script
text/html 185.89.210.180
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.89.210.180 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

958.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 12 Sep 2022 10:16:49 GMT
X-Proxy-Origin: 37.58.58.248; 37.58.58.248; 958.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
AN-X-Request-Uuid: 182d0102-dfad-4437-8c87-0ec54b861487
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

usermatch Show response
r.casalemedia.com/ Frame A097
Redirect Chain

https://ssum-sec.casalemedia.com/usermatch?d=https%3A%2F%2Fwww.123greetings.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F
https://r.casalemedia.com/usermatch?d=https%3A%2F%2Fwww.123greetings.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1

2 KB
2 KB

59ms
38ms

Document
text/html

104.18.18.126
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://r.casalemedia.com/usermatch?d=https%3A%2F%2Fwww.123greetings.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Requested by: Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/um/ixmatch.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.18.126 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7e032861f303eafc0348b350ea7fb01be2e94a6d00333ca6c8dfc4f33067582d

Request headers

Referer: https://js-sec.indexww.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: no-cache
cf-cache-status: DYNAMIC
cf-ray: 7497e3cbea119b9b-FRA
content-encoding: br
content-type: text/html
date: Mon, 12 Sep 2022 10:16:49 GMT
dropped-udsids: 230|45|39|241|130|206|31|81
expires: 0
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RDL0k0HPORSbkgCqQPHUWmPCGVIf80Q0LNP0bUN3eFvdbZEaEucom0fV%2BGi%2FMLaNOhZfPvst9zeCjocRvPkNiH8sKeBew0zZe4AsJVTh60e9CMwXSec0mgZiMpWw3n1ecYqP"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Is-Traffic-Usersync, Accept-Encoding

Redirect headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: no-cache
cf-cache-status: DYNAMIC
cf-ray: 7497e3cb88cf9962-FRA
content-type: text/html; charset=iso-8859-1
date: Mon, 12 Sep 2022 10:16:49 GMT
expires: 0
location: https://r.casalemedia.com/usermatch?d=https%3A%2F%2Fwww.123greetings.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YGbKW7i%2BegJPmTEM6fNs6rOhMoOuS5D2Nce46U1BN8MAiEsVd4uGhzfeDxBg5G%2FO%2FFGK%2BUPZp0L7f%2F3nvz7520RTMg%2Fkr7KC77volJyeNOtUmNH4njRB9lv9mauFU8uydIPCF0Lbhsx0tw%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding

GET
H/1.1 200
OK usync.js Show response
eus.rubiconproject.com/ Frame 782B 31 KB
10 KB 8ms
8ms Script
text/html 23.205.235.133
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.js
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.205.235.133 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-205-235-133.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: 46782d1bdfabc54f7ad570828fdaea4c379990f1d7c73e1e1109a2849bbaf500

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/usync.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date: Mon, 12 Sep 2022 10:16:49 GMT
Content-Encoding: gzip
Last-Modified: Wed, 24 Aug 2022 20:46:19 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control: max-age=40575
Connection: keep-alive
Content-Type: text/html; charset=UTF-8
Content-Length: 9379
Expires: Mon, 12 Sep 2022 21:33:04 GMT

GET
H/1.1 200
OK khaos.jpg
token.rubiconproject.com/ Frame 782B 284 B
536 B 55ms
10ms Image
image/jpg 69.173.144.165
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://token.rubiconproject.com/khaos.jpg?
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 69.173.144.165 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: 492abbc30ace41332a8f68b7f34f56333a037aebac34e0bc9b9cedb0d1c3b032

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-length: 284
X-RPHost: de8527bfa1ccfd6c1590da0d3b6cff52
Content-Type: image/jpg

GET
H/1.1 200
OK ixmatch.html Show response
js-sec.indexww.com/um/ Frame 398E 3 KB
2 KB 7ms
7ms Document
text/html 23.35.236.247
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://js-sec.indexww.com/um/ixmatch.html
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/libs/prebid/avpb7.12.0.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.35.236.247 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-236-247.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 82d2dc44aae1eda52abc17afd30c6031b7175c13ee6955410164c66ae755adfb

Request headers

Referer: https://www.123greetings.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 1387
Content-Type: text/html; charset=UTF-8
Date: Mon, 12 Sep 2022 10:16:49 GMT
ETag: "e20015-b68-5e4a60c97afb7"
Last-Modified: Mon, 25 Jul 2022 19:18:30 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Server: Apache
Vary: Accept-Encoding

GET
H2 204 /
onetag-sys.com/usync/ Frame 98BD 0
0 15ms
14ms Document
text/plain 51.75.86.98
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://onetag-sys.com/usync/?cb=1662977808248

Requested by

Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/libs/prebid/avpb7.12.0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.75.86.98 Istanbul, Turkey, ASN16276 (OVH, FR),

Reverse DNS

ip98.ip-51-75-86.eu

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://www.123greetings.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-store
strict-transport-security: max-age=15552000

GET
H/1.1 200
OK async_usersync.html Show response
acdn.adnxs.com/dmp/ Frame E57A 52 KB
17 KB 7ms
7ms Document
text/html 151.101.65.108
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/libs/prebid/avpb7.12.0.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.65.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Referer: https://www.123greetings.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Age: 20317
Cache-Control: max-age=86402
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 17053
Content-Type: text/html
Date: Mon, 12 Sep 2022 10:16:49 GMT
ETag: W/"623de86a-cf34"
Expires: Thu, 08 Sep 2022 04:38:03 GMT
Last-Modified: Fri, 25 Mar 2022 16:06:02 GMT
Server: nginx/1.18.0 (Ubuntu)
Vary: Accept-Encoding
Via: 1.1 varnish, 1.1 varnish
X-Cache: HIT, HIT
X-Cache-Hits: 1, 204540
X-Served-By: cache-lga21958-LGA, cache-fra19144-FRA
X-Timer: S1662977809.214263,VS0,VE0

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame 1616 15 KB
6 KB 20ms
20ms Document
text/html 184.51.9.34
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=161335
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/libs/prebid/avpb7.12.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 184.51.9.34 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-51-9-34.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: ec24ec80719b83e32448bd568739a6b7c36f96cc746c3003a9d32a1ef4535152

Request headers

Referer: https://www.123greetings.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
cache-control: max-age=71313
content-encoding: gzip
content-length: 5549
content-type: text/html; charset=UTF-8
date: Mon, 12 Sep 2022 10:16:49 GMT
etag: "1300708-3de4-5d6ef246ef4cf"
expires: Tue, 13 Sep 2022 06:05:22 GMT
last-modified: Tue, 01 Feb 2022 06:38:00 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: Apache
vary: Accept-Encoding

GET
H2

200

usermatch Show response
r.casalemedia.com/ Frame 853B
Redirect Chain

https://ssum-sec.casalemedia.com/usermatch?d=https%3A%2F%2Fwww.123greetings.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F
https://r.casalemedia.com/usermatch?d=https%3A%2F%2Fwww.123greetings.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1

2 KB
1 KB

31ms
31ms

Document
text/html

104.18.18.126
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://r.casalemedia.com/usermatch?d=https%3A%2F%2Fwww.123greetings.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Requested by: Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/um/ixmatch.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.18.126 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b5cf3942287d2544c42ca7ed00d96ee7d5427eab0e4ff22e69b4d3c3bb42000a

Request headers

Referer: https://js-sec.indexww.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: no-cache
cf-cache-status: DYNAMIC
cf-ray: 7497e3cbea279b9b-FRA
content-encoding: br
content-type: text/html
date: Mon, 12 Sep 2022 10:16:49 GMT
dropped-udsids: 39|45|241|230|188|65|57|191
expires: 0
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OsMlGaqnMfErLmZYGzTcM7cuP3tBElvl3wys6KRnwyJMRs9NkGXPgavzPdaL8fogf3Quov%2FTDDAKBtn5%2BTtXLNQxSQV52K37G3c5%2Bsd3L3RLbSsrhO%2Bp%2Bk7%2BoxmkHQbbx%2B4c"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Is-Traffic-Usersync, Accept-Encoding

Redirect headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: no-cache
cf-cache-status: DYNAMIC
cf-ray: 7497e3cbb9179962-FRA
content-type: text/html; charset=iso-8859-1
date: Mon, 12 Sep 2022 10:16:49 GMT
expires: 0
location: https://r.casalemedia.com/usermatch?d=https%3A%2F%2Fwww.123greetings.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5Zr7qbo22ODS91EKVq2XGKMSEhG3smfe1IQn1YPWVBsT0Z41F4If8V15ppPl30piwH7EoVW3Hn8zwF8kPuIjY1waJb5cRHtHGktvxrl6GHRRdr0p0l5f%2BqbmT9BH0Do18IwPdKu3wpYnFw%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame E57A 0
741 B 38ms
38ms Script
text/html 185.89.210.180
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.89.210.180 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

958.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 12 Sep 2022 10:16:49 GMT
X-Proxy-Origin: 37.58.58.248; 37.58.58.248; 958.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
AN-X-Request-Uuid: 1e7f8402-26f9-4abd-9483-6e646c122976
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 pixel
cm.g.doubleclick.net/ Frame A097 170 B
188 B 24ms
24ms Image
image/png 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=Yx8HEWoa58CxlXxUBiKnxAAABGUAAAIB&gdpr_consent=&us_privacy=&gdpr=1

Requested by

Host: r.casalemedia.com
URL: https://r.casalemedia.com/usermatch?d=https%3A%2F%2Fwww.123greetings.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://r.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 12 Sep 2022 10:16:49 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

crum
dsum-sec.casalemedia.com/ Frame A097
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D&gdpr=1
https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=Yx8HEbrFRpptrYc1V.OpPAAA
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEOnpvYRphbHH4IkgQ17U_Po&google_cver=1&gdpr=1&google_hm=2

43 B
843 B

42ms
37ms

Image
image/gif

104.18.19.126
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEOnpvYRphbHH4IkgQ17U_Po&google_cver=1&gdpr=1&google_hm=2
Requested by: Host: r.casalemedia.com
URL: https://r.casalemedia.com/usermatch?d=https%3A%2F%2Fwww.123greetings.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol: H3
Server: 104.18.19.126 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://r.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

cf-ray: 7497e3ccdc329b6a-FRA
pragma: no-cache
date: Mon, 12 Sep 2022 10:16:49 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vWs5s4CwhQhgseWuaZ3aX30UV%2B0mHoLEoYR3fMFcQwRJD0u1ydakdYGfAY3roSDOm%2FpbytQ2rIGshweuc4i%2B4HLztc7LeV%2FJ9s6GFhiG9WIDgTXBYE8P0WYE6oNpKE3EOAHzBs%2FE5GUMYw%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
cache-control: no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Mon, 12 Sep 2022 10:16:49 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEOnpvYRphbHH4IkgQ17U_Po&google_cver=1&gdpr=1&google_hm=2
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 341
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 casale
match.adsrvr.org/track/cmf/ Frame A097 70 B
264 B 38ms
33ms Image
image/gif 52.223.40.198
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/casale?gdpr=1
Requested by: Host: r.casalemedia.com
URL: https://r.casalemedia.com/usermatch?d=https%3A%2F%2Fwww.123greetings.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.223.40.198 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://r.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 12 Sep 2022 10:16:49 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H/1.1

200
OK

dcm
s.amazon-adsystem.com/ Frame A097
Redirect Chain

https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=Yx8HEWoa58CxlXxUBiKnxAAABGUAAAIB
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=Yx8HEWoa58CxlXxUBiKnxAAABGUAAAIB&dcc=t

43 B
568 B

98ms
98ms

Image
image/gif

52.46.130.91
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=Yx8HEWoa58CxlXxUBiKnxAAABGUAAAIB&dcc=t

Requested by

Host: r.casalemedia.com
URL: https://r.casalemedia.com/usermatch?d=https%3A%2F%2Fwww.123greetings.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1

Protocol

HTTP/1.1

Server

52.46.130.91 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://r.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 12 Sep 2022 10:16:49 GMT
Vary: Content-Type,Accept-Encoding,User-Agent
Server: Server
x-amz-rid: EGSHBEAHEKYQP5CAQNSV
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Mon, 12 Sep 2022 10:16:49 GMT
Vary: Content-Type,Accept-Encoding,User-Agent
Server: Server
x-amz-rid: SPCC12RSJ32N3KXATB27
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location: https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=Yx8HEWoa58CxlXxUBiKnxAAABGUAAAIB&dcc=t
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK ie
match.prod.bidr.io/cookie-sync/ Frame A097 43 B
430 B 147ms
32ms Image
image/gif 52.212.196.36
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://match.prod.bidr.io/cookie-sync/ie?gdpr=1

Requested by

Host: r.casalemedia.com
URL: https://r.casalemedia.com/usermatch?d=https%3A%2F%2Fwww.123greetings.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.212.196.36 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-212-196-36.eu-west-1.compute.amazonaws.com

Software

nginx /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://r.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma: no-cache
Date: Mon, 12 Sep 2022 10:16:49 GMT
Server: nginx
strict-transport-security: max-age=2592000; includeSubDomains
p3p: CP="This is not a P3P policy! See https://beeswax.com/privacy for more info."
cache-control: no-cache, must-revalidate
Connection: keep-alive
content-type: image/gif
Content-Length: 43
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 sync
ups.analytics.yahoo.com/ups/55940/ Frame A097 0
38 B 15ms
11ms Image
text/plain 18.156.0.31
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ups.analytics.yahoo.com/ups/55940/sync?_origin=1&redir2=true&uid=Yx8HEWoa58CxlXxUBiKnxAAABGUAAAIB&gdpr_consent=&us_privacy=&gdpr=1

Requested by

Host: r.casalemedia.com
URL: https://r.casalemedia.com/usermatch?d=https%3A%2F%2Fwww.123greetings.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

18.156.0.31 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-156-0-31.eu-central-1.compute.amazonaws.com

Software

ATS/9.1.10.25 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://r.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Mon, 12 Sep 2022 10:16:49 GMT
server: ATS/9.1.10.25
age: 0
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H/1.1

200
OK

noop
px.owneriq.net/ Frame A097
Redirect Chain

https://px.owneriq.net/eucm/p/cc?redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Fcrum%3Fcm_dsp_id%3D31%26external_user_id%3D(OIQ_UUID)
https://px.owneriq.net/ecc?redir=https%3a%2f%2fdsum-sec.casalemedia.com%2fcrum%3fcm_dsp_id%3d31%26external_user_id%3dQ7162642092143547097&uid=Q7162642092143547097&ref=%2Feucm%2Fp%2Fcc
https://px.owneriq.net/noop?ct=image%2Fgif

0
287 B

20ms
20ms

Image
image/gif

104.96.159.65
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.owneriq.net/noop?ct=image%2Fgif
Requested by: Host: r.casalemedia.com
URL: https://r.casalemedia.com/usermatch?d=https%3A%2F%2Fwww.123greetings.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol: HTTP/1.1
Server: 104.96.159.65 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-96-159-65.deploy.static.akamaitechnologies.com
Software: Apache/2.4.6 (CentOS) / PHP/7.3.33
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://r.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date: Mon, 12 Sep 2022 10:16:49 GMT
Server: Apache/2.4.6 (CentOS)
Connection: keep-alive
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
X-Powered-By: PHP/7.3.33
Content-Length: 0
Content-Type: image/gif

Redirect headers

Location: https://px.owneriq.net/noop?ct=image%2Fgif
Date: Mon, 12 Sep 2022 10:16:49 GMT
Server: AkamaiGHost
Connection: keep-alive
Content-Length: 0

GET
H2

200

rum
dsum-sec.casalemedia.com/ Frame A097
Redirect Chain

https://pixel.quantserve.com/pixel/p-Z8PuJEk6U7Hyq.gif?idmatch=0&gdpr=1
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=81&&external_user_id=TqXtzUih7ZpVo-WaHPPxyh2ivshV8OuZSKTwPfqx

43 B
426 B

21ms
21ms

Image
image/gif

104.18.19.126
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=81&&external_user_id=TqXtzUih7ZpVo-WaHPPxyh2ivshV8OuZSKTwPfqx
Requested by: Host: r.casalemedia.com
URL: https://r.casalemedia.com/usermatch?d=https%3A%2F%2Fwww.123greetings.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol: H2
Server: 104.18.19.126 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://r.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

cf-ray: 7497e3cc9d589baa-FRA
pragma: no-cache
date: Mon, 12 Sep 2022 10:16:49 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=p5vV4acYJjKNLxpOx82t6aQ3lwYaTHtzMZ8wS2y4iYn%2BYaoKxtmu%2BdB0FfvAeZ44ViJKFufTx8Xf14iISbnhVLVronGGCdj0T0jLkjKgD4gLVDWq7uKTbxnlmQpN6i8cX7a3yRCxB4jDuw%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
cache-control: no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Mon, 12 Sep 2022 10:16:49 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=81&&external_user_id=TqXtzUih7ZpVo-WaHPPxyh2ivshV8OuZSKTwPfqx
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 0
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H2 200 htw-pixel.gif
cdn.indexww.com/ht/ Frame A097 43 B
102 B 59ms
14ms Image
image/gif 2606:4700::6812:c4c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.indexww.com/ht/htw-pixel.gif?Yx8HEWoa58CxlXxUBiKnxAAA%261125
Requested by: Host: r.casalemedia.com
URL: https://r.casalemedia.com/usermatch?d=https%3A%2F%2Fwww.123greetings.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:c4c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://r.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

cf-ray: 7497e3cc8e24929f-FRA
date: Mon, 12 Sep 2022 10:16:49 GMT
cf-cache-status: HIT
last-modified: Tue, 24 Jan 2017 19:36:04 GMT
server: cloudflare
age: 29
etag: "761e21-2b-546dc3a097100"
vary: Accept-Encoding
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
edge-control: cache-maxage=1h
cache-control: public, max-age=14400
accept-ranges: bytes
content-type: image/gif
content-length: 43
expires: Mon, 12 Sep 2022 14:16:49 GMT

GET
H2 200 casale
match.adsrvr.org/track/cmf/ Frame 853B 70 B
264 B 34ms
34ms Image
image/gif 52.223.40.198
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/casale?gdpr=1
Requested by: Host: r.casalemedia.com
URL: https://r.casalemedia.com/usermatch?d=https%3A%2F%2Fwww.123greetings.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.223.40.198 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://r.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 12 Sep 2022 10:16:49 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H3

200

crum
dsum-sec.casalemedia.com/ Frame 853B
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D&gdpr=1
https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=Yx8HEbrFRpptrYc1V.OpPAAA
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEOnpvYRphbHH4IkgQ17U_Po&google_cver=1&gdpr=1&google_hm=2

43 B
883 B

34ms
23ms

Image
image/gif

104.18.19.126
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEOnpvYRphbHH4IkgQ17U_Po&google_cver=1&gdpr=1&google_hm=2
Requested by: Host: r.casalemedia.com
URL: https://r.casalemedia.com/usermatch?d=https%3A%2F%2Fwww.123greetings.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol: H3
Server: 104.18.19.126 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://r.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

cf-ray: 7497e3ccdc349b6a-FRA
pragma: no-cache
date: Mon, 12 Sep 2022 10:16:49 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2B7VsZMNaIt2CxJiTDHvwDSYNakOKtVimm%2BJDOEOpjwaUIrjcW%2BCklrqDmb%2FUyY4gbGCfvYZp0HZT2RdPGZUpwY2DZZpJpo4Gayzq7gwRA%2Fy6mFOQSMGMjvIJj3thFkqpCMdTjo4a77zaLA%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
cache-control: no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Mon, 12 Sep 2022 10:16:49 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEOnpvYRphbHH4IkgQ17U_Po&google_cver=1&gdpr=1&google_hm=2
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 341
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

dcm
s.amazon-adsystem.com/ Frame 853B
Redirect Chain

https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=Yx8HEbrFRpptrYc1V-OpPAAABLQAAAAB
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=Yx8HEbrFRpptrYc1V-OpPAAABLQAAAAB&dcc=t

43 B
568 B

106ms
106ms

Image
image/gif

52.46.130.91
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=Yx8HEbrFRpptrYc1V-OpPAAABLQAAAAB&dcc=t

Requested by

Host: r.casalemedia.com
URL: https://r.casalemedia.com/usermatch?d=https%3A%2F%2Fwww.123greetings.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1

Protocol

HTTP/1.1

Server

52.46.130.91 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://r.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 12 Sep 2022 10:16:49 GMT
Vary: Content-Type,Accept-Encoding,User-Agent
Server: Server
x-amz-rid: G9F68SB2WZD39P8YCYJ1
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Mon, 12 Sep 2022 10:16:49 GMT
Vary: Content-Type,Accept-Encoding,User-Agent
Server: Server
x-amz-rid: TY6AXREDAR149FZXV08G
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location: https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=Yx8HEbrFRpptrYc1V-OpPAAABLQAAAAB&dcc=t
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3 200 pixel
cm.g.doubleclick.net/ Frame 853B 170 B
188 B 27ms
25ms Image
image/png 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=Yx8HEbrFRpptrYc1V-OpPAAABLQAAAAB&gdpr_consent=&us_privacy=&gdpr=1

Requested by

Host: r.casalemedia.com
URL: https://r.casalemedia.com/usermatch?d=https%3A%2F%2Fwww.123greetings.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://r.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 12 Sep 2022 10:16:49 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 CookieIndex
rtb.adentifi.com/ Frame 853B 0
35 B 336ms
100ms Image
text/plain 52.204.122.115
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.adentifi.com/CookieIndex
Requested by: Host: r.casalemedia.com
URL: https://r.casalemedia.com/usermatch?d=https%3A%2F%2Fwww.123greetings.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.204.122.115 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-204-122-115.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://r.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Mon, 12 Sep 2022 10:16:49 GMT

GET
H2

200

rum
dsum.casalemedia.com/ Frame 853B
Redirect Chain

https://casale-match.dotomi.com/match/bounce/current?networkId=19998&version=1&gdpr=1
https://dsum.casalemedia.com/rum?cm_dsp_id=65&external_user_id=&expiration=1663064209&gdpr=1

43 B
867 B

95ms
51ms

Image
image/gif

104.18.19.126
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum.casalemedia.com/rum?cm_dsp_id=65&external_user_id=&expiration=1663064209&gdpr=1
Requested by: Host: r.casalemedia.com
URL: https://r.casalemedia.com/usermatch?d=https%3A%2F%2Fwww.123greetings.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol: H2
Server: 104.18.19.126 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://r.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

cf-ray: 7497e3cd1d2e696a-FRA
pragma: no-cache
date: Mon, 12 Sep 2022 10:16:49 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mgB9SLLPMvfAyzSbp3wmUWXa94EH7MFBtF8O6cIrrdcP9B9pNGg9FhJQr92oq1Wych6deOS0F0SZjHDY%2F3fTCTOinigZuQgqniEwvNqwPlAZpn1qhazyipucX9DS7VrJsPdcOopT"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
cache-control: no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

location: https://dsum.casalemedia.com/rum?cm_dsp_id=65&external_user_id=&expiration=1663064209&gdpr=1
pragma: no-cache
date: Mon, 12 Sep 2022 10:16:49 GMT
cache-control: no-cache, private, max-age=0, no-store
server: nginx
content-length: 0
expires: 0

GET
H3

200

crum
dsum-sec.casalemedia.com/ Frame 853B
Redirect Chain

https://p.rfihub.com/cm?in=1&pub=2079&gdpr=1
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=57&external_user_id=5123196423215382993

43 B
844 B

27ms
27ms

Image
image/gif

104.18.19.126
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=57&external_user_id=5123196423215382993
Requested by: Host: r.casalemedia.com
URL: https://r.casalemedia.com/usermatch?d=https%3A%2F%2Fwww.123greetings.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol: H3
Server: 104.18.19.126 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://r.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

cf-ray: 7497e3cd6d8b9b6a-FRA
pragma: no-cache
date: Mon, 12 Sep 2022 10:16:49 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ejgrxPmMjIqavQVV2XqPtMj6YW3YxkI1%2FgB2Ojv013fdEPzP9jxrEJWQB8pgi77k2xSvR%2FyNHj3C4Y3GYg1cf8m%2BeUuRiv89Hy8jAhPljwgg8LK1EUgsty1I0B%2FT%2FdgaeREuviuDajqEow%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
cache-control: no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

Location: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=57&external_user_id=5123196423215382993
Date: Mon, 12 Sep 2022 10:16:49 GMT
Server: Jetty(9.3.29.v20201019)
Content-Length: 0
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame 853B
Redirect Chain

https://dmp.brand-display.com/cm/api/index?cm_dsp_id=191&cm_user_id=%3CIndex_user_id%3E&gdpr=1
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=191&expiration=63072000&external_user_id=d4def627-31eb-6215-725fa9ed

43 B
844 B

33ms
33ms

Image
image/gif

104.18.19.126
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=191&expiration=63072000&external_user_id=d4def627-31eb-6215-725fa9ed
Requested by: Host: r.casalemedia.com
URL: https://r.casalemedia.com/usermatch?d=https%3A%2F%2Fwww.123greetings.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol: H3
Server: 104.18.19.126 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://r.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

cf-ray: 7497e3cd5d599b6a-FRA
pragma: no-cache
date: Mon, 12 Sep 2022 10:16:49 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=j8DfdMzlbpCTqVVinglBLWohRiAK4kbnEW16FWVezmqHeAIdr%2FA%2BBwhNyeRdqkeIQ3DnqWZBv69NKBCdLEv8uRMYDsnoVMdX5QXvbX0kjIXXHR41u%2Bp3BGb5W6DFaPfKcBCTkGRESFvycg%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
cache-control: no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

date: Mon, 12 Sep 2022 10:16:49 GMT
via: 1.1 google
server: nginx/1.22.0
access-control-allow-origin: *
p3p: CP='This is not a P3P policy!'
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=191&expiration=63072000&external_user_id=d4def627-31eb-6215-725fa9ed
cache-control: max-age=3600
content-type: text/html; charset=utf-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 146

GET
H2 200 htw-pixel.gif
cdn.indexww.com/ht/ Frame 853B 43 B
351 B 56ms
13ms Image
image/gif 2606:4700::6812:c4c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.indexww.com/ht/htw-pixel.gif?Yx8HEbrFRpptrYc1V.OpPAAA%261204
Requested by: Host: r.casalemedia.com
URL: https://r.casalemedia.com/usermatch?d=https%3A%2F%2Fwww.123greetings.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:c4c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://r.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

cf-ray: 7497e3cc8e25929f-FRA
date: Mon, 12 Sep 2022 10:16:49 GMT
cf-cache-status: HIT
last-modified: Tue, 24 Jan 2017 19:36:04 GMT
server: cloudflare
age: 29
etag: "761e21-2b-546dc3a097100"
vary: Accept-Encoding
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
edge-control: cache-maxage=1h
cache-control: public, max-age=14400
accept-ranges: bytes
content-type: image/gif
content-length: 43
expires: Mon, 12 Sep 2022 14:16:49 GMT

GET
H2 200 a4d7665e0ece4dc2be9953e10b4c1e2f_cpn_300x250_1.jpg
static.criteo.net/design/dt/3018/220831/ Frame C6A2 14 KB
14 KB 20ms
19ms Image
image/jpeg 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/design/dt/3018/220831/a4d7665e0ece4dc2be9953e10b4c1e2f_cpn_300x250_1.jpg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

77c7da6187a48d7554619498273728d47ca7b04acb37fa6cb816d18eae54de99

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Mon, 12 Sep 2022 10:16:49 GMT
last-modified: Wed, 31 Aug 2022 13:56:08 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "630f6878-362b"
strict-transport-security: max-age=31536000; preload;
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 13867
expires: Thu, 07 Sep 2023 10:16:49 GMT

POST
H/1.1 200
OK postback Show response
s.gk.123greetings.com/2/2.68.0/945541/AYHxlO8PEeQbmLmt/ 0
145 B 31ms
31ms XHR
text/plain 34.248.176.243
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.gk.123greetings.com/2/2.68.0/945541/AYHxlO8PEeQbmLmt/postback?dt=9455411658248091559000&pd=mkt&mo=0&si=main&ci=945541&sid=AYHxlO8PEeQbmLmt&oz_sc=385e43d25de8494c566ad975&oz_df=1662977810129&oz_l=106&cv=3
Requested by: Host: s.gk.123greetings.com
URL: https://s.gk.123greetings.com/2/2.68.0/main.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 34.248.176.243 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-248-176-243.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.123greetings.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: *
Date: Mon, 12 Sep 2022 10:16:49 GMT
Timing-Allow-Origin: *
Content-Length: 0
Vary: Origin

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame 2DB5 0
741 B 15ms
14ms Script
text/html 185.89.210.180
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.89.210.180 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

958.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 12 Sep 2022 10:16:50 GMT
X-Proxy-Origin: 37.58.58.248; 37.58.58.248; 958.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
AN-X-Request-Uuid: 53e113db-312a-4e3b-9954-d9084a6601ad
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame E57A 0
741 B 15ms
14ms Script
text/html 185.89.210.180
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.89.210.180 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

958.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 12 Sep 2022 10:16:50 GMT
X-Proxy-Origin: 37.58.58.248; 37.58.58.248; 958.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
AN-X-Request-Uuid: 7b8be9a9-0b74-4d8f-83cd-fea0a5519025
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H/1.1 200
OK postback Show response
s.gk.123greetings.com/2/2.68.0/945541/AYHxlO8PEeQbmLmt/ 0
145 B 30ms
29ms XHR
text/plain 34.248.176.243
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.gk.123greetings.com/2/2.68.0/945541/AYHxlO8PEeQbmLmt/postback?dt=9455411658248091559000&pd=mkt&mo=0&si=main&ci=945541&sid=AYHxlO8PEeQbmLmt&oz_sc=385e43d25de8494c566ad975&oz_df=1662977812676&oz_l=327&cv=3
Requested by: Host: s.gk.123greetings.com
URL: https://s.gk.123greetings.com/2/2.68.0/main.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 34.248.176.243 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-248-176-243.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.123greetings.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: *
Date: Mon, 12 Sep 2022 10:16:51 GMT
Timing-Allow-Origin: *
Content-Length: 0
Vary: Origin

POST
H2 200 track Show response
track1.aniview.com/ 0
94 B 284ms
95ms XHR
text/plain 34.233.129.244
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://track1.aniview.com/track?d=Chrome&cou=DE&cos=Windows&r=www.123greetings.com&rs=www.123greetings.com&sid=19541&t=1662977808&cip=37.58.58.248&sn=esep_harvestmoonfest_remail&tgt=0&osv=10&bv=105.0&brn=Chrome&wi=400&he=225&app=&AV_PUBLISHERID=5e5bd02728a06124e30d85c3&test=&aafaid=&proto=https&uid=1662977808015-982903183926-007666-012-007170&cha=0.7&stagid=&stplid=&d35=&d36=6.2.54&cb=15477655411&d39=&d65=&apppkg=&d9=1000&AV_WIDTH=400&AV_HEIGHT=225
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=5e5bd02728a06124e30d85c3
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.233.129.244 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-233-129-244.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.123greetings.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Mon, 12 Sep 2022 10:16:52 GMT
cache-control: max-age=0, no-cache, no-store
content-length: 0

POST
H2 200 track Show response
track1.aniview.com/ 0
93 B 281ms
97ms XHR
text/plain 34.233.129.244
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://track1.aniview.com/track?d=Chrome&cou=DE&cos=Windows&r=www.123greetings.com&rs=www.123greetings.com&sid=82179&t=1662977807&cip=37.58.58.248&sn=esep_harvestmoonfest_remail&tgt=0&osv=10&bv=105.0&brn=Chrome&wi=600&he=338&app=&AV_PUBLISHERID=5e5bd02728a06124e30d85c3&test=&aafaid=&proto=https&uid=1662977807998-920457583926-008342-007-006858&cha=0.7&stagid=&stplid=&d35=&d36=6.2.54&cb=87434007283&d39=&d65=&apppkg=&d9=1000&AV_WIDTH=600&AV_HEIGHT=338
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=5e5bd02728a06124e30d85c3
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.233.129.244 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-233-129-244.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.123greetings.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Mon, 12 Sep 2022 10:16:52 GMT
cache-control: max-age=0, no-cache, no-store
content-length: 0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: google2waycm.netmng.com
URL: https://google2waycm.netmng.com/cm/?google_gid=CAESEDDtax7VNqtmpQ14p5tftes&google_cver=1&google_push=AehlK4CZu_kSEzXfhF5G-s0S8DtDy3Df93yOaXq6B8Woy13RBssc4ZjVgyD_OpdXvzF8fmleqWSvwkEZU5b45PSFx4vKm3D3qTo

Verdicts & Comments Add Verdict or Comment

473 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

39 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.123greetings.com/	1969-12-31 23:59:59	Name: utm_source Value: esep_harvestmoonfest_remail
www.123greetings.com/	1970-01-20 05:56:18	Name: config_data Value: CADB=1\|CLG=1\|CBR=1\|CUB=1\|CCC=1\|CFLC=1\|CPFR=1\|CBRR=1\|TCP=1\|TAP=1\|TCAP=1\|TRE=1\|QkDshLgd=0\|FBCon=0
.123greetings.com/	1970-01-20 15:32:17	Name: _ga_47Q5QDHYDP Value: GS1.1.1662977804.1.0.1662977804.0.0.0
.123greetings.com/	1970-01-20 15:32:17	Name: _ga Value: GA1.2.1919503609.1662977805
.123greetings.com/	1970-01-20 05:57:44	Name: _gid Value: GA1.2.781610094.1662977805
.123greetings.com/	1970-01-20 05:56:17	Name: _gat_gtag_UA_5085183_1 Value: 1
.trkn.us/	1970-01-20 14:41:53	Name: barometric[cuid] Value: cuid_487355eb-da5e-4250-9d7c-cd11e7203df4
.123greetings.com/	1970-01-20 15:17:53	Name: __gads Value: ID=73001d4d9d5c0a81-22bad6411ece0001:T=1662977804:S=ALNI_Ma-X4CJPaoG8EeB_nq2qvBItZ7gdg
.doubleclick.net/	1970-01-20 15:17:53	Name: IDE Value: AHWqTUmBW12CWK9IVYs_DtJDVakvQxH8-5Jncmzeoo_uliF9uY_1nkiOs1K8RW0X0Dw
.doubleclick.net/	1970-01-20 05:56:21	Name: DSID Value: NO_DATA
.123greetings.com/	1969-12-31 23:59:59	Name: cnFbAtkn Value:
.yahoo.com/	1970-01-20 14:42:15	Name: A3 Value: d=AQABBA4HH2MCEI2PkFVG1QWgSu5xYS-AOPwFEgEBAQFYIGMoYwAAAAAA_eMAAA&S=AQAAAsI-P6KjNJnWxTICyhUx0uw
.adform.net/	1970-01-20 06:39:29	Name: C Value: 1
.analytics.yahoo.com/	1970-01-20 14:41:53	Name: IDSYNC Value: 18yx~274a
.de17a.com/	1970-01-20 14:34:41	Name: guid Value: 1.8507106007028196052
.adform.net/	1970-01-20 07:22:41	Name: uid Value: 6148849097876649039
.aniview.com/	1970-01-20 06:25:05	Name: aniC Value:
.csync.loopme.me/	1970-01-20 08:07:20	Name: viewer_token Value: bc7ea609-08bf-465b-95cc-8197174fb190
.adnxs.com/	1970-01-20 08:05:53	Name: anj Value: dTM7k!M4/8CxrEQF']wIg2GTrhF!wM!]tbP6j2F-XstGt!@DT+$f/2k
.adnxs.com/	1970-01-20 08:05:53	Name: icu Value: ChgIoNZ3EAoYASABKAEwkI78mAY4AUABSAEQkI78mAYYAA..
.adnxs.com/	1970-01-20 08:05:53	Name: uuid2 Value: 8436787681495434330
.technoratimedia.com/	1970-01-20 15:32:17	Name: tads_uid Value: GDPR
.aniview.com/	1970-01-20 05:57:44	Name: 2_C_200 Value: OPTOUT
sync.aniview.com/	1970-01-20 05:57:44	Name: 2_C_200 Value: OPTOUT
bh.contextweb.com/	1969-12-31 23:59:59	Name: INGRESSCOOKIE Value: fb794b748d40b705
.casalemedia.com/	1970-01-20 08:05:53	Name: CMPS Value: 1110
.casalemedia.com/	1970-01-20 05:57:44	Name: CMST Value: Yx8HEWMfBxEA
.casalemedia.com/	1970-01-20 14:41:53	Name: CMID Value: Yx8HEbrFRpptrYc1V.OpPAAA
.casalemedia.com/	1970-01-20 08:05:53	Name: CMPRO Value: 1204
.casalemedia.com/	1970-01-20 14:41:53	Name: CMRUM3 Value: 2d631f071105a0&27631f07110b40&e6631f07112760&bf631f071105a0&f1631f071105a0&39631f071105a0&41631f071105a0&bc631f071105a00
.quantserve.com/	1970-01-20 08:05:53	Name: d Value: EFYBDQGKJ7jvsQA
.quantserve.com/	1970-01-20 15:26:32	Name: mc Value: 631f0711-591de-ae4bc-f7202
.owneriq.net/	1970-01-20 15:32:17	Name: si Value: Q7162642092143547097
.owneriq.net/	1970-01-20 06:10:41	Name: p2 Value: cc
.brand-display.com/	1970-01-20 15:32:17	Name: _knxq_ Value: d4def627-31eb-6215-725fa9ed.1662977809.0.1662977809.1662977809
.rfihub.com/	1969-12-31 23:59:59	Name: ruds Value: H4sIAAAAAAAA_-MSNjU0Mja0NDMxMjYyNDW2MLK0NBbiM9T1K61wKferSM4xN3IFAPj8kk0lAAAA
.rfihub.com/	1970-01-20 15:17:53	Name: rud Value: H4sIAAAAAAAA_-MSNjU0Mja0NDMxMjYyNDW2MLK0NBbiM9T1K61wKferSM4xN3IFAPj8kk0lAAAA
.rfihub.com/	1970-01-20 15:17:53	Name: eud Value: H4sIAAAAAAAA__vFyGtoZmZkaW5uYWBpYmkGAAAYmV4QAAAA
.casalemedia.com/	1970-01-20 08:05:53	Name: CMTS Value: 1159

7 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
worker	error	URL: blob:https://www.123greetings.com/82240a67-05a9-430e-b789-be47f9f392d7 Message: Mixed Content: The page at 'blob:https://www.123greetings.com/82240a67-05a9-430e-b789-be47f9f392d7' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'chrome-extension://eppiocemhmnlbhjplcgkofciiegomcon/content/safecheck-notification/notification-iframe/index.html'. This request has been blocked; the content must be served over HTTPS.
worker	error	URL: blob:https://www.123greetings.com/82240a67-05a9-430e-b789-be47f9f392d7 Message: Mixed Content: The page at 'blob:https://www.123greetings.com/82240a67-05a9-430e-b789-be47f9f392d7' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'chrome-extension://cplklnmnlbnpmjogncfgfijoopmnlemp/skin/logo24.png'. This request has been blocked; the content must be served over HTTPS.
other	error	URL: chrome-error://chromewebdata/ Message: Refused to display 'https://www.facebook.com/' in a frame because it set 'X-Frame-Options' to 'deny'.
other	warning	URL: https://30098436617e6bdbda20c622bf945430.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html(Line 11) Message: Origin trial controlled feature not enabled: 'attribution-reporting'.
other	warning	URL: https://cdn.ampproject.org/rtv/012208121708000/v0/amp-ad-exit-0.1.mjs(Line 1) Message: Unrecognized feature: 'attribution-reporting'.
other	warning	URL: https://cdn.ampproject.org/rtv/012208121708000/v0/amp-ad-exit-0.1.mjs(Line 1) Message: Unrecognized feature: 'attribution-reporting'.
network	error	URL: https://p4dt2-ha1hf.ads.tremorhub.com/ad/tag?adCode=p4dt2-3dhcf&playerWidth=600&playerHeight=338&srcPageUrl=https%3A%2F%2Fwww.123greetings.com%2Fevents%2Fharvest_moon_festival%2F%3Futm_source%3Desep_harvestmoonfest_remail&supplyCode=p4dt2-ha1hf&mediaId=VideoId&schain=1.0,1!avantisvideo.com,8079,1,,,!spotim.market,isp_avantis,1,,,&transactionId=5d946969-c501-4cce-9a02-a4dd163f7b46&floor=USD:0.2&referrer=https%3A%2F%2Fwww.123greetings.com%2Fevents%2Fharvest_moon_festival%2F%3Futm_source&hb=1&fmt=json Message: Failed to load resource: the server responded with a status of 403 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

30098436617e6bdbda20c622bf945430.safeframe.googlesyndication.com
acdn.adnxs.com
adrta.com
ads.eu.criteo.com
ads.pubmatic.com
adservice.google.com
adservice.google.de
ap.lijit.com
avm.avantisvideo.com
bh.contextweb.com
c.123g.us
c1.adform.net
c2shb.pubgw.yahoo.com
casale-match.dotomi.com
cat.nl.eu.criteo.com
cdn.ampproject.org
cdn.avantisvideo.com
cdn.indexww.com
cdn1.avantisvideo.com
cdnjs.cloudflare.com
cm.g.doubleclick.net
connect.facebook.net
csm.eu.criteo.net
csync.loopme.me
d5p.de17a.com
dmp.brand-display.com
dsum-sec.casalemedia.com
dsum.casalemedia.com
eus.rubiconproject.com
events1.avantisvideo.com
fonts.googleapis.com
fonts.gstatic.com
go1.aniview.com
google2waycm.netmng.com
googleads.g.doubleclick.net
hbopenbid.pubmatic.com
htlb.casalemedia.com
i.123g.us
i.ytimg.com
ib.adnxs.com
image6.pubmatic.com
ipds.adrta.com
js-sec.indexww.com
match.adsrvr.org
match.prod.bidr.io
onetag-sys.com
p.rfihub.com
p4dt2-ha1hf.ads.tremorhub.com
pagead2.googlesyndication.com
partner.googleadservices.com
pix.eu.criteo.net
pixel.quantserve.com
play.aniview.com
player.aniview.com
prebid-server.rubiconproject.com
px.owneriq.net
r.casalemedia.com
region1.google-analytics.com
rtb.adentifi.com
rtb.fr.eu.criteo.com
rtb.nl.eu.criteo.com
s.amazon-adsystem.com
s.gk.123greetings.com
s0.2mdn.net
secure-gl.imrworldwide.com
secure.adnxs.com
securepubads.g.doubleclick.net
ssum-sec.casalemedia.com
static.avantisvideo.com
static.criteo.net
stats.g.doubleclick.net
sync.1rx.io
sync.aniview.com
sync.technoratimedia.com
token.rubiconproject.com
tpc.googlesyndication.com
track1.aniview.com
trkn.us
u.openx.net
ups.analytics.yahoo.com
web.ssp.yahoo.com
www.123greetings.com
www.facebook.com
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
google2waycm.netmng.com
104.18.18.126
104.18.19.126
104.96.159.65
142.250.185.162
142.250.185.66
150.136.156.92
151.101.65.108
178.250.0.139
178.250.0.162
178.250.2.148
18.156.0.31
18.184.57.192
184.51.9.34
184.72.244.154
185.64.190.78
185.89.210.180
185.89.211.132
193.0.160.129
198.148.27.140
198.47.127.22
2001:4860:4802:34::36
213.155.156.183
213.19.147.44
216.52.2.48
23.205.235.133
23.35.236.247
2600:1f18:612b:4216:dd36:6ff:8a37:a38f
2600:9000:223e:a00:3:748e:7940:93a1
2600:9000:2240:ee00:1e:a43d:b640:93a1
2600:9000:2250:9e00:8:9ed9:9c40:93a1
2600:9000:2490:a00:1c:38a0:8a40:93a1
2606:4700::6811:180e
2606:4700::6812:c4c
2606:4700::6813:ac6c
2620:116:800d:21:de2e:c7b3:55c0:d5a0
2a00:1450:4001:803::2008
2a00:1450:4001:806::2002
2a00:1450:4001:80e::2016
2a00:1450:4001:80f::2001
2a00:1450:4001:80f::2002
2a00:1450:4001:80f::200e
2a00:1450:4001:810::2006
2a00:1450:4001:811::2001
2a00:1450:4001:812::2002
2a00:1450:4001:812::200a
2a00:1450:4001:813::2002
2a00:1450:4001:828::2003
2a00:1450:4001:829::2002
2a00:1450:4001:82b::2004
2a00:1450:4001:830::2001
2a00:1450:4001:830::2003
2a00:1450:400c:c0c::9d
2a02:2638:1::2
2a02:2638:1::3
2a02:2638:1::4
2a02:2638::2
2a02:26f0:3500:58c::2c79
2a02:26f0:3500:592::2c79
2a02:fa8:8806:20::2010
2a03:2880:f01c:216:face:b00c:0:3
2a03:2880:f11c:8083:face:b00c:0:25de
3.225.202.210
3.93.138.170
34.111.151.213
34.233.129.244
34.248.176.243
34.98.64.218
35.157.246.167
37.157.6.242
44.193.192.96
44.224.187.254
51.75.86.98
52.204.117.10
52.204.122.115
52.212.196.36
52.223.40.198
52.46.130.91
69.173.144.165
8.248.113.252
8.253.95.117
0085913a44e60ae8a0f4d384c41b13fd45c206648a664de76916055789dafbf5
02fc09dfabfbab52f8760422f0e2f1d8a5009cfee409e7e03effdc567579f681
049197d27fc218a1fc7185322d281d1f12d8cb637cce49e815600869e12e463a
0596974ea0a4aa88cce0d0683b3af837fb80d633788395a98723d319f39c8de4
0688c689d53abf96083b536daceff19a6e0d73b041089128cdd65e01b4f93aa7
069134da58aebc4d668d5bab98f83a95034023bf34e860a8058c6150002183c5
0751fadaed5e19058901201d1ba33344dad6da6045d401bfb2ccadfe671d1037
093da471f5256cc2c4143fef0a012c247888761f0d398659582dc56da5769a16
095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6
0ae485367eb0862700624f4b18563586fe0fd2ecd7abd1efb8a4896ead71fdd3
0ae74371a872da00743b4c907dc6b5ea22377f13ede1ac75055a55f50676dba8
0b8282ed5da25b76a5c971af0d90b12babbf0f0adad38b495a6d195379f3b489
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0bcac89d72d5f0b2bef20f815406384ff05489e4294acee57409060c2eccffc5
0ce879cfe7244a0a086ea8a95996d7ac5838d30a9b1cd8e85f045f51c41d0df8
0d168e8f8438f0cc683f74eed223e4dbda39d8c51c36b2f4019f73c9682bee59
0f623b8ae7d150916a760ad6d8472562faea8bafd650e29b423779bb779002eb
12ba93c7b0114439929f7ac0efcdc60e6eee9da57a2fe6ce68bb969f00f4a54e
13a3a8f29716713903b033e5dc0e2a4c85e5d9658d708f21cdfc9db85704d486
13d4667177bf9777b7d9a0ce216beb8f877f4836ae8e234e689547abcbad7837
13f4143e51cc843efafd0366c45774fe88baf14d5f0a9a353816c4fb3810b61e
1559f24ae22219c390c90a321e03fdaa82f8883b537161732957f9268cc35a12
17e75ada74535f579a90eb81a0c95fa979bade0003c00c0f1cc76b1bda482b87
1ae3aa2ed6f2bcaeef56190ad3e57309f9c4500012f8a41bc3379b65aaf1d5ef
1bff78e811485dec4d82003e0a8a70850edf0c00457547ebd33f7d1973dd50c1
1dbfeb07cd50a1857b9576b5415f8a4c6ef010279666f39448fa0aa125d433b7
1e66c06ab180f7bf3da83626313d8c1b45efa2ddd191b430ffec9993a3f9675f
1ee3f644382f9e19b6a4ebd974f531b117a28825d5f036b29d2e8100f77122aa
2041f2f81192177bc02d8129efbbd261cabe2b848c6f390431f92c1503ac6415
2091052d5cc5b7d9e56a38a3a100c5015c5718995ac1d3255e51843ac50bdb16
21026407398ed753d48cd817a1f47881738ab30f449b90aa3f83d179ff3ed267
228d9ab2bd97935adc6a0db2d9431c500aa0969d220ed21882c3f684ea04b46e
24374f583eeb0c88723c3cb830828d5798ce87144c8ce4e32076df4786f72848
248d0f732763fd82701728aff2902d3e6b079e73f1ea00c1c4bb749f45e9226f
254d41d323b97e21b036ccf367f7dc18d8ea96daaf756167bac6f0ebbf8fbcd1
255eef079d3f18e253c2b3288b4ed0d621b1266c2845679b66af9db6d8faea2e
2a783e469e289346db2725c57aa0727c67ab136484b5bb424fd6b0c6ea70b57c
2c6cd6437201b0cf35c1eccffc8e99291167d496c73ab43ecb3cfeec5a5dc28f
2e4386cf56ad2612f0ad0526372b3d1cd96d6ecb3f32836f141aa28207b3907e
3605652bf6621ecefe4ff4f43c1c2623caca95b942cb32b39b7514a43dcb90fb
36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1
36393b5d209ede79623f120fde0d1ba59f97642504b7cc11903595fae72f1d88
3644c7d20e5506c54c5b0a56ee92f2346f93263115b1ca259c6138cffeabc6bb
387b160853ac745a823784df8b45b28f35670b19183a76dd64d15ad11bea9273
3a4df587177e952039990cee3d5912fb995c30bb318362d8181ff6a2b34769ae
3a65bf5ba22c9190dc17ee1af4e09c9b3b9426c6d77c665ca25072dcdd43836c
3c9e1063d9fa4741e793742cc0864b0b56d45daf551f660462f38fb6cf8ddad7
3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd
3d8f29fb8954a69f281ac639abbb6dbbad52217b8e459b041532d2be67a2f94c
3f2c0c4e4c89eae172edef7969867243fca9370249d772d7724ab3bca286e1e1
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390
419df137a5c7a86e90f57e2eb6992fd1298b88a2e3836cb91c24c1e2081b4c2f
420e8665c913d96f8f0f1e128aa850c0b7279c6491da6d3251b39ae4c479976c
429d1a4a738d8ea92812063351302b1c95d39677f1adcb25c5811af787520357
4330d4072d013510b91ca5648f210b614c2e4e8ecbea94a1f8a8373aa6068532
46782d1bdfabc54f7ad570828fdaea4c379990f1d7c73e1e1109a2849bbaf500
482204dc40d50fed72927d051e00153705cd6885a18d5eee304504a4ef39ea09
490319aff00a55cfc00d9e24f71f39fc0801858055c62c07bec8fabf2f6e24ff
492abbc30ace41332a8f68b7f34f56333a037aebac34e0bc9b9cedb0d1c3b032
496f617fad1a2c002036d7f523deb79540cb38038a05b04d5990fb9464ef7623
4a85a086bd99d58e42f1f99aec170c0da4911032a8a4f34e38e7e9ae40cdf3f3
4b13724f2ea08585691e54130bcbe33f7730f4f8a9aa6f598877bf51b5c47cbb
4bd9d6c75f87b5f21f3948b5970bc4ad053c260e721c39d36c442cee1e74ade8
4cf6f3dffbc65f9231255bf31f40ddc84a45bc57428b41d6786afc7153b90b7a
4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
500d3279302f66fc7a11529941e7d156e45f9b20a70ac0134fbe7fd85caa20a5
5028f77ac0afdac1bb66eaeeef41e77cea0f2487a66cb1df354d8680db1bb64e
50f77fa9d32c1323f7e50da8d807f556cdddaea2161de6cf84a0c8b4c1dd6f79
5336fb757df91e343cca414c112da532ff47f3d40b0d6e1b3c39ea00c8e24ab6
55297ecf8327a1d7755c0b4ac3ff5da39523af30332cd8194d709fa4a7014b82
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
57839cc464accf1951fdb130b14ab07a83d227c938adb09362bf186d347364a1
5996cba77fcff80cdb76e4555cda37d6cc86ebc4669ed9669fb438db4d3ea945
5bb209377bb073e4911c5e3fb1b407981d232276a6390debab25d062483d5683
5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b
5f5654d3095dcc7a871f7d4c1355b2c9eea3eb0d8f72f87e65b0cf51961aefd6
61c218c6f925c1eaea0f15d934e4365074e936f20af5c09e430188d65b6b2da3
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
621169b0508c317dbd245a0c7e88f7a5c4743a183d887c9493a4f9ead22a6c00
622cd4a2d30e2b367e91504a877c0284d39bf4ff04c3fdca849996e4df5553af
64c3ab10913497a3bb7b1bbfca94c4819a32cdef228e5e4c493774bca6c4d8fd
663dab1310a7e64c3bdd7dfdc81b7fc9a28884d4ee290b96077c7b32bbe84707
6712d3df89fe6a6bf3e93965319ad0fb61f8fe8666afee15e4f85278b9fee9f0
69303f97bf43e5d9fd7a0c8e6b5f4b49de4466684c7e2b8e2108de98e5c98483
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6c7eda804f91f5e1687e00de641a2b6c8c50ebd5643dc899b5b8680d77b72b23
6e30fd50e0873194c063148d3eaae833b0ad4fd8f1d9997df3196948526c9928
6ec673d424147e19640e15aa01cc5d7fcded63feebc1db7a75e91cbbfd2f1151
700f98969c4fbde7a1dbebe9e1777a22e226a42965d8c34f1980a7b85a5541b2
725e869434fef8013208ed4c233d29744f9b363f867dcfb8f23e862880fa699a
726914179cd8e7ef3dc160d63e9a23550835a29bbc00879e90d3eb57d9027d14
76adbcf2390b5eac9e52a2ddc9bdb4bdb00bbd9a50921196fc5beae66cedc7e1
77c7da6187a48d7554619498273728d47ca7b04acb37fa6cb816d18eae54de99
7a9054758a4808c97c188f5be469879eef19a2f7cbd9bb0e740cee3199a6c747
7c00752ce82d6abaed0b9766d35b906b16675facdbe24115b410d1fab975effa
7d2ce5eb5f3127a0aa46d294d58711833a3bc7d01503de5234c38972642eba8b
7e032861f303eafc0348b350ea7fb01be2e94a6d00333ca6c8dfc4f33067582d
7f653b3ce9d3277457fc6da4edb246ae2f6c913f088c42dcb8cd2e96267aa21a
7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b
8030594b4999eca38901464b09383ca988c454a4f7ab6b963be75e6c42da011d
81113214da7b946424bed9da1f2713c0e7280b577feb58cdc17ff672143aced7
8118f9caab521097310cbd5980732e472a431511536759da6a7f475e2f9b1c2b
82d2dc44aae1eda52abc17afd30c6031b7175c13ee6955410164c66ae755adfb
848fe19ed492948709b881f504ce2eb6274baa694606ca88eb9b2990a2460caf
88512810d8338e837273ffd5f6e896fac568468af72ad38192cd16b0b5408f52
89b03d4a2f2ca3d04df1fda63a5247ef31cea689a0ca553e353122ab3d22b646
8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14
8bdd5a651bcebd9e1ecd443172bd4c983d64765f04c28e1b55a0a63467e4d035
8bfadf29262ac0c22314bd5abe91f18fdfb92a4bf692c44d3fc08762ddc39f8a
8c6800a9ca8057584fff549a21306d012ee784034f2b8adbbba29a3f2f51c437
8d5e4cdb753775b9aa254e8e3edb2377ebdffc81e6f60e99ce2b6f9a9304ee83
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8d77272e667edbd250940ee04a90ca18c05443eb72775e1b19c9999b57983226
8dcf6ef9fdb5841eeaada0343e1700e9c5f116d9dbb5b01f7601246494619da0
8de5be317de0e910d5ccea3ce5a604f6fe59df71dfc30b8d7272bd1fab48617e
8e105a70dd6cb1cb31e7b572636f94324df7acc98ad45605483be9436ed900c4
8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395
8ef216dff1c6df9c75e919774c39b9df5cf404b74dc84cf7f5832325fcdab87b
90b98930822e26b799b358fb5eb5fc8d9571db357986b771156651977f43c2fb
91222f96f34735ebc88df208017e54d4329b9202e3e52367fb8b149698a1a5ef
925fbeacd399485033fec84dda453c7878b21be3d261ea9d01b832153eea22a2
9756d7d3e134fd570e9755cafe0ea28dab16155451c8d8cdf95afa1aa429a9b9
97c01ad85ff0561e53f3eb7b42bdadf30ad1ed82690d8b321f5305c8077916c2
97e0e4da419bd39b90b76f7c6618ffdff33ec2ac3032a7d2b236cab890605439
981c0bff12cb03203363a70e8ffe9b7fdf4af3b0b10c7a02a639eb13327574c0
987a85ec33287307910313fc7b22a8ab6cd0dc24e9fe5945f8a42af4223c1550
9a73fe4f2b3f00d5f680adb3d4affae2a924b6ae4e8d3ea009c36f2f9177c0ea
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9acf8224f0648dc6d6a32a5dfef5c96994c08f2bdf319795890934b82919b07a
9af575ce8e68020fb6fe59dd81decfa86402db785f2c8b88f9d62feaacec8fe3
9c1fd9ab364f0c8c0e19d6a8f6e6a504722b5b0583be0b7dff72005c72144a59
9d60ac0d334c77a039cad6f125f940635ff0043a610271fc0729d61cc9546401
9e132e6ec1f3853fe883cd3eb4e56a97ef75da3de1f47c930b83a5e70dc886c5
9ebf2dcf768ed72aba5f557f7f08f38a3b62c9574b94801693cc681446da64a8
9f85b446cf7c5640aa90f2663bf232af45a2d4ebd65fcf60a3105f400ea8bdac
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a2e14a498cfcc1b6920f069a9d657ad3c6fbbe217dd26dbfe54815db5107fed6
a35bc6dbd8e0b4f6d1577a1c55227442a4ea7427cbd15379b15d237edf201510
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a54ab62cc2fef2d31ad595c0664fe3559f4d07de80d440f443b1cf7467d53bc8
a6c11502463f3445d37d3184cef1016bb3c77dbc12b88636788632bfe5e87b98
a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
a9c2e99ea45f89b2f3e91c1314613e6798bf3b652be41d3360943007771aff9f
ab6521d7f8270a417139743c6dfb2cf083d647b4d350a25e13faade0e857a9fb
abfaa28e509b104c2edc0bd048809340d5e006ec872e1966baff8383ff8a0e22
ae9d4e5534ff9542677f447812fec184ddbeae375a3eed2d4722ffb4126520a3
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b16a1bc802c7e26f8f8cd62d5bee529edc7289ce8ec71e2d555ed395fe08c000
b2675f2bc3393449a44784c7815f9c36449024e4397d7f174812c42c6bbaa148
b289812b6afa4154103135b7b8f48f4e0349aa64b825479ceab16e1b1fd52c93
b2c78c910f5ea29e3a9d223dabc203c055c8708b1fe7d83788b490638126db4d
b2effcb18f514a7896e737bdda537f2ef3b5bb989eb247f4ab2aa3facf1148ea
b4238fce65430ce1851ded4b19658654d53a08095b6c2a282d0f8f3fe41f60a7
b5cf3942287d2544c42ca7ed00d96ee7d5427eab0e4ff22e69b4d3c3bb42000a
b5d5999e429c2567d7b175963b0ac8e15ab92a79961b71134e8b4a0f9de3cc1f
bb0da101273c8eea68593f9acce1d404af76523321acd70b9411c2d588f8359b
bd9ee85a59f68e2783a1ad8e2484cc3e006b562326cea477b6dfd1bf8cc82c61
beb0022df8dc0fc70f2cccf48134b5150a1c7da666ac975b0127278bea8dc8d6
bf6ef9f2ec28cdef4f1e3b49e7c0b2a6f05c027fed9f2d685dc7815a2a76c355
c206b5c002a539f2d16b70f014713d889bb0bae0d663007aa62b0ff53f6167a9
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
c2777526a216d9692dd29697ebee7836fe8ae65f3a290faa20b75b64c0625205
c40c9c0117af4abd3ab87c81eb1725c442ec682095d29cc8bc2206e3e5ac1c23
c4e4bb8fadc43078cdaa7cf5724af61540fddfeffe414b4ab817655f532e2cea
c6860dc125931854bcdb6b2a96547339f191aa133e3425358e0010e36c0b9a8c
c6dce203eff7d8b8f5dcefa115f94dfe9782d033eba8704874619d6ba3a7acdf
c8356135a2910f429eaab41d100680627e417d126cbed99c410f0d5aad490ab2
c84c1026e0a4c60ec0ee85c8b41c1904144aa63184260c95840924b42bd32d33
c9e42e2c7cd3ec42f6febe248c715522b2e5f6bc92b389b101fbd33a069ee7ed
c9e46e4d525aaaac2f0d8e1ad054ca27712e468d332c9cff9f3c9555836a3d16
cafd612ebd6bc497a7a05d3dfef133a0b793f1e04e277b31c424d6d8892a1d48
cd6b83da7feb207b78af33f8270690be835a8fcdd34ad223489816b99b2e9064
cdeac9e009d394737c133d4f4692a8fe3ee3c88df825af37b647e2610b9082e2
ce67b0786f14c7c1861eebd94f6557072e99e50ab95176a2f23d7444c4dc2741
cf466fafa1bb73ab0233a268045f4c082c33eccadbfd833d4d75503284f8605c
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
cf8a0c275768bb883d31553f151de7e4062d5e85f24dff6327d18d3effa7639f
d23484cf0f36a73cc699ceffc6da8f0e9ffd6b372dcb615ec942cdc287845505
d37a1d0a9caf1a7ab47cf71e03cb92dbce54797914e91c6ad6bf88dabd0814ca
d466a4b2b852286223f23f149a78587be16f7b24eb507fa9268bcccd6d60bc0d
d504e20da3974e8c88147d37ec376347e8269fad099c9e60b67d9cf7c830aa5a
d62410db1c48970ff265796ed3a891c434906abed51ccbe30b9a203dcdbcc17d
d82ac656c0175d252d08f5a4c029cbada55a413df58910cdf0be7e6871226571
d8a957038679125d4840554fc43375697e662283121561afdefc2c3fbecaf729
daa795332e5dbcf893adf2d5f3349f02b8c1cb957ff3b5f4c11b742e33c3376f
dad4127a2c2ec0b83670955fd8934c6b1ecf84a09bbdf8ce4cf64d48d920a660
db7a53f0310c1f5649700b8164fd2838c198f3ccf6b14874b74946f7b8f1ffac
dca79e4da88922a943261135b73b92418e87d9cec7008b0967e437b022892b8d
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
de2cdfb664638aa888d41ec94ca0a372b730e6c431ec79de7a5a01a83aaeca39
de317176fa6b64a8e89bbd45d20b6be2560bbfa96e7e53e63eb754e18bfe6c1f
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
decbc52a0959825d78ee15a97a13384aa04510509db5bd8184166c01033961df
df702ab2748ddbb01919212d57f053928688567e29e72a1407d6b6301678066b
df9967e26296ab6659acbbecd377f7933cd3743d50935a5c44c800f90b9c6687
e094de9197213758ab703f0ac0b3b69796e5537c60453a02f4ccdac5b22e334f
e0ee294b5487df566aad23b603fd902535634cfa957be8e7620396515afb1047
e23681164d34e4bd95bfdc7d1c1a2f9b4a1d521a1c2266db74175e162b3638da
e368951bc5918b3d9fbc8205bfdf0d8be8b79da09b457bb113307063f3b1bc89
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e963e7196beb9123059ec3534b042ebcd1ef0a470fa568bfbebfeab2f33c4fda
eb370d0cf8a89e349d3fa9ce2f3901ad5e890aec3eb38c94f286fff00617ce18
eb49145a50143cc825bff75942644a7221fec9d03dfd69a335972cab2c081c1a
ec24ec80719b83e32448bd568739a6b7c36f96cc746c3003a9d32a1ef4535152
ec7d9ddde4048b3fe32a6876f3288b03810d898d1c9e86e349e33b3e8a9b739e
ec9ae04448369cfd061688be0e2203a5696e42a15d1c179e7ba7849acb2c63cb
eda230dd867267de3ee51f6003c89cb0a60073e35674ef98d425111b5d40247a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f0d7d05ef7ae154e283b8c8e462aeb6e9b5bca53225c42743e2028c34828c08a
f48f1b088976f2de3bb46a5c5bc609160ef0a6f919109e08f784596b0a93b7d8
f5ac04f16be2eb0fbb4477e9e100a88674bda296ce7acf2419ec2898858b37f1
f5cc0170d9bebf7d43aa74b381ff2899cc5a3d3fec051e7f7966451db10f0257
f6fb9a3d8163fa605b08d1f596256052a7677ea3c1b945d2597f4aa5cc516cab
f86a1105ed755e9ae9b75708a5b19d5c478212605b9f8d7c98796b451de18c63
fa3c5b47e00401eb40e1ed10c1ed63f28c25f6869d7fd0d4feb30b2a019a5b3e
fb5d03d066ef45cc4a474c9d16e85a005726c2182b20086718de4a02570085d2
fb8bcc874cb007969773d5310bbe7da7eb6a80a931e03f3cc50d7e8c10d25d6c
fcad12586cd50631c69ff1e6e1b6ebbde2aa8624f4ff8ebcf237b6d49149bea7
fe8fd4a9c528868e1284a329ac669e0a31aeffe5907497723c4a445445f63a44

www.123greetings.com Open in urlscan Pro 184.72.244.154 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

453 Requests

96 %HTTPS

45 %IPv6

51 Domains

88 Subdomains

71 IPs

13 Countries

4940 kBTransfer

11578 kBSize

39 Cookies

12 Outgoing links

Redirected requests

453 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 17 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.123greetings.com Open in urlscan Pro
184.72.244.154 Public Scan

Screenshot
Live screenshot

Full Image

453
Requests

96 %
HTTPS

45 %
IPv6

51
Domains

88
Subdomains

71
IPs

13
Countries

4940 kB
Transfer

11578 kB
Size

39
Cookies

453 HTTP transactions
17 data transactions