www.123greetings.com Open in urlscan Pro
184.72.244.154 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.123greetings.com/events/national_day_china/?utm_source=eoct_nationalday_china_remail
Submission: On October 01 via api (October 1st 2022, 1:38:26 pm UTC) from US — Scanned from DE

Summary HTTP 451 Redirects Links 12 Behaviour Indicators

Summary

This website contacted 76 IPs in 10 countries across 56 domains to perform 451 HTTP transactions. The main IP is 184.72.244.154, located in Ashburn, United States and belongs to AMAZON-AES, US. The main domain is www.123greetings.com. The Cisco Umbrella rank of the primary domain is 348660.
TLS certificate: Issued by Go Daddy Secure Certificate Authority... on March 1st 2022. Valid for: a year.

This is the only time www.123greetings.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1	184.72.244.154 184.72.244.154	14618 (AMAZON-AES) (AMAZON-AES)
47	67.27.157.252 67.27.157.252	3356 (LEVEL3) (LEVEL3)
54	2a00:1450:400... 2a00:1450:400d:80c::2002	15169 (GOOGLE) (GOOGLE)
10	2a00:1450:400... 2a00:1450:4001:808::2008	15169 (GOOGLE) (GOOGLE)
12	18.202.153.141 18.202.153.141	16509 (AMAZON-02) (AMAZON-02)
2	2a03:2880:f02... 2a03:2880:f02d:100:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
1 3	3.228.232.15 3.228.232.15	14618 (AMAZON-AES) (AMAZON-AES)
2	2a00:1450:400... 2a00:1450:4001:80f::200e	15169 (GOOGLE) (GOOGLE)
1	2001:4860:480... 2001:4860:4802:32::36	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:402... 2a00:1450:4025:402::9d	15169 (GOOGLE) (GOOGLE)
1	172.217.23.98 172.217.23.98	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400d:804::2002	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:400d:80a::2002	15169 (GOOGLE) (GOOGLE)
11	2a00:1450:400... 2a00:1450:4001:82b::2002	15169 (GOOGLE) (GOOGLE)
10	2a00:1450:400... 2a00:1450:400d:80d::2002	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:400d:80c::200a	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:831::2003	15169 (GOOGLE) (GOOGLE)
1 42	2a00:1450:400... 2a00:1450:400d:806::2001	15169 (GOOGLE) (GOOGLE)
8	2a00:1450:400... 2a00:1450:4001:831::2001	15169 (GOOGLE) (GOOGLE)
2 9	2a00:1450:400... 2a00:1450:4001:82a::2004	15169 (GOOGLE) (GOOGLE)
1 2	2a03:2880:f12... 2a03:2880:f12d:181:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
10	2600:9000:205... 2600:9000:2057:1c00:1c:38a0:8a40:93a1	16509 (AMAZON-02) (AMAZON-02)
5	37.157.3.28 37.157.3.28	198622 (ADFORM) (ADFORM)
2	54.73.102.103 54.73.102.103	16509 (AMAZON-02) (AMAZON-02)
4	2600:9000:214... 2600:9000:214f:8c00:8:9ed9:9c40:93a1	16509 (AMAZON-02) (AMAZON-02)
10 44	216.58.212.130 216.58.212.130	15169 (GOOGLE) (GOOGLE)
2 6	104.18.19.126 104.18.19.126	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2 7	37.252.172.250 37.252.172.250	29990 (ASN-APPNEX) (ASN-APPNEX)
1	2a02:2638::2 2a02:2638::2	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	2a02:2638::b 2a02:2638::b	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
11	44.241.52.146 44.241.52.146	16509 (AMAZON-02) (AMAZON-02)
3	35.244.159.8 35.244.159.8	15169 (GOOGLE) (GOOGLE)
4	2.18.69.48 2.18.69.48	16625 (AKAMAI-AS) (AKAMAI-AS)
6 8	185.94.180.126 185.94.180.126	35220 (SPOTX-AMS) (SPOTX-AMS)
9 10	18.156.0.31 18.156.0.31	16509 (AMAZON-02) (AMAZON-02)
8	2a00:1450:400... 2a00:1450:400d:80e::2006	15169 (GOOGLE) (GOOGLE)
3	37.157.2.249 37.157.2.249	198622 (ADFORM) (ADFORM)
2 2	3.123.174.3 3.123.174.3	16509 (AMAZON-02) (AMAZON-02)
1 3	2606:4700:440... 2606:4700:4400::ac40:98f5	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3 3	37.157.6.242 37.157.6.242	198622 (ADFORM) (ADFORM)
3	35.186.253.211 35.186.253.211	15169 (GOOGLE) (GOOGLE)
4 4	213.19.147.44 213.19.147.44	26120 (RHYTHMONE) (RHYTHMONE)
4	2a00:1450:400... 2a00:1450:4001:800::2003	15169 (GOOGLE) (GOOGLE)
14	2600:9000:205... 2600:9000:2057:d000:3:748e:7940:93a1	16509 (AMAZON-02) (AMAZON-02)
11	2a02:2638:1::3 2a02:2638:1::3	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	178.250.0.160 178.250.0.160	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	2600:9000:214... 2600:9000:214f:7c00:1e:a43d:b640:93a1	16509 (AMAZON-02) (AMAZON-02)
2 2	35.204.74.118 35.204.74.118	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	15.197.193.217 15.197.193.217	16509 (AMAZON-02) (AMAZON-02)
3 3	2a05:d018:d29... 2a05:d018:d29:3602:463b:6ffc:aac9:c7b0	16509 (AMAZON-02) (AMAZON-02)
4	185.64.190.78 185.64.190.78	62713 (AS-PUBMATIC) (AS-PUBMATIC)
1 4	51.89.9.252 51.89.9.252	16276 (OVH) (OVH)
4	142.251.39.66 142.251.39.66	15169 (GOOGLE) (GOOGLE)
2 4	2001:678:cb4:... 2001:678:cb4:bbbb::11	56396 (AMOBEE) (AMOBEE)
2 2	35.190.0.66 35.190.0.66	15169 (GOOGLE) (GOOGLE)
1 1	69.173.144.138 69.173.144.138	26667 (RUBICONPR...) (RUBICONPROJECT)
3	2a02:26f0:350... 2a02:26f0:3500:11::215:14dc	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	52.213.108.198 52.213.108.198	16509 (AMAZON-02) (AMAZON-02)
5	143.204.205.98 143.204.205.98	16509 (AMAZON-02) (AMAZON-02)
1	2a02:fa8:8806... 2a02:fa8:8806:12::1370	41041 (VCLK-EU-SE) (VCLK-EU-SE)
1 1	104.18.18.126 104.18.18.126	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4 4	52.17.103.74 52.17.103.74	16509 (AMAZON-02) (AMAZON-02)
2	178.250.2.150 178.250.2.150	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	66.155.71.25 66.155.71.25	13768 (COGECO-PEER1) (COGECO-PEER1)
4 6	3.122.20.151 3.122.20.151	16509 (AMAZON-02) (AMAZON-02)
1	2620:116:800d... 2620:116:800d:21:c5a4:625:6563:a5bb	16509 (AMAZON-02) (AMAZON-02)
1 1	185.29.134.244 185.29.134.244	30419 (MEDIAMATH...) (MEDIAMATH-INC)
1	151.101.194.49 151.101.194.49	54113 (FASTLY) (FASTLY)
1	34.96.105.8 34.96.105.8	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2 2	3.121.93.31 3.121.93.31	16509 (AMAZON-02) (AMAZON-02)
4	52.85.24.95 52.85.24.95	16509 (AMAZON-02) (AMAZON-02)
4	34.242.157.79 34.242.157.79	16509 (AMAZON-02) (AMAZON-02)
12	2a02:26f0:10e... 2a02:26f0:10e:29b::2c79	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
10	34.226.74.25 34.226.74.25	() ()
2	3.224.43.174 3.224.43.174	() ()
3	18.66.15.53 18.66.15.53	16509 (AMAZON-02) (AMAZON-02)
1 1	37.252.172.123 37.252.172.123	() ()
3	54.204.116.94 54.204.116.94	() ()
1	216.52.2.48 216.52.2.48	() ()
1	193.122.174.27 193.122.174.27	() ()
1	184.51.9.34 184.51.9.34	() ()
1	2606:4700::68... 2606:4700::6813:ad6c	() ()
1 1	198.148.27.139 198.148.27.139	() ()
4	35.157.246.167 35.157.246.167	() ()
2	52.28.203.152 52.28.203.152	() ()
8	18.194.34.97 18.194.34.97	() ()
2	2600:1f18:612... 2600:1f18:612b:4232:aab9:bdfe:4216:bd10	() ()
2	198.47.127.22 198.47.127.22	() ()
451	76

1 184.72.244.154 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: www.123greetings.com

www.123greetings.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

47 67.27.157.252 (United States)

ASN3356 (LEVEL3, US)

c.123g.us	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
i.123g.us	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

54 2a00:1450:400d:80c::2002 (Ireland)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a00:1450:4001:808::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 18.202.153.141 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-202-153-141.eu-west-1.compute.amazonaws.com

s.gk.123greetings.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f02d:100:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 3.228.232.15 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-228-232-15.compute-1.amazonaws.com

trkn.us	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80f::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:32::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4025:402::9d (Den Helder, Netherlands)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.217.23.98 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s45-in-f2.1e100.net

partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400d:804::2002 (Ireland)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:400d:80a::2002 (Ireland)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2a00:1450:4001:82b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a00:1450:400d:80d::2002 (Ireland)

ASN15169 (GOOGLE, US)

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:400d:80c::200a (Ireland)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:831::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

42 2a00:1450:400d:806::2001 (Ireland) 1 redirects

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:831::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a00:1450:4001:82a::2004 (Frankfurt am Main, Germany) 2 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f12d:181:face:b00c:0:25de (Frankfurt am Main, Germany) 1 redirects

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2600:9000:2057:1c00:1c:38a0:8a40:93a1 (United States)

ASN16509 (AMAZON-02, US)

cdn.avantisvideo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdn1.avantisvideo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 37.157.3.28 (Denmark)

ASN198622 (ADFORM, DK)

track.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.73.102.103 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-73-102-103.eu-west-1.compute.amazonaws.com

as.euw1.jivox.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2600:9000:214f:8c00:8:9ed9:9c40:93a1 (United States)

ASN16509 (AMAZON-02, US)

static.avantisvideo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

44 216.58.212.130 (United States) 10 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s46-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 104.18.19.126 (Shahr, Iran, Islamic Republic Of) 2 redirects

ASN13335 (CLOUDFLARENET, US)

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
htlb.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 37.252.172.250 (Frankfurt am Main, Germany) 2 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 538.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:2638::2 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

rtb.fr.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:2638::b (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

ads.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 44.241.52.146 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-44-241-52-146.us-west-2.compute.amazonaws.com

events1.avantisvideo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 35.244.159.8 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 8.159.244.35.bc.googleusercontent.com

us-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2.18.69.48 (Vienna, Austria)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-69-48.deploy.static.akamaitechnologies.com

sync.teads.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 185.94.180.126 (Amsterdam, Netherlands) 6 redirects

ASN35220 (SPOTX-AMS, US)

sync.search.spotxchange.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 18.156.0.31 (Frankfurt am Main, Germany) 9 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-156-0-31.eu-central-1.compute.amazonaws.com

ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:400d:80e::2006 (Ireland)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 37.157.2.249 (Denmark)

ASN198622 (ADFORM, DK)

s1.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.123.174.3 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-123-174-3.eu-central-1.compute.amazonaws.com

pm.w55c.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700:4400::ac40:98f5 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

a.tribalfusion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
s.tribalfusion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 37.157.6.242 (Denmark) 3 redirects

ASN198622 (ADFORM, DK)

c1.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 35.186.253.211 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 211.253.186.35.bc.googleusercontent.com

rtb.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 213.19.147.44 (Amsterdam, Netherlands) 4 redirects

ASN26120 (RHYTHMONE, US)

sync.1rx.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
sync.targeting.unrulymedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:800::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 2600:9000:2057:d000:3:748e:7940:93a1 (United States)

ASN16509 (AMAZON-02, US)

avm.avantisvideo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2a02:2638:1::3 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

static.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.250.0.160 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

cat.fr.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:214f:7c00:1e:a43d:b640:93a1 (United States)

ASN16509 (AMAZON-02, US)

secure-gl.imrworldwide.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.204.74.118 (Groningen, Netherlands) 2 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 118.74.204.35.bc.googleusercontent.com

um.simpli.fi	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 15.197.193.217 (United States)

ASN16509 (AMAZON-02, US)
PTR: a12b7a488abeaa9e4.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a05:d018:d29:3602:463b:6ffc:aac9:c7b0 (Dublin, Ireland) 3 redirects

ASN16509 (AMAZON-02, US)

pr-bh.ybp.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 185.64.190.78 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)

image6.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 51.89.9.252 (London, United Kingdom) 1 redirects

ASN16276 (OVH, FR)
PTR: ip252.ip-51-89-9.eu

onetag-sys.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 142.251.39.66 (United States)

ASN15169 (GOOGLE, US)
PTR: bud02s39-in-f2.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2001:678:cb4:bbbb::11 (United Kingdom) 2 redirects

ASN56396 (AMOBEE, GB)

ad.turn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
r.turn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.190.0.66 (Kansas City, United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: 66.0.190.35.bc.googleusercontent.com

ads.travelaudience.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.173.144.138 (Frankfurt am Main, Germany) 1 redirects

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a02:26f0:3500:11::215:14dc (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

code.createjs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.213.108.198 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-213-108-198.eu-west-1.compute.amazonaws.com

beacon.krxd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 143.204.205.98 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-205-98.fra53.r.cloudfront.net

playercdn.jivox.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:fa8:8806:12::1370 (Singapore)

ASN41041 (VCLK-EU-SE, US)

dclk-match.dotomi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.18.18.126 (Shahr, Iran, Islamic Republic Of) 1 redirects

ASN13335 (CLOUDFLARENET, US)

ssum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 52.17.103.74 (Dublin, Ireland) 4 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-17-103-74.eu-west-1.compute.amazonaws.com

match.360yield.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 178.250.2.150 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

csm.eu.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 66.155.71.25 (Portsmouth, United Kingdom)

ASN13768 (COGECO-PEER1, CA)

pixel-sync.sitescout.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 3.122.20.151 (Frankfurt am Main, Germany) 4 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-122-20-151.eu-central-1.compute.amazonaws.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:116:800d:21:c5a4:625:6563:a5bb (United States)

ASN16509 (AMAZON-02, US)

cms.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.29.134.244 (United Kingdom) 1 redirects

ASN30419 (MEDIAMATH-INC, US)

sync.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.194.49 (United States)

ASN54113 (FASTLY, US)

sync-tm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.96.105.8 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 8.105.96.34.bc.googleusercontent.com

tr.blismedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.121.93.31 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-121-93-31.eu-central-1.compute.amazonaws.com

ads.creative-serving.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 52.85.24.95 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-85-24-95.cpt52.r.cloudfront.net

assets.euw1.jivox.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 34.242.157.79 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-242-157-79.eu-west-1.compute.amazonaws.com

evs.euw1.jivox.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2a02:26f0:10e:29b::2c79 (Vienna, Austria)

ASN20940 (AKAMAI-ASN1, NL)

play.aniview.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
player.aniview.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 34.226.74.25 (None, )

ASN- ()

track1.aniview.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.224.43.174 (None, )

ASN- ()

go1.aniview.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 18.66.15.53 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-15-53.vie50.r.cloudfront.net

cdn.euw1.jivox.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 37.252.172.123 (None, ) 1 redirects

ASN- ()

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 54.204.116.94 (None, )

ASN- ()

sync.aniview.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 216.52.2.48 (None, )

ASN- ()

ap.lijit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 193.122.174.27 (None, )

ASN- ()

sync.technoratimedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 184.51.9.34 (None, )

ASN- ()

ads.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6813:ad6c (None, )

ASN- ()

csync.loopme.me	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 198.148.27.139 (None, ) 1 redirects

ASN- ()

bh.contextweb.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 35.157.246.167 (None, )

ASN- ()

web.ssp.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c2shb.pubgw.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.28.203.152 (None, )

ASN- ()

c2shb.pubgw.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 18.194.34.97 (None, )

ASN- ()

prebid-server.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:1f18:612b:4232:aab9:bdfe:4216:bd10 (None, )

ASN- ()

p4dt2-ha1hf.ads.tremorhub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 198.47.127.22 (None, )

ASN- ()

hbopenbid.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
87	googlesyndication.com 1 redirects pagead2.googlesyndication.com — Cisco Umbrella Rank: 102 tpc.googlesyndication.com — Cisco Umbrella Rank: 143 b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com	872 KB
74	doubleclick.net 10 redirects googleads.g.doubleclick.net — Cisco Umbrella Rank: 42 stats.g.doubleclick.net — Cisco Umbrella Rank: 79 securepubads.g.doubleclick.net — Cisco Umbrella Rank: 180 cm.g.doubleclick.net — Cisco Umbrella Rank: 212 googleads4.g.doubleclick.net — Cisco Umbrella Rank: 299	364 KB
47	123g.us c.123g.us — Cisco Umbrella Rank: 401030 i.123g.us — Cisco Umbrella Rank: 212116	1 MB
39	avantisvideo.com cdn.avantisvideo.com — Cisco Umbrella Rank: 20479 static.avantisvideo.com — Cisco Umbrella Rank: 22333 events1.avantisvideo.com — Cisco Umbrella Rank: 20249 cdn1.avantisvideo.com — Cisco Umbrella Rank: 23754 avm.avantisvideo.com — Cisco Umbrella Rank: 20414	275 KB
27	aniview.com play.aniview.com — Cisco Umbrella Rank: 15858 player.aniview.com — Cisco Umbrella Rank: 1698 track1.aniview.com go1.aniview.com sync.aniview.com	483 KB
19	yahoo.com 12 redirects ups.analytics.yahoo.com — Cisco Umbrella Rank: 282 pr-bh.ybp.yahoo.com — Cisco Umbrella Rank: 439 web.ssp.yahoo.com c2shb.pubgw.yahoo.com	5 KB
18	jivox.com as.euw1.jivox.com — Cisco Umbrella Rank: 193856 playercdn.jivox.com — Cisco Umbrella Rank: 4685 assets.euw1.jivox.com — Cisco Umbrella Rank: 217183 evs.euw1.jivox.com — Cisco Umbrella Rank: 195996 cdn.euw1.jivox.com — Cisco Umbrella Rank: 251249	1 MB
13	criteo.net static.criteo.net — Cisco Umbrella Rank: 636 csm.eu.criteo.net — Cisco Umbrella Rank: 8499	711 KB
13	123greetings.com www.123greetings.com — Cisco Umbrella Rank: 348660 s.gk.123greetings.com — Cisco Umbrella Rank: 497909	64 KB
12	google.com 2 redirects adservice.google.com — Cisco Umbrella Rank: 76 www.google.com — Cisco Umbrella Rank: 2	2 KB
11	adform.net 3 redirects track.adform.net — Cisco Umbrella Rank: 3694 s1.adform.net — Cisco Umbrella Rank: 7901 c1.adform.net — Cisco Umbrella Rank: 614	261 KB
11	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 191	463 KB
10	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 64	194 KB
9	rubiconproject.com 1 redirects pixel.rubiconproject.com — Cisco Umbrella Rank: 336 prebid-server.rubiconproject.com	4 KB
8	2mdn.net s0.2mdn.net — Cisco Umbrella Rank: 268	527 KB
8	spotxchange.com 6 redirects sync.search.spotxchange.com — Cisco Umbrella Rank: 574	5 KB
8	adnxs.com 3 redirects ib.adnxs.com — Cisco Umbrella Rank: 229 secure.adnxs.com	8 KB
8	gstatic.com www.gstatic.com fonts.gstatic.com	107 KB
7	pubmatic.com image6.pubmatic.com — Cisco Umbrella Rank: 647 ads.pubmatic.com hbopenbid.pubmatic.com	6 KB
7	casalemedia.com 3 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 528 ssum-sec.casalemedia.com — Cisco Umbrella Rank: 429 htlb.casalemedia.com	5 KB
6	bidswitch.net 4 redirects x.bidswitch.net — Cisco Umbrella Rank: 288	3 KB
6	openx.net us-u.openx.net — Cisco Umbrella Rank: 394 rtb.openx.net — Cisco Umbrella Rank: 1470 u.openx.net	1 KB
4	360yield.com 4 redirects match.360yield.com — Cisco Umbrella Rank: 3547	2 KB
4	turn.com 2 redirects ad.turn.com — Cisco Umbrella Rank: 746 r.turn.com — Cisco Umbrella Rank: 3326	2 KB
4	onetag-sys.com 1 redirects onetag-sys.com — Cisco Umbrella Rank: 749	1 KB
4	teads.tv sync.teads.tv — Cisco Umbrella Rank: 1039	688 B
4	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 41	3 KB
3	createjs.com code.createjs.com — Cisco Umbrella Rank: 1496	188 KB
3	1rx.io 3 redirects sync.1rx.io — Cisco Umbrella Rank: 530	2 KB
3	tribalfusion.com 1 redirects a.tribalfusion.com — Cisco Umbrella Rank: 805 s.tribalfusion.com — Cisco Umbrella Rank: 2173	2 KB
3	criteo.com rtb.fr.eu.criteo.com — Cisco Umbrella Rank: 14567 ads.eu.criteo.com — Cisco Umbrella Rank: 8466 cat.fr.eu.criteo.com — Cisco Umbrella Rank: 10279	32 KB
3	google.de adservice.google.de — Cisco Umbrella Rank: 8962	1 KB
3	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 28 region1.google-analytics.com — Cisco Umbrella Rank: 2852	20 KB
3	trkn.us 1 redirects trkn.us — Cisco Umbrella Rank: 2032	3 KB
2	tremorhub.com p4dt2-ha1hf.ads.tremorhub.com	2 KB
2	creative-serving.com 2 redirects ads.creative-serving.com — Cisco Umbrella Rank: 3941	1 KB
2	travelaudience.com 2 redirects ads.travelaudience.com — Cisco Umbrella Rank: 13202	568 B
2	simpli.fi 2 redirects um.simpli.fi — Cisco Umbrella Rank: 815	1 KB
2	w55c.net 2 redirects pm.w55c.net — Cisco Umbrella Rank: 727	2 KB
2	facebook.com 1 redirects www.facebook.com — Cisco Umbrella Rank: 114	3 KB
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 151	89 KB
1	contextweb.com 1 redirects bh.contextweb.com	509 B
1	loopme.me csync.loopme.me
1	technoratimedia.com sync.technoratimedia.com
1	lijit.com ap.lijit.com
1	blismedia.com tr.blismedia.com — Cisco Umbrella Rank: 2295	172 B
1	everesttech.net sync-tm.everesttech.net — Cisco Umbrella Rank: 537	177 B
1	mathtag.com 1 redirects sync.mathtag.com — Cisco Umbrella Rank: 441	862 B
1	quantserve.com cms.quantserve.com — Cisco Umbrella Rank: 979	464 B
1	sitescout.com pixel-sync.sitescout.com — Cisco Umbrella Rank: 573	191 B
1	dotomi.com dclk-match.dotomi.com — Cisco Umbrella Rank: 2825	104 B
1	krxd.net beacon.krxd.net — Cisco Umbrella Rank: 515	338 B
1	adsrvr.org match.adsrvr.org — Cisco Umbrella Rank: 344	265 B
1	imrworldwide.com secure-gl.imrworldwide.com — Cisco Umbrella Rank: 1519	755 B
1	unrulymedia.com 1 redirects sync.targeting.unrulymedia.com — Cisco Umbrella Rank: 1165	574 B
1	googleadservices.com partner.googleadservices.com — Cisco Umbrella Rank: 862	648 B
451	56

	Domain	Requested by
44	cm.g.doubleclick.net	10 redirects googleads.g.doubleclick.net b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com
42	tpc.googlesyndication.com	1 redirects googleads.g.doubleclick.net pagead2.googlesyndication.com tpc.googlesyndication.com b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com www.123greetings.com
37	pagead2.googlesyndication.com	www.123greetings.com pagead2.googlesyndication.com b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com googleads.g.doubleclick.net tpc.googlesyndication.com www.googletagservices.com
26	i.123g.us	www.123greetings.com
21	c.123g.us	www.123greetings.com c.123g.us
15	googleads.g.doubleclick.net	pagead2.googlesyndication.com googleads.g.doubleclick.net b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com www.123greetings.com
14	avm.avantisvideo.com	cdn1.avantisvideo.com cdn.avantisvideo.com
12	s.gk.123greetings.com	c.123g.us s.gk.123greetings.com
11	player.aniview.com	cdn.avantisvideo.com player.aniview.com
11	static.criteo.net	ads.eu.criteo.com
11	events1.avantisvideo.com	www.123greetings.com
11	www.googletagservices.com	c.123g.us googleads.g.doubleclick.net securepubads.g.doubleclick.net b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com
10	track1.aniview.com
10	ups.analytics.yahoo.com	9 redirects player.aniview.com
10	securepubads.g.doubleclick.net	www.googletagservices.com securepubads.g.doubleclick.net www.123greetings.com
10	www.googletagmanager.com	www.123greetings.com www.googletagmanager.com
9	www.google.com	2 redirects tpc.googlesyndication.com b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com
8	prebid-server.rubiconproject.com	player.aniview.com
8	s0.2mdn.net	www.123greetings.com s0.2mdn.net b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com
8	sync.search.spotxchange.com	6 redirects googleads.g.doubleclick.net
8	cdn.avantisvideo.com	securepubads.g.doubleclick.net cdn.avantisvideo.com
8	b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
7	ib.adnxs.com	2 redirects googleads.g.doubleclick.net player.aniview.com
6	x.bidswitch.net	4 redirects
5	playercdn.jivox.com	as.euw1.jivox.com
5	track.adform.net	b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com s1.adform.net
4	c2shb.pubgw.yahoo.com	player.aniview.com
4	evs.euw1.jivox.com	as.euw1.jivox.com b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com
4	assets.euw1.jivox.com	as.euw1.jivox.com
4	match.360yield.com	4 redirects
4	googleads4.g.doubleclick.net	www.123greetings.com
4	onetag-sys.com	1 redirects player.aniview.com
4	image6.pubmatic.com	b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com ads.pubmatic.com
4	fonts.gstatic.com	fonts.googleapis.com
4	sync.teads.tv	googleads.g.doubleclick.net b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com
4	dsum-sec.casalemedia.com	2 redirects googleads.g.doubleclick.net
4	static.avantisvideo.com	cdn.avantisvideo.com
4	www.gstatic.com	googleads.g.doubleclick.net b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com
4	fonts.googleapis.com	googleads.g.doubleclick.net b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com tpc.googlesyndication.com
3	sync.aniview.com	player.aniview.com
3	cdn.euw1.jivox.com	as.euw1.jivox.com
3	code.createjs.com	s0.2mdn.net as.euw1.jivox.com
3	pr-bh.ybp.yahoo.com	3 redirects
3	sync.1rx.io	3 redirects
3	rtb.openx.net	b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com
3	c1.adform.net	3 redirects
3	s1.adform.net	track.adform.net s1.adform.net b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com
3	adservice.google.com	pagead2.googlesyndication.com securepubads.g.doubleclick.net
3	adservice.google.de	pagead2.googlesyndication.com securepubads.g.doubleclick.net
3	trkn.us	1 redirects www.123greetings.com
2	hbopenbid.pubmatic.com	player.aniview.com
2	p4dt2-ha1hf.ads.tremorhub.com	player.aniview.com
2	htlb.casalemedia.com	player.aniview.com
2	web.ssp.yahoo.com	player.aniview.com
2	go1.aniview.com	player.aniview.com
2	ads.creative-serving.com	2 redirects
2	csm.eu.criteo.net	ads.eu.criteo.com
2	ads.travelaudience.com	2 redirects
2	r.turn.com	b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com
2	ad.turn.com	2 redirects
2	um.simpli.fi	2 redirects
2	a.tribalfusion.com	1 redirects b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com
2	pm.w55c.net	2 redirects
2	cdn1.avantisvideo.com	cdn.avantisvideo.com
2	us-u.openx.net	googleads.g.doubleclick.net
2	as.euw1.jivox.com	b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com as.euw1.jivox.com
2	www.facebook.com	1 redirects connect.facebook.net
2	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
2	connect.facebook.net	www.123greetings.com connect.facebook.net
1	bh.contextweb.com	1 redirects
1	u.openx.net	player.aniview.com
1	csync.loopme.me	player.aniview.com
1	ads.pubmatic.com	player.aniview.com
1	sync.technoratimedia.com	player.aniview.com
1	ap.lijit.com	player.aniview.com
1	secure.adnxs.com	1 redirects
1	play.aniview.com	cdn.avantisvideo.com
1	tr.blismedia.com	b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com
1	sync-tm.everesttech.net	b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com
1	sync.mathtag.com	1 redirects
1	cms.quantserve.com	b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com
1	pixel-sync.sitescout.com	b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com
1	ssum-sec.casalemedia.com	1 redirects
1	dclk-match.dotomi.com	b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com
1	beacon.krxd.net	b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com
1	pixel.rubiconproject.com	1 redirects
1	match.adsrvr.org	b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com
1	secure-gl.imrworldwide.com	ads.eu.criteo.com
1	cat.fr.eu.criteo.com	ads.eu.criteo.com
1	sync.targeting.unrulymedia.com	1 redirects
1	s.tribalfusion.com	b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com
1	ads.eu.criteo.com	b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com
1	rtb.fr.eu.criteo.com	www.123greetings.com
1	partner.googleadservices.com	pagead2.googlesyndication.com
1	stats.g.doubleclick.net	www.google-analytics.com
1	region1.google-analytics.com	www.googletagmanager.com
1	www.123greetings.com
451	97

This site contains links to these domains. Also see Links.

Domain
studio.123greetings.com
itunes.apple.com
play.google.com
nl.123greetings.com
www.addthis.com
info.123greetings.com
blog.123greetings.com
widgets.123greetings.com
help.123greetings.com

Subject Issuer	Validity	Valid
*.123greetings.com Go Daddy Secure Certificate Authority - G2	`2022-03-01` - `2023-04-02`	a year	crt.sh
*.123g.us Go Daddy Secure Certificate Authority - G2	`2022-08-13` - `2023-08-11`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-09-12` - `2022-12-05`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-09-12` - `2022-12-05`	3 months	crt.sh
gk.123greetings.com R3	`2022-09-18` - `2022-12-17`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2022-07-10` - `2022-10-08`	3 months	crt.sh
trkn.us Go Daddy Secure Certificate Authority - G2	`2022-01-19` - `2023-02-20`	a year	crt.sh
*.googleadservices.com GTS CA 1C3	`2022-09-12` - `2022-12-05`	3 months	crt.sh
*.google.de GTS CA 1C3	`2022-09-12` - `2022-12-05`	3 months	crt.sh
*.google.com GTS CA 1C3	`2022-09-12` - `2022-12-05`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2022-09-12` - `2022-12-05`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2022-09-12` - `2022-12-05`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2022-09-12` - `2022-12-05`	3 months	crt.sh
*.avantisvideo.com Amazon	`2021-11-24` - `2022-12-22`	a year	crt.sh
track.adform.net DigiCert TLS RSA SHA256 2020 CA1	`2022-09-20` - `2023-09-20`	a year	crt.sh
*.app.euw1.jivox.com Amazon	`2021-12-16` - `2023-01-14`	a year	crt.sh
*.fr.eu.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-09-27` - `2022-12-29`	3 months	crt.sh
*.eu.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-08-03` - `2022-11-05`	3 months	crt.sh
*.openx.net GeoTrust RSA CA 2018	`2022-07-21` - `2023-08-21`	a year	crt.sh
teads.tv R3	`2022-08-17` - `2022-11-15`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2022-09-12` - `2022-12-05`	3 months	crt.sh
*.criteo.net DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-09-01` - `2022-11-30`	3 months	crt.sh
*.imrworldwide.com DigiCert TLS RSA SHA256 2020 CA1	`2022-01-04` - `2023-02-03`	a year	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2022-03-31` - `2023-05-02`	a year	crt.sh
*.pubmatic.com DigiCert Baltimore TLS RSA SHA256 2020 CA1	`2022-06-13` - `2023-07-14`	a year	crt.sh
tls.adobe.com DigiCert TLS RSA SHA256 2020 CA1	`2022-04-29` - `2023-05-30`	a year	crt.sh
beacon.krxd.net DigiCert TLS RSA SHA256 2020 CA1	`2021-11-03` - `2022-11-02`	a year	crt.sh
*.jivox.com DigiCert TLS RSA SHA256 2020 CA1	`2022-05-13` - `2023-06-13`	a year	crt.sh
*.dotomi.com GlobalSign RSA OV SSL CA 2018	`2022-08-09` - `2023-09-10`	a year	crt.sh
*.eu.criteo.net DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-08-21` - `2022-11-23`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-06-07` - `2023-06-06`	a year	crt.sh
*.sitescout.com GeoTrust TLS DV RSA Mixed SHA256 2020 CA-1	`2021-12-15` - `2023-01-15`	a year	crt.sh
*.quantserve.com DigiCert TLS RSA SHA256 2020 CA1	`2022-08-09` - `2023-09-09`	a year	crt.sh
*.everesttech.net GlobalSign Atlas R3 DV TLS CA 2022 Q1	`2022-02-03` - `2023-03-07`	a year	crt.sh
tr.blismedia.com GTS CA 1D4	`2022-08-18` - `2022-11-16`	3 months	crt.sh
euw1.jivox.com Amazon	`2021-12-10` - `2023-01-09`	a year	crt.sh
*.aniview.com DigiCert SHA2 Secure Server CA	`2021-12-30` - `2023-01-03`	a year	crt.sh
*.lijit.com Go Daddy Secure Certificate Authority - G2	`2022-06-27` - `2023-06-05`	a year	crt.sh
ups.analytics.yahoo.com DigiCert SHA2 High Assurance Server CA	`2022-09-27` - `2023-03-22`	6 months	crt.sh
*.technoratimedia.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-09-15` - `2023-09-15`	a year	crt.sh
web.ssp.yahoo.com DigiCert SHA2 High Assurance Server CA	`2022-08-02` - `2023-01-25`	6 months	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2022-02-11` - `2023-03-14`	a year	crt.sh
*.bidswitch.net Sectigo RSA Domain Validation Secure Server CA	`2022-04-05` - `2023-05-04`	a year	crt.sh
*.rubiconproject.com DigiCert TLS RSA SHA256 2020 CA1	`2022-03-08` - `2023-04-04`	a year	crt.sh
*.tremorhub.com Amazon	`2022-03-24` - `2023-04-22`	a year	crt.sh
*.onetag-sys.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-01-10` - `2023-01-03`	a year	crt.sh

This page contains 56 frames:

Primary Page: https://www.123greetings.com/events/national_day_china/?utm_source=eoct_nationalday_china_remail
Frame ID: 40194DF9230CB1E859675835763F4E79
Requests: 151 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20220928/r20190131/zrt_lookup.html
Frame ID: 7C64CD0CE392FB08517D32C5E23B9EFE
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8275302107693664&output=html&adk=1812271804&adf=3025194257&lmt=1664631500&plat=1%3A16777216%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fwww.123greetings.com%2Fevents%2Fnational_day_china%2F%3Futm_source%3Deoct_nationalday_china_remail&ea=0&pra=5&wgl=1&easpi=0&asntp=0&asntpv=0&asntpl=0&asntpm=0&asntpc=0&asna=5&asnd=5&asnp=5&asns=5&asmat=1&asptt=-1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1664631500492&bpp=2&bdt=583&idt=218&shv=r20220928&mjsv=m202209270101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=1222104462320&frm=20&pv=2&ga_vid=831880633.1664631500&ga_sid=1664631501&ga_hid=898260434&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31069957%2C42531705%2C31070009%2C31060047%2C31069563&oid=2&pvsid=3900156577675395&tmod=1078028519&uas=0&nvt=1&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=235
Frame ID: 3B4485F73378FFCF2780717CB1FE1616
Requests: 1 HTTP requests in this frame

Frame: blob://https://www.123greetings.com/5c77acc0-fd78-43c6-bafa-219fe9bdbb21
Frame ID: C9B6092BC5F23B38DC01881F74559301
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20220928/r20110914/zrt_lookup.html?fsb=1
Frame ID: 6E3266C02B88D7E51D84FA3F0F18F062
Requests: 5 HTTP requests in this frame

Frame: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 9E652B428063B357E8AF6709DC9896AC
Requests: 1 HTTP requests in this frame

Frame: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
Frame ID: E9E82FD3FF45B835E868DF4717012ECA
Requests: 7 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 151FD441826B09023EF76E84507ED249
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/gnLtmcL-mn53pq-EJRMXOCFACjpZd0iqiIv80oTeKas.js
Frame ID: 25B0A8DB1F679B35107D01B524E2CF08
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/login/?next=https%3A%2F%2Fwww.facebook.com%2Fplugins%2Fpage.php%3Fadapt_container_width%3Dtrue%26app_id%3D6268317308%26channel%3Dhttps%253A%252F%252Fstaticxx.facebook.com%252Fx%252Fconnect%252Fxd_arbiter%252F%253Fversion%253D46%2523cb%253Df3d7017c8c5962%2526domain%253Dwww.123greetings.com%2526is_canvas%253Dfalse%2526origin%253Dhttps%25253A%25252F%25252Fwww.123greetings.com%25252Ff1120de4067ba%2526relation%253Dparent.parent%26container_width%3D320%26height%3D287%26hide_cover%3Dfalse%26href%3Dhttps%253A%252F%252Fwww.facebook.com%252F123GreetingsCom%26locale%3Den_US%26sdk%3Djoey%26show_facepile%3Dtrue%26show_posts%3Dtrue%26small_header%3Dtrue%26width%3D320
Frame ID: 6A0816F45A24FB2B3F9FA50E1DFA2296
Requests: 1 HTTP requests in this frame

Frame: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: C2DAB7C9C6D6C22E00001176C20692D7
Requests: 15 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 7144A3F2A419818A3A778650A76B9866
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 75744E2CCFCCF4D72751FF9A08BB474B
Requests: 2 HTTP requests in this frame

Frame: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: AA876F9049C2815963EF53F4DC8F48DF
Requests: 19 HTTP requests in this frame

Frame: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 4ED8565045FA591DB07F0EA1F52548C1
Requests: 15 HTTP requests in this frame

Frame: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: FCA60D738B1E94447F4676F2B83A2BF1
Requests: 12 HTTP requests in this frame

Frame: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 50B489C1F37138232D03B1A0709270E6
Requests: 14 HTTP requests in this frame

Frame: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: BF6406D4FFC9926A50237776A99EC7F4
Requests: 7 HTTP requests in this frame

Frame: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: DF860C91FF73A0A65746AE65266A2827
Requests: 8 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsv9p7j6JJoIFhlRHGBIVg24RPnH7Q7qtuNBQgv7rZGny3QoyxVbMsu1H9TKqTGduqi5PIhs52MB1ipGbBD51NFaztjCblbn24RFzxnqf70HU6JQP0fK4GL6euJvS1GO0uMUVZwEIO-qEZgbCBEd61cvVhlRrCD8VMzUjsEStT9LH45Y_7W6OOElgGbK_6QkIaf4_Ta2_JQ24uV8trLMJ8An3QcvE_L3GFzJV1z8IHPTtZ4cv9ITFdCKuCVPtWe5RxpQg_wKnl4ZhAf3dJdqV33YvlxXe-b9yVh73f4ksQgsvuY-Nvg-EFX0j3VpIBpv-K9JWOQPV5LjtGWlcOxdssIrVrpM_mRIDdQ&sai=AMfl-YQCwI5Ey8ks7JzbVDRO6XzjEwXy9rl_-6L7KBDf4UzAUGtH-eT631hySJGBmG2UhK4LjlsUt8KpFxw4cgzskkI6GItLENIjf_JssY-vZ_kELRYrbu-CN6qkMU5W6Vyr4g&sig=Cg0ArKJSzBiTS-YBvNPdEAE&uach_m=[UACH]&urlfix=1&adurl=
Frame ID: 49483F39A6EA35AC99AB67FECA1D0D8A
Requests: 15 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvyI10N75pg-Fj4nqe3qSErmqCa2UwODEk2e3IXt9eNvVpf3iDxwN-mU2SPxNb0Fp4Tzdh-1KyN9NmL0x2KULt9a2nmITeU8nE5CzjDyIxCJQEWuAsrMGQzdoXwUz3W8y9aZPe863tLJ9wSrnlEt4VBrWXyd3BcnKNOTKpCLflmdW8n2A6_zzJa5RizFw8UZOj48sxH2tWMQCBURp2xUCPv3tlU_CZ5rp3RIgr0IdP7VIyzMxfHK1vRGzrQwxrR_wTBQQiO7yk9Z-HcDkMdVMGNk_9Vu3RidfR13ybs34b71vXwuo-MIp2YAUTRiqIgeAIfJ3C1tKf1oxLa-jJgwtvbocZLsuf2NMmNgX8MbFyefoc&sai=AMfl-YRHeU8ch9XfhFE4XvCjt_-bQFcGu3GDrcP9p_SiYBKNW7gU7dCyJUxbkO7aUjK52fJKnui8x0cXfWL1N3n6Q3dWmimiA2vxKWhawFeyI8JTgsvaIGqlxiDVRli6ufqQfA&sig=Cg0ArKJSzHDAovJArd0KEAE&uach_m=[UACH]&urlfix=1&adurl=
Frame ID: 327BE4F0896F4A3F05D626BED491D0C1
Requests: 15 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CL6WcRCwifCiAxiE8MHIATAB&v=APEucNUrx7-NSikbe1mO09OGBjpVzgGu2ud9Vur-lUPGWO4xPbyTX_xcrP2pI4Dp1vQkSha2QDSTYtXiAE0h0vPORzxcKef9unDi62jQ35AC1zaAWqnPOLp0xO88i-rwZcyyiPJw191CAhgINeuxz8otzg8NeJMgGsotH8meZBSWyETgO3dSPz8
Frame ID: 2450B72DB6838F275096807B21721DF8
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=COWiHhCsuIT9ARjXhbrSATAB&v=APEucNVKl-mA4RhNA3kFhCFH5Cpg4uzg29KFgqS8ZYRh094b_gWzJxg5AKRwJToQGkBrhTx1jCnlsWluFXW167BsI3Bx2TMnB5CyC05d5DxUwDFpiggPWzYsPNMaf-3f3e5MI1V-2ZDOVHjdNoGzNaa9JP_L0rlP_N0ZVKqwGNRUKoEIshNfZog
Frame ID: 4BA240B52C9B5A902F08B95CFBCA5AF8
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CL6WcRCwifCiAxiE8MHIATAB&v=APEucNVx4JVKDpTYjwwK_xcXSMarL2QDJjZlZHuUYyJwNWFzMirI5km1doBqxkAvjDtpLopGrOWhwEIiuiGLvfQqIBa2dvsd7icSbc04rnYITAerI66MfHe6yMeCtMjrFTMtsRHbIJ6_FXA6W1p_45DacGwOR70RFx0PYBcTxdXQ-uEoMubMXdg
Frame ID: 005A08CF73031A79D765D97AAC57FD96
Requests: 4 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CI-DLxCv7fgBGOrU4NMBMAE&v=APEucNWwyOF2HDlYunymct8X-oWObA0Wj7CR2cmFgHP4ock2FSvaFl4iUJF0Vgke7L8ISWjT6CLoJnnZH7IcsIJduPrbYo_U5JmPVXAjNY6OwREuWXGkSg0Wl6Oz4p38Z3PIOkWCMPRrA591OA9gMTxqOYDm-qe1ov0qk6oIe2lHF9rofzwX3KE
Frame ID: 14F7749AFFF1E6C236C2BD72D36921AF
Requests: 4 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17626451119355985920/index.html
Frame ID: 2446548297AD13C6F0371D90D0311F8B
Requests: 11 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 1E6247C4D648E98D5A89A41B41D31E00
Requests: 2 HTTP requests in this frame

Frame: https://ads.eu.criteo.com/delivery/r/afr.php?z=YzhCzQAM_UgH_ZYZAALqrctNBTMJyJEH5Ahrwg&u=%7CV7vn0Sj6RC%2B6uZdn3cXIlWMM9ozbHgZ75C8%2F2VpiU9g%3D%7C&c1=0n2XosTo5ckbeNFvq0zVIcsyhyT3WKD0PIixkNz--ZUG2JILUkurhaVHQ6RkVc1uRRN7U2tIy91eSjxqsgku4zScXubwwgFA9dk29Zm2lIQWTyuXovfxFJXKQPX9ZuPh_8aVuOUk9RJWqVY5XqAmQLo4zffuSaoE32JK_e53BdjIwc6dRw09V1rd8eN-DYEiIXPCViDn7D2BtnzGs1jM3crmWLPvXtoTrNn7Dmq_6gKS5XEeeK5HjL6Eh69hg1qNeMbQCSLnNmHUwu8HRQH6ogumh0hA9AHrC6zXwW7ZpFUAUcdFENiiTe0wwqzvYrVFOHqO0ZyV6r7hyrlQ_0jOlHWBNep_EBKJ3oiFcdC1-EOYENHlWr97ybYasI6H5sCriNbNtToO3axu1BbOUQXuYkexflRuCezVzYgfeOktbssV9GBsI_N2gT5o_yjA0jIWUf-iSupyO12QlXxy2D1icYXMchAEJ8dCqnySGHs8kcW4Br6ss8hlW66szQ7xK83D6tpKNlDe6zx5gCqLP9OP5D6aTC-R90X59vPg1xYDcln3yg_Q7FrPUm91QRO7XqJBRTDbDKLlKriJPTWxDVByPMIF7j71GGZbck_rGm1xnAUOdwsdNsFFGaui3dLsdSKewgLZHDd-gjs&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCt4DfzUI4Y8j6M5ms9u8PrdWLyAnJntKxXNWdkfdwwI23ARABIABglYKAgKAHggEXY2EtcHViLTQ2Mjc1MTc2ODAyNDk2NzCgAdW20uoDyAEJqQIWhNpvuHGwPuACAKgDAaoEkwJP0CBv6C7YE6JV9E92NBDNLVOsc-95kZrpZnWZiyvsShWU-q4xN7yePSPu2Q0HsDjqoh5oBF7xke4hvY43aPuMbsDVb5Yr63OPgRzcsXkWnomGxhBeGP8qeim1LR8zo5qKj3L-od9rAzOCzZrMhBmKrIMmLovBQslmlvmr6RgsBuzmCK3FDShAEwcxGhXXk1RR1in5KFGGQEsU3Sgmxg79v-uMZttpsorZR69bgC06--_L0u2VpIbA3SqZdEt_3dpChhHQfVYLmu8ODTvyhipjtupV7Qa3FwcNT6z3HBBEDb_tprTpK95Ej6XMqZW58H8J34u3aTN8R2Aola4YQTPmwMB7KlS8zKyf2s7j9xkFhCIIcOAEAYAGx83PmN-e7an5AaAGIagHipixAqgHpr4bqAeW2BuoB6qbsQKoB_-esQKoB9-fsQLYBwDSCA8IgOGAEBABMgKqAjoCgED6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_0bLbe2Dz_SORuJ-77EVWX3mlLM9Q%26client%3Dca-pub-4627517680249670%26adurl%3D
Frame ID: C3C44550C5D5ADEF69D7B6EA3D182E8D
Requests: 16 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: E62F51FC2688A9BD4F322A0FBF23340B
Requests: 9 HTTP requests in this frame

Frame: https://cdn1.avantisvideo.com/connect/u_d.html
Frame ID: B071D0BB9B7AE34CF004BCA035BE4823
Requests: 2 HTTP requests in this frame

Frame: https://cdn1.avantisvideo.com/connect/u_d.html
Frame ID: 89CE5AF661D9753DB4ECEAF706C2652C
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 682920180592DD7ACEAE6E499570FBEB
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 17D4D19C1FB7912DE816EA52C5C796B0
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: B1197F1B70E1CABD068FA54A16CF6187
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/9550724388066307941/728x90.html
Frame ID: B8D47477AB81FBF250DCDA5DBB013BAA
Requests: 4 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/gnLtmcL-mn53pq-EJRMXOCFACjpZd0iqiIv80oTeKas.js
Frame ID: 677DF3D076DCFF3406C079A45CD4B288
Requests: 1 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/12044097668311477804/300x250.html
Frame ID: 332C1D9722092292C920CFEE813E7172
Requests: 4 HTTP requests in this frame

Frame: https://as.euw1.jivox.com/unit/layout_renderer.php?es_pId=9f38299&isDynamic=1&campaignId=159897&gdpr_consent=&dspId=DBM&bDim=300x250&ap_DataSignal1=18269839860&jvxVer=2&gdpr=&bUnitId=2000&r=1664631501850674&cMacro=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCB-kDzUI4Y_L1M5ms9u8PrdWLyAnJ3tjBbMify9vdEN_kor3AARABIO_2kCFglYKAgKAHoAHm497pAsgBCakCFoTab7hxsD6oAwGqBO0BT9Ce4HNOHhFVqnPnTnflrO7RyyNBarJ6B7Aj_JF19_3tdRv-taLHNeUu7zUKnJC1PIsYC8nvQzPtKx2W0MEbnER6jkBwi9sA-8O71R1ohavLpUjX91qDOa7f10WOt78MrAjtfi7ZwLAdMXMkWkT-akUBCl5OOi76DLRe1yXTHczLRr63pQEev9JOtcJ2-xm6fJok4FjB9BVujjUVXHlwWt5xNu_9JmmUO36qFfXyxdyBryluk2JyhBDu2ov7n1A_rYfTmHhW3Zf2_YtOiAv2IMl5W5OYFxsSE4t8bPz2i3E4s64kn7ZqU4LAl4USwASR1Yu9kgTgBAOQBgGgBk2AB4KcoZYBqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgH35-xAtgHANIIEQiA4YAQEAEYHTICqgI6AoBAgAoDmAsByAsBgAwBsBPG6McQ0BMA2BMN2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAASJeRo6x_F_ff-rWyeeOXrhXXxZEVwn9dFbwrJbvAUU6GZpYTHzAM%26sig%3DAOD64_0SFm02YNJ4ggWP8zr-vI5VGGWC9g%26client%3Dca-pub-4627517680249670%26dbm_c%3DAKAmf-C3PeD9duwzJ08zdFLunA_q-6Tv406ifyM94DXwTzZrbUIQvq-Dp2JWg4KmpNa1HLhkdZIqhTUUitatTGmOHNsBd6BHobZr-JkxuEZtrVK_p_NENoR7aZIfLoCS_nDb6O0qQL8p6DfjgHp_JgmcxsJtOQDrFkyjYJlyORi4ZQbxwXSQQxQ%26cry%3D1%26dbm_d%3DAKAmf-D-SAL_SJyk9A3ZN5aaLmYYD2vZCX7g0YybWwU2WjoovPJhEG5T-OgXkpEUHYy4v1y0Gc5gUFvuKt88lbWxD7-scp3oIlle9-9Tr_sPkQikOMgUXX7I3XVB0ZMxerlimYfSRiC8Yq_Z7CM9v4Qbh0a62Ei3vXCyf1DZB82TrH34z-QVKgXM9fJF0zT3ppyBHGXxEfQsk7gPqzvkJJcWAcHBDI0vkrn68f3AZgOtQni9Wvr8oUKCfVvq1n6PkoMNH4kXPiLjl4H9ji3iw1NMIENxajAonsMgkhft_xE9-7W4URsG8KPVkoYg4-fBc1vk_LtHbOCs6vOtMBniufiYEhJu3wB2JjNUyQ-yLvCiXCbYD4Nf_IsIeBGL3_PtQ4GLQUmai6GCWiwo8eU-OYp2Uog-yv1T0JJA9UmUrNMoDgR57PXV72Yy-k9XE4mQ9dfQB-mfSZ4ogmjvd3djVx1qj2Ffl518tXXcvvIjMmFVu5KsKwrjBY1ZOVHf47LYF4aA43OCiZgZ0qzgd9Hd7vyQGLgIPPGy-lTzMKM4zIHHMn3UC-gfy1vzMsdwTjWcP9tuIVDj1KjKOhN92dwT1XqrN3Fk16_tdmwrCUvPtWQtfDdd8OFBVzoa7IKfE9lx2F_tiJwS2IC6%26adurl%3D&us_privacy=%24%7BUS_PRIVACY%7D&ts_pId=9f38299&siteId=961ee94c58df6c&creativeUnitType=20&objectName=jvx_633842cf1620d&adUnitId=2000&jvxSessionId=1664631503.3758&base=1&creativeResolveBeginTime=1664631503000&omid=0&localTimeOffset=0&pageURL=https%3A%2F%2Fb5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-38%2Fhtml%2Fcontainer.html&allowExp=0
Frame ID: 4927992E1950454899AE8C6B177E533B
Requests: 7 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 37510CBC025842E77393A7FD973F01ED
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: FBA95732EA13E5625DF3FE36793BBADD
Requests: 3 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 889B2748B63FF8C03C0B339A246D641C
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: BB0D80C55F0CE3EA1362F0DD29A88872
Requests: 3 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 7E1424100B0191AA939AA9A5099B4B70
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: EAD870DB5F00AE2F7DF17279833AEA91
Requests: 3 HTTP requests in this frame

Frame: https://playercdn.jivox.com/1651821427/widgets/jivoxWidgetApi/gz/jivoxWidgetApiV2.min.js
Frame ID: 3B084CC49EEAEC746ED20105F630E32A
Requests: 10 HTTP requests in this frame

Frame: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=5e5bd02728a06124e30d85c3
Frame ID: 913F6ED04EBC4FF409DC575761815A88
Requests: 5 HTTP requests in this frame

Frame: https://player.aniview.com/script/6.1/ab5/AVmanager.js?v=1.0&type=s&pid=5e5bd02728a06124e30d85c3
Frame ID: D12A9D3DE0183F8D960C0F87D4FE85D5
Requests: 5 HTTP requests in this frame

Frame: https://sync.aniview.com/cookiesyncendpoint?auid=1664631505489-919491282646-005900-003-004066&biddername=55&key=5407465011447374603
Frame ID: C2480CE0E06C389A0E2D368B27D244BA
Requests: 1 HTTP requests in this frame

Frame: https://ap.lijit.com/pixel?us_privacy=1---&gdpr=1&gdpr_consent=&redir=https%3A%2F%2Fsync.aniview.com%2Fcookiesyncendpoint%3Fauid%3D1664631505489-919491282646-005900-003-004066%26biddername%3D18%26key%3D%24UID
Frame ID: 8BFADB9E27ED3AC2BC9B2E6EED85F0C6
Requests: 1 HTTP requests in this frame

Frame: https://ups.analytics.yahoo.com/ups/58543/occ?gdpr=1&gdpr_consent=
Frame ID: 9234CC6A35226F82315A56BAE7B7638E
Requests: 1 HTTP requests in this frame

Frame: https://sync.technoratimedia.com/services?srv=cs&pid=70&uid=1664631505489-919491282646-005900-003-004066&cb=https%3A%2F%2Fsync.aniview.com%2Fcookiesyncendpoint%3Fauid%3D1664631505489-919491282646-005900-003-004066%26biddername%3D3%26key%3D%5BUSER_ID%5D
Frame ID: B30F5B167314F40E114E1D93C03C3499
Requests: 1 HTTP requests in this frame

Frame: https://sync.aniview.com/cookiesyncendpoint?auid=1664631505489-919491282646-005900-003-004066&biddername=200&key=OPTOUT
Frame ID: DDFB113F5BA3CE1E85B070CA05287CAD
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=160993&gdpr=1&gdpr_consent=&predirect=https%3A%2F%2Fsync.aniview.com%2Fcookiesyncendpoint%3Fauid%3D1664631505489-919491282646-005900-003-004066%26biddername%3D1%26key%3D
Frame ID: D862DBFF823E5902887DB06E7352A4AF
Requests: 2 HTTP requests in this frame

Frame: https://csync.loopme.me/?redirect=https%3A%2F%2Fsync.aniview.com%2Fcookiesyncendpoint%3Fauid%3D1664631505489-919491282646-005900-003-004066%26biddername%3D56%26pid%3D59c9148628a0612da3689288%26key%3D%7Bdevice_id%7D
Frame ID: 2C39D4954EA3BB3B6CAE2B63258330D4
Requests: 1 HTTP requests in this frame

Frame: https://u.openx.net/w/1.0/cm?id=ec4c2ec9-18b8-454e-98be-3ee1e6bfea65&gdpr=1&gdpr_consent=&r=https%3A%2F%2Fsync.aniview.com%2Fcookiesyncendpoint%3Fauid%3D1664631505489-919491282646-005900-003-004066%26biddername%3D23%26key%3D
Frame ID: 66A201FB4F94250E2F8CCD74F9FCA3D1
Requests: 1 HTTP requests in this frame

Frame: https://sync.aniview.com/cookiesyncendpoint?auid=1664631505489-919491282646-005900-003-004066&biddername=10&pid=59c9148628a0612da3689288&key=WmAtqgJxJSZi&ev=1&us_privacy=${us_privacy}&pid=562704
Frame ID: EBC7B53830668E518371850FBD319541
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

National Day (China) Cards, Free National Day (China) Wishes | 123 Greetings

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

DoubleClick Ad Exchange (AdX) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

tpc\.googlesyndication\.com/safeframe

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

DoubleClick for Publishers (DFP) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googletagservices\.com/tag/js/gpt(?:_mobile)?\.js

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

Mautic (Marketing Automation) Expand

Overall confidence: 100%
Detected patterns

[^a-z]mtc.*\.js

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

Prebid (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.com/[^"]*(?:prebid|/pb\.js)

PubMatic (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.pubmatic\.com

Rubicon Project (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.rubiconproject\.com

SWFObject (Miscellaneous) Expand

Overall confidence: 100%
Detected patterns

swfobject.*\.js

Zepto (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

zepto.*\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery Migrate (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

Page Statistics

451
Requests

90 %
HTTPS

39 %
IPv6

56
Domains

97
Subdomains

76
IPs

10
Countries

6844 kB
Transfer

13831 kB
Size

47
Cookies

12 Outgoing links

These are links going to different origins than the main page.

URL: https://studio.123greetings.com/
Title: Studio

Search URL Search Domain Scan URL

URL: https://itunes.apple.com/in/app/123greetings/id718873921?mt=8

Search URL Search Domain Scan URL

URL: https://play.google.com/store/apps/details?id=com.g123

Search URL Search Domain Scan URL

URL: https://nl.123greetings.com/
Title: Newsletter

Search URL Search Domain Scan URL

URL: https://nl.123greetings.com/blog/
Title: Editor Bob's Blog

Search URL Search Domain Scan URL

URL: https://www.addthis.com/bookmark.php

Search URL Search Domain Scan URL

URL: https://info.123greetings.com/company/pressroom/
Title: Press Room

Search URL Search Domain Scan URL

URL: https://blog.123greetings.com/
Title: Blog

Search URL Search Domain Scan URL

URL: https://widgets.123greetings.com/
Title: Widgets

Search URL Search Domain Scan URL

URL: https://nl.123greetings.com/tell-a-friend
Title: Recommend Us

Search URL Search Domain Scan URL

URL: https://help.123greetings.com/
Title: Help

Search URL Search Domain Scan URL

URL: https://help.123greetings.com/contact_us.html
Title: Contact Us

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 75

https://trkn.us/info/?sid=1efbd474-f6d6-4c7a-ab0e-0a28232c817d&ord=1034224245.9972129&ref=https%3A%2F%2Fwww.123greetings.com%2Fevents%2Fnational_day_china%2F%3Futm_source%3Deoct_nationalday_china_remail&dvis=visible HTTP 302
https://trkn.us/info/?sid=1efbd474-f6d6-4c7a-ab0e-0a28232c817d&ord=1034224245.9972129&ref=https%3A%2F%2Fwww.123greetings.com%2Fevents%2Fnational_day_china%2F%3Futm_source%3Deoct_nationalday_china_remail&dvis=visible&ip=178.162.209.140&cuidchk=1

Request Chain 107

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 110

https://www.facebook.com/v2.4/plugins/page.php?adapt_container_width=true&app_id=6268317308&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3d7017c8c5962%26domain%3Dwww.123greetings.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.123greetings.com%252Ff1120de4067ba%26relation%3Dparent.parent&container_width=320&height=287&hide_cover=false&href=https%3A%2F%2Fwww.facebook.com%2F123GreetingsCom&locale=en_US&sdk=joey&show_facepile=true&show_posts=true&small_header=true&width=320 HTTP 302
https://www.facebook.com/login/?next=https%3A%2F%2Fwww.facebook.com%2Fplugins%2Fpage.php%3Fadapt_container_width%3Dtrue%26app_id%3D6268317308%26channel%3Dhttps%253A%252F%252Fstaticxx.facebook.com%252Fx%252Fconnect%252Fxd_arbiter%252F%253Fversion%253D46%2523cb%253Df3d7017c8c5962%2526domain%253Dwww.123greetings.com%2526is_canvas%253Dfalse%2526origin%253Dhttps%25253A%25252F%25252Fwww.123greetings.com%25252Ff1120de4067ba%2526relation%253Dparent.parent%26container_width%3D320%26height%3D287%26hide_cover%3Dfalse%26href%3Dhttps%253A%252F%252Fwww.facebook.com%252F123GreetingsCom%26locale%3Den_US%26sdk%3Djoey%26show_facepile%3Dtrue%26show_posts%3Dtrue%26small_header%3Dtrue%26width%3D320

Request Chain 178

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKP4s4JfglXJTFpduzunfJg&google_cver=1

Request Chain 179

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YzhCz-ry9XBwdZPxX9EfRAAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKP4s4JfglXJTFpduzunfJg&google_cver=1

Request Chain 180

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEIjWTynNO09YIV4iw9ZSA-U&google_cver=1

Request Chain 181

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTQwNzQ2NTAxMTQ0NzM3NDYwMw%3D%3D

Request Chain 193

https://tpc.googlesyndication.com/pageadimg/imgad?id=CICAgKDnj86ZywEQ9AMY9AMyCGN8MsJOAEwL HTTP 301
https://tpc.googlesyndication.com/simgad/4091503581208051288

Request Chain 199

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEOUdBisFwdYg_DKGItqw-cQ&google_cver=1

Request Chain 201

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm HTTP 302
https://sync.teads.tv/um?eid=3&uid=CAESEM2Ba4m0u7ZrtqgsM6we-R4&google_cver=1

Request Chain 206

https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_cm&google_dbm HTTP 302
https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESEFb2Fw9j6rIcoN6OG7JQvag&google_cver=1 HTTP 302
https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESEFb2Fw9j6rIcoN6OG7JQvag&google_cver=1&__user_check__=1&sync_id=51d33281-418e-11ed-93ac-1ac061c70306

Request Chain 207

https://sync.search.spotxchange.com/partner?adv_id=7025&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dspotxchange_dbm%26google_hm%3D%24SPOTX_BASE64_USER_ID HTTP 302
https://sync.search.spotxchange.com/partner?adv_id=7025&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dspotxchange_dbm%26google_hm%3D%24SPOTX_BASE64_USER_ID&__user_check__=1&sync_id=51d29ac2-418e-11ed-b384-1e875f050206 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_hm=NTFkNWQ1NGUtNDE4ZS0xMWVkLTliM2UtMWFiNTJmZTcwMTA2

Request Chain 208

https://ups.analytics.yahoo.com/ups/58269/sync?_origin=1&redir=true HTTP 302
https://ups.analytics.yahoo.com/ups/58269/sync?_origin=1&redir=true&verify=true HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=oath_dbm&google_hm=eS1MUzJOclF0RTJ1SDFuNTdfSHpRZGh5X2hPdWFraEMuYX5B

Request Chain 209

https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_cm&google_dbm HTTP 302
https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESEFb2Fw9j6rIcoN6OG7JQvag&google_cver=1 HTTP 302
https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESEFb2Fw9j6rIcoN6OG7JQvag&google_cver=1&__user_check__=1&sync_id=51d5d5af-418e-11ed-9b3e-1ab52fe70106

Request Chain 210

https://sync.search.spotxchange.com/partner?adv_id=7025&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dspotxchange_dbm%26google_hm%3D%24SPOTX_BASE64_USER_ID HTTP 302
https://sync.search.spotxchange.com/partner?adv_id=7025&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dspotxchange_dbm%26google_hm%3D%24SPOTX_BASE64_USER_ID&__user_check__=1&sync_id=51d331b5-418e-11ed-99cb-194044dd0406 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_hm=NTFkNWQ1NGUtNDE4ZS0xMWVkLTliM2UtMWFiNTJmZTcwMTA2

Request Chain 211

https://ups.analytics.yahoo.com/ups/58269/sync?_origin=1&redir=true HTTP 302
https://ups.analytics.yahoo.com/ups/58269/sync?_origin=1&redir=true&verify=true HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=oath_dbm&google_hm=eS1MUzJOclF0RTJ1SDFuNTdfSHpRZGh5X2hPdWFraEMuYX5B

Request Chain 222

https://pm.w55c.net/ping_match.gif?ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEJ7daqhhmCyBQf3fmwaWCzU&google_cver=1&google_push=AZmPxg-lwOvGsPz76oIUmUugz7jUGOmpB0-8BbIcwjOF30VYjcHhHroYQhnSS3uRPAFnHkdUfpnijfeEfg6EwRTm2wWXjk70tXds HTTP 302
https://pm.w55c.net/ping_match.gif?scc=1&ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEJ7daqhhmCyBQf3fmwaWCzU&google_cver=1&google_push=AZmPxg-lwOvGsPz76oIUmUugz7jUGOmpB0-8BbIcwjOF30VYjcHhHroYQhnSS3uRPAFnHkdUfpnijfeEfg6EwRTm2wWXjk70tXds HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=Z01CbkpkcGsxT0VDSGQ1&google_gid=CAESEJ7daqhhmCyBQf3fmwaWCzU&google_cver=1&google_push=AZmPxg-lwOvGsPz76oIUmUugz7jUGOmpB0-8BbIcwjOF30VYjcHhHroYQhnSS3uRPAFnHkdUfpnijfeEfg6EwRTm2wWXjk70tXds

Request Chain 223

https://a.tribalfusion.com/i.match?p=b6&u=CAESENfNcwanhQsnuu68aZX-3E4&google_cver=1&google_push=AZmPxg9IMPGc0OleBwrRfHjtjZjtE0DBLaq7OrQQeC0QqH9ylfCEjtlGHzLQzHqP6u_gRN51rnRaz9uUAsgXmtmE3FpDuOX4LTGa&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAZmPxg9IMPGc0OleBwrRfHjtjZjtE0DBLaq7OrQQeC0QqH9ylfCEjtlGHzLQzHqP6u_gRN51rnRaz9uUAsgXmtmE3FpDuOX4LTGa%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24 HTTP 302
https://s.tribalfusion.com/z/i.match?p=b6&u=CAESENfNcwanhQsnuu68aZX-3E4&google_cver=1&google_push=AZmPxg9IMPGc0OleBwrRfHjtjZjtE0DBLaq7OrQQeC0QqH9ylfCEjtlGHzLQzHqP6u_gRN51rnRaz9uUAsgXmtmE3FpDuOX4LTGa&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAZmPxg9IMPGc0OleBwrRfHjtjZjtE0DBLaq7OrQQeC0QqH9ylfCEjtlGHzLQzHqP6u_gRN51rnRaz9uUAsgXmtmE3FpDuOX4LTGa%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24

Request Chain 224

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEBRX2zmTQkK94WMyVxoGHGE&google_cver=1&google_push=AZmPxg-NXJRPAQq9Zdxz2UMtnmol0iOxeH836eXU0Jn2ARw-fSYa0SNcJa-QXnvoq7RzHePvCMpEHuXf7IzujJTfDOT3KE7Mtd68 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=NTgyNjcxMjE5MDAzOTYyNzY4OQ&google_push=AZmPxg-NXJRPAQq9Zdxz2UMtnmol0iOxeH836eXU0Jn2ARw-fSYa0SNcJa-QXnvoq7RzHePvCMpEHuXf7IzujJTfDOT3KE7Mtd68

Request Chain 225

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEBRX2zmTQkK94WMyVxoGHGE&google_cver=1&google_push=AZmPxg-Ymlf0jdc1hHOQ4KD2h71vPVUjMNrbvlO5XMXCJoDHbaQb4UdTOk5TWNrgI0ywP_CiEzrfUzQgh8Dji2PRBuYwjKk8wlCI HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=NjYzMDgzODM5ODU4NDk0NDg0NA&google_push=AZmPxg-Ymlf0jdc1hHOQ4KD2h71vPVUjMNrbvlO5XMXCJoDHbaQb4UdTOk5TWNrgI0ywP_CiEzrfUzQgh8Dji2PRBuYwjKk8wlCI

Request Chain 227

https://sync.1rx.io/usersync2/rmpssp?sub=google&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3D%5BRX_SPD%5D%26google_hm%3D%5BRX_UUID_B64_BIN%5D&google_gid=CAESENSvcnk6YnuVvRrCKk3LlPo&google_cver=1&google_push=AZmPxg_m6mmo93bSnITNiGeuQJZEtlA7ZydrKlrG1Bac5pEKzlqmK62dCjMMVsqWu665-uCkNnDzLuS4sdcRbbMPVSzrxgo4-Moy HTTP 302
https://sync.1rx.io/usersync2/rmpssp?sub=google&zcc=1&google_push=AZmPxg_m6mmo93bSnITNiGeuQJZEtlA7ZydrKlrG1Bac5pEKzlqmK62dCjMMVsqWu665-uCkNnDzLuS4sdcRbbMPVSzrxgo4-Moy&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3D%5BRX_SPD%5D%26google_hm%3D%5BRX_UUID_B64_BIN%5D&cb=1664631503280 HTTP 302
https://sync.targeting.unrulymedia.com/csync/RX-afc9c1da-435e-4f64-a643-9e938fb0840e-003?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3DAZmPxg_m6mmo93bSnITNiGeuQJZEtlA7ZydrKlrG1Bac5pEKzlqmK62dCjMMVsqWu665-uCkNnDzLuS4sdcRbbMPVSzrxgo4-Moy%26google_hm%3DA6_JwdpDXk9kpkOek4-whA4 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AZmPxg_m6mmo93bSnITNiGeuQJZEtlA7ZydrKlrG1Bac5pEKzlqmK62dCjMMVsqWu665-uCkNnDzLuS4sdcRbbMPVSzrxgo4-Moy&google_hm=A6_JwdpDXk9kpkOek4-whA4

Request Chain 228

https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEDCgXYQ-qzOvdbVfKDf2wqk&google_cver=1&google_push=AZmPxg9WHC8o8_Vmjpg2R6awjfcSa7bdI3aIMXT4dS2HLFnhljKPSadt15y64_q0OlpBfeiduhm8C8vxQgiBQSAr960-JeWl4IJvMA HTTP 302
https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEDCgXYQ-qzOvdbVfKDf2wqk&google_cver=1&google_push=AZmPxg9WHC8o8_Vmjpg2R6awjfcSa7bdI3aIMXT4dS2HLFnhljKPSadt15y64_q0OlpBfeiduhm8C8vxQgiBQSAr960-JeWl4IJvMA&verify=true HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS1vS082RHVwRTJ1SDZ6V1k1aExEVHpMYVZab0tRWU1mRX5B&google_push=AZmPxg9WHC8o8_Vmjpg2R6awjfcSa7bdI3aIMXT4dS2HLFnhljKPSadt15y64_q0OlpBfeiduhm8C8vxQgiBQSAr960-JeWl4IJvMA

Request Chain 231

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 262

https://um.simpli.fi/gp_match?google_gid=CAESEAQPy5nXHWlDcZ8DFxe10Us&google_cver=1&google_push=AZmPxg8lX7r39T5DQrtnzmAmtl8w_y4g288dlMR99jOlmfBYM18ICeEWq9WIoMLQKR-E7FgEVtomr-vUKoWAEqoBeS_XbXOdh3g6 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=05CF89689C6F424FADBDE2FFE26F71AE&google_push=AZmPxg8lX7r39T5DQrtnzmAmtl8w_y4g288dlMR99jOlmfBYM18ICeEWq9WIoMLQKR-E7FgEVtomr-vUKoWAEqoBeS_XbXOdh3g6

Request Chain 264

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEMaJ0OvVOafl8CADIA49-bY&google_cver=1&google_push=AZmPxg-8U1DGJsFzs64hfgty-wDHMJCBOHMSPoo0zr763Pn6axnZ-FGI7MtP0lUCOZaiDZJHtOIx7whAgccCAHBoiumLtLWahvwp HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AZmPxg-8U1DGJsFzs64hfgty-wDHMJCBOHMSPoo0zr763Pn6axnZ-FGI7MtP0lUCOZaiDZJHtOIx7whAgccCAHBoiumLtLWahvwp&google_hm=Nzc4NTUwOTY3MDY1MDg5NjIzMw%3D%3D

Request Chain 265

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEBRX2zmTQkK94WMyVxoGHGE&google_cver=1&google_push=AZmPxg_gar0PFS0z2JtCw1PFv-Z5QnArsOB4Q3b6pJ1exJC8qxD-PVitFRvQStT-F-xe8CF9AJWHn3GW-wEkTNwROFALuVtHM3hk HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=NjYzMDgzODM5ODU4NDk0NDg0NA&google_push=AZmPxg_gar0PFS0z2JtCw1PFv-Z5QnArsOB4Q3b6pJ1exJC8qxD-PVitFRvQStT-F-xe8CF9AJWHn3GW-wEkTNwROFALuVtHM3hk

Request Chain 267

https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEDCgXYQ-qzOvdbVfKDf2wqk&google_cver=1&google_push=AZmPxg-INlgOSILCO0RfHrfaAEtmxznLYifolvFOu7LbEezsNaW9ZTku-Rw91Mj30zXsocxpv_m2cY6S6arL-fgyrjveo9Rdy6Qobw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS1vS082RHVwRTJ1SDZ6V1k1aExEVHpMYVZab0tRWU1mRX5B&google_push=AZmPxg-INlgOSILCO0RfHrfaAEtmxznLYifolvFOu7LbEezsNaW9ZTku-Rw91Mj30zXsocxpv_m2cY6S6arL-fgyrjveo9Rdy6Qobw

Request Chain 268

https://onetag-sys.com/match/?int_id=106&redir=1&google_gid=CAESEDehX__jwADdWbGEpWAG8_Y&google_cver=1&google_push=AZmPxg9wOePD1h-1234snx_zACQja9S7qzP7ElL7Y0TAxLjFuLsOmHoM2VtKwu-wOubRJoBoY3IAqzFqRoJitC-3VbBI_VqVqJl4FQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AZmPxg9wOePD1h-1234snx_zACQja9S7qzP7ElL7Y0TAxLjFuLsOmHoM2VtKwu-wOubRJoBoY3IAqzFqRoJitC-3VbBI_VqVqJl4FQ HTTP 302
https://onetag-sys.com/match/?int_id=19&google_error=5

Request Chain 281

https://ad.turn.com/r/cs?pid=3&google_gid=CAESEBng9x3Ih3d76barRIKfTbs&google_cver=1&google_push=AZmPxg9IGsrhJ2g3bdd7g8P7LRuHnozLwj9FAFaCbqQNR68D6ovh4Xl8YRNQoHWOxUnOBihB7AlpKEyvDyd1lxiCJcXFVQobyIK8 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=ODMyNzEwNjcwNDQ5MTc0OTU1NQ==&gdpr=&gdpr_consent= HTTP 302
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEBng9x3Ih3d76barRIKfTbs&google_cver=1

Request Chain 282

https://um.simpli.fi/gp_match?google_gid=CAESEAQPy5nXHWlDcZ8DFxe10Us&google_cver=1&google_push=AZmPxg9I4LIhp-BbRtnildKghqGBtVft6sHKFZY3pczhpodij1lhPrcTWkSc6AukdqaCsks6o5kHJdVugN_PdbJsSWUKieuVNtD6 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=05CF89689C6F424FADBDE2FFE26F71AE&google_push=AZmPxg9I4LIhp-BbRtnildKghqGBtVft6sHKFZY3pczhpodij1lhPrcTWkSc6AukdqaCsks6o5kHJdVugN_PdbJsSWUKieuVNtD6

Request Chain 283

https://ads.travelaudience.com/google_pixel?google_gid=CAESELvgf9vU2Ow32rAg8rDetx0&google_cver=1&google_push=AZmPxg_F_6PLvxVgQ51y2MixmSDzfnHjDKd16X8tL9pv91cr4fBMSJYP05bmL1B0HlPQMJKHIn1cqtuOZJNKSW8t2xartsObZciF HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=zU8jhXeNQzSJ1DzvjqrCeA2&google_push=AZmPxg_F_6PLvxVgQ51y2MixmSDzfnHjDKd16X8tL9pv91cr4fBMSJYP05bmL1B0HlPQMJKHIn1cqtuOZJNKSW8t2xartsObZciF

Request Chain 284

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEMaJ0OvVOafl8CADIA49-bY&google_cver=1&google_push=AZmPxg8OR2LvuEATOrr-gcuddH6Ur9qmu4_o7xmQloAtPOnmv-ojswlqDRsRmFAFb-7SeCeoL617oHHQBtGu4kg4yp-aC1ifk788 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AZmPxg8OR2LvuEATOrr-gcuddH6Ur9qmu4_o7xmQloAtPOnmv-ojswlqDRsRmFAFb-7SeCeoL617oHHQBtGu4kg4yp-aC1ifk788&google_hm=Nzc4NTUwOTY3MDY1MDg5NjIzMw%3D%3D

Request Chain 286

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEAVdoJBmtR97c1QyiTNHb40&google_cver=1&google_push=AZmPxg-6TW6rdIocnenBSfs36f_CzQXylc6lIdkTJRMg-OU8bZ8gFB1QEuzq4dluYcQ00jPxGw0qR3kM0ebidxpC0qw6RokbmLg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDhQWU04T0MtOC0yODJZ&google_push=AZmPxg-6TW6rdIocnenBSfs36f_CzQXylc6lIdkTJRMg-OU8bZ8gFB1QEuzq4dluYcQ00jPxGw0qR3kM0ebidxpC0qw6RokbmLg

Request Chain 287

https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEDCgXYQ-qzOvdbVfKDf2wqk&google_cver=1&google_push=AZmPxg_5e5Hy6ISnHrayw0wI7MSTcWrnygn6ljqlsWnC8CfFPqAVcehU6tcamzvJOYFODdu3XcQmPptigfUsg5cMow43Fd7WZANQiw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS1vS082RHVwRTJ1SDZ6V1k1aExEVHpMYVZab0tRWU1mRX5B&google_push=AZmPxg_5e5Hy6ISnHrayw0wI7MSTcWrnygn6ljqlsWnC8CfFPqAVcehU6tcamzvJOYFODdu3XcQmPptigfUsg5cMow43Fd7WZANQiw

Request Chain 312

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESELtBR-BBdOBs_SSzFsKovKY&google_cver=1&google_push=AZmPxg9Wgf4yPPXmK0JBAEHJpJzAZnJ4PiusrUHckLSM3Umd5Txa1yrD0kTS3Je8YxBn6G-wAN-KIR0QR4mwzs12YrQ6NddDul8 HTTP 302
https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESELtBR-BBdOBs_SSzFsKovKY&google_hm=YzhCz_ry9XBwdZPxX9EfRAAABFMAAAIB&google_nid=index&google_push=AZmPxg9Wgf4yPPXmK0JBAEHJpJzAZnJ4PiusrUHckLSM3Umd5Txa1yrD0kTS3Je8YxBn6G-wAN-KIR0QR4mwzs12YrQ6NddDul8

Request Chain 313

https://match.360yield.com/match/ebda?google_gid=CAESEBXX2FWsgy36jhd3a_dDpA0&google_cver=1&google_push=AZmPxg8MVJDrACXYt2QkcdJyn2PO2gWMINWMJdB-AyyiKxmPY66bIWDFpxXhUhSPH07ZG2TWUCOtN4ZEkjV8K-Z8-138GrQilpQ HTTP 302
https://match.360yield.com/ul_cb/match/ebda?google_gid=CAESEBXX2FWsgy36jhd3a_dDpA0&google_cver=1&google_push=AZmPxg8MVJDrACXYt2QkcdJyn2PO2gWMINWMJdB-AyyiKxmPY66bIWDFpxXhUhSPH07ZG2TWUCOtN4ZEkjV8K-Z8-138GrQilpQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=oJXi4eaBQcaL2zCSdQJJBg&google_push=AZmPxg8MVJDrACXYt2QkcdJyn2PO2gWMINWMJdB-AyyiKxmPY66bIWDFpxXhUhSPH07ZG2TWUCOtN4ZEkjV8K-Z8-138GrQilpQ

Request Chain 314

https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEDCgXYQ-qzOvdbVfKDf2wqk&google_cver=1&google_push=AZmPxg_puHCGTrEbRyG1LlGW8AAi5pLllKzKccOmC067w0Ps2bIvZRM3I7MJinST70KbZDI_r8e5a-gflpSKSV3qTy4NRyL_zCQV HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS1vS082RHVwRTJ1SDZ6V1k1aExEVHpMYVZab0tRWU1mRX5B&google_push=AZmPxg_puHCGTrEbRyG1LlGW8AAi5pLllKzKccOmC067w0Ps2bIvZRM3I7MJinST70KbZDI_r8e5a-gflpSKSV3qTy4NRyL_zCQV

Request Chain 325

https://x.bidswitch.net/sync?ssp=google&google_gid=CAESEIk3a5KET-Pw2XB3NZZF2Ec&google_cver=1&google_push=AZmPxg_CrQVe3pCH8tu9rzuf-C068EBkMeBUgSCF8nKH59iBYzyCdPSyOa0hy-SF2SqjU9y73tah13XJb_V9DSDsC5EKMpC29BxN HTTP 302
https://x.bidswitch.net/ul_cb/sync?ssp=google&google_gid=CAESEIk3a5KET-Pw2XB3NZZF2Ec&google_cver=1&google_push=AZmPxg_CrQVe3pCH8tu9rzuf-C068EBkMeBUgSCF8nKH59iBYzyCdPSyOa0hy-SF2SqjU9y73tah13XJb_V9DSDsC5EKMpC29BxN HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=AZmPxg_CrQVe3pCH8tu9rzuf-C068EBkMeBUgSCF8nKH59iBYzyCdPSyOa0hy-SF2SqjU9y73tah13XJb_V9DSDsC5EKMpC29BxN&google_hm=JMdibaplRCeYkPbCOVojdA==

Request Chain 326

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEMaJ0OvVOafl8CADIA49-bY&google_cver=1&google_push=AZmPxg-_DWudieZ_8Fntnlf_BPQUb3enBxONjNLeLmKYXP9zUZ_Ql1DVyz4JCDZSmjsGrXsf6CwDguUluUb0hn89iKlNaTrzEh3- HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AZmPxg-_DWudieZ_8Fntnlf_BPQUb3enBxONjNLeLmKYXP9zUZ_Ql1DVyz4JCDZSmjsGrXsf6CwDguUluUb0hn89iKlNaTrzEh3-&google_hm=Nzc4NTUwOTY3MDY1MDg5NjIzMw%3D%3D

Request Chain 328

https://match.360yield.com/match/ebda?google_gid=CAESEBXX2FWsgy36jhd3a_dDpA0&google_cver=1&google_push=AZmPxg9OT-4l5PnT4K8Jzt8fH3XtRWGDW8xvMI7EG72FCwQ2ATIIKC9kGm8Z4MAmk89x5pUYHZbYZf2jZ8fQtFN04VKLFV2fu3II HTTP 302
https://match.360yield.com/ul_cb/match/ebda?google_gid=CAESEBXX2FWsgy36jhd3a_dDpA0&google_cver=1&google_push=AZmPxg9OT-4l5PnT4K8Jzt8fH3XtRWGDW8xvMI7EG72FCwQ2ATIIKC9kGm8Z4MAmk89x5pUYHZbYZf2jZ8fQtFN04VKLFV2fu3II HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=oJXi4eaBQcaL2zCSdQJJBg&google_push=AZmPxg9OT-4l5PnT4K8Jzt8fH3XtRWGDW8xvMI7EG72FCwQ2ATIIKC9kGm8Z4MAmk89x5pUYHZbYZf2jZ8fQtFN04VKLFV2fu3II

Request Chain 336

https://ad.turn.com/r/cs?pid=3&google_gid=CAESEBng9x3Ih3d76barRIKfTbs&google_cver=1&google_push=AZmPxg8PFmhYciZV2fhnRGT6sK7voN4Jj9UNsKdYWBkhbOk7XehT_MEgxLnUhoT5IPJ_OI-4cSnqu9VVAkYSSrwYhSVrNAAvRfnS HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=ODMyNzEwNjcwNDQ5MTc0OTU1NQ==&gdpr=&gdpr_consent= HTTP 302
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEBng9x3Ih3d76barRIKfTbs&google_cver=1

Request Chain 338

https://sync.mathtag.com/sync/img?mt_exid=4&google_gid=CAESEI6Mgw-6B-1Al9DpCJolVOA&google_cver=1&google_push=AZmPxg_lkJ9S9PrrOTWTGMwoNiPfu8fROQSJp451AoQa8de0qeyM4uB7Tp93HtNI1mv3ZvXTP-KJ675IwXGjVAVkpNB4IfxuSkhy HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=AZmPxg_lkJ9S9PrrOTWTGMwoNiPfu8fROQSJp451AoQa8de0qeyM4uB7Tp93HtNI1mv3ZvXTP-KJ675IwXGjVAVkpNB4IfxuSkhy

Request Chain 341

https://ads.travelaudience.com/google_pixel?google_gid=CAESELvgf9vU2Ow32rAg8rDetx0&google_cver=1&google_push=AZmPxg_l4EzV0Hic7MgwSN1eSyHzr2mxkiEIRf4L1fOdtrvpe1D_CR8z0tyH1PDWoUs6r0ekKLMvSs8jGXRPz9tgd1A4hWbeK6R0 HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=zU8jhXeNQzSJ1DzvjqrCeA2&google_push=AZmPxg_l4EzV0Hic7MgwSN1eSyHzr2mxkiEIRf4L1fOdtrvpe1D_CR8z0tyH1PDWoUs6r0ekKLMvSs8jGXRPz9tgd1A4hWbeK6R0

Request Chain 342

https://x.bidswitch.net/sync?ssp=google&google_gid=CAESEIk3a5KET-Pw2XB3NZZF2Ec&google_cver=1&google_push=AZmPxg9fmGGmGzn7cHaaRe03I-9KTVh8Gf7IARkYcDjVYvwSY5Roe7HhlY7coRtVZaCuf2POFiYg3SQiIlifORsNSLouScPCXXUw HTTP 302
https://ads.creative-serving.com/bsw_sync?bidswitch_ssp_id=google&bsw_custom_parameter=24c7626d-aa65-4427-9890-f6c2395a2374 HTTP 302
https://ads.creative-serving.com/ul_cb/bsw_sync?bidswitch_ssp_id=google&bsw_custom_parameter=24c7626d-aa65-4427-9890-f6c2395a2374 HTTP 302
https://x.bidswitch.net/sync?dsp_id=4&user_id=a9f03852-0a61-4b37-a9ae-082430b8e531&ssp=google&expires=30&user_group=5&bsw_param=24c7626d-aa65-4427-9890-f6c2395a2374 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=AZmPxg_CrQVe3pCH8tu9rzuf-C068EBkMeBUgSCF8nKH59iBYzyCdPSyOa0hy-SF2SqjU9y73tah13XJb_V9DSDsC5EKMpC29BxN&google_hm=JMdibaplRCeYkPbCOVojdA==

Request Chain 409

https://secure.adnxs.com/getuid?https%3A%2F%2Fsync.aniview.com%2Fcookiesyncendpoint%3Fauid%3D1664631505489-919491282646-005900-003-004066%26biddername%3D55%26key%3D%24UID HTTP 302
https://sync.aniview.com/cookiesyncendpoint?auid=1664631505489-919491282646-005900-003-004066&biddername=55&key=5407465011447374603

Request Chain 413

https://sync.1rx.io/usersync2/rmpssp?sub=aniview&gdpr=1&gdpr_pd=0&gdpr_consent=&redir=https%3A%2F%2Fsync.aniview.com%2Fcookiesyncendpoint%3Fauid%3D1664631505489-919491282646-005900-003-004066%26biddername%3D200%26key%3D%5BRX_UUID%5D HTTP 302
https://sync.aniview.com/cookiesyncendpoint?auid=1664631505489-919491282646-005900-003-004066&biddername=200&key=OPTOUT

Request Chain 417

https://bh.contextweb.com/bh/rtset?pid=562704&ev=1&us_privacy=${us_privacy}&rurl=https%3A%2F%2Fsync.aniview.com%2Fcookiesyncendpoint%3Fauid%3D1664631505489-919491282646-005900-003-004066%26biddername%3D10%26pid%3D59c9148628a0612da3689288%26key%3D%25%25VGUID%25%25 HTTP 302
https://sync.aniview.com/cookiesyncendpoint?auid=1664631505489-919491282646-005900-003-004066&biddername=10&pid=59c9148628a0612da3689288&key=WmAtqgJxJSZi&ev=1&us_privacy=${us_privacy}&pid=562704

451 HTTP transactions
17 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request / Show response
www.123greetings.com/events/national_day_china/ 33 KB
8 KB 763ms
430ms Document
text/html 184.72.244.154
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://www.123greetings.com/events/national_day_china/?utm_source=eoct_nationalday_china_remail

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

184.72.244.154 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

www.123greetings.com

Software

Apache/2.4.54 () OpenSSL/1.0.2k-fips PHP/5.4.16 / PHP/5.4.16

Resource Hash

5b040d43b4044c9dfd57ea957dee07b673b43c0e1f0f1c017014b02bef027045

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Age: 0
Cache-Control: max-age=900
Connection: close
Content-Encoding: gzip
Content-Length: 8130
Content-Type: text/html; charset=UTF-8
Date: Sat, 01 Oct 2022 13:38:19 GMT
Expires: Sat, 01 Oct 2022 13:53:19 GMT
Server: Apache/2.4.54 () OpenSSL/1.0.2k-fips PHP/5.4.16
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Powered-By: PHP/5.4.16

GET
H/1.1 200
OK sub_categories_R1.css
c.123g.us/css/ 9 KB
3 KB 286ms
8ms Stylesheet
text/css 67.27.157.252
LEVEL3

General

Check archive.org

Show headers Download Go to

Full URL: https://c.123g.us/css/sub_categories_R1.css
Requested by: Host: www.123greetings.com
URL: https://www.123greetings.com/events/national_day_china/?utm_source=eoct_nationalday_china_remail
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 67.27.157.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 0596974ea0a4aa88cce0d0683b3af837fb80d633788395a98723d319f39c8de4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Date: Tue, 27 Sep 2022 09:58:35 GMT
Content-Encoding: gzip
Last-Modified: Wed, 15 Jun 2022 10:42:44 GMT
Server: Apache/2.2.15 (CentOS)
Age: 358785
ETag: "225f-5e17a2e623100"
Vary: Accept-Encoding
Content-Type: text/css
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2397
jake_test: Test_Pass
Expires: Tue, 27 Sep 2022 10:13:35 GMT

GET
H/1.1 200
OK chk_script.js Show response
c.123g.us/js2/ 1 KB
1 KB 286ms
9ms Script
application/javascript 67.27.157.252
LEVEL3

General

Check archive.org

Show headers Download Go to

Full URL: https://c.123g.us/js2/chk_script.js
Requested by: Host: www.123greetings.com
URL: https://www.123greetings.com/events/national_day_china/?utm_source=eoct_nationalday_china_remail
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 67.27.157.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.4.54 () OpenSSL/1.0.2k-fips /
Resource Hash: 0ddeadca43a405855a40c8dae3b1c3335a742811130d425cffd24b2e20ea5ee1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Date: Thu, 15 Sep 2022 08:09:00 GMT
Content-Encoding: gzip
Last-Modified: Thu, 15 Sep 2022 08:07:43 GMT
Server: Apache/2.4.54 () OpenSSL/1.0.2k-fips
Age: 1402160
ETag: "4d8-5e8b2bd6a9838-gzip"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 608
jake_test: Test_Pass
Expires: Thu, 15 Sep 2022 08:24:00 GMT

GET
H/1.1 200
OK 124781_th.gif
i.123g.us/c/eoct_nationalday_china/th/ 8 KB
8 KB 163ms
19ms Image
image/gif 67.27.157.252
LEVEL3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.123g.us/c/eoct_nationalday_china/th/124781_th.gif
Requested by: Host: www.123greetings.com
URL: https://www.123greetings.com/events/national_day_china/?utm_source=eoct_nationalday_china_remail
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 67.27.157.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.4.54 () OpenSSL/1.0.2k-fips /
Resource Hash: f5c1bc8b8dcd115524672d43cab6c98437221c1436a87d82831b6973368db684

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Date: Mon, 19 Sep 2022 06:55:28 GMT
Last-Modified: Mon, 24 Feb 2014 08:31:37 GMT
Server: Apache/2.4.54 () OpenSSL/1.0.2k-fips
Age: 1060972
ETag: "1ff6-4f322ccc8ec40"
Content-Type: image/gif
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 8182
jake_test: Test_Pass
Expires: Mon, 19 Sep 2022 07:10:28 GMT

GET
H/1.1 200
OK 314549_th.gif
i.123g.us/c/eoct_nationalday_china/th/ 14 KB
14 KB 188ms
37ms Image
image/gif 67.27.157.252
LEVEL3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.123g.us/c/eoct_nationalday_china/th/314549_th.gif
Requested by: Host: www.123greetings.com
URL: https://www.123greetings.com/events/national_day_china/?utm_source=eoct_nationalday_china_remail
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 67.27.157.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 9c34b121084081f98f436ace0c8636dfba0a319e76bb0be20faacf58c61afacf

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Date: Mon, 19 Sep 2022 06:55:28 GMT
Last-Modified: Mon, 17 Aug 2015 23:29:04 GMT
Server: Apache/2.2.15 (CentOS)
Age: 1060972
ETag: "373e-51d8a2ac81000"
Content-Type: image/gif
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 14142
jake_test: Test_Pass
Expires: Mon, 19 Sep 2022 07:10:28 GMT

GET
H/1.1 200
OK 124785_th.gif
i.123g.us/c/eoct_nationalday_china/th/ 8 KB
8 KB 169ms
12ms Image
image/gif 67.27.157.252
LEVEL3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.123g.us/c/eoct_nationalday_china/th/124785_th.gif
Requested by: Host: www.123greetings.com
URL: https://www.123greetings.com/events/national_day_china/?utm_source=eoct_nationalday_china_remail
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 67.27.157.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 77039ea0e5aee4d7b72c9ec3bbd1bef2759f4b9043460b120d571fbd480b9fed

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Date: Sat, 10 Sep 2022 13:14:59 GMT
Last-Modified: Mon, 24 Feb 2014 09:50:55 GMT
Server: Apache/2.2.15 (CentOS)
Age: 1815801
ETag: "1fdd-4f323e8623dc0"
Content-Type: image/gif
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 8157
jake_test: Test_Pass
Expires: Fri, 30 Sep 2022 05:16:27 GMT

GET
H/1.1 200
OK 121104_th.gif
i.123g.us/c/eoct_nationalday_china/th/ 7 KB
7 KB 175ms
10ms Image
image/gif 67.27.157.252
LEVEL3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.123g.us/c/eoct_nationalday_china/th/121104_th.gif
Requested by: Host: www.123greetings.com
URL: https://www.123greetings.com/events/national_day_china/?utm_source=eoct_nationalday_china_remail
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 67.27.157.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: ca9e0c65c02dd47b70c0afa444f7d5c98838155b4e7b9d7adb4b6837a8a3b39b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Date: Thu, 22 Sep 2022 05:36:54 GMT
Last-Modified: Mon, 24 Feb 2014 09:50:55 GMT
Server: Apache/2.2.15 (CentOS)
Age: 806486
ETag: "1c8b-4f323e8623dc0"
Content-Type: image/gif
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 7307
jake_test: Test_Pass
Expires: Wed, 28 Sep 2022 08:55:51 GMT

GET
H/1.1 200
OK 121098_th.gif
i.123g.us/c/eoct_nationalday_china/th/ 5 KB
6 KB 174ms
14ms Image
image/gif 67.27.157.252
LEVEL3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.123g.us/c/eoct_nationalday_china/th/121098_th.gif
Requested by: Host: www.123greetings.com
URL: https://www.123greetings.com/events/national_day_china/?utm_source=eoct_nationalday_china_remail
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 67.27.157.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 8b748787a3a389a5f2297c5158b2f0838db39741085917ade991a174d08f11fe

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Date: Mon, 12 Sep 2022 15:32:25 GMT
Last-Modified: Mon, 24 Feb 2014 09:50:55 GMT
Server: Apache/2.2.15 (CentOS)
Age: 1634755
ETag: "1502-4f323e8623dc0"
Content-Type: image/gif
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 5378
jake_test: Test_Pass
Expires: Mon, 19 Sep 2022 07:10:28 GMT

GET
H/1.1 200
OK 121081_th.gif
i.123g.us/c/eoct_nationalday_china/th/ 8 KB
8 KB 168ms
10ms Image
image/gif 67.27.157.252
LEVEL3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.123g.us/c/eoct_nationalday_china/th/121081_th.gif
Requested by: Host: www.123greetings.com
URL: https://www.123greetings.com/events/national_day_china/?utm_source=eoct_nationalday_china_remail
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 67.27.157.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.4.54 () OpenSSL/1.0.2k-fips /
Resource Hash: 1056d6f78489b757594f2f467c724130323d4096561b723f7a12ee218bbf55ad

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Date: Sat, 24 Sep 2022 07:44:30 GMT
Last-Modified: Wed, 05 Aug 2015 15:29:18 GMT
Server: Apache/2.4.54 () OpenSSL/1.0.2k-fips
Age: 626030
ETag: "1f81-51c9210e80f80"
Content-Type: image/gif
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 8065
jake_test: Test_Pass
Expires: Sat, 24 Sep 2022 07:59:30 GMT

GET
H/1.1 200
OK 121099_th.gif
i.123g.us/c/eoct_nationalday_china/th/ 8 KB
8 KB 123ms
11ms Image
image/gif 67.27.157.252
LEVEL3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.123g.us/c/eoct_nationalday_china/th/121099_th.gif
Requested by: Host: www.123greetings.com
URL: https://www.123greetings.com/events/national_day_china/?utm_source=eoct_nationalday_china_remail
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 67.27.157.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 258db6a3d082fd94def3ee14861869b4b104d237a7706cfb71de1e92604350ab

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Date: Fri, 16 Sep 2022 14:30:55 GMT
Last-Modified: Wed, 05 Aug 2015 15:29:44 GMT
Server: Apache/2.2.15 (CentOS)
Age: 1292845
ETag: "1eee-51c921274ca00"
Content-Type: image/gif
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 7918
jake_test: Test_Pass
Expires: Fri, 16 Sep 2022 14:45:55 GMT

GET
H/1.1 200
OK 121101_th.gif
i.123g.us/c/eoct_nationalday_china/th/ 8 KB
8 KB 139ms
16ms Image
image/gif 67.27.157.252
LEVEL3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.123g.us/c/eoct_nationalday_china/th/121101_th.gif
Requested by: Host: www.123greetings.com
URL: https://www.123greetings.com/events/national_day_china/?utm_source=eoct_nationalday_china_remail
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 67.27.157.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 2cdedf30b3876f3556aafea7e5ab6baa19f67f4cd776af5aa3132162b796381a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Date: Thu, 08 Sep 2022 05:14:51 GMT
Last-Modified: Mon, 24 Feb 2014 09:50:55 GMT
Server: Apache/2.2.15 (CentOS)
Age: 2017409
ETag: "1fd0-4f323e8623dc0"
Content-Type: image/gif
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 8144
jake_test: Test_Pass
Expires: Thu, 08 Sep 2022 05:29:51 GMT

GET
H/1.1 200
OK 121082_th.gif
i.123g.us/c/eoct_nationalday_china/th/ 7 KB
8 KB 125ms
13ms Image
image/gif 67.27.157.252
LEVEL3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.123g.us/c/eoct_nationalday_china/th/121082_th.gif
Requested by: Host: www.123greetings.com
URL: https://www.123greetings.com/events/national_day_china/?utm_source=eoct_nationalday_china_remail
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 67.27.157.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.4.54 () OpenSSL/1.0.2k-fips /
Resource Hash: 0616aad0b0f031f2c2dd50ec3110dbee9e4792efc1b827bd66fd0182d7be1124

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Date: Tue, 20 Sep 2022 04:58:46 GMT
Last-Modified: Wed, 05 Aug 2015 15:29:28 GMT
Server: Apache/2.4.54 () OpenSSL/1.0.2k-fips
Age: 981574
ETag: "1d79-51c921180a600"
Content-Type: image/gif
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 7545
jake_test: Test_Pass
Expires: Tue, 20 Sep 2022 05:13:46 GMT

GET
H/1.1 200
OK 121103_th.gif
i.123g.us/c/eoct_nationalday_china/th/ 7 KB
7 KB 123ms
11ms Image
image/gif 67.27.157.252
LEVEL3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.123g.us/c/eoct_nationalday_china/th/121103_th.gif
Requested by: Host: www.123greetings.com
URL: https://www.123greetings.com/events/national_day_china/?utm_source=eoct_nationalday_china_remail
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 67.27.157.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: a8bd8f6002d82bd7edd3df6cf9ba87e77a26123e5c0c9a60cf4050aafc1208c2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Date: Mon, 12 Sep 2022 15:32:25 GMT
Last-Modified: Wed, 05 Aug 2015 15:29:35 GMT
Server: Apache/2.2.15 (CentOS)
Age: 1634755
ETag: "1ae7-51c9211eb75c0"
Content-Type: image/gif
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 6887
jake_test: Test_Pass
Expires: Wed, 21 Sep 2022 06:24:40 GMT

GET
H/1.1 200
OK cal_block2.gif
i.123g.us/images/special_block/ 24 KB
24 KB 122ms
10ms Image
image/gif 67.27.157.252
LEVEL3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.123g.us/images/special_block/cal_block2.gif
Requested by: Host: www.123greetings.com
URL: https://www.123greetings.com/events/national_day_china/?utm_source=eoct_nationalday_china_remail
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 67.27.157.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.4.54 () OpenSSL/1.0.2k-fips /
Resource Hash: 21026407398ed753d48cd817a1f47881738ab30f449b90aa3f83d179ff3ed267

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Date: Mon, 19 Sep 2022 07:00:43 GMT
Last-Modified: Tue, 23 Aug 2022 04:50:03 GMT
Server: Apache/2.4.54 () OpenSSL/1.0.2k-fips
Age: 1060657
ETag: "5fd2-5e6e14c2a9260"
Content-Type: image/gif
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 24530
jake_test: Test_Pass
Expires: Mon, 19 Sep 2022 07:15:43 GMT

GET
H/1.1 200
OK 123057_ic.gif
i.123g.us/c/birth_happybirthday/ic/ 3 KB
3 KB 111ms
8ms Image
image/gif 67.27.157.252
LEVEL3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.123g.us/c/birth_happybirthday/ic/123057_ic.gif
Requested by: Host: www.123greetings.com
URL: https://www.123greetings.com/events/national_day_china/?utm_source=eoct_nationalday_china_remail
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 67.27.157.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Footprint Distributor V6.1.1162 /
Resource Hash: 3f5540651a7fc59fff9c418779bed42cfe8400f5a540b469fedd46b90b764787

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Date: Wed, 21 Sep 2022 10:46:17 GMT
Last-Modified: Mon, 24 Feb 2014 09:36:10 GMT
Server: Footprint Distributor V6.1.1162
Age: 874323
ETag: "bc2-4f323b3a23680"
Content-Type: image/gif
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3010
jake_test: Test_Pass
Expires: Mon, 26 Sep 2022 10:26:22 GMT

GET
H/1.1 200
OK 332173_ic.gif
i.123g.us/c/birth_fun/ic/ 4 KB
4 KB 125ms
21ms Image
image/gif 67.27.157.252
LEVEL3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.123g.us/c/birth_fun/ic/332173_ic.gif
Requested by: Host: www.123greetings.com
URL: https://www.123greetings.com/events/national_day_china/?utm_source=eoct_nationalday_china_remail
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 67.27.157.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 7a1dd1bee7fb2e7ed17e9d3fe95f0cd31207577ab981ff4ebc6ebfb2d88f7c4c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Date: Thu, 08 Sep 2022 17:45:03 GMT
Last-Modified: Tue, 10 Jul 2018 11:10:31 GMT
Server: Apache/2.2.15 (CentOS)
Age: 1972397
ETag: "f60-570a32da017c0"
Content-Type: image/gif
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3936
jake_test: Test_Pass
Expires: Fri, 16 Sep 2022 13:48:19 GMT

GET
H/1.1 200
OK 330017_ic.gif
i.123g.us/c/birth_wishes/ic/ 4 KB
4 KB 24ms
12ms Image
image/gif 67.27.157.252
LEVEL3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.123g.us/c/birth_wishes/ic/330017_ic.gif
Requested by: Host: www.123greetings.com
URL: https://www.123greetings.com/events/national_day_china/?utm_source=eoct_nationalday_china_remail
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 67.27.157.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.4.54 () OpenSSL/1.0.2k-fips /
Resource Hash: 5ce911a3a53fbfee2bc985a2fdeb5965e9d15a17854e7b536bbd6cc53b6ed52d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Date: Wed, 21 Sep 2022 11:13:34 GMT
Last-Modified: Sat, 29 Jul 2017 07:37:35 GMT
Server: Apache/2.4.54 () OpenSSL/1.0.2k-fips
Age: 872686
ETag: "fcc-5556fdf060dc0"
Content-Type: image/gif
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 4044
jake_test: Test_Pass
Expires: Mon, 26 Sep 2022 13:55:11 GMT

GET
H/1.1 200
OK 126880_ic.gif
i.123g.us/c/eoct_worldelders_day/ic/ 3 KB
3 KB 23ms
12ms Image
image/gif 67.27.157.252
LEVEL3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.123g.us/c/eoct_worldelders_day/ic/126880_ic.gif
Requested by: Host: www.123greetings.com
URL: https://www.123greetings.com/events/national_day_china/?utm_source=eoct_nationalday_china_remail
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 67.27.157.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.4.54 () OpenSSL/1.0.2k-fips /
Resource Hash: d8de354b3daf4d85422c4cba5054f5861a653699739bc9890f8efdbab8e2c1cb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Date: Sat, 10 Sep 2022 12:46:01 GMT
Last-Modified: Thu, 18 Sep 2014 09:06:26 GMT
Server: Apache/2.4.54 () OpenSSL/1.0.2k-fips
Age: 1817539
ETag: "ad9-503534c9bc880"
Content-Type: image/gif
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2777
jake_test: Test_Pass
Expires: Sun, 18 Sep 2022 08:47:23 GMT

GET
H/1.1 200
OK 124103_ic.gif
i.123g.us/c/anniv_wedanniv_couple/ic/ 3 KB
3 KB 22ms
17ms Image
image/gif 67.27.157.252
LEVEL3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.123g.us/c/anniv_wedanniv_couple/ic/124103_ic.gif
Requested by: Host: www.123greetings.com
URL: https://www.123greetings.com/events/national_day_china/?utm_source=eoct_nationalday_china_remail
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 67.27.157.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.4.54 () OpenSSL/1.0.2k-fips /
Resource Hash: 3bc95e2d726f7fd5ed8decfc0ae24c18933404bffa252ad6000fd01905210042

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Date: Fri, 02 Sep 2022 08:57:44 GMT
Last-Modified: Mon, 24 Feb 2014 08:12:01 GMT
Server: Apache/2.4.54 () OpenSSL/1.0.2k-fips
Age: 2522436
ETag: "c3d-4f32286b09640"
Content-Type: image/gif
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3133
jake_test: Test_Pass
Expires: Tue, 06 Sep 2022 06:53:38 GMT

GET
H/1.1 200
OK 349580_ic.gif
i.123g.us/c/birth_sonanddaughter/ic/ 3 KB
4 KB 19ms
11ms Image
image/gif 67.27.157.252
LEVEL3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.123g.us/c/birth_sonanddaughter/ic/349580_ic.gif
Requested by: Host: www.123greetings.com
URL: https://www.123greetings.com/events/national_day_china/?utm_source=eoct_nationalday_china_remail
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 67.27.157.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: bd3ea71142da2f789c88adb1241f941633506f4139287c7e7a67b651d024f8c4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Date: Wed, 21 Sep 2022 14:58:56 GMT
Last-Modified: Thu, 03 Mar 2022 13:05:59 GMT
Server: Apache/2.2.15 (CentOS)
Age: 859164
ETag: "cb9-5d9500f307bc0"
Content-Type: image/gif
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3257
jake_test: Test_Pass
Expires: Tue, 27 Sep 2022 12:52:27 GMT

GET
H/1.1 200
OK 314549_ic.gif
i.123g.us/c/eoct_nationalday_china/ic/ 5 KB
5 KB 24ms
16ms Image
image/gif 67.27.157.252
LEVEL3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.123g.us/c/eoct_nationalday_china/ic/314549_ic.gif
Requested by: Host: www.123greetings.com
URL: https://www.123greetings.com/events/national_day_china/?utm_source=eoct_nationalday_china_remail
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 67.27.157.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 61db8778950ad1886b03d3a3ec7de2cc4094585148a7da735692c01eb60fe247

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Date: Thu, 29 Sep 2022 16:22:46 GMT
Last-Modified: Mon, 17 Aug 2015 22:55:48 GMT
Server: Apache/2.2.15 (CentOS)
Age: 162934
ETag: "1321-51d89b3cf8500"
Content-Type: image/gif
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 4897
jake_test: Test_Pass
Expires: Thu, 29 Sep 2022 16:37:46 GMT

GET
H/1.1 200
OK 301970_ic.jpg
i.123g.us/c/love_iloveyou_general/ic/ 1 KB
1 KB 14ms
9ms Image
image/jpeg 67.27.157.252
LEVEL3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.123g.us/c/love_iloveyou_general/ic/301970_ic.jpg
Requested by: Host: www.123greetings.com
URL: https://www.123greetings.com/events/national_day_china/?utm_source=eoct_nationalday_china_remail
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 67.27.157.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: d6f09f5be74d631dd1f18673a373c0746c20ee37d6994f2b7cd08047693f7cb4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Date: Sat, 24 Sep 2022 11:58:12 GMT
Last-Modified: Wed, 05 Nov 2014 14:07:12 GMT
Server: Apache/2.2.15 (CentOS)
Age: 610808
ETag: "448-5071d189de400"
Content-Type: image/jpeg
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1096
jake_test: Test_Pass
Expires: Sat, 24 Sep 2022 12:13:12 GMT

GET
H/1.1 200
OK 123077_ic.gif
i.123g.us/c/birth_bronsis/ic/ 3 KB
3 KB 20ms
11ms Image
image/gif 67.27.157.252
LEVEL3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.123g.us/c/birth_bronsis/ic/123077_ic.gif
Requested by: Host: www.123greetings.com
URL: https://www.123greetings.com/events/national_day_china/?utm_source=eoct_nationalday_china_remail
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 67.27.157.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 1c59201e7f61dd25d07f893a1e025199d394ae301e9a5d788d6fb831e09a1faa

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Date: Fri, 02 Sep 2022 16:17:04 GMT
Last-Modified: Mon, 24 Feb 2014 09:36:07 GMT
Server: Apache/2.2.15 (CentOS)
Age: 2496076
ETag: "ae2-4f323b3746fc0"
Content-Type: image/gif
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2786
jake_test: Test_Pass
Expires: Wed, 14 Sep 2022 03:24:07 GMT

GET
H/1.1 200
OK 113600_ic.gif
i.123g.us/c/anniv_anniversaryetc/ic/ 3 KB
3 KB 17ms
11ms Image
image/gif 67.27.157.252
LEVEL3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.123g.us/c/anniv_anniversaryetc/ic/113600_ic.gif
Requested by: Host: www.123greetings.com
URL: https://www.123greetings.com/events/national_day_china/?utm_source=eoct_nationalday_china_remail
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 67.27.157.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: ab6521d7f8270a417139743c6dfb2cf083d647b4d350a25e13faade0e857a9fb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Date: Tue, 20 Sep 2022 04:57:09 GMT
Last-Modified: Mon, 24 Feb 2014 08:24:12 GMT
Server: Apache/2.2.15 (CentOS)
Age: 981671
ETag: "b57-4f322b242c300"
Content-Type: image/gif
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2903
jake_test: Test_Pass
Expires: Tue, 20 Sep 2022 05:12:09 GMT

GET
H/1.1 200
OK 349647_ic.gif
i.123g.us/c/anniv_ouranniversary_forher/ic/ 3 KB
4 KB 31ms
28ms Image
image/gif 67.27.157.252
LEVEL3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.123g.us/c/anniv_ouranniversary_forher/ic/349647_ic.gif
Requested by: Host: www.123greetings.com
URL: https://www.123greetings.com/events/national_day_china/?utm_source=eoct_nationalday_china_remail
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 67.27.157.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: d930f4b2818eee635146f400cd83c29f1191da650dee72af1d0d12fdd218a040

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Date: Mon, 19 Sep 2022 05:59:19 GMT
Last-Modified: Fri, 11 Mar 2022 13:34:27 GMT
Server: Apache/2.2.15 (CentOS)
Age: 1064341
ETag: "d10-5d9f163b97ec0"
Content-Type: image/gif
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3344
jake_test: Test_Pass
Expires: Mon, 19 Sep 2022 06:14:20 GMT

GET
H/1.1 200
OK 342901_ic.gif
i.123g.us/c/birth_hubbywife/ic/ 3 KB
4 KB 20ms
13ms Image
image/gif 67.27.157.252
LEVEL3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.123g.us/c/birth_hubbywife/ic/342901_ic.gif
Requested by: Host: www.123greetings.com
URL: https://www.123greetings.com/events/national_day_china/?utm_source=eoct_nationalday_china_remail
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 67.27.157.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: f77932c1ed84c66e07cf14f8ed43a283d3499660202b34ebf58015284e581359

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Date: Fri, 09 Sep 2022 08:36:52 GMT
Last-Modified: Sat, 10 Apr 2021 06:13:46 GMT
Server: Apache/2.2.15 (CentOS)
Age: 1918888
ETag: "d44-5bf982ee13a80"
Content-Type: image/gif
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3396
jake_test: Test_Pass
Expires: Mon, 12 Sep 2022 12:16:10 GMT

GET
H/1.1 200
OK 345734_ic.gif
i.123g.us/c/gen_thinkingofyou/ic/ 4 KB
4 KB 20ms
9ms Image
image/gif 67.27.157.252
LEVEL3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.123g.us/c/gen_thinkingofyou/ic/345734_ic.gif
Requested by: Host: www.123greetings.com
URL: https://www.123greetings.com/events/national_day_china/?utm_source=eoct_nationalday_china_remail
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 67.27.157.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.4.54 () OpenSSL/1.0.2k-fips /
Resource Hash: 20b3bdbaed5af274d8f415e769e30b1f7907fb3aeddd629461f1bd3d1efb4d98

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Date: Wed, 28 Sep 2022 19:22:48 GMT
Last-Modified: Mon, 01 Feb 2021 12:11:30 GMT
Server: Apache/2.4.54 () OpenSSL/1.0.2k-fips
Age: 238532
ETag: "fcd-5ba4541066080"
Content-Type: image/gif
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 4045
jake_test: Test_Pass
Expires: Wed, 28 Sep 2022 19:37:49 GMT

GET
H/1.1 200
OK 119069_ic.gif
i.123g.us/c/esep_fall_happy/ic/ 4 KB
4 KB 15ms
8ms Image
image/gif 67.27.157.252
LEVEL3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.123g.us/c/esep_fall_happy/ic/119069_ic.gif
Requested by: Host: www.123greetings.com
URL: https://www.123greetings.com/events/national_day_china/?utm_source=eoct_nationalday_china_remail
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 67.27.157.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Footprint Distributor V6.1.1162 /
Resource Hash: de6b1569f10d67682062caaa40c437ba7710fc5f9fc601169f0be9fc1fc4eb44

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Date: Fri, 30 Sep 2022 12:51:37 GMT
Last-Modified: Tue, 12 Sep 2017 07:08:58 GMT
Server: Footprint Distributor V6.1.1162
Age: 89203
ETag: "ecf-558f8b78a9680"
Content-Type: image/gif
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3791
jake_test: Test_Pass
Expires: Sat, 01 Oct 2022 05:32:44 GMT

GET
H/1.1 200
OK 127730_ic.gif
i.123g.us/c/eoct_guardianangels_day/ic/ 3 KB
4 KB 42ms
33ms Image
image/gif 67.27.157.252
LEVEL3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.123g.us/c/eoct_guardianangels_day/ic/127730_ic.gif
Requested by: Host: www.123greetings.com
URL: https://www.123greetings.com/events/national_day_china/?utm_source=eoct_nationalday_china_remail
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 67.27.157.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: de0fd578562a17eeefddd802e0567c3cc63b35c67640d79f0e38faff98e18e1f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Date: Tue, 13 Sep 2022 09:51:19 GMT
Last-Modified: Tue, 13 Sep 2022 09:43:56 GMT
Server: Apache/2.2.15 (CentOS)
Age: 1568821
ETag: "db8-5e88bd9d0ef00"
Content-Type: image/gif
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3512
jake_test: Test_Pass
Expires: Sat, 24 Sep 2022 08:48:36 GMT

GET
H/1.1 200
OK jquery-1.11.1.js Show response
c.123g.us/js2/ 94 KB
33 KB 10ms
10ms Script
application/javascript 67.27.157.252
LEVEL3

General

Check archive.org

Show headers Download Go to

Full URL: https://c.123g.us/js2/jquery-1.11.1.js
Requested by: Host: www.123greetings.com
URL: https://www.123greetings.com/events/national_day_china/?utm_source=eoct_nationalday_china_remail
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 67.27.157.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.4.54 () OpenSSL/1.0.2k-fips /
Resource Hash: 91222f96f34735ebc88df208017e54d4329b9202e3e52367fb8b149698a1a5ef

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Date: Sat, 01 Oct 2022 10:11:26 GMT
Content-Encoding: gzip
Last-Modified: Sat, 03 Sep 2022 06:43:26 GMT
Server: Apache/2.4.54 () OpenSSL/1.0.2k-fips
Age: 12414
ETag: "1762e-5e7c029e4acb6-gzip"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 33234
jake_test: Test_Pass
Expires: Sat, 01 Oct 2022 10:26:43 GMT

GET
H/1.1 200
OK jquery-migrate-1.2.1.min.js Show response
c.123g.us/js2/ 7 KB
8 KB 27ms
27ms Script
text/javascript 67.27.157.252
LEVEL3

General

Check archive.org

Show headers Download Go to

Full URL: https://c.123g.us/js2/jquery-migrate-1.2.1.min.js
Requested by: Host: www.123greetings.com
URL: https://www.123greetings.com/events/national_day_china/?utm_source=eoct_nationalday_china_remail
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 67.27.157.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 5336fb757df91e343cca414c112da532ff47f3d40b0d6e1b3c39ea00c8e24ab6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Date: Sat, 01 Oct 2022 10:11:51 GMT
Last-Modified: Wed, 15 Jun 2022 10:42:43 GMT
Server: Apache/2.2.15 (CentOS)
Age: 12389
ETag: "1cb3-5e17a2e52eec0"
Content-Type: text/javascript
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 7347
jake_test: Test_Pass
Expires: Sat, 01 Oct 2022 10:27:01 GMT

GET
H/1.1 200
OK swfobject.js Show response
c.123g.us/js2/ 10 KB
4 KB 8ms
8ms Script
application/javascript 67.27.157.252
LEVEL3

General

Check archive.org

Show headers Download Go to

Full URL: https://c.123g.us/js2/swfobject.js
Requested by: Host: www.123greetings.com
URL: https://www.123greetings.com/events/national_day_china/?utm_source=eoct_nationalday_china_remail
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 67.27.157.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.4.54 () OpenSSL/1.0.2k-fips /
Resource Hash: cafd612ebd6bc497a7a05d3dfef133a0b793f1e04e277b31c424d6d8892a1d48

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Date: Sat, 01 Oct 2022 10:11:00 GMT
Content-Encoding: gzip
Last-Modified: Sat, 03 Sep 2022 06:43:26 GMT
Server: Apache/2.4.54 () OpenSSL/1.0.2k-fips
Age: 12440
ETag: "261f-5e7c029e521e6-gzip"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3868
jake_test: Test_Pass
Expires: Sat, 01 Oct 2022 10:26:02 GMT

GET
H/1.1 200
OK 123g_utils_v1.js Show response
c.123g.us/js2/ 124 KB
30 KB 12ms
11ms Script
application/javascript 67.27.157.252
LEVEL3

General

Check archive.org

Show headers Download Go to

Full URL: https://c.123g.us/js2/123g_utils_v1.js
Requested by: Host: www.123greetings.com
URL: https://www.123greetings.com/events/national_day_china/?utm_source=eoct_nationalday_china_remail
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 67.27.157.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.4.54 () OpenSSL/1.0.2k-fips /
Resource Hash: ddafcb62dd9406b687b84fe105a65220cfd60685bcf93cbcd092071368b4dde1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Date: Thu, 15 Sep 2022 10:11:37 GMT
Content-Encoding: gzip
Last-Modified: Thu, 15 Sep 2022 10:10:37 GMT
Server: Apache/2.4.54 () OpenSSL/1.0.2k-fips
Age: 1394803
ETag: "1ee62-5e8b474ef84a5-gzip"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 30746
jake_test: Test_Pass
Expires: Thu, 15 Sep 2022 10:26:57 GMT

GET
H/1.1 200
OK utilsopt.js Show response
c.123g.us/js2/ 22 KB
7 KB 16ms
10ms Script
application/javascript 67.27.157.252
LEVEL3

General

Check archive.org

Show headers Download Go to

Full URL: https://c.123g.us/js2/utilsopt.js
Requested by: Host: www.123greetings.com
URL: https://www.123greetings.com/events/national_day_china/?utm_source=eoct_nationalday_china_remail
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 67.27.157.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.4.54 () OpenSSL/1.0.2k-fips /
Resource Hash: 0ae485367eb0862700624f4b18563586fe0fd2ecd7abd1efb8a4896ead71fdd3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Date: Mon, 12 Sep 2022 06:29:30 GMT
Content-Encoding: gzip
Last-Modified: Sat, 03 Sep 2022 06:43:26 GMT
Server: Apache/2.4.54 () OpenSSL/1.0.2k-fips
Age: 1667330
ETag: "57b2-5e7c029e2b0e5-gzip"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 6801
jake_test: Test_Pass
Expires: Mon, 12 Sep 2022 06:44:30 GMT

GET
H/1.1 200
OK 123g_subcategory_opt.js Show response
c.123g.us/js2/ 9 KB
3 KB 16ms
10ms Script
text/javascript 67.27.157.252
LEVEL3

General

Check archive.org

Show headers Download Go to

Full URL: https://c.123g.us/js2/123g_subcategory_opt.js
Requested by: Host: www.123greetings.com
URL: https://www.123greetings.com/events/national_day_china/?utm_source=eoct_nationalday_china_remail
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 67.27.157.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 987a85ec33287307910313fc7b22a8ab6cd0dc24e9fe5945f8a42af4223c1550

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Date: Mon, 26 Sep 2022 15:23:39 GMT
Content-Encoding: gzip
Last-Modified: Wed, 15 Jun 2022 10:42:43 GMT
Server: Apache/2.2.15 (CentOS)
Age: 425681
ETag: "2257-5e17a2e52eec0"
Vary: Accept-Encoding
Content-Type: text/javascript
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2831
jake_test: Test_Pass
Expires: Sat, 01 Oct 2022 10:26:44 GMT

GET
H/1.1 200
OK rakpanel.js Show response
c.123g.us/js2/ 3 KB
2 KB 37ms
10ms Script
application/javascript 67.27.157.252
LEVEL3

General

Check archive.org

Show headers Download Go to

Full URL: https://c.123g.us/js2/rakpanel.js
Requested by: Host: www.123greetings.com
URL: https://www.123greetings.com/events/national_day_china/?utm_source=eoct_nationalday_china_remail
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 67.27.157.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.4.54 () OpenSSL/1.0.2k-fips /
Resource Hash: f48f1b088976f2de3bb46a5c5bc609160ef0a6f919109e08f784596b0a93b7d8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Date: Tue, 27 Sep 2022 09:58:43 GMT
Content-Encoding: gzip
Last-Modified: Sat, 03 Sep 2022 06:43:26 GMT
Server: Apache/2.4.54 () OpenSSL/1.0.2k-fips
Age: 358777
ETag: "d4c-5e7c029e39b45-gzip"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1626
jake_test: Test_Pass
Expires: Sat, 01 Oct 2022 10:26:02 GMT

GET
H/1.1 200
OK jquery.ajax_autocomplete.js Show response
c.123g.us/js2/ 20 KB
7 KB 32ms
11ms Script
application/javascript 67.27.157.252
LEVEL3

General

Check archive.org

Show headers Download Go to

Full URL: https://c.123g.us/js2/jquery.ajax_autocomplete.js
Requested by: Host: www.123greetings.com
URL: https://www.123greetings.com/events/national_day_china/?utm_source=eoct_nationalday_china_remail
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 67.27.157.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.4.54 () OpenSSL/1.0.2k-fips /
Resource Hash: 0ce879cfe7244a0a086ea8a95996d7ac5838d30a9b1cd8e85f045f51c41d0df8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Date: Sat, 01 Oct 2022 10:10:48 GMT
Content-Encoding: gzip
Last-Modified: Sat, 03 Sep 2022 06:43:26 GMT
Server: Apache/2.4.54 () OpenSSL/1.0.2k-fips
Age: 12452
ETag: "4ec6-5e7c029e289d5-gzip"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 6384
jake_test: Test_Pass
Expires: Sat, 01 Oct 2022 10:25:48 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 162 KB
54 KB 182ms
102ms Script
text/javascript 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: www.123greetings.com
URL: https://www.123greetings.com/events/national_day_china/?utm_source=eoct_nationalday_china_remail

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

30e9b409a7dd8350a4f38ee9a5dfc967053710f64a9e6b6677c4353bbd4c7619

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Sat, 01 Oct 2022 13:38:20 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 54802
x-xss-protection: 0
server: cafe
etag: 8750973381521415227
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Sat, 01 Oct 2022 13:38:20 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 106 KB
42 KB 65ms
27ms Script
application/javascript 2a00:1450:4001:808::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-5085183-1

Requested by

Host: www.123greetings.com
URL: https://www.123greetings.com/events/national_day_china/?utm_source=eoct_nationalday_china_remail

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

7102d8f7a9cde287e023ce95be18b4e985ba2e45afe157fb968b0d6c82cf8508

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Sat, 01 Oct 2022 13:38:20 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42320
x-xss-protection: 0
last-modified: Sat, 01 Oct 2022 12:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sat, 01 Oct 2022 13:38:20 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 222 KB
76 KB 81ms
45ms Script
application/javascript 2a00:1450:4001:808::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-47Q5QDHYDP

Requested by

Host: www.123greetings.com
URL: https://www.123greetings.com/events/national_day_china/?utm_source=eoct_nationalday_china_remail

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

303852ebcdd18a52d60552f9b1a31691f1163fb01909890bf7b8d80ced0785ba

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Sat, 01 Oct 2022 13:38:20 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 77530
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sat, 01 Oct 2022 13:38:20 GMT

GET
H/1.1 200
OK styleopt_R1.css
c.123g.us/css/ 81 KB
16 KB 10ms
10ms Stylesheet
text/css 67.27.157.252
LEVEL3

General

Check archive.org

Show headers Download Go to

Full URL: https://c.123g.us/css/styleopt_R1.css
Requested by: Host: c.123g.us
URL: https://c.123g.us/css/sub_categories_R1.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 67.27.157.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 81113214da7b946424bed9da1f2713c0e7280b577feb58cdc17ff672143aced7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c.123g.us/css/sub_categories_R1.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Date: Sat, 01 Oct 2022 10:10:46 GMT
Content-Encoding: gzip
Last-Modified: Wed, 15 Jun 2022 10:42:44 GMT
Server: Apache/2.2.15 (CentOS)
Age: 12454
ETag: "14218-5e17a2e623100"
Vary: Accept-Encoding
Content-Type: text/css
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 16272
jake_test: Test_Pass
Expires: Sat, 01 Oct 2022 10:25:48 GMT

GET
H/1.1 200
OK modal_window_R1.css
c.123g.us/css/ 33 KB
7 KB 35ms
23ms Stylesheet
text/css 67.27.157.252
LEVEL3

General

Check archive.org

Show headers Download Go to

Full URL: https://c.123g.us/css/modal_window_R1.css
Requested by: Host: c.123g.us
URL: https://c.123g.us/css/sub_categories_R1.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 67.27.157.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: c40c9c0117af4abd3ab87c81eb1725c442ec682095d29cc8bc2206e3e5ac1c23

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c.123g.us/css/sub_categories_R1.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Date: Sun, 11 Sep 2022 01:16:25 GMT
Content-Encoding: gzip
Last-Modified: Wed, 15 Jun 2022 10:42:44 GMT
Server: Apache/2.2.15 (CentOS)
Age: 1772515
ETag: "8220-5e17a2e623100"
Vary: Accept-Encoding
Content-Type: text/css
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 6727
jake_test: Test_Pass
Expires: Sun, 11 Sep 2022 01:31:25 GMT

GET
H/1.1 200
OK clear.js Show response
s.gk.123greetings.com/2/945541/ 6 KB
3 KB 464ms
32ms Script
text/javascript 18.202.153.141
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://s.gk.123greetings.com/2/945541/clear.js?dt=9455411658248091559000&pd=mkt&mo=0&si=main

Requested by

Host: c.123g.us
URL: https://c.123g.us/js2/chk_script.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

18.202.153.141 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-202-153-141.eu-west-1.compute.amazonaws.com

Software

Resource Hash

8eaa47a979e2451ec6dded08b289b21591a9c20c25b62ed0d049085ddec6d5a1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 01 Oct 2022 13:38:20 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Encoding: gzip
Accept-Ch: Viewport-Width, Viewport-Height, Width, DPR, RTT, ECT, Device-Memory, Downlink, Save-Data
Vary: *
Content-Type: text/javascript; charset=utf-8
Cache-Control: no-cache, no-store, must-revalidate, no-transform, private, max-age=0
Timing-Allow-Origin: *
Content-Length: 2656
Expires: 0

GET
H2 200 sdk.js Show response
connect.facebook.net/en_US/ 3 KB
2 KB 27ms
7ms Script
application/x-javascript 2a03:2880:f02d:100:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/sdk.js

Requested by

Host: www.123greetings.com
URL: https://www.123greetings.com/events/national_day_china/?utm_source=eoct_nationalday_china_remail

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

1ca32633ca69f934f26636d73d322e2531df6572b5297ef9f6268c243778593b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Sat, 01 Oct 2022 13:38:20 GMT
content-md5: cdfSmw3lNm8wu+pKyH85ow==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length: 1685
x-fb-rlafr: 0
x-fb-debug: igH54JuauQAfRHM+hTe8iva15lrmiYi4elUEWnnzJ0NlpIwuLUNQTCJ8DeeFTLT3YRdXi/iydAUavdyCekn9pw==
x-fb-trip-id: 917726464
x-fb-content-md5: 2ed8ce23b8b7b84367b2cdd80b48ed91
cross-origin-opener-policy: same-origin-allow-popups
etag: "61bf764b91dcaced83dc5f179a29e101"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=1200,stale-while-revalidate=3600
timing-allow-origin: *
priority: u=3,i
expires: Sat, 01 Oct 2022 13:41:05 GMT

GET
H/1.1 200
OK 123g_master_bg.png
c.123g.us/images/ 145 B
499 B 17ms
14ms Image
image/png 67.27.157.252
LEVEL3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.123g.us/images/123g_master_bg.png
Requested by: Host: c.123g.us
URL: https://c.123g.us/css/styleopt_R1.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 67.27.157.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: abfaa28e509b104c2edc0bd048809340d5e006ec872e1966baff8383ff8a0e22

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c.123g.us/css/styleopt_R1.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Date: Sat, 01 Oct 2022 10:10:49 GMT
Last-Modified: Wed, 15 Jun 2022 10:44:09 GMT
Server: Apache/2.2.15 (CentOS)
Age: 12451
ETag: "91-5e17a33733040"
Content-Type: image/png
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 145
jake_test: Test_Pass
Expires: Sat, 01 Oct 2022 10:25:49 GMT

GET
H/1.1 200
OK master_img_menu.png
c.123g.us/images/ 6 KB
6 KB 16ms
7ms Image
image/png 67.27.157.252
LEVEL3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.123g.us/images/master_img_menu.png
Requested by: Host: c.123g.us
URL: https://c.123g.us/css/styleopt_R1.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 67.27.157.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 12ba93c7b0114439929f7ac0efcdc60e6eee9da57a2fe6ce68bb969f00f4a54e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c.123g.us/css/styleopt_R1.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Date: Sat, 01 Oct 2022 10:11:51 GMT
Last-Modified: Wed, 15 Jun 2022 10:44:09 GMT
Server: Apache/2.2.15 (CentOS)
Age: 12389
ETag: "1861-5e17a33733040"
Content-Type: image/png
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 6241
jake_test: Test_Pass
Expires: Sat, 01 Oct 2022 10:26:52 GMT

GET
H/1.1 200
OK icon_set_R1.png
c.123g.us/images/ 139 KB
140 KB 19ms
12ms Image
image/png 67.27.157.252
LEVEL3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.123g.us/images/icon_set_R1.png
Requested by: Host: c.123g.us
URL: https://c.123g.us/css/styleopt_R1.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 67.27.157.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 254d41d323b97e21b036ccf367f7dc18d8ea96daaf756167bac6f0ebbf8fbcd1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c.123g.us/css/styleopt_R1.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Date: Sat, 01 Oct 2022 10:10:49 GMT
Last-Modified: Wed, 15 Jun 2022 10:44:02 GMT
Server: Apache/2.2.15 (CentOS)
Age: 12451
ETag: "22ca6-5e17a33086080"
Content-Type: image/png
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 142502
jake_test: Test_Pass
Expires: Sat, 01 Oct 2022 10:25:49 GMT

GET
H/1.1 200
OK big_img_sprite.png
c.123g.us/images/ 134 KB
134 KB 23ms
15ms Image
image/png 67.27.157.252
LEVEL3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.123g.us/images/big_img_sprite.png
Requested by: Host: c.123g.us
URL: https://c.123g.us/css/styleopt_R1.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 67.27.157.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 69303f97bf43e5d9fd7a0c8e6b5f4b49de4466684c7e2b8e2108de98e5c98483

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c.123g.us/css/styleopt_R1.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Date: Mon, 26 Sep 2022 23:44:20 GMT
Last-Modified: Wed, 15 Jun 2022 10:44:02 GMT
Server: Apache/2.2.15 (CentOS)
Age: 395640
ETag: "21653-5e17a33086080"
Content-Type: image/png
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 136787
jake_test: Test_Pass
Expires: Sat, 01 Oct 2022 10:26:33 GMT

GET
H/1.1 200
OK master_icon_set_2.png
c.123g.us/images/ 88 KB
88 KB 23ms
16ms Image
image/png 67.27.157.252
LEVEL3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.123g.us/images/master_icon_set_2.png
Requested by: Host: c.123g.us
URL: https://c.123g.us/css/styleopt_R1.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 67.27.157.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 89b03d4a2f2ca3d04df1fda63a5247ef31cea689a0ca553e353122ab3d22b646

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c.123g.us/css/styleopt_R1.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Date: Tue, 27 Sep 2022 00:14:04 GMT
Last-Modified: Wed, 15 Jun 2022 10:44:02 GMT
Server: Apache/2.2.15 (CentOS)
Age: 393856
ETag: "15fce-5e17a33086080"
Content-Type: image/png
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 90062
jake_test: Test_Pass
Expires: Sat, 01 Oct 2022 10:26:04 GMT

GET
H/1.1 200
OK 123g_master_icon_set_2.png
c.123g.us/images/ 60 KB
61 KB 14ms
10ms Image
image/png 67.27.157.252
LEVEL3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.123g.us/images/123g_master_icon_set_2.png
Requested by: Host: c.123g.us
URL: https://c.123g.us/css/styleopt_R1.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 67.27.157.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.4.54 () OpenSSL/1.0.2k-fips /
Resource Hash: 4330d4072d013510b91ca5648f210b614c2e4e8ecbea94a1f8a8373aa6068532

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c.123g.us/css/styleopt_R1.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Date: Sat, 01 Oct 2022 10:11:46 GMT
Last-Modified: Sat, 03 Sep 2022 06:42:02 GMT
Server: Apache/2.4.54 () OpenSSL/1.0.2k-fips
Age: 12394
ETag: "f1d2-5e7c024ecb1f6"
Content-Type: image/png
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 61906
jake_test: Test_Pass
Expires: Sat, 01 Oct 2022 10:26:46 GMT

GET
H/1.1 200
OK request.js Show response
trkn.us/info/ 2 KB
1 KB 557ms
98ms Script
application/javascript 3.228.232.15
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://trkn.us/info/request.js?sid=1efbd474-f6d6-4c7a-ab0e-0a28232c817d&ord=1034224245.9972129

Requested by

Host: www.123greetings.com
URL: https://www.123greetings.com/events/national_day_china/?utm_source=eoct_nationalday_china_remail

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.228.232.15 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-3-228-232-15.compute-1.amazonaws.com

Software

Apache /

Resource Hash

b516063fb43fe8dc9a0ee4d290c95bdab8c811a55a8ac73bd3cb3e6573ba4bb9

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 01 Oct 2022 13:38:20 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: Apache
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: keep-alive
Content-Length: 733
Expires: Sun, 01 Jan 2014 00:00:00 GMT

GET
H/1.1 200
OK addressbook.js Show response
c.123g.us/js2/ 401 KB
402 KB 11ms
10ms Script
text/javascript 67.27.157.252
LEVEL3

General

Check archive.org

Show headers Download Go to

Full URL: https://c.123g.us/js2/addressbook.js
Requested by: Host: c.123g.us
URL: https://c.123g.us/js2/jquery-1.11.1.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 67.27.157.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: d37a1d0a9caf1a7ab47cf71e03cb92dbce54797914e91c6ad6bf88dabd0814ca

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Date: Wed, 28 Sep 2022 11:34:40 GMT
Last-Modified: Mon, 08 Aug 2022 06:15:52 GMT
Server: Apache/2.2.15 (CentOS)
Age: 266620
ETag: "64550-5e5b4bf6cb600"
Content-Type: text/javascript
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 410960
jake_test: Test_Pass
Expires: Sat, 01 Oct 2022 10:26:05 GMT

GET
H/1.1 200
OK closeBtn_h.png
c.123g.us/images/ 1 KB
1 KB 17ms
17ms Image
image/png 67.27.157.252
LEVEL3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.123g.us/images/closeBtn_h.png
Requested by: Host: www.123greetings.com
URL: https://www.123greetings.com/events/national_day_china/?utm_source=eoct_nationalday_china_remail
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 67.27.157.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.4.54 () OpenSSL/1.0.2k-fips /
Resource Hash: 1e66c06ab180f7bf3da83626313d8c1b45efa2ddd191b430ffec9993a3f9675f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Date: Sat, 01 Oct 2022 10:11:21 GMT
Last-Modified: Sat, 03 Sep 2022 06:42:31 GMT
Server: Apache/2.4.54 () OpenSSL/1.0.2k-fips
Age: 12419
ETag: "42a-5e7c0269d96de"
Content-Type: image/png
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1066
jake_test: Test_Pass
Expires: Sat, 01 Oct 2022 10:26:22 GMT

GET
H3 200 sdk.js Show response
connect.facebook.net/en_US/ 305 KB
86 KB 19ms
8ms Script
application/x-javascript 2a03:2880:f02d:100:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/sdk.js?hash=a48571436ebd15cde109ed1bcfe6338c

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f02d:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

dcbfcceec17c3382be97b25e659821c5151feb7cd01c2148649fb0441ec940e0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.123greetings.com/
Origin: https://www.123greetings.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Sat, 01 Oct 2022 13:38:20 GMT
content-md5: FEekZMaCqf5EVUc0NPJ1Tg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length: 88392
x-fb-rlafr: 0
x-fb-debug: 5OBfDPCK+gcasQmczPnDiXg2NEY+SDl2XI0QQHkQA/JYVrnrZu8qXDpomGHzB5d08jhCwJfWSaWDXyFq5gNDoA==
x-fb-content-md5: 6737061f6c2f7ee72ff9bbd9050ce643
cross-origin-opener-policy: same-origin-allow-popups
etag: "964dc239cf53a51cb32029bd2df35c57"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
timing-allow-origin: *
priority: u=3,i
expires: Sun, 01 Oct 2023 13:00:28 GMT

GET
H/1.1 200
OK connect_config.js Show response
c.123g.us/js2/ 203 B
564 B 12ms
12ms Script
text/javascript 67.27.157.252
LEVEL3

General

Check archive.org

Show headers Download Go to

Full URL: https://c.123g.us/js2/connect_config.js
Requested by: Host: c.123g.us
URL: https://c.123g.us/js2/jquery-1.11.1.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 67.27.157.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 0ae74371a872da00743b4c907dc6b5ea22377f13ede1ac75055a55f50676dba8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Date: Thu, 29 Sep 2022 01:24:15 GMT
Last-Modified: Wed, 15 Jun 2022 10:42:43 GMT
Server: Apache/2.2.15 (CentOS)
Age: 216845
ETag: "cb-5e17a2e52eec0"
Content-Type: text/javascript
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 203
jake_test: Test_Pass
Expires: Sat, 01 Oct 2022 10:26:32 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 48ms
13ms Script
text/javascript 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-5085183-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

9e25469f734732205f33dd80ff8ca12080406c18d2fa99a1f368103e51f7999f

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Sat, 01 Oct 2022 13:01:59 GMT
last-modified: Sun, 11 Sep 2022 13:50:09 GMT
server: Golfe2
age: 2181
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19826
expires: Sat, 01 Oct 2022 15:01:59 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 222 KB
76 KB 86ms
33ms Script
application/javascript 2a00:1450:4001:808::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-47Q5QDHYDP&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-5085183-1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

e4deba3d8985c34c859d4c14d8f55c3d6cdff812e73089b7a1bccb54abc3cd65

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Sat, 01 Oct 2022 13:38:20 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 77564
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sat, 01 Oct 2022 13:38:20 GMT

POST
H2 204 collect
region1.google-analytics.com/g/ 0
341 B 282ms
16ms Ping
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-47Q5QDHYDP&gtm=2oe9s0&_p=898260434&cid=831880633.1664631500&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_z=ccd.v9B&_s=1&sid=1664631500&sct=1&seg=0&dl=https%3A%2F%2Fwww.123greetings.com%2Fevents%2Fnational_day_china%2F%3Futm_source%3Deoct_nationalday_china_remail&dt=National%20Day%20(China)%20Cards%2C%20Free%20National%20Day%20(China)%20Wishes%20%7C%20123%20Greetings&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-47Q5QDHYDP
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 01 Oct 2022 13:38:20 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.123greetings.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 a
www.googletagmanager.com/ 0
17 B 58ms
47ms Image
image/gif 2a00:1450:4001:808::2008
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.googletagmanager.com/a?id=G-47Q5QDHYDP&cv=4&v=3&t=t&pid=1831520861&rv=9s0&es=1&e=gtm.init_consent&eid=-1&u=AAAAAAAAAAAAAAAg&tc=18&dl=www.123greetings.com%2Fevents%2Fnational_day_china%2F&tdp=G-47Q5QDHYDP;67906037;0;2;0&z=0

Requested by

Host: www.123greetings.com
URL: https://www.123greetings.com/events/national_day_china/?utm_source=eoct_nationalday_china_remail

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 01 Oct 2022 13:38:20 GMT
server: Google Tag Manager
vary: *
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 td
www.googletagmanager.com/ 0
15 B 58ms
46ms Image
image/gif 2a00:1450:4001:808::2008
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.googletagmanager.com/td?id=G-47Q5QDHYDP&cv=4&v=3&t=t&pid=1831520861&rv=9s0&es=1&e=gtm.init_consent&eid=-1&u=AAAAAAAAAAAAAAAg&tc=18&dl=www.123greetings.com%2Fevents%2Fnational_day_china%2F&tdp=G-47Q5QDHYDP;67906037;0;2;0&z=0
Requested by: Host: www.123greetings.com
URL: https://www.123greetings.com/events/national_day_china/?utm_source=eoct_nationalday_china_remail
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:808::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 01 Oct 2022 13:38:20 GMT
server: Golfe2
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 a
www.googletagmanager.com/ 0
17 B 59ms
48ms Image
image/gif 2a00:1450:4001:808::2008
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.googletagmanager.com/a?id=G-47Q5QDHYDP&cv=4&v=3&t=t&pid=1831520861&rv=9s0&es=1&e=gtm.init&eid=0&u=AAAAAAAAAAAAAAAg&tc=18&tr=1ogtreferralexclusion.1ogtgasend.1ogteventcreate.1ccdemscroll.1ccdemvideo.1ccdemoutboundclick.1ogteventcreate.1ccdemdownload.1ogteventcreate.1ogteventcreate.1ccdemsitesearch.1ccdconversionmarking.1ccdgaregscope.1ogteventcreate.1ccdempageview.1setproductsettings.1ogtgooglesignals&ti=2ogtreferralexclusion.2ogtgasend.2ogteventcreate.2ccdemscroll.2ccdemvideo.2ccdemoutboundclick.2ogteventcreate.2ccdemdownload.2ogteventcreate.2ogteventcreate.2ccdemsitesearch.2ccdconversionmarking.2ccdgaregscope.2ogteventcreate.2ccdempageview.2setproductsettings.2ogtgooglesignals&z=0

Requested by

Host: www.123greetings.com
URL: https://www.123greetings.com/events/national_day_china/?utm_source=eoct_nationalday_china_remail

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 01 Oct 2022 13:38:20 GMT
server: Google Tag Manager
vary: *
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 a
www.googletagmanager.com/ 0
17 B 58ms
47ms Image
image/gif 2a00:1450:4001:808::2008
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.googletagmanager.com/a?id=G-47Q5QDHYDP&cv=4&v=3&t=t&pid=1831520861&rv=9s0&es=1&e=gtm.js&eid=1&u=AAAAAAAAAAAAAAAg&tc=18&tr=1gct&ti=1gct&z=0

Requested by

Host: www.123greetings.com
URL: https://www.123greetings.com/events/national_day_china/?utm_source=eoct_nationalday_china_remail

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 01 Oct 2022 13:38:20 GMT
server: Google Tag Manager
vary: *
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 a
www.googletagmanager.com/ 0
17 B 59ms
48ms Image
image/gif 2a00:1450:4001:808::2008
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.googletagmanager.com/a?id=G-47Q5QDHYDP&cv=4&v=3&t=t&pid=1831520861&rv=9s0&es=1&e=gtag.config&eid=2&u=AAAAAAAAAAAAAAAg&tc=18&z=0

Requested by

Host: www.123greetings.com
URL: https://www.123greetings.com/events/national_day_china/?utm_source=eoct_nationalday_china_remail

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 01 Oct 2022 13:38:20 GMT
server: Google Tag Manager
vary: *
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 a
www.googletagmanager.com/ 0
17 B 35ms
24ms Image
image/gif 2a00:1450:4001:808::2008
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.googletagmanager.com/a?id=G-47Q5QDHYDP&cv=4&v=3&t=t&pid=1831520861&rv=9s0&es=1&e=gtag.config&eid=4&u=AAAAAAAAAAAAAACg&ut=C&tc=18&epr=1G.2G&z=0

Requested by

Host: www.123greetings.com
URL: https://www.123greetings.com/events/national_day_china/?utm_source=eoct_nationalday_china_remail

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 01 Oct 2022 13:38:20 GMT
server: Google Tag Manager
vary: *
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 51ms
21ms XHR
text/plain 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j97&a=898260434&t=pageview&_s=1&dl=https%3A%2F%2Fwww.123greetings.com%2Fevents%2Fnational_day_china%2F%3Futm_source%3Deoct_nationalday_china_remail&ul=en-us&de=UTF-8&dt=National%20Day%20(China)%20Cards%2C%20Free%20National%20Day%20(China)%20Wishes%20%7C%20123%20Greetings&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YADAAUABAAAAAC~&jid=2013962932&gjid=1494917228&cid=831880633.1664631500&tid=UA-5085183-1&_gid=356940216.1664631500&_r=1&gtm=2ou9s0&z=1114977024

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.123greetings.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sat, 01 Oct 2022 13:38:20 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.123greetings.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202209270101/ 349 KB
114 KB 136ms
79ms Script
text/javascript 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202209270101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-8275302107693664&plah=www.123greetings.com&bust=31070009

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1f8ed95a69872cc8e0b3199f723f660e7bc01223bf5dfa7e6bdfd06218ebf0e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Sat, 01 Oct 2022 13:38:20 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 117170
x-xss-protection: 0
server: cafe
etag: 12263687758761712128
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Sat, 01 Oct 2022 13:38:20 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20220928/r20190131/ Frame 7C64 10 KB
5 KB 28ms
28ms Document
text/html 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20220928/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f7408c25067cd0a9d9fe835cb4c05e394a50751d3fcde0c461db19a309abb02a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.123greetings.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 55066
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=1209600
content-encoding: gzip
content-length: 4420
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 30 Sep 2022 22:20:34 GMT
etag: 9671129459699598864
expires: Fri, 14 Oct 2022 22:20:34 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 1 B
442 B 52ms
18ms XHR
text/plain 2a00:1450:4025:402::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j97&tid=UA-5085183-1&cid=831880633.1664631500&jid=2013962932&gjid=1494917228&_gid=356940216.1664631500&_u=YADAAUAAAAAAAC~&z=1534291188

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4025:402::9d Den Helder, Netherlands, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.123greetings.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Sat, 01 Oct 2022 13:38:20 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.123greetings.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 220 B
648 B 94ms
24ms Script
text/javascript 172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=www.123greetings.com&callback=_gfp_s_&client=ca-pub-8275302107693664

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202209270101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-8275302107693664&plah=www.123greetings.com&bust=31070009

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.23.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s45-in-f2.1e100.net

Software

cafe /

Resource Hash

015c6c3dfccd8b2c661ba9c2af816ff899c954df57ab4392b886ce7e23eba74d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Sat, 01 Oct 2022 13:38:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 204
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
792 B 175ms
54ms Script
application/javascript 2a00:1450:400d:804::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.123greetings.com

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:804::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Sat, 01 Oct 2022 13:38:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
549 B 163ms
56ms Script
application/javascript 2a00:1450:400d:80a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.123greetings.com

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80a::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Sat, 01 Oct 2022 13:38:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 60ms
59ms Image
image/gif 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=ach_evt&url=https%3A%2F%2Fwww.123greetings.com%2Fevents%2Fnational_day_china%2F%3Futm_source%3Deoct_nationalday_china_remail&tn=DIV&id=cookie_bar&cls=cookie_bar&ign=false&pw=1600&ph=1200&x=1575&y=1175

Requested by

Host: www.123greetings.com
URL: https://www.123greetings.com/events/national_day_china/?utm_source=eoct_nationalday_china_remail

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 01 Oct 2022 13:38:20 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 3B44 151 KB
42 KB 651ms
650ms Document
text/html 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8275302107693664&output=html&adk=1812271804&adf=3025194257&lmt=1664631500&plat=1%3A16777216%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fwww.123greetings.com%2Fevents%2Fnational_day_china%2F%3Futm_source%3Deoct_nationalday_china_remail&ea=0&pra=5&wgl=1&easpi=0&asntp=0&asntpv=0&asntpl=0&asntpm=0&asntpc=0&asna=5&asnd=5&asnp=5&asns=5&asmat=1&asptt=-1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1664631500492&bpp=2&bdt=583&idt=218&shv=r20220928&mjsv=m202209270101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=1222104462320&frm=20&pv=2&ga_vid=831880633.1664631500&ga_sid=1664631501&ga_hid=898260434&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31069957%2C42531705%2C31070009%2C31060047%2C31069563&oid=2&pvsid=3900156577675395&tmod=1078028519&uas=0&nvt=1&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=235

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ea294b654c071eb9a60c3185cc0266fa41324f4536265fca85c56f2855aa8b66

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.123greetings.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: br
content-length: 43055
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 01 Oct 2022 13:38:21 GMT
expires: Sat, 01 Oct 2022 13:38:21 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

POST
H/1.1 200
OK postback Show response
s.gk.123greetings.com/2/2.69.4/945541/AYvM6_YDEehYAItJ/ 0
145 B 119ms
29ms XHR
text/plain 18.202.153.141
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.gk.123greetings.com/2/2.69.4/945541/AYvM6_YDEehYAItJ/postback?oz_pl=1&dt=9455411658248091559000&pd=mkt&mo=0&si=main&ci=945541&_x=1
Requested by: Host: s.gk.123greetings.com
URL: https://s.gk.123greetings.com/2/945541/clear.js?dt=9455411658248091559000&pd=mkt&mo=0&si=main
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 18.202.153.141 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-202-153-141.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.123greetings.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: *
Date: Sat, 01 Oct 2022 13:38:20 GMT
Timing-Allow-Origin: *
Content-Length: 0
Vary: Origin

GET
H/1.1 200
OK main.js Show response
s.gk.123greetings.com/2/2.69.4/ 161 KB
51 KB 31ms
31ms Script
text/javascript 18.202.153.141
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://s.gk.123greetings.com/2/2.69.4/main.js

Requested by

Host: s.gk.123greetings.com
URL: https://s.gk.123greetings.com/2/945541/clear.js?dt=9455411658248091559000&pd=mkt&mo=0&si=main

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

18.202.153.141 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-202-153-141.eu-west-1.compute.amazonaws.com

Software

Resource Hash

6c7ca7b6c9d498b529ca3544f28700642415af2196101d77d65d8249be1603a1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Date: Sat, 01 Oct 2022 13:38:20 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Encoding: br
Accept-Ch: Viewport-Width, Viewport-Height, Width, DPR, RTT, ECT, Device-Memory, Downlink, Save-Data
Vary: Origin, Accept-Encoding
Content-Type: text/javascript; charset=utf-8
Cache-Control: public, no-transform, immutable, max-age=999999999
Timing-Allow-Origin: *
Content-Length: 51581
Expires: Tue, 09 Jun 2054 10:01:40 GMT

POST
H/1.1 200
OK postback Show response
s.gk.123greetings.com/2/2.69.4/945541/AYvM6_YDEehYAItJ/ 0
145 B 30ms
30ms XHR
text/plain 18.202.153.141
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.gk.123greetings.com/2/2.69.4/945541/AYvM6_YDEehYAItJ/postback?oz_pl=1&dt=9455411658248091559000&pd=mkt&mo=0&si=main&ci=945541&_x=1
Requested by: Host: s.gk.123greetings.com
URL: https://s.gk.123greetings.com/2/945541/clear.js?dt=9455411658248091559000&pd=mkt&mo=0&si=main
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 18.202.153.141 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-202-153-141.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.123greetings.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: *
Date: Sat, 01 Oct 2022 13:38:20 GMT
Timing-Allow-Origin: *
Content-Length: 0
Vary: Origin

GET
H/1.1

200
OK

/
trkn.us/info/
Redirect Chain

https://trkn.us/info/?sid=1efbd474-f6d6-4c7a-ab0e-0a28232c817d&ord=1034224245.9972129&ref=https%3A%2F%2Fwww.123greetings.com%2Fevents%2Fnational_day_china%2F%3Futm_source%3Deoct_nationalday_china_r...
https://trkn.us/info/?sid=1efbd474-f6d6-4c7a-ab0e-0a28232c817d&ord=1034224245.9972129&ref=https%3A%2F%2Fwww.123greetings.com%2Fevents%2Fnational_day_china%2F%3Futm_source%3Deoct_nationalday_china_r...

42 B
780 B

227ms
226ms

Image
image/gif

3.228.232.15
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://trkn.us/info/?sid=1efbd474-f6d6-4c7a-ab0e-0a28232c817d&ord=1034224245.9972129&ref=https%3A%2F%2Fwww.123greetings.com%2Fevents%2Fnational_day_china%2F%3Futm_source%3Deoct_nationalday_china_remail&dvis=visible&ip=178.162.209.140&cuidchk=1

Requested by

Host: www.123greetings.com
URL: https://www.123greetings.com/events/national_day_china/?utm_source=eoct_nationalday_china_remail

Protocol

HTTP/1.1

Server

3.228.232.15 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-3-228-232-15.compute-1.amazonaws.com

Software

Apache /

Resource Hash

b2c78c910f5ea29e3a9d223dabc203c055c8708b1fe7d83788b490638126db4d

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 01 Oct 2022 13:38:21 GMT
X-Content-Type-Options: nosniff
Last-Modified: Sun, 9 Nov 1980 12:59:00 GMT
Server: Apache
Content-Type: image/gif
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Cache-Control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Connection: keep-alive
Content-Length: 42
Expires: Sun, 9 Nov 1980 12:58:00 GMT

Redirect headers

Date: Sat, 01 Oct 2022 13:38:20 GMT
X-Content-Type-Options: nosniff
Server: Apache
Content-Type: text/html; charset=UTF-8
Location: /info/?sid=1efbd474-f6d6-4c7a-ab0e-0a28232c817d&ord=1034224245.9972129&ref=https%3A%2F%2Fwww.123greetings.com%2Fevents%2Fnational_day_china%2F%3Futm_source%3Deoct_nationalday_china_remail&dvis=visible&ip=178.162.209.140&cuidchk=1
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Connection: keep-alive
Content-Length: 0

POST
H/1.1 200
OK postback Show response
s.gk.123greetings.com/2/2.69.4/945541/AYvM6_YDEehYAItJ/ 0
145 B 50ms
30ms XHR
text/plain 18.202.153.141
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.gk.123greetings.com/2/2.69.4/945541/AYvM6_YDEehYAItJ/postback?dt=9455411658248091559000&pd=mkt&mo=0&si=main&ci=945541&sid=AYvM6_YDEehYAItJ&oz_sc=bb727d3b25052ac5d94a6d68&oz_df=1664631500871&oz_l=201&cv=3
Requested by: Host: s.gk.123greetings.com
URL: https://s.gk.123greetings.com/2/2.69.4/main.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 18.202.153.141 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-202-153-141.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.123greetings.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: *
Date: Sat, 01 Oct 2022 13:38:20 GMT
Timing-Allow-Origin: *
Content-Length: 0
Vary: Origin

GET
BLOB 200
OK 5c77acc0-fd78-43c6-bafa-219fe9bdbb21
https://www.123greetings.com/ Frame C9B6 185 B
0 Other
application/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://www.123greetings.com/5c77acc0-fd78-43c6-bafa-219fe9bdbb21
Requested by: Host: www.123greetings.com
URL: https://www.123greetings.com/events/national_day_china/?utm_source=eoct_nationalday_china_remail
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 848fe19ed492948709b881f504ce2eb6274baa694606ca88eb9b2990a2460caf

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Content-Length: 185
Content-Type: application/javascript

POST
H/1.1 200
OK postback Show response
s.gk.123greetings.com/2/2.69.4/945541/AYvM6_YDEehYAItJ/ 0
145 B 30ms
30ms XHR
text/plain 18.202.153.141
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.gk.123greetings.com/2/2.69.4/945541/AYvM6_YDEehYAItJ/postback?dt=9455411658248091559000&pd=mkt&mo=0&si=main&ci=945541&sid=AYvM6_YDEehYAItJ&oz_sc=bb727d3b25052ac5d94a6d68&oz_df=1664631501039&oz_l=4783&cv=3
Requested by: Host: s.gk.123greetings.com
URL: https://s.gk.123greetings.com/2/2.69.4/main.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 18.202.153.141 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-202-153-141.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.123greetings.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: *
Date: Sat, 01 Oct 2022 13:38:20 GMT
Timing-Allow-Origin: *
Content-Length: 0
Vary: Origin

POST
H/1.1 200
OK postback Show response
s.gk.123greetings.com/2/2.69.4/945541/AYvM6_YDEehYAItJ/ 0
145 B 30ms
30ms XHR
text/plain 18.202.153.141
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.gk.123greetings.com/2/2.69.4/945541/AYvM6_YDEehYAItJ/postback?dt=9455411658248091559000&pd=mkt&mo=0&si=main&ci=945541&sid=AYvM6_YDEehYAItJ&oz_sc=bb727d3b25052ac5d94a6d68&oz_df=1664631501214&oz_l=5158&cv=3
Requested by: Host: s.gk.123greetings.com
URL: https://s.gk.123greetings.com/2/2.69.4/main.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 18.202.153.141 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-202-153-141.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.123greetings.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: *
Date: Sat, 01 Oct 2022 13:38:20 GMT
Timing-Allow-Origin: *
Content-Length: 0
Vary: Origin

GET
H2 200 gpt.js Show response
www.googletagservices.com/tag/js/ 80 KB
28 KB 94ms
23ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: c.123g.us
URL: https://c.123g.us/js2/123g_utils_v1.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5c3d5671eb464c4040b864da705012965774556b2515837a216e8f205e257f28

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Sat, 01 Oct 2022 13:38:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27690
x-xss-protection: 0
server: sffe
etag: "1350 / 992 of 1000 / last-modified: 1664575501"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Sat, 01 Oct 2022 13:38:21 GMT

POST
H/1.1 200
OK postback Show response
s.gk.123greetings.com/2/2.69.4/945541/AYvM6_YDEehYAItJ/ 0
145 B 33ms
33ms XHR
text/plain 18.202.153.141
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.gk.123greetings.com/2/2.69.4/945541/AYvM6_YDEehYAItJ/postback?dt=9455411658248091559000&pd=mkt&mo=0&si=main&ci=945541&sid=AYvM6_YDEehYAItJ&oz_sc=bb727d3b25052ac5d94a6d68&oz_df=1664631501376&oz_l=858&cv=3
Requested by: Host: s.gk.123greetings.com
URL: https://s.gk.123greetings.com/2/2.69.4/main.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 18.202.153.141 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-202-153-141.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.123greetings.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: *
Date: Sat, 01 Oct 2022 13:38:20 GMT
Timing-Allow-Origin: *
Content-Length: 0
Vary: Origin

GET
H3 200 reactive_library_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202209270101/ 151 KB
54 KB 61ms
61ms Script
text/javascript 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202209270101/reactive_library_fy2021.js?bust=31070009

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f052e05510df623bc35067181908c03ff485e34fa5be60759607838f90584824

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Sat, 01 Oct 2022 13:38:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 55035
x-xss-protection: 0
server: cafe
etag: 7919364030571074476
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Sat, 01 Oct 2022 13:38:21 GMT

GET
H2 200 pubads_impl_2022092701.js Show response
securepubads.g.doubleclick.net/gpt/ 378 KB
129 KB 150ms
29ms Script
text/javascript 2a00:1450:400d:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022092701.js

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80d::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

34c9ee51c2dd7fafb4df5f5e0bbb0a2a3508db0692f97b90b44ab89a50a545ef

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Fri, 30 Sep 2022 01:26:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 130319
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 131011
x-xss-protection: 0
last-modified: Tue, 27 Sep 2022 08:38:39 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Sat, 30 Sep 2023 01:26:22 GMT

GET
H2 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 655 B
883 B 173ms
53ms XHR
application/json 2a00:1450:400d:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=www.123greetings.com

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80d::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d2d07aac18bd7e8a933058bc7ba424813cf1c8d40880ec10bcafd14756f8d6ef

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Sat, 01 Oct 2022 13:38:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 246
x-xss-protection: 0
expires: Sat, 01 Oct 2022 13:38:21 GMT

GET
BLOB 200
OK 538c4880-b9b1-40e1-95f4-86bfc9b5b233
https://www.123greetings.com/ 787 B
0 Other
text/plain

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://www.123greetings.com/538c4880-b9b1-40e1-95f4-86bfc9b5b233
Requested by: Host: www.123greetings.com
URL: https://www.123greetings.com/events/national_day_china/?utm_source=eoct_nationalday_china_remail
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 23ff53c1f85cf6952e39181936dbe883cc594fbd13a627c9d4c81a140a0440d1

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Content-Length: 787

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
122 B 120ms
62ms Script
application/javascript 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.123greetings.com

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Sat, 01 Oct 2022 13:38:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 112ms
55ms Script
application/javascript 2a00:1450:400d:80a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.123greetings.com

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Sat, 01 Oct 2022 13:38:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20220928/r20110914/ Frame 6E32 10 KB
4 KB 28ms
27ms Document
text/html 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20220928/r20110914/zrt_lookup.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f7408c25067cd0a9d9fe835cb4c05e394a50751d3fcde0c461db19a309abb02a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.123greetings.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 49243
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=1209600
content-encoding: gzip
content-length: 4420
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 30 Sep 2022 23:57:38 GMT
etag: 9671129459699598864
expires: Fri, 14 Oct 2022 23:57:38 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 css2
fonts.googleapis.com/ Frame 6E32 4 KB
1 KB 141ms
60ms Stylesheet
text/css 2a00:1450:400d:80c::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220928/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80c::200a , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

c2777526a216d9692dd29697ebee7836fe8ae65f3a290faa20b75b64c0625205

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Sat, 01 Oct 2022 13:38:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Sat, 01 Oct 2022 11:54:06 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sat, 01 Oct 2022 13:38:21 GMT

GET
H2 200 feedback_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame 6E32 205 B
294 B 49ms
15ms Image
image/png 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/feedback_grey600_24dp.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220928/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Sat, 01 Oct 2022 12:26:05 GMT
x-content-type-options: nosniff
age: 4336
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 205
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Sun, 01 Oct 2023 12:26:05 GMT

GET
H2 200 settings_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame 6E32 604 B
1 KB 48ms
15ms Image
image/png 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/settings_grey600_24dp.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220928/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Sat, 01 Oct 2022 05:43:51 GMT
x-content-type-options: nosniff
age: 28470
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 604
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Sun, 01 Oct 2023 05:43:51 GMT

GET
H2 200 interstitial_ad_frame_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220928/r20110914/elements/html/ Frame 6E32 19 KB
9 KB 124ms
28ms Script
text/javascript 2a00:1450:400d:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220928/r20110914/elements/html/interstitial_ad_frame_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220928/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:806::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6efff8ce63d77eba89e9cc15af6dbccc657068130e89225fc662a0c580cea9b7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Sat, 01 Oct 2022 13:24:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 856
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8224
x-xss-protection: 0
server: cafe
etag: 17584738254627026664
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 15 Oct 2022 13:24:05 GMT

POST
H/1.1 200
OK postback Show response
s.gk.123greetings.com/2/2.69.4/945541/AYvM6_YDEehYAItJ/ 0
145 B 30ms
29ms XHR
text/plain 18.202.153.141
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.gk.123greetings.com/2/2.69.4/945541/AYvM6_YDEehYAItJ/postback?dt=9455411658248091559000&pd=mkt&mo=0&si=main&ci=945541&sid=AYvM6_YDEehYAItJ&oz_sc=bb727d3b25052ac5d94a6d68&oz_df=1664631501536&oz_l=670&cv=3
Requested by: Host: s.gk.123greetings.com
URL: https://s.gk.123greetings.com/2/2.69.4/main.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 18.202.153.141 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-202-153-141.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.123greetings.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: *
Date: Sat, 01 Oct 2022 13:38:20 GMT
Timing-Allow-Origin: *
Content-Length: 0
Vary: Origin

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
122 B 54ms
54ms Script
application/javascript 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.123greetings.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022092701.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Sat, 01 Oct 2022 13:38:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 53ms
53ms Script
application/javascript 2a00:1450:400d:80a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.123greetings.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022092701.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Sat, 01 Oct 2022 13:38:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 326 KB
81 KB 956ms
898ms XHR
text/plain 2a00:1450:400d:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3900156577675395&correlator=2759216615169348&eid=31069563&output=ldjh&gdfp_req=1&vrg=2022092701&ptt=17&impl=fifs&iu_parts=46400095%2CDesktopWeb_SubCategory_LB%2CDesktopWeb_SubCategory_Mrec%2CDesktopWeb_SubCategory_SecondMrec%2CDesktopWeb_SubCategory_LowerMrec%2CDesktopWeb_SubCategory_BottomLrec%2CDesktopWeb_SubCategory_BottomSecondLrec%2CDesktopWeb_SubCategory_LowerLB%2CDesktopWeb_SubCategory_Video%2CDesktopWeb_SubCategory_VideoInContent&enc_prev_ius=%2F0%2F1%2C%2F0%2F2%2C%2F0%2F3%2C%2F0%2F4%2C%2F0%2F5%2C%2F0%2F6%2C%2F0%2F7%2C%2F0%2F8%2C%2F0%2F9&prev_iu_szs=728x90%2C300x250%2C300x250%2C300x250%2C300x250%2C300x250%2C970x90%7C728x90%7C970x250%2C1x1%2C1x1&ifi=3&adks=3914305483%2C1127719608%2C4293624944%2C3694362538%2C3926068587%2C1178609660%2C2276923048%2C933155397%2C4230775942&sfv=1-0-38&fsapi=false&cust_params=site%3D123greetings.com%26section%3Deoct_nationalday_china%26page%3Dsubcategory&sc=1&cookie=ID%3Dcc453374765d7a35-221e2c2958d70077%3AT%3D1664631500%3ART%3D1664631500%3AS%3DALNI_MZ1xl4cqGcd3ljEBfoaAaXjaEGFAg&abxe=1&dt=1664631501685&lmt=1664631501&dlt=1664631499909&idt=1750&adxs=560%2C970%2C970%2C970%2C970%2C970%2C310%2C0%2C320&adys=47%2C236%2C518%2C1870%2C2152%2C2434%2C2722%2C2916%2C1157&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0%7C0%7C0%7C1%7C2%7C3%7C4%7C5%7C0&ucis=1%7C2%7C3%7C4%7C5%7C6%7C7%7C8%7C9&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fwww.123greetings.com%2Fevents%2Fnational_day_china%2F%3Futm_source%3Deoct_nationalday_china_remail&frm=20&vis=1&psz=980x90%7C320x262%7C320x262%7C320x262%7C320x262%7C320x262%7C980x37%7C1600x2896%7C630x0&msz=728x90%7C300x250%7C300x250%7C300x250%7C300x250%7C300x250%7C980x0%7C1600x0%7C630x0&fws=4%2C4%2C4%2C4%2C4%2C4%2C0%2C0%2C0&ohw=728%2C300%2C300%2C300%2C300%2C300%2C0%2C0%2C0&ga_vid=831880633.1664631500&ga_sid=1664631501&ga_hid=898260434&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022092701.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80d::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6b4ca39ba0cd182ca9f19cb8fd8b6292803ebca88a3558bd9b71f39bb61021d6

Security Headers

Name	Value
Content-Security-Policy	child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17626451119355985920/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17626451119355985920/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CK2T5sqTv_oCFRmW_QcdreoCmQ&gqi=&layout=/sadbundle/%24csp%253Der3%24/17626451119355985920/index.html
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

content-security-policy: child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17626451119355985920/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17626451119355985920/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CK2T5sqTv_oCFRmW_QcdreoCmQ&gqi=&layout=/sadbundle/%24csp%253Der3%24/17626451119355985920/index.html
date: Sat, 01 Oct 2022 13:38:22 GMT
x-content-type-options: nosniff
content-encoding: br
google-mediationgroup-id: -2,-2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 82798
x-xss-protection: 0
google-lineitem-id: -1,-1,-1,-1,-1,-1,-1,5501288042,5461263814
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -1,-1,-1,-1,-1,-1,-1,138326033967,138321279906
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.123greetings.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 9E65 6 KB
4 KB 172ms
22ms Document
text/html 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022092701.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.123greetings.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 01 Oct 2022 13:38:21 GMT
expires: Sun, 01 Oct 2023 13:38:21 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 css
fonts.googleapis.com/ Frame E9E8 8 KB
895 B 111ms
53ms Stylesheet
text/css 2a00:1450:400d:80c::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220928/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80c::200a , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

a84fb0803620acdf77c0f41d652eb5538002ed610424bd0be051203ee50cf940

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Sat, 01 Oct 2022 13:38:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Sat, 01 Oct 2022 12:00:33 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sat, 01 Oct 2022 13:38:21 GMT

GET
H3 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220928/r20110914/client/ Frame E9E8 2 KB
902 B 117ms
47ms Script
text/javascript 2a00:1450:400d:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220928/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220928/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:806::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

981c0bff12cb03203363a70e8ffe9b7fdf4af3b0b10c7a02a639eb13327574c0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Sat, 01 Oct 2022 13:10:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1699
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 875
x-xss-protection: 0
server: cafe
etag: 16974406330603315520
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 15 Oct 2022 13:10:02 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220928/r20110914/ Frame E9E8 23 KB
9 KB 99ms
31ms Script
text/javascript 2a00:1450:400d:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220928/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220928/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:806::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

dd080c89636f8576e3364bea0867f18be3a32daa72d766da336cbb80ba5fb407

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Sat, 01 Oct 2022 12:43:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3307
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9561
x-xss-protection: 0
server: cafe
etag: 483224313611802536
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 15 Oct 2022 12:43:14 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220928/r20110914/client/ Frame E9E8 3 KB
1 KB 115ms
47ms Script
text/javascript 2a00:1450:400d:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220928/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220928/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:806::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Sat, 01 Oct 2022 13:22:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 944
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 15 Oct 2022 13:22:37 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220928/r20110914/client/ Frame E9E8 17 KB
7 KB 95ms
27ms Script
text/javascript 2a00:1450:400d:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220928/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220928/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:806::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

86d8e892ceacd8c8a7e7125c68dd0e1b311f8399871b6d64b8b6795f0235c1d4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Sat, 01 Oct 2022 13:21:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 987
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7559
x-xss-protection: 0
server: cafe
etag: 15289875785628835784
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 15 Oct 2022 13:21:54 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame E9E8 140 KB
44 KB 65ms
35ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220928/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

da8438b81e390283f6eb8cc9cf49ccde3d00c954b4fbccdf6372c162c4b58ab2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Sat, 01 Oct 2022 13:38:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44530
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1664365478704152"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sat, 01 Oct 2022 13:38:21 GMT

GET
H3 200 270cb447f650f22be90b4349b85576c2.js Show response
www.gstatic.com/mysidia/ Frame E9E8 32 KB
13 KB 53ms
22ms Script
text/javascript 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/270cb447f650f22be90b4349b85576c2.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220928/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7a0049831d92582305911a42f5ed743a1fbd56c69247dddca678d36c9d71b85e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Sat, 01 Oct 2022 10:26:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 11505
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13677
x-xss-protection: 0
last-modified: Tue, 27 Sep 2022 00:52:44 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Fri, 30 Dec 2022 10:26:36 GMT

POST
H/1.1 200
OK postback Show response
s.gk.123greetings.com/2/2.69.4/945541/AYvM6_YDEehYAItJ/ 0
145 B 30ms
30ms XHR
text/plain 18.202.153.141
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.gk.123greetings.com/2/2.69.4/945541/AYvM6_YDEehYAItJ/postback?dt=9455411658248091559000&pd=mkt&mo=0&si=main&ci=945541&sid=AYvM6_YDEehYAItJ&oz_sc=bb727d3b25052ac5d94a6d68&oz_df=1664631501790&oz_l=6226&cv=3
Requested by: Host: s.gk.123greetings.com
URL: https://s.gk.123greetings.com/2/2.69.4/main.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 18.202.153.141 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-202-153-141.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.123greetings.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: *
Date: Sat, 01 Oct 2022 13:38:21 GMT
Timing-Allow-Origin: *
Content-Length: 0
Vary: Origin

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 151F 143 B
163 B 28ms
28ms Document
text/html 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220928/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/html/r20220928/r20110914/zrt_lookup.html?fsb=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 81
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
date: Sat, 01 Oct 2022 13:37:00 GMT
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 151F
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
19 B

83ms
82ms

Document
text/html

2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220928/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 01 Oct 2022 13:38:22 GMT
expires: Sat, 01 Oct 2022 13:38:22 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
date: Sat, 01 Oct 2022 13:38:22 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 gnLtmcL-mn53pq-EJRMXOCFACjpZd0iqiIv80oTeKas.js Show response
pagead2.googlesyndication.com/bg/ Frame 25B0 36 KB
16 KB 28ms
28ms Script
text/javascript 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/gnLtmcL-mn53pq-EJRMXOCFACjpZd0iqiIv80oTeKas.js

Requested by

Host: www.123greetings.com
URL: https://www.123greetings.com/events/national_day_china/?utm_source=eoct_nationalday_china_remail

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8272ed99c2fe9a7e77a6af842513173821400a3a597748aa888bfcd284de29ab

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Wed, 28 Sep 2022 19:21:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 238629
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16010
x-xss-protection: 0
last-modified: Tue, 27 Sep 2022 16:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 28 Sep 2023 19:21:12 GMT

POST
H/1.1 200
OK postback Show response
s.gk.123greetings.com/2/2.69.4/945541/AYvM6_YDEehYAItJ/ 0
145 B 30ms
30ms XHR
text/plain 18.202.153.141
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.gk.123greetings.com/2/2.69.4/945541/AYvM6_YDEehYAItJ/postback?dt=9455411658248091559000&pd=mkt&mo=0&si=main&ci=945541&sid=AYvM6_YDEehYAItJ&oz_sc=bb727d3b25052ac5d94a6d68&oz_df=1664631501986&oz_l=1894&cv=3
Requested by: Host: s.gk.123greetings.com
URL: https://s.gk.123greetings.com/2/2.69.4/main.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 18.202.153.141 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-202-153-141.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.123greetings.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: *
Date: Sat, 01 Oct 2022 13:38:21 GMT
Timing-Allow-Origin: *
Content-Length: 0
Vary: Origin

GET
H3

200

/
www.facebook.com/login/ Frame 6A08
Redirect Chain

https://www.facebook.com/v2.4/plugins/page.php?adapt_container_width=true&app_id=6268317308&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3d7017c8...
https://www.facebook.com/login/?next=https%3A%2F%2Fwww.facebook.com%2Fplugins%2Fpage.php%3Fadapt_container_width%3Dtrue%26app_id%3D6268317308%26channel%3Dhttps%253A%252F%252Fstaticxx.facebook.com%2...

0
0

364ms
352ms

Document
text/html

2a03:2880:f12d:181:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/login/?next=https%3A%2F%2Fwww.facebook.com%2Fplugins%2Fpage.php%3Fadapt_container_width%3Dtrue%26app_id%3D6268317308%26channel%3Dhttps%253A%252F%252Fstaticxx.facebook.com%252Fx%252Fconnect%252Fxd_arbiter%252F%253Fversion%253D46%2523cb%253Df3d7017c8c5962%2526domain%253Dwww.123greetings.com%2526is_canvas%253Dfalse%2526origin%253Dhttps%25253A%25252F%25252Fwww.123greetings.com%25252Ff1120de4067ba%2526relation%253Dparent.parent%26container_width%3D320%26height%3D287%26hide_cover%3Dfalse%26href%3Dhttps%253A%252F%252Fwww.facebook.com%252F123GreetingsCom%26locale%3Den_US%26sdk%3Djoey%26show_facepile%3Dtrue%26show_posts%3Dtrue%26small_header%3Dtrue%26width%3D320

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js?hash=a48571436ebd15cde109ed1bcfe6338c

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f12d:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net wss://.facebook.com:* wss://.fbcdn.net attachment.fbsbx.com blob: .cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ .fbsbx.com;font-src data: .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com data:;frame-src .facebook.com .fbsbx.com fbsbx.com data: .fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.123greetings.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: private, no-cache, no-store, must-revalidate
content-encoding: br
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-type: text/html; charset="utf-8"
cross-origin-opener-policy: same-origin-allow-popups
date: Sat, 01 Oct 2022 13:38:22 GMT
expires: Sat, 01 Jan 2000 00:00:00 GMT
pragma: no-cache
priority: u=0
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
strict-transport-security: max-age=15552000; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-fb-debug: ACG3rOJgrTQO/6fuur3JE+lfyPJUheTojWQBqUTJxEoSWVwTdm/yWhHCv83MWIoJ6Kzab9yP85gOEc6/N1b05w==
x-frame-options: DENY
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: private, no-cache, no-store, must-revalidate
content-length: 0
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
content-type: text/html; charset="utf-8"
cross-origin-opener-policy: unsafe-none
date: Sat, 01 Oct 2022 13:38:22 GMT
document-policy: force-load-at-top
expires: Sat, 01 Jan 2000 00:00:00 GMT
facebook-api-version: v8.0
location: https://www.facebook.com/login/?next=https%3A%2F%2Fwww.facebook.com%2Fplugins%2Fpage.php%3Fadapt_container_width%3Dtrue%26app_id%3D6268317308%26channel%3Dhttps%253A%252F%252Fstaticxx.facebook.com%252Fx%252Fconnect%252Fxd_arbiter%252F%253Fversion%253D46%2523cb%253Df3d7017c8c5962%2526domain%253Dwww.123greetings.com%2526is_canvas%253Dfalse%2526origin%253Dhttps%25253A%25252F%25252Fwww.123greetings.com%25252Ff1120de4067ba%2526relation%253Dparent.parent%26container_width%3D320%26height%3D287%26hide_cover%3Dfalse%26href%3Dhttps%253A%252F%252Fwww.facebook.com%252F123GreetingsCom%26locale%3Den_US%26sdk%3Djoey%26show_facepile%3Dtrue%26show_posts%3Dtrue%26small_header%3Dtrue%26width%3D320
pragma: no-cache
priority: u=3,i
strict-transport-security: max-age=15552000; preload
x-content-type-options: nosniff
x-fb-debug: bFH96mlv8V5ZvX7Jq5si+Q+wPSUm1asTrCJuUsdNIFISe/QAgNfy3NS2us/y4iNJotO4CsbdvMcJP55ghvVhoA==
x-fb-rlafr: 0
x-xss-protection: 0

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 14 KB
11 KB 134ms
73ms XHR
application/json 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20220928&st=env

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a65fc129fb0750ba784553a74b4dd3442b53e562c27e43a6b5e8dc791daea556

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Sat, 01 Oct 2022 13:38:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11253
x-xss-protection: 0

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 62ms
62ms Script
text/javascript 2a00:1450:400d:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:806::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Sat, 01 Oct 2022 13:38:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sat, 01 Oct 2022 13:38:22 GMT

GET
H3 200 container.html Show response
b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame C2DA 6 KB
3 KB 162ms
16ms Document
text/html 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022092701.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.123greetings.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 01 Oct 2022 13:38:21 GMT
expires: Sun, 01 Oct 2023 13:38:21 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 7144 13 KB
5 KB 176ms
28ms Document
text/html 2a00:1450:400d:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:806::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.123greetings.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 171976
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 29 Sep 2022 13:52:06 GMT
expires: Fri, 29 Sep 2023 13:52:06 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 7574 783 B
534 B 63ms
27ms Document
text/html 2a00:1450:4001:82a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

fa0f0672cffd642ffee15f4c66002727da5ec324968ce261d8e4ec22c220c0e7

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-Ar0FiTmzTTDG8foI4rvf0w' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.123greetings.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=300
content-encoding: gzip
content-length: 512
content-security-policy: script-src 'report-sample' 'nonce-Ar0FiTmzTTDG8foI4rvf0w' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Sat, 01 Oct 2022 13:38:22 GMT
expires: Sat, 01 Oct 2022 13:38:22 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 container.html Show response
b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame AA87 6 KB
3 KB 24ms
14ms Document
text/html 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022092701.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.123greetings.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 01 Oct 2022 13:38:21 GMT
expires: Sun, 01 Oct 2023 13:38:21 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 container.html Show response
b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 4ED8 6 KB
3 KB 25ms
15ms Document
text/html 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022092701.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.123greetings.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 01 Oct 2022 13:38:21 GMT
expires: Sun, 01 Oct 2023 13:38:21 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 container.html Show response
b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame FCA6 6 KB
3 KB 25ms
15ms Document
text/html 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022092701.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.123greetings.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 01 Oct 2022 13:38:21 GMT
expires: Sun, 01 Oct 2023 13:38:21 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 container.html Show response
b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 50B4 6 KB
3 KB 26ms
18ms Document
text/html 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022092701.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.123greetings.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 01 Oct 2022 13:38:21 GMT
expires: Sun, 01 Oct 2023 13:38:21 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 container.html Show response
b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame BF64 6 KB
3 KB 26ms
18ms Document
text/html 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022092701.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.123greetings.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 01 Oct 2022 13:38:21 GMT
expires: Sun, 01 Oct 2023 13:38:21 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 container.html Show response
b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame DF86 6 KB
3 KB 26ms
19ms Document
text/html 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022092701.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.123greetings.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 01 Oct 2022 13:38:21 GMT
expires: Sun, 01 Oct 2023 13:38:21 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 4948 0
0 66ms
65ms Fetch
image/gif 2a00:1450:400d:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsv9p7j6JJoIFhlRHGBIVg24RPnH7Q7qtuNBQgv7rZGny3QoyxVbMsu1H9TKqTGduqi5PIhs52MB1ipGbBD51NFaztjCblbn24RFzxnqf70HU6JQP0fK4GL6euJvS1GO0uMUVZwEIO-qEZgbCBEd61cvVhlRrCD8VMzUjsEStT9LH45Y_7W6OOElgGbK_6QkIaf4_Ta2_JQ24uV8trLMJ8An3QcvE_L3GFzJV1z8IHPTtZ4cv9ITFdCKuCVPtWe5RxpQg_wKnl4ZhAf3dJdqV33YvlxXe-b9yVh73f4ksQgsvuY-Nvg-EFX0j3VpIBpv-K9JWOQPV5LjtGWlcOxdssIrVrpM_mRIDdQ&sai=AMfl-YQCwI5Ey8ks7JzbVDRO6XzjEwXy9rl_-6L7KBDf4UzAUGtH-eT631hySJGBmG2UhK4LjlsUt8KpFxw4cgzskkI6GItLENIjf_JssY-vZ_kELRYrbu-CN6qkMU5W6Vyr4g&sig=Cg0ArKJSzBiTS-YBvNPdEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: www.123greetings.com
URL: https://www.123greetings.com/events/national_day_china/?utm_source=eoct_nationalday_china_remail

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80d::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Sat, 01 Oct 2022 13:38:22 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H2 200 video-loader.js Show response
cdn.avantisvideo.com/avm/js/ Frame 4948 32 KB
11 KB 60ms
9ms Script
application/javascript 2600:9000:2057:1c00:1c:38a0:8a40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.avantisvideo.com/avm/js/video-loader.js?id=1c35f5e5-f7c0-4c97-8283-6c9f94ba8c53&tagId=1
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022092701.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2057:1c00:1c:38a0:8a40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 2e4386cf56ad2612f0ad0526372b3d1cd96d6ecb3f32836f141aa28207b3907e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

x-amz-version-id: o3_UP5DBpj34HIRp37PMEele1xlw3U13
content-encoding: gzip
via: 1.1 f038e7175be9761825b2eefc2b0a832e.cloudfront.net (CloudFront)
date: Sat, 01 Oct 2022 13:07:50 GMT
last-modified: Sun, 29 May 2022 06:35:41 GMT
server: AmazonS3
x-amz-cf-pop: FRA6-C1
age: 1833
etag: W/"d29171b34ea93548beb17fd35f5b439b"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
x-amz-cf-id: 0XWK9eS_jN34xeE85mGjrPjvjsmRtwnOq0WQp9cra7iOfpaswAe_BA==

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 4948 140 KB
44 KB 31ms
31ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022092701.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

da8438b81e390283f6eb8cc9cf49ccde3d00c954b4fbccdf6372c162c4b58ab2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Sat, 01 Oct 2022 13:38:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44530
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1664365478704152"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sat, 01 Oct 2022 13:38:22 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 327B 0
0 66ms
66ms Fetch
image/gif 2a00:1450:400d:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvyI10N75pg-Fj4nqe3qSErmqCa2UwODEk2e3IXt9eNvVpf3iDxwN-mU2SPxNb0Fp4Tzdh-1KyN9NmL0x2KULt9a2nmITeU8nE5CzjDyIxCJQEWuAsrMGQzdoXwUz3W8y9aZPe863tLJ9wSrnlEt4VBrWXyd3BcnKNOTKpCLflmdW8n2A6_zzJa5RizFw8UZOj48sxH2tWMQCBURp2xUCPv3tlU_CZ5rp3RIgr0IdP7VIyzMxfHK1vRGzrQwxrR_wTBQQiO7yk9Z-HcDkMdVMGNk_9Vu3RidfR13ybs34b71vXwuo-MIp2YAUTRiqIgeAIfJ3C1tKf1oxLa-jJgwtvbocZLsuf2NMmNgX8MbFyefoc&sai=AMfl-YRHeU8ch9XfhFE4XvCjt_-bQFcGu3GDrcP9p_SiYBKNW7gU7dCyJUxbkO7aUjK52fJKnui8x0cXfWL1N3n6Q3dWmimiA2vxKWhawFeyI8JTgsvaIGqlxiDVRli6ufqQfA&sig=Cg0ArKJSzHDAovJArd0KEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: www.123greetings.com
URL: https://www.123greetings.com/events/national_day_china/?utm_source=eoct_nationalday_china_remail

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80d::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Sat, 01 Oct 2022 13:38:22 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H2 200 video-loader.js Show response
cdn.avantisvideo.com/avm/js/ Frame 327B 32 KB
11 KB 50ms
10ms Script
application/javascript 2600:9000:2057:1c00:1c:38a0:8a40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.avantisvideo.com/avm/js/video-loader.js?id=1c35f5e5-f7c0-4c97-8283-6c9f94ba8c53&tagId=1
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022092701.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2057:1c00:1c:38a0:8a40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 2e4386cf56ad2612f0ad0526372b3d1cd96d6ecb3f32836f141aa28207b3907e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

x-amz-version-id: o3_UP5DBpj34HIRp37PMEele1xlw3U13
content-encoding: gzip
via: 1.1 f038e7175be9761825b2eefc2b0a832e.cloudfront.net (CloudFront)
date: Sat, 01 Oct 2022 13:07:50 GMT
last-modified: Sun, 29 May 2022 06:35:41 GMT
server: AmazonS3
x-amz-cf-pop: FRA6-C1
age: 1833
etag: W/"d29171b34ea93548beb17fd35f5b439b"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
x-amz-cf-id: D-mezE6DvtDolF4C1BbJ8_YN1JwpZxvjpBAgZeh_7JmWN9BlAx8OOA==

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 327B 140 KB
44 KB 38ms
38ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022092701.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

da8438b81e390283f6eb8cc9cf49ccde3d00c954b4fbccdf6372c162c4b58ab2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Sat, 01 Oct 2022 13:38:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44530
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1664365478704152"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sat, 01 Oct 2022 13:38:22 GMT

GET
DATA 200
OK truncated
/ Frame 4948 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d83ca845b009ef2714ac02d097dac2e539d4ece0f8e553b946b82259dc3050f8

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 327B 217 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b45a5297202f4af1ba907da7392a0da43fb1eee6fc5764f4242b576066d6db29

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 2450 624 B
297 B 57ms
56ms Document
text/html 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CL6WcRCwifCiAxiE8MHIATAB&v=APEucNUrx7-NSikbe1mO09OGBjpVzgGu2ud9Vur-lUPGWO4xPbyTX_xcrP2pI4Dp1vQkSha2QDSTYtXiAE0h0vPORzxcKef9unDi62jQ35AC1zaAWqnPOLp0xO88i-rwZcyyiPJw191CAhgINeuxz8otzg8NeJMgGsotH8meZBSWyETgO3dSPz8

Requested by

Host: b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com
URL: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: gzip
content-length: 276
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 01 Oct 2022 13:38:22 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame C2DA 78 KB
33 KB 89ms
89ms Script
text/javascript 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-Dze0B5qJ2g0Kw9mxJDgm2jo1DwRLf7r1Us3zD6vR4KJLaMUl81XHlVPDbFabktFPTdOkgORwEYomnzVykFfuniyva-vA&cry=1&dbm_d=AKAmf-BP-xab-LbqoS4C0aAsPAVlAr3iorsxLBO1Ck-qmuLS4bOzgeiCm5Us1Nr9AKwyDc9QYJfTT5TrjJml9ehKVnkMcV6cE9kGhKWw9eYg0slT1hdB8AqpONlBUusNxY0AoFdn0sMFrVepD1lPdzVAlczVJ-KsS6YEOJyqxqLt_5Q71jntTMe24lCDw-Y3s7ztTdIu_ek6w8xRtPmE_vKQA4bxhmODNTESQYC_UKSiz0yhtqHM51E00A_u7IZO1Oy1d-jj_tZVlMAYxwse2evdbA42AelYQeaZ3K1P0eWYqmlB1UyWrSbptLy3ZUXPIdc8nA-E3gxzsgu0zwQqCRxoLJ-Ywl90xwml78pLWvar7FwWHHVoD4HQlNEAmauusfVxTMdwwRO1fjBMA_bai3iM-7-3q6VDNngyGrgT0OcZqSe_pjTpOEuEQrpHidg-wC4SSkcSB4e-yz6xod3K6ADF_UtS0-pi3YR2xy2P9Ow4xHAaFLp8ZwfC0Z0tLT95A-AFxmS8xDV5sGXPpWFFEQ__Ety3lYj73y-UWL9umlVWd7bwfFGu3aZ_oLhwTNUMudBYLWbrYHCvnK30be9HkTfie2ynd_auZAXp7rIblq8Y1hrdmeLxMvp3cTjC7Z7eDJQAEGlMR2OyVbdXq6w-ljDtoX5zGY57Znixz5WHX0b84mSAZ5yv9Olt78VV1Mrh5t45rMuGUXr-dB0XCcA5FRikz0-eyeE-XzWIkuH739AdCzSDZJb2avYP7dyjZTPMYanGChGinaSHxy8FtgZt1q0_BNhF5Gf-9h42yyAdfr5pmH5Dx_j7GdcBgrujT4oFAY-q2oL3J0CZNX4GEL3HRWhL4SERNxgaGfYrHygGGwmhewtg1jMVmUYUcVdf69wOlEhv4x8CcdFhPO00QYQDPqOTNRBPCQLI0JINRqS-FR0V1GpFXOEhZkc5ec_kNno7VWyZeqGdn5iqZaA7PLvkGmmakbK-qLJepjLJgFKV6E91Prw9xqZeeVSTGU9UM9_XTKCVrS5r9_XQ8liFJWGG6_jpyr76tw7P9DZq4klQ_lUTJE4LFk834xxUvvsBM0MNHrmJjR7ypcgTycHjJ-XlVQF7WM_NPOfZPVZ46JT5xn7otz4px23d8hGloqsyJ2j-WixZYwSZHrjUuZLhmNLuH2mL-mSRgL6bN5VfFjDPX-hZx86m3dtsFj-Y5orYGMnzrHdBpWjqMYav78e5aNxKQwkLoK9zO0lmMF_RNtO8BrJVXAMvCCIl-c6TVzT87n5g25S8Cwm4RSpVZFxCMVhLGMyBfeoV5cUFJKkaYNzUYOi72bfvJVt7uKCDMovOqNtF2UEX8jjLiS7WArW5leI2y9_EshmWQ7gXGxmt9x1ct9f2eNRlksp1uGd0ECntkOj9v34cnglRbVooS-B2Sxb8BgtOaMoiHm2Wng5TqjNlajumP53VWJj6ANGYEJito_WDew-m5iI9H3RfACezDdgm8VRnw-3XKxiTe2UWzHgoZEY3uJgYvcfdhB-EQIK_vD493lSUWeJhRi_di4bmY6bKDkolROoe3QPqFhrezmgEVMmivKDI-Pv4Lktfm5i0yrHcafw-9dREFOv-CdjGUfTUzrmdre6445ARxAhc9byCTmuFLJ_rC5kixM70aGdAfBaipBfEVpHQLPjxOvHpxbaMnebTROJfsWIvEZfaaX5PqKGIbN8DFxDB0uYGjK_EBhbE2qzF9AWx092rq6mHN29yAxoMX4KKAxBC7ETSB59WI510iRt5pr_r_yriS4Q1fjJvtZaNB6fyYEnEShjtrNKOQRiocu4V-l9iIe5-djP4676TOmIjXg3rIj2ucDyEaCXIY1GajlRXiropIIDLgS8AaaAzHHqgQEMQ-yJmpKt17W_XbNEsd1XumHL_zSfzJzX7aGJv1KAzvW3SGVm4_QuGNcVQvPkleMbg6IE93hpez4SfKY_lxyD8iSoZ9QGrKm989gsCbDlaZA-nzg2A6pCjkK52MYKZ0XGCnCGmGt9ClSVeeXQM-kRfg1-_ssdvvFUNNqcb89k0C7KPm_0VLBTJ8LosXT6uACdhMVp9KlKtJ8VH1QYJYE5PYjUBJUcdSS_AV_KnVCdaaQvIu2ZjUWhu_cL8tVDDNbhN0NThI2mp17F7fNEijDUhCRvrCG9cYOqTU9BDBgQzEnJ9SvuZxYUqpnyK2MSPB116F8XeLPdOsTWPBM5nMpqaW-uoaot3Akdf1T_OEuiBC4OFOt5q2ikxToytDpe46bNqXsDWmuOqeDCw4g0AEj56zfslVlRgdeJRfiZ_cKtIiC2AfcWBfyoM_9PNSdiCcsu_BETze5_Dh3VReZcYJKyhhGG4nLClQanV9Ll03Cp3ldXwo6Uv8Qw9qIkHuTPSQQEgepa9NvMeoYRAQInzxmKaoSaQoGQPa3bxbPqpYAplBt7wfFu3repdpnLefLFj1XBNKDmo2_e2ToNr6_W-6Ty2PnrKA9AyZ6RE0UBc3uXQXDbwRhZks1mmQR1y0vcpPHB-pmmJuUmA2dDB96iSW9qYtSFR_T4SyG9QNpfBHYIzj-uUYs2WvtKf8_TM_tgzvtORc1ZwRodfh2z3vKQtoRsS2RayHDnPq91liHR-uWuHJ-JO2WPlazEXl4BC6pqg2SJCp9skVrkkmPz0zkNck5xj4bNq5H0F14Z-kROyRctVjgmunhK5btY7R7JU4Q2xo4u95hgXAneMKGnSQBC5VMbLenPuVY4R7FpG4d-kOPltt1sr-6yDhgZ0t7lPP8r-opqYySwEQHwMwOWEnu8RHZkVTa8b8ofS1XrtToS5eut3SClmBV5d8tThg2fNSf59sZPwVQoAH0uGt6VTbe0W9EsdL7OvyNPjbqCQma2YT8sMCQBQBo8DsUL_6UitX5SBgGI9ZgqGf8d3fWwM8Cu5Wpv1fXyZNyHYVqpdkiacUJ0D40xsb8HeZjRlBky0J42_4cCvpw8mU9emH2fR0ewVsAvdqhszPngHuYuehddLLIqKXynrFuD-xQHW79KW7EBC4qxxiQhyXzw8z1CHD52ALc_6jVDJoBeMCez8iFdfjEsihMOg8LFbufgLQT3gacyxwdRWewZVdL3iMGxi5Fna4qO99-vL9eDbI_c-L24nYodr1mRmUqYkdkBGbosNyvieyp8C4yQje3gRWT3aKVaYwbeNpiymWdiYd2-7riGHBPEWW-fpvf5Yh2-XnxuCfsobHrzwLKyye6Sv6lFgRkYiIoe8yiRT556rnitPeuLrz_SgfWP2SP_D42NHTSZn48bFwq2khCfQ67NdLSfiClpRldDKy84CiIHkBNhB9o995ukybgWG&cid=CAASJeRo_ysZ9A6w0hy8OQmNengSVuizNEgNjtdwKJpqRLKs1JaRyP8&rfl=1%2Chttps%253A%252F%252Fwww.123greetings.com%252F%240

Requested by

Host: www.123greetings.com
URL: https://www.123greetings.com/events/national_day_china/?utm_source=eoct_nationalday_china_remail

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e7c5876c9abc1c9481545e39db9900a31a356bb1a9f92541a05c650ed51b991b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 01 Oct 2022 13:38:22 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 33699
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame C2DA 42 B
63 B 61ms
60ms Image
image/gif 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-B4oy69y-ARuBlNrSn8PA0fNZXvm8ITBKYFWc6eJR2TEDrjSnHpqdvNkjkYu5932l1WgS8xLf2I9hgoKJ4x6EvMEcE2Sdvyf4_nPDLfWSftzJs2hOs

Requested by

Host: b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com
URL: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 01 Oct 2022 13:38:22 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220928/r20110914/client/ Frame C2DA 3 KB
1 KB 29ms
28ms Script
text/javascript 2a00:1450:400d:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220928/r20110914/client/window_focus_fy2021.js

Requested by

Host: b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com
URL: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:806::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Sat, 01 Oct 2022 13:22:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 945
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 15 Oct 2022 13:22:37 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220928/r20110914/client/ Frame C2DA 17 KB
7 KB 30ms
29ms Script
text/javascript 2a00:1450:400d:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220928/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com
URL: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:806::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

86d8e892ceacd8c8a7e7125c68dd0e1b311f8399871b6d64b8b6795f0235c1d4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Sat, 01 Oct 2022 13:21:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 988
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7559
x-xss-protection: 0
server: cafe
etag: 15289875785628835784
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 15 Oct 2022 13:21:54 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame C2DA 0
0 23ms
22ms Image
text/html 2a00:1450:4001:82a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQW3lxNsfVPDe-U55sU3eQ4CHjAuemkS6cWsCaPntA-KH_G3mChB2qy1aZr0pxIe48jIiTj6afa7A1k34SBzSL2mGYD7g
Requested by: Host: b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com
URL: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame C2DA 140 KB
44 KB 32ms
32ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com
URL: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

da8438b81e390283f6eb8cc9cf49ccde3d00c954b4fbccdf6372c162c4b58ab2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Sat, 01 Oct 2022 13:38:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44530
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1664365478704152"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sat, 01 Oct 2022 13:38:22 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 4BA2 640 B
316 B 55ms
53ms Document
text/html 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=COWiHhCsuIT9ARjXhbrSATAB&v=APEucNVKl-mA4RhNA3kFhCFH5Cpg4uzg29KFgqS8ZYRh094b_gWzJxg5AKRwJToQGkBrhTx1jCnlsWluFXW167BsI3Bx2TMnB5CyC05d5DxUwDFpiggPWzYsPNMaf-3f3e5MI1V-2ZDOVHjdNoGzNaa9JP_L0rlP_N0ZVKqwGNRUKoEIshNfZog

Requested by

Host: b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com
URL: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d0e8821e889280c3b745b859e6b3971924723a4562bac65ba8aa0fe44bfc83b2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: gzip
content-length: 295
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 01 Oct 2022 13:38:23 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame AA87 15 KB
11 KB 89ms
87ms Script
text/javascript 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-Ab-fYsujmPMkLp-Ai5Wf2qh0q76vTWRfXWuaBzk_4lLlTSmQTKsDPLovuQlwpmaLb4tg2iy8EQnUc-ZQVfScNcntSB0wWIgKyUeT-PnITIkTdc3LUaw28Tn6GqRyxig50NnEBLinyMO0bnNX5-dhllYDtnVL4Fp8hH0dg1BDvRbe5i-N0&cry=1&dbm_d=AKAmf-B2JqPzkMApIRiVEZ6GVlXNKt2CMZ2oFrLQrzYx8GetPwtKI0jMisSoIXGNqpwOHZPuuNbANd85VEcaVQfjaXZs6IKpxdCeBwWmV_jpRfedVBpV3oRsrtpFhkht7jxU8boT58e0ZKp3U30eqzfyfcOT3s8cX4CZ9rlW6shlpTL4o2jnrw05dwwv5z7UO6agVYGfhqJ6qqunu4zW2M75eDu7jLhOxDHFjc1KRt5wYrPOGUW072KBsknn1bSrgzERDjKp5Y5QEEbTFeqitz6G-4AV6M__tJ6-qLDSRTxYG_bKdQhaUutu9736I-bBMc-tdXX9Z-gp8DjPifhZ4WPVAtXcnOqSO0XSAq1RKA_w11ce3N-HYrGi1_WK6Vn3AEtQM8W-WSzytWd2hrpF_b7ZECze91WKqmrlM40evR6w4n0vVgmmqO80LUhHRMbxwZVbXjcjHBjUgK_ke4uYSGAUYT4P9z-tvXpTw3__7w2n7GFd3oXfaPwpfN7yjh61eBA2B3F9ctR_Ynx3J9HGHcy5ngUsAgEJYLaUNpV87kv__spFri0Z8gEvt2yMi4Ho0ckO1hoOY2ZoiHN6uqb4UaiQ312FLeXi8aiaf2TAumHfge5ZpcRDXV_y4oajoeIldgnnl5PE280qldOSXbVkGpKqd3EGz7xloIghNKDv0IYTqYoOtdK1uLx6OkQPuZ5oDzKJcevEhyiSA5Q9wu_DV5cH5ZJZQUFj0ne_xZOxst57PxVW7ZV1i9WsWKzWAwmydxSKOdHP3C6qumducx5IX6fDyt6bB6OQj39MA73dfzohfVzUxZjKTgu7NBytkNko_m8LusgiTT53j1U8jd0WMHNqJ60CalWtJtR61pPUOtgW1lMwBsR7X0U8QD8I77Mfb1IsGQrbmTMv5c0TZ37wkyKg6jAENc4LyABhCEL1QiNnjDq_owfH7onC3pdd4VEQWQlXwDVPX4Tx8jLdUlcMv8T3d0_7riMal0lO4-fU-52Q0jSIVFf0PrlrUkRPNzgrpLIVbZfDa9NdDDxsSp2sc7cew4TQdyT4KK4ShIxyEvctsCu-myU52_3jRe_7G1IipFqbH68OMk6Bam5xgCHe5CmgxdHP__UQa8d4VcJV1ocAJ0i6IB4xpPc7eseX0pzohyWOShK4o4LQDhfinWY4xNvrRnMzaAMhrqwBhY7w8IWm_IrPiEIpiehp1QJCIFnZRPJot6GRvGb0OjWksRJqw7EPFQ8CfeE2pBGkmvxePA4hAm1n01LuWYbhJvo5DTJWHGn4550LPgQ1oQ0vHjn5bVcwsthMl-plBfRq70y4fHlpDV80gXUO0BkZ9F9RThVQMcrqisGm2DfdhdgyV1GUPuOapoJtcK2Xk706KInBYPBg17shK4EM1VRig44eu4Oxz57un6X7Lo6eW_K0z_G9UoAic01h5bH-OnJRLAMDGnZi0WI_gGfQU_E_a4osoIim9JJg43p6YPCOHEs7bGxy4HXmPwb75VFRdtjf6FZVEoVqZj9b32QC8-9o6zJIBE6SljYpSaT5ZLX-OA9Aa85-K-wzgIb5-btUQ4IKAFbLryNy3HZygLYeSMSstHqjymtHG31W15VsWEj7b1WqzJSDY2I20bcYBn6Bc7wMxC47_R8n64zAn1tiao3uaaFWUWfb7DzWM3xqGw1yIrGYqvLrpFLaX63CFjtSfIqOYO0Whxc9aP9rk4XQhvyUW5duEt_FCGlfbhs3bw8IjgzRpZhhJ4KM_i6dtfC64T6iM0bb1MzJBv_PrSXLwE9AKCx6AuQ8AMBCEY6AedX8LPPEZ8FgcQ40tDJUq_ekDBq5-GUuef1Fv_uIIKa3LfnZ5GyPQS54kHGVD0kEdTUfQX0T-DVHAQ2g-C8Wvl3jhWr8mV0ItgLfR1CUzRpwnTv-wi91xLMH3F5hAO5pK3w-Zt3Gw2jnltWUis90kOSjMY6aSNqBTazs3t0mKy31v68TxllAdAOJPDeesKcOgeE-pKDHTmbE9RznsEkuDzO-VmZEfeXHyvgU_9mxMtlV_2BIWuDnV5occO5QZqHFCTO64hgywekZ9ztzsQ70daFdGV0zj9fRqHJEptLCi2YmTxZBcld2FnpF-O9hjn6uFv3uVUDrPR7MRQI2nsohkXseuVVJ6_bzWddYqoVsBsiPd3LTfgJtXlh8uXzEwrKgELbEqaRzJnIsPvdQFuvbXCdidCkYsbhHeWhVH0E1_QtyhpbdGwnNNuNXCVPyQyCEWm77RCR341LY7FqSiOW2SsQYU8tTdlJsONEOxqs3sf4CCmOG19PJ_N6oRyJ4dlXn7ysPtwsZWQRw096UWgrVUkdgeR4WVYXvflX4nd-AQpGQ59w4E7oEgoqMjKElrLtZ_emvqTgY0I3lvo94EPKpTRd8VYyWfDb-Q3898P4_XkviviCoLUlcHeFIISOgc87NQuBmDtt1XCZ1fp_HvJz6HY3-xa7N-Mdx5-tp-wNcW3D9qR7xnOF7tdYuet9IOVNCSrQoP-VXCzVYaZMdgR8SCNN1LMx8oWI0AlfSOpr0qy-ROyxGzMUeTzqTzAiD9Yhp-0RuvUoOW92_bf_PSZ6TMnvUzNigOlSpYfFCcbTJniogWBTKj_sVXtfoSbjbFrueqKWmtAkQqm_Qfp-BHZCJf8-U68lnVJmLV_X7s1SZ4l36eU-n8XfLbH4byfDuCwpNa6weAID0vd4MlfB6aKkennMcgVyqmGqOvZJ2UG7pCxAb-SWw5WW0uAdn_NDQXe1RjKrS_KZJqfhFRRDQRkaxMaXDfUk4jmQnAKBahVoKuu6TVXOje-K_TaGqK2Vy43PzBB_Ke68eHEa3izJX1uJ1J8NXuePgYxHNwrB7Q2GJSUYV8hHffC6OVj_K914qupGU7CypOVrXntUqzDU2bLSaRCqTG151xX_SfGTDue4xM-LiBG2gVFNUxz13dtDwJ6ISx_y1pzy7J4wNkT9uZfxqPaROqu80_6CrY_lQGh4AJ1qk5Ov7vng1zu8Uu5P-6A8IO1ExV7qOQNcfWDHB8Nu9G1X3gPwbxureE55x51XEZddJQ-hVwAdJXCyG6hMMBTDKtI-1fNOU_MTR8vm1R5uKPk5qGHrvJcVI2_EZIuGn1vF6gzlH_3_xTg8m4dBlw7sFxqweHAwgoWUewQjcCKzquAxLqCrZHcbA7spk7Sjngex4uJLShVZo4urIAuCGwb-pboUkQDb1xCf_Ya9v3sv2aAfnlCyt8Y5eKYdeq7P2XouqqmRbJgsJCIOQ3pnRwE1DUUDWk_Zyv1cl1b1i1I9l0GRPxktEUCVknWIAG8d690PehBKOJy6eleEY9P43fsJ6Q2okmDDefSps9xPqANsYK0SkGGP6zwgqSHJweWYw5t0MvWqafN2VXPlGSGZGtWZeVOqZPIBe45j6J7XE3QQhLD8p549O8k3uHy8kybaqA4HqN2Q&cid=CAASJeRoA3_4VYO1EQZH06ETe3Lb_MXeUBvnE55Vw8yRLgRmJo6Ihlk&rfl=1%2Chttps%253A%252F%252Fwww.123greetings.com%252F%240

Requested by

Host: www.123greetings.com
URL: https://www.123greetings.com/events/national_day_china/?utm_source=eoct_nationalday_china_remail

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a8d0cdd39efc95fb87ffa57797b7e322bfdb875b0015a3368c771e524e70aa01

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 01 Oct 2022 13:38:23 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11296
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame AA87 42 B
63 B 61ms
59ms Image
image/gif 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-Blg9S4xCmTbDTXnJUgqt7Ma2ClxM_BMm14R84FHpY46m2eq57iQRWVfw5TIdEcskT93mta0R8UwYeLsY8_HyF1uxmM0qZ91zCDv4N0cYifStSTUJM

Requested by

Host: b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com
URL: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 01 Oct 2022 13:38:23 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
track.adform.net/adfscript/ Frame AA87 2 KB
3 KB 141ms
18ms Script
text/javascript 37.157.3.28
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/adfscript/?bn=57588194;gdpr=;gdpr_consent=;click=https://googleads.g.doubleclick.net/dbm/clk?sa=L&ai=CXN1lzUI4Y9ryM5ms9u8PrdWLyAmj8aLcbOz9pumOEPAuEAEg7_aQIWCVgoCAoAfIAQmpAhaE2m-4cbA-qAMBqgTyAU_QWEU68pGDLyobToGUsA0XAC9Z5LWsn7_GThwEhnlT8RqW6-X3cNULaJD7zkcgwpCaYNifpX1s3urbAK6jXV7KL_xzPNsWTYj2ZKmdw3Q4vsNWgl_soAzBArVQ2LoKKoIEgytT5QLMg6OofD42QrQSoNzojn9y8k8a7YI2FtPUyVvjuRqUhYCr1nZQiMYreRL4ZW0zQT73REyRYo7LR4qDHGrr_m3KzzIN3uYeeHpyXpjJbWCKlKPJwq3Adxegabs1z2wYSsLIRUKvLl5iLQprzdWsOcFbGqyfSxjLpuTrOs2LH7dlCuJV-RAYS2sWd0A2wATd5trmhQTgBAOQBgGgBk2AB-6b1dsBqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgH35-xAtgHANIIEQiA4YAQEAEYHTICqgI6AoBAgAoDmAsByAsBgAwBsBOwlqcQ0BMA2BMK2BQB0BUB-BYBgBcB&ae=1&num=1&cid=CAASJeRoA3_4VYO1EQZH06ETe3Lb_MXeUBvnE55Vw8yRLgRmJo6Ihlk&sig=AOD64_0rPvv5wBAgjNPGM25c06lf9_qDgQ&client=ca-pub-4627517680249670&dbm_c=AKAmf-Dw-wfdzhKsPtFX0Wy_yIKCOSZEYu0cyh66l_9Qjf6G2a3_r5jub1ceE-PAnJ4imxtDByORb8IuYOZQGRwWDcs3mTf_x72hW_j1NapLUq_YNybljISA-Nq4bFVvxL15iwZ7A4UnUhFS0YfomIc3LTGQi4ARyUGNbqdimllpiiyKSDhKydQ&cry=1&dbm_d=AKAmf-BXQjjhWF2PChOv1HJfDoJ976VNqQPBqZNAixNGBOPxxeEQmA9h05dz4D1CQH8tG-57ih758VT2IK4pEaxHL-H-vSjcVpP9IYe8oevvLDqQBRVR_hIiAakjKluYytk33knJtUOZ9XZ3MB6_E7CqVukG0JZLlS_3PpqlpIeRVl6fwLJuiID5jP5tssnnUAeNVXFj10iHRYaky1Vj9iamPK3QD5T5KOYyTtZZ5auWYHR0GYvLxvKGGrFCepFdARJdW51m2MsmTMui3k-Nmf6UangaIAHV3pM8r2RjUnEhXVZ7PIkI1wsAw3YW1LYa-C3UrWvo36jQTzgi7R763sTLnwnYw77Q1q_eyS2ISZcYO80JN4tHoLSPVxmz5HByQDsNmwHu4MTRHdH89EDYx6zEgM7TeIbju-2r30m9Zd4JbuQfFvvhSYug1CVh0arlJsFxN7Zi5TQyyGZt8X2yFF4zQA7u9SgMJXw_QCteTiIoWIo9H0MpEYU7ksK3lZJW6nuBTnNuXMo0WqfHWdMm_vNyxbCR1QycRp7dgQD7ZqlRXol6GkoaI0f5aCYdAFZcgcFTTpNxVfkcng0OJAT2QsSvj1qlCsWhpVdwHK64XjwPL7wXPRcPYM6SxVzZi3-UkiSN26gmBM3u&adurl=

Requested by

Host: b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com
URL: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.3.28 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

c85583bca34f5f394dbd963addf48596d70e99f1c84827776e81277a564927eb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 01 Oct 2022 13:38:23 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
cache-control: no-cache, no-store, must-revalidate, no-transform
content-length: 2349
expires: -1

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220928/r20110914/client/ Frame AA87 3 KB
1 KB 29ms
27ms Script
text/javascript 2a00:1450:400d:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220928/r20110914/client/window_focus_fy2021.js

Requested by

Host: b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com
URL: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:806::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Sat, 01 Oct 2022 13:22:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 946
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 15 Oct 2022 13:22:37 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220928/r20110914/client/ Frame AA87 17 KB
7 KB 31ms
29ms Script
text/javascript 2a00:1450:400d:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220928/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com
URL: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:806::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

86d8e892ceacd8c8a7e7125c68dd0e1b311f8399871b6d64b8b6795f0235c1d4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Sat, 01 Oct 2022 13:21:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 989
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7559
x-xss-protection: 0
server: cafe
etag: 15289875785628835784
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 15 Oct 2022 13:21:54 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame AA87 0
0 23ms
21ms Image
text/html 2a00:1450:4001:82a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSLa5ZmUeQMoGrr0R19E5HyEtqTTXXBJLMwXfeUgEPOri-U_-hbkfwOaRoMVK32DaqXAPI8zFklCu9NjyTdy3VMr81WWw
Requested by: Host: b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com
URL: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame AA87 140 KB
44 KB 30ms
28ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com
URL: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

da8438b81e390283f6eb8cc9cf49ccde3d00c954b4fbccdf6372c162c4b58ab2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Sat, 01 Oct 2022 13:38:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44530
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1664365478704152"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sat, 01 Oct 2022 13:38:23 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 005A 466 B
301 B 66ms
56ms Document
text/html 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CL6WcRCwifCiAxiE8MHIATAB&v=APEucNVx4JVKDpTYjwwK_xcXSMarL2QDJjZlZHuUYyJwNWFzMirI5km1doBqxkAvjDtpLopGrOWhwEIiuiGLvfQqIBa2dvsd7icSbc04rnYITAerI66MfHe6yMeCtMjrFTMtsRHbIJ6_FXA6W1p_45DacGwOR70RFx0PYBcTxdXQ-uEoMubMXdg

Requested by

Host: b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com
URL: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

37ab5c060ae53ccda75b8bd212d874a17650f7954b11c4e31f568990ab40196b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: gzip
content-length: 280
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 01 Oct 2022 13:38:23 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 4ED8 78 KB
33 KB 209ms
208ms Script
text/javascript 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DQQeFR5Ol4RzoUxri05X47FLaBqXJmihL81BBB1LYjLe9YGj-FmM5ohvOiFlOtQSIASqFVBjvdREXNgkp6mXR0SIPzCg&cry=1&dbm_d=AKAmf-AIokVgTHG5gyDM3EebwWGcC9fTn7g94ahjJ9VLj0vKDrFQBS20vCKs7kQs3bmmf0MWN-NEQMsSpsAX8NUDGWQThnZSfJ4qOkLqwxw_SQninV9oCHIL7c70XLPe6gNfQ1WM4hrcNRhFyVmFsQ4YhcTvyB7-AvDxKhi9mcgBrtypEjXf-0uzxHSZw8vJPAGaGF4ret4QWATAMrFq9HMNIDL4WpMfp-GzjEp9QtQLHK0wRSHUv59cdySOX6H9tsc28P-jzO464BDYvZUUKaEo3119dGEtSKbcf2Lua2jp1xNE7OF0piZucXpkXLKNbzCdtXBTvDTkrWoBRCqKN6zw-jf2O3PmxmbmFQPYrSS4RbQliHK4YS9E9qkcMN6vJ3c_Qb79B-YAEDAmhmNUi1t0Q35wunRTYOzSTfgggaMuprZci_c03Cyo0MuSni2mkdk0wY1uLQhWHCKRriofwEa3O0_tQmitDVE_aC53sOPDEk_kqFhyyfLd8jaW4tZyaqamFxyiq_OwUArHqAVNvvgECqOtIsEE0tKE9fQLwXC5JhvuFszMrUFz070up7UqIGYVAXmD6mz5Qmm340IK_Hl_W-7IHs1SJHi4qK0RS4VOTq65_nuRrHpshO-oIm2HAuYqvHHkKp81Lx8AOWw-o-ntpBg_aGUzY1QQjobgj4dYQJmwe4aKTVLFcKcht651EvuJ8cuXMVt3Z9OHbN0O6ia4Esbj4mhrYLmiac8PUVd0rBD4se1ejG32hKwPJpB6GJJmSPo3qf12MVhxmRjXCEXYMNOKfF20-ZLEtE5OxrrGS2RcukR9JNl9aLDJI9-t9QIXuSDbfxHLQMEv_ifKOurZW2AlpSi8BzxmwC3kKE7RDhRbyxciU3fgeKCHuZjgX9ABGkUcXgrwfovbX2R0GtMWfxhuYtZI6tdCLaohm2qSwkqegC0-gO5m2w79xa3b8Be1BqgbEAfeR4VPkzZfsQxHzHdPSpUefY21w3GO1JeOPYIxofF-shb3ofsI4nKzkBX8e2hGPjs3t4n-9SpPun98dk16WQ3lTSbyX2oVq4BjZ4RP43Sp3ZFX7WHfl26wJ3BMO66Ev0ZwkOwBbhOyrZuADg104gSAxFROh9kAuJAInm27hZ3s3yTmm4g41MRAIrD6x06pofjVPYv88eYkNz-RXwmE0GBpONXxCvAdrQKVtBTuAYuogVUaUd4C1yQPwUITinHzUIsVmvK0sqUmxeI6TTVtwBzUcbRzGtqpg--uwMMaGeMB66ZrFao6dNiOhSIrfaeEFE7OvXuujj06lUbz5LFTne65gl-3DesHfGf1ZeLAl1TDAlNovj_aRH_tf_7-_2WqkvJWaM8qcO_HZiUGtrdDorlmPSdmCp-TD6DFduPKDzKDNi--SJjvGAOmVVOIWyvb5vVfWrSW401zw6xab7wQhUGvnlWcp-AN3rZhEN-OixOQKZYhMzrmWGK5m5DxBJlp_6xk2tRCHfCewYc8JwMC92cNbr8CMq5fMvVk5dE9CVHtBwueBfaA4WOeeaQB9jYNDB6OTcx-y-RrJaQhABuQfUmCylc7NtUAHUfa8PTOOTws71RUXaNTzTWscAI8XU_RaE4qVbVsSEMqoE-tAiHn6K5BuQksMc9umauIidtUr5koYabzQ9iGGDvF9hxh1sHelX4eQpf9ZIZZt8ME40Z2WCDBZQzGHEATOk8dQy-EQtCvMdkCIX6q3ULiHGk2zF0c7GGIRW9pn7QT-fNs1MQ51zMDTX3V7D2J6mxKYw8AD0QyBgWzc6bWesRdHSVFBxqT6tE6Utv95P4AobCyDpK3NOh_uFVVdqSsclx0kdAaWszTIw0W7b-v9zT3Tkxp6hO5m0vJ0ehXut8MaOc4H_GHb5IGI9UAvQag0OwDOQ6hF8j3nc2VnNMVY_PVNCVeySMrUlwM6iWWV-aTeSOTXujYvdnYSftxd47d7C0_V1ORf6JCEoi8pzr7Lml8x4KwZ5OR1XyS-pX2JUlyd5WWH2jlmu22Y9WsmsC6Vr8IarWZ8CtioThU2hqgw2yuZW77XUzNDRA7Gkvm_1Lkf9Yoo0Ke0eHwbt-2uHQTM-XKTC3ip5straGufcPKM0bHDU4xFMHFJi-BtMz1umeV43e0Mv9XZ_RGgXMUY2EpdlMcHGQdGCz0jUWDK-b_F0-85zA6VIUCVB7hO4R6rqpm6jQ7qp-rJTrlO8BmU66F4OUSNbOEowQ2XoG5m3oyg4BfBcQvrDx2fmjHwX0E-tkhWIaVaeproB6qjNnx260vdCEPONzRMnsNbOaxASRDCyBIH2A8kuWBwSWNWkztRZNlmfECtL9_CmSmW5NCMqt8R-zOAgaPy_PGvz8kBU5N03SuhgGa-pJV18nuPe0Gp_Qj6R7MuMYi5TKubNkuly_ZQD92lJp-GMg7xuL8UiLP1Q83GaajFlI-CdSmRwVOcmpbDvdPqitCHUJqzC162EzaFCjIolt8mZxTJLnz4SUPTihzaTVUbq3AA08L3-FzsieGMdNoCZS1VLtrgCPIf2XHX-HOac_brDF-qxM3tZvEMU45Np_KWBh--Gx92TioQ0touEgOxvOB7HNySka9WOjNoftMtA7VUjl-oPBDbqo0X-mW2LsNr4314xkaqm6An2RfRE2Ac9KtNeeqLpwnFX_06wRSLUDAju39p9e40bhSxUIaSvD6NvO_cq2oh7h_dG_cPD4vO4MkK-xi7l388TTNv5nFq0E95sXjzi1rNa6syWRNpjlWh64_asAkqLP8BnEr1vYv2kZr2fYTARCdO5Jaq7ssxRfE9JuR3sLCTPI-2G7ztCVyzQZ96bv9-IYT5_hc7g4sAZBrqIstWJRgd9KPKm_k14Gh_mdpV5x3hcJwtzm4tVlnYwQLsQ07NUzjJx6NVeDds_gTo4R9iYceC4SlzG-EdQa_aKfJlA9eEGMmIBchNwSk0CZT5CRJ8qSMoDCyRkDKxpIgnQvYlbQRnxYdOHDRQ_n1KnYavJtXuIfUZDkBZAdEq-vzqOSlHAioiky0FMLt5HZS4KDydoNu5q-FYkXpaEV7xL7OIBpXYA9gihycttRe1Z8RI8OjTCzJ1yOKcLMFHd0H33IxWfPGgQz1VP5jJ6wTEguznJ6xDFCeVzBSGMZOBIDhCgz1nbG_lTcnmT7HXu9z2URLUJOOyxh52ToUfUQpS4vUyRlS0TA6N4TXZ7tprEyTMr7cH6cbvZL1vQMrUPcpo8OVDYyCqcXiZodlvqgAlNdaFSf6SuA0z90AOzgpTsRM-26i_1ns9DMV_LeEVGmSWYVwEODf3Lu64bl4nF6XxNiWYalFnEorTyBvFk2Dg-kQfNm9Q4WVhcDz84g8JCfBwNPUkg3NjE-vbNWpQsOl3PLGgHI&cid=CAASJeRoxhPD2yJRWf2AyF0CPpQeQvaIp-BAVGTAsk36U6Sh-IsQ8Qk&rfl=1%2Chttps%253A%252F%252Fwww.123greetings.com%252F%240

Requested by

Host: www.123greetings.com
URL: https://www.123greetings.com/events/national_day_china/?utm_source=eoct_nationalday_china_remail

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ce4037c9f95f5008b2edf73ce9edbf58308ecbf03c2fd724a3e33c0c2a822f94

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 01 Oct 2022 13:38:23 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 33859
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 4ED8 42 B
63 B 71ms
62ms Image
image/gif 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-DY2GR2u03EfA31643orVDD6IZWKeuWWwt7F1FAUBMhIzvp8MaGtj7oHTymx445VKM2Tbd_aLDdXsg53XJRXp-WaETWJtaqZLy4bH_qUnqkxCmxJX0

Requested by

Host: b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com
URL: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 01 Oct 2022 13:38:23 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220928/r20110914/client/ Frame 4ED8 3 KB
1 KB 36ms
28ms Script
text/javascript 2a00:1450:400d:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220928/r20110914/client/window_focus_fy2021.js

Requested by

Host: b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com
URL: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:806::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Sat, 01 Oct 2022 13:22:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 946
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 15 Oct 2022 13:22:37 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220928/r20110914/client/ Frame 4ED8 17 KB
7 KB 37ms
28ms Script
text/javascript 2a00:1450:400d:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220928/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com
URL: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:806::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

86d8e892ceacd8c8a7e7125c68dd0e1b311f8399871b6d64b8b6795f0235c1d4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Sat, 01 Oct 2022 13:21:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 989
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7559
x-xss-protection: 0
server: cafe
etag: 15289875785628835784
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 15 Oct 2022 13:21:54 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 4ED8 0
0 33ms
25ms Image
text/html 2a00:1450:4001:82a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaTTvlQEbZHbYpSGQRa-JJHoZY1B3Xg9Pa9CIV8KnEuGahdKxcc9q2j6J_2E3qk0u2KqPTzAWe8kWWHdJ4_Z61L1RO8I7A
Requested by: Host: b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com
URL: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 4ED8 140 KB
44 KB 36ms
29ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com
URL: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

da8438b81e390283f6eb8cc9cf49ccde3d00c954b4fbccdf6372c162c4b58ab2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Sat, 01 Oct 2022 13:38:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44530
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1664365478704152"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sat, 01 Oct 2022 13:38:23 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 14F7 466 B
301 B 61ms
55ms Document
text/html 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CI-DLxCv7fgBGOrU4NMBMAE&v=APEucNWwyOF2HDlYunymct8X-oWObA0Wj7CR2cmFgHP4ock2FSvaFl4iUJF0Vgke7L8ISWjT6CLoJnnZH7IcsIJduPrbYo_U5JmPVXAjNY6OwREuWXGkSg0Wl6Oz4p38Z3PIOkWCMPRrA591OA9gMTxqOYDm-qe1ov0qk6oIe2lHF9rofzwX3KE

Requested by

Host: b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com
URL: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

37ab5c060ae53ccda75b8bd212d874a17650f7954b11c4e31f568990ab40196b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: gzip
content-length: 280
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 01 Oct 2022 13:38:23 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame FCA6 27 KB
16 KB 220ms
214ms Script
text/javascript 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DrQ08kSkhbMlYbDzX6U8lZ0i_NRbY4NwbFCNNDatRN4KRv4-Odcn1FFZXvyjTWmTX9LsHSMN0X3cFGsGm8eqF7gzwYfQCtQzfduK0pTQVFv_vMIt5JwObfWaKfl1ZblbmHc4B476858YImS34usVUI_lN-drg2_2cpQ2LOiQeN4l2c9s8&cry=1&dbm_d=AKAmf-D-KbcRpm3RGYXmDF8DKEyhUuCU9bw-v8WrjFhqU-2O_u2fkPB_usZwwz56kcBH8pbUCHqxG7CZVZOKPtK0LnMhw_7xqvrv-CsLYBLdXw572p19EDvmHQI26gGx4rUiBB26NnGoVm3ZyLILXgJrFIWvNqLDf3FT9ZGZ2jKoNs4IWA6gXRFVyEWbBisfDz0pBwWkAqotj5UUJ2UY3nE4XGEEpQYW0-MGNW6sNl3yrl3BliOf_Zlmlw2cm8jH7JA5B1otjXSNkJCAm_MuTf8wvw-ry3-ULzD7CPzgYpgcTY2VOxHqgn0lvsPZF94N5ovTDuwiFtNRVU2t9pgwE3zqjPsSpBUWef-EU0prMUEv0OXYJyIrBdpcHMtm44pZj81mcnTL1WisqRPaOsg9q4Y4cXZ_uUFWLAkRZQCtEYCMYlM7kYmVaSYt-t9edjUrcZ9rgCHtkO8-xBgvPNZpzW4rcSL75NElt4BuDVQt7cqPNoAyH3sQKliUt-lb6eHjeOSc8Bi1luNIHRsYKh3405Vwl5KbBPzxmEwMTK0YjLM47jZUQESWXPBsD-wYWY35dj8gLJhCmpbi001AVZ3tkprJeN1roVqSj31iSedwUpEvPgvFlnFxBCnEqyaxHPsJgcAtt-nHryr2wfyF8jonV13XTUrl7DwTIG7jtPZga_tupl2Ws9nIn9Trl6qsXPG73QrpMoDMha3hJZOyQ9DSiH_9J92hNio336bBFKL6ZX8Lg1QrK0FG-OEUoRrg09amaQSPb2RAb5jq3tpVV9C1pvNk_n0fvL3kfgATx9uqZb8Ue-xn_uSsYiKdFhGqQAWjU6W0K06UvU0L1usOyMj3V9C3ichlnIe0UxRPQxuN9zX9zLbvhKkwuSxpNDIIbzfn7ne7kxll4ialmPrr5RZaHyvhf0AstUAAly-VERk8MaB8R4Nyxr6HOKjcD9WS4Uz83Vj9ycWGiYBVVE_XAYCHCU9qwII8U9zOdYxSO_SQz6wYiKmSqp4pPALs9JyQV-io8aRH6zUdms0j_oYumq-oDLSd8yg1BFx3klElEgx98UFgZqQnFe1IN21kSFeCYksXmeNJgIocLbbm4KnhFM0p6K2n-SRj91Ko7MKZQ5cVqreR63j6GW5rO2EYBUfk_Qvv1L3y5oTCxEylM8UKX_00gjaQCcbtDGinHp7Pdu7DSFhUb5nmwXsZ83wcZ64IJx9c7hyL7LCloXTOOkvrIdfl_3bikIVZ3JPiOtF-odwO7-2VOG7p4xBVfQFqje9IG27Tj3a3D7lYYePSBT5r5_NfH1rX5ZheQJiXsgBxs9ZJeJXP0ZRocAR5OV3MCg3YCqRHDB3UiRcS-FDpt1A-VM6pd-KSXRHETCRg0Rb7PmAaXzyMsP0ENckvl3h_b4_sQJuyMy8AC1_unP7t1PefzeMbpdJtxviEqjGEXJsuESyO7F4dp6S4elFm2kwa3WflG_pitMTugEn_5xoHzOn3IGH-k-qAAzNCE2D6a3k0rx7mt4Ij26w_Tsb8lfx0mn-UN1JnjR_Khcuhpdq2M_wtiv5KWQBmCQBUaAgKq5B8Tb_Wzb0ki8JtsRdfNA66ziafwHdw2QRXyjfY3x-PB5dpbfqNk5WgV-0jt3lq2SO9xT0XiWfnTh8LZSIvIHPTv_9TDg4U8illjqoICbyxmocFiYaKUM6sNXJBnt0BBBkVtoZgFaE5mXfoVTkHoAzoQqzQ0iPDw_3eB9PR7Wzx_NHoeG7CCZzqfuwYctM2EDXlJOLIeuRpZ-lYCYTfP7_PRAwexI6tGxKe9L8rivbu7ARr3LiAvh3X2OU2pp00Axl8FVCAcJrD6ss8Xs0FWfZNpI9BRjZ2XaE9ZnxzQQodecyPoF0jMa_Aejg2dkHVuD3dER7NNy-2-s54RVYjZGj0drEXKkjTxaVzi3i9eoeAsaV65_4d2UkeKImlv-BkpKFQFabvJlo8KAkxFls4_Gxh__pO2ZxnLhxiPWyZGiTyscByvYuYiElgDTFywSTesCjOcgw8L8Y3sCvNkMsVBAZ7sjSkmcylnf2HFHyIhPM7HsODt6SfilGbZsgOSxzTXg42Zzh-2CQBnJKbIm2oPBlnq3iCgNIcaEvq496QxlpbUbOorj00yCYTxI6169BHKvvEoFrkbduJmWHegX7zLOLE8OpFqFOYNmVFAZU9BKCH7Js7FWxGKS2qaO9dK2n8xmyv4wGTirtS5GyzElkyzMn8JcU9YuZ9O26AgTEs9Zm1tZwsQoont0EXASLFd2V1qaB1qLIUKnJYzU2Mfevzk2XrWJ0BpRW7_2KEL2QlHKPVWMNx4SqfPxf4eyd6YpeI1mhOqczwSDQzjZb-dzqU3OkZSbXFeF-ubY7pR5aaCm2Y1NlgqrHx56sZ5hvYUqrnJETiDTtWWk61m590i7NyxJAol-gUQXsRduHAEO3FOpl1IfQIAsluyPr6p0oyvKxA1HsnJFa0AZ27L3NN1tR7NFYI1TL1rxfd4i5g3kuXHTrTym5EBQlYPuVyf7FX-h6gYVZlCslaCyCUYVSvvFpidmg73gUxz5UgFI7duT-zn8Ye2yB20n_A9g93jMnm1cJaAIr9zj7b436FWqKViiaKkM22Xk3NmNrt8dbeZQ9PnZrSJ-NKT5Te6sCdXEPfUH1x6e2PPr4NHWCCIkwLlXM-8asmZpRkepk5Y9L12G0fRPt3vtmSK0iEfkjwfVQmxeLfo2qmL1DLyRqXbqyqIab_fn-twzAGgHczOQRGtZFu5dku-PaOGe1KmYfxHNe8z7oU9_wsdM9IUscyBkxM-GFICdeWuJNAbLCuWIAvLEqsHtKRWAFfINJahaMZatLa3OLSWsQHIO6b4010Mb4jHPBY6-nCotiEK9PJbucqlLD-PHD0dgHL3nwcRDt-ny0jGfI0PHBWhd3JvsYephZeuBWMC_N9M2V6FUpPbj2ims5AQxurTqzDy4AVvzcnyvYSuW7TXWnjFOsvGJnHkOJ1QaGIa6JfTEdpVfebxxgN6niLudr-EWgrMK694bU2oCDhdUPRU4DQUfQAUGLBGBbL3GL8oAkAmF_bvw7qlr878VtFJ2-XIZFptuCZ-KpPkqfWZdOFKS5DunzD26xsHVrZ3BypvIXGBSA3HgmkVcpgCYb7v0i_gV5T3ewZE9-Z4SKmYepppgxIS3TKW2yP6KplF7QUIO3HJ2CtciLomhbkBlgt02rVCaBhixU3TmYX-nS1UU7isw0Bc8I2JjjGb-VzD7OKqq9yOp79-ssgV2FwoWneSyRPtp38XbzzuMxwF1sET3v114aQzNbh5O9l9FydgtjOK8B68VM5kM0Bo2VIiIeXo1Pa&cid=CAASJeRo6x_F_ff-rWyeeOXrhXXxZEVwn9dFbwrJbvAUU6GZpYTHzAM&rfl=1%2Chttps%253A%252F%252Fwww.123greetings.com%252F%240

Requested by

Host: www.123greetings.com
URL: https://www.123greetings.com/events/national_day_china/?utm_source=eoct_nationalday_china_remail

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5dc2dd3da7e30d712b4dbbd6c6755a7547aa43880ab01799a7b856dc661924f8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 01 Oct 2022 13:38:23 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16674
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame FCA6 42 B
63 B 68ms
62ms Image
image/gif 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-A8VJdYcJ_vjp5isN-TjSG9V-4C05BAyTp1jmD96eYr36L6AnBSZmNz0imTDjqX54qy9mVkS9mtgEsgP8Pn8A_MX_Bc0BRBX6hkeGwTGECgiajJ_Y0

Requested by

Host: b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com
URL: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 01 Oct 2022 13:38:23 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 unit_renderer.php Show response
as.euw1.jivox.com/unit/ Frame FCA6 100 KB
27 KB 138ms
62ms Script
application/javascript 54.73.102.103
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://as.euw1.jivox.com/unit/unit_renderer.php?es_pId=9f38299&isDynamic=1&campaignId=159897&gdpr_consent=&dspId=DBM&bDim=300x250&ap_DataSignal1=18269839860&jvxVer=2&gdpr=&bUnitId=2000&r=1664631501850674&cMacro=https://googleads.g.doubleclick.net/dbm/clk%3Fsa%3DL%26ai%3DCB-kDzUI4Y_L1M5ms9u8PrdWLyAnJ3tjBbMify9vdEN_kor3AARABIO_2kCFglYKAgKAHoAHm497pAsgBCakCFoTab7hxsD6oAwGqBO0BT9Ce4HNOHhFVqnPnTnflrO7RyyNBarJ6B7Aj_JF19_3tdRv-taLHNeUu7zUKnJC1PIsYC8nvQzPtKx2W0MEbnER6jkBwi9sA-8O71R1ohavLpUjX91qDOa7f10WOt78MrAjtfi7ZwLAdMXMkWkT-akUBCl5OOi76DLRe1yXTHczLRr63pQEev9JOtcJ2-xm6fJok4FjB9BVujjUVXHlwWt5xNu_9JmmUO36qFfXyxdyBryluk2JyhBDu2ov7n1A_rYfTmHhW3Zf2_YtOiAv2IMl5W5OYFxsSE4t8bPz2i3E4s64kn7ZqU4LAl4USwASR1Yu9kgTgBAOQBgGgBk2AB4KcoZYBqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgH35-xAtgHANIIEQiA4YAQEAEYHTICqgI6AoBAgAoDmAsByAsBgAwBsBPG6McQ0BMA2BMN2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAASJeRo6x_F_ff-rWyeeOXrhXXxZEVwn9dFbwrJbvAUU6GZpYTHzAM%26sig%3DAOD64_0SFm02YNJ4ggWP8zr-vI5VGGWC9g%26client%3Dca-pub-4627517680249670%26dbm_c%3DAKAmf-C3PeD9duwzJ08zdFLunA_q-6Tv406ifyM94DXwTzZrbUIQvq-Dp2JWg4KmpNa1HLhkdZIqhTUUitatTGmOHNsBd6BHobZr-JkxuEZtrVK_p_NENoR7aZIfLoCS_nDb6O0qQL8p6DfjgHp_JgmcxsJtOQDrFkyjYJlyORi4ZQbxwXSQQxQ%26cry%3D1%26dbm_d%3DAKAmf-D-SAL_SJyk9A3ZN5aaLmYYD2vZCX7g0YybWwU2WjoovPJhEG5T-OgXkpEUHYy4v1y0Gc5gUFvuKt88lbWxD7-scp3oIlle9-9Tr_sPkQikOMgUXX7I3XVB0ZMxerlimYfSRiC8Yq_Z7CM9v4Qbh0a62Ei3vXCyf1DZB82TrH34z-QVKgXM9fJF0zT3ppyBHGXxEfQsk7gPqzvkJJcWAcHBDI0vkrn68f3AZgOtQni9Wvr8oUKCfVvq1n6PkoMNH4kXPiLjl4H9ji3iw1NMIENxajAonsMgkhft_xE9-7W4URsG8KPVkoYg4-fBc1vk_LtHbOCs6vOtMBniufiYEhJu3wB2JjNUyQ-yLvCiXCbYD4Nf_IsIeBGL3_PtQ4GLQUmai6GCWiwo8eU-OYp2Uog-yv1T0JJA9UmUrNMoDgR57PXV72Yy-k9XE4mQ9dfQB-mfSZ4ogmjvd3djVx1qj2Ffl518tXXcvvIjMmFVu5KsKwrjBY1ZOVHf47LYF4aA43OCiZgZ0qzgd9Hd7vyQGLgIPPGy-lTzMKM4zIHHMn3UC-gfy1vzMsdwTjWcP9tuIVDj1KjKOhN92dwT1XqrN3Fk16_tdmwrCUvPtWQtfDdd8OFBVzoa7IKfE9lx2F_tiJwS2IC6%26adurl%3D&us_privacy=${US_PRIVACY}&ts_pId=9f38299&siteId=961ee94c58df6c&creativeUnitType=20
Requested by: Host: b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com
URL: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.73.102.103 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-73-102-103.eu-west-1.compute.amazonaws.com
Software: Apache /
Resource Hash: c8b0afc3dfec0f3ae8543ce07b9368ce0f1bd95adf754ba1577a3c819b430743

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 01 Oct 2022 13:38:23 GMT
content-encoding: gzip
server: Apache
vary: Accept-Encoding
content-type: application/javascript
p3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
content-length: 27006

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220928/r20110914/client/ Frame FCA6 3 KB
1 KB 85ms
80ms Script
text/javascript 2a00:1450:400d:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220928/r20110914/client/window_focus_fy2021.js

Requested by

Host: b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com
URL: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:806::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Sat, 01 Oct 2022 13:22:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 946
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 15 Oct 2022 13:22:37 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220928/r20110914/client/ Frame FCA6 17 KB
7 KB 37ms
31ms Script
text/javascript 2a00:1450:400d:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220928/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com
URL: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:806::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

86d8e892ceacd8c8a7e7125c68dd0e1b311f8399871b6d64b8b6795f0235c1d4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Sat, 01 Oct 2022 13:21:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 989
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7559
x-xss-protection: 0
server: cafe
etag: 15289875785628835784
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 15 Oct 2022 13:21:54 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame FCA6 0
0 29ms
24ms Image
text/html 2a00:1450:4001:82a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaTJTYWiW0s2ooFSSimtn3GFcu4zZMHlKrjrZQdfMEK0wb998FKXk4ByF_nnYXFgShlGz-5cj8vdtHP4lMhcPfM2mCYZkg
Requested by: Host: b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com
URL: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame FCA6 140 KB
44 KB 38ms
33ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com
URL: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

da8438b81e390283f6eb8cc9cf49ccde3d00c954b4fbccdf6372c162c4b58ab2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Sat, 01 Oct 2022 13:38:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44530
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1664365478704152"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sat, 01 Oct 2022 13:38:23 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame 50B4 4 KB
621 B 63ms
58ms Stylesheet
text/css 2a00:1450:400d:80c::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto%3A400%2C500

Requested by

Host: b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com
URL: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80c::200a , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

46d1791d45e9e6840842ef90f192c2c6f1f4247baa7c1f32f2da75d3a05c0de2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Sat, 01 Oct 2022 13:38:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Sat, 01 Oct 2022 11:53:37 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sat, 01 Oct 2022 13:38:23 GMT

GET
H3 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220928/r20110914/client/ Frame 50B4 2 KB
902 B 81ms
80ms Script
text/javascript 2a00:1450:400d:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220928/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com
URL: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:806::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

981c0bff12cb03203363a70e8ffe9b7fdf4af3b0b10c7a02a639eb13327574c0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Sat, 01 Oct 2022 13:10:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1701
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 875
x-xss-protection: 0
server: cafe
etag: 16974406330603315520
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 15 Oct 2022 13:10:02 GMT

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 50B4 0
0 72ms
71ms Fetch
text/html 2a00:1450:400d:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CNWRmzUI4Y6z3M5ms9u8PrdWLyAncxbaDaYLUg5jTDMzHmqb9CBABIO_2kCFglYKAgKAHoAGwuqHXA8gBCakCFoTab7hxsD7gAgCoAwHIA8sEqgSDAk_QDp-NXNfn01x9IZzIPlTl-ZhTXwokI9_RKytVsF9OtTLkR8bbG62j-gN2CZsLX2ts69IaU3Txp1bZprIFDdnHcGjxzgIq2HzKp8QMCpFNwxXPO4rFFXsli5aTZsmoQWul0Wj7SnG1Br37LjmvN2qkWTQppyxFkYtMnG6sSTLZI9KTSUVzoDKKnHeefQZDQE2gFEMknR713vdfoGPaRc6MQrPZ4TF21_HYTQpH_lge2FZC53EJfcgo7fFwRC7J6x0tAR4Oaaj2QlJNyoIczyeURlZu0yzAhKuP0lrOt1rmi3kwnMgMGsPmmm8x3Av41XFVTD7yMAk9G8I25Yoj6WeG63rABJGr_eSiA-AEAZIFBAgEGAGSBQQIBRgEkgUECAUYGJIFBQgFGKgBoAYugAe_2b1gqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgHpr4b2AcA8gcEEPujCNIIEQiA4YAQEAEYHTICqgI6AoBAgAoDyAsB2BMMiBQC0BUBgBcBshceChwIABIUcHViLTQ2Mjc1MTc2ODAyNDk2NzAY_9cX&sigh=m59T-z3hOT0&uach_m=[UACH]&template_id=494
Requested by: Host: www.123greetings.com
URL: https://www.123greetings.com/events/national_day_china/?utm_source=eoct_nationalday_china_remail
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:400d:80d::2002 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220928/r20110914/ Frame 50B4 23 KB
9 KB 35ms
35ms Script
text/javascript 2a00:1450:400d:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220928/r20110914/abg_lite_fy2021.js

Requested by

Host: b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com
URL: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:806::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

dd080c89636f8576e3364bea0867f18be3a32daa72d766da336cbb80ba5fb407

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Sat, 01 Oct 2022 12:43:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3309
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9561
x-xss-protection: 0
server: cafe
etag: 483224313611802536
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 15 Oct 2022 12:43:14 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220928/r20110914/client/ Frame 50B4 3 KB
1 KB 79ms
79ms Script
text/javascript 2a00:1450:400d:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220928/r20110914/client/window_focus_fy2021.js

Requested by

Host: b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com
URL: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:806::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Sat, 01 Oct 2022 13:22:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 946
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 15 Oct 2022 13:22:37 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220928/r20110914/client/ Frame 50B4 17 KB
7 KB 42ms
41ms Script
text/javascript 2a00:1450:400d:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220928/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com
URL: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:806::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

86d8e892ceacd8c8a7e7125c68dd0e1b311f8399871b6d64b8b6795f0235c1d4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Sat, 01 Oct 2022 13:21:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 989
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7559
x-xss-protection: 0
server: cafe
etag: 15289875785628835784
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 15 Oct 2022 13:21:54 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 50B4 0
0 23ms
22ms Image
text/html 2a00:1450:4001:82a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaS726puKWbzNUAYsHqazFVNhL8OPks-VUFyWSR6l5Ip1HWaTJtvHKO4Ct3rq8CQDzz0pBgjFowXemiCmBxuNqCnpF_4JQ
Requested by: Host: b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com
URL: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 50B4 140 KB
44 KB 35ms
34ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com
URL: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

da8438b81e390283f6eb8cc9cf49ccde3d00c954b4fbccdf6372c162c4b58ab2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Sat, 01 Oct 2022 13:38:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44530
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1664365478704152"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sat, 01 Oct 2022 13:38:23 GMT

GET
H3 200 270cb447f650f22be90b4349b85576c2.js Show response
www.gstatic.com/mysidia/ Frame 50B4 32 KB
13 KB 15ms
14ms Script
text/javascript 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/270cb447f650f22be90b4349b85576c2.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com
URL: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7a0049831d92582305911a42f5ed743a1fbd56c69247dddca678d36c9d71b85e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Sat, 01 Oct 2022 10:26:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 11507
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13677
x-xss-protection: 0
last-modified: Tue, 27 Sep 2022 00:52:44 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Fri, 30 Dec 2022 10:26:36 GMT

GET
H3 200 index.html Show response
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17626451119355985920/ Frame 2446 223 KB
37 KB 31ms
30ms Document
text/html 2a00:1450:400d:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17626451119355985920/index.html

Requested by

Host: www.123greetings.com
URL: https://www.123greetings.com/events/national_day_china/?utm_source=eoct_nationalday_china_remail

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:806::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a7bf67883867f93d08cbf4eeac0485e641cb9e5b123e18bef046b7c706cffd28

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 284504
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 38330
content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
cross-origin-resource-policy: cross-origin
date: Wed, 28 Sep 2022 06:36:39 GMT
expires: Thu, 28 Sep 2023 06:36:39 GMT
last-modified: Mon, 03 May 2021 14:21:52 GMT
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame BF64 0
0 76ms
72ms Fetch
text/html 2a00:1450:400d:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CRGtazUI4Y-34M5ms9u8PrdWLyAmL8M_8a_XbvYDgD9yQ3qicMBABIIXskgJglYKAgKAHoAGVz-jxA8gBCakCFoTab7hxsD7gAgCoAwHIAwKqBIYCT9B2QzngF8eT0ckswaO_TQbV1pP1wcKANEbW29w1l3tSv6DpzfO8n-W95svYkOymKFjMKE96pZwxnycyuVxPOWa1BWihra2LrzG4hcx11r9SjIX6hYuLuflGk1aQL_c0ToaZjSijZrOnuVL16u2dGy-nHmhXyFVJsdAFGwKyC1iUYQYhZLQGswdZK8vsZoQ6YQpHqZ1V6Tpk2Gnt7MMVlNszYe2Gh7rLtQYx6rPLDWuhUFNmolbl3EfKvS9OII9vQbXgzWX1ZHaDIxgYcZL-yJQhJDXG0Q1SGsc741MTjc-iJWL_aVmxhhSqYwBNnARgyOim_jkDYItsZoz_5ytYp2qKGaHWssAExoGJkPcD4AQBkgUECAQYAZIFBAgFGASSBQQIBRgYkgUFCAUYqAGgBl2AB9Owlw6oB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G9gHAfIHBRCFhocB0ggRCIDhgBAQARgdMgKqAjoCgECACgHICwHYEwvQFQGYFgGAFwGyFx4KHAgAEhRwdWItODI3NTMwMjEwNzY5MzY2NBj_1xc&sigh=QfEThYblv6c&uach_m=[UACH]
Requested by: Host: www.123greetings.com
URL: https://www.123greetings.com/events/national_day_china/?utm_source=eoct_nationalday_china_remail
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:400d:80d::2002 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 1E62 143 B
163 B 34ms
31ms Document
text/html 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com
URL: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 83
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
date: Sat, 01 Oct 2022 13:37:00 GMT
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220928/r20110914/client/ Frame BF64 3 KB
1 KB 63ms
59ms Script
text/javascript 2a00:1450:400d:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220928/r20110914/client/window_focus_fy2021.js

Requested by

Host: b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com
URL: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:806::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Sat, 01 Oct 2022 13:22:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 946
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 15 Oct 2022 13:22:37 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220928/r20110914/client/ Frame BF64 17 KB
7 KB 52ms
50ms Script
text/javascript 2a00:1450:400d:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220928/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com
URL: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:806::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

86d8e892ceacd8c8a7e7125c68dd0e1b311f8399871b6d64b8b6795f0235c1d4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Sat, 01 Oct 2022 13:21:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 989
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7559
x-xss-protection: 0
server: cafe
etag: 15289875785628835784
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 15 Oct 2022 13:21:54 GMT

GET
H2 200 abc.txt Show response
static.avantisvideo.com/data/ Frame 4948 10 KB
4 KB 78ms
11ms XHR
text/plain 2600:9000:214f:8c00:8:9ed9:9c40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.avantisvideo.com/data/abc.txt
Requested by: Host: cdn.avantisvideo.com
URL: https://cdn.avantisvideo.com/avm/js/video-loader.js?id=1c35f5e5-f7c0-4c97-8283-6c9f94ba8c53&tagId=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:214f:8c00:8:9ed9:9c40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 418daae1b2eff2e9698e406734dc5b7ddbdc01149ad02918412fd7d4860b30d8

Request headers

Referer: https://www.123greetings.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
Content-Type: text/plain

Response headers

date: Sat, 01 Oct 2022 11:16:16 GMT
content-encoding: gzip
via: 1.1 25ffb5a941b5a46b102cd385a9cdbb50.cloudfront.net (CloudFront)
last-modified: Wed, 28 Sep 2022 11:05:35 GMT
server: AmazonS3
x-amz-cf-pop: FRA53-C1
age: 8528
etag: W/"4b3a2ef2d865e2cd55ea424bf7296d78"
vary: Accept-Encoding,Origin
access-control-allow-methods: GET
content-type: text/plain
access-control-allow-origin: https://www.123greetings.com
x-cache: Hit from cloudfront
access-control-allow-credentials: true
x-amz-cf-id: D8NIQedPFVkChEO3Q7IUbqFv00nqevAH3hFl3m9ANKk7RrviWlk2Og==

GET
H2 200 abc.txt Show response
static.avantisvideo.com/data/ Frame 4948 10 KB
4 KB 76ms
11ms XHR
text/plain 2600:9000:214f:8c00:8:9ed9:9c40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.avantisvideo.com/data/abc.txt
Requested by: Host: cdn.avantisvideo.com
URL: https://cdn.avantisvideo.com/avm/js/video-loader.js?id=1c35f5e5-f7c0-4c97-8283-6c9f94ba8c53&tagId=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:214f:8c00:8:9ed9:9c40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 418daae1b2eff2e9698e406734dc5b7ddbdc01149ad02918412fd7d4860b30d8

Request headers

Referer: https://www.123greetings.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
Content-Type: text/plain

Response headers

date: Sat, 01 Oct 2022 11:16:16 GMT
content-encoding: gzip
via: 1.1 25ffb5a941b5a46b102cd385a9cdbb50.cloudfront.net (CloudFront)
last-modified: Wed, 28 Sep 2022 11:05:35 GMT
server: AmazonS3
x-amz-cf-pop: FRA53-C1
age: 8528
etag: W/"4b3a2ef2d865e2cd55ea424bf7296d78"
vary: Accept-Encoding,Origin
access-control-allow-methods: GET
content-type: text/plain
access-control-allow-origin: https://www.123greetings.com
x-cache: Hit from cloudfront
access-control-allow-credentials: true
x-amz-cf-id: 3XhM1nsX8TeO4cR-5mkaBE9juCzNI7Sckffcf_QqgQrZUmcpv6j5kg==

GET
H2 200 abc.txt Show response
static.avantisvideo.com/data/ Frame 327B 10 KB
4 KB 75ms
11ms XHR
text/plain 2600:9000:214f:8c00:8:9ed9:9c40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.avantisvideo.com/data/abc.txt
Requested by: Host: cdn.avantisvideo.com
URL: https://cdn.avantisvideo.com/avm/js/video-loader.js?id=1c35f5e5-f7c0-4c97-8283-6c9f94ba8c53&tagId=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:214f:8c00:8:9ed9:9c40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 418daae1b2eff2e9698e406734dc5b7ddbdc01149ad02918412fd7d4860b30d8

Request headers

Referer: https://www.123greetings.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
Content-Type: text/plain

Response headers

date: Sat, 01 Oct 2022 11:16:16 GMT
content-encoding: gzip
via: 1.1 25ffb5a941b5a46b102cd385a9cdbb50.cloudfront.net (CloudFront)
last-modified: Wed, 28 Sep 2022 11:05:35 GMT
server: AmazonS3
x-amz-cf-pop: FRA53-C1
age: 8528
etag: W/"4b3a2ef2d865e2cd55ea424bf7296d78"
vary: Accept-Encoding,Origin
access-control-allow-methods: GET
content-type: text/plain
access-control-allow-origin: https://www.123greetings.com
x-cache: Hit from cloudfront
access-control-allow-credentials: true
x-amz-cf-id: sjSBXW9AUMfEa60y9_zjXSqKvZEuDNJwOO2inXaHcR4o7NVEIwhPyQ==

GET
H2 200 abc.txt Show response
static.avantisvideo.com/data/ Frame 327B 10 KB
4 KB 74ms
12ms XHR
text/plain 2600:9000:214f:8c00:8:9ed9:9c40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.avantisvideo.com/data/abc.txt
Requested by: Host: cdn.avantisvideo.com
URL: https://cdn.avantisvideo.com/avm/js/video-loader.js?id=1c35f5e5-f7c0-4c97-8283-6c9f94ba8c53&tagId=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:214f:8c00:8:9ed9:9c40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 418daae1b2eff2e9698e406734dc5b7ddbdc01149ad02918412fd7d4860b30d8

Request headers

Referer: https://www.123greetings.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
Content-Type: text/plain

Response headers

date: Sat, 01 Oct 2022 11:16:16 GMT
content-encoding: gzip
via: 1.1 25ffb5a941b5a46b102cd385a9cdbb50.cloudfront.net (CloudFront)
last-modified: Wed, 28 Sep 2022 11:05:35 GMT
server: AmazonS3
x-amz-cf-pop: FRA53-C1
age: 8528
etag: W/"4b3a2ef2d865e2cd55ea424bf7296d78"
vary: Accept-Encoding,Origin
access-control-allow-methods: GET
content-type: text/plain
access-control-allow-origin: https://www.123greetings.com
x-cache: Hit from cloudfront
access-control-allow-credentials: true
x-amz-cf-id: XuaS_IqSsoqY1cWJu219GpbCAI3XlfJuCkYI2Bpr8wUc_HifjibWEQ==

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame 2450
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKP4s4JfglXJTFpduzunfJg&google_cver=1

43 B
881 B

72ms
53ms

Image
image/gif

104.18.19.126
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKP4s4JfglXJTFpduzunfJg&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CL6WcRCwifCiAxiE8MHIATAB&v=APEucNUrx7-NSikbe1mO09OGBjpVzgGu2ud9Vur-lUPGWO4xPbyTX_xcrP2pI4Dp1vQkSha2QDSTYtXiAE0h0vPORzxcKef9unDi62jQ35AC1zaAWqnPOLp0xO88i-rwZcyyiPJw191CAhgINeuxz8otzg8NeJMgGsotH8meZBSWyETgO3dSPz8
Protocol: H3
Server: 104.18.19.126 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 01 Oct 2022 13:38:23 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7TZgB0mDvNmGexFQS1iQBZzjRU7C%2B9OUNm3G7jJUoY3Is9503%2BCbbQAxtK67sfXunWjmwbdMH0bPUiY6XJ6QWypMQ9qXmYoxyNy1JcX1fPw3blx%2FHo0Jptc%2FZVg40TJJLw6LLANOcQ2f5A%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 7535992f0f615b26-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Sat, 01 Oct 2022 13:38:23 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKP4s4JfglXJTFpduzunfJg&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame 2450
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YzhCz-ry9XBwdZPxX9EfRAAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKP4s4JfglXJTFpduzunfJg&google_cver=1

43 B
840 B

51ms
51ms

Image
image/gif

104.18.19.126
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKP4s4JfglXJTFpduzunfJg&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CL6WcRCwifCiAxiE8MHIATAB&v=APEucNUrx7-NSikbe1mO09OGBjpVzgGu2ud9Vur-lUPGWO4xPbyTX_xcrP2pI4Dp1vQkSha2QDSTYtXiAE0h0vPORzxcKef9unDi62jQ35AC1zaAWqnPOLp0xO88i-rwZcyyiPJw191CAhgINeuxz8otzg8NeJMgGsotH8meZBSWyETgO3dSPz8
Protocol: H3
Server: 104.18.19.126 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 01 Oct 2022 13:38:23 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=L9Bb10wd4Iuj9J9UJ6O0xt73emDSJOMFTkA1eEAyaNLtFDl5%2ByriiOrEE0FF0bMYJKFQ28cce3Gtae7wvpxcshfHFuyQxZ1LvQhHtQrY8snAERry3QJGob%2Bl6OQbbPX1UfF4QXpcFHZSpg%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 7535993059615b26-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Sat, 01 Oct 2022 13:38:23 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKP4s4JfglXJTFpduzunfJg&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame 2450
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEIjWTynNO09YIV4iw9ZSA-U&google_cver=1

43 B
1020 B

22ms
6ms

Image
image/gif

37.252.172.250
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEIjWTynNO09YIV4iw9ZSA-U&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CL6WcRCwifCiAxiE8MHIATAB&v=APEucNUrx7-NSikbe1mO09OGBjpVzgGu2ud9Vur-lUPGWO4xPbyTX_xcrP2pI4Dp1vQkSha2QDSTYtXiAE0h0vPORzxcKef9unDi62jQ35AC1zaAWqnPOLp0xO88i-rwZcyyiPJw191CAhgINeuxz8otzg8NeJMgGsotH8meZBSWyETgO3dSPz8

Protocol

HTTP/1.1

Server

37.252.172.250 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

538.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 01 Oct 2022 13:38:23 GMT
AN-X-Request-Uuid: b5b4f82c-f081-4ae7-a63b-1685dfda3d42
Server: nginx/1.21.3
Content-Type: image/gif
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
X-Proxy-Origin: 178.162.209.140; 178.162.209.140; 538.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 01 Oct 2022 13:38:23 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEIjWTynNO09YIV4iw9ZSA-U&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 2450
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTQwNzQ2NTAxMTQ0NzM3NDYwMw%3D%3D

170 B
188 B

25ms
24ms

Image
image/png

216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTQwNzQ2NTAxMTQ0NzM3NDYwMw%3D%3D

Requested by

Protocol

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 01 Oct 2022 13:38:23 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Sat, 01 Oct 2022 13:38:23 GMT
AN-X-Request-Uuid: 4c234600-6caa-4850-b0f4-a375640f472c
Server: nginx/1.21.3
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTQwNzQ2NTAxMTQ0NzM3NDYwMw%3D%3D
Connection: keep-alive
X-Proxy-Origin: 178.162.209.140; 178.162.209.140; 538.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame DF86 0
0 74ms
73ms Fetch
text/html 2a00:1450:400d:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=Cy3KazUI4Y8j6M5ms9u8PrdWLyAnJntKxXNWdkfdwwI23ARABIABglYKAgKAHggEXY2EtcHViLTQ2Mjc1MTc2ODAyNDk2NzCgAdW20uoDyAEJqQIWhNpvuHGwPuACAKgDAaoEkAJP0CBv6C7YE6JV9E92NBDNLVOsc-95kZrpZnWZiyvsShWU-q4xN7yePSPu2Q0HsDjqoh5oBF7xke4hvY43aPuMbsDVb5Yr63OPgRzcsXkWnomGxhBeGP8qeim1LR8zo5qKj3L-od9rAzOCzZrMhBmKrIMmLovBQslmlvmr6RgsBuzmCK3FDShAEwcxGhXXk1RR1in5KFGGQEsU3Sgmxg79v-uMZttpsorZR69bgC06--_L0u2VpIbA3SqZdEt_3dpChhHQfVYLmu8ODTvyhipjtupV7Qa3FwcNT6z3HBBEDb_tprTpK95Ej6WOq7Qrd_CVzDQrfZCsesbQnLoS9znI2ELP4mkaPhOB9tZmXZ0WO-AEAYAGx83PmN-e7an5AaAGIagHipixAqgHpr4bqAeW2BuoB6qbsQKoB_-esQKoB9-fsQLYBwDSCA8IgOGAEBABMgKqAjoCgECACgP6CwIIAYAMAdAVAYAXAbIXHAoaEhRwdWItNDYyNzUxNzY4MDI0OTY3MBj_1xc&sigh=eThHiZCnivA&uach_m=[UACH]&cid=CAQSPACsnQUxMKkbv-b0i6LO1ED05QuH6mXtfDw1l7K0WlAgLzPLAW-a6AM2X-roWodBANTgPLGjsUi8CJxMjRgBIBM
Requested by: Host: www.123greetings.com
URL: https://www.123greetings.com/events/national_day_china/?utm_source=eoct_nationalday_china_remail
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:400d:80d::2002 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

GET
H2 200 notify
rtb.fr.eu.criteo.com/google/auction/ Frame DF86 0
0 85ms
16ms Fetch 2a02:2638::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://rtb.fr.eu.criteo.com/google/auction/notify?profile=14&payload=k5CTFOv_CsoH-gGdg2ICAgAAAKFRO4yZdx9SCxEQkCvlr5wQzUI4YxpSCP1mB6E0D_PBABIAAA&wp=YzhCzQAM_UgH_ZYZAALqrctNBTMJyJEH5Ahrwg

Requested by

Host: www.123greetings.com
URL: https://www.123greetings.com/events/national_day_china/?utm_source=eoct_nationalday_china_remail

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Sat, 01 Oct 2022 13:38:22 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
server-processing-duration-in-ticks: 231527
content-length: 0

GET
H2 200 afr.php Show response
ads.eu.criteo.com/delivery/r/ Frame C3C4 97 KB
32 KB 305ms
63ms Document
text/html 2a02:2638::b
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://ads.eu.criteo.com/delivery/r/afr.php?z=YzhCzQAM_UgH_ZYZAALqrctNBTMJyJEH5Ahrwg&u=%7CV7vn0Sj6RC%2B6uZdn3cXIlWMM9ozbHgZ75C8%2F2VpiU9g%3D%7C&c1=0n2XosTo5ckbeNFvq0zVIcsyhyT3WKD0PIixkNz--ZUG2JILUkurhaVHQ6RkVc1uRRN7U2tIy91eSjxqsgku4zScXubwwgFA9dk29Zm2lIQWTyuXovfxFJXKQPX9ZuPh_8aVuOUk9RJWqVY5XqAmQLo4zffuSaoE32JK_e53BdjIwc6dRw09V1rd8eN-DYEiIXPCViDn7D2BtnzGs1jM3crmWLPvXtoTrNn7Dmq_6gKS5XEeeK5HjL6Eh69hg1qNeMbQCSLnNmHUwu8HRQH6ogumh0hA9AHrC6zXwW7ZpFUAUcdFENiiTe0wwqzvYrVFOHqO0ZyV6r7hyrlQ_0jOlHWBNep_EBKJ3oiFcdC1-EOYENHlWr97ybYasI6H5sCriNbNtToO3axu1BbOUQXuYkexflRuCezVzYgfeOktbssV9GBsI_N2gT5o_yjA0jIWUf-iSupyO12QlXxy2D1icYXMchAEJ8dCqnySGHs8kcW4Br6ss8hlW66szQ7xK83D6tpKNlDe6zx5gCqLP9OP5D6aTC-R90X59vPg1xYDcln3yg_Q7FrPUm91QRO7XqJBRTDbDKLlKriJPTWxDVByPMIF7j71GGZbck_rGm1xnAUOdwsdNsFFGaui3dLsdSKewgLZHDd-gjs&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCt4DfzUI4Y8j6M5ms9u8PrdWLyAnJntKxXNWdkfdwwI23ARABIABglYKAgKAHggEXY2EtcHViLTQ2Mjc1MTc2ODAyNDk2NzCgAdW20uoDyAEJqQIWhNpvuHGwPuACAKgDAaoEkwJP0CBv6C7YE6JV9E92NBDNLVOsc-95kZrpZnWZiyvsShWU-q4xN7yePSPu2Q0HsDjqoh5oBF7xke4hvY43aPuMbsDVb5Yr63OPgRzcsXkWnomGxhBeGP8qeim1LR8zo5qKj3L-od9rAzOCzZrMhBmKrIMmLovBQslmlvmr6RgsBuzmCK3FDShAEwcxGhXXk1RR1in5KFGGQEsU3Sgmxg79v-uMZttpsorZR69bgC06--_L0u2VpIbA3SqZdEt_3dpChhHQfVYLmu8ODTvyhipjtupV7Qa3FwcNT6z3HBBEDb_tprTpK95Ej6XMqZW58H8J34u3aTN8R2Aola4YQTPmwMB7KlS8zKyf2s7j9xkFhCIIcOAEAYAGx83PmN-e7an5AaAGIagHipixAqgHpr4bqAeW2BuoB6qbsQKoB_-esQKoB9-fsQLYBwDSCA8IgOGAEBABMgKqAjoCgED6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_0bLbe2Dz_SORuJ-77EVWX3mlLM9Q%26client%3Dca-pub-4627517680249670%26adurl%3D

Requested by

Host: b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com
URL: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::b , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

6a6ee3eed5f3385767ae35589e56aadaeab31d5f2984e9f0c720e9e3d3926e37

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
access-control-max-age: 1000
cache-control: private, max-age=0, no-cache
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
date: Sat, 01 Oct 2022 13:38:23 GMT
expires: Mon, 26 Jul 1997 05:00:00 GMT
link: <pix.eu.criteo.net>; rel=preconnect; crossorigin, <static.criteo.net>; rel=preconnect; crossorigin
p3p: CP='CUR ADM OUR NOR STA NID'
pragma: no-cache
report-to: {"endpoints":[{"url":"https://csm.eu.criteo.net/heavyad?cppv=3&cpp=oj_8KP8uh5_lAhvOGRi-ILXnJ9HyntLqqQH812sEBWax7ElAofhQihy2JsjX239P2tdL2oYzDTFbFo9DAYZ9n34fSL4lXqimFCLsxOUecXr63TxFMUAJzbgNaij3sqKBZUYXJFqsKLwl962I_yPhtz3FAiLQNILupndl0KDhcFqeJJNxXyJminuFPOQH2e5eT7vFu8X337tI-zfu4Y8XlWDhVLusTFmffsFT_eA_PGBHjKqp7gY8VpO-6ubZ-EXO7q9mFxfrNJJAjeW1"}], "max_age": 86400}
server: Kestrel
server-processing-duration-in-ticks: 47980598
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220928/r20110914/client/ Frame DF86 3 KB
1 KB 33ms
32ms Script
text/javascript 2a00:1450:400d:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220928/r20110914/client/window_focus_fy2021.js

Requested by

Host: b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com
URL: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:806::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Sat, 01 Oct 2022 13:22:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 946
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 15 Oct 2022 13:22:37 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame E62F 1 KB
751 B 36ms
29ms Document
text/html 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com
URL: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 22071
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=86400
content-encoding: gzip
content-length: 724
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 01 Oct 2022 07:30:32 GMT
etag: 48472445140208031
expires: Sun, 02 Oct 2022 07:30:32 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220928/r20110914/client/ Frame DF86 17 KB
7 KB 35ms
28ms Script
text/javascript 2a00:1450:400d:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220928/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com
URL: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:806::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

86d8e892ceacd8c8a7e7125c68dd0e1b311f8399871b6d64b8b6795f0235c1d4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Sat, 01 Oct 2022 13:21:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 989
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7559
x-xss-protection: 0
server: cafe
etag: 15289875785628835784
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 15 Oct 2022 13:21:54 GMT

GET
H3 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-38/js/ Frame DF86 22 KB
7 KB 39ms
32ms Script
text/javascript 2a00:1450:400d:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-38/js/ext.js

Requested by

Host: b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com
URL: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:806::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0bcac89d72d5f0b2bef20f815406384ff05489e4294acee57409060c2eccffc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Thu, 29 Sep 2022 15:28:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 166184
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7022
x-xss-protection: 0
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Fri, 29 Sep 2023 15:28:39 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame DF86 140 KB
44 KB 33ms
26ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com
URL: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

da8438b81e390283f6eb8cc9cf49ccde3d00c954b4fbccdf6372c162c4b58ab2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Sat, 01 Oct 2022 13:38:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44530
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1664365478704152"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sat, 01 Oct 2022 13:38:23 GMT

GET
H3 204 a
www.googletagmanager.com/ 0
17 B 39ms
32ms Image
image/gif 2a00:1450:4001:808::2008
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.googletagmanager.com/a?id=G-47Q5QDHYDP&cv=4&v=3&t=t&pid=1831520861&rv=9s0&es=1&e=gtm.load&eid=11&u=CAAAAAAAAAAAAACg&ut=C&tc=18&z=0

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 01 Oct 2022 13:38:23 GMT
server: Google Tag Manager
vary: *
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 327B 0
0 127ms
64ms Fetch
image/gif 2a00:1450:400d:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuKjWJzlr2LgnZcY_UucHcmt43Y8H8OE5n9BOeMmf9zZmhmiQwIEt1IG7UJpX3Xix45JIq0UwuriFRg98X8kaUc8bFEB0gujg-GgyJg0e8McznIehxcHjmxECo1_0WxyM99dycBniz4X5ShzAOhdXPDv46qQ392OyHSCtrc0YbnAi50upOW6GGHljIcOU0ARF1Vxgg6NKLwVuRImQebuUf2US8fUUYz6wUzw_EvoTCKc3yYB8LlgMpo6kMRmve4EuHn6X9W_SJXmN75e4VftWeAq-C-K3YIfWtjokHAty9FsI8AMlLphrQecPzqPljzLDaPz1y23IWMf0XhynxH-euv1WRcVlgNCK-2ElIDMDDBqcS8GA&sai=AMfl-YQUQkazAvenfdPJSdJceAsvn4DkVneCgXRCnOFicrF5j3gv28wH6fGdJTigio2Uj9mMSVznosWfbOvf1LNq7K2RYgp8cIEfxRUICaHIMThNd2zgz0jrF8Zl7LVJV1codg&sig=Cg0ArKJSzIwaWNah-XJWEAE&uach_m=[UACH]&urlfix=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80d::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Sat, 01 Oct 2022 13:38:23 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Sat, 01 Oct 2022 13:38:23 GMT

GET
DATA 200
OK truncated
/ Frame 50B4 287 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 605b14697226eeb0be6b2c11db8206b70f4c8681c3f921e4ceca4793ce1a95ce

Request headers

Referer
Origin: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H3

200

4091503581208051288
tpc.googlesyndication.com/simgad/ Frame 50B4
Redirect Chain

https://tpc.googlesyndication.com/pageadimg/imgad?id=CICAgKDnj86ZywEQ9AMY9AMyCGN8MsJOAEwL
https://tpc.googlesyndication.com/simgad/4091503581208051288

107 KB
107 KB

30ms
30ms

Image
image/png

2a00:1450:400d:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/4091503581208051288

Requested by

Host: b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com
URL: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

2a00:1450:400d:806::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fcab803c6d01082f69e5510655ca566241f3a4fd3ee7aa1506b1308e2d069ccb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Tue, 27 Sep 2022 18:04:07 GMT
x-content-type-options: nosniff
age: 329656
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 109931
x-xss-protection: 0
last-modified: Wed, 23 Oct 2019 12:45:40 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Wed, 27 Sep 2023 18:04:07 GMT

Redirect headers

date: Sat, 01 Oct 2022 11:20:30 GMT
x-content-type-options: nosniff
server: cafe
age: 8273
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
location: https://tpc.googlesyndication.com/simgad/4091503581208051288
content-type: text/html; charset=UTF-8
cache-control: public, max-age=2592000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Mon, 31 Oct 2022 11:20:30 GMT

POST
H2 204 /
events1.avantisvideo.com/ Frame 4948 0
35 B 528ms
166ms Ping
text/plain 44.241.52.146
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://events1.avantisvideo.com/
Requested by: Host: www.123greetings.com
URL: https://www.123greetings.com/events/national_day_china/?utm_source=eoct_nationalday_china_remail
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 44.241.52.146 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-241-52-146.us-west-2.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.123greetings.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Sat, 01 Oct 2022 13:38:23 GMT

POST
H2 204 /
events1.avantisvideo.com/ Frame 4948 0
34 B 528ms
167ms Ping
text/plain 44.241.52.146
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://events1.avantisvideo.com/
Requested by: Host: www.123greetings.com
URL: https://www.123greetings.com/events/national_day_china/?utm_source=eoct_nationalday_china_remail
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 44.241.52.146 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-241-52-146.us-west-2.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.123greetings.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Sat, 01 Oct 2022 13:38:23 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 4948 0
0 105ms
63ms Fetch
image/gif 2a00:1450:400d:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssIglsOXvx5ob3iq2B2M4iT_Aut4V1JuVFqXYOhSQEuSK5OrlPpI_4Fj3cHC3sbbY39ar-Rb7txNm2iTrq5GJcmeXCIIhnrG4PVaXGEt5-a8cxh_L1g6ch9wjy-W7forNYLMqUAfarkPeRI4wAvBSJQbDTo1_aVyzxGJOV34zIb7r8f5C8aNBLAHdHihuMjwE7APQKMPnBw0Vf1L6TEHBbVnqOWkekjsdm4scF7KdN6yR8pHPXhFGywEgPln79UlM4sLmOYTpj_mp3NDGtE2cDA_CQRQiywsasjKvE30Iy2IwEhbx6Iyex862GoUJNQUJyR98OqcOcB6Z7DxnXmJQy46veMEenoXnyWng&sai=AMfl-YR1r7jopepK6yJ6fTfk0csspiHn_Re5h1Dmv9L2IKIVwdnxUV6u5TKKYynj_3IABNE1yz8avIrl4KTepGdHqCCfK5f9vh-asHAHN2M5juteBYtaLj3Baka2YAP4kb2Nfw&sig=Cg0ArKJSzE_gJVYXD7bNEAE&uach_m=[UACH]&urlfix=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80d::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Sat, 01 Oct 2022 13:38:23 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Sat, 01 Oct 2022 13:38:23 GMT

POST
H2 204 /
events1.avantisvideo.com/ Frame 327B 0
34 B 526ms
167ms Ping
text/plain 44.241.52.146
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://events1.avantisvideo.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 44.241.52.146 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-241-52-146.us-west-2.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.123greetings.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Sat, 01 Oct 2022 13:38:23 GMT

POST
H2 204 /
events1.avantisvideo.com/ Frame 327B 0
34 B 526ms
167ms Ping
text/plain 44.241.52.146
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://events1.avantisvideo.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 44.241.52.146 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-241-52-146.us-west-2.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.123greetings.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Sat, 01 Oct 2022 13:38:23 GMT

GET
H2

200

sd
us-u.openx.net/w/1.0/ Frame 4BA2
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEOUdBisFwdYg_DKGItqw-cQ&google_cver=1

43 B
114 B

23ms
22ms

Image
image/gif

35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEOUdBisFwdYg_DKGItqw-cQ&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COWiHhCsuIT9ARjXhbrSATAB&v=APEucNVKl-mA4RhNA3kFhCFH5Cpg4uzg29KFgqS8ZYRh094b_gWzJxg5AKRwJToQGkBrhTx1jCnlsWluFXW167BsI3Bx2TMnB5CyC05d5DxUwDFpiggPWzYsPNMaf-3f3e5MI1V-2ZDOVHjdNoGzNaa9JP_L0rlP_N0ZVKqwGNRUKoEIshNfZog
Protocol: H2
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 01 Oct 2022 13:38:23 GMT
via: 1.1 google
server: OXGW/0.0.0
vary: Accept
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 01 Oct 2022 13:38:23 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEOUdBisFwdYg_DKGItqw-cQ&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 cm
us-u.openx.net/w/1.0/ Frame 4BA2 43 B
304 B 95ms
30ms Image
image/gif 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/cm?id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COWiHhCsuIT9ARjXhbrSATAB&v=APEucNVKl-mA4RhNA3kFhCFH5Cpg4uzg29KFgqS8ZYRh094b_gWzJxg5AKRwJToQGkBrhTx1jCnlsWluFXW167BsI3Bx2TMnB5CyC05d5DxUwDFpiggPWzYsPNMaf-3f3e5MI1V-2ZDOVHjdNoGzNaa9JP_L0rlP_N0ZVKqwGNRUKoEIshNfZog
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 01 Oct 2022 13:38:23 GMT
content-encoding: gzip
via: 1.1 google
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 56
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2

200

um
sync.teads.tv/ Frame 4BA2
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm
https://sync.teads.tv/um?eid=3&uid=CAESEM2Ba4m0u7ZrtqgsM6we-R4&google_cver=1

23 B
172 B

141ms
59ms

Image
image/gif

2.18.69.48
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um?eid=3&uid=CAESEM2Ba4m0u7ZrtqgsM6we-R4&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COWiHhCsuIT9ARjXhbrSATAB&v=APEucNVKl-mA4RhNA3kFhCFH5Cpg4uzg29KFgqS8ZYRh094b_gWzJxg5AKRwJToQGkBrhTx1jCnlsWluFXW167BsI3Bx2TMnB5CyC05d5DxUwDFpiggPWzYsPNMaf-3f3e5MI1V-2ZDOVHjdNoGzNaa9JP_L0rlP_N0ZVKqwGNRUKoEIshNfZog
Protocol: H2
Server: 2.18.69.48 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-69-48.deploy.static.akamaitechnologies.com
Software: akka-http/10.2.9 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

expires: Sat, 01 Oct 2022 13:38:23 GMT
pragma: no-cache
date: Sat, 01 Oct 2022 13:38:23 GMT
cache-control: max-age=0, no-cache, no-store
server: akka-http/10.2.9
content-length: 23
content-type: image/gif

Redirect headers

pragma: no-cache
date: Sat, 01 Oct 2022 13:38:23 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://sync.teads.tv/um?eid=3&uid=CAESEM2Ba4m0u7ZrtqgsM6we-R4&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 281
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 um
sync.teads.tv/ Frame 4BA2 23 B
172 B 188ms
60ms Image
image/gif 2.18.69.48
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um?eid=3&uid=&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_dbm%26google_hm%3D%5BVID_B64%5D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COWiHhCsuIT9ARjXhbrSATAB&v=APEucNVKl-mA4RhNA3kFhCFH5Cpg4uzg29KFgqS8ZYRh094b_gWzJxg5AKRwJToQGkBrhTx1jCnlsWluFXW167BsI3Bx2TMnB5CyC05d5DxUwDFpiggPWzYsPNMaf-3f3e5MI1V-2ZDOVHjdNoGzNaa9JP_L0rlP_N0ZVKqwGNRUKoEIshNfZog
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.18.69.48 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-69-48.deploy.static.akamaitechnologies.com
Software: akka-http/10.2.9 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

expires: Sat, 01 Oct 2022 13:38:23 GMT
pragma: no-cache
date: Sat, 01 Oct 2022 13:38:23 GMT
cache-control: max-age=0, no-cache, no-store
server: akka-http/10.2.9
content-length: 23
content-type: image/gif

GET
H3 200 css
fonts.googleapis.com/ Frame 2446 2 KB
500 B 55ms
55ms Stylesheet
text/css 2a00:1450:400d:80c::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Lato:regular,700|Bungee:regular

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17626451119355985920/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80c::200a , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

a68a93e775b3785b588192bfdccbc6acf7b9c385c6e89dccd3006cdbb1ad0b84

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Sat, 01 Oct 2022 13:38:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Sat, 01 Oct 2022 13:38:23 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sat, 01 Oct 2022 13:38:23 GMT

GET
H3 200 Enabler.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame 2446 16 KB
6 KB 28ms
27ms Script
text/javascript 2a00:1450:400d:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/Enabler.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17626451119355985920/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:806::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5f0207bbbd69497c7a37284c0b6f9bdcc9f83c574a4cda737e00a390d0ed268f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Sat, 01 Oct 2022 09:20:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 15483
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5866
x-xss-protection: 0
server: cafe
etag: 544157900006238945
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Sun, 02 Oct 2022 09:20:20 GMT

GET
H3 200 addata.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame 2446 33 KB
13 KB 29ms
28ms Script
text/javascript 2a00:1450:400d:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17626451119355985920/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:806::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

aafb3ee79dc18d6ddc6b5c5503dc051c6e89d25a801b243cd4310ce7e0eac5ba

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Fri, 30 Sep 2022 21:21:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 58621
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13218
x-xss-protection: 0
server: cafe
etag: 5545325275904357113
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Sat, 01 Oct 2022 21:21:22 GMT

GET
H/1.1

200

partner
sync.search.spotxchange.com/ Frame 14F7
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_cm&google_dbm
https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESEFb2Fw9j6rIcoN6OG7JQvag&google_cver=1
https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESEFb2Fw9j6rIcoN6OG7JQvag&google_cver=1&__user_check__=1&sync_id=51d33281-418e-11ed-93ac-1ac061c70306

43 B
547 B

16ms
16ms

Image
image/gif

185.94.180.126
SPOTX-AMS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESEFb2Fw9j6rIcoN6OG7JQvag&google_cver=1&__user_check__=1&sync_id=51d33281-418e-11ed-93ac-1ac061c70306
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CI-DLxCv7fgBGOrU4NMBMAE&v=APEucNWwyOF2HDlYunymct8X-oWObA0Wj7CR2cmFgHP4ock2FSvaFl4iUJF0Vgke7L8ISWjT6CLoJnnZH7IcsIJduPrbYo_U5JmPVXAjNY6OwREuWXGkSg0Wl6Oz4p38Z3PIOkWCMPRrA591OA9gMTxqOYDm-qe1ov0qk6oIe2lHF9rofzwX3KE
Protocol: HTTP/1.1
Server: 185.94.180.126 Amsterdam, Netherlands, ASN35220 (SPOTX-AMS, US),
Reverse DNS
Software: nginx /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Date: Sat, 01 Oct 2022 13:38:23 GMT
Server: nginx
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: image/gif
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials: false
X-fe: 7
Connection: keep-alive
Content-Length: 43

Redirect headers

Date: Sat, 01 Oct 2022 13:38:23 GMT
Server: nginx
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/plain
Location: /partner?adv_id=7025&uid=CAESEFb2Fw9j6rIcoN6OG7JQvag&google_cver=1&__user_check__=1&sync_id=51d33281-418e-11ed-93ac-1ac061c70306
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials: false
X-fe: 15
Connection: keep-alive
Content-Length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 14F7
Redirect Chain

https://sync.search.spotxchange.com/partner?adv_id=7025&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dspotxchange_dbm%26google_hm%3D%24SPOTX_BASE64_USER_ID
https://sync.search.spotxchange.com/partner?adv_id=7025&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dspotxchange_dbm%26google_hm%3D%24SPOTX_BASE64_USER_ID&__user_check__=1&sync_i...
https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_hm=NTFkNWQ1NGUtNDE4ZS0xMWVkLTliM2UtMWFiNTJmZTcwMTA2

170 B
188 B

30ms
30ms

Image
image/png

216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_hm=NTFkNWQ1NGUtNDE4ZS0xMWVkLTliM2UtMWFiNTJmZTcwMTA2

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CI-DLxCv7fgBGOrU4NMBMAE&v=APEucNWwyOF2HDlYunymct8X-oWObA0Wj7CR2cmFgHP4ock2FSvaFl4iUJF0Vgke7L8ISWjT6CLoJnnZH7IcsIJduPrbYo_U5JmPVXAjNY6OwREuWXGkSg0Wl6Oz4p38Z3PIOkWCMPRrA591OA9gMTxqOYDm-qe1ov0qk6oIe2lHF9rofzwX3KE

Protocol

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 01 Oct 2022 13:38:23 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Sat, 01 Oct 2022 13:38:23 GMT
Server: nginx
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/plain
Location: https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_hm=NTFkNWQ1NGUtNDE4ZS0xMWVkLTliM2UtMWFiNTJmZTcwMTA2
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials: false
X-fe: 56
Connection: keep-alive
Content-Length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 14F7
Redirect Chain

https://ups.analytics.yahoo.com/ups/58269/sync?_origin=1&redir=true
https://ups.analytics.yahoo.com/ups/58269/sync?_origin=1&redir=true&verify=true
https://cm.g.doubleclick.net/pixel?google_nid=oath_dbm&google_hm=eS1MUzJOclF0RTJ1SDFuNTdfSHpRZGh5X2hPdWFraEMuYX5B

170 B
188 B

25ms
25ms

Image
image/png

216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=oath_dbm&google_hm=eS1MUzJOclF0RTJ1SDFuNTdfSHpRZGh5X2hPdWFraEMuYX5B

Requested by

Protocol

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 01 Oct 2022 13:38:23 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=oath_dbm&google_hm=eS1MUzJOclF0RTJ1SDFuNTdfSHpRZGh5X2hPdWFraEMuYX5B
date: Sat, 01 Oct 2022 13:38:23 GMT
strict-transport-security: max-age=31536000
server: ATS/9.1.10.25
age: 0
content-length: 0
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H/1.1

200

partner
sync.search.spotxchange.com/ Frame 005A
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_cm&google_dbm
https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESEFb2Fw9j6rIcoN6OG7JQvag&google_cver=1
https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESEFb2Fw9j6rIcoN6OG7JQvag&google_cver=1&__user_check__=1&sync_id=51d5d5af-418e-11ed-9b3e-1ab52fe70106

43 B
548 B

15ms
15ms

Image
image/gif

185.94.180.126
SPOTX-AMS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESEFb2Fw9j6rIcoN6OG7JQvag&google_cver=1&__user_check__=1&sync_id=51d5d5af-418e-11ed-9b3e-1ab52fe70106
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CL6WcRCwifCiAxiE8MHIATAB&v=APEucNVx4JVKDpTYjwwK_xcXSMarL2QDJjZlZHuUYyJwNWFzMirI5km1doBqxkAvjDtpLopGrOWhwEIiuiGLvfQqIBa2dvsd7icSbc04rnYITAerI66MfHe6yMeCtMjrFTMtsRHbIJ6_FXA6W1p_45DacGwOR70RFx0PYBcTxdXQ-uEoMubMXdg
Protocol: HTTP/1.1
Server: 185.94.180.126 Amsterdam, Netherlands, ASN35220 (SPOTX-AMS, US),
Reverse DNS
Software: nginx /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Date: Sat, 01 Oct 2022 13:38:23 GMT
Server: nginx
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: image/gif
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials: false
X-fe: 90
Connection: keep-alive
Content-Length: 43

Redirect headers

Date: Sat, 01 Oct 2022 13:38:23 GMT
Server: nginx
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/plain
Location: /partner?adv_id=7025&uid=CAESEFb2Fw9j6rIcoN6OG7JQvag&google_cver=1&__user_check__=1&sync_id=51d5d5af-418e-11ed-9b3e-1ab52fe70106
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials: false
X-fe: 63
Connection: keep-alive
Content-Length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 005A
Redirect Chain

https://sync.search.spotxchange.com/partner?adv_id=7025&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dspotxchange_dbm%26google_hm%3D%24SPOTX_BASE64_USER_ID
https://sync.search.spotxchange.com/partner?adv_id=7025&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dspotxchange_dbm%26google_hm%3D%24SPOTX_BASE64_USER_ID&__user_check__=1&sync_i...
https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_hm=NTFkNWQ1NGUtNDE4ZS0xMWVkLTliM2UtMWFiNTJmZTcwMTA2

170 B
188 B

30ms
29ms

Image
image/png

216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_hm=NTFkNWQ1NGUtNDE4ZS0xMWVkLTliM2UtMWFiNTJmZTcwMTA2

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CL6WcRCwifCiAxiE8MHIATAB&v=APEucNVx4JVKDpTYjwwK_xcXSMarL2QDJjZlZHuUYyJwNWFzMirI5km1doBqxkAvjDtpLopGrOWhwEIiuiGLvfQqIBa2dvsd7icSbc04rnYITAerI66MfHe6yMeCtMjrFTMtsRHbIJ6_FXA6W1p_45DacGwOR70RFx0PYBcTxdXQ-uEoMubMXdg

Protocol

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 01 Oct 2022 13:38:23 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Sat, 01 Oct 2022 13:38:23 GMT
Server: nginx
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/plain
Location: https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_hm=NTFkNWQ1NGUtNDE4ZS0xMWVkLTliM2UtMWFiNTJmZTcwMTA2
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials: false
X-fe: 17
Connection: keep-alive
Content-Length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 005A
Redirect Chain

https://ups.analytics.yahoo.com/ups/58269/sync?_origin=1&redir=true
https://ups.analytics.yahoo.com/ups/58269/sync?_origin=1&redir=true&verify=true
https://cm.g.doubleclick.net/pixel?google_nid=oath_dbm&google_hm=eS1MUzJOclF0RTJ1SDFuNTdfSHpRZGh5X2hPdWFraEMuYX5B

170 B
188 B

24ms
23ms

Image
image/png

216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=oath_dbm&google_hm=eS1MUzJOclF0RTJ1SDFuNTdfSHpRZGh5X2hPdWFraEMuYX5B

Requested by

Protocol

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 01 Oct 2022 13:38:23 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=oath_dbm&google_hm=eS1MUzJOclF0RTJ1SDFuNTdfSHpRZGh5X2hPdWFraEMuYX5B
date: Sat, 01 Oct 2022 13:38:23 GMT
strict-transport-security: max-age=31536000
server: ATS/9.1.10.25
age: 0
content-length: 0
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H2 200 express_html_inpage_rendering_lib_200_276.js Show response
s0.2mdn.net/879366/ Frame C2DA 106 KB
38 KB 125ms
28ms Script
text/javascript 2a00:1450:400d:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_276.js

Requested by

Host: www.123greetings.com
URL: https://www.123greetings.com/events/national_day_china/?utm_source=eoct_nationalday_china_remail

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80e::2006 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e41d1ae45acbf836b8dcc29544c7e41cced4211214df601d5284a7e9c7134c73

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/
Origin: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Sat, 01 Oct 2022 07:30:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 22084
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37872
x-xss-protection: 0
last-modified: Wed, 02 Mar 2022 23:07:26 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 02 Oct 2022 07:30:19 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20220928/r20110914/elements/html/ Frame C2DA 8 KB
3 KB 30ms
29ms Script
text/javascript 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220928/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-Dze0B5qJ2g0Kw9mxJDgm2jo1DwRLf7r1Us3zD6vR4KJLaMUl81XHlVPDbFabktFPTdOkgORwEYomnzVykFfuniyva-vA&cry=1&dbm_d=AKAmf-BP-xab-LbqoS4C0aAsPAVlAr3iorsxLBO1Ck-qmuLS4bOzgeiCm5Us1Nr9AKwyDc9QYJfTT5TrjJml9ehKVnkMcV6cE9kGhKWw9eYg0slT1hdB8AqpONlBUusNxY0AoFdn0sMFrVepD1lPdzVAlczVJ-KsS6YEOJyqxqLt_5Q71jntTMe24lCDw-Y3s7ztTdIu_ek6w8xRtPmE_vKQA4bxhmODNTESQYC_UKSiz0yhtqHM51E00A_u7IZO1Oy1d-jj_tZVlMAYxwse2evdbA42AelYQeaZ3K1P0eWYqmlB1UyWrSbptLy3ZUXPIdc8nA-E3gxzsgu0zwQqCRxoLJ-Ywl90xwml78pLWvar7FwWHHVoD4HQlNEAmauusfVxTMdwwRO1fjBMA_bai3iM-7-3q6VDNngyGrgT0OcZqSe_pjTpOEuEQrpHidg-wC4SSkcSB4e-yz6xod3K6ADF_UtS0-pi3YR2xy2P9Ow4xHAaFLp8ZwfC0Z0tLT95A-AFxmS8xDV5sGXPpWFFEQ__Ety3lYj73y-UWL9umlVWd7bwfFGu3aZ_oLhwTNUMudBYLWbrYHCvnK30be9HkTfie2ynd_auZAXp7rIblq8Y1hrdmeLxMvp3cTjC7Z7eDJQAEGlMR2OyVbdXq6w-ljDtoX5zGY57Znixz5WHX0b84mSAZ5yv9Olt78VV1Mrh5t45rMuGUXr-dB0XCcA5FRikz0-eyeE-XzWIkuH739AdCzSDZJb2avYP7dyjZTPMYanGChGinaSHxy8FtgZt1q0_BNhF5Gf-9h42yyAdfr5pmH5Dx_j7GdcBgrujT4oFAY-q2oL3J0CZNX4GEL3HRWhL4SERNxgaGfYrHygGGwmhewtg1jMVmUYUcVdf69wOlEhv4x8CcdFhPO00QYQDPqOTNRBPCQLI0JINRqS-FR0V1GpFXOEhZkc5ec_kNno7VWyZeqGdn5iqZaA7PLvkGmmakbK-qLJepjLJgFKV6E91Prw9xqZeeVSTGU9UM9_XTKCVrS5r9_XQ8liFJWGG6_jpyr76tw7P9DZq4klQ_lUTJE4LFk834xxUvvsBM0MNHrmJjR7ypcgTycHjJ-XlVQF7WM_NPOfZPVZ46JT5xn7otz4px23d8hGloqsyJ2j-WixZYwSZHrjUuZLhmNLuH2mL-mSRgL6bN5VfFjDPX-hZx86m3dtsFj-Y5orYGMnzrHdBpWjqMYav78e5aNxKQwkLoK9zO0lmMF_RNtO8BrJVXAMvCCIl-c6TVzT87n5g25S8Cwm4RSpVZFxCMVhLGMyBfeoV5cUFJKkaYNzUYOi72bfvJVt7uKCDMovOqNtF2UEX8jjLiS7WArW5leI2y9_EshmWQ7gXGxmt9x1ct9f2eNRlksp1uGd0ECntkOj9v34cnglRbVooS-B2Sxb8BgtOaMoiHm2Wng5TqjNlajumP53VWJj6ANGYEJito_WDew-m5iI9H3RfACezDdgm8VRnw-3XKxiTe2UWzHgoZEY3uJgYvcfdhB-EQIK_vD493lSUWeJhRi_di4bmY6bKDkolROoe3QPqFhrezmgEVMmivKDI-Pv4Lktfm5i0yrHcafw-9dREFOv-CdjGUfTUzrmdre6445ARxAhc9byCTmuFLJ_rC5kixM70aGdAfBaipBfEVpHQLPjxOvHpxbaMnebTROJfsWIvEZfaaX5PqKGIbN8DFxDB0uYGjK_EBhbE2qzF9AWx092rq6mHN29yAxoMX4KKAxBC7ETSB59WI510iRt5pr_r_yriS4Q1fjJvtZaNB6fyYEnEShjtrNKOQRiocu4V-l9iIe5-djP4676TOmIjXg3rIj2ucDyEaCXIY1GajlRXiropIIDLgS8AaaAzHHqgQEMQ-yJmpKt17W_XbNEsd1XumHL_zSfzJzX7aGJv1KAzvW3SGVm4_QuGNcVQvPkleMbg6IE93hpez4SfKY_lxyD8iSoZ9QGrKm989gsCbDlaZA-nzg2A6pCjkK52MYKZ0XGCnCGmGt9ClSVeeXQM-kRfg1-_ssdvvFUNNqcb89k0C7KPm_0VLBTJ8LosXT6uACdhMVp9KlKtJ8VH1QYJYE5PYjUBJUcdSS_AV_KnVCdaaQvIu2ZjUWhu_cL8tVDDNbhN0NThI2mp17F7fNEijDUhCRvrCG9cYOqTU9BDBgQzEnJ9SvuZxYUqpnyK2MSPB116F8XeLPdOsTWPBM5nMpqaW-uoaot3Akdf1T_OEuiBC4OFOt5q2ikxToytDpe46bNqXsDWmuOqeDCw4g0AEj56zfslVlRgdeJRfiZ_cKtIiC2AfcWBfyoM_9PNSdiCcsu_BETze5_Dh3VReZcYJKyhhGG4nLClQanV9Ll03Cp3ldXwo6Uv8Qw9qIkHuTPSQQEgepa9NvMeoYRAQInzxmKaoSaQoGQPa3bxbPqpYAplBt7wfFu3repdpnLefLFj1XBNKDmo2_e2ToNr6_W-6Ty2PnrKA9AyZ6RE0UBc3uXQXDbwRhZks1mmQR1y0vcpPHB-pmmJuUmA2dDB96iSW9qYtSFR_T4SyG9QNpfBHYIzj-uUYs2WvtKf8_TM_tgzvtORc1ZwRodfh2z3vKQtoRsS2RayHDnPq91liHR-uWuHJ-JO2WPlazEXl4BC6pqg2SJCp9skVrkkmPz0zkNck5xj4bNq5H0F14Z-kROyRctVjgmunhK5btY7R7JU4Q2xo4u95hgXAneMKGnSQBC5VMbLenPuVY4R7FpG4d-kOPltt1sr-6yDhgZ0t7lPP8r-opqYySwEQHwMwOWEnu8RHZkVTa8b8ofS1XrtToS5eut3SClmBV5d8tThg2fNSf59sZPwVQoAH0uGt6VTbe0W9EsdL7OvyNPjbqCQma2YT8sMCQBQBo8DsUL_6UitX5SBgGI9ZgqGf8d3fWwM8Cu5Wpv1fXyZNyHYVqpdkiacUJ0D40xsb8HeZjRlBky0J42_4cCvpw8mU9emH2fR0ewVsAvdqhszPngHuYuehddLLIqKXynrFuD-xQHW79KW7EBC4qxxiQhyXzw8z1CHD52ALc_6jVDJoBeMCez8iFdfjEsihMOg8LFbufgLQT3gacyxwdRWewZVdL3iMGxi5Fna4qO99-vL9eDbI_c-L24nYodr1mRmUqYkdkBGbosNyvieyp8C4yQje3gRWT3aKVaYwbeNpiymWdiYd2-7riGHBPEWW-fpvf5Yh2-XnxuCfsobHrzwLKyye6Sv6lFgRkYiIoe8yiRT556rnitPeuLrz_SgfWP2SP_D42NHTSZn48bFwq2khCfQ67NdLSfiClpRldDKy84CiIHkBNhB9o995ukybgWG&cid=CAASJeRo_ysZ9A6w0hy8OQmNengSVuizNEgNjtdwKJpqRLKs1JaRyP8&rfl=1%2Chttps%253A%252F%252Fwww.123greetings.com%252F%240

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

58b603271da250778cca7450c81343eba7a896c87d93812f4de54ca5e1108488

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Sat, 01 Oct 2022 13:16:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1284
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3181
x-xss-protection: 0
server: cafe
etag: 10699485926258732851
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 15 Oct 2022 13:16:59 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20220928/r20110914/ Frame C2DA 30 KB
11 KB 30ms
29ms Script
text/javascript 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220928/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f03f34a896200ac3d36794a86a5b23d054f1982d05740b454078c8526a33b631

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Sat, 01 Oct 2022 13:22:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 949
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11727
x-xss-protection: 0
server: cafe
etag: 4188671789125589074
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 15 Oct 2022 13:22:34 GMT

GET
H2 200 u_d.html Show response
cdn1.avantisvideo.com/connect/ Frame B071 46 KB
17 KB 45ms
10ms Document
text/html 2600:9000:2057:1c00:1c:38a0:8a40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn1.avantisvideo.com/connect/u_d.html
Requested by: Host: cdn.avantisvideo.com
URL: https://cdn.avantisvideo.com/avm/js/video-loader.js?id=1c35f5e5-f7c0-4c97-8283-6c9f94ba8c53&tagId=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2057:1c00:1c:38a0:8a40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 24374f583eeb0c88723c3cb830828d5798ce87144c8ce4e32076df4786f72848

Request headers

Referer: https://www.123greetings.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 17871
content-encoding: gzip
content-type: text/html
date: Sat, 01 Oct 2022 08:40:33 GMT
etag: W/"f9678e3c391d61d33ed4b6129f75c60e"
last-modified: Wed, 06 Apr 2022 12:25:53 GMT
server: AmazonS3
vary: Accept-Encoding
via: 1.1 f038e7175be9761825b2eefc2b0a832e.cloudfront.net (CloudFront)
x-amz-cf-id: 6Xrz2-kd9YU3EkFcbzXjeS7vspeaTfHvEmoHh_6TlZMPXrRn8ySZqg==
x-amz-cf-pop: FRA6-C1
x-amz-version-id: dem0VvOWe0jwgvR1YOcBwtPtUobNlIGA
x-cache: Hit from cloudfront

GET
H2 200 u_d.html Show response
cdn1.avantisvideo.com/connect/ Frame 89CE 46 KB
17 KB 38ms
9ms Document
text/html 2600:9000:2057:1c00:1c:38a0:8a40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn1.avantisvideo.com/connect/u_d.html
Requested by: Host: cdn.avantisvideo.com
URL: https://cdn.avantisvideo.com/avm/js/video-loader.js?id=1c35f5e5-f7c0-4c97-8283-6c9f94ba8c53&tagId=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2057:1c00:1c:38a0:8a40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 24374f583eeb0c88723c3cb830828d5798ce87144c8ce4e32076df4786f72848

Request headers

Referer: https://www.123greetings.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 17871
content-encoding: gzip
content-type: text/html
date: Sat, 01 Oct 2022 08:40:33 GMT
etag: W/"f9678e3c391d61d33ed4b6129f75c60e"
last-modified: Wed, 06 Apr 2022 12:25:53 GMT
server: AmazonS3
vary: Accept-Encoding
via: 1.1 f038e7175be9761825b2eefc2b0a832e.cloudfront.net (CloudFront)
x-amz-cf-id: KmRel5Qu_5BrW2dIyuTFTNqsh04cU8YIyihF8ntr6HAGyGOUQfAQMw==
x-amz-cf-pop: FRA6-C1
x-amz-version-id: dem0VvOWe0jwgvR1YOcBwtPtUobNlIGA
x-cache: Hit from cloudfront

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 7574 0
0 61ms
61ms Image
text/html 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20220928&jk=3900156577675395&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame AA87 41 KB
15 KB 32ms
31ms Script
text/javascript 2a00:1450:400d:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-Ab-fYsujmPMkLp-Ai5Wf2qh0q76vTWRfXWuaBzk_4lLlTSmQTKsDPLovuQlwpmaLb4tg2iy8EQnUc-ZQVfScNcntSB0wWIgKyUeT-PnITIkTdc3LUaw28Tn6GqRyxig50NnEBLinyMO0bnNX5-dhllYDtnVL4Fp8hH0dg1BDvRbe5i-N0&cry=1&dbm_d=AKAmf-B2JqPzkMApIRiVEZ6GVlXNKt2CMZ2oFrLQrzYx8GetPwtKI0jMisSoIXGNqpwOHZPuuNbANd85VEcaVQfjaXZs6IKpxdCeBwWmV_jpRfedVBpV3oRsrtpFhkht7jxU8boT58e0ZKp3U30eqzfyfcOT3s8cX4CZ9rlW6shlpTL4o2jnrw05dwwv5z7UO6agVYGfhqJ6qqunu4zW2M75eDu7jLhOxDHFjc1KRt5wYrPOGUW072KBsknn1bSrgzERDjKp5Y5QEEbTFeqitz6G-4AV6M__tJ6-qLDSRTxYG_bKdQhaUutu9736I-bBMc-tdXX9Z-gp8DjPifhZ4WPVAtXcnOqSO0XSAq1RKA_w11ce3N-HYrGi1_WK6Vn3AEtQM8W-WSzytWd2hrpF_b7ZECze91WKqmrlM40evR6w4n0vVgmmqO80LUhHRMbxwZVbXjcjHBjUgK_ke4uYSGAUYT4P9z-tvXpTw3__7w2n7GFd3oXfaPwpfN7yjh61eBA2B3F9ctR_Ynx3J9HGHcy5ngUsAgEJYLaUNpV87kv__spFri0Z8gEvt2yMi4Ho0ckO1hoOY2ZoiHN6uqb4UaiQ312FLeXi8aiaf2TAumHfge5ZpcRDXV_y4oajoeIldgnnl5PE280qldOSXbVkGpKqd3EGz7xloIghNKDv0IYTqYoOtdK1uLx6OkQPuZ5oDzKJcevEhyiSA5Q9wu_DV5cH5ZJZQUFj0ne_xZOxst57PxVW7ZV1i9WsWKzWAwmydxSKOdHP3C6qumducx5IX6fDyt6bB6OQj39MA73dfzohfVzUxZjKTgu7NBytkNko_m8LusgiTT53j1U8jd0WMHNqJ60CalWtJtR61pPUOtgW1lMwBsR7X0U8QD8I77Mfb1IsGQrbmTMv5c0TZ37wkyKg6jAENc4LyABhCEL1QiNnjDq_owfH7onC3pdd4VEQWQlXwDVPX4Tx8jLdUlcMv8T3d0_7riMal0lO4-fU-52Q0jSIVFf0PrlrUkRPNzgrpLIVbZfDa9NdDDxsSp2sc7cew4TQdyT4KK4ShIxyEvctsCu-myU52_3jRe_7G1IipFqbH68OMk6Bam5xgCHe5CmgxdHP__UQa8d4VcJV1ocAJ0i6IB4xpPc7eseX0pzohyWOShK4o4LQDhfinWY4xNvrRnMzaAMhrqwBhY7w8IWm_IrPiEIpiehp1QJCIFnZRPJot6GRvGb0OjWksRJqw7EPFQ8CfeE2pBGkmvxePA4hAm1n01LuWYbhJvo5DTJWHGn4550LPgQ1oQ0vHjn5bVcwsthMl-plBfRq70y4fHlpDV80gXUO0BkZ9F9RThVQMcrqisGm2DfdhdgyV1GUPuOapoJtcK2Xk706KInBYPBg17shK4EM1VRig44eu4Oxz57un6X7Lo6eW_K0z_G9UoAic01h5bH-OnJRLAMDGnZi0WI_gGfQU_E_a4osoIim9JJg43p6YPCOHEs7bGxy4HXmPwb75VFRdtjf6FZVEoVqZj9b32QC8-9o6zJIBE6SljYpSaT5ZLX-OA9Aa85-K-wzgIb5-btUQ4IKAFbLryNy3HZygLYeSMSstHqjymtHG31W15VsWEj7b1WqzJSDY2I20bcYBn6Bc7wMxC47_R8n64zAn1tiao3uaaFWUWfb7DzWM3xqGw1yIrGYqvLrpFLaX63CFjtSfIqOYO0Whxc9aP9rk4XQhvyUW5duEt_FCGlfbhs3bw8IjgzRpZhhJ4KM_i6dtfC64T6iM0bb1MzJBv_PrSXLwE9AKCx6AuQ8AMBCEY6AedX8LPPEZ8FgcQ40tDJUq_ekDBq5-GUuef1Fv_uIIKa3LfnZ5GyPQS54kHGVD0kEdTUfQX0T-DVHAQ2g-C8Wvl3jhWr8mV0ItgLfR1CUzRpwnTv-wi91xLMH3F5hAO5pK3w-Zt3Gw2jnltWUis90kOSjMY6aSNqBTazs3t0mKy31v68TxllAdAOJPDeesKcOgeE-pKDHTmbE9RznsEkuDzO-VmZEfeXHyvgU_9mxMtlV_2BIWuDnV5occO5QZqHFCTO64hgywekZ9ztzsQ70daFdGV0zj9fRqHJEptLCi2YmTxZBcld2FnpF-O9hjn6uFv3uVUDrPR7MRQI2nsohkXseuVVJ6_bzWddYqoVsBsiPd3LTfgJtXlh8uXzEwrKgELbEqaRzJnIsPvdQFuvbXCdidCkYsbhHeWhVH0E1_QtyhpbdGwnNNuNXCVPyQyCEWm77RCR341LY7FqSiOW2SsQYU8tTdlJsONEOxqs3sf4CCmOG19PJ_N6oRyJ4dlXn7ysPtwsZWQRw096UWgrVUkdgeR4WVYXvflX4nd-AQpGQ59w4E7oEgoqMjKElrLtZ_emvqTgY0I3lvo94EPKpTRd8VYyWfDb-Q3898P4_XkviviCoLUlcHeFIISOgc87NQuBmDtt1XCZ1fp_HvJz6HY3-xa7N-Mdx5-tp-wNcW3D9qR7xnOF7tdYuet9IOVNCSrQoP-VXCzVYaZMdgR8SCNN1LMx8oWI0AlfSOpr0qy-ROyxGzMUeTzqTzAiD9Yhp-0RuvUoOW92_bf_PSZ6TMnvUzNigOlSpYfFCcbTJniogWBTKj_sVXtfoSbjbFrueqKWmtAkQqm_Qfp-BHZCJf8-U68lnVJmLV_X7s1SZ4l36eU-n8XfLbH4byfDuCwpNa6weAID0vd4MlfB6aKkennMcgVyqmGqOvZJ2UG7pCxAb-SWw5WW0uAdn_NDQXe1RjKrS_KZJqfhFRRDQRkaxMaXDfUk4jmQnAKBahVoKuu6TVXOje-K_TaGqK2Vy43PzBB_Ke68eHEa3izJX1uJ1J8NXuePgYxHNwrB7Q2GJSUYV8hHffC6OVj_K914qupGU7CypOVrXntUqzDU2bLSaRCqTG151xX_SfGTDue4xM-LiBG2gVFNUxz13dtDwJ6ISx_y1pzy7J4wNkT9uZfxqPaROqu80_6CrY_lQGh4AJ1qk5Ov7vng1zu8Uu5P-6A8IO1ExV7qOQNcfWDHB8Nu9G1X3gPwbxureE55x51XEZddJQ-hVwAdJXCyG6hMMBTDKtI-1fNOU_MTR8vm1R5uKPk5qGHrvJcVI2_EZIuGn1vF6gzlH_3_xTg8m4dBlw7sFxqweHAwgoWUewQjcCKzquAxLqCrZHcbA7spk7Sjngex4uJLShVZo4urIAuCGwb-pboUkQDb1xCf_Ya9v3sv2aAfnlCyt8Y5eKYdeq7P2XouqqmRbJgsJCIOQ3pnRwE1DUUDWk_Zyv1cl1b1i1I9l0GRPxktEUCVknWIAG8d690PehBKOJy6eleEY9P43fsJ6Q2okmDDefSps9xPqANsYK0SkGGP6zwgqSHJweWYw5t0MvWqafN2VXPlGSGZGtWZeVOqZPIBe45j6J7XE3QQhLD8p549O8k3uHy8kybaqA4HqN2Q&cid=CAASJeRoA3_4VYO1EQZH06ETe3Lb_MXeUBvnE55Vw8yRLgRmJo6Ihlk&rfl=1%2Chttps%253A%252F%252Fwww.123greetings.com%252F%240

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:806::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Tue, 27 Sep 2022 18:03:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 329712
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 27 Sep 2023 18:03:11 GMT

GET
H2 200 bootstrap.js Show response
s1.adform.net/stoat/626/s1.adform.net/ Frame AA87 33 KB
16 KB 158ms
21ms Script
text/javascript 37.157.2.249
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js
Requested by: Host: track.adform.net
URL: https://track.adform.net/adfscript/?bn=57588194;gdpr=;gdpr_consent=;click=https://googleads.g.doubleclick.net/dbm/clk?sa=L&ai=CXN1lzUI4Y9ryM5ms9u8PrdWLyAmj8aLcbOz9pumOEPAuEAEg7_aQIWCVgoCAoAfIAQmpAhaE2m-4cbA-qAMBqgTyAU_QWEU68pGDLyobToGUsA0XAC9Z5LWsn7_GThwEhnlT8RqW6-X3cNULaJD7zkcgwpCaYNifpX1s3urbAK6jXV7KL_xzPNsWTYj2ZKmdw3Q4vsNWgl_soAzBArVQ2LoKKoIEgytT5QLMg6OofD42QrQSoNzojn9y8k8a7YI2FtPUyVvjuRqUhYCr1nZQiMYreRL4ZW0zQT73REyRYo7LR4qDHGrr_m3KzzIN3uYeeHpyXpjJbWCKlKPJwq3Adxegabs1z2wYSsLIRUKvLl5iLQprzdWsOcFbGqyfSxjLpuTrOs2LH7dlCuJV-RAYS2sWd0A2wATd5trmhQTgBAOQBgGgBk2AB-6b1dsBqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgH35-xAtgHANIIEQiA4YAQEAEYHTICqgI6AoBAgAoDmAsByAsBgAwBsBOwlqcQ0BMA2BMK2BQB0BUB-BYBgBcB&ae=1&num=1&cid=CAASJeRoA3_4VYO1EQZH06ETe3Lb_MXeUBvnE55Vw8yRLgRmJo6Ihlk&sig=AOD64_0rPvv5wBAgjNPGM25c06lf9_qDgQ&client=ca-pub-4627517680249670&dbm_c=AKAmf-Dw-wfdzhKsPtFX0Wy_yIKCOSZEYu0cyh66l_9Qjf6G2a3_r5jub1ceE-PAnJ4imxtDByORb8IuYOZQGRwWDcs3mTf_x72hW_j1NapLUq_YNybljISA-Nq4bFVvxL15iwZ7A4UnUhFS0YfomIc3LTGQi4ARyUGNbqdimllpiiyKSDhKydQ&cry=1&dbm_d=AKAmf-BXQjjhWF2PChOv1HJfDoJ976VNqQPBqZNAixNGBOPxxeEQmA9h05dz4D1CQH8tG-57ih758VT2IK4pEaxHL-H-vSjcVpP9IYe8oevvLDqQBRVR_hIiAakjKluYytk33knJtUOZ9XZ3MB6_E7CqVukG0JZLlS_3PpqlpIeRVl6fwLJuiID5jP5tssnnUAeNVXFj10iHRYaky1Vj9iamPK3QD5T5KOYyTtZZ5auWYHR0GYvLxvKGGrFCepFdARJdW51m2MsmTMui3k-Nmf6UangaIAHV3pM8r2RjUnEhXVZ7PIkI1wsAw3YW1LYa-C3UrWvo36jQTzgi7R763sTLnwnYw77Q1q_eyS2ISZcYO80JN4tHoLSPVxmz5HByQDsNmwHu4MTRHdH89EDYx6zEgM7TeIbju-2r30m9Zd4JbuQfFvvhSYug1CVh0arlJsFxN7Zi5TQyyGZt8X2yFF4zQA7u9SgMJXw_QCteTiIoWIo9H0MpEYU7ksK3lZJW6nuBTnNuXMo0WqfHWdMm_vNyxbCR1QycRp7dgQD7ZqlRXol6GkoaI0f5aCYdAFZcgcFTTpNxVfkcng0OJAT2QsSvj1qlCsWhpVdwHK64XjwPL7wXPRcPYM6SxVzZi3-UkiSN26gmBM3u&adurl=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.2.249 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: 141d0c16f846671454c7819c37fafe483ceb63aecb14695abd4a911d67df3d49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Sat, 01 Oct 2022 13:38:23 GMT
content-encoding: gzip
last-modified: Wed, 14 Sep 2022 11:10:06 GMT
server: nginx
x-cache-status: HIT
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=100000
expires: Sun, 02 Oct 2022 16:31:56 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame BF64 0
0 24ms
24ms Image
text/html 2a00:1450:4001:82a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaRD72_CPg98J3nAXv1wACbGpulJUW--lM82yLpzXmGTUauGvZOLFznPk_okK7lyPV8oRbEdrMEn8RNXLRPRGo5yoCK1bQ
Requested by: Host: b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com
URL: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame BF64 140 KB
44 KB 28ms
27ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com
URL: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

da8438b81e390283f6eb8cc9cf49ccde3d00c954b4fbccdf6372c162c4b58ab2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Sat, 01 Oct 2022 13:38:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44530
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1664365478704152"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sat, 01 Oct 2022 13:38:23 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame E62F
Redirect Chain

https://pm.w55c.net/ping_match.gif?ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEJ7daqhhmCyBQf3fmwaWCzU&google_cve...
https://pm.w55c.net/ping_match.gif?scc=1&ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEJ7daqhhmCyBQf3fmwaWCzU&goog...
https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=Z01CbkpkcGsxT0VDSGQ1&google_gid=CAESEJ7daqhhmCyBQf3fmwaWCzU&google_cver=1&google_push=AZmPxg-lwOvGsPz76oIUmUugz7jUGOmpB0-8BbIcwjOF30V...

170 B
188 B

26ms
25ms

Image
image/png

216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=Z01CbkpkcGsxT0VDSGQ1&google_gid=CAESEJ7daqhhmCyBQf3fmwaWCzU&google_cver=1&google_push=AZmPxg-lwOvGsPz76oIUmUugz7jUGOmpB0-8BbIcwjOF30VYjcHhHroYQhnSS3uRPAFnHkdUfpnijfeEfg6EwRTm2wWXjk70tXds

Requested by

Host: b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com
URL: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 01 Oct 2022 13:38:23 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Sat, 01 Oct 2022 13:38:22 GMT
Strict-Transport-Security: max-age=2592000; includeSubDomains
Server: PingMatch/5cd8a5d#5cd8a5dae4649c563ed7e6eb1dd90a4f2423ff29 i-0b4514da13a8bc28c@eu-central-1b@dxedge-app-eu-central-1-prod-asg
Location: https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=Z01CbkpkcGsxT0VDSGQ1&google_gid=CAESEJ7daqhhmCyBQf3fmwaWCzU&google_cver=1&google_push=AZmPxg-lwOvGsPz76oIUmUugz7jUGOmpB0-8BbIcwjOF30VYjcHhHroYQhnSS3uRPAFnHkdUfpnijfeEfg6EwRTm2wWXjk70tXds
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

i.match
s.tribalfusion.com/z/ Frame E62F
Redirect Chain

https://a.tribalfusion.com/i.match?p=b6&u=CAESENfNcwanhQsnuu68aZX-3E4&google_cver=1&google_push=AZmPxg9IMPGc0OleBwrRfHjtjZjtE0DBLaq7OrQQeC0QqH9ylfCEjtlGHzLQzHqP6u_gRN51rnRaz9uUAsgXmtmE3FpDuOX4LTGa&...
https://s.tribalfusion.com/z/i.match?p=b6&u=CAESENfNcwanhQsnuu68aZX-3E4&google_cver=1&google_push=AZmPxg9IMPGc0OleBwrRfHjtjZjtE0DBLaq7OrQQeC0QqH9ylfCEjtlGHzLQzHqP6u_gRN51rnRaz9uUAsgXmtmE3FpDuOX4LTG...

43 B
414 B

214ms
201ms

Image
image/gif

2606:4700:4400::ac40:98f5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.tribalfusion.com/z/i.match?p=b6&u=CAESENfNcwanhQsnuu68aZX-3E4&google_cver=1&google_push=AZmPxg9IMPGc0OleBwrRfHjtjZjtE0DBLaq7OrQQeC0QqH9ylfCEjtlGHzLQzHqP6u_gRN51rnRaz9uUAsgXmtmE3FpDuOX4LTGa&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAZmPxg9IMPGc0OleBwrRfHjtjZjtE0DBLaq7OrQQeC0QqH9ylfCEjtlGHzLQzHqP6u_gRN51rnRaz9uUAsgXmtmE3FpDuOX4LTGa%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
Requested by: Host: b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com
URL: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Server: 2606:4700:4400::ac40:98f5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 01 Oct 2022 13:38:23 GMT
cf-cache-status: DYNAMIC
x-function: 302
server: cloudflare
content-type: image/gif; charset=utf-8
p3p: CP="NOI DEVo TAIa OUR BUS"
cache-control: no-cache, private
cf-ray: 75359930cee29101-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 43
expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 01 Oct 2022 13:38:23 GMT
cf-cache-status: DYNAMIC
x-function: 206
server: cloudflare
x-reuse-index: 185
content-type: text/html
location: https://s.tribalfusion.com/z/i.match?p=b6&u=CAESENfNcwanhQsnuu68aZX-3E4&google_cver=1&google_push=AZmPxg9IMPGc0OleBwrRfHjtjZjtE0DBLaq7OrQQeC0QqH9ylfCEjtlGHzLQzHqP6u_gRN51rnRaz9uUAsgXmtmE3FpDuOX4LTGa&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAZmPxg9IMPGc0OleBwrRfHjtjZjtE0DBLaq7OrQQeC0QqH9ylfCEjtlGHzLQzHqP6u_gRN51rnRaz9uUAsgXmtmE3FpDuOX4LTGa%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
p3p: CP="NOI DEVo TAIa OUR BUS"
cache-control: no-cache, private
cf-ray: 7535992f4c679101-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame E62F
Redirect Chain

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEBRX2zmTQkK94WMyVxoGHGE&google_cver=1&google_push=AZmPxg-NXJRPAQq9Zdxz2UMtnmol0iOxeH836eXU0Jn2ARw-fSYa0SNcJa-QXnvoq7RzHePvCMpEHuXf...
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=NTgyNjcxMjE5MDAzOTYyNzY4OQ&google_push=AZmPxg-NXJRPAQq9Zdxz2UMtnmol0iOxeH836eXU0Jn2ARw-fSYa0SNcJa-QXnvoq7RzHePvCMpEHu...

170 B
188 B

25ms
25ms

Image
image/png

216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=NTgyNjcxMjE5MDAzOTYyNzY4OQ&google_push=AZmPxg-NXJRPAQq9Zdxz2UMtnmol0iOxeH836eXU0Jn2ARw-fSYa0SNcJa-QXnvoq7RzHePvCMpEHuXf7IzujJTfDOT3KE7Mtd68

Requested by

Host: b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com
URL: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 01 Oct 2022 13:38:23 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 01 Oct 2022 13:38:23 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET
location: https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=NTgyNjcxMjE5MDAzOTYyNzY4OQ&google_push=AZmPxg-NXJRPAQq9Zdxz2UMtnmol0iOxeH836eXU0Jn2ARw-fSYa0SNcJa-QXnvoq7RzHePvCMpEHuXf7IzujJTfDOT3KE7Mtd68
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame E62F
Redirect Chain

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEBRX2zmTQkK94WMyVxoGHGE&google_cver=1&google_push=AZmPxg-Ymlf0jdc1hHOQ4KD2h71vPVUjMNrbvlO5XMXCJoDHbaQb4UdTOk5TWNrgI0ywP_CiEzrfUzQg...
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=NjYzMDgzODM5ODU4NDk0NDg0NA&google_push=AZmPxg-Ymlf0jdc1hHOQ4KD2h71vPVUjMNrbvlO5XMXCJoDHbaQb4UdTOk5TWNrgI0ywP_CiEzrfUz...

170 B
188 B

24ms
24ms

Image
image/png

216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=NjYzMDgzODM5ODU4NDk0NDg0NA&google_push=AZmPxg-Ymlf0jdc1hHOQ4KD2h71vPVUjMNrbvlO5XMXCJoDHbaQb4UdTOk5TWNrgI0ywP_CiEzrfUzQgh8Dji2PRBuYwjKk8wlCI

Requested by

Host: b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com
URL: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 01 Oct 2022 13:38:23 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 01 Oct 2022 13:38:23 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET
location: https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=NjYzMDgzODM5ODU4NDk0NDg0NA&google_push=AZmPxg-Ymlf0jdc1hHOQ4KD2h71vPVUjMNrbvlO5XMXCJoDHbaQb4UdTOk5TWNrgI0ywP_CiEzrfUzQgh8Dji2PRBuYwjKk8wlCI
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H2 200 dds
rtb.openx.net/sync/ Frame E62F 43 B
351 B 89ms
20ms Image
image/gif 35.186.253.211
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.openx.net/sync/dds?google_gid=CAESEGBx3PQBulRqspWmHCWhE1s&google_cver=1&google_push=AZmPxg9ZyRl9DGYzQVIOxyxc8eRKWXR8DByUbEvxXW-s8deU-FnEzsgkTSoJm9rT_8o2THeyBkbhgDfW0kMrO5jgd-oQmrF-VWzH
Requested by: Host: b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com
URL: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.186.253.211 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 211.253.186.35.bc.googleusercontent.com
Software: Cowboy /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 01 Oct 2022 13:38:22 GMT
via: 1.1 google
server: Cowboy
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: null
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
x-request-id: 26qt6capasepnqmp1c9or2kiklejkftk

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame E62F
Redirect Chain

https://sync.1rx.io/usersync2/rmpssp?sub=google&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3D%5BRX_SPD%5D%26google_hm%3D%5BRX_UUID_B64_BIN%5D&google_gid=CAESEN...
https://sync.1rx.io/usersync2/rmpssp?sub=google&zcc=1&google_push=AZmPxg_m6mmo93bSnITNiGeuQJZEtlA7ZydrKlrG1Bac5pEKzlqmK62dCjMMVsqWu665-uCkNnDzLuS4sdcRbbMPVSzrxgo4-Moy&redir=https%3A%2F%2Fcm.g.doubl...
https://sync.targeting.unrulymedia.com/csync/RX-afc9c1da-435e-4f64-a643-9e938fb0840e-003?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3DAZmPxg_m6mmo93bSnITNiGeuQ...
https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AZmPxg_m6mmo93bSnITNiGeuQJZEtlA7ZydrKlrG1Bac5pEKzlqmK62dCjMMVsqWu665-uCkNnDzLuS4sdcRbbMPVSzrxgo4-Moy&google_hm=A6_JwdpDXk9kpkOek4-whA4

170 B
188 B

26ms
26ms

Image
image/png

216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AZmPxg_m6mmo93bSnITNiGeuQJZEtlA7ZydrKlrG1Bac5pEKzlqmK62dCjMMVsqWu665-uCkNnDzLuS4sdcRbbMPVSzrxgo4-Moy&google_hm=A6_JwdpDXk9kpkOek4-whA4

Requested by

Host: b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com
URL: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 01 Oct 2022 13:38:23 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AZmPxg_m6mmo93bSnITNiGeuQJZEtlA7ZydrKlrG1Bac5pEKzlqmK62dCjMMVsqWu665-uCkNnDzLuS4sdcRbbMPVSzrxgo4-Moy&google_hm=A6_JwdpDXk9kpkOek4-whA4
date: Sat, 01 Oct 2022 13:38:23 GMT
p3p: CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
etag: RXafc9c1da435e4f64a6439e938fb0840e003
content-type: text/html

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame E62F
Redirect Chain

https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEDCgXYQ-qzOvdbVfKDf2wqk&google_cver=1&google_push=AZmPxg9WHC8o8_Vmjpg2R6awjfcSa7bdI3aIMXT4dS2HLFnhljKPSadt15y64_q0OlpBfeiduh...
https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEDCgXYQ-qzOvdbVfKDf2wqk&google_cver=1&google_push=AZmPxg9WHC8o8_Vmjpg2R6awjfcSa7bdI3aIMXT4dS2HLFnhljKPSadt15y64_q0OlpBfeiduh...
https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS1vS082RHVwRTJ1SDZ6V1k1aExEVHpMYVZab0tRWU1mRX5B&google_push=AZmPxg9WHC8o8_Vmjpg2R6awjfcSa7bdI3aIMXT4dS2HLFnhljKPSadt1...

170 B
188 B

25ms
24ms

Image
image/png

216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS1vS082RHVwRTJ1SDZ6V1k1aExEVHpMYVZab0tRWU1mRX5B&google_push=AZmPxg9WHC8o8_Vmjpg2R6awjfcSa7bdI3aIMXT4dS2HLFnhljKPSadt15y64_q0OlpBfeiduhm8C8vxQgiBQSAr960-JeWl4IJvMA

Requested by

Host: b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com
URL: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 01 Oct 2022 13:38:23 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS1vS082RHVwRTJ1SDZ6V1k1aExEVHpMYVZab0tRWU1mRX5B&google_push=AZmPxg9WHC8o8_Vmjpg2R6awjfcSa7bdI3aIMXT4dS2HLFnhljKPSadt15y64_q0OlpBfeiduhm8C8vxQgiBQSAr960-JeWl4IJvMA
date: Sat, 01 Oct 2022 13:38:23 GMT
strict-transport-security: max-age=31536000
server: ATS/9.1.10.25
age: 0
content-length: 0
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame E62F 0
12 B 26ms
22ms Image
text/html 216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13JeI3J6oNT4_6dB_MKHaIbA2Z2ctdMNiLEdGqTQtP4YnPuZFq3Yi2YBlOLYyTKo_mX6gUVWFw

Requested by

Host: b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com
URL: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Sat, 01 Oct 2022 13:38:23 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 gnLtmcL-mn53pq-EJRMXOCFACjpZd0iqiIv80oTeKas.js Show response
pagead2.googlesyndication.com/bg/ Frame 7144 36 KB
16 KB 28ms
28ms Script
text/javascript 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/gnLtmcL-mn53pq-EJRMXOCFACjpZd0iqiIv80oTeKas.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8272ed99c2fe9a7e77a6af842513173821400a3a597748aa888bfcd284de29ab

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Wed, 28 Sep 2022 19:21:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 238631
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16010
x-xss-protection: 0
last-modified: Tue, 27 Sep 2022 16:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 28 Sep 2023 19:21:12 GMT

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 1E62
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
21 B

79ms
79ms

Document
text/html

2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Host: b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com
URL: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
date: Sat, 01 Oct 2022 13:38:23 GMT
expires: Sat, 01 Oct 2022 13:38:23 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 01 Oct 2022 13:38:23 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 6829 1 KB
751 B 29ms
28ms Document
text/html 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com
URL: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 22071
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=86400
content-encoding: gzip
content-length: 724
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 01 Oct 2022 07:30:32 GMT
etag: 48472445140208031
expires: Sun, 02 Oct 2022 07:30:32 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 50B4 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 05010037e0bf1c4ed0b6f84629d1226209720ef80e91d1e56132c89adc35a7a0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame BF64 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 64bf5aabacaf62804fd8f5a6233899dfb17c7d265fa84e712bce1e764c20cf41

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame DF86 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 73eed57c07b846318e5205a9b5e305aebf3b1e019c957aed7c990c8f9cb6d871

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 express_html_inpage_rendering_lib_200_276.js Show response
s0.2mdn.net/879366/ Frame 4ED8 106 KB
37 KB 87ms
29ms Script
text/javascript 2a00:1450:400d:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_276.js

Requested by

Host: www.123greetings.com
URL: https://www.123greetings.com/events/national_day_china/?utm_source=eoct_nationalday_china_remail

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80e::2006 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e41d1ae45acbf836b8dcc29544c7e41cced4211214df601d5284a7e9c7134c73

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/
Origin: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Sat, 01 Oct 2022 07:30:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 22084
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37872
x-xss-protection: 0
last-modified: Wed, 02 Mar 2022 23:07:26 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 02 Oct 2022 07:30:19 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20220928/r20110914/elements/html/ Frame 4ED8 8 KB
3 KB 28ms
28ms Script
text/javascript 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220928/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DQQeFR5Ol4RzoUxri05X47FLaBqXJmihL81BBB1LYjLe9YGj-FmM5ohvOiFlOtQSIASqFVBjvdREXNgkp6mXR0SIPzCg&cry=1&dbm_d=AKAmf-AIokVgTHG5gyDM3EebwWGcC9fTn7g94ahjJ9VLj0vKDrFQBS20vCKs7kQs3bmmf0MWN-NEQMsSpsAX8NUDGWQThnZSfJ4qOkLqwxw_SQninV9oCHIL7c70XLPe6gNfQ1WM4hrcNRhFyVmFsQ4YhcTvyB7-AvDxKhi9mcgBrtypEjXf-0uzxHSZw8vJPAGaGF4ret4QWATAMrFq9HMNIDL4WpMfp-GzjEp9QtQLHK0wRSHUv59cdySOX6H9tsc28P-jzO464BDYvZUUKaEo3119dGEtSKbcf2Lua2jp1xNE7OF0piZucXpkXLKNbzCdtXBTvDTkrWoBRCqKN6zw-jf2O3PmxmbmFQPYrSS4RbQliHK4YS9E9qkcMN6vJ3c_Qb79B-YAEDAmhmNUi1t0Q35wunRTYOzSTfgggaMuprZci_c03Cyo0MuSni2mkdk0wY1uLQhWHCKRriofwEa3O0_tQmitDVE_aC53sOPDEk_kqFhyyfLd8jaW4tZyaqamFxyiq_OwUArHqAVNvvgECqOtIsEE0tKE9fQLwXC5JhvuFszMrUFz070up7UqIGYVAXmD6mz5Qmm340IK_Hl_W-7IHs1SJHi4qK0RS4VOTq65_nuRrHpshO-oIm2HAuYqvHHkKp81Lx8AOWw-o-ntpBg_aGUzY1QQjobgj4dYQJmwe4aKTVLFcKcht651EvuJ8cuXMVt3Z9OHbN0O6ia4Esbj4mhrYLmiac8PUVd0rBD4se1ejG32hKwPJpB6GJJmSPo3qf12MVhxmRjXCEXYMNOKfF20-ZLEtE5OxrrGS2RcukR9JNl9aLDJI9-t9QIXuSDbfxHLQMEv_ifKOurZW2AlpSi8BzxmwC3kKE7RDhRbyxciU3fgeKCHuZjgX9ABGkUcXgrwfovbX2R0GtMWfxhuYtZI6tdCLaohm2qSwkqegC0-gO5m2w79xa3b8Be1BqgbEAfeR4VPkzZfsQxHzHdPSpUefY21w3GO1JeOPYIxofF-shb3ofsI4nKzkBX8e2hGPjs3t4n-9SpPun98dk16WQ3lTSbyX2oVq4BjZ4RP43Sp3ZFX7WHfl26wJ3BMO66Ev0ZwkOwBbhOyrZuADg104gSAxFROh9kAuJAInm27hZ3s3yTmm4g41MRAIrD6x06pofjVPYv88eYkNz-RXwmE0GBpONXxCvAdrQKVtBTuAYuogVUaUd4C1yQPwUITinHzUIsVmvK0sqUmxeI6TTVtwBzUcbRzGtqpg--uwMMaGeMB66ZrFao6dNiOhSIrfaeEFE7OvXuujj06lUbz5LFTne65gl-3DesHfGf1ZeLAl1TDAlNovj_aRH_tf_7-_2WqkvJWaM8qcO_HZiUGtrdDorlmPSdmCp-TD6DFduPKDzKDNi--SJjvGAOmVVOIWyvb5vVfWrSW401zw6xab7wQhUGvnlWcp-AN3rZhEN-OixOQKZYhMzrmWGK5m5DxBJlp_6xk2tRCHfCewYc8JwMC92cNbr8CMq5fMvVk5dE9CVHtBwueBfaA4WOeeaQB9jYNDB6OTcx-y-RrJaQhABuQfUmCylc7NtUAHUfa8PTOOTws71RUXaNTzTWscAI8XU_RaE4qVbVsSEMqoE-tAiHn6K5BuQksMc9umauIidtUr5koYabzQ9iGGDvF9hxh1sHelX4eQpf9ZIZZt8ME40Z2WCDBZQzGHEATOk8dQy-EQtCvMdkCIX6q3ULiHGk2zF0c7GGIRW9pn7QT-fNs1MQ51zMDTX3V7D2J6mxKYw8AD0QyBgWzc6bWesRdHSVFBxqT6tE6Utv95P4AobCyDpK3NOh_uFVVdqSsclx0kdAaWszTIw0W7b-v9zT3Tkxp6hO5m0vJ0ehXut8MaOc4H_GHb5IGI9UAvQag0OwDOQ6hF8j3nc2VnNMVY_PVNCVeySMrUlwM6iWWV-aTeSOTXujYvdnYSftxd47d7C0_V1ORf6JCEoi8pzr7Lml8x4KwZ5OR1XyS-pX2JUlyd5WWH2jlmu22Y9WsmsC6Vr8IarWZ8CtioThU2hqgw2yuZW77XUzNDRA7Gkvm_1Lkf9Yoo0Ke0eHwbt-2uHQTM-XKTC3ip5straGufcPKM0bHDU4xFMHFJi-BtMz1umeV43e0Mv9XZ_RGgXMUY2EpdlMcHGQdGCz0jUWDK-b_F0-85zA6VIUCVB7hO4R6rqpm6jQ7qp-rJTrlO8BmU66F4OUSNbOEowQ2XoG5m3oyg4BfBcQvrDx2fmjHwX0E-tkhWIaVaeproB6qjNnx260vdCEPONzRMnsNbOaxASRDCyBIH2A8kuWBwSWNWkztRZNlmfECtL9_CmSmW5NCMqt8R-zOAgaPy_PGvz8kBU5N03SuhgGa-pJV18nuPe0Gp_Qj6R7MuMYi5TKubNkuly_ZQD92lJp-GMg7xuL8UiLP1Q83GaajFlI-CdSmRwVOcmpbDvdPqitCHUJqzC162EzaFCjIolt8mZxTJLnz4SUPTihzaTVUbq3AA08L3-FzsieGMdNoCZS1VLtrgCPIf2XHX-HOac_brDF-qxM3tZvEMU45Np_KWBh--Gx92TioQ0touEgOxvOB7HNySka9WOjNoftMtA7VUjl-oPBDbqo0X-mW2LsNr4314xkaqm6An2RfRE2Ac9KtNeeqLpwnFX_06wRSLUDAju39p9e40bhSxUIaSvD6NvO_cq2oh7h_dG_cPD4vO4MkK-xi7l388TTNv5nFq0E95sXjzi1rNa6syWRNpjlWh64_asAkqLP8BnEr1vYv2kZr2fYTARCdO5Jaq7ssxRfE9JuR3sLCTPI-2G7ztCVyzQZ96bv9-IYT5_hc7g4sAZBrqIstWJRgd9KPKm_k14Gh_mdpV5x3hcJwtzm4tVlnYwQLsQ07NUzjJx6NVeDds_gTo4R9iYceC4SlzG-EdQa_aKfJlA9eEGMmIBchNwSk0CZT5CRJ8qSMoDCyRkDKxpIgnQvYlbQRnxYdOHDRQ_n1KnYavJtXuIfUZDkBZAdEq-vzqOSlHAioiky0FMLt5HZS4KDydoNu5q-FYkXpaEV7xL7OIBpXYA9gihycttRe1Z8RI8OjTCzJ1yOKcLMFHd0H33IxWfPGgQz1VP5jJ6wTEguznJ6xDFCeVzBSGMZOBIDhCgz1nbG_lTcnmT7HXu9z2URLUJOOyxh52ToUfUQpS4vUyRlS0TA6N4TXZ7tprEyTMr7cH6cbvZL1vQMrUPcpo8OVDYyCqcXiZodlvqgAlNdaFSf6SuA0z90AOzgpTsRM-26i_1ns9DMV_LeEVGmSWYVwEODf3Lu64bl4nF6XxNiWYalFnEorTyBvFk2Dg-kQfNm9Q4WVhcDz84g8JCfBwNPUkg3NjE-vbNWpQsOl3PLGgHI&cid=CAASJeRoxhPD2yJRWf2AyF0CPpQeQvaIp-BAVGTAsk36U6Sh-IsQ8Qk&rfl=1%2Chttps%253A%252F%252Fwww.123greetings.com%252F%240

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

58b603271da250778cca7450c81343eba7a896c87d93812f4de54ca5e1108488

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Sat, 01 Oct 2022 13:16:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1284
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3181
x-xss-protection: 0
server: cafe
etag: 10699485926258732851
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 15 Oct 2022 13:16:59 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20220928/r20110914/ Frame 4ED8 30 KB
11 KB 28ms
28ms Script
text/javascript 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220928/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f03f34a896200ac3d36794a86a5b23d054f1982d05740b454078c8526a33b631

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Sat, 01 Oct 2022 13:22:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 949
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11727
x-xss-protection: 0
server: cafe
etag: 4188671789125589074
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 15 Oct 2022 13:22:34 GMT

GET
H2 200 S6uyw4BMUTPHjx4wXg.woff2
fonts.gstatic.com/s/lato/v23/ Frame 2446 23 KB
23 KB 55ms
18ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v23/S6uyw4BMUTPHjx4wXg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato:regular,700|Bungee:regular

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: null
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Tue, 27 Sep 2022 17:08:09 GMT
x-content-type-options: nosniff
age: 333014
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23580
x-xss-protection: 0
last-modified: Tue, 26 Apr 2022 15:48:56 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 27 Sep 2023 17:08:09 GMT

GET
H2 200 N0bU2SZBIuF2PU_0DXR1.woff2
fonts.gstatic.com/s/bungee/v11/ Frame 2446 17 KB
17 KB 74ms
37ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/bungee/v11/N0bU2SZBIuF2PU_0DXR1.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato:regular,700|Bungee:regular

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5e9a22fac024371ed667ca4ebc25daaedaebd39fbfe03ebdd60c53a45a7913c3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: null
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Thu, 29 Sep 2022 20:22:53 GMT
x-content-type-options: nosniff
age: 148530
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17340
x-xss-protection: 0
last-modified: Thu, 21 Apr 2022 16:43:46 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 29 Sep 2023 20:22:53 GMT

GET
H2 200 S6u9w4BMUTPHh6UVSwiPGQ.woff2
fonts.gstatic.com/s/lato/v23/ Frame 2446 23 KB
23 KB 68ms
31ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v23/S6u9w4BMUTPHh6UVSwiPGQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato:regular,700|Bungee:regular

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c447dd7677b419db7b21dbdfc6277c7816a913ffda76fd2e52702df538de0e49

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: null
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Tue, 27 Sep 2022 12:05:49 GMT
x-content-type-options: nosniff
age: 351154
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23040
x-xss-protection: 0
last-modified: Tue, 26 Apr 2022 15:56:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 27 Sep 2023 12:05:49 GMT

GET
H2 200 geoip Show response
avm.avantisvideo.com/api/v1/ Frame 89CE 216 B
968 B 151ms
151ms XHR
application/json 2600:9000:2057:d000:3:748e:7940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://avm.avantisvideo.com/api/v1/geoip

Requested by

Host: cdn1.avantisvideo.com
URL: https://cdn1.avantisvideo.com/connect/u_d.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2057:d000:3:748e:7940:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

fa0cfc7c0df04e388fce64462a3df35118a753879ad5760e9a83235f1866dfa8

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://cdn1.avantisvideo.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
Content-Type: application/json

Response headers

date: Sat, 01 Oct 2022 13:38:23 GMT
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
via: 1.1 d8e97d2c28917e4c41ab79bb1e94b844.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies: none
x-amz-cf-pop: FRA6-C1
x-dns-prefetch-control: off
x-cache: Miss from cloudfront
content-length: 216
x-xss-protection: 0
referrer-policy: no-referrer
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://cdn1.avantisvideo.com
x-download-options: noopen
access-control-allow-credentials: true
x-amz-cf-id: 4yIo2hofsPHvA05GZ36W1h1DUGxzP7Tu9IHCawchwK1RifjcFtdTOQ==

OPTIONS
H2 204 geoip
avm.avantisvideo.com/api/v1/ Frame 0
0 212ms
149ms Preflight 2600:9000:2057:d000:3:748e:7940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://avm.avantisvideo.com/api/v1/geoip

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2057:d000:3:748e:7940:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: GET
Origin: https://cdn1.avantisvideo.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET,HEAD,PUT,POST,DELETE,PATCH
access-control-allow-origin: https://cdn1.avantisvideo.com
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
date: Sat, 01 Oct 2022 13:38:23 GMT
expect-ct: max-age=0
referrer-policy: no-referrer
strict-transport-security: max-age=15552000; includeSubDomains
vary: Origin
via: 1.1 d8e97d2c28917e4c41ab79bb1e94b844.cloudfront.net (CloudFront)
x-amz-cf-id: gr1YH2k39zbOTALvE2moS5sfa8yLg2qEs9rMZ0s_Gg2iq68dK25YrQ==
x-amz-cf-pop: FRA6-C1
x-cache: Miss from cloudfront
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-xss-protection: 0

GET
H2 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame 50B4 16 KB
16 KB 31ms
14ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A400%2C500

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Wed, 28 Sep 2022 20:10:25 GMT
x-content-type-options: nosniff
age: 235678
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15920
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:45 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 28 Sep 2023 20:10:25 GMT

GET
H2 200 geoip Show response
avm.avantisvideo.com/api/v1/ Frame B071 216 B
969 B 150ms
149ms XHR
application/json 2600:9000:2057:d000:3:748e:7940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://avm.avantisvideo.com/api/v1/geoip

Requested by

Host: cdn1.avantisvideo.com
URL: https://cdn1.avantisvideo.com/connect/u_d.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2057:d000:3:748e:7940:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

fa0cfc7c0df04e388fce64462a3df35118a753879ad5760e9a83235f1866dfa8

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://cdn1.avantisvideo.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
Content-Type: application/json

Response headers

date: Sat, 01 Oct 2022 13:38:23 GMT
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
via: 1.1 d8e97d2c28917e4c41ab79bb1e94b844.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies: none
x-amz-cf-pop: FRA6-C1
x-dns-prefetch-control: off
x-cache: Miss from cloudfront
content-length: 216
x-xss-protection: 0
referrer-policy: no-referrer
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://cdn1.avantisvideo.com
x-download-options: noopen
access-control-allow-credentials: true
x-amz-cf-id: tctySJyTRMCRVeI4DztHX4OvcyCuIJUpL9ts6Z94-0ebg_f-5mjArw==

OPTIONS
H2 204 geoip
avm.avantisvideo.com/api/v1/ Frame 0
0 199ms
152ms Preflight 2600:9000:2057:d000:3:748e:7940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://avm.avantisvideo.com/api/v1/geoip

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2057:d000:3:748e:7940:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: GET
Origin: https://cdn1.avantisvideo.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET,HEAD,PUT,POST,DELETE,PATCH
access-control-allow-origin: https://cdn1.avantisvideo.com
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
date: Sat, 01 Oct 2022 13:38:23 GMT
expect-ct: max-age=0
referrer-policy: no-referrer
strict-transport-security: max-age=15552000; includeSubDomains
vary: Origin
via: 1.1 d8e97d2c28917e4c41ab79bb1e94b844.cloudfront.net (CloudFront)
x-amz-cf-id: Bc1yrQIdbG8gHo7FqJ_JEVHj76vBMUIfxTvP9Bqg8HLlNKgLsT7XOQ==
x-amz-cf-pop: FRA6-C1
x-cache: Miss from cloudfront
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-xss-protection: 0

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20220928/r20110914/ Frame FCA6 30 KB
11 KB 29ms
28ms Script
text/javascript 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220928/r20110914/abg_lite.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DrQ08kSkhbMlYbDzX6U8lZ0i_NRbY4NwbFCNNDatRN4KRv4-Odcn1FFZXvyjTWmTX9LsHSMN0X3cFGsGm8eqF7gzwYfQCtQzfduK0pTQVFv_vMIt5JwObfWaKfl1ZblbmHc4B476858YImS34usVUI_lN-drg2_2cpQ2LOiQeN4l2c9s8&cry=1&dbm_d=AKAmf-D-KbcRpm3RGYXmDF8DKEyhUuCU9bw-v8WrjFhqU-2O_u2fkPB_usZwwz56kcBH8pbUCHqxG7CZVZOKPtK0LnMhw_7xqvrv-CsLYBLdXw572p19EDvmHQI26gGx4rUiBB26NnGoVm3ZyLILXgJrFIWvNqLDf3FT9ZGZ2jKoNs4IWA6gXRFVyEWbBisfDz0pBwWkAqotj5UUJ2UY3nE4XGEEpQYW0-MGNW6sNl3yrl3BliOf_Zlmlw2cm8jH7JA5B1otjXSNkJCAm_MuTf8wvw-ry3-ULzD7CPzgYpgcTY2VOxHqgn0lvsPZF94N5ovTDuwiFtNRVU2t9pgwE3zqjPsSpBUWef-EU0prMUEv0OXYJyIrBdpcHMtm44pZj81mcnTL1WisqRPaOsg9q4Y4cXZ_uUFWLAkRZQCtEYCMYlM7kYmVaSYt-t9edjUrcZ9rgCHtkO8-xBgvPNZpzW4rcSL75NElt4BuDVQt7cqPNoAyH3sQKliUt-lb6eHjeOSc8Bi1luNIHRsYKh3405Vwl5KbBPzxmEwMTK0YjLM47jZUQESWXPBsD-wYWY35dj8gLJhCmpbi001AVZ3tkprJeN1roVqSj31iSedwUpEvPgvFlnFxBCnEqyaxHPsJgcAtt-nHryr2wfyF8jonV13XTUrl7DwTIG7jtPZga_tupl2Ws9nIn9Trl6qsXPG73QrpMoDMha3hJZOyQ9DSiH_9J92hNio336bBFKL6ZX8Lg1QrK0FG-OEUoRrg09amaQSPb2RAb5jq3tpVV9C1pvNk_n0fvL3kfgATx9uqZb8Ue-xn_uSsYiKdFhGqQAWjU6W0K06UvU0L1usOyMj3V9C3ichlnIe0UxRPQxuN9zX9zLbvhKkwuSxpNDIIbzfn7ne7kxll4ialmPrr5RZaHyvhf0AstUAAly-VERk8MaB8R4Nyxr6HOKjcD9WS4Uz83Vj9ycWGiYBVVE_XAYCHCU9qwII8U9zOdYxSO_SQz6wYiKmSqp4pPALs9JyQV-io8aRH6zUdms0j_oYumq-oDLSd8yg1BFx3klElEgx98UFgZqQnFe1IN21kSFeCYksXmeNJgIocLbbm4KnhFM0p6K2n-SRj91Ko7MKZQ5cVqreR63j6GW5rO2EYBUfk_Qvv1L3y5oTCxEylM8UKX_00gjaQCcbtDGinHp7Pdu7DSFhUb5nmwXsZ83wcZ64IJx9c7hyL7LCloXTOOkvrIdfl_3bikIVZ3JPiOtF-odwO7-2VOG7p4xBVfQFqje9IG27Tj3a3D7lYYePSBT5r5_NfH1rX5ZheQJiXsgBxs9ZJeJXP0ZRocAR5OV3MCg3YCqRHDB3UiRcS-FDpt1A-VM6pd-KSXRHETCRg0Rb7PmAaXzyMsP0ENckvl3h_b4_sQJuyMy8AC1_unP7t1PefzeMbpdJtxviEqjGEXJsuESyO7F4dp6S4elFm2kwa3WflG_pitMTugEn_5xoHzOn3IGH-k-qAAzNCE2D6a3k0rx7mt4Ij26w_Tsb8lfx0mn-UN1JnjR_Khcuhpdq2M_wtiv5KWQBmCQBUaAgKq5B8Tb_Wzb0ki8JtsRdfNA66ziafwHdw2QRXyjfY3x-PB5dpbfqNk5WgV-0jt3lq2SO9xT0XiWfnTh8LZSIvIHPTv_9TDg4U8illjqoICbyxmocFiYaKUM6sNXJBnt0BBBkVtoZgFaE5mXfoVTkHoAzoQqzQ0iPDw_3eB9PR7Wzx_NHoeG7CCZzqfuwYctM2EDXlJOLIeuRpZ-lYCYTfP7_PRAwexI6tGxKe9L8rivbu7ARr3LiAvh3X2OU2pp00Axl8FVCAcJrD6ss8Xs0FWfZNpI9BRjZ2XaE9ZnxzQQodecyPoF0jMa_Aejg2dkHVuD3dER7NNy-2-s54RVYjZGj0drEXKkjTxaVzi3i9eoeAsaV65_4d2UkeKImlv-BkpKFQFabvJlo8KAkxFls4_Gxh__pO2ZxnLhxiPWyZGiTyscByvYuYiElgDTFywSTesCjOcgw8L8Y3sCvNkMsVBAZ7sjSkmcylnf2HFHyIhPM7HsODt6SfilGbZsgOSxzTXg42Zzh-2CQBnJKbIm2oPBlnq3iCgNIcaEvq496QxlpbUbOorj00yCYTxI6169BHKvvEoFrkbduJmWHegX7zLOLE8OpFqFOYNmVFAZU9BKCH7Js7FWxGKS2qaO9dK2n8xmyv4wGTirtS5GyzElkyzMn8JcU9YuZ9O26AgTEs9Zm1tZwsQoont0EXASLFd2V1qaB1qLIUKnJYzU2Mfevzk2XrWJ0BpRW7_2KEL2QlHKPVWMNx4SqfPxf4eyd6YpeI1mhOqczwSDQzjZb-dzqU3OkZSbXFeF-ubY7pR5aaCm2Y1NlgqrHx56sZ5hvYUqrnJETiDTtWWk61m590i7NyxJAol-gUQXsRduHAEO3FOpl1IfQIAsluyPr6p0oyvKxA1HsnJFa0AZ27L3NN1tR7NFYI1TL1rxfd4i5g3kuXHTrTym5EBQlYPuVyf7FX-h6gYVZlCslaCyCUYVSvvFpidmg73gUxz5UgFI7duT-zn8Ye2yB20n_A9g93jMnm1cJaAIr9zj7b436FWqKViiaKkM22Xk3NmNrt8dbeZQ9PnZrSJ-NKT5Te6sCdXEPfUH1x6e2PPr4NHWCCIkwLlXM-8asmZpRkepk5Y9L12G0fRPt3vtmSK0iEfkjwfVQmxeLfo2qmL1DLyRqXbqyqIab_fn-twzAGgHczOQRGtZFu5dku-PaOGe1KmYfxHNe8z7oU9_wsdM9IUscyBkxM-GFICdeWuJNAbLCuWIAvLEqsHtKRWAFfINJahaMZatLa3OLSWsQHIO6b4010Mb4jHPBY6-nCotiEK9PJbucqlLD-PHD0dgHL3nwcRDt-ny0jGfI0PHBWhd3JvsYephZeuBWMC_N9M2V6FUpPbj2ims5AQxurTqzDy4AVvzcnyvYSuW7TXWnjFOsvGJnHkOJ1QaGIa6JfTEdpVfebxxgN6niLudr-EWgrMK694bU2oCDhdUPRU4DQUfQAUGLBGBbL3GL8oAkAmF_bvw7qlr878VtFJ2-XIZFptuCZ-KpPkqfWZdOFKS5DunzD26xsHVrZ3BypvIXGBSA3HgmkVcpgCYb7v0i_gV5T3ewZE9-Z4SKmYepppgxIS3TKW2yP6KplF7QUIO3HJ2CtciLomhbkBlgt02rVCaBhixU3TmYX-nS1UU7isw0Bc8I2JjjGb-VzD7OKqq9yOp79-ssgV2FwoWneSyRPtp38XbzzuMxwF1sET3v114aQzNbh5O9l9FydgtjOK8B68VM5kM0Bo2VIiIeXo1Pa&cid=CAASJeRo6x_F_ff-rWyeeOXrhXXxZEVwn9dFbwrJbvAUU6GZpYTHzAM&rfl=1%2Chttps%253A%252F%252Fwww.123greetings.com%252F%240

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f03f34a896200ac3d36794a86a5b23d054f1982d05740b454078c8526a33b631

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Sat, 01 Oct 2022 13:22:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 949
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11727
x-xss-protection: 0
server: cafe
etag: 4188671789125589074
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 15 Oct 2022 13:22:34 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame FCA6 41 KB
15 KB 29ms
28ms Script
text/javascript 2a00:1450:400d:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:806::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Tue, 27 Sep 2022 18:03:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 329712
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 27 Sep 2023 18:03:11 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame C2DA 41 KB
15 KB 29ms
28ms Script
text/javascript 2a00:1450:400d:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com
URL: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:806::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Tue, 27 Sep 2022 18:03:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 329712
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 27 Sep 2023 18:03:11 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 17D4 1 KB
751 B 28ms
28ms Document
text/html 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com
URL: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 22071
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=86400
content-encoding: gzip
content-length: 724
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 01 Oct 2022 07:30:32 GMT
etag: 48472445140208031
expires: Sun, 02 Oct 2022 07:30:32 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame C2DA 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5ca26fbf12235c63350ad1338f2b0be4ca0e4abb13e85ef84c131f02a1c74141

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 privacy_small.svg
static.criteo.net/flash/icon/ Frame C3C4 2 KB
1 KB 47ms
15ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy_small.svg

Requested by

Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=YzhCzQAM_UgH_ZYZAALqrctNBTMJyJEH5Ahrwg&u=%7CV7vn0Sj6RC%2B6uZdn3cXIlWMM9ozbHgZ75C8%2F2VpiU9g%3D%7C&c1=0n2XosTo5ckbeNFvq0zVIcsyhyT3WKD0PIixkNz--ZUG2JILUkurhaVHQ6RkVc1uRRN7U2tIy91eSjxqsgku4zScXubwwgFA9dk29Zm2lIQWTyuXovfxFJXKQPX9ZuPh_8aVuOUk9RJWqVY5XqAmQLo4zffuSaoE32JK_e53BdjIwc6dRw09V1rd8eN-DYEiIXPCViDn7D2BtnzGs1jM3crmWLPvXtoTrNn7Dmq_6gKS5XEeeK5HjL6Eh69hg1qNeMbQCSLnNmHUwu8HRQH6ogumh0hA9AHrC6zXwW7ZpFUAUcdFENiiTe0wwqzvYrVFOHqO0ZyV6r7hyrlQ_0jOlHWBNep_EBKJ3oiFcdC1-EOYENHlWr97ybYasI6H5sCriNbNtToO3axu1BbOUQXuYkexflRuCezVzYgfeOktbssV9GBsI_N2gT5o_yjA0jIWUf-iSupyO12QlXxy2D1icYXMchAEJ8dCqnySGHs8kcW4Br6ss8hlW66szQ7xK83D6tpKNlDe6zx5gCqLP9OP5D6aTC-R90X59vPg1xYDcln3yg_Q7FrPUm91QRO7XqJBRTDbDKLlKriJPTWxDVByPMIF7j71GGZbck_rGm1xnAUOdwsdNsFFGaui3dLsdSKewgLZHDd-gjs&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCt4DfzUI4Y8j6M5ms9u8PrdWLyAnJntKxXNWdkfdwwI23ARABIABglYKAgKAHggEXY2EtcHViLTQ2Mjc1MTc2ODAyNDk2NzCgAdW20uoDyAEJqQIWhNpvuHGwPuACAKgDAaoEkwJP0CBv6C7YE6JV9E92NBDNLVOsc-95kZrpZnWZiyvsShWU-q4xN7yePSPu2Q0HsDjqoh5oBF7xke4hvY43aPuMbsDVb5Yr63OPgRzcsXkWnomGxhBeGP8qeim1LR8zo5qKj3L-od9rAzOCzZrMhBmKrIMmLovBQslmlvmr6RgsBuzmCK3FDShAEwcxGhXXk1RR1in5KFGGQEsU3Sgmxg79v-uMZttpsorZR69bgC06--_L0u2VpIbA3SqZdEt_3dpChhHQfVYLmu8ODTvyhipjtupV7Qa3FwcNT6z3HBBEDb_tprTpK95Ej6XMqZW58H8J34u3aTN8R2Aola4YQTPmwMB7KlS8zKyf2s7j9xkFhCIIcOAEAYAGx83PmN-e7an5AaAGIagHipixAqgHpr4bqAeW2BuoB6qbsQKoB_-esQKoB9-fsQLYBwDSCA8IgOGAEBABMgKqAjoCgED6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_0bLbe2Dz_SORuJ-77EVWX3mlLM9Q%26client%3Dca-pub-4627517680249670%26adurl%3D

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Sat, 01 Oct 2022 13:38:23 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 11 Feb 2020 14:30:28 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42ba84-6aa"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Tue, 26 Sep 2023 13:38:23 GMT

GET
H2 200 adchoices_de.svg
static.criteo.net/flash/icon/ Frame C3C4 2 KB
1 KB 46ms
15ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/adchoices_de.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

f5ac04f16be2eb0fbb4477e9e100a88674bda296ce7acf2419ec2898858b37f1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Sat, 01 Oct 2022 13:38:23 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 11 Feb 2020 14:27:58 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42b9ee-763"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Tue, 26 Sep 2023 13:38:23 GMT

GET
H2 200 close_button.svg
static.criteo.net/flash/icon/ Frame C3C4 308 B
636 B 16ms
14ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/close_button.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Sat, 01 Oct 2022 13:38:23 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Fri, 14 Feb 2020 13:51:32 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "5e46a5e4-134"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 308
expires: Tue, 26 Sep 2023 13:38:23 GMT

GET
H2 200 back_button2.svg
static.criteo.net/flash/icon/ Frame C3C4 293 B
621 B 16ms
14ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/back_button2.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

725e869434fef8013208ed4c233d29744f9b363f867dcfb8f23e862880fa699a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Sat, 01 Oct 2022 13:38:23 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 28 Apr 2022 09:09:48 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "626a59dc-125"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 293
expires: Tue, 26 Sep 2023 13:38:23 GMT

GET
H2 200 lg.php
cat.fr.eu.criteo.com/delivery/ Frame C3C4 43 B
348 B 82ms
19ms Image
image/gif 178.250.0.160
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cat.fr.eu.criteo.com/delivery/lg.php?cppv=3&cpp=sYmcOaakDsbZ4BraU9MWJoTlYqBwqNBSdmizhf0A2TWK5s78LZPDKrrwkpK3bpvPtVAKZpHwJIUtfg8RGra9h6gnBAxjN4ULdk5sOX2ekC2I7-IcPFtjgwphyVMOYYybR8ps6OeJzaSsjBQURWNi23kHDYb86W-05NtRFAtiWinHTNhZrd7_fLSKmJaE3apcV9k_ys5jJYXgRXlCCJ-i4dILB94DYYlJ53z3bOaMcIuAxcNNk4kkA7QhkvVLwSGkfI1IFW-nHk9P7WBC3npGUCvKxZq4mlqYouer4F4oo-R7IO1lyeSlBXgiZw_pSlKqDUDeoidz2lreuDeB32qcV_dRswu1lP1bnfWdznzgVG5NHf0QgGtliegUlh3YFO2yrSVp_Caqvr00qTM2J9GID_SpBm0c8kGWsD8hcVg_mWGazK_faKXinVc5l3oauCBGEiK1jQ

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.160 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 01 Oct 2022 13:38:22 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
content-type: image/gif
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 3616264
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 m
secure-gl.imrworldwide.com/cgi-bin/ Frame C3C4 44 B
755 B 170ms
115ms Image
image/gif 2600:9000:214f:7c00:1e:a43d:b640:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure-gl.imrworldwide.com/cgi-bin/m?ca=nlsn184820&cr=crtve&ce=criteo&pc=criteo_plc0001&ci=nlsnci162&am=3&at=view&rt=banner&st=image&r=1664631502
Requested by: Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=YzhCzQAM_UgH_ZYZAALqrctNBTMJyJEH5Ahrwg&u=%7CV7vn0Sj6RC%2B6uZdn3cXIlWMM9ozbHgZ75C8%2F2VpiU9g%3D%7C&c1=0n2XosTo5ckbeNFvq0zVIcsyhyT3WKD0PIixkNz--ZUG2JILUkurhaVHQ6RkVc1uRRN7U2tIy91eSjxqsgku4zScXubwwgFA9dk29Zm2lIQWTyuXovfxFJXKQPX9ZuPh_8aVuOUk9RJWqVY5XqAmQLo4zffuSaoE32JK_e53BdjIwc6dRw09V1rd8eN-DYEiIXPCViDn7D2BtnzGs1jM3crmWLPvXtoTrNn7Dmq_6gKS5XEeeK5HjL6Eh69hg1qNeMbQCSLnNmHUwu8HRQH6ogumh0hA9AHrC6zXwW7ZpFUAUcdFENiiTe0wwqzvYrVFOHqO0ZyV6r7hyrlQ_0jOlHWBNep_EBKJ3oiFcdC1-EOYENHlWr97ybYasI6H5sCriNbNtToO3axu1BbOUQXuYkexflRuCezVzYgfeOktbssV9GBsI_N2gT5o_yjA0jIWUf-iSupyO12QlXxy2D1icYXMchAEJ8dCqnySGHs8kcW4Br6ss8hlW66szQ7xK83D6tpKNlDe6zx5gCqLP9OP5D6aTC-R90X59vPg1xYDcln3yg_Q7FrPUm91QRO7XqJBRTDbDKLlKriJPTWxDVByPMIF7j71GGZbck_rGm1xnAUOdwsdNsFFGaui3dLsdSKewgLZHDd-gjs&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCt4DfzUI4Y8j6M5ms9u8PrdWLyAnJntKxXNWdkfdwwI23ARABIABglYKAgKAHggEXY2EtcHViLTQ2Mjc1MTc2ODAyNDk2NzCgAdW20uoDyAEJqQIWhNpvuHGwPuACAKgDAaoEkwJP0CBv6C7YE6JV9E92NBDNLVOsc-95kZrpZnWZiyvsShWU-q4xN7yePSPu2Q0HsDjqoh5oBF7xke4hvY43aPuMbsDVb5Yr63OPgRzcsXkWnomGxhBeGP8qeim1LR8zo5qKj3L-od9rAzOCzZrMhBmKrIMmLovBQslmlvmr6RgsBuzmCK3FDShAEwcxGhXXk1RR1in5KFGGQEsU3Sgmxg79v-uMZttpsorZR69bgC06--_L0u2VpIbA3SqZdEt_3dpChhHQfVYLmu8ODTvyhipjtupV7Qa3FwcNT6z3HBBEDb_tprTpK95Ej6XMqZW58H8J34u3aTN8R2Aola4YQTPmwMB7KlS8zKyf2s7j9xkFhCIIcOAEAYAGx83PmN-e7an5AaAGIagHipixAqgHpr4bqAeW2BuoB6qbsQKoB_-esQKoB9-fsQLYBwDSCA8IgOGAEBABMgKqAjoCgED6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_0bLbe2Dz_SORuJ-77EVWX3mlLM9Q%26client%3Dca-pub-4627517680249670%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:214f:7c00:1e:a43d:b640:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 5ecb58845a9ac30e4eb4b18eb0e7431ba1fb195ce035309735efaee67421c7a3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Sat, 01 Oct 2022 13:38:23 GMT
via: 1.1 12c16baed6578bf50fb0eaa233f2bc84.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA53-C1
x-cache: Miss from cloudfront
p3p: P3P policyref="http://secure-gl.imrworldwide.com/w3c/p3p.xml", CP="NOI DSP COR NID PSA ADM OUR IND UNI NAV COM"
cross-origin-resource-policy: cross-origin
content-length: 44
pragma: no-cache
server: nginx
accept-ch: Sec-CH-Save-Data, Sec-CH-DPR, Sec-CH-Width, Sec-CH-Viewport-Width, Sec-CH-Viewport-Height, Sec-CH-Device-Memory, Sec-CH-RTT, Sec-CH-Downlink, Sec-CH-ECT, Sec-CH-Prefers-Color-Scheme, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
access-control-allow-methods: POST, OPTIONS
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache
x-amz-cf-id: -HpGWEKX0YpYPmAk6dGTNVbXVe9YUNTR2bdkN4OKNVnjMrSSYGHcEw==
expires: Thu, 01 Dec 1994 16:00:00 GMT

GET
H2 200 5c6cadc08e4e40249b3bd7840f4d6595_31a2cf2301b613d43a40cb6d7d409854.png
static.criteo.net/design/dt/2861/220829/ Frame C3C4 56 KB
56 KB 29ms
28ms Image
image/png 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/design/dt/2861/220829/5c6cadc08e4e40249b3bd7840f4d6595_31a2cf2301b613d43a40cb6d7d409854.png

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a95725351a0f5632bfbc825ddefb79ede9cea7ec80fae42271e16ae723c92622

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Sat, 01 Oct 2022 13:38:23 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Mon, 29 Aug 2022 15:04:47 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "630cd58f-de9c"
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 56988
expires: Tue, 26 Sep 2023 13:38:23 GMT

GET
H2 200 47a856ef34e84f91be970719a43bd5e8_b8019f61537371ff1fe67e75fc5ab35e.png
static.criteo.net/design/dt/2861/220829/ Frame C3C4 666 B
990 B 16ms
15ms Image
image/png 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/design/dt/2861/220829/47a856ef34e84f91be970719a43bd5e8_b8019f61537371ff1fe67e75fc5ab35e.png

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

121de8c119716546a401c21017d613a4316f0c3cb3f16bf183cc4774981742fa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Sat, 01 Oct 2022 13:38:23 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Mon, 29 Aug 2022 15:04:47 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "630cd58f-29a"
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 666
expires: Tue, 26 Sep 2023 13:38:23 GMT

GET
H2 200 zepto-studio-1.0.1.js Show response
static.criteo.net/zepto/ Frame C3C4 28 KB
11 KB 23ms
20ms Script
text/javascript 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/zepto/zepto-studio-1.0.1.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a558dc731872adb52490cf8550eb796d0d0b448df332e38f815228576dd0cd5a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Sat, 01 Oct 2022 13:38:23 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 21 Aug 2019 08:32:15 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5d5d018f-6f5d"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Tue, 26 Sep 2023 13:38:23 GMT

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame B119 22 KB
8 KB 29ms
28ms Document
text/html 2a00:1450:400d:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:806::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 195215
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 29 Sep 2022 07:24:48 GMT
expires: Fri, 29 Sep 2023 07:24:48 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 6829
Redirect Chain

https://um.simpli.fi/gp_match?google_gid=CAESEAQPy5nXHWlDcZ8DFxe10Us&google_cver=1&google_push=AZmPxg8lX7r39T5DQrtnzmAmtl8w_y4g288dlMR99jOlmfBYM18ICeEWq9WIoMLQKR-E7FgEVtomr-vUKoWAEqoBeS_XbXOdh3g6
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=05CF89689C6F424FADBDE2FFE26F71AE&google_push=AZmPxg8lX7r39T5DQrtnzmAmtl8w_y4g288dlMR99jOlmfBYM18ICeEWq9WIoMLQKR-E7FgEVtomr-vUKoWAEqo...

170 B
188 B

26ms
25ms

Image
image/png

216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=05CF89689C6F424FADBDE2FFE26F71AE&google_push=AZmPxg8lX7r39T5DQrtnzmAmtl8w_y4g288dlMR99jOlmfBYM18ICeEWq9WIoMLQKR-E7FgEVtomr-vUKoWAEqoBeS_XbXOdh3g6

Protocol

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 01 Oct 2022 13:38:23 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Sat, 01 Oct 2022 13:38:23 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
server: openresty
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
location: https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=05CF89689C6F424FADBDE2FFE26F71AE&google_push=AZmPxg8lX7r39T5DQrtnzmAmtl8w_y4g288dlMR99jOlmfBYM18ICeEWq9WIoMLQKR-E7FgEVtomr-vUKoWAEqoBeS_XbXOdh3g6
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 142
expires: Fri, 30 Sep 2022 13:38:23 GMT

GET
H2 200 google
match.adsrvr.org/track/cmf/ Frame 6829 70 B
265 B 103ms
32ms Image
image/gif 15.197.193.217
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/google?google_gid=CAESEKNchJAgX22_mNSd_6zmGEs&google_cver=1&google_push=AZmPxg8eGJ5AzhETbflH21393l-b3_-BcNQWjwCl3iZI9q_fmSqfXSnuMVx7BqQRvQl0M6t8YJI83rydSUBXIf0ffV-Oj-d5GcU
Requested by: Host: b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com
URL: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 15.197.193.217 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a12b7a488abeaa9e4.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Sat, 01 Oct 2022 13:38:23 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 6829
Redirect Chain

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEMaJ0OvVOafl8CADIA49-bY&google_cver=1&google_push=AZmPxg-8U1DGJsFzs64hfgty-wDHMJCBOHMSPoo0zr763Pn6axnZ-FGI7MtP0lUCOZaiDZJHtOIx7whAgccCAHBoiumLtLW...
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AZmPxg-8U1DGJsFzs64hfgty-wDHMJCBOHMSPoo0zr763Pn6axnZ-FGI7MtP0lUCOZaiDZJHtOIx7whAgccCAHBoiumLtLWahvwp&google_hm=Nzc4NTUwOTY3MDY1MDg5Nj...

170 B
188 B

25ms
25ms

Image
image/png

216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AZmPxg-8U1DGJsFzs64hfgty-wDHMJCBOHMSPoo0zr763Pn6axnZ-FGI7MtP0lUCOZaiDZJHtOIx7whAgccCAHBoiumLtLWahvwp&google_hm=Nzc4NTUwOTY3MDY1MDg5NjIzMw%3D%3D

Protocol

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 01 Oct 2022 13:38:23 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Sat, 01 Oct 2022 13:38:23 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
server: ATS
content-security-policy: sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
location: https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AZmPxg-8U1DGJsFzs64hfgty-wDHMJCBOHMSPoo0zr763Pn6axnZ-FGI7MtP0lUCOZaiDZJHtOIx7whAgccCAHBoiumLtLWahvwp&google_hm=Nzc4NTUwOTY3MDY1MDg5NjIzMw%3D%3D
content-length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 6829
Redirect Chain

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEBRX2zmTQkK94WMyVxoGHGE&google_cver=1&google_push=AZmPxg_gar0PFS0z2JtCw1PFv-Z5QnArsOB4Q3b6pJ1exJC8qxD-PVitFRvQStT-F-xe8CF9AJWHn3GW...
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=NjYzMDgzODM5ODU4NDk0NDg0NA&google_push=AZmPxg_gar0PFS0z2JtCw1PFv-Z5QnArsOB4Q3b6pJ1exJC8qxD-PVitFRvQStT-F-xe8CF9AJWHn3...

170 B
188 B

25ms
25ms

Image
image/png

216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=NjYzMDgzODM5ODU4NDk0NDg0NA&google_push=AZmPxg_gar0PFS0z2JtCw1PFv-Z5QnArsOB4Q3b6pJ1exJC8qxD-PVitFRvQStT-F-xe8CF9AJWHn3GW-wEkTNwROFALuVtHM3hk

Protocol

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 01 Oct 2022 13:38:23 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 01 Oct 2022 13:38:23 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET
location: https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=NjYzMDgzODM5ODU4NDk0NDg0NA&google_push=AZmPxg_gar0PFS0z2JtCw1PFv-Z5QnArsOB4Q3b6pJ1exJC8qxD-PVitFRvQStT-F-xe8CF9AJWHn3GW-wEkTNwROFALuVtHM3hk
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H2 200 UCookieSetPug
image6.pubmatic.com/AdServer/ Frame 6829 0
41 B 583ms
18ms Image
text/html 185.64.190.78
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEM6bIv976g2vNH_0esZFzQ0&google_cver=1&google_push=AZmPxg9H7fd6Th_QSQx9il1l04ku7O5tOEIyIKw7fpEDbI8y0SAat1Has_GM5zevsuin68IIGBzSTqsiR6Gb6Q_2IIGz0z641h1p
Requested by: Host: b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com
URL: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.78 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
date: Sat, 01 Oct 2022 13:38:24 GMT
content-length: 0
content-type: text/html; charset=UTF-8

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 6829
Redirect Chain

https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEDCgXYQ-qzOvdbVfKDf2wqk&google_cver=1&google_push=AZmPxg-INlgOSILCO0RfHrfaAEtmxznLYifolvFOu7LbEezsNaW9ZTku-Rw91Mj30zXsocxpv_...
https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS1vS082RHVwRTJ1SDZ6V1k1aExEVHpMYVZab0tRWU1mRX5B&google_push=AZmPxg-INlgOSILCO0RfHrfaAEtmxznLYifolvFOu7LbEezsNaW9ZTku-...

170 B
188 B

25ms
25ms

Image
image/png

216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS1vS082RHVwRTJ1SDZ6V1k1aExEVHpMYVZab0tRWU1mRX5B&google_push=AZmPxg-INlgOSILCO0RfHrfaAEtmxznLYifolvFOu7LbEezsNaW9ZTku-Rw91Mj30zXsocxpv_m2cY6S6arL-fgyrjveo9Rdy6Qobw

Protocol

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 01 Oct 2022 13:38:23 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS1vS082RHVwRTJ1SDZ6V1k1aExEVHpMYVZab0tRWU1mRX5B&google_push=AZmPxg-INlgOSILCO0RfHrfaAEtmxznLYifolvFOu7LbEezsNaW9ZTku-Rw91Mj30zXsocxpv_m2cY6S6arL-fgyrjveo9Rdy6Qobw
date: Sat, 01 Oct 2022 13:38:23 GMT
strict-transport-security: max-age=31536000
server: ATS/9.1.10.25
age: 0
content-length: 0
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H2

200

/
onetag-sys.com/match/ Frame 6829
Redirect Chain

https://onetag-sys.com/match/?int_id=106&redir=1&google_gid=CAESEDehX__jwADdWbGEpWAG8_Y&google_cver=1&google_push=AZmPxg9wOePD1h-1234snx_zACQja9S7qzP7ElL7Y0TAxLjFuLsOmHoM2VtKwu-wOubRJoBoY3IAqzFqRoJ...
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AZmPxg9wOePD1h-1234snx_zACQja9S7qzP7ElL7Y0TAxLjFuLsOmHoM2VtKwu-wOubRJoBoY3IAqzFqRoJitC-3VbBI_VqVqJl4FQ
https://onetag-sys.com/match/?int_id=19&google_error=5

0
151 B

16ms
15ms

Image
text/plain

51.89.9.252
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://onetag-sys.com/match/?int_id=19&google_error=5

Protocol

Server

51.89.9.252 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

ip252.ip-51-89-9.eu

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Redirect headers

pragma: no-cache
date: Sat, 01 Oct 2022 13:38:23 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://onetag-sys.com/match/?int_id=19&google_error=5
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 255
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 6829 0
12 B 24ms
23ms Image
text/html 216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13JJCDwnKJsfUAbkP7NgrIZwZW7S34O98QM_ohzAYgJ60Rlf5KYU5o0DgO6RLjFv72k9WqCNb_4

Requested by

Host: b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com
URL: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Sat, 01 Oct 2022 13:38:23 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 728x90.html Show response
s0.2mdn.net/sadbundle/9550724388066307941/ Frame B8D4 6 KB
2 KB 89ms
29ms Document
text/html 2a00:1450:400d:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/9550724388066307941/728x90.html

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_276.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80e::2006 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9c16346c37c164608164e7b460eeb10cf49a70852f68367c46b085d27c99e075

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 173036
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 2319
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Thu, 29 Sep 2022 13:34:27 GMT
expires: Fri, 29 Sep 2023 13:34:27 GMT
last-modified: Fri, 16 Sep 2022 15:06:30 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame C2DA 0
64 B 175ms
73ms Ping
image/gif 142.251.39.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsucKC8muxdTKyuxhmK9p6dhOKWMsBGg_VynaxMI28p9OuECpFgM9FO8wnsRE_9i8fcYdcPteH-tRnBodQXRvD_mimIJgvHdDcM4LXlvM4Luj0pR3ngZuVZD5Qe23Zf86wJrglmzvUKVImeHMk9YxyT0MzduJIr14f-WfXXEDI9ZD3hFi-_sUS4BFNVTY62ebyEpYN94K7MpDpsX9gL7sIYNTON9SeiOUiyiV7cQ1GmJ1S-fpwLfpAO46CgCyXcWlbOtkOpmiREIpD9XPAra3hhPm4BpmNqcbM0szzdslcO1cGMr-AyBAKXGOc9AUPK6p3iXqCw9LWFI11OE3o8jmYFPhCKN8aVfuOrLjA_UcdQpBf_NPyA2tvM1-hPGLocIzYfyI65oSeDA25-3wcePjF7mLCZ5jxaONwvB1Sr8pDP230P3xAN3LvBsabiionFpZvzPu7dLIyOjta5cdFawA7tqPXmt4N3SyThqL7XATqrFgV3z40mTha_USAafePq_QrDlWvYERkROXaAOCBFjv6LsaKc638jUS6VfYUiahmlN8Y6-x25rGJ_VTA-y2jNZgL3a2dnkSKr1vYh4yCcOvz7xO_EwwQnvOLBdT9-CoTdyUbaudU6GntD5_I_fDbOf6oXoTeDHUZ7O4_ip9e1pbTrgbdVLHT3xbHxShjeGtysZ42RuwU4t0vqCmfkfU_PLXcwedSjSFxJ4zjGljdQAV8FU-C3-qM4pM52j0xReNzEPANa8-v_jhycCTY-JpgoVMkmz78nr-RSPVUVVocm-KQEHHdXapnvo_PoNwTtScFkHZDIzhQ6Br2pmpWRrNyzaexNvI2wuLnrac2xVY3trOfd1iZCXRZ1Y16zTXUgtfFHjGwZDtlx98UaWLg3qlIa3wAPUPXVt7JwNuRfhn8ZYIfxFAvmG4W9MXJTgATmyBtddTEvK6G9w3iYKX4nnsXUabUOkzTraNaFTc0Y5epbkeyRysUEo2NtOE9H585NIM5_cR09iKQdxIeaUsSzRZm28PMa3GYIZA1gz_PR24ITI43HGNTYlnAQDFUT2KKL_SU6RsJ-HHq5kjTzDne7-ZWcRHRIiJFubNK_lwegL4NEnR8P8G84-Uuyp613ytzjJhRw7E0HxJveAiw5mmlkdohlZjGje0swJ_O1UKe8kH8TZq2T9tqfWQNcNU03AKJ0eCcAEI_dcJyyEnziGbT0e9QrMBEzE_iC87qq5GkzOzljLYqQ-BCSd0w9XfNYS&sai=AMfl-YRXwp10vIM3G8loBXU3dYOKXhDI3AjURs-k6qtAoV8WEfxCtCLlNcbTxtg09GCWB-TAqEzv5j_UFydKppqDOtOc7MszZ2XbEX004cNalWuDAkfAO9LeYwoIG9rq1OQZD29bIIN7IpgeIwtzIP_wd3csbQ7bC4SLoJ9dtEqq3dNV4unZgepk06qFGwC1tn4SExgene5xx6-snl1IF_BXMHUmGprjlA&sig=Cg0ArKJSzKS-cZ6Fj_B5EAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=353&cbvp=1&cstd=350&cisv=r20220928.66218&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&adurl=

Requested by

Host: www.123greetings.com
URL: https://www.123greetings.com/events/national_day_china/?utm_source=eoct_nationalday_china_remail

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.39.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bud02s39-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Sat, 01 Oct 2022 13:38:23 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H2 200 / Show response
track.adform.net/adfserve/ Frame AA87 8 KB
4 KB 20ms
20ms Script
text/javascript 37.157.3.28
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/adfserve/?CC=1&bn=57588194;gdpr=;gdpr_consent=;click=https://googleads.g.doubleclick.net/dbm/clk?sa=L&ai=CXN1lzUI4Y9ryM5ms9u8PrdWLyAmj8aLcbOz9pumOEPAuEAEg7_aQIWCVgoCAoAfIAQmpAhaE2m-4cbA-qAMBqgTyAU_QWEU68pGDLyobToGUsA0XAC9Z5LWsn7_GThwEhnlT8RqW6-X3cNULaJD7zkcgwpCaYNifpX1s3urbAK6jXV7KL_xzPNsWTYj2ZKmdw3Q4vsNWgl_soAzBArVQ2LoKKoIEgytT5QLMg6OofD42QrQSoNzojn9y8k8a7YI2FtPUyVvjuRqUhYCr1nZQiMYreRL4ZW0zQT73REyRYo7LR4qDHGrr_m3KzzIN3uYeeHpyXpjJbWCKlKPJwq3Adxegabs1z2wYSsLIRUKvLl5iLQprzdWsOcFbGqyfSxjLpuTrOs2LH7dlCuJV-RAYS2sWd0A2wATd5trmhQTgBAOQBgGgBk2AB-6b1dsBqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgH35-xAtgHANIIEQiA4YAQEAEYHTICqgI6AoBAgAoDmAsByAsBgAwBsBOwlqcQ0BMA2BMK2BQB0BUB-BYBgBcB&ae=1&num=1&cid=CAASJeRoA3_4VYO1EQZH06ETe3Lb_MXeUBvnE55Vw8yRLgRmJo6Ihlk&sig=AOD64_0rPvv5wBAgjNPGM25c06lf9_qDgQ&client=ca-pub-4627517680249670&dbm_c=AKAmf-Dw-wfdzhKsPtFX0Wy_yIKCOSZEYu0cyh66l_9Qjf6G2a3_r5jub1ceE-PAnJ4imxtDByORb8IuYOZQGRwWDcs3mTf_x72hW_j1NapLUq_YNybljISA-Nq4bFVvxL15iwZ7A4UnUhFS0YfomIc3LTGQi4ARyUGNbqdimllpiiyKSDhKydQ&cry=1&dbm_d=AKAmf-BXQjjhWF2PChOv1HJfDoJ976VNqQPBqZNAixNGBOPxxeEQmA9h05dz4D1CQH8tG-57ih758VT2IK4pEaxHL-H-vSjcVpP9IYe8oevvLDqQBRVR_hIiAakjKluYytk33knJtUOZ9XZ3MB6_E7CqVukG0JZLlS_3PpqlpIeRVl6fwLJuiID5jP5tssnnUAeNVXFj10iHRYaky1Vj9iamPK3QD5T5KOYyTtZZ5auWYHR0GYvLxvKGGrFCepFdARJdW51m2MsmTMui3k-Nmf6UangaIAHV3pM8r2RjUnEhXVZ7PIkI1wsAw3YW1LYa-C3UrWvo36jQTzgi7R763sTLnwnYw77Q1q_eyS2ISZcYO80JN4tHoLSPVxmz5HByQDsNmwHu4MTRHdH89EDYx6zEgM7TeIbju-2r30m9Zd4JbuQfFvvhSYug1CVh0arlJsFxN7Zi5TQyyGZt8X2yFF4zQA7u9SgMJXw_QCteTiIoWIo9H0MpEYU7ksK3lZJW6nuBTnNuXMo0WqfHWdMm_vNyxbCR1QycRp7dgQD7ZqlRXol6GkoaI0f5aCYdAFZcgcFTTpNxVfkcng0OJAT2QsSvj1qlCsWhpVdwHK64XjwPL7wXPRcPYM6SxVzZi3-UkiSN26gmBM3u&adurl=;js=1;adfxid=1x;2911;set=en-US|en-US|1600X1200|0|300|250|24|8|3|7|1|;cmpgdpr=;cmpgdprconsent=;fd=0|0&CREFURL=https%3A%2F%2Fwww.123greetings.com

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.3.28 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

e37e804f139ba52491abb130f951381aa0732393702ab5c0e7d2cd54d30cfacb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 01 Oct 2022 13:38:23 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
cache-control: no-cache, no-store, must-revalidate, no-transform
content-length: 3925
expires: -1

GET
H3 200 gnLtmcL-mn53pq-EJRMXOCFACjpZd0iqiIv80oTeKas.js Show response
pagead2.googlesyndication.com/bg/ Frame 677D 36 KB
16 KB 28ms
28ms Script
text/javascript 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/gnLtmcL-mn53pq-EJRMXOCFACjpZd0iqiIv80oTeKas.js

Requested by

Host: www.123greetings.com
URL: https://www.123greetings.com/events/national_day_china/?utm_source=eoct_nationalday_china_remail

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8272ed99c2fe9a7e77a6af842513173821400a3a597748aa888bfcd284de29ab

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Wed, 28 Sep 2022 19:21:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 238631
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16010
x-xss-protection: 0
last-modified: Tue, 27 Sep 2022 16:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 28 Sep 2023 19:21:12 GMT

GET
H2 206 01f95f16f8884b7e9bac22b44e4ac2c8_92bfea3f2d03ea9a6c2e2c6989f26b8a.mp4
static.criteo.net/design/dt/2861/220829/ Frame C3C4 614 KB
615 KB 16ms
16ms Media
video/mp4 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/design/dt/2861/220829/01f95f16f8884b7e9bac22b44e4ac2c8_92bfea3f2d03ea9a6c2e2c6989f26b8a.mp4?ibv=1

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

677fa4f3fb3ceb4a8b6a7371cb9f522b2a775e93d7026f533e076eb8ab384c03

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
Accept-Encoding: identity;q=1, *;q=0
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
Range: bytes=0-

Response headers

date: Sat, 01 Oct 2022 13:38:23 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Mon, 29 Aug 2022 15:04:47 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "630cd58f-9993d"
content-type: video/mp4
access-control-allow-origin: *
Content-Range: bytes 0-629052/629053
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
Content-Length: 629053
expires: Tue, 26 Sep 2023 13:38:23 GMT

GET
H3 200 300x250.html Show response
s0.2mdn.net/sadbundle/12044097668311477804/ Frame 332C 6 KB
2 KB 34ms
33ms Document
text/html 2a00:1450:400d:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/12044097668311477804/300x250.html

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_276.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80e::2006 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3fa7286a17116434c61ab86a339583d0dc7b3861db8d069c22c5034aeead0372

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 151965
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 2321
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Thu, 29 Sep 2022 19:25:38 GMT
expires: Fri, 29 Sep 2023 19:25:38 GMT
last-modified: Fri, 16 Sep 2022 15:06:28 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 4ED8 0
622 B 108ms
72ms Ping
image/gif 142.251.39.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsu0AuVkf4espQJafCoiuS_V50vK_wCwH2d0qDpe91prNBgeq2iyD6RRghS5SFSnEAJX7m-F7fIzYHxXD6LeQdl5fEYvC10u9Rg8R77i4YXN6zHfQ_hQMqYrfdfJ4QFGYf9aPEBSs-EfW7U_Zrxv8umQaYd26hY9GMFSZhDGUoGyE13msAZeqdJVru05u7c5uPeXhHmTVYANhVvK98X7G5w6-WXnnFb5s0OaQ1HTUJBz6SA63ADj3NhnKhmHC0yXGJ1gi4pv6kP2KvtIdGn_4kXbqfkzyUAtJEBpxMV2IyLy4Jcq_MOtqqbXIvx-SpHpD8ODWV2kQ6TLmgYsF6VI8IkSwwX3H59G1ONn5GMFodZtl2ZbUy1Hd2aENGMVOiGc_BZDdkpC7W9o_0NcXNHaRcjElDlLjixx8eUbPN-9lUWnksutDYlsE-592lUbZcUh1s-0Vx78FfO1zeLNDguhHjOtLvpU3SEVfKBm15Oi7qrNMMg6_mWl8nL53OKlE3LwPAXXTDAoDRLl4gn2W2dHOhgy25vhehuRyFTLQOKO98vwLUQrPeDNBsizGxOo1ntF1YuRukQDl_xTNbGvbzqlVxIpybLLDZ7BMFDQ0uEHLZIrPra_yTjRhvds-QBhprASAEBcH6yNT9Js4El6VbnFfo2Ju_UFiG9FhqvegWTFJGoVryTmjTUoE_Sd2stpJcld5PdTFB2Tb7a1iZLFsRC2pS-u0r_-uVUr2YdMRwDPbHOaYG6hunJNgG8VCjjxjT6HK0CWoXv3-NfV8mpl8UN-UK6muJDIjVNFXTTrwhv0MumOufvcTg4DJT_MLJSfZasQjxQpkzmaVKvHCXKCLnqAW1-TChIk3aVn563mGmpwQt4CWMmKD5SmfS4iBpWFRZ7eOIqwh-YNl6HvkWHE90txGr-kUWg9jbU-32x7Q0iCU0VK7mYffJDPj_sg8LO-QigWTMifWGaL8owWUHQRAyP4Z_u0ZQOLCJ-QBG9fqhNeb9eRNxaR8EJVyL2px9CgDpWDpmUZnW0WEor0BZoTvEVz3NQtV0N0b7A0ZrkSwU8Rm9XH6-FXt0_NQVHCNGJ4MOuoYu7OQT4-RmXaNaSCtfzJ_8bWzWH2_u4sSOVoDSvu586-WNbSm5lWzXC-rgoAZg56dXuSsA0U6zf1C9tqBcdfmkQ61LdUwrCqX5y3X4owpFNjFQpjX5m1SFKWNMFcBuO3y5On5JTGRwKq2UNekWhDph79NCL2OcYnbyFzsaIkcvvndE_1WA&sai=AMfl-YT2QowtCrd6fL5ydD5311K5YXhhQzL6bpYomABli0o0ABDbhXmwbzga-kUG8M8LL__63AP6SxMMc_dpXlidp4C0iku997m85DE_b8DAr27GGhVtCByRRtrjGW-bMjqo_k0URKUwOIgBNpkZa-Vp_sEqhdvITjOozEMl2XC1iZyL3ijrIEgGPQ3KiMEgTVB_snpPGc5Ql5nUFx4z2N9UxKfYKtWWzQ&sig=Cg0ArKJSzG9Da20kicq0EAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=266&cbvp=1&cstd=265&cisv=r20220928.94652&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&adurl=

Requested by

Host: www.123greetings.com
URL: https://www.123greetings.com/events/national_day_china/?utm_source=eoct_nationalday_china_remail

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.39.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bud02s39-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Sat, 01 Oct 2022 13:38:23 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H2 200 layout_renderer.php Show response
as.euw1.jivox.com/unit/ Frame 4927 236 KB
47 KB 56ms
56ms Document
text/html 54.73.102.103
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://as.euw1.jivox.com/unit/layout_renderer.php?es_pId=9f38299&isDynamic=1&campaignId=159897&gdpr_consent=&dspId=DBM&bDim=300x250&ap_DataSignal1=18269839860&jvxVer=2&gdpr=&bUnitId=2000&r=1664631501850674&cMacro=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCB-kDzUI4Y_L1M5ms9u8PrdWLyAnJ3tjBbMify9vdEN_kor3AARABIO_2kCFglYKAgKAHoAHm497pAsgBCakCFoTab7hxsD6oAwGqBO0BT9Ce4HNOHhFVqnPnTnflrO7RyyNBarJ6B7Aj_JF19_3tdRv-taLHNeUu7zUKnJC1PIsYC8nvQzPtKx2W0MEbnER6jkBwi9sA-8O71R1ohavLpUjX91qDOa7f10WOt78MrAjtfi7ZwLAdMXMkWkT-akUBCl5OOi76DLRe1yXTHczLRr63pQEev9JOtcJ2-xm6fJok4FjB9BVujjUVXHlwWt5xNu_9JmmUO36qFfXyxdyBryluk2JyhBDu2ov7n1A_rYfTmHhW3Zf2_YtOiAv2IMl5W5OYFxsSE4t8bPz2i3E4s64kn7ZqU4LAl4USwASR1Yu9kgTgBAOQBgGgBk2AB4KcoZYBqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgH35-xAtgHANIIEQiA4YAQEAEYHTICqgI6AoBAgAoDmAsByAsBgAwBsBPG6McQ0BMA2BMN2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAASJeRo6x_F_ff-rWyeeOXrhXXxZEVwn9dFbwrJbvAUU6GZpYTHzAM%26sig%3DAOD64_0SFm02YNJ4ggWP8zr-vI5VGGWC9g%26client%3Dca-pub-4627517680249670%26dbm_c%3DAKAmf-C3PeD9duwzJ08zdFLunA_q-6Tv406ifyM94DXwTzZrbUIQvq-Dp2JWg4KmpNa1HLhkdZIqhTUUitatTGmOHNsBd6BHobZr-JkxuEZtrVK_p_NENoR7aZIfLoCS_nDb6O0qQL8p6DfjgHp_JgmcxsJtOQDrFkyjYJlyORi4ZQbxwXSQQxQ%26cry%3D1%26dbm_d%3DAKAmf-D-SAL_SJyk9A3ZN5aaLmYYD2vZCX7g0YybWwU2WjoovPJhEG5T-OgXkpEUHYy4v1y0Gc5gUFvuKt88lbWxD7-scp3oIlle9-9Tr_sPkQikOMgUXX7I3XVB0ZMxerlimYfSRiC8Yq_Z7CM9v4Qbh0a62Ei3vXCyf1DZB82TrH34z-QVKgXM9fJF0zT3ppyBHGXxEfQsk7gPqzvkJJcWAcHBDI0vkrn68f3AZgOtQni9Wvr8oUKCfVvq1n6PkoMNH4kXPiLjl4H9ji3iw1NMIENxajAonsMgkhft_xE9-7W4URsG8KPVkoYg4-fBc1vk_LtHbOCs6vOtMBniufiYEhJu3wB2JjNUyQ-yLvCiXCbYD4Nf_IsIeBGL3_PtQ4GLQUmai6GCWiwo8eU-OYp2Uog-yv1T0JJA9UmUrNMoDgR57PXV72Yy-k9XE4mQ9dfQB-mfSZ4ogmjvd3djVx1qj2Ffl518tXXcvvIjMmFVu5KsKwrjBY1ZOVHf47LYF4aA43OCiZgZ0qzgd9Hd7vyQGLgIPPGy-lTzMKM4zIHHMn3UC-gfy1vzMsdwTjWcP9tuIVDj1KjKOhN92dwT1XqrN3Fk16_tdmwrCUvPtWQtfDdd8OFBVzoa7IKfE9lx2F_tiJwS2IC6%26adurl%3D&us_privacy=%24%7BUS_PRIVACY%7D&ts_pId=9f38299&siteId=961ee94c58df6c&creativeUnitType=20&objectName=jvx_633842cf1620d&adUnitId=2000&jvxSessionId=1664631503.3758&base=1&creativeResolveBeginTime=1664631503000&omid=0&localTimeOffset=0&pageURL=https%3A%2F%2Fb5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-38%2Fhtml%2Fcontainer.html&allowExp=0
Requested by: Host: as.euw1.jivox.com
URL: https://as.euw1.jivox.com/unit/unit_renderer.php?es_pId=9f38299&isDynamic=1&campaignId=159897&gdpr_consent=&dspId=DBM&bDim=300x250&ap_DataSignal1=18269839860&jvxVer=2&gdpr=&bUnitId=2000&r=1664631501850674&cMacro=https://googleads.g.doubleclick.net/dbm/clk%3Fsa%3DL%26ai%3DCB-kDzUI4Y_L1M5ms9u8PrdWLyAnJ3tjBbMify9vdEN_kor3AARABIO_2kCFglYKAgKAHoAHm497pAsgBCakCFoTab7hxsD6oAwGqBO0BT9Ce4HNOHhFVqnPnTnflrO7RyyNBarJ6B7Aj_JF19_3tdRv-taLHNeUu7zUKnJC1PIsYC8nvQzPtKx2W0MEbnER6jkBwi9sA-8O71R1ohavLpUjX91qDOa7f10WOt78MrAjtfi7ZwLAdMXMkWkT-akUBCl5OOi76DLRe1yXTHczLRr63pQEev9JOtcJ2-xm6fJok4FjB9BVujjUVXHlwWt5xNu_9JmmUO36qFfXyxdyBryluk2JyhBDu2ov7n1A_rYfTmHhW3Zf2_YtOiAv2IMl5W5OYFxsSE4t8bPz2i3E4s64kn7ZqU4LAl4USwASR1Yu9kgTgBAOQBgGgBk2AB4KcoZYBqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgH35-xAtgHANIIEQiA4YAQEAEYHTICqgI6AoBAgAoDmAsByAsBgAwBsBPG6McQ0BMA2BMN2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAASJeRo6x_F_ff-rWyeeOXrhXXxZEVwn9dFbwrJbvAUU6GZpYTHzAM%26sig%3DAOD64_0SFm02YNJ4ggWP8zr-vI5VGGWC9g%26client%3Dca-pub-4627517680249670%26dbm_c%3DAKAmf-C3PeD9duwzJ08zdFLunA_q-6Tv406ifyM94DXwTzZrbUIQvq-Dp2JWg4KmpNa1HLhkdZIqhTUUitatTGmOHNsBd6BHobZr-JkxuEZtrVK_p_NENoR7aZIfLoCS_nDb6O0qQL8p6DfjgHp_JgmcxsJtOQDrFkyjYJlyORi4ZQbxwXSQQxQ%26cry%3D1%26dbm_d%3DAKAmf-D-SAL_SJyk9A3ZN5aaLmYYD2vZCX7g0YybWwU2WjoovPJhEG5T-OgXkpEUHYy4v1y0Gc5gUFvuKt88lbWxD7-scp3oIlle9-9Tr_sPkQikOMgUXX7I3XVB0ZMxerlimYfSRiC8Yq_Z7CM9v4Qbh0a62Ei3vXCyf1DZB82TrH34z-QVKgXM9fJF0zT3ppyBHGXxEfQsk7gPqzvkJJcWAcHBDI0vkrn68f3AZgOtQni9Wvr8oUKCfVvq1n6PkoMNH4kXPiLjl4H9ji3iw1NMIENxajAonsMgkhft_xE9-7W4URsG8KPVkoYg4-fBc1vk_LtHbOCs6vOtMBniufiYEhJu3wB2JjNUyQ-yLvCiXCbYD4Nf_IsIeBGL3_PtQ4GLQUmai6GCWiwo8eU-OYp2Uog-yv1T0JJA9UmUrNMoDgR57PXV72Yy-k9XE4mQ9dfQB-mfSZ4ogmjvd3djVx1qj2Ffl518tXXcvvIjMmFVu5KsKwrjBY1ZOVHf47LYF4aA43OCiZgZ0qzgd9Hd7vyQGLgIPPGy-lTzMKM4zIHHMn3UC-gfy1vzMsdwTjWcP9tuIVDj1KjKOhN92dwT1XqrN3Fk16_tdmwrCUvPtWQtfDdd8OFBVzoa7IKfE9lx2F_tiJwS2IC6%26adurl%3D&us_privacy=${US_PRIVACY}&ts_pId=9f38299&siteId=961ee94c58df6c&creativeUnitType=20
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.73.102.103 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-73-102-103.eu-west-1.compute.amazonaws.com
Software: Apache /
Resource Hash: be4485b288025b8a00bcdc3c3622da9c06e77d21e6e9a3910d5a214f1a024711

Request headers

Referer: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-cache
content-encoding: gzip
content-length: 48292
content-type: text/html; charset=UTF-8
date: Sat, 01 Oct 2022 13:38:23 GMT
expires: Mon, 26 Jul 1997 05:00:00 GMT
p3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: Apache
vary: Accept-Encoding

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 3751 1 KB
751 B 29ms
28ms Document
text/html 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com
URL: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 22071
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=86400
content-encoding: gzip
content-length: 724
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 01 Oct 2022 07:30:32 GMT
etag: 48472445140208031
expires: Sun, 02 Oct 2022 07:30:32 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame FCA6 219 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e69b67b081d80773ed5ee30bdec31ac2fc49c02440b87365e4ade71dca0faf8d

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame FBA9 22 KB
8 KB 29ms
28ms Document
text/html 2a00:1450:400d:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:806::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 195215
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 29 Sep 2022 07:24:48 GMT
expires: Fri, 29 Sep 2023 07:24:48 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2

200

/
r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/ Frame 17D4
Redirect Chain

https://ad.turn.com/r/cs?pid=3&google_gid=CAESEBng9x3Ih3d76barRIKfTbs&google_cver=1&google_push=AZmPxg9IGsrhJ2g3bdd7g8P7LRuHnozLwj9FAFaCbqQNR68D6ovh4Xl8YRNQoHWOxUnOBihB7AlpKEyvDyd1lxiCJcXFVQobyIK8
https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=ODMyNzEwNjcwNDQ5MTc0OTU1NQ==&gdpr=&gdpr_consent=
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEBng9x3Ih3d76barRIKfTbs&google_cver=1

43 B
398 B

67ms
14ms

Image
image/gif

2001:678:cb4:bbbb::11
AMOBEE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEBng9x3Ih3d76barRIKfTbs&google_cver=1
Requested by: Host: b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com
URL: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Server: 2001:678:cb4:bbbb::11 , United Kingdom, ASN56396 (AMOBEE, GB),
Reverse DNS
Software: /
Resource Hash: 48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Sat, 01 Oct 2022 13:38:23 GMT
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length: 43
p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

Redirect headers

pragma: no-cache
date: Sat, 01 Oct 2022 13:38:23 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEBng9x3Ih3d76barRIKfTbs&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 17D4
Redirect Chain

https://um.simpli.fi/gp_match?google_gid=CAESEAQPy5nXHWlDcZ8DFxe10Us&google_cver=1&google_push=AZmPxg9I4LIhp-BbRtnildKghqGBtVft6sHKFZY3pczhpodij1lhPrcTWkSc6AukdqaCsks6o5kHJdVugN_PdbJsSWUKieuVNtD6
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=05CF89689C6F424FADBDE2FFE26F71AE&google_push=AZmPxg9I4LIhp-BbRtnildKghqGBtVft6sHKFZY3pczhpodij1lhPrcTWkSc6AukdqaCsks6o5kHJdVugN_PdbJ...

170 B
188 B

27ms
27ms

Image
image/png

216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=05CF89689C6F424FADBDE2FFE26F71AE&google_push=AZmPxg9I4LIhp-BbRtnildKghqGBtVft6sHKFZY3pczhpodij1lhPrcTWkSc6AukdqaCsks6o5kHJdVugN_PdbJsSWUKieuVNtD6

Requested by

Host: b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com
URL: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 01 Oct 2022 13:38:23 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Sat, 01 Oct 2022 13:38:23 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
server: openresty
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
location: https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=05CF89689C6F424FADBDE2FFE26F71AE&google_push=AZmPxg9I4LIhp-BbRtnildKghqGBtVft6sHKFZY3pczhpodij1lhPrcTWkSc6AukdqaCsks6o5kHJdVugN_PdbJsSWUKieuVNtD6
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 142
expires: Fri, 30 Sep 2022 13:38:23 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 17D4
Redirect Chain

https://ads.travelaudience.com/google_pixel?google_gid=CAESELvgf9vU2Ow32rAg8rDetx0&google_cver=1&google_push=AZmPxg_F_6PLvxVgQ51y2MixmSDzfnHjDKd16X8tL9pv91cr4fBMSJYP05bmL1B0HlPQMJKHIn1cqtuOZJNKSW8t...
https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=zU8jhXeNQzSJ1DzvjqrCeA2&google_push=AZmPxg_F_6PLvxVgQ51y2MixmSDzfnHjDKd16X8tL9pv91cr4fBMSJYP05bmL1B0HlPQMJKHIn1cqtuOZJNKSW8t2xartsObZciF

170 B
188 B

26ms
26ms

Image
image/png

216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=zU8jhXeNQzSJ1DzvjqrCeA2&google_push=AZmPxg_F_6PLvxVgQ51y2MixmSDzfnHjDKd16X8tL9pv91cr4fBMSJYP05bmL1B0HlPQMJKHIn1cqtuOZJNKSW8t2xartsObZciF

Requested by

Host: b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com
URL: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 01 Oct 2022 13:38:23 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Sat, 01 Oct 2022 13:38:23 GMT
via: 1.1 google
x-engine-version: 0.0.0
server: nginx/1.21.6
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR LAW CUR DEV PSA PSD IVA OUR BUS UNI COM NAV INT CNT LOC"
location: https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=zU8jhXeNQzSJ1DzvjqrCeA2&google_push=AZmPxg_F_6PLvxVgQ51y2MixmSDzfnHjDKd16X8tL9pv91cr4fBMSJYP05bmL1B0HlPQMJKHIn1cqtuOZJNKSW8t2xartsObZciF
x-host: tde-deliveryengine-production-b869b47b-9pw2t
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 17D4
Redirect Chain

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEMaJ0OvVOafl8CADIA49-bY&google_cver=1&google_push=AZmPxg8OR2LvuEATOrr-gcuddH6Ur9qmu4_o7xmQloAtPOnmv-ojswlqDRsRmFAFb-7SeCeoL617oHHQBtGu4kg4yp-aC1i...
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AZmPxg8OR2LvuEATOrr-gcuddH6Ur9qmu4_o7xmQloAtPOnmv-ojswlqDRsRmFAFb-7SeCeoL617oHHQBtGu4kg4yp-aC1ifk788&google_hm=Nzc4NTUwOTY3MDY1MDg5Nj...

170 B
188 B

24ms
24ms

Image
image/png

216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AZmPxg8OR2LvuEATOrr-gcuddH6Ur9qmu4_o7xmQloAtPOnmv-ojswlqDRsRmFAFb-7SeCeoL617oHHQBtGu4kg4yp-aC1ifk788&google_hm=Nzc4NTUwOTY3MDY1MDg5NjIzMw%3D%3D

Requested by

Host: b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com
URL: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 01 Oct 2022 13:38:23 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Sat, 01 Oct 2022 13:38:23 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
server: ATS
content-security-policy: sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
location: https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AZmPxg8OR2LvuEATOrr-gcuddH6Ur9qmu4_o7xmQloAtPOnmv-ojswlqDRsRmFAFb-7SeCeoL617oHHQBtGu4kg4yp-aC1ifk788&google_hm=Nzc4NTUwOTY3MDY1MDg5NjIzMw%3D%3D
content-length: 0

GET
H3 200 dds
rtb.openx.net/sync/ Frame 17D4 43 B
64 B 40ms
21ms Image
image/gif 35.186.253.211
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.openx.net/sync/dds?google_gid=CAESEGBx3PQBulRqspWmHCWhE1s&google_cver=1&google_push=AZmPxg9Z8ituqqA3sxyWTG6CR4paNKpNvZNNmsz7dtRNrBcOSUZLiArNRlqHXn49d_emmoQOpAvI-q5qKJVW8HO8OuLM0AlDn-M
Requested by: Host: b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com
URL: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.186.253.211 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 211.253.186.35.bc.googleusercontent.com
Software: Cowboy /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 01 Oct 2022 13:38:23 GMT
via: 1.1 google
server: Cowboy
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: null
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
x-request-id: 4rrtvkk4mplm2vvcu0ljchqavdva9079

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 17D4
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEAVdoJBmtR97c1QyiTNHb40&google_cver=1&google_push=AZmPxg-6TW6rdIocnenBSfs36f_CzQXylc6lIdkTJRMg-OU8bZ8gFB1QEuzq4dluYcQ00jPxGw0...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDhQWU04T0MtOC0yODJZ&google_push=AZmPxg-6TW6rdIocnenBSfs36f_CzQXylc6lIdkTJRMg-OU8bZ8gFB1QEuzq4dluYcQ00jPxGw0qR3kM0ebidxpC0qw6RokbmLg

170 B
188 B

25ms
25ms

Image
image/png

216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDhQWU04T0MtOC0yODJZ&google_push=AZmPxg-6TW6rdIocnenBSfs36f_CzQXylc6lIdkTJRMg-OU8bZ8gFB1QEuzq4dluYcQ00jPxGw0qR3kM0ebidxpC0qw6RokbmLg

Requested by

Host: b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com
URL: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 01 Oct 2022 13:38:23 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Type: text/html
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDhQWU04T0MtOC0yODJZ&google_push=AZmPxg-6TW6rdIocnenBSfs36f_CzQXylc6lIdkTJRMg-OU8bZ8gFB1QEuzq4dluYcQ00jPxGw0qR3kM0ebidxpC0qw6RokbmLg
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 4cdacfaa68e4ab216fffbcc107c5b898
Expires: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 17D4
Redirect Chain

https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEDCgXYQ-qzOvdbVfKDf2wqk&google_cver=1&google_push=AZmPxg_5e5Hy6ISnHrayw0wI7MSTcWrnygn6ljqlsWnC8CfFPqAVcehU6tcamzvJOYFODdu3Xc...
https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS1vS082RHVwRTJ1SDZ6V1k1aExEVHpMYVZab0tRWU1mRX5B&google_push=AZmPxg_5e5Hy6ISnHrayw0wI7MSTcWrnygn6ljqlsWnC8CfFPqAVcehU6...

170 B
188 B

24ms
24ms

Image
image/png

216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS1vS082RHVwRTJ1SDZ6V1k1aExEVHpMYVZab0tRWU1mRX5B&google_push=AZmPxg_5e5Hy6ISnHrayw0wI7MSTcWrnygn6ljqlsWnC8CfFPqAVcehU6tcamzvJOYFODdu3XcQmPptigfUsg5cMow43Fd7WZANQiw

Requested by

Host: b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com
URL: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 01 Oct 2022 13:38:23 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS1vS082RHVwRTJ1SDZ6V1k1aExEVHpMYVZab0tRWU1mRX5B&google_push=AZmPxg_5e5Hy6ISnHrayw0wI7MSTcWrnygn6ljqlsWnC8CfFPqAVcehU6tcamzvJOYFODdu3XcQmPptigfUsg5cMow43Fd7WZANQiw
date: Sat, 01 Oct 2022 13:38:23 GMT
strict-transport-security: max-age=31536000
server: ATS/9.1.10.25
age: 0
content-length: 0
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 17D4 0
12 B 25ms
21ms Image
text/html 216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13KQTnSworBRpjo9WjVsithKWK_N1PnKn0W-z5dmpVyoUfBURhyUQl6t8QLiwaQTprJL_cZ3Ug

Requested by

Host: b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com
URL: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Sat, 01 Oct 2022 13:38:23 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H2 200 createjs.min.js Show response
code.createjs.com/1.0.0/ Frame B8D4 236 KB
63 KB 57ms
16ms Script
text/javascript 2a02:26f0:3500:11::215:14dc
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://code.createjs.com/1.0.0/createjs.min.js
Requested by: Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/9550724388066307941/728x90.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:26f0:3500:11::215:14dc Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: Apache /
Resource Hash: e439bebf8de2df0582273906d2c1dceff2387c661efb2152ef1c28420ce4e7e5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Sat, 01 Oct 2022 13:38:23 GMT
content-encoding: gzip
server: Apache
vary: Accept-Encoding
content-type: text/javascript
cache-control: max-age=900
x-n: S
accept-ranges: bytes
expires: Sat, 01 Oct 2022 13:53:23 GMT

GET
H3 200 728x90.js Show response
s0.2mdn.net/sadbundle/9550724388066307941/ Frame B8D4 47 KB
10 KB 30ms
30ms Script
application/x-javascript 2a00:1450:400d:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/9550724388066307941/728x90.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/9550724388066307941/728x90.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80e::2006 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a915754dd6e088c034edafadf0d920508bc0c3377967a3b0677e278c800bd9cd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/9550724388066307941/728x90.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Thu, 29 Sep 2022 08:26:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 191498
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10332
x-xss-protection: 0
last-modified: Fri, 16 Sep 2022 15:06:30 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 29 Sep 2023 08:26:45 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 4ED8 41 KB
15 KB 29ms
29ms Script
text/javascript 2a00:1450:400d:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com
URL: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:806::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Tue, 27 Sep 2022 18:03:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 329712
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 27 Sep 2023 18:03:11 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 889B 1 KB
751 B 29ms
27ms Document
text/html 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com
URL: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 22071
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=86400
content-encoding: gzip
content-length: 724
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 01 Oct 2022 07:30:32 GMT
etag: 48472445140208031
expires: Sun, 02 Oct 2022 07:30:32 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 4ED8 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 52017d9b15047560da219ccb1e603a2300690343092772e8272ff06a21dc107a

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 createjs.min.js Show response
code.createjs.com/1.0.0/ Frame 332C 236 KB
63 KB 27ms
17ms Script
text/javascript 2a02:26f0:3500:11::215:14dc
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://code.createjs.com/1.0.0/createjs.min.js
Requested by: Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/12044097668311477804/300x250.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:26f0:3500:11::215:14dc Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: Apache /
Resource Hash: e439bebf8de2df0582273906d2c1dceff2387c661efb2152ef1c28420ce4e7e5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Sat, 01 Oct 2022 13:38:23 GMT
content-encoding: gzip
server: Apache
vary: Accept-Encoding
content-type: text/javascript
cache-control: max-age=900
x-n: S
accept-ranges: bytes
expires: Sat, 01 Oct 2022 13:53:23 GMT

GET
H3 200 300x250.js Show response
s0.2mdn.net/sadbundle/12044097668311477804/ Frame 332C 48 KB
10 KB 32ms
30ms Script
application/x-javascript 2a00:1450:400d:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/12044097668311477804/300x250.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/12044097668311477804/300x250.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80e::2006 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2c15005e0ad25e77c055181671a77000719088346e4b540df47ba3104602b3d9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/12044097668311477804/300x250.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Fri, 30 Sep 2022 04:07:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 120624
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10447
x-xss-protection: 0
last-modified: Fri, 16 Sep 2022 15:06:28 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 30 Sep 2023 04:07:59 GMT

GET
H2 204 ad_impression.gif
beacon.krxd.net/ Frame AA87 0
338 B 134ms
35ms Image
text/plain 52.213.108.198
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://beacon.krxd.net/ad_impression.gif?confid=vzkbcd8um&campaignid=2779292&advertiserid=IKEA+DE+Mediacom&placementid=9626043&adid=55203148&creativeid=55203148&siteid=1734703_&rnd=71249
Requested by: Host: b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com
URL: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.213.108.198 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-213-108-198.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

x-served-by: beacon-n017-dub-prod.krxd.net
date: Sat, 01 Oct 2022 13:38:23 GMT
cache-control: private, no-cache, no-store
x-request-time: D=30 t=1664631503
p3p: policyref="https://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame BB0D 22 KB
8 KB 29ms
28ms Document
text/html 2a00:1450:400d:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:806::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 195215
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 29 Sep 2022 07:24:48 GMT
expires: Fri, 29 Sep 2023 07:24:48 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 Standard Show response
s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.222/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/ImageTag:types/ Frame AA87 85 KB
36 KB 25ms
24ms Script
text/javascript 37.157.2.249
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.222/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/ImageTag:types/Standard
Requested by: Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.2.249 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: 77c67801c7995f4eaec6d68deb332882a6a342ad407d6eb25f8ffbf54c92bde7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Sat, 01 Oct 2022 13:38:23 GMT
content-encoding: gzip
last-modified: Wed, 14 Sep 2022 11:10:06 GMT
server: nginx
x-cache-status: HIT
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=100000
expires: Sun, 02 Oct 2022 16:32:25 GMT

GET
H2 200 jquery-2.1.0.min.js Show response
playercdn.jivox.com/1651821427/unit/js/gz/ Frame 4927 82 KB
29 KB 62ms
8ms Script
application/x-javascript 143.204.205.98
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://playercdn.jivox.com/1651821427/unit/js/gz/jquery-2.1.0.min.js
Requested by: Host: as.euw1.jivox.com
URL: https://as.euw1.jivox.com/unit/layout_renderer.php?es_pId=9f38299&isDynamic=1&campaignId=159897&gdpr_consent=&dspId=DBM&bDim=300x250&ap_DataSignal1=18269839860&jvxVer=2&gdpr=&bUnitId=2000&r=1664631501850674&cMacro=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCB-kDzUI4Y_L1M5ms9u8PrdWLyAnJ3tjBbMify9vdEN_kor3AARABIO_2kCFglYKAgKAHoAHm497pAsgBCakCFoTab7hxsD6oAwGqBO0BT9Ce4HNOHhFVqnPnTnflrO7RyyNBarJ6B7Aj_JF19_3tdRv-taLHNeUu7zUKnJC1PIsYC8nvQzPtKx2W0MEbnER6jkBwi9sA-8O71R1ohavLpUjX91qDOa7f10WOt78MrAjtfi7ZwLAdMXMkWkT-akUBCl5OOi76DLRe1yXTHczLRr63pQEev9JOtcJ2-xm6fJok4FjB9BVujjUVXHlwWt5xNu_9JmmUO36qFfXyxdyBryluk2JyhBDu2ov7n1A_rYfTmHhW3Zf2_YtOiAv2IMl5W5OYFxsSE4t8bPz2i3E4s64kn7ZqU4LAl4USwASR1Yu9kgTgBAOQBgGgBk2AB4KcoZYBqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgH35-xAtgHANIIEQiA4YAQEAEYHTICqgI6AoBAgAoDmAsByAsBgAwBsBPG6McQ0BMA2BMN2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAASJeRo6x_F_ff-rWyeeOXrhXXxZEVwn9dFbwrJbvAUU6GZpYTHzAM%26sig%3DAOD64_0SFm02YNJ4ggWP8zr-vI5VGGWC9g%26client%3Dca-pub-4627517680249670%26dbm_c%3DAKAmf-C3PeD9duwzJ08zdFLunA_q-6Tv406ifyM94DXwTzZrbUIQvq-Dp2JWg4KmpNa1HLhkdZIqhTUUitatTGmOHNsBd6BHobZr-JkxuEZtrVK_p_NENoR7aZIfLoCS_nDb6O0qQL8p6DfjgHp_JgmcxsJtOQDrFkyjYJlyORi4ZQbxwXSQQxQ%26cry%3D1%26dbm_d%3DAKAmf-D-SAL_SJyk9A3ZN5aaLmYYD2vZCX7g0YybWwU2WjoovPJhEG5T-OgXkpEUHYy4v1y0Gc5gUFvuKt88lbWxD7-scp3oIlle9-9Tr_sPkQikOMgUXX7I3XVB0ZMxerlimYfSRiC8Yq_Z7CM9v4Qbh0a62Ei3vXCyf1DZB82TrH34z-QVKgXM9fJF0zT3ppyBHGXxEfQsk7gPqzvkJJcWAcHBDI0vkrn68f3AZgOtQni9Wvr8oUKCfVvq1n6PkoMNH4kXPiLjl4H9ji3iw1NMIENxajAonsMgkhft_xE9-7W4URsG8KPVkoYg4-fBc1vk_LtHbOCs6vOtMBniufiYEhJu3wB2JjNUyQ-yLvCiXCbYD4Nf_IsIeBGL3_PtQ4GLQUmai6GCWiwo8eU-OYp2Uog-yv1T0JJA9UmUrNMoDgR57PXV72Yy-k9XE4mQ9dfQB-mfSZ4ogmjvd3djVx1qj2Ffl518tXXcvvIjMmFVu5KsKwrjBY1ZOVHf47LYF4aA43OCiZgZ0qzgd9Hd7vyQGLgIPPGy-lTzMKM4zIHHMn3UC-gfy1vzMsdwTjWcP9tuIVDj1KjKOhN92dwT1XqrN3Fk16_tdmwrCUvPtWQtfDdd8OFBVzoa7IKfE9lx2F_tiJwS2IC6%26adurl%3D&us_privacy=%24%7BUS_PRIVACY%7D&ts_pId=9f38299&siteId=961ee94c58df6c&creativeUnitType=20&objectName=jvx_633842cf1620d&adUnitId=2000&jvxSessionId=1664631503.3758&base=1&creativeResolveBeginTime=1664631503000&omid=0&localTimeOffset=0&pageURL=https%3A%2F%2Fb5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-38%2Fhtml%2Fcontainer.html&allowExp=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.205.98 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-205-98.fra53.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: f284353a7cc4d97f6fe20a5155131bd43587a0f1c98a56eeaf52cff72910f47d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://as.euw1.jivox.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Fri, 30 Sep 2022 21:27:45 GMT
content-encoding: gzip
via: 1.1 2d1e1e8dc0f3eb7773ec9d89a7d50ce2.cloudfront.net (CloudFront)
last-modified: Fri, 06 May 2022 07:27:36 GMT
server: AmazonS3
x-amz-cf-pop: FRA53-C1
age: 58238
etag: "84642ab523899a6150af1489287de4de"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/x-javascript
cache-control: max-age=86400, s-maxage=86400
accept-ranges: bytes
content-length: 29294
x-amz-cf-id: sv5zvBd-7ctyOlYMcVLLtjPyyJZ0TOr91SgyORfp2BLj8ZEF0wqZFg==

GET
H2 200 velocity-raf-disabled.min.js Show response
playercdn.jivox.com/1651821427/unit/js/gz/ Frame 4927 34 KB
12 KB 76ms
22ms Script
application/x-javascript 143.204.205.98
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://playercdn.jivox.com/1651821427/unit/js/gz/velocity-raf-disabled.min.js
Requested by: Host: as.euw1.jivox.com
URL: https://as.euw1.jivox.com/unit/layout_renderer.php?es_pId=9f38299&isDynamic=1&campaignId=159897&gdpr_consent=&dspId=DBM&bDim=300x250&ap_DataSignal1=18269839860&jvxVer=2&gdpr=&bUnitId=2000&r=1664631501850674&cMacro=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCB-kDzUI4Y_L1M5ms9u8PrdWLyAnJ3tjBbMify9vdEN_kor3AARABIO_2kCFglYKAgKAHoAHm497pAsgBCakCFoTab7hxsD6oAwGqBO0BT9Ce4HNOHhFVqnPnTnflrO7RyyNBarJ6B7Aj_JF19_3tdRv-taLHNeUu7zUKnJC1PIsYC8nvQzPtKx2W0MEbnER6jkBwi9sA-8O71R1ohavLpUjX91qDOa7f10WOt78MrAjtfi7ZwLAdMXMkWkT-akUBCl5OOi76DLRe1yXTHczLRr63pQEev9JOtcJ2-xm6fJok4FjB9BVujjUVXHlwWt5xNu_9JmmUO36qFfXyxdyBryluk2JyhBDu2ov7n1A_rYfTmHhW3Zf2_YtOiAv2IMl5W5OYFxsSE4t8bPz2i3E4s64kn7ZqU4LAl4USwASR1Yu9kgTgBAOQBgGgBk2AB4KcoZYBqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgH35-xAtgHANIIEQiA4YAQEAEYHTICqgI6AoBAgAoDmAsByAsBgAwBsBPG6McQ0BMA2BMN2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAASJeRo6x_F_ff-rWyeeOXrhXXxZEVwn9dFbwrJbvAUU6GZpYTHzAM%26sig%3DAOD64_0SFm02YNJ4ggWP8zr-vI5VGGWC9g%26client%3Dca-pub-4627517680249670%26dbm_c%3DAKAmf-C3PeD9duwzJ08zdFLunA_q-6Tv406ifyM94DXwTzZrbUIQvq-Dp2JWg4KmpNa1HLhkdZIqhTUUitatTGmOHNsBd6BHobZr-JkxuEZtrVK_p_NENoR7aZIfLoCS_nDb6O0qQL8p6DfjgHp_JgmcxsJtOQDrFkyjYJlyORi4ZQbxwXSQQxQ%26cry%3D1%26dbm_d%3DAKAmf-D-SAL_SJyk9A3ZN5aaLmYYD2vZCX7g0YybWwU2WjoovPJhEG5T-OgXkpEUHYy4v1y0Gc5gUFvuKt88lbWxD7-scp3oIlle9-9Tr_sPkQikOMgUXX7I3XVB0ZMxerlimYfSRiC8Yq_Z7CM9v4Qbh0a62Ei3vXCyf1DZB82TrH34z-QVKgXM9fJF0zT3ppyBHGXxEfQsk7gPqzvkJJcWAcHBDI0vkrn68f3AZgOtQni9Wvr8oUKCfVvq1n6PkoMNH4kXPiLjl4H9ji3iw1NMIENxajAonsMgkhft_xE9-7W4URsG8KPVkoYg4-fBc1vk_LtHbOCs6vOtMBniufiYEhJu3wB2JjNUyQ-yLvCiXCbYD4Nf_IsIeBGL3_PtQ4GLQUmai6GCWiwo8eU-OYp2Uog-yv1T0JJA9UmUrNMoDgR57PXV72Yy-k9XE4mQ9dfQB-mfSZ4ogmjvd3djVx1qj2Ffl518tXXcvvIjMmFVu5KsKwrjBY1ZOVHf47LYF4aA43OCiZgZ0qzgd9Hd7vyQGLgIPPGy-lTzMKM4zIHHMn3UC-gfy1vzMsdwTjWcP9tuIVDj1KjKOhN92dwT1XqrN3Fk16_tdmwrCUvPtWQtfDdd8OFBVzoa7IKfE9lx2F_tiJwS2IC6%26adurl%3D&us_privacy=%24%7BUS_PRIVACY%7D&ts_pId=9f38299&siteId=961ee94c58df6c&creativeUnitType=20&objectName=jvx_633842cf1620d&adUnitId=2000&jvxSessionId=1664631503.3758&base=1&creativeResolveBeginTime=1664631503000&omid=0&localTimeOffset=0&pageURL=https%3A%2F%2Fb5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-38%2Fhtml%2Fcontainer.html&allowExp=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.205.98 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-205-98.fra53.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: fa85a4366200f608a99ecf4b1b933babdd9c5662cbe5d518b3daa57e53dbd85b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://as.euw1.jivox.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Sat, 01 Oct 2022 00:24:45 GMT
content-encoding: gzip
via: 1.1 2d1e1e8dc0f3eb7773ec9d89a7d50ce2.cloudfront.net (CloudFront)
last-modified: Fri, 06 May 2022 07:27:53 GMT
server: AmazonS3
x-amz-cf-pop: FRA53-C1
age: 47619
etag: "6db08f58b76a3c4459a454a7acf752ca"
x-cache: Hit from cloudfront
content-type: application/x-javascript
cache-control: max-age=86400, s-maxage=86400
accept-ranges: bytes
content-length: 12405
x-amz-cf-id: 1jxMFJm_mFDYuD4hdr00UxpAFtJkku2u52hJOmoz9f4i5FsZ8lR8dw==

GET
H2 200 jivoxWidgetApiV2.min.js Show response
playercdn.jivox.com/1651821427/widgets/jivoxWidgetApi/gz/ Frame 4927 29 KB
6 KB 76ms
23ms Script
application/x-javascript 143.204.205.98
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://playercdn.jivox.com/1651821427/widgets/jivoxWidgetApi/gz/jivoxWidgetApiV2.min.js
Requested by: Host: as.euw1.jivox.com
URL: https://as.euw1.jivox.com/unit/layout_renderer.php?es_pId=9f38299&isDynamic=1&campaignId=159897&gdpr_consent=&dspId=DBM&bDim=300x250&ap_DataSignal1=18269839860&jvxVer=2&gdpr=&bUnitId=2000&r=1664631501850674&cMacro=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCB-kDzUI4Y_L1M5ms9u8PrdWLyAnJ3tjBbMify9vdEN_kor3AARABIO_2kCFglYKAgKAHoAHm497pAsgBCakCFoTab7hxsD6oAwGqBO0BT9Ce4HNOHhFVqnPnTnflrO7RyyNBarJ6B7Aj_JF19_3tdRv-taLHNeUu7zUKnJC1PIsYC8nvQzPtKx2W0MEbnER6jkBwi9sA-8O71R1ohavLpUjX91qDOa7f10WOt78MrAjtfi7ZwLAdMXMkWkT-akUBCl5OOi76DLRe1yXTHczLRr63pQEev9JOtcJ2-xm6fJok4FjB9BVujjUVXHlwWt5xNu_9JmmUO36qFfXyxdyBryluk2JyhBDu2ov7n1A_rYfTmHhW3Zf2_YtOiAv2IMl5W5OYFxsSE4t8bPz2i3E4s64kn7ZqU4LAl4USwASR1Yu9kgTgBAOQBgGgBk2AB4KcoZYBqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgH35-xAtgHANIIEQiA4YAQEAEYHTICqgI6AoBAgAoDmAsByAsBgAwBsBPG6McQ0BMA2BMN2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAASJeRo6x_F_ff-rWyeeOXrhXXxZEVwn9dFbwrJbvAUU6GZpYTHzAM%26sig%3DAOD64_0SFm02YNJ4ggWP8zr-vI5VGGWC9g%26client%3Dca-pub-4627517680249670%26dbm_c%3DAKAmf-C3PeD9duwzJ08zdFLunA_q-6Tv406ifyM94DXwTzZrbUIQvq-Dp2JWg4KmpNa1HLhkdZIqhTUUitatTGmOHNsBd6BHobZr-JkxuEZtrVK_p_NENoR7aZIfLoCS_nDb6O0qQL8p6DfjgHp_JgmcxsJtOQDrFkyjYJlyORi4ZQbxwXSQQxQ%26cry%3D1%26dbm_d%3DAKAmf-D-SAL_SJyk9A3ZN5aaLmYYD2vZCX7g0YybWwU2WjoovPJhEG5T-OgXkpEUHYy4v1y0Gc5gUFvuKt88lbWxD7-scp3oIlle9-9Tr_sPkQikOMgUXX7I3XVB0ZMxerlimYfSRiC8Yq_Z7CM9v4Qbh0a62Ei3vXCyf1DZB82TrH34z-QVKgXM9fJF0zT3ppyBHGXxEfQsk7gPqzvkJJcWAcHBDI0vkrn68f3AZgOtQni9Wvr8oUKCfVvq1n6PkoMNH4kXPiLjl4H9ji3iw1NMIENxajAonsMgkhft_xE9-7W4URsG8KPVkoYg4-fBc1vk_LtHbOCs6vOtMBniufiYEhJu3wB2JjNUyQ-yLvCiXCbYD4Nf_IsIeBGL3_PtQ4GLQUmai6GCWiwo8eU-OYp2Uog-yv1T0JJA9UmUrNMoDgR57PXV72Yy-k9XE4mQ9dfQB-mfSZ4ogmjvd3djVx1qj2Ffl518tXXcvvIjMmFVu5KsKwrjBY1ZOVHf47LYF4aA43OCiZgZ0qzgd9Hd7vyQGLgIPPGy-lTzMKM4zIHHMn3UC-gfy1vzMsdwTjWcP9tuIVDj1KjKOhN92dwT1XqrN3Fk16_tdmwrCUvPtWQtfDdd8OFBVzoa7IKfE9lx2F_tiJwS2IC6%26adurl%3D&us_privacy=%24%7BUS_PRIVACY%7D&ts_pId=9f38299&siteId=961ee94c58df6c&creativeUnitType=20&objectName=jvx_633842cf1620d&adUnitId=2000&jvxSessionId=1664631503.3758&base=1&creativeResolveBeginTime=1664631503000&omid=0&localTimeOffset=0&pageURL=https%3A%2F%2Fb5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-38%2Fhtml%2Fcontainer.html&allowExp=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.205.98 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-205-98.fra53.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: f6c84a15873bbae73ff06857139327b85a6869fa0e21d36666aa2bb5d9bbb19b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://as.euw1.jivox.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Fri, 30 Sep 2022 21:27:46 GMT
content-encoding: gzip
via: 1.1 2d1e1e8dc0f3eb7773ec9d89a7d50ce2.cloudfront.net (CloudFront)
last-modified: Fri, 06 May 2022 07:29:25 GMT
server: AmazonS3
x-amz-cf-pop: FRA53-C1
age: 58238
etag: "2a0e0abd8f7f11fb012a534ea115a29a"
x-cache: Hit from cloudfront
content-type: application/x-javascript
cache-control: max-age=86400, s-maxage=86400
accept-ranges: bytes
content-length: 5987
x-amz-cf-id: zuovwDgKGYbGMSNhgY9MK1cIrJik7tgCu02Gf4jwDicuKKr56C529w==

GET
H3 200 null-leasing-logo-final_white_1.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17626451119355985920/ Frame 2446 2 KB
2 KB 30ms
28ms Image
image/png 2a00:1450:400d:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17626451119355985920/null-leasing-logo-final_white_1.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:806::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

62cdccf1ab4b4215586295612a4a2ef96fa490250fa96dbccc565f659cab86ab

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
date: Mon, 26 Sep 2022 14:18:10 GMT
x-content-type-options: nosniff
age: 429613
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1738
x-xss-protection: 0
last-modified: Mon, 03 May 2021 14:21:52 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Tue, 26 Sep 2023 14:18:10 GMT

GET
H3 200 autos_licht_1.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17626451119355985920/ Frame 2446 6 KB
6 KB 31ms
29ms Image
image/png 2a00:1450:400d:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17626451119355985920/autos_licht_1.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:806::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a87352099e9b3946d71f4f73c69f9217ef99278088a177d5eef09df78c11e4ae

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
date: Mon, 26 Sep 2022 14:18:10 GMT
x-content-type-options: nosniff
age: 429613
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5867
x-xss-protection: 0
last-modified: Mon, 03 May 2021 14:21:52 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Tue, 26 Sep 2023 14:18:10 GMT

GET
H3 200 autos.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17626451119355985920/ Frame 2446 48 KB
48 KB 32ms
30ms Image
image/png 2a00:1450:400d:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17626451119355985920/autos.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:806::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1c45bfa2dc80f54eb8564aa778a0929a00811168617ee6340cc59f0af48e5cca

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
date: Mon, 26 Sep 2022 14:18:10 GMT
x-content-type-options: nosniff
age: 429613
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 49113
x-xss-protection: 0
last-modified: Mon, 03 May 2021 14:21:52 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Tue, 26 Sep 2023 14:18:10 GMT

GET
H3 200 hintergrund_plain.jpg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17626451119355985920/ Frame 2446 30 KB
30 KB 34ms
32ms Image
image/jpeg 2a00:1450:400d:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17626451119355985920/hintergrund_plain.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:806::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

969231fe165a93933d6908d45bfa09c364b66de37160efea47d87d18d7d37bd8

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
date: Mon, 26 Sep 2022 14:18:10 GMT
x-content-type-options: nosniff
age: 429613
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 30604
x-xss-protection: 0
last-modified: Mon, 03 May 2021 14:21:52 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Tue, 26 Sep 2023 14:18:10 GMT

GET
H3 200 gnLtmcL-mn53pq-EJRMXOCFACjpZd0iqiIv80oTeKas.js Show response
pagead2.googlesyndication.com/bg/ Frame B119 36 KB
16 KB 29ms
28ms Script
text/javascript 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/gnLtmcL-mn53pq-EJRMXOCFACjpZd0iqiIv80oTeKas.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8272ed99c2fe9a7e77a6af842513173821400a3a597748aa888bfcd284de29ab

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Wed, 28 Sep 2022 19:21:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 238631
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16010
x-xss-protection: 0
last-modified: Tue, 27 Sep 2022 16:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 28 Sep 2023 19:21:12 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 7E14 1 KB
751 B 30ms
29ms Document
text/html 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com
URL: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 22071
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=86400
content-encoding: gzip
content-length: 724
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 01 Oct 2022 07:30:32 GMT
etag: 48472445140208031
expires: Sun, 02 Oct 2022 07:30:32 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame AA87 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f5058623ef093478fb73cf4322ffed1b85f77f015ed878922a4eae56aa16e7a8

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 204 current
dclk-match.dotomi.com/match/bounce/ Frame 3751 0
104 B 124ms
26ms Image
text/plain 2a02:fa8:8806:12::1370
VCLK-EU-SE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dclk-match.dotomi.com/match/bounce/current?networkId=14000&version=1&google_gid=CAESEGceYQiHRBLtLVd57h7WU2Q&google_cver=1&google_push=AZmPxg8iUaOtyAIUumnGh8FWlQCKaS3oFsz5hQG8Ta3W_Y6OlT-65TJuCt5LHTDPFsvWnBF-5dvx4g9qzbfpLoBxisTdFLV0hQ
Requested by: Host: b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com
URL: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:fa8:8806:12::1370 , Singapore, ASN41041 (VCLK-EU-SE, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 01 Oct 2022 13:38:23 GMT
cache-control: no-cache, private, max-age=0, no-store
server: nginx
expires: 0

GET
H3 200 dds
rtb.openx.net/sync/ Frame 3751 43 B
64 B 34ms
32ms Image
image/gif 35.186.253.211
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.openx.net/sync/dds?google_gid=CAESEGBx3PQBulRqspWmHCWhE1s&google_cver=1&google_push=AZmPxg8eeVwvk9DxY2nGO-avVadOeS6Zx9kbupOAK2v4LOvQsy2hWuj4TjzoHFYNifSlXcELUPx3QlHulLGXjLpUy4SEzf0m1mA
Requested by: Host: b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com
URL: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.186.253.211 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 211.253.186.35.bc.googleusercontent.com
Software: Cowboy /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 01 Oct 2022 13:38:23 GMT
via: 1.1 google
server: Cowboy
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: null
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
x-request-id: n7k84cbptjt7hqkjfne3m0hc5a2nuq7m

GET
H2 200 UCookieSetPug
image6.pubmatic.com/AdServer/ Frame 3751 0
41 B 213ms
18ms Image
text/html 185.64.190.78
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEM6bIv976g2vNH_0esZFzQ0&google_cver=1&google_push=AZmPxg-9RkBQHAi3VCzi4AcDqpuGYnmfF7XF3lYY6Cv-KuMRwjBQ953N7HEm3pr9M3REqrfwQTdv8E92WV4RBnEGTCryWdL4aSQ
Requested by: Host: b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com
URL: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.78 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
date: Sat, 01 Oct 2022 13:38:24 GMT
content-length: 0
content-type: text/html; charset=UTF-8

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 3751
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESELtBR-BBdOBs_SSzFsKovKY&google_cver=1&googl...
https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESELtBR-BBdOBs_SSzFsKovKY&google_hm=YzhCz_ry9XBwdZPxX9EfRAAABFMAAAIB&google_nid=index&google_push=AZmPxg9Wgf4yPPXmK0JBAEHJpJzAZnJ4Piusr...

170 B
188 B

25ms
24ms

Image
image/png

216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESELtBR-BBdOBs_SSzFsKovKY&google_hm=YzhCz_ry9XBwdZPxX9EfRAAABFMAAAIB&google_nid=index&google_push=AZmPxg9Wgf4yPPXmK0JBAEHJpJzAZnJ4PiusrUHckLSM3Umd5Txa1yrD0kTS3Je8YxBn6G-wAN-KIR0QR4mwzs12YrQ6NddDul8

Requested by

Host: b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com
URL: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 01 Oct 2022 13:38:23 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 01 Oct 2022 13:38:23 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AjR3BvuNg9SyU4iAWrUCMT2YnHSkUrQGbWVI4OiM4UcEma1SX2hdVHiKRa5smGut6KwDfiEUUaLW8%2BhUoUW2LYfYezbPrDuitCID7ytYWV56JrcuQ%2F28wDve9ear2LJDT0wSmbd8FJbFjw%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
location: https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESELtBR-BBdOBs_SSzFsKovKY&google_hm=YzhCz_ry9XBwdZPxX9EfRAAABFMAAAIB&google_nid=index&google_push=AZmPxg9Wgf4yPPXmK0JBAEHJpJzAZnJ4PiusrUHckLSM3Umd5Txa1yrD0kTS3Je8YxBn6G-wAN-KIR0QR4mwzs12YrQ6NddDul8
cache-control: no-cache
cf-ray: 753599334f909237-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 0
expires: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 3751
Redirect Chain

https://match.360yield.com/match/ebda?google_gid=CAESEBXX2FWsgy36jhd3a_dDpA0&google_cver=1&google_push=AZmPxg8MVJDrACXYt2QkcdJyn2PO2gWMINWMJdB-AyyiKxmPY66bIWDFpxXhUhSPH07ZG2TWUCOtN4ZEkjV8K-Z8-138Gr...
https://match.360yield.com/ul_cb/match/ebda?google_gid=CAESEBXX2FWsgy36jhd3a_dDpA0&google_cver=1&google_push=AZmPxg8MVJDrACXYt2QkcdJyn2PO2gWMINWMJdB-AyyiKxmPY66bIWDFpxXhUhSPH07ZG2TWUCOtN4ZEkjV8K-Z8...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=oJXi4eaBQcaL2zCSdQJJBg&google_push=AZmPxg8MVJDrACXYt2QkcdJyn2PO2gWMINWMJdB-AyyiKxmPY66bIWDFpxXhUhSPH07ZG2TWUCOtN4ZEkjV8K-Z...

170 B
188 B

27ms
26ms

Image
image/png

216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=oJXi4eaBQcaL2zCSdQJJBg&google_push=AZmPxg8MVJDrACXYt2QkcdJyn2PO2gWMINWMJdB-AyyiKxmPY66bIWDFpxXhUhSPH07ZG2TWUCOtN4ZEkjV8K-Z8-138GrQilpQ

Requested by

Host: b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com
URL: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 01 Oct 2022 13:38:24 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=oJXi4eaBQcaL2zCSdQJJBg&google_push=AZmPxg8MVJDrACXYt2QkcdJyn2PO2gWMINWMJdB-AyyiKxmPY66bIWDFpxXhUhSPH07ZG2TWUCOtN4ZEkjV8K-Z8-138GrQilpQ
access-control-allow-origin: *
date: Sat, 01 Oct 2022 13:38:24 GMT
content-type: text/plain
content-length: 0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 3751
Redirect Chain

https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEDCgXYQ-qzOvdbVfKDf2wqk&google_cver=1&google_push=AZmPxg_puHCGTrEbRyG1LlGW8AAi5pLllKzKccOmC067w0Ps2bIvZRM3I7MJinST70KbZDI_r8...
https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS1vS082RHVwRTJ1SDZ6V1k1aExEVHpMYVZab0tRWU1mRX5B&google_push=AZmPxg_puHCGTrEbRyG1LlGW8AAi5pLllKzKccOmC067w0Ps2bIvZRM3I...

170 B
188 B

25ms
24ms

Image
image/png

216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS1vS082RHVwRTJ1SDZ6V1k1aExEVHpMYVZab0tRWU1mRX5B&google_push=AZmPxg_puHCGTrEbRyG1LlGW8AAi5pLllKzKccOmC067w0Ps2bIvZRM3I7MJinST70KbZDI_r8e5a-gflpSKSV3qTy4NRyL_zCQV

Requested by

Host: b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com
URL: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 01 Oct 2022 13:38:23 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS1vS082RHVwRTJ1SDZ6V1k1aExEVHpMYVZab0tRWU1mRX5B&google_push=AZmPxg_puHCGTrEbRyG1LlGW8AAi5pLllKzKccOmC067w0Ps2bIvZRM3I7MJinST70KbZDI_r8e5a-gflpSKSV3qTy4NRyL_zCQV
date: Sat, 01 Oct 2022 13:38:23 GMT
strict-transport-security: max-age=31536000
server: ATS/9.1.10.25
age: 0
content-length: 0
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H2 200 um
sync.teads.tv/ Frame 3751 23 B
172 B 65ms
64ms Image
image/gif 2.18.69.48
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um?eid=3&uid=&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_ab%26google_hm%3D%5BVID_B64%5D&google_gid=CAESELUF6ObQTtuEM30OOPFfjjI&google_cver=1&google_push=AZmPxg_wwWiZDv4Xyslah0hGSKNXn_KxFnbpZW_l9wdnPih6u9AoKevG6Hh68Vq0HMel-TJy9dwvdIrImOYyBjWzaZNRvtoCVNhE
Requested by: Host: b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com
URL: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.18.69.48 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-69-48.deploy.static.akamaitechnologies.com
Software: akka-http/10.2.9 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

expires: Sat, 01 Oct 2022 13:38:23 GMT
pragma: no-cache
date: Sat, 01 Oct 2022 13:38:23 GMT
cache-control: max-age=0, no-cache, no-store
server: akka-http/10.2.9
content-length: 23
content-type: image/gif

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 3751 0
12 B 30ms
29ms Image
text/html 216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13LLiu_J3tDN0mtfYva8yTi6zPEH35g0Z5dmbgOOT8dVKnnE3NyK8JUwtFEDG5ctJyuyi87iNto

Requested by

Host: b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com
URL: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Sat, 01 Oct 2022 13:38:23 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H2 200 0207dc75df644129bda22b14d2f2f569_1478a1f5451aedbe368e387294c523a3.woff
static.criteo.net/design/dt/2861/220829/ Frame C3C4 43 KB
21 KB 63ms
27ms Font
application/octet-stream 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/design/dt/2861/220829/0207dc75df644129bda22b14d2f2f569_1478a1f5451aedbe368e387294c523a3.woff

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

73bacec85f74494351eec93ba493870da5ba3a19afacf211edb4124ffd695d7a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
Origin: https://ads.eu.criteo.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Sat, 01 Oct 2022 13:38:23 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Mon, 29 Aug 2022 15:04:47 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"630cd58f-ab48"
content-type: text/plain; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Tue, 26 Sep 2023 13:38:23 GMT

POST
H2 200 all
csm.eu.criteo.net/ Frame C3C4 0
128 B 63ms
13ms Ping
text/plain 178.250.2.150
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://csm.eu.criteo.net/all?cppv=3&cpp=oj_8KP8uh5_lAhvOGRi-ILXnJ9HyntLqqQH812sEBWax7ElAofhQihy2JsjX239P2tdL2oYzDTFbFo9DAYZ9n34fSL4lXqimFCLsxOUecXr63TxFMUAJzbgNaij3sqKBZUYXJFqsKLwl962I_yPhtz3FAiLQNILupndl0KDhcFqeJJNxXyJminuFPOQH2e5eT7vFu8X337tI-zfu4Y8XlWDhVLusTFmffsFT_eA_PGBHjKqp7gY8VpO-6ubZ-EXO7q9mFxfrNJJAjeW1&sds=2&rev=82884&sendBeacon=true

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.150 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Sat, 01 Oct 2022 13:38:23 GMT
strict-transport-security: max-age=31536000; preload;
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0

GET
H2 200 criteo_logo_2021.svg
static.criteo.net/flash/icon/ Frame C3C4 2 KB
1 KB 15ms
15ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/criteo_logo_2021.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Sat, 01 Oct 2022 13:38:23 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 27 May 2021 13:21:59 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"60af9cf7-891"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Tue, 26 Sep 2023 13:38:23 GMT

GET
H2 200 privacy.svg
static.criteo.net/flash/icon/ Frame C3C4 2 KB
1 KB 17ms
17ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Sat, 01 Oct 2022 13:38:23 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 19 Feb 2020 10:57:21 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e4d1491-646"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Tue, 26 Sep 2023 13:38:23 GMT

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 7144 0
12 B 28ms
28ms Image
text/plain 2a00:1450:400d:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?fxTLPw
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:400d:806::2001 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Sat, 01 Oct 2022 13:38:23 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame EAD8 22 KB
8 KB 28ms
28ms Document
text/html 2a00:1450:400d:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:806::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 195215
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 29 Sep 2022 07:24:48 GMT
expires: Fri, 29 Sep 2023 07:24:48 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 i.match
a.tribalfusion.com/ Frame 889B 43 B
610 B 312ms
301ms Image
image/gif 2606:4700:4400::ac40:98f5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://a.tribalfusion.com/i.match?p=b6&u=CAESENfNcwanhQsnuu68aZX-3E4&google_cver=1&google_push=AZmPxg_SoCeMbgFSHlq6kz98EVpgoQlOcmBuDsmrmdp3WBY8T6RE1mCzmdLT3urnzUQ-gDKKjmnW4B89LmAVMX0HomHno9uXw2Bt&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAZmPxg_SoCeMbgFSHlq6kz98EVpgoQlOcmBuDsmrmdp3WBY8T6RE1mCzmdLT3urnzUQ-gDKKjmnW4B89LmAVMX0HomHno9uXw2Bt%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
Requested by: Host: b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com
URL: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:4400::ac40:98f5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 01 Oct 2022 13:38:24 GMT
cf-cache-status: DYNAMIC
x-function: 302
server: cloudflare
content-type: image/gif; charset=utf-8
p3p: CP="NOI DEVo TAIa OUR BUS"
cache-control: no-cache, private
cf-ray: 753599336fdf927a-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 43
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 204 pixelSync
pixel-sync.sitescout.com/dmp/ Frame 889B 0
191 B 127ms
30ms Image
text/plain 66.155.71.25
COGECO-PEER1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel-sync.sitescout.com/dmp/pixelSync?nid=8&google_gid=CAESEFEQTw_cc_TbbKT1yaITZMc&google_cver=1&google_push=AZmPxg8uZ3H8S_6uKO7WaY6wmdVIJITQd5OEMeROKlsDNFAHdA42DVt9FCn9x0ANUb0BOurxAzt8LkK0AGSYdMuropwDDBAR52U
Requested by: Host: b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com
URL: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 66.155.71.25 Portsmouth, United Kingdom, ASN13768 (COGECO-PEER1, CA),
Reverse DNS
Software: AC1.1 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

p3p: CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
pragma: no-cache
date: Sat, 01 Oct 2022 13:38:23 GMT
cache-control: max-age=0,no-cache,no-store
server: AC1.1
expires: Tue, 11 Oct 1977 12:34:56 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 889B
Redirect Chain

https://x.bidswitch.net/sync?ssp=google&google_gid=CAESEIk3a5KET-Pw2XB3NZZF2Ec&google_cver=1&google_push=AZmPxg_CrQVe3pCH8tu9rzuf-C068EBkMeBUgSCF8nKH59iBYzyCdPSyOa0hy-SF2SqjU9y73tah13XJb_V9DSDsC5EK...
https://x.bidswitch.net/ul_cb/sync?ssp=google&google_gid=CAESEIk3a5KET-Pw2XB3NZZF2Ec&google_cver=1&google_push=AZmPxg_CrQVe3pCH8tu9rzuf-C068EBkMeBUgSCF8nKH59iBYzyCdPSyOa0hy-SF2SqjU9y73tah13XJb_V9DS...
https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=AZmPxg_CrQVe3pCH8tu9rzuf-C068EBkMeBUgSCF8nKH59iBYzyCdPSyOa0hy-SF2SqjU9y73tah13XJb_V9DSDsC5EKMpC29BxN&google_hm=JMdibaplRCeYkPbCOVojdA==

170 B
188 B

24ms
24ms

Image
image/png

216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=AZmPxg_CrQVe3pCH8tu9rzuf-C068EBkMeBUgSCF8nKH59iBYzyCdPSyOa0hy-SF2SqjU9y73tah13XJb_V9DSDsC5EKMpC29BxN&google_hm=JMdibaplRCeYkPbCOVojdA==

Requested by

Host: b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com
URL: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 01 Oct 2022 13:38:24 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: //cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=AZmPxg_CrQVe3pCH8tu9rzuf-C068EBkMeBUgSCF8nKH59iBYzyCdPSyOa0hy-SF2SqjU9y73tah13XJb_V9DSDsC5EKMpC29BxN&google_hm=JMdibaplRCeYkPbCOVojdA==
Date: Sat, 01 Oct 2022 13:38:24 GMT
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 889B
Redirect Chain

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEMaJ0OvVOafl8CADIA49-bY&google_cver=1&google_push=AZmPxg-_DWudieZ_8Fntnlf_BPQUb3enBxONjNLeLmKYXP9zUZ_Ql1DVyz4JCDZSmjsGrXsf6CwDguUluUb0hn89iKlNaTr...
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AZmPxg-_DWudieZ_8Fntnlf_BPQUb3enBxONjNLeLmKYXP9zUZ_Ql1DVyz4JCDZSmjsGrXsf6CwDguUluUb0hn89iKlNaTrzEh3-&google_hm=Nzc4NTUwOTY3MDY1MDg5Nj...

170 B
188 B

31ms
30ms

Image
image/png

216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AZmPxg-_DWudieZ_8Fntnlf_BPQUb3enBxONjNLeLmKYXP9zUZ_Ql1DVyz4JCDZSmjsGrXsf6CwDguUluUb0hn89iKlNaTrzEh3-&google_hm=Nzc4NTUwOTY3MDY1MDg5NjIzMw%3D%3D

Requested by

Host: b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com
URL: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 01 Oct 2022 13:38:24 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Sat, 01 Oct 2022 13:38:23 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
server: ATS
content-security-policy: sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
location: https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AZmPxg-_DWudieZ_8Fntnlf_BPQUb3enBxONjNLeLmKYXP9zUZ_Ql1DVyz4JCDZSmjsGrXsf6CwDguUluUb0hn89iKlNaTrzEh3-&google_hm=Nzc4NTUwOTY3MDY1MDg5NjIzMw%3D%3D
content-length: 0

GET
H2 200 UCookieSetPug
image6.pubmatic.com/AdServer/ Frame 889B 0
166 B 159ms
17ms Image
text/html 185.64.190.78
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEM6bIv976g2vNH_0esZFzQ0&google_cver=1&google_push=AZmPxg8hMTaBRxbO_l0Dmk12NhN3TgEn-NNnqrI2a4KFGyWmKttV5Ueoc8_UrjCuCGY_H2QT80UEMch6RRSSjObpPKMWf0qHKFWW
Requested by: Host: b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com
URL: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.78 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
date: Sat, 01 Oct 2022 13:38:23 GMT
content-length: 0
content-type: text/html; charset=UTF-8

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 889B
Redirect Chain

https://match.360yield.com/match/ebda?google_gid=CAESEBXX2FWsgy36jhd3a_dDpA0&google_cver=1&google_push=AZmPxg9OT-4l5PnT4K8Jzt8fH3XtRWGDW8xvMI7EG72FCwQ2ATIIKC9kGm8Z4MAmk89x5pUYHZbYZf2jZ8fQtFN04VKLFV...
https://match.360yield.com/ul_cb/match/ebda?google_gid=CAESEBXX2FWsgy36jhd3a_dDpA0&google_cver=1&google_push=AZmPxg9OT-4l5PnT4K8Jzt8fH3XtRWGDW8xvMI7EG72FCwQ2ATIIKC9kGm8Z4MAmk89x5pUYHZbYZf2jZ8fQtFN0...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=oJXi4eaBQcaL2zCSdQJJBg&google_push=AZmPxg9OT-4l5PnT4K8Jzt8fH3XtRWGDW8xvMI7EG72FCwQ2ATIIKC9kGm8Z4MAmk89x5pUYHZbYZf2jZ8fQtFN...

170 B
188 B

25ms
25ms

Image
image/png

216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=oJXi4eaBQcaL2zCSdQJJBg&google_push=AZmPxg9OT-4l5PnT4K8Jzt8fH3XtRWGDW8xvMI7EG72FCwQ2ATIIKC9kGm8Z4MAmk89x5pUYHZbYZf2jZ8fQtFN04VKLFV2fu3II

Protocol

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 01 Oct 2022 13:38:24 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=oJXi4eaBQcaL2zCSdQJJBg&google_push=AZmPxg9OT-4l5PnT4K8Jzt8fH3XtRWGDW8xvMI7EG72FCwQ2ATIIKC9kGm8Z4MAmk89x5pUYHZbYZf2jZ8fQtFN04VKLFV2fu3II
access-control-allow-origin: *
date: Sat, 01 Oct 2022 13:38:24 GMT
content-type: text/plain
content-length: 0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

GET
H2 200 um
sync.teads.tv/ Frame 889B 23 B
172 B 58ms
57ms Image
image/gif 2.18.69.48
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um?eid=3&uid=&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_ab%26google_hm%3D%5BVID_B64%5D&google_gid=CAESELUF6ObQTtuEM30OOPFfjjI&google_cver=1&google_push=AZmPxg_zr-gkZyDOELdpCvgylWLpgy9UCZwydiuIZnc4vV-76JKq0vhYnUOn-ItGUv4wJFtkV31LaqKjtlrqDM3arins1JSVfk71
Requested by: Host: b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com
URL: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.18.69.48 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-69-48.deploy.static.akamaitechnologies.com
Software: akka-http/10.2.9 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

expires: Sat, 01 Oct 2022 13:38:23 GMT
pragma: no-cache
date: Sat, 01 Oct 2022 13:38:23 GMT
cache-control: max-age=0, no-cache, no-store
server: akka-http/10.2.9
content-length: 23
content-type: image/gif

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 889B 0
12 B 22ms
21ms Image
text/html 216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13KZzsbF8L3XZn51iS_mCa1t7zZMSukZWLzcEylVsolVPbZpaVYDs_fxLX7SDoZ1fEHb9bqCdw

Requested by

Host: b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com
URL: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Sat, 01 Oct 2022 13:38:23 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 gnLtmcL-mn53pq-EJRMXOCFACjpZd0iqiIv80oTeKas.js Show response
pagead2.googlesyndication.com/bg/ Frame FBA9 36 KB
16 KB 29ms
28ms Script
text/javascript 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/gnLtmcL-mn53pq-EJRMXOCFACjpZd0iqiIv80oTeKas.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8272ed99c2fe9a7e77a6af842513173821400a3a597748aa888bfcd284de29ab

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Wed, 28 Sep 2022 19:21:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 238631
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16010
x-xss-protection: 0
last-modified: Tue, 27 Sep 2022 16:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 28 Sep 2023 19:21:12 GMT

POST
H2 200 /
track.adform.net/csimpr/ Frame AA87 35 B
503 B 20ms
20ms Ping
image/gif 37.157.3.28
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/csimpr/?bn=57588194&csi=BEdR8aJDqXEsSce9a2kKapiE_rVFVP_2Ne5lCErTfI0JDwKV3Zer3DNO_9aLqjQmr8JdQoOsdjpHQKAt1Ztytt6vWmW1dlSa0

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.3.28 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Sat, 01 Oct 2022 13:38:23 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET, POST
content-type: image/gif
access-control-allow-origin: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
expires: -1

GET
H2 200 55203148.gif
s1.adform.net/Banners/55203148/ Frame AA87 198 KB
199 KB 23ms
23ms Image
image/gif 37.157.2.249
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s1.adform.net/Banners/55203148/55203148.gif?bv=2
Requested by: Host: b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com
URL: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.2.249 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: cffefa7393b0df0b5a0a111345b5ed43e9bf7e70d5b49cddbf8b44bd49880412

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Sat, 01 Oct 2022 13:38:23 GMT
last-modified: Wed, 31 Aug 2022 09:00:40 GMT
server: nginx
x-amz-request-id: tx00000a7ed2a00670f1f15-0063384055-3293bf9a-default
etag: "6fa539af07cbee5d5c6aa607c1f61b8c"
x-cache-status: HIT
content-type: image/gif
access-control-allow-origin: *
access-control-expose-headers: Content-Range,Content-Length
x-rgw-object-type: Normal
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 203172

GET
H3 200 728x90_atlas_1.png
s0.2mdn.net/sadbundle/9550724388066307941/images/ Frame B8D4 199 KB
200 KB 31ms
30ms Image
image/png 2a00:1450:400d:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/9550724388066307941/images/728x90_atlas_1.png

Requested by

Host: b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com
URL: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80e::2006 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a4f92ae0d3ab6cc4e73bcc03c1d415ebbdd2ffc7fe5582c93dd0a70155f5f907

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/9550724388066307941/728x90.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Thu, 29 Sep 2022 04:05:19 GMT
x-content-type-options: nosniff
age: 207184
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 204259
x-xss-protection: 0
last-modified: Fri, 16 Sep 2022 15:06:30 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 29 Sep 2023 04:05:19 GMT

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame C2DA 0
26 B 124ms
65ms Ping
image/gif 142.251.39.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsucKC8muxdTKyuxhmK9p6dhOKWMsBGg_VynaxMI28p9OuECpFgM9FO8wnsRE_9i8fcYdcPteH-tRnBodQXRvD_mimIJgvHdDcM4LXlvM4Luj0pR3ngZuVZD5Qe23Zf86wJrglmzvUKVImeHMk9YxyT0MzduJIr14f-WfXXEDI9ZD3hFi-_sUS4BFNVTY62ebyEpYN94K7MpDpsX9gL7sIYNTON9SeiOUiyiV7cQ1GmJ1S-fpwLfpAO46CgCyXcWlbOtkOpmiREIpD9XPAra3hhPm4BpmNqcbM0szzdslcO1cGMr-AyBAKXGOc9AUPK6p3iXqCw9LWFI11OE3o8jmYFPhCKN8aVfuOrLjA_UcdQpBf_NPyA2tvM1-hPGLocIzYfyI65oSeDA25-3wcePjF7mLCZ5jxaONwvB1Sr8pDP230P3xAN3LvBsabiionFpZvzPu7dLIyOjta5cdFawA7tqPXmt4N3SyThqL7XATqrFgV3z40mTha_USAafePq_QrDlWvYERkROXaAOCBFjv6LsaKc638jUS6VfYUiahmlN8Y6-x25rGJ_VTA-y2jNZgL3a2dnkSKr1vYh4yCcOvz7xO_EwwQnvOLBdT9-CoTdyUbaudU6GntD5_I_fDbOf6oXoTeDHUZ7O4_ip9e1pbTrgbdVLHT3xbHxShjeGtysZ42RuwU4t0vqCmfkfU_PLXcwedSjSFxJ4zjGljdQAV8FU-C3-qM4pM52j0xReNzEPANa8-v_jhycCTY-JpgoVMkmz78nr-RSPVUVVocm-KQEHHdXapnvo_PoNwTtScFkHZDIzhQ6Br2pmpWRrNyzaexNvI2wuLnrac2xVY3trOfd1iZCXRZ1Y16zTXUgtfFHjGwZDtlx98UaWLg3qlIa3wAPUPXVt7JwNuRfhn8ZYIfxFAvmG4W9MXJTgATmyBtddTEvK6G9w3iYKX4nnsXUabUOkzTraNaFTc0Y5epbkeyRysUEo2NtOE9H585NIM5_cR09iKQdxIeaUsSzRZm28PMa3GYIZA1gz_PR24ITI43HGNTYlnAQDFUT2KKL_SU6RsJ-HHq5kjTzDne7-ZWcRHRIiJFubNK_lwegL4NEnR8P8G84-Uuyp613ytzjJhRw7E0HxJveAiw5mmlkdohlZjGje0swJ_O1UKe8kH8TZq2T9tqfWQNcNU03AKJ0eCcAEI_dcJyyEnziGbT0e9QrMBEzE_iC87qq5GkzOzljLYqQ-BCSd0w9XfNYS&sai=AMfl-YRXwp10vIM3G8loBXU3dYOKXhDI3AjURs-k6qtAoV8WEfxCtCLlNcbTxtg09GCWB-TAqEzv5j_UFydKppqDOtOc7MszZ2XbEX004cNalWuDAkfAO9LeYwoIG9rq1OQZD29bIIN7IpgeIwtzIP_wd3csbQ7bC4SLoJ9dtEqq3dNV4unZgepk06qFGwC1tn4SExgene5xx6-snl1IF_BXMHUmGprjlA&sig=Cg0ArKJSzKS-cZ6Fj_B5EAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=808&vt=11&dtpt=455&dett=3&cstd=350&cisv=r20220928.66218&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&adurl=

Requested by

Host: www.123greetings.com
URL: https://www.123greetings.com/events/national_day_china/?utm_source=eoct_nationalday_china_remail

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.39.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bud02s39-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Sat, 01 Oct 2022 13:38:24 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H2

200

/
r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/ Frame 7E14
Redirect Chain

https://ad.turn.com/r/cs?pid=3&google_gid=CAESEBng9x3Ih3d76barRIKfTbs&google_cver=1&google_push=AZmPxg8PFmhYciZV2fhnRGT6sK7voN4Jj9UNsKdYWBkhbOk7XehT_MEgxLnUhoT5IPJ_OI-4cSnqu9VVAkYSSrwYhSVrNAAvRfnS
https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=ODMyNzEwNjcwNDQ5MTc0OTU1NQ==&gdpr=&gdpr_consent=
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEBng9x3Ih3d76barRIKfTbs&google_cver=1

43 B
398 B

15ms
15ms

Image
image/gif

2001:678:cb4:bbbb::11
AMOBEE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEBng9x3Ih3d76barRIKfTbs&google_cver=1
Protocol: H2
Server: 2001:678:cb4:bbbb::11 , United Kingdom, ASN56396 (AMOBEE, GB),
Reverse DNS
Software: /
Resource Hash: 48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Sat, 01 Oct 2022 13:38:23 GMT
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length: 43
p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

Redirect headers

pragma: no-cache
date: Sat, 01 Oct 2022 13:38:24 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEBng9x3Ih3d76barRIKfTbs&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dpixel
cms.quantserve.com/ Frame 7E14 35 B
464 B 63ms
10ms Image
image/gif 2620:116:800d:21:c5a4:625:6563:a5bb
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEK1yp1SP4HDPLO2yQCSm5-8&google_cver=1&google_push=AZmPxg8TmFc3yzSPLLs0Efn-lGCQKrIgcwT53IVdYm8BL3_-Xoh5e-WM2r1M3LCjBym0n50Ulottr9Od2OcBktuN9wrsF-FgU28F

Requested by

Host: b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com
URL: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:c5a4:625:6563:a5bb , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 01 Oct 2022 13:38:24 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
content-type: image/gif
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 7E14
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=4&google_gid=CAESEI6Mgw-6B-1Al9DpCJolVOA&google_cver=1&google_push=AZmPxg_lkJ9S9PrrOTWTGMwoNiPfu8fROQSJp451AoQa8de0qeyM4uB7Tp93HtNI1mv3ZvXTP-KJ675IwXGjVAVk...
https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=AZmPxg_lkJ9S9PrrOTWTGMwoNiPfu8fROQSJp451AoQa8de0qeyM4uB7Tp93HtNI1mv3ZvXTP-KJ675IwXGjVAVkpNB4IfxuSkhy

170 B
188 B

26ms
25ms

Image
image/png

216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=AZmPxg_lkJ9S9PrrOTWTGMwoNiPfu8fROQSJp451AoQa8de0qeyM4uB7Tp93HtNI1mv3ZvXTP-KJ675IwXGjVAVkpNB4IfxuSkhy

Protocol

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 01 Oct 2022 13:38:24 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Sat, 01 Oct 2022 13:38:24 GMT
Server: MT3 4525 e1952b7 master cdg-pixel-x27 config:1.0.0
Content-Type: image/gif
Access-Control-Allow-Origin: *
location: https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=AZmPxg_lkJ9S9PrrOTWTGMwoNiPfu8fROQSJp451AoQa8de0qeyM4uB7Tp93HtNI1mv3ZvXTP-KJ675IwXGjVAVkpNB4IfxuSkhy
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache
Connection: keep-alive
Keep-Alive: timeout=360
Content-Length: 0
Expires: Sat, 01 Oct 2022 13:38:23 GMT

GET
H2 503 5w3jqr4k
sync-tm.everesttech.net/upi/pid/ Frame 7E14 0
177 B 50ms
9ms Image
text/plain 151.101.194.49
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESEH-pFncxED4jxFgA9BXIOqo&google_cver=1&google_push=AZmPxg8j3Op_RCzoBKIHEZOVz4VjRwxy6oadvA6jRQUJAUInPpif5TlD463rvk5YvfNQre4I0Tu2XwbevRr8zyawEnXVMAxRUP6q
Requested by: Host: b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com
URL: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.194.49 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: Varnish /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

x-cache-hits: 0
pragma: no-cache
date: Sat, 01 Oct 2022 13:38:24 GMT
via: 1.1 varnish
server: Varnish
x-timer: S1664631504.018327,VS0,VE0
x-cache: MISS
cache-control: no-cache
accept-ranges: bytes
content-length: 0
retry-after: 0
x-served-by: cache-fra19147-FRA

GET
H2 204 AdxPixel
tr.blismedia.com/v1/api/sync/ Frame 7E14 0
172 B 63ms
23ms Image
text/plain 34.96.105.8
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tr.blismedia.com/v1/api/sync/AdxPixel?google_gid=CAESEOe0jmlm3yyYtzJ8waiYlyA&google_cver=1&google_push=AZmPxg-oSoe8AbPeTYoGiSeCrA6KctQeT0VVbByS4PgIziAGoMikgyjE7bXqicB8AfWlPo3SZixErDCbT6D79HE_Xn2NYxWXqxrs
Requested by: Host: b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com
URL: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.96.105.8 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 8.105.96.34.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Sat, 01 Oct 2022 13:38:24 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 7E14
Redirect Chain

https://ads.travelaudience.com/google_pixel?google_gid=CAESELvgf9vU2Ow32rAg8rDetx0&google_cver=1&google_push=AZmPxg_l4EzV0Hic7MgwSN1eSyHzr2mxkiEIRf4L1fOdtrvpe1D_CR8z0tyH1PDWoUs6r0ekKLMvSs8jGXRPz9tg...
https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=zU8jhXeNQzSJ1DzvjqrCeA2&google_push=AZmPxg_l4EzV0Hic7MgwSN1eSyHzr2mxkiEIRf4L1fOdtrvpe1D_CR8z0tyH1PDWoUs6r0ekKLMvSs8jGXRPz9tgd1A4hWbeK6R0

170 B
188 B

24ms
23ms

Image
image/png

216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=zU8jhXeNQzSJ1DzvjqrCeA2&google_push=AZmPxg_l4EzV0Hic7MgwSN1eSyHzr2mxkiEIRf4L1fOdtrvpe1D_CR8z0tyH1PDWoUs6r0ekKLMvSs8jGXRPz9tgd1A4hWbeK6R0

Requested by

Host: b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com
URL: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 01 Oct 2022 13:38:24 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Sat, 01 Oct 2022 13:38:24 GMT
via: 1.1 google
x-engine-version: 0.0.0
server: nginx/1.21.6
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR LAW CUR DEV PSA PSD IVA OUR BUS UNI COM NAV INT CNT LOC"
location: https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=zU8jhXeNQzSJ1DzvjqrCeA2&google_push=AZmPxg_l4EzV0Hic7MgwSN1eSyHzr2mxkiEIRf4L1fOdtrvpe1D_CR8z0tyH1PDWoUs6r0ekKLMvSs8jGXRPz9tgd1A4hWbeK6R0
x-host: tde-deliveryengine-production-b869b47b-9pw2t
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 7E14
Redirect Chain

https://x.bidswitch.net/sync?ssp=google&google_gid=CAESEIk3a5KET-Pw2XB3NZZF2Ec&google_cver=1&google_push=AZmPxg9fmGGmGzn7cHaaRe03I-9KTVh8Gf7IARkYcDjVYvwSY5Roe7HhlY7coRtVZaCuf2POFiYg3SQiIlifORsNSLou...
https://ads.creative-serving.com/bsw_sync?bidswitch_ssp_id=google&bsw_custom_parameter=24c7626d-aa65-4427-9890-f6c2395a2374
https://ads.creative-serving.com/ul_cb/bsw_sync?bidswitch_ssp_id=google&bsw_custom_parameter=24c7626d-aa65-4427-9890-f6c2395a2374
https://x.bidswitch.net/sync?dsp_id=4&user_id=a9f03852-0a61-4b37-a9ae-082430b8e531&ssp=google&expires=30&user_group=5&bsw_param=24c7626d-aa65-4427-9890-f6c2395a2374
https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=AZmPxg_CrQVe3pCH8tu9rzuf-C068EBkMeBUgSCF8nKH59iBYzyCdPSyOa0hy-SF2SqjU9y73tah13XJb_V9DSDsC5EKMpC29BxN&google_hm=JMdibaplRCeYkPbCOVojdA==

170 B
188 B

25ms
25ms

Image
image/png

216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=AZmPxg_CrQVe3pCH8tu9rzuf-C068EBkMeBUgSCF8nKH59iBYzyCdPSyOa0hy-SF2SqjU9y73tah13XJb_V9DSDsC5EKMpC29BxN&google_hm=JMdibaplRCeYkPbCOVojdA==

Protocol

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 01 Oct 2022 13:38:24 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: //cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=AZmPxg_CrQVe3pCH8tu9rzuf-C068EBkMeBUgSCF8nKH59iBYzyCdPSyOa0hy-SF2SqjU9y73tah13XJb_V9DSDsC5EKMpC29BxN&google_hm=JMdibaplRCeYkPbCOVojdA==
Date: Sat, 01 Oct 2022 13:38:24 GMT
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 0

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 7E14 0
12 B 24ms
22ms Image
text/html 216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13K3rK5GfLsGf2V5pAw6PBPD6fhlpiKK1l3EBr8_9H9p-eItPWnhUbTW39-YuSLWiw0YCF7-

Requested by

Host: b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com
URL: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Sat, 01 Oct 2022 13:38:23 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 300x250_atlas_1.png
s0.2mdn.net/sadbundle/12044097668311477804/images/ Frame 332C 228 KB
228 KB 45ms
44ms Image
image/png 2a00:1450:400d:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/12044097668311477804/images/300x250_atlas_1.png

Requested by

Host: b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com
URL: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80e::2006 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4c671b182b66f3db52ef44dddcb755d6159ffc6303acfbc611d16892a637ac39

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/12044097668311477804/300x250.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Thu, 29 Sep 2022 08:57:23 GMT
x-content-type-options: nosniff
age: 189660
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 233735
x-xss-protection: 0
last-modified: Fri, 16 Sep 2022 15:06:28 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 29 Sep 2023 08:57:23 GMT

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 4ED8 0
26 B 96ms
65ms Ping
image/gif 142.251.39.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsu0AuVkf4espQJafCoiuS_V50vK_wCwH2d0qDpe91prNBgeq2iyD6RRghS5SFSnEAJX7m-F7fIzYHxXD6LeQdl5fEYvC10u9Rg8R77i4YXN6zHfQ_hQMqYrfdfJ4QFGYf9aPEBSs-EfW7U_Zrxv8umQaYd26hY9GMFSZhDGUoGyE13msAZeqdJVru05u7c5uPeXhHmTVYANhVvK98X7G5w6-WXnnFb5s0OaQ1HTUJBz6SA63ADj3NhnKhmHC0yXGJ1gi4pv6kP2KvtIdGn_4kXbqfkzyUAtJEBpxMV2IyLy4Jcq_MOtqqbXIvx-SpHpD8ODWV2kQ6TLmgYsF6VI8IkSwwX3H59G1ONn5GMFodZtl2ZbUy1Hd2aENGMVOiGc_BZDdkpC7W9o_0NcXNHaRcjElDlLjixx8eUbPN-9lUWnksutDYlsE-592lUbZcUh1s-0Vx78FfO1zeLNDguhHjOtLvpU3SEVfKBm15Oi7qrNMMg6_mWl8nL53OKlE3LwPAXXTDAoDRLl4gn2W2dHOhgy25vhehuRyFTLQOKO98vwLUQrPeDNBsizGxOo1ntF1YuRukQDl_xTNbGvbzqlVxIpybLLDZ7BMFDQ0uEHLZIrPra_yTjRhvds-QBhprASAEBcH6yNT9Js4El6VbnFfo2Ju_UFiG9FhqvegWTFJGoVryTmjTUoE_Sd2stpJcld5PdTFB2Tb7a1iZLFsRC2pS-u0r_-uVUr2YdMRwDPbHOaYG6hunJNgG8VCjjxjT6HK0CWoXv3-NfV8mpl8UN-UK6muJDIjVNFXTTrwhv0MumOufvcTg4DJT_MLJSfZasQjxQpkzmaVKvHCXKCLnqAW1-TChIk3aVn563mGmpwQt4CWMmKD5SmfS4iBpWFRZ7eOIqwh-YNl6HvkWHE90txGr-kUWg9jbU-32x7Q0iCU0VK7mYffJDPj_sg8LO-QigWTMifWGaL8owWUHQRAyP4Z_u0ZQOLCJ-QBG9fqhNeb9eRNxaR8EJVyL2px9CgDpWDpmUZnW0WEor0BZoTvEVz3NQtV0N0b7A0ZrkSwU8Rm9XH6-FXt0_NQVHCNGJ4MOuoYu7OQT4-RmXaNaSCtfzJ_8bWzWH2_u4sSOVoDSvu586-WNbSm5lWzXC-rgoAZg56dXuSsA0U6zf1C9tqBcdfmkQ61LdUwrCqX5y3X4owpFNjFQpjX5m1SFKWNMFcBuO3y5On5JTGRwKq2UNekWhDph79NCL2OcYnbyFzsaIkcvvndE_1WA&sai=AMfl-YT2QowtCrd6fL5ydD5311K5YXhhQzL6bpYomABli0o0ABDbhXmwbzga-kUG8M8LL__63AP6SxMMc_dpXlidp4C0iku997m85DE_b8DAr27GGhVtCByRRtrjGW-bMjqo_k0URKUwOIgBNpkZa-Vp_sEqhdvITjOozEMl2XC1iZyL3ijrIEgGPQ3KiMEgTVB_snpPGc5Ql5nUFx4z2N9UxKfYKtWWzQ&sig=Cg0ArKJSzG9Da20kicq0EAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=682&vt=11&dtpt=416&dett=3&cstd=265&cisv=r20220928.94652&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&adurl=

Requested by

Host: www.123greetings.com
URL: https://www.123greetings.com/events/national_day_china/?utm_source=eoct_nationalday_china_remail

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.39.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bud02s39-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Sat, 01 Oct 2022 13:38:24 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H2 200 video-loader2.1-cr.js Show response
cdn.avantisvideo.com/js/ Frame 327B 115 KB
37 KB 8ms
8ms Script
application/javascript 2600:9000:2057:1c00:1c:38a0:8a40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.avantisvideo.com/js/video-loader2.1-cr.js?id=1c35f5e5-f7c0-4c97-8283-6c9f94ba8c53&tagId=1
Requested by: Host: cdn.avantisvideo.com
URL: https://cdn.avantisvideo.com/avm/js/video-loader.js?id=1c35f5e5-f7c0-4c97-8283-6c9f94ba8c53&tagId=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2057:1c00:1c:38a0:8a40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 9f85b446cf7c5640aa90f2663bf232af45a2d4ebd65fcf60a3105f400ea8bdac

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Fri, 30 Sep 2022 23:15:50 GMT
x-amz-version-id: R3srv_l_.CCJ9VrYZEKFH47S4Xn_qYV0
content-encoding: gzip
last-modified: Mon, 15 Aug 2022 08:52:18 GMT
server: AmazonS3
via: 1.1 f038e7175be9761825b2eefc2b0a832e.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA6-C1
etag: W/"e47a13a604e4ac4e6ccdc005c9e93287"
age: 51754
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
x-amz-cf-id: ABXQXKNqKGfi6BUmKju1Wf7ESoKIweRgtJqtHnztTtDW26ZkyHgvrA==

GET
H3 200 gnLtmcL-mn53pq-EJRMXOCFACjpZd0iqiIv80oTeKas.js Show response
pagead2.googlesyndication.com/bg/ Frame BB0D 36 KB
16 KB 28ms
28ms Script
text/javascript 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/gnLtmcL-mn53pq-EJRMXOCFACjpZd0iqiIv80oTeKas.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8272ed99c2fe9a7e77a6af842513173821400a3a597748aa888bfcd284de29ab

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Wed, 28 Sep 2022 19:21:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 238631
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16010
x-xss-protection: 0
last-modified: Tue, 27 Sep 2022 16:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 28 Sep 2023 19:21:12 GMT

GET
H2 200 video-loader2.1-cr.js Show response
cdn.avantisvideo.com/js/ Frame 4948 115 KB
37 KB 9ms
8ms Script
application/javascript 2600:9000:2057:1c00:1c:38a0:8a40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.avantisvideo.com/js/video-loader2.1-cr.js?id=1c35f5e5-f7c0-4c97-8283-6c9f94ba8c53&tagId=1
Requested by: Host: cdn.avantisvideo.com
URL: https://cdn.avantisvideo.com/avm/js/video-loader.js?id=1c35f5e5-f7c0-4c97-8283-6c9f94ba8c53&tagId=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2057:1c00:1c:38a0:8a40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 9f85b446cf7c5640aa90f2663bf232af45a2d4ebd65fcf60a3105f400ea8bdac

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Fri, 30 Sep 2022 23:15:50 GMT
x-amz-version-id: R3srv_l_.CCJ9VrYZEKFH47S4Xn_qYV0
content-encoding: gzip
last-modified: Mon, 15 Aug 2022 08:52:18 GMT
server: AmazonS3
via: 1.1 f038e7175be9761825b2eefc2b0a832e.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA6-C1
etag: W/"e47a13a604e4ac4e6ccdc005c9e93287"
age: 51754
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
x-amz-cf-id: a3T9MMzz3Qqm_wPdR7nRH3uLL83O5sTnpI0QNi9IwmZ5rJORS0Cr-Q==

GET
H2 200 video-loader2-cr.js Show response
cdn.avantisvideo.com/js/ Frame 4948 115 KB
37 KB 15ms
14ms Script
application/javascript 2600:9000:2057:1c00:1c:38a0:8a40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.avantisvideo.com/js/video-loader2-cr.js?id=1c35f5e5-f7c0-4c97-8283-6c9f94ba8c53&tagId=1
Requested by: Host: cdn.avantisvideo.com
URL: https://cdn.avantisvideo.com/avm/js/video-loader.js?id=1c35f5e5-f7c0-4c97-8283-6c9f94ba8c53&tagId=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2057:1c00:1c:38a0:8a40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: b2675f2bc3393449a44784c7815f9c36449024e4397d7f174812c42c6bbaa148

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

x-amz-version-id: 23HYQ0o2ylfY4CikTtNpDIRIBjFm3stq
content-encoding: gzip
via: 1.1 f038e7175be9761825b2eefc2b0a832e.cloudfront.net (CloudFront)
date: Sat, 01 Oct 2022 05:16:31 GMT
last-modified: Wed, 10 Aug 2022 07:12:05 GMT
server: AmazonS3
x-amz-cf-pop: FRA6-C1
age: 30113
etag: W/"34fc05e1a66d53097cb2d428812d10e3"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
x-amz-cf-id: XRJ-DprhxS5A5ALt8-TODRAQs832Y7lO3qtCwoYhQGeJO1uHKA8GqA==

GET
H2 200 jivoxWidgetApiV2.min.js Show response
playercdn.jivox.com/1651821427/widgets/jivoxWidgetApi/gz/ Frame 3B08 29 KB
6 KB 8ms
7ms Script
application/x-javascript 143.204.205.98
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://playercdn.jivox.com/1651821427/widgets/jivoxWidgetApi/gz/jivoxWidgetApiV2.min.js
Requested by: Host: as.euw1.jivox.com
URL: https://as.euw1.jivox.com/unit/layout_renderer.php?es_pId=9f38299&isDynamic=1&campaignId=159897&gdpr_consent=&dspId=DBM&bDim=300x250&ap_DataSignal1=18269839860&jvxVer=2&gdpr=&bUnitId=2000&r=1664631501850674&cMacro=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCB-kDzUI4Y_L1M5ms9u8PrdWLyAnJ3tjBbMify9vdEN_kor3AARABIO_2kCFglYKAgKAHoAHm497pAsgBCakCFoTab7hxsD6oAwGqBO0BT9Ce4HNOHhFVqnPnTnflrO7RyyNBarJ6B7Aj_JF19_3tdRv-taLHNeUu7zUKnJC1PIsYC8nvQzPtKx2W0MEbnER6jkBwi9sA-8O71R1ohavLpUjX91qDOa7f10WOt78MrAjtfi7ZwLAdMXMkWkT-akUBCl5OOi76DLRe1yXTHczLRr63pQEev9JOtcJ2-xm6fJok4FjB9BVujjUVXHlwWt5xNu_9JmmUO36qFfXyxdyBryluk2JyhBDu2ov7n1A_rYfTmHhW3Zf2_YtOiAv2IMl5W5OYFxsSE4t8bPz2i3E4s64kn7ZqU4LAl4USwASR1Yu9kgTgBAOQBgGgBk2AB4KcoZYBqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgH35-xAtgHANIIEQiA4YAQEAEYHTICqgI6AoBAgAoDmAsByAsBgAwBsBPG6McQ0BMA2BMN2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAASJeRo6x_F_ff-rWyeeOXrhXXxZEVwn9dFbwrJbvAUU6GZpYTHzAM%26sig%3DAOD64_0SFm02YNJ4ggWP8zr-vI5VGGWC9g%26client%3Dca-pub-4627517680249670%26dbm_c%3DAKAmf-C3PeD9duwzJ08zdFLunA_q-6Tv406ifyM94DXwTzZrbUIQvq-Dp2JWg4KmpNa1HLhkdZIqhTUUitatTGmOHNsBd6BHobZr-JkxuEZtrVK_p_NENoR7aZIfLoCS_nDb6O0qQL8p6DfjgHp_JgmcxsJtOQDrFkyjYJlyORi4ZQbxwXSQQxQ%26cry%3D1%26dbm_d%3DAKAmf-D-SAL_SJyk9A3ZN5aaLmYYD2vZCX7g0YybWwU2WjoovPJhEG5T-OgXkpEUHYy4v1y0Gc5gUFvuKt88lbWxD7-scp3oIlle9-9Tr_sPkQikOMgUXX7I3XVB0ZMxerlimYfSRiC8Yq_Z7CM9v4Qbh0a62Ei3vXCyf1DZB82TrH34z-QVKgXM9fJF0zT3ppyBHGXxEfQsk7gPqzvkJJcWAcHBDI0vkrn68f3AZgOtQni9Wvr8oUKCfVvq1n6PkoMNH4kXPiLjl4H9ji3iw1NMIENxajAonsMgkhft_xE9-7W4URsG8KPVkoYg4-fBc1vk_LtHbOCs6vOtMBniufiYEhJu3wB2JjNUyQ-yLvCiXCbYD4Nf_IsIeBGL3_PtQ4GLQUmai6GCWiwo8eU-OYp2Uog-yv1T0JJA9UmUrNMoDgR57PXV72Yy-k9XE4mQ9dfQB-mfSZ4ogmjvd3djVx1qj2Ffl518tXXcvvIjMmFVu5KsKwrjBY1ZOVHf47LYF4aA43OCiZgZ0qzgd9Hd7vyQGLgIPPGy-lTzMKM4zIHHMn3UC-gfy1vzMsdwTjWcP9tuIVDj1KjKOhN92dwT1XqrN3Fk16_tdmwrCUvPtWQtfDdd8OFBVzoa7IKfE9lx2F_tiJwS2IC6%26adurl%3D&us_privacy=%24%7BUS_PRIVACY%7D&ts_pId=9f38299&siteId=961ee94c58df6c&creativeUnitType=20&objectName=jvx_633842cf1620d&adUnitId=2000&jvxSessionId=1664631503.3758&base=1&creativeResolveBeginTime=1664631503000&omid=0&localTimeOffset=0&pageURL=https%3A%2F%2Fb5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-38%2Fhtml%2Fcontainer.html&allowExp=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.205.98 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-205-98.fra53.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: f6c84a15873bbae73ff06857139327b85a6869fa0e21d36666aa2bb5d9bbb19b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://as.euw1.jivox.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Fri, 30 Sep 2022 21:27:46 GMT
content-encoding: gzip
via: 1.1 2d1e1e8dc0f3eb7773ec9d89a7d50ce2.cloudfront.net (CloudFront)
last-modified: Fri, 06 May 2022 07:29:25 GMT
server: AmazonS3
x-amz-cf-pop: FRA53-C1
age: 58239
etag: "2a0e0abd8f7f11fb012a534ea115a29a"
x-cache: Hit from cloudfront
content-type: application/x-javascript
cache-control: max-age=86400, s-maxage=86400
accept-ranges: bytes
content-length: 5987
x-amz-cf-id: WnlXkPOVynNST9jTf9QbxHAe5e4MvPjgx5vvmJ6n3HGmTYj1x1dl6A==

GET
H2 200 createjs.min.js Show response
code.createjs.com/1.0.0/ Frame 3B08 236 KB
63 KB 16ms
15ms Script
text/javascript 2a02:26f0:3500:11::215:14dc
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://code.createjs.com/1.0.0/createjs.min.js
Requested by: Host: as.euw1.jivox.com
URL: https://as.euw1.jivox.com/unit/layout_renderer.php?es_pId=9f38299&isDynamic=1&campaignId=159897&gdpr_consent=&dspId=DBM&bDim=300x250&ap_DataSignal1=18269839860&jvxVer=2&gdpr=&bUnitId=2000&r=1664631501850674&cMacro=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCB-kDzUI4Y_L1M5ms9u8PrdWLyAnJ3tjBbMify9vdEN_kor3AARABIO_2kCFglYKAgKAHoAHm497pAsgBCakCFoTab7hxsD6oAwGqBO0BT9Ce4HNOHhFVqnPnTnflrO7RyyNBarJ6B7Aj_JF19_3tdRv-taLHNeUu7zUKnJC1PIsYC8nvQzPtKx2W0MEbnER6jkBwi9sA-8O71R1ohavLpUjX91qDOa7f10WOt78MrAjtfi7ZwLAdMXMkWkT-akUBCl5OOi76DLRe1yXTHczLRr63pQEev9JOtcJ2-xm6fJok4FjB9BVujjUVXHlwWt5xNu_9JmmUO36qFfXyxdyBryluk2JyhBDu2ov7n1A_rYfTmHhW3Zf2_YtOiAv2IMl5W5OYFxsSE4t8bPz2i3E4s64kn7ZqU4LAl4USwASR1Yu9kgTgBAOQBgGgBk2AB4KcoZYBqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgH35-xAtgHANIIEQiA4YAQEAEYHTICqgI6AoBAgAoDmAsByAsBgAwBsBPG6McQ0BMA2BMN2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAASJeRo6x_F_ff-rWyeeOXrhXXxZEVwn9dFbwrJbvAUU6GZpYTHzAM%26sig%3DAOD64_0SFm02YNJ4ggWP8zr-vI5VGGWC9g%26client%3Dca-pub-4627517680249670%26dbm_c%3DAKAmf-C3PeD9duwzJ08zdFLunA_q-6Tv406ifyM94DXwTzZrbUIQvq-Dp2JWg4KmpNa1HLhkdZIqhTUUitatTGmOHNsBd6BHobZr-JkxuEZtrVK_p_NENoR7aZIfLoCS_nDb6O0qQL8p6DfjgHp_JgmcxsJtOQDrFkyjYJlyORi4ZQbxwXSQQxQ%26cry%3D1%26dbm_d%3DAKAmf-D-SAL_SJyk9A3ZN5aaLmYYD2vZCX7g0YybWwU2WjoovPJhEG5T-OgXkpEUHYy4v1y0Gc5gUFvuKt88lbWxD7-scp3oIlle9-9Tr_sPkQikOMgUXX7I3XVB0ZMxerlimYfSRiC8Yq_Z7CM9v4Qbh0a62Ei3vXCyf1DZB82TrH34z-QVKgXM9fJF0zT3ppyBHGXxEfQsk7gPqzvkJJcWAcHBDI0vkrn68f3AZgOtQni9Wvr8oUKCfVvq1n6PkoMNH4kXPiLjl4H9ji3iw1NMIENxajAonsMgkhft_xE9-7W4URsG8KPVkoYg4-fBc1vk_LtHbOCs6vOtMBniufiYEhJu3wB2JjNUyQ-yLvCiXCbYD4Nf_IsIeBGL3_PtQ4GLQUmai6GCWiwo8eU-OYp2Uog-yv1T0JJA9UmUrNMoDgR57PXV72Yy-k9XE4mQ9dfQB-mfSZ4ogmjvd3djVx1qj2Ffl518tXXcvvIjMmFVu5KsKwrjBY1ZOVHf47LYF4aA43OCiZgZ0qzgd9Hd7vyQGLgIPPGy-lTzMKM4zIHHMn3UC-gfy1vzMsdwTjWcP9tuIVDj1KjKOhN92dwT1XqrN3Fk16_tdmwrCUvPtWQtfDdd8OFBVzoa7IKfE9lx2F_tiJwS2IC6%26adurl%3D&us_privacy=%24%7BUS_PRIVACY%7D&ts_pId=9f38299&siteId=961ee94c58df6c&creativeUnitType=20&objectName=jvx_633842cf1620d&adUnitId=2000&jvxSessionId=1664631503.3758&base=1&creativeResolveBeginTime=1664631503000&omid=0&localTimeOffset=0&pageURL=https%3A%2F%2Fb5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-38%2Fhtml%2Fcontainer.html&allowExp=0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:26f0:3500:11::215:14dc Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: Apache /
Resource Hash: e439bebf8de2df0582273906d2c1dceff2387c661efb2152ef1c28420ce4e7e5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://as.euw1.jivox.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Sat, 01 Oct 2022 13:38:24 GMT
content-encoding: gzip
server: Apache
vary: Accept-Encoding
content-type: text/javascript
cache-control: max-age=900
x-n: S
accept-ranges: bytes
expires: Sat, 01 Oct 2022 13:53:24 GMT

GET
H2 200 mazda_300x250_jvx.js Show response
assets.euw1.jivox.com/widgets/2022/9/a72798z63243e4fb4f84/1/300x250/ Frame 3B08 34 KB
7 KB 527ms
162ms Script
application/x-javascript 52.85.24.95
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.euw1.jivox.com/widgets/2022/9/a72798z63243e4fb4f84/1/300x250/mazda_300x250_jvx.js
Requested by: Host: as.euw1.jivox.com
URL: https://as.euw1.jivox.com/unit/layout_renderer.php?es_pId=9f38299&isDynamic=1&campaignId=159897&gdpr_consent=&dspId=DBM&bDim=300x250&ap_DataSignal1=18269839860&jvxVer=2&gdpr=&bUnitId=2000&r=1664631501850674&cMacro=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCB-kDzUI4Y_L1M5ms9u8PrdWLyAnJ3tjBbMify9vdEN_kor3AARABIO_2kCFglYKAgKAHoAHm497pAsgBCakCFoTab7hxsD6oAwGqBO0BT9Ce4HNOHhFVqnPnTnflrO7RyyNBarJ6B7Aj_JF19_3tdRv-taLHNeUu7zUKnJC1PIsYC8nvQzPtKx2W0MEbnER6jkBwi9sA-8O71R1ohavLpUjX91qDOa7f10WOt78MrAjtfi7ZwLAdMXMkWkT-akUBCl5OOi76DLRe1yXTHczLRr63pQEev9JOtcJ2-xm6fJok4FjB9BVujjUVXHlwWt5xNu_9JmmUO36qFfXyxdyBryluk2JyhBDu2ov7n1A_rYfTmHhW3Zf2_YtOiAv2IMl5W5OYFxsSE4t8bPz2i3E4s64kn7ZqU4LAl4USwASR1Yu9kgTgBAOQBgGgBk2AB4KcoZYBqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgH35-xAtgHANIIEQiA4YAQEAEYHTICqgI6AoBAgAoDmAsByAsBgAwBsBPG6McQ0BMA2BMN2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAASJeRo6x_F_ff-rWyeeOXrhXXxZEVwn9dFbwrJbvAUU6GZpYTHzAM%26sig%3DAOD64_0SFm02YNJ4ggWP8zr-vI5VGGWC9g%26client%3Dca-pub-4627517680249670%26dbm_c%3DAKAmf-C3PeD9duwzJ08zdFLunA_q-6Tv406ifyM94DXwTzZrbUIQvq-Dp2JWg4KmpNa1HLhkdZIqhTUUitatTGmOHNsBd6BHobZr-JkxuEZtrVK_p_NENoR7aZIfLoCS_nDb6O0qQL8p6DfjgHp_JgmcxsJtOQDrFkyjYJlyORi4ZQbxwXSQQxQ%26cry%3D1%26dbm_d%3DAKAmf-D-SAL_SJyk9A3ZN5aaLmYYD2vZCX7g0YybWwU2WjoovPJhEG5T-OgXkpEUHYy4v1y0Gc5gUFvuKt88lbWxD7-scp3oIlle9-9Tr_sPkQikOMgUXX7I3XVB0ZMxerlimYfSRiC8Yq_Z7CM9v4Qbh0a62Ei3vXCyf1DZB82TrH34z-QVKgXM9fJF0zT3ppyBHGXxEfQsk7gPqzvkJJcWAcHBDI0vkrn68f3AZgOtQni9Wvr8oUKCfVvq1n6PkoMNH4kXPiLjl4H9ji3iw1NMIENxajAonsMgkhft_xE9-7W4URsG8KPVkoYg4-fBc1vk_LtHbOCs6vOtMBniufiYEhJu3wB2JjNUyQ-yLvCiXCbYD4Nf_IsIeBGL3_PtQ4GLQUmai6GCWiwo8eU-OYp2Uog-yv1T0JJA9UmUrNMoDgR57PXV72Yy-k9XE4mQ9dfQB-mfSZ4ogmjvd3djVx1qj2Ffl518tXXcvvIjMmFVu5KsKwrjBY1ZOVHf47LYF4aA43OCiZgZ0qzgd9Hd7vyQGLgIPPGy-lTzMKM4zIHHMn3UC-gfy1vzMsdwTjWcP9tuIVDj1KjKOhN92dwT1XqrN3Fk16_tdmwrCUvPtWQtfDdd8OFBVzoa7IKfE9lx2F_tiJwS2IC6%26adurl%3D&us_privacy=%24%7BUS_PRIVACY%7D&ts_pId=9f38299&siteId=961ee94c58df6c&creativeUnitType=20&objectName=jvx_633842cf1620d&adUnitId=2000&jvxSessionId=1664631503.3758&base=1&creativeResolveBeginTime=1664631503000&omid=0&localTimeOffset=0&pageURL=https%3A%2F%2Fb5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-38%2Fhtml%2Fcontainer.html&allowExp=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.85.24.95 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-85-24-95.cpt52.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 8a16da0d4ff862bde6e973eb23f04a2f79575c3917cc2cac8672870cf272490b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://as.euw1.jivox.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

x-amz-version-id: null
content-encoding: br
via: 1.1 3c6f9e9a7df460eb3d4387681814ceae.cloudfront.net (CloudFront)
date: Sat, 01 Oct 2022 03:36:47 GMT
last-modified: Fri, 16 Sep 2022 09:13:54 GMT
server: AmazonS3
x-amz-cf-pop: CPT52-C1
age: 36098
etag: W/"ecdf9c067f3b6c38960b7fa235297210"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/x-javascript
cache-control: max-age=86400, s-maxage=86400
x-amz-cf-id: Z8P6VLAygQZXuS49zwVCDzeJ1yiMnOWUUyrYufSt_6zEUr-K0cXAjA==

GET
H2 200 canvas-text.js Show response
playercdn.jivox.com/1651821427/player/js/ Frame 3B08 8 KB
2 KB 8ms
8ms Script
application/x-javascript 143.204.205.98
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://playercdn.jivox.com/1651821427/player/js/canvas-text.js
Requested by: Host: as.euw1.jivox.com
URL: https://as.euw1.jivox.com/unit/layout_renderer.php?es_pId=9f38299&isDynamic=1&campaignId=159897&gdpr_consent=&dspId=DBM&bDim=300x250&ap_DataSignal1=18269839860&jvxVer=2&gdpr=&bUnitId=2000&r=1664631501850674&cMacro=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCB-kDzUI4Y_L1M5ms9u8PrdWLyAnJ3tjBbMify9vdEN_kor3AARABIO_2kCFglYKAgKAHoAHm497pAsgBCakCFoTab7hxsD6oAwGqBO0BT9Ce4HNOHhFVqnPnTnflrO7RyyNBarJ6B7Aj_JF19_3tdRv-taLHNeUu7zUKnJC1PIsYC8nvQzPtKx2W0MEbnER6jkBwi9sA-8O71R1ohavLpUjX91qDOa7f10WOt78MrAjtfi7ZwLAdMXMkWkT-akUBCl5OOi76DLRe1yXTHczLRr63pQEev9JOtcJ2-xm6fJok4FjB9BVujjUVXHlwWt5xNu_9JmmUO36qFfXyxdyBryluk2JyhBDu2ov7n1A_rYfTmHhW3Zf2_YtOiAv2IMl5W5OYFxsSE4t8bPz2i3E4s64kn7ZqU4LAl4USwASR1Yu9kgTgBAOQBgGgBk2AB4KcoZYBqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgH35-xAtgHANIIEQiA4YAQEAEYHTICqgI6AoBAgAoDmAsByAsBgAwBsBPG6McQ0BMA2BMN2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAASJeRo6x_F_ff-rWyeeOXrhXXxZEVwn9dFbwrJbvAUU6GZpYTHzAM%26sig%3DAOD64_0SFm02YNJ4ggWP8zr-vI5VGGWC9g%26client%3Dca-pub-4627517680249670%26dbm_c%3DAKAmf-C3PeD9duwzJ08zdFLunA_q-6Tv406ifyM94DXwTzZrbUIQvq-Dp2JWg4KmpNa1HLhkdZIqhTUUitatTGmOHNsBd6BHobZr-JkxuEZtrVK_p_NENoR7aZIfLoCS_nDb6O0qQL8p6DfjgHp_JgmcxsJtOQDrFkyjYJlyORi4ZQbxwXSQQxQ%26cry%3D1%26dbm_d%3DAKAmf-D-SAL_SJyk9A3ZN5aaLmYYD2vZCX7g0YybWwU2WjoovPJhEG5T-OgXkpEUHYy4v1y0Gc5gUFvuKt88lbWxD7-scp3oIlle9-9Tr_sPkQikOMgUXX7I3XVB0ZMxerlimYfSRiC8Yq_Z7CM9v4Qbh0a62Ei3vXCyf1DZB82TrH34z-QVKgXM9fJF0zT3ppyBHGXxEfQsk7gPqzvkJJcWAcHBDI0vkrn68f3AZgOtQni9Wvr8oUKCfVvq1n6PkoMNH4kXPiLjl4H9ji3iw1NMIENxajAonsMgkhft_xE9-7W4URsG8KPVkoYg4-fBc1vk_LtHbOCs6vOtMBniufiYEhJu3wB2JjNUyQ-yLvCiXCbYD4Nf_IsIeBGL3_PtQ4GLQUmai6GCWiwo8eU-OYp2Uog-yv1T0JJA9UmUrNMoDgR57PXV72Yy-k9XE4mQ9dfQB-mfSZ4ogmjvd3djVx1qj2Ffl518tXXcvvIjMmFVu5KsKwrjBY1ZOVHf47LYF4aA43OCiZgZ0qzgd9Hd7vyQGLgIPPGy-lTzMKM4zIHHMn3UC-gfy1vzMsdwTjWcP9tuIVDj1KjKOhN92dwT1XqrN3Fk16_tdmwrCUvPtWQtfDdd8OFBVzoa7IKfE9lx2F_tiJwS2IC6%26adurl%3D&us_privacy=%24%7BUS_PRIVACY%7D&ts_pId=9f38299&siteId=961ee94c58df6c&creativeUnitType=20&objectName=jvx_633842cf1620d&adUnitId=2000&jvxSessionId=1664631503.3758&base=1&creativeResolveBeginTime=1664631503000&omid=0&localTimeOffset=0&pageURL=https%3A%2F%2Fb5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-38%2Fhtml%2Fcontainer.html&allowExp=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.205.98 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-205-98.fra53.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 3d2c7477e7418b42a967439d1fb117b25369aeb385be8ffb25c3f9c97cb85cee

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://as.euw1.jivox.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Sat, 01 Oct 2022 00:10:12 GMT
content-encoding: gzip
via: 1.1 2d1e1e8dc0f3eb7773ec9d89a7d50ce2.cloudfront.net (CloudFront)
last-modified: Fri, 06 May 2022 07:22:07 GMT
server: AmazonS3
x-amz-cf-pop: FRA53-C1
age: 48493
etag: W/"92cdc84e4a0a05215db6931b920e15fc"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/x-javascript
cache-control: max-age=86400, s-maxage=86400
x-amz-cf-id: bb_9-5mQuAZcP1j3k9_fW7WaB2JxzJm3oTjpwnSnh_y5voWnrFqO-g==

GET
H2 200 es_encParams_L2FwX0RhdGFTaWduYWwxPTE4MjY5ODM5ODYwL2FkYjEta2V5PTgxNi9hZGIxLWlkX3ZlcnNpb249Mjk2NDRfMS9iRGltPTMwMHgyNTAvcj0wLjkyNjUyOTE4ODExMzAyODkvZXNfZXQ9MS9lc19jZ05hbWU9RGVmYXVsdF9ubytsb2NhdGlvbl9X...
evs.euw1.jivox.com/trk/66/205806/2000/159897/961ee94c58df6c/20/jvxSId_1664631503.3758/es_pId_9f38299/ Frame 4927 43 B
230 B 109ms
31ms Image
image/gif 34.242.157.79
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://evs.euw1.jivox.com/trk/66/205806/2000/159897/961ee94c58df6c/20/jvxSId_1664631503.3758/es_pId_9f38299/es_encParams_L2FwX0RhdGFTaWduYWwxPTE4MjY5ODM5ODYwL2FkYjEta2V5PTgxNi9hZGIxLWlkX3ZlcnNpb249Mjk2NDRfMS9iRGltPTMwMHgyNTAvcj0wLjkyNjUyOTE4ODExMzAyODkvZXNfZXQ9MS9lc19jZ05hbWU9RGVmYXVsdF9ubytsb2NhdGlvbl9XZWVrZW5kX0RheV9Cb25kX3doaXRlX3Y2L2VzX3NlZ05hbWU9R2VuZXJpY19XZWVrRW5kX0RheQ==
Requested by: Host: as.euw1.jivox.com
URL: https://as.euw1.jivox.com/unit/layout_renderer.php?es_pId=9f38299&isDynamic=1&campaignId=159897&gdpr_consent=&dspId=DBM&bDim=300x250&ap_DataSignal1=18269839860&jvxVer=2&gdpr=&bUnitId=2000&r=1664631501850674&cMacro=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCB-kDzUI4Y_L1M5ms9u8PrdWLyAnJ3tjBbMify9vdEN_kor3AARABIO_2kCFglYKAgKAHoAHm497pAsgBCakCFoTab7hxsD6oAwGqBO0BT9Ce4HNOHhFVqnPnTnflrO7RyyNBarJ6B7Aj_JF19_3tdRv-taLHNeUu7zUKnJC1PIsYC8nvQzPtKx2W0MEbnER6jkBwi9sA-8O71R1ohavLpUjX91qDOa7f10WOt78MrAjtfi7ZwLAdMXMkWkT-akUBCl5OOi76DLRe1yXTHczLRr63pQEev9JOtcJ2-xm6fJok4FjB9BVujjUVXHlwWt5xNu_9JmmUO36qFfXyxdyBryluk2JyhBDu2ov7n1A_rYfTmHhW3Zf2_YtOiAv2IMl5W5OYFxsSE4t8bPz2i3E4s64kn7ZqU4LAl4USwASR1Yu9kgTgBAOQBgGgBk2AB4KcoZYBqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgH35-xAtgHANIIEQiA4YAQEAEYHTICqgI6AoBAgAoDmAsByAsBgAwBsBPG6McQ0BMA2BMN2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAASJeRo6x_F_ff-rWyeeOXrhXXxZEVwn9dFbwrJbvAUU6GZpYTHzAM%26sig%3DAOD64_0SFm02YNJ4ggWP8zr-vI5VGGWC9g%26client%3Dca-pub-4627517680249670%26dbm_c%3DAKAmf-C3PeD9duwzJ08zdFLunA_q-6Tv406ifyM94DXwTzZrbUIQvq-Dp2JWg4KmpNa1HLhkdZIqhTUUitatTGmOHNsBd6BHobZr-JkxuEZtrVK_p_NENoR7aZIfLoCS_nDb6O0qQL8p6DfjgHp_JgmcxsJtOQDrFkyjYJlyORi4ZQbxwXSQQxQ%26cry%3D1%26dbm_d%3DAKAmf-D-SAL_SJyk9A3ZN5aaLmYYD2vZCX7g0YybWwU2WjoovPJhEG5T-OgXkpEUHYy4v1y0Gc5gUFvuKt88lbWxD7-scp3oIlle9-9Tr_sPkQikOMgUXX7I3XVB0ZMxerlimYfSRiC8Yq_Z7CM9v4Qbh0a62Ei3vXCyf1DZB82TrH34z-QVKgXM9fJF0zT3ppyBHGXxEfQsk7gPqzvkJJcWAcHBDI0vkrn68f3AZgOtQni9Wvr8oUKCfVvq1n6PkoMNH4kXPiLjl4H9ji3iw1NMIENxajAonsMgkhft_xE9-7W4URsG8KPVkoYg4-fBc1vk_LtHbOCs6vOtMBniufiYEhJu3wB2JjNUyQ-yLvCiXCbYD4Nf_IsIeBGL3_PtQ4GLQUmai6GCWiwo8eU-OYp2Uog-yv1T0JJA9UmUrNMoDgR57PXV72Yy-k9XE4mQ9dfQB-mfSZ4ogmjvd3djVx1qj2Ffl518tXXcvvIjMmFVu5KsKwrjBY1ZOVHf47LYF4aA43OCiZgZ0qzgd9Hd7vyQGLgIPPGy-lTzMKM4zIHHMn3UC-gfy1vzMsdwTjWcP9tuIVDj1KjKOhN92dwT1XqrN3Fk16_tdmwrCUvPtWQtfDdd8OFBVzoa7IKfE9lx2F_tiJwS2IC6%26adurl%3D&us_privacy=%24%7BUS_PRIVACY%7D&ts_pId=9f38299&siteId=961ee94c58df6c&creativeUnitType=20&objectName=jvx_633842cf1620d&adUnitId=2000&jvxSessionId=1664631503.3758&base=1&creativeResolveBeginTime=1664631503000&omid=0&localTimeOffset=0&pageURL=https%3A%2F%2Fb5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-38%2Fhtml%2Fcontainer.html&allowExp=0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.242.157.79 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-242-157-79.eu-west-1.compute.amazonaws.com
Software: akka-http/10.1.11 /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://as.euw1.jivox.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

access-control-allow-origin: *
date: Sat, 01 Oct 2022 13:38:24 GMT
access-control-allow-credentials: false
content-type: image/gif
server: akka-http/10.1.11
content-length: 43
p3p: CP='IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA'

GET
H2 200 es_encParams_L2FwX0RhdGFTaWduYWwxPTE4MjY5ODM5ODYwL2FkYjEta2V5PTgxNi9hZGIxLWlkX3ZlcnNpb249Mjk2NDRfMS9lc19jbGlja1VybD1odHRwcyUzQSUyRiUyRmdvb2dsZWFkcy5nLmRvdWJsZWNsaWNrLm5ldCUyRmRibSUyRmNsayUzRnNhJTNE...
evs.euw1.jivox.com/trk/60/205806/2000/159897/961ee94c58df6c/20/jvxSId_1664631503.3758/es_pId_9f38299/ Frame 4927 43 B
229 B 109ms
31ms Image
image/gif 34.242.157.79
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://evs.euw1.jivox.com/trk/60/205806/2000/159897/961ee94c58df6c/20/jvxSId_1664631503.3758/es_pId_9f38299/es_encParams_L2FwX0RhdGFTaWduYWwxPTE4MjY5ODM5ODYwL2FkYjEta2V5PTgxNi9hZGIxLWlkX3ZlcnNpb249Mjk2NDRfMS9lc19jbGlja1VybD1odHRwcyUzQSUyRiUyRmdvb2dsZWFkcy5nLmRvdWJsZWNsaWNrLm5ldCUyRmRibSUyRmNsayUzRnNhJTNETCUyNmFpJTNEQ0Ita0R6VUk0WV9MMU01bXM5dThQcmRXTHlBbkozdGpCYk1pZnk5dmRFTl9rb3IzQUFSQUJJT18ya0NGZ2xZS0FnS0FIb0FIbTQ5N3BBc2dCQ2FrQ0ZvVGFiN2h4c0Q2b0F3R3FCTzBCVDlDZTRITk9IaEZWcW5QblRuZmxyTzdSeXlOQmFySjZCN0FqX0pGMTlfM3RkUnYtdGFMSE5lVXU3elVLbkpDMVBJc1lDOG52UXpQdEt4MlcwTUVibkVSNmprQndpOXNBLThPNzFSMW9oYXZMcFVqWDkxcURPYTdmMTBXT3Q3OE1yQWp0Zmk3WndMQWRNWE1rV2tULWFrVUJDbDVPT2k3NkRMUmUxeVhUSGN6TFJyNjNwUUVldjlKT3RjSjIteG02ZkpvazRGakI5QlZ1ampVVlhIbHdXdDV4TnVfOUptbVVPMzZxRmZYeXhkeUJyeWx1azJKeWhCRHUyb3Y3bjFBX3JZZlRtSGhXM1pmMl9ZdE9pQXYySU1sNVc1T1lGeHNTRTR0OGJQejJpM0U0czY0a243WnFVNExBbDRVU3dBU1IxWXU5a2dUZ0JBT1FCZ0dnQmsyQUI0S2NvWllCcUFlT3podW9CNVBZRzZnSDdwYXhBcWdIX3A2eEFxZ0hwS094QXFnSDFja2JxQWVtdmh1b0I1b0dxQWZ6MFJ1b0I1YllHNmdIcXB1eEFxZ0gzNS14QXRnSEFOSUlFUWlBNFlBUUVBRVlIVElDcWdJNkFvQkFnQW9EbUFzQnlBc0JnQXdCc0JQRzZNY1EwQk1BMkJNTjJCUUIwQlVCLUJZQmdCY0IlMjZhZSUzRDElMjZudW0lM0QxJTI2Y2lkJTNEQ0FBU0plUm82eF9GX2ZmLXJXeWVlT1hyaFhYeFpFVnduOWRGYndySmJ2QVVVNkdacFlUSHpBTSUyNnNpZyUzREFPRDY0XzBTRm0wMllOSjRnZ1dQOHpyLXZJNVZHR1dDOWclMjZjbGllbnQlM0RjYS1wdWItNDYyNzUxNzY4MDI0OTY3MCUyNmRibV9jJTNEQUtBbWYtQzNQZUQ5ZHV3ekowOHpkRkx1bkFfcS02VHY0MDZpZnlNOTREWHdUelpyYlVJUXZxLURwMkpXZzRLbXBOYTFITGhrZFpJcWhUVVVpdGF0VEdtT0hOc0JkNkJIb2Jaci1Ka3h1RVp0clZLX3BfTkVOb1I3YVpJZkxvQ1NfbkRiNk8wcVFMOHA2RGZqZ0hwX0pnbWN4c0p0T1FEckZreWpZSmx5T1JpNFpRYnh3WFNRUXhRJTI2Y3J5JTNEMSUyNmRibV9kJTNEQUtBbWYtRC1TQUxfU0p5azlBM1pONWFhTG1ZWUQydlpDWDdnMFl5Yld3VTJXam9vdlBKaEVHNVQtT2dYa3BFVUhZeTR2MXkwR2M1Z1VGdnVLdDg4bGJXeEQ3LXNjcDNvSWxsZTktOVRyX3NQa1Fpa09NZ1VYWDdJM1hWQjBaTXhlcmxpbVlmU1JpQzhZcV9aN0NNOXY0UWJoMGE2MkVpM3ZYQ3lmMURaQjgyVHJIMzR6LVFWS2dYTTlmSkYwelQzcHB5QkhHWHhFZlFzazdnUHF6dmtKSmNXQWNIQkRJMHZrcm42OGYzQVpnT3RRbmk5V3ZyOG9VS0NmVnZxMW42UGtvTU5INGtYUGlMamw0SDlqaTNpdzFOTUlFTnhhakFvbnNNZ2toZnRfeEU5LTdXNFVSc0c4S1BWa29ZZzQtZkJjMXZrX0x0SGJPQ3M2dk90TUJuaXVmaVlFaEp1M3dCMkpqTlV5US15THZDaVhDYllENE5mX0lzSWVCR0wzX1B0UTRHTFFVbWFpNkdDV2l3bzhlVS1PWXAyVW9nLXl2MVQwSkpBOVVtVXJOTW9EZ1I1N1BYVjcyWXktazlYRTRtUTlkZlFCLW1mU1o0b2dtanZkM2RqVngxcWoyRmZsNTE4dFhYY3Z2SWpNbUZWdTVLc0t3cmpCWTFaT1ZIZjQ3TFlGNGFBNDNPQ2laZ1owcXpnZDlIZDd2eVFHTGdJUFBHeS1sVHpNS000eklISE1uM1VDLWdmeTF2ek1zZHdUaldjUDl0dUlWRGoxS2pLT2hOOTJkd1QxWHFyTjNGazE2X3RkbXdyQ1V2UHRXUXRmRGRkOE9GQlZ6b2E3SUtmRTlseDJGX3RpSndTMklDNiUyNmFkdXJsJTNEaHR0cHMlMjUzQSUyNTJGJTI1MkZ3d3cubWF6ZGEuZGUlMjUyRm1vZGVsbGUlMjUyRm1hemRhLWN4LTYwJTI1MkYlMjUzRnV0bV9zb3VyY2UlMjUzRGRvdWJsZWNsaWNrJTI1MjZ1dG1fbWVkaXVtJTI1M0RkaXNwbGF5JTI1MjZ1dG1fY2FtcGFpZ24lMjUzRG1tZF9hbHdheXNfb25fZGNvX2N4NjBfd2VyYmVtaXR0ZWxfZGVfMTU3XzA5MjIlMjUyNm1vZGVsJTI1M0RtYXpkYSUyNTI1MjBjeC02MCUyNTI2Ym9keSUyNTNENXdnbiUyNTI2Y2FtcGFpZ25fZm9jdXMlMjUzRG1hemRhY3g2MF81d2duJTI1MjZkbXBfc291cmNlJTI1M0RubyUyNTI2ZGNvX3NvdXJjZSUyNTNEeWVzJTI1MjZjYW1wYWlnbmNvZGUlMjUzRG1tZF9hbHdheXNfb25fZGNvX2N4NjBfd2VyYmVtaXR0ZWxfZGVfMTU3XzA5MjIvY21Vcmw9aHR0cHMlM0ElMkYlMkZhc3NldHMuZXV3MS5qaXZveC5jb20lMkZ3aWRnZXRzJTJGMjAyMiUyRjklMkZhNzI3OTh6NjMyNDNlNGZiNGY4NCUyRjElMkYzMDB4MjUwJTJGbWF6ZGFfMzAweDI1MC5odG1sL2JEaW09MzAweDI1MC9yPTAuMzYwNTA5OTAwNTk3NDE4ODMvY2xpY2tNYWNybz1odHRwcyUzQSUyRiUyRmdvb2dsZWFkcy5nLmRvdWJsZWNsaWNrLm5ldCUyRmRibSUyRmNsayUzRnNhJTNETCUyNmFpJTNEQ0Ita0R6VUk0WV9MMU01bXM5dThQcmRXTHlBbkozdGpCYk1pZnk5dmRFTl9rb3IzQUFSQUJJT18ya0NGZ2xZS0FnS0FIb0FIbTQ5Ny9jYWNoZU1hY3JvPTE2NjQ2MzE1MDE4NTA2NzQvcGFnZVVybD1odHRwcyUzQSUyRiUyRmI1ZGNmMjFjNzQyMzJkZWY1ZDQ0Yzg3NjY3MWYyOTM2LnNhZmVmcmFtZS5nb29nbGVzeW5kaWNhdGlvbi5jb20lMkZzYWZlZnJhbWUlMkYxLTAtMzglMkZodG1sJTJGY29udGFpbmVyLmh0bWwvZXNfY2dOYW1lPURlZmF1bHRfbm8rbG9jYXRpb25fV2Vla2VuZF9EYXlfQm9uZF93aGl0ZV92Ni9lc19zZWdOYW1lPUdlbmVyaWNfV2Vla0VuZF9EYXk=
Requested by: Host: as.euw1.jivox.com
URL: https://as.euw1.jivox.com/unit/layout_renderer.php?es_pId=9f38299&isDynamic=1&campaignId=159897&gdpr_consent=&dspId=DBM&bDim=300x250&ap_DataSignal1=18269839860&jvxVer=2&gdpr=&bUnitId=2000&r=1664631501850674&cMacro=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCB-kDzUI4Y_L1M5ms9u8PrdWLyAnJ3tjBbMify9vdEN_kor3AARABIO_2kCFglYKAgKAHoAHm497pAsgBCakCFoTab7hxsD6oAwGqBO0BT9Ce4HNOHhFVqnPnTnflrO7RyyNBarJ6B7Aj_JF19_3tdRv-taLHNeUu7zUKnJC1PIsYC8nvQzPtKx2W0MEbnER6jkBwi9sA-8O71R1ohavLpUjX91qDOa7f10WOt78MrAjtfi7ZwLAdMXMkWkT-akUBCl5OOi76DLRe1yXTHczLRr63pQEev9JOtcJ2-xm6fJok4FjB9BVujjUVXHlwWt5xNu_9JmmUO36qFfXyxdyBryluk2JyhBDu2ov7n1A_rYfTmHhW3Zf2_YtOiAv2IMl5W5OYFxsSE4t8bPz2i3E4s64kn7ZqU4LAl4USwASR1Yu9kgTgBAOQBgGgBk2AB4KcoZYBqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgH35-xAtgHANIIEQiA4YAQEAEYHTICqgI6AoBAgAoDmAsByAsBgAwBsBPG6McQ0BMA2BMN2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAASJeRo6x_F_ff-rWyeeOXrhXXxZEVwn9dFbwrJbvAUU6GZpYTHzAM%26sig%3DAOD64_0SFm02YNJ4ggWP8zr-vI5VGGWC9g%26client%3Dca-pub-4627517680249670%26dbm_c%3DAKAmf-C3PeD9duwzJ08zdFLunA_q-6Tv406ifyM94DXwTzZrbUIQvq-Dp2JWg4KmpNa1HLhkdZIqhTUUitatTGmOHNsBd6BHobZr-JkxuEZtrVK_p_NENoR7aZIfLoCS_nDb6O0qQL8p6DfjgHp_JgmcxsJtOQDrFkyjYJlyORi4ZQbxwXSQQxQ%26cry%3D1%26dbm_d%3DAKAmf-D-SAL_SJyk9A3ZN5aaLmYYD2vZCX7g0YybWwU2WjoovPJhEG5T-OgXkpEUHYy4v1y0Gc5gUFvuKt88lbWxD7-scp3oIlle9-9Tr_sPkQikOMgUXX7I3XVB0ZMxerlimYfSRiC8Yq_Z7CM9v4Qbh0a62Ei3vXCyf1DZB82TrH34z-QVKgXM9fJF0zT3ppyBHGXxEfQsk7gPqzvkJJcWAcHBDI0vkrn68f3AZgOtQni9Wvr8oUKCfVvq1n6PkoMNH4kXPiLjl4H9ji3iw1NMIENxajAonsMgkhft_xE9-7W4URsG8KPVkoYg4-fBc1vk_LtHbOCs6vOtMBniufiYEhJu3wB2JjNUyQ-yLvCiXCbYD4Nf_IsIeBGL3_PtQ4GLQUmai6GCWiwo8eU-OYp2Uog-yv1T0JJA9UmUrNMoDgR57PXV72Yy-k9XE4mQ9dfQB-mfSZ4ogmjvd3djVx1qj2Ffl518tXXcvvIjMmFVu5KsKwrjBY1ZOVHf47LYF4aA43OCiZgZ0qzgd9Hd7vyQGLgIPPGy-lTzMKM4zIHHMn3UC-gfy1vzMsdwTjWcP9tuIVDj1KjKOhN92dwT1XqrN3Fk16_tdmwrCUvPtWQtfDdd8OFBVzoa7IKfE9lx2F_tiJwS2IC6%26adurl%3D&us_privacy=%24%7BUS_PRIVACY%7D&ts_pId=9f38299&siteId=961ee94c58df6c&creativeUnitType=20&objectName=jvx_633842cf1620d&adUnitId=2000&jvxSessionId=1664631503.3758&base=1&creativeResolveBeginTime=1664631503000&omid=0&localTimeOffset=0&pageURL=https%3A%2F%2Fb5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-38%2Fhtml%2Fcontainer.html&allowExp=0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.242.157.79 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-242-157-79.eu-west-1.compute.amazonaws.com
Software: akka-http/10.1.11 /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://as.euw1.jivox.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

access-control-allow-origin: *
date: Sat, 01 Oct 2022 13:38:24 GMT
access-control-allow-credentials: false
content-type: image/gif
server: akka-http/10.1.11
content-length: 43
p3p: CP='IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA'

GET
H2 200 es_encParams_L2FwX0RhdGFTaWduYWwxPTE4MjY5ODM5ODYwL2FkYjEta2V5PTgxNi9hZGIxLWlkX3ZlcnNpb249Mjk2NDRfMS9lc19jbGlja1VybD1odHRwcyUzQSUyRiUyRmdvb2dsZWFkcy5nLmRvdWJsZWNsaWNrLm5ldCUyRmRibSUyRmNsayUzRnNhJTNE...
evs.euw1.jivox.com/trk/77/205806/2000/159897/961ee94c58df6c/20/jvxSId_1664631503.3758/es_pId_9f38299/ Frame 4927 43 B
229 B 109ms
32ms Image
image/gif 34.242.157.79
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://evs.euw1.jivox.com/trk/77/205806/2000/159897/961ee94c58df6c/20/jvxSId_1664631503.3758/es_pId_9f38299/es_encParams_L2FwX0RhdGFTaWduYWwxPTE4MjY5ODM5ODYwL2FkYjEta2V5PTgxNi9hZGIxLWlkX3ZlcnNpb249Mjk2NDRfMS9lc19jbGlja1VybD1odHRwcyUzQSUyRiUyRmdvb2dsZWFkcy5nLmRvdWJsZWNsaWNrLm5ldCUyRmRibSUyRmNsayUzRnNhJTNETCUyNmFpJTNEQ0Ita0R6VUk0WV9MMU01bXM5dThQcmRXTHlBbkozdGpCYk1pZnk5dmRFTl9rb3IzQUFSQUJJT18ya0NGZ2xZS0FnS0FIb0FIbTQ5N3BBc2dCQ2FrQ0ZvVGFiN2h4c0Q2b0F3R3FCTzBCVDlDZTRITk9IaEZWcW5QblRuZmxyTzdSeXlOQmFySjZCN0FqX0pGMTlfM3RkUnYtdGFMSE5lVXU3elVLbkpDMVBJc1lDOG52UXpQdEt4MlcwTUVibkVSNmprQndpOXNBLThPNzFSMW9oYXZMcFVqWDkxcURPYTdmMTBXT3Q3OE1yQWp0Zmk3WndMQWRNWE1rV2tULWFrVUJDbDVPT2k3NkRMUmUxeVhUSGN6TFJyNjNwUUVldjlKT3RjSjIteG02ZkpvazRGakI5QlZ1ampVVlhIbHdXdDV4TnVfOUptbVVPMzZxRmZYeXhkeUJyeWx1azJKeWhCRHUyb3Y3bjFBX3JZZlRtSGhXM1pmMl9ZdE9pQXYySU1sNVc1T1lGeHNTRTR0OGJQejJpM0U0czY0a243WnFVNExBbDRVU3dBU1IxWXU5a2dUZ0JBT1FCZ0dnQmsyQUI0S2NvWllCcUFlT3podW9CNVBZRzZnSDdwYXhBcWdIX3A2eEFxZ0hwS094QXFnSDFja2JxQWVtdmh1b0I1b0dxQWZ6MFJ1b0I1YllHNmdIcXB1eEFxZ0gzNS14QXRnSEFOSUlFUWlBNFlBUUVBRVlIVElDcWdJNkFvQkFnQW9EbUFzQnlBc0JnQXdCc0JQRzZNY1EwQk1BMkJNTjJCUUIwQlVCLUJZQmdCY0IlMjZhZSUzRDElMjZudW0lM0QxJTI2Y2lkJTNEQ0FBU0plUm82eF9GX2ZmLXJXeWVlT1hyaFhYeFpFVnduOWRGYndySmJ2QVVVNkdacFlUSHpBTSUyNnNpZyUzREFPRDY0XzBTRm0wMllOSjRnZ1dQOHpyLXZJNVZHR1dDOWclMjZjbGllbnQlM0RjYS1wdWItNDYyNzUxNzY4MDI0OTY3MCUyNmRibV9jJTNEQUtBbWYtQzNQZUQ5ZHV3ekowOHpkRkx1bkFfcS02VHY0MDZpZnlNOTREWHdUelpyYlVJUXZxLURwMkpXZzRLbXBOYTFITGhrZFpJcWhUVVVpdGF0VEdtT0hOc0JkNkJIb2Jaci1Ka3h1RVp0clZLX3BfTkVOb1I3YVpJZkxvQ1NfbkRiNk8wcVFMOHA2RGZqZ0hwX0pnbWN4c0p0T1FEckZreWpZSmx5T1JpNFpRYnh3WFNRUXhRJTI2Y3J5JTNEMSUyNmRibV9kJTNEQUtBbWYtRC1TQUxfU0p5azlBM1pONWFhTG1ZWUQydlpDWDdnMFl5Yld3VTJXam9vdlBKaEVHNVQtT2dYa3BFVUhZeTR2MXkwR2M1Z1VGdnVLdDg4bGJXeEQ3LXNjcDNvSWxsZTktOVRyX3NQa1Fpa09NZ1VYWDdJM1hWQjBaTXhlcmxpbVlmU1JpQzhZcV9aN0NNOXY0UWJoMGE2MkVpM3ZYQ3lmMURaQjgyVHJIMzR6LVFWS2dYTTlmSkYwelQzcHB5QkhHWHhFZlFzazdnUHF6dmtKSmNXQWNIQkRJMHZrcm42OGYzQVpnT3RRbmk5V3ZyOG9VS0NmVnZxMW42UGtvTU5INGtYUGlMamw0SDlqaTNpdzFOTUlFTnhhakFvbnNNZ2toZnRfeEU5LTdXNFVSc0c4S1BWa29ZZzQtZkJjMXZrX0x0SGJPQ3M2dk90TUJuaXVmaVlFaEp1M3dCMkpqTlV5US15THZDaVhDYllENE5mX0lzSWVCR0wzX1B0UTRHTFFVbWFpNkdDV2l3bzhlVS1PWXAyVW9nLXl2MVQwSkpBOVVtVXJOTW9EZ1I1N1BYVjcyWXktazlYRTRtUTlkZlFCLW1mU1o0b2dtanZkM2RqVngxcWoyRmZsNTE4dFhYY3Z2SWpNbUZWdTVLc0t3cmpCWTFaT1ZIZjQ3TFlGNGFBNDNPQ2laZ1owcXpnZDlIZDd2eVFHTGdJUFBHeS1sVHpNS000eklISE1uM1VDLWdmeTF2ek1zZHdUaldjUDl0dUlWRGoxS2pLT2hOOTJkd1QxWHFyTjNGazE2X3RkbXdyQ1V2UHRXUXRmRGRkOE9GQlZ6b2E3SUtmRTlseDJGX3RpSndTMklDNiUyNmFkdXJsJTNEaHR0cHMlMjUzQSUyNTJGJTI1MkZ3d3cubWF6ZGEuZGUlMjUyRm1vZGVsbGUlMjUyRm1hemRhLWN4LTYwJTI1MkYlMjUzRnV0bV9zb3VyY2UlMjUzRGRvdWJsZWNsaWNrJTI1MjZ1dG1fbWVkaXVtJTI1M0RkaXNwbGF5JTI1MjZ1dG1fY2FtcGFpZ24lMjUzRG1tZF9hbHdheXNfb25fZGNvX2N4NjBfd2VyYmVtaXR0ZWxfZGVfMTU3XzA5MjIlMjUyNm1vZGVsJTI1M0RtYXpkYSUyNTI1MjBjeC02MCUyNTI2Ym9keSUyNTNENXdnbiUyNTI2Y2FtcGFpZ25fZm9jdXMlMjUzRG1hemRhY3g2MF81d2duJTI1MjZkbXBfc291cmNlJTI1M0RubyUyNTI2ZGNvX3NvdXJjZSUyNTNEeWVzJTI1MjZjYW1wYWlnbmNvZGUlMjUzRG1tZF9hbHdheXNfb25fZGNvX2N4NjBfd2VyYmVtaXR0ZWxfZGVfMTU3XzA5MjIvY21Vcmw9aHR0cHMlM0ElMkYlMkZhc3NldHMuZXV3MS5qaXZveC5jb20lMkZ3aWRnZXRzJTJGMjAyMiUyRjklMkZhNzI3OTh6NjMyNDNlNGZiNGY4NCUyRjElMkYzMDB4MjUwJTJGbWF6ZGFfMzAweDI1MC5odG1sL2JEaW09MzAweDI1MC9yPTAuMTMxNzM4NDkxNzEwNDA1Mi9jbGlja01hY3JvPWh0dHBzJTNBJTJGJTJGZ29vZ2xlYWRzLmcuZG91YmxlY2xpY2submV0JTJGZGJtJTJGY2xrJTNGc2ElM0RMJTI2YWklM0RDQi1rRHpVSTRZX0wxTTVtczl1OFByZFdMeUFuSjN0akJiTWlmeTl2ZEVOX2tvcjNBQVJBQklPXzJrQ0ZnbFlLQWdLQUhvQUhtNDk3L2NhY2hlTWFjcm89MTY2NDYzMTUwMTg1MDY3NC9wYWdlVXJsPWh0dHBzJTNBJTJGJTJGYjVkY2YyMWM3NDIzMmRlZjVkNDRjODc2NjcxZjI5MzYuc2FmZWZyYW1lLmdvb2dsZXN5bmRpY2F0aW9uLmNvbSUyRnNhZmVmcmFtZSUyRjEtMC0zOCUyRmh0bWwlMkZjb250YWluZXIuaHRtbC9lc19jZ05hbWU9RGVmYXVsdF9ubytsb2NhdGlvbl9XZWVrZW5kX0RheV9Cb25kX3doaXRlX3Y2L2VzX3NlZ05hbWU9R2VuZXJpY19XZWVrRW5kX0RheQ==
Requested by: Host: as.euw1.jivox.com
URL: https://as.euw1.jivox.com/unit/layout_renderer.php?es_pId=9f38299&isDynamic=1&campaignId=159897&gdpr_consent=&dspId=DBM&bDim=300x250&ap_DataSignal1=18269839860&jvxVer=2&gdpr=&bUnitId=2000&r=1664631501850674&cMacro=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCB-kDzUI4Y_L1M5ms9u8PrdWLyAnJ3tjBbMify9vdEN_kor3AARABIO_2kCFglYKAgKAHoAHm497pAsgBCakCFoTab7hxsD6oAwGqBO0BT9Ce4HNOHhFVqnPnTnflrO7RyyNBarJ6B7Aj_JF19_3tdRv-taLHNeUu7zUKnJC1PIsYC8nvQzPtKx2W0MEbnER6jkBwi9sA-8O71R1ohavLpUjX91qDOa7f10WOt78MrAjtfi7ZwLAdMXMkWkT-akUBCl5OOi76DLRe1yXTHczLRr63pQEev9JOtcJ2-xm6fJok4FjB9BVujjUVXHlwWt5xNu_9JmmUO36qFfXyxdyBryluk2JyhBDu2ov7n1A_rYfTmHhW3Zf2_YtOiAv2IMl5W5OYFxsSE4t8bPz2i3E4s64kn7ZqU4LAl4USwASR1Yu9kgTgBAOQBgGgBk2AB4KcoZYBqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgH35-xAtgHANIIEQiA4YAQEAEYHTICqgI6AoBAgAoDmAsByAsBgAwBsBPG6McQ0BMA2BMN2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAASJeRo6x_F_ff-rWyeeOXrhXXxZEVwn9dFbwrJbvAUU6GZpYTHzAM%26sig%3DAOD64_0SFm02YNJ4ggWP8zr-vI5VGGWC9g%26client%3Dca-pub-4627517680249670%26dbm_c%3DAKAmf-C3PeD9duwzJ08zdFLunA_q-6Tv406ifyM94DXwTzZrbUIQvq-Dp2JWg4KmpNa1HLhkdZIqhTUUitatTGmOHNsBd6BHobZr-JkxuEZtrVK_p_NENoR7aZIfLoCS_nDb6O0qQL8p6DfjgHp_JgmcxsJtOQDrFkyjYJlyORi4ZQbxwXSQQxQ%26cry%3D1%26dbm_d%3DAKAmf-D-SAL_SJyk9A3ZN5aaLmYYD2vZCX7g0YybWwU2WjoovPJhEG5T-OgXkpEUHYy4v1y0Gc5gUFvuKt88lbWxD7-scp3oIlle9-9Tr_sPkQikOMgUXX7I3XVB0ZMxerlimYfSRiC8Yq_Z7CM9v4Qbh0a62Ei3vXCyf1DZB82TrH34z-QVKgXM9fJF0zT3ppyBHGXxEfQsk7gPqzvkJJcWAcHBDI0vkrn68f3AZgOtQni9Wvr8oUKCfVvq1n6PkoMNH4kXPiLjl4H9ji3iw1NMIENxajAonsMgkhft_xE9-7W4URsG8KPVkoYg4-fBc1vk_LtHbOCs6vOtMBniufiYEhJu3wB2JjNUyQ-yLvCiXCbYD4Nf_IsIeBGL3_PtQ4GLQUmai6GCWiwo8eU-OYp2Uog-yv1T0JJA9UmUrNMoDgR57PXV72Yy-k9XE4mQ9dfQB-mfSZ4ogmjvd3djVx1qj2Ffl518tXXcvvIjMmFVu5KsKwrjBY1ZOVHf47LYF4aA43OCiZgZ0qzgd9Hd7vyQGLgIPPGy-lTzMKM4zIHHMn3UC-gfy1vzMsdwTjWcP9tuIVDj1KjKOhN92dwT1XqrN3Fk16_tdmwrCUvPtWQtfDdd8OFBVzoa7IKfE9lx2F_tiJwS2IC6%26adurl%3D&us_privacy=%24%7BUS_PRIVACY%7D&ts_pId=9f38299&siteId=961ee94c58df6c&creativeUnitType=20&objectName=jvx_633842cf1620d&adUnitId=2000&jvxSessionId=1664631503.3758&base=1&creativeResolveBeginTime=1664631503000&omid=0&localTimeOffset=0&pageURL=https%3A%2F%2Fb5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-38%2Fhtml%2Fcontainer.html&allowExp=0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.242.157.79 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-242-157-79.eu-west-1.compute.amazonaws.com
Software: akka-http/10.1.11 /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://as.euw1.jivox.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

access-control-allow-origin: *
date: Sat, 01 Oct 2022 13:38:24 GMT
access-control-allow-credentials: false
content-type: image/gif
server: akka-http/10.1.11
content-length: 43
p3p: CP='IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA'

GET
H3 200 gnLtmcL-mn53pq-EJRMXOCFACjpZd0iqiIv80oTeKas.js Show response
pagead2.googlesyndication.com/bg/ Frame EAD8 36 KB
16 KB 28ms
28ms Script
text/javascript 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/gnLtmcL-mn53pq-EJRMXOCFACjpZd0iqiIv80oTeKas.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8272ed99c2fe9a7e77a6af842513173821400a3a597748aa888bfcd284de29ab

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Wed, 28 Sep 2022 19:21:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 238632
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16010
x-xss-protection: 0
last-modified: Tue, 27 Sep 2022 16:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 28 Sep 2023 19:21:12 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 327B 42 B
64 B 64ms
64ms Fetch
image/gif 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsts4hvaOSTRmU3ymwn5iTiHwx0sYG4NsjTpvPtp1B2RY9YY3vPFLcvJdsmwbpkcToo2IXB4mg5CIyGi6KHFt2PqJrDUbDVY4KRPdCxZbtHDH25UsktopDELxgwd1vL5GuBt5wt7z7V_LkYPoL9bKbhR0KEyfkKaaLjQR3WuahwUiGZTKhD7H5QMlFyp7Rs7Za1yFKfUxJ8_B4optxu9yNc8jKW29zLQe9xBAFxHOwX_jdNHEQWcSB_FhawRJiW_UAIxjc3oG_FIHZISdcyO6A0LG9IDBoIVgHZ6SSqTsoBrEi1UA3QA2QnO_GLFjEbIAS0WScCHgfZD16WOjH4Plr2s5W2ej2d8_D02gXFLq6QQdoXppfQVodXjFg&sai=AMfl-YTQWMp_zqx73ua0VcPw-sdPRHzkUhy5xJfLQvTEyDo-h10Fx5-48S8ZVdGdnPjDfDWhXMbgkpF56wGz3OrnKZdOoKcJ1YslKLIbl5ywLvgfyMxfFfChWfUg2bywmKNRaw&sig=Cg0ArKJSzMs0Amx4OFIxEAE&id=lidar2&mcvt=1018&p=1172,635,1173,636&mtos=1018,1018,1018,1018,1018&tos=1018,0,0,0,0&v=20220928&bin=7&avms=nio&bs=1600,1200&mc=1&vu=1&app=0&itpl=19&adk=4230775942&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1664631502773&rpt=286&isd=0&lsd=0&met=ce&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 01 Oct 2022 13:38:24 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 geoip Show response
avm.avantisvideo.com/api/v1/ Frame 327B 216 B
968 B 287ms
287ms XHR
application/json 2600:9000:2057:d000:3:748e:7940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://avm.avantisvideo.com/api/v1/geoip

Requested by

Host: cdn.avantisvideo.com
URL: https://cdn.avantisvideo.com/js/video-loader2.1-cr.js?id=1c35f5e5-f7c0-4c97-8283-6c9f94ba8c53&tagId=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2057:d000:3:748e:7940:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

fa0cfc7c0df04e388fce64462a3df35118a753879ad5760e9a83235f1866dfa8

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.123greetings.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
Content-Type: application/json

Response headers

date: Sat, 01 Oct 2022 13:38:24 GMT
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
via: 1.1 d8e97d2c28917e4c41ab79bb1e94b844.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies: none
x-amz-cf-pop: FRA6-C1
x-dns-prefetch-control: off
x-cache: Miss from cloudfront
content-length: 216
x-xss-protection: 0
referrer-policy: no-referrer
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.123greetings.com
x-download-options: noopen
access-control-allow-credentials: true
x-amz-cf-id: BDakBKSMWPb5betg8evnuy-nzlJAnLE3HZ0eFn8Iz_8dMNp9qe4eYw==

OPTIONS
H2 204 geoip
avm.avantisvideo.com/api/v1/ Frame 0
0 150ms
149ms Preflight 2600:9000:2057:d000:3:748e:7940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://avm.avantisvideo.com/api/v1/geoip

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2057:d000:3:748e:7940:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: GET
Origin: https://www.123greetings.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET,HEAD,PUT,POST,DELETE,PATCH
access-control-allow-origin: https://www.123greetings.com
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
date: Sat, 01 Oct 2022 13:38:24 GMT
expect-ct: max-age=0
referrer-policy: no-referrer
strict-transport-security: max-age=15552000; includeSubDomains
vary: Origin
via: 1.1 d8e97d2c28917e4c41ab79bb1e94b844.cloudfront.net (CloudFront)
x-amz-cf-id: WDh1mMG09LH4PonO9xhSzmP9BKyh9WOaDzT52jEs9ZZFstvHFtyPpQ==
x-amz-cf-pop: FRA6-C1
x-cache: Miss from cloudfront
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-xss-protection: 0

OPTIONS
H2 204 geoip
avm.avantisvideo.com/api/v1/ Frame 0
0 285ms
285ms Preflight 2600:9000:2057:d000:3:748e:7940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://avm.avantisvideo.com/api/v1/geoip

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2057:d000:3:748e:7940:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: GET
Origin: https://www.123greetings.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET,HEAD,PUT,POST,DELETE,PATCH
access-control-allow-origin: https://www.123greetings.com
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
date: Sat, 01 Oct 2022 13:38:24 GMT
expect-ct: max-age=0
referrer-policy: no-referrer
strict-transport-security: max-age=15552000; includeSubDomains
vary: Origin
via: 1.1 d8e97d2c28917e4c41ab79bb1e94b844.cloudfront.net (CloudFront)
x-amz-cf-id: nI4rKoS6Y0fb5D5pfwa7n3GRHo4p-3Pf2_B4yz4cl3WpU0-5PeHeFg==
x-amz-cf-pop: FRA6-C1
x-cache: Miss from cloudfront
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-xss-protection: 0

GET
H2 200 geoip Show response
avm.avantisvideo.com/api/v1/ Frame 327B 216 B
969 B 148ms
147ms XHR
application/json 2600:9000:2057:d000:3:748e:7940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://avm.avantisvideo.com/api/v1/geoip

Requested by

Host: cdn.avantisvideo.com
URL: https://cdn.avantisvideo.com/js/video-loader2.1-cr.js?id=1c35f5e5-f7c0-4c97-8283-6c9f94ba8c53&tagId=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2057:d000:3:748e:7940:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

fa0cfc7c0df04e388fce64462a3df35118a753879ad5760e9a83235f1866dfa8

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.123greetings.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
Content-Type: application/json

Response headers

date: Sat, 01 Oct 2022 13:38:24 GMT
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
via: 1.1 d8e97d2c28917e4c41ab79bb1e94b844.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies: none
x-amz-cf-pop: FRA6-C1
x-dns-prefetch-control: off
x-cache: Miss from cloudfront
content-length: 216
x-xss-protection: 0
referrer-policy: no-referrer
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.123greetings.com
x-download-options: noopen
access-control-allow-credentials: true
x-amz-cf-id: KBKXPyIUrFL5InDdfeiraiNURL0Ua3sHjU2PGJSbJZbxyP8KKjrNnw==

GET
H2 200 geoip Show response
avm.avantisvideo.com/api/v1/ Frame 4948 216 B
970 B 150ms
150ms XHR
application/json 2600:9000:2057:d000:3:748e:7940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://avm.avantisvideo.com/api/v1/geoip

Requested by

Host: cdn.avantisvideo.com
URL: https://cdn.avantisvideo.com/js/video-loader2.1-cr.js?id=1c35f5e5-f7c0-4c97-8283-6c9f94ba8c53&tagId=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2057:d000:3:748e:7940:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

fa0cfc7c0df04e388fce64462a3df35118a753879ad5760e9a83235f1866dfa8

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.123greetings.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
Content-Type: application/json

Response headers

date: Sat, 01 Oct 2022 13:38:24 GMT
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
via: 1.1 d8e97d2c28917e4c41ab79bb1e94b844.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies: none
x-amz-cf-pop: FRA6-C1
x-dns-prefetch-control: off
x-cache: Miss from cloudfront
content-length: 216
x-xss-protection: 0
referrer-policy: no-referrer
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.123greetings.com
x-download-options: noopen
access-control-allow-credentials: true
x-amz-cf-id: xk_dXeUKTBwm8OFC6Ukgw-RWWFrlGvgvqjVeDbw38yNA_G_xVZjqTw==

OPTIONS
H2 204 geoip
avm.avantisvideo.com/api/v1/ Frame 0
0 287ms
287ms Preflight 2600:9000:2057:d000:3:748e:7940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://avm.avantisvideo.com/api/v1/geoip

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2057:d000:3:748e:7940:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: GET
Origin: https://www.123greetings.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET,HEAD,PUT,POST,DELETE,PATCH
access-control-allow-origin: https://www.123greetings.com
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
date: Sat, 01 Oct 2022 13:38:24 GMT
expect-ct: max-age=0
referrer-policy: no-referrer
strict-transport-security: max-age=15552000; includeSubDomains
vary: Origin
via: 1.1 d8e97d2c28917e4c41ab79bb1e94b844.cloudfront.net (CloudFront)
x-amz-cf-id: IWsBd9-3p3Hj5uxlYBnvHIyPKW_kBDOivqHOEaEZSo473AwMnw3g7A==
x-amz-cf-pop: FRA6-C1
x-cache: Miss from cloudfront
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-xss-protection: 0

POST
H2 204 /
events1.avantisvideo.com/ Frame 327B 0
34 B 166ms
166ms Ping
text/plain 44.241.52.146
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://events1.avantisvideo.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 44.241.52.146 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-241-52-146.us-west-2.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.123greetings.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Sat, 01 Oct 2022 13:38:24 GMT

POST
H2 204 /
events1.avantisvideo.com/ Frame 327B 0
34 B 167ms
167ms Ping
text/plain 44.241.52.146
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://events1.avantisvideo.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 44.241.52.146 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-241-52-146.us-west-2.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.123greetings.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Sat, 01 Oct 2022 13:38:24 GMT

POST
H2 204 /
events1.avantisvideo.com/ Frame 4948 0
34 B 166ms
166ms Ping
text/plain 44.241.52.146
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://events1.avantisvideo.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 44.241.52.146 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-241-52-146.us-west-2.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.123greetings.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Sat, 01 Oct 2022 13:38:24 GMT

GET
H2 200 geoip Show response
avm.avantisvideo.com/api/v1/ Frame 4948 216 B
968 B 151ms
151ms XHR
application/json 2600:9000:2057:d000:3:748e:7940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://avm.avantisvideo.com/api/v1/geoip

Requested by

Host: cdn.avantisvideo.com
URL: https://cdn.avantisvideo.com/js/video-loader2-cr.js?id=1c35f5e5-f7c0-4c97-8283-6c9f94ba8c53&tagId=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2057:d000:3:748e:7940:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

fa0cfc7c0df04e388fce64462a3df35118a753879ad5760e9a83235f1866dfa8

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.123greetings.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
Content-Type: application/json

Response headers

date: Sat, 01 Oct 2022 13:38:24 GMT
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
via: 1.1 d8e97d2c28917e4c41ab79bb1e94b844.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies: none
x-amz-cf-pop: FRA6-C1
x-dns-prefetch-control: off
x-cache: Miss from cloudfront
content-length: 216
x-xss-protection: 0
referrer-policy: no-referrer
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.123greetings.com
x-download-options: noopen
access-control-allow-credentials: true
x-amz-cf-id: JHoAovIkVDXCSz29lIjVn9WsbUtdcf1MW4MUI9mrjoVaNaqkWPY-IA==

OPTIONS
H2 204 geoip
avm.avantisvideo.com/api/v1/ Frame 0
0 292ms
292ms Preflight 2600:9000:2057:d000:3:748e:7940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://avm.avantisvideo.com/api/v1/geoip

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2057:d000:3:748e:7940:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: GET
Origin: https://www.123greetings.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET,HEAD,PUT,POST,DELETE,PATCH
access-control-allow-origin: https://www.123greetings.com
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
date: Sat, 01 Oct 2022 13:38:24 GMT
expect-ct: max-age=0
referrer-policy: no-referrer
strict-transport-security: max-age=15552000; includeSubDomains
vary: Origin
via: 1.1 d8e97d2c28917e4c41ab79bb1e94b844.cloudfront.net (CloudFront)
x-amz-cf-id: tujrp1wIJXabQLfeZ2-HU5Ck2tANDX8pONE2BFrjuK34m3ZLbQ3zUw==
x-amz-cf-pop: FRA6-C1
x-cache: Miss from cloudfront
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-xss-protection: 0

POST
H2 204 /
events1.avantisvideo.com/ Frame 4948 0
34 B 167ms
166ms Ping
text/plain 44.241.52.146
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://events1.avantisvideo.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 44.241.52.146 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-241-52-146.us-west-2.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.123greetings.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Sat, 01 Oct 2022 13:38:24 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame B119 0
28 B 63ms
63ms Image
image/gif 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BRTa5z0I4Y-3rAfSS9u8P986H4AkAAAAAOAHgBAI&bg=!UlGlURXNAAYQgTJdMIE7ACkAdvg8WtYVAT9UA6kjguF0OmBDbauELAHWYyk0JKRYNfrJYKShti2MNgIAAAFjUgAAAAFoAQeZAvlsH6a4lGMJ8ALvDj67tCXiHhUnnq6qyOQ9GyXi0ty4wSLgj31-eJD1rlv5Mz5HPlSf4NigTA8rRvqkIYI8CljjaSbqJFPRmFrar8H2uXvP-bJJ4xRKV-GGgcGECtBzdfm2uL-SSHlb9126ugm9f7zKli6m_IoCcTH6DCzIPldLJkwEF_J3SLPhA1jkSzgE5vhDSSDKdbjkERAfmcMH0Kuf-d_PreCapWpDlrQKQg13_iSK38Jiq5FiGSfS62jsgHibTfs4icudEelS5x0m2R-TqIns5XeVeHwV7BW-mLgs-D9kne1cYX4yAYzcTizOBUuBTem15eDD6L1MyREhd5dZJ2BNNeet0NvSth3C44EUebKIdN9W0EjNE4DRQRyfxZv0RjKfAOr0-6nHlw7z-8Q7kxVrgFlMTFhSTkSNdIPhjoC5Dyp5U-0Itw4EHqfiIEXV11OL4Hbv36FylN429YuWH2hthT5l44U4UUcxsEYrfLJwJCpXn260Wb71BQwOgOToRJcNme4jvFIEO3qtT89VzsZYQgihQKI9lQEf5Xv32tNkQUAuhxpqJvRF5B29STfThbI8ZYsTAPqa8p7T2bZ8veyGlV_ce-Yntkq2gcCHN5GplmZ-62QD7QLyKL467Y1W_2FK5vR-scFK6rNMvTJ2rPNAp7WBIYq-vucAdo6uFuBzJndJalwgSrGu-462CNs1JZjMagaMg9e-WocNV4T7JqWFnz2FmQHcDZq8RgxHnBS78UH3gPFZpdhGOOHLtqxh_MTaE9sxyLvkZZqhfJCsPaUQr7cgG2Etn4ZsVckQCpwmh0Ryc1Ec2dzQzIEowZlaPjSvmlf-bQG1GJ53ahj77iAsL5eeSo3YUBHDQ7Shl7BOr7jePR17mR6YkYaHj4-Q0MIlBgXc-wxvkXLkKtEx0E7N_1hKVxbik92hTnkOhDTZo3Px11bNwChjsSV_ZQ0jsrL-j4VRievBupuIau436sOc1YtYKh07kp_8r_2C9wM7BrTs5E3gUA

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 01 Oct 2022 13:38:24 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame FBA9 0
28 B 63ms
62ms Image
image/gif 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BwOtlzkI4Y5ztOJOu3gPnyLTwBgAAAAA4AeAEAg&bg=!JCelJ2PNAAYQgTJdMIE7ACkAdvg8WhxgiVqon86wZnl69jpxeBojW6KskuekpgwrJtQOe49gNvfEngIAAAEaUgAAAAJoAQeZAuh_H63yAvpL_b6SjRqEmMYY4xPFglgEJeaZIzEIzwwUnD2SEMVRTa_cmTQPrLElpXhFrsqt0euh7dATgP3-ViGOaG7xiFi34Wc1wptZ4OB6r1WotL0NRMSG7U2LO6mg3ObTyVPh4CSy7YovGIIWEBoceEji9EiwsF9ZyRKRTBr5YDGOLZOCvJLskkmJCMWZXfXhSn89JRRrJvV6QMCGpGt_vCx0awPf0jkWs7MmpUscffGrepFVzWFYg3Jf462NM0QU3ShpScm-EthJBp01O2IW9MZH_j7X__DKVy6FCu0Tlk-Ja4eHTM3TXf6tTC8yFQadueTO1h0XIMndPExVYRpu7XAq58w3RZew9oAtWCmj6W0K4V4zkRQOwvacFLpymcXTlxIK9J_1KeChj_CYQS6n86Mzd9pWYXvAwp1glxy4N4mvxaWxadqOqHgPGidrL29_SWQiQ2p8aC2FAXRnxNtb2pRtsNgwgOFErrmKkza1fDrYLjcdAE3pZktk1qCRSfxMesnMNFcQJ4p29bO86DDINiycGTDBkxtqhC-oy9VcDaP_eN8vR0XFqKpVydIOE6dKvuPkkKTSTPsiS-CTn0t3UugiipdZZOnWoKxplpwxyRym8Lt9cAdHpe-nXENETETVodYh-ra1Zhy80xbGbo_50Ce47SqPhe2kmj7oFpZ4yNN7pxMoY6hUsniNuMVKVkkc1vJJp5G3qF4lymkDkYzumSG9ecjsiDS8m8IZ6AzEp6lq4Tk7JG_cf4-m63OoiC7Xsm4UgN2itrVmcAUhjFqPWwglgDmxf_lbxtT0Gz-Q1HcGmWJQ3LHt8145Znjt_vBZFMd3ueHoSSvI6Z8R45PczmHB5zkWgP2KXKv5E8OUKDr1zHDKEiHhU3M6pUYy7zOMhk5ftBz8bJ4T46I-8stC0HS9-6AuVndV9aRKAwGR4uuNzObibAlNNd1p-QyyGKVoCrAsQiwR05Zik6rhduREfezie1h6ybk

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 01 Oct 2022 13:38:24 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame BB0D 0
28 B 63ms
63ms Image
image/gif 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BGInsz0I4Y-fpCZfhgQeMkL9QAAAAADgB4AQC&bg=!3d6l3prNAAYQgTJdMIE7ACkAdvg8WunKV9F6ZEBTDwFUruThPMT6n-yGTX7fRrkFKZXblNrLhoZkjAIAAAEjUgAAAAJoAQeZAvm7uOBDv1Xc5qOg7txIEsuUumYAutHKIDl0TSQT3M_4dejq4KjbU9aPVIebTKL6nPsiL6Pa54dzrg3WoBSrSCZItNh1GXwZX7d9wrJuYhSpKldTE90GkINJsmMRR43qyGBDaRvjwwHccj9B0ff9gPQtMyj8-1WuyGvRlTTfsC2JLMaOo7iOv9FoyspQ4_fTbCBS1LzFogqFl4krwmfFCNfseOsSJRzl_G0hKD8InHOhw3wpJJXqoAatD1fffBw_jisx-OPlqqHfV-AiBbLrfKqUglghaikWIoXHtzLsflRsoSEnWDKzFgQ_F-rmPO2JDwpMt8axh6WB-UEVOJNtVl1UImIgWTjWTiFdRjlZz-fkUbTl-5MmdyLaPz7lqxNQYj0196uX51tRY-7-Bt40Wh8v2706wWp6KWJc3UugYJKImUX79M4hj7Ba-ume5vJWF_bGArdwnarMBweklJJ9_jZTVHMzJOfvx7BmvjF8sFu4WJUoXoRU1XQkgUpO4wDWB_fusLMdomZT3vY4g2APltBGNViG3YxK4_jZU8IHfMQx3B5IFRoulr9x4EaZNwS7AjoWP_4FU9eHXZESALOQ26Wsoe0BFLhZx9TGGzchfwtCDxt_m9Z2WS9DbYRLZVtPWTybxzPNFognZMGe3sNkk1ItLECBLWf7tiK-qxpkyStTUASLkq9LwcRlN7j_OPkTP4st3jx6NoqxOHxlD8tIlUtKHYvd19j_UVnNTQAtsSSCHdgkYL3mn6Zvko07GmefrxSvKipjQ5ojDqKehBu36Bj5S6TLt_HSUcvNAedcytxzLFe3_Q4Pmrp0iXzeV-_RTWmQXT9152IaESjnIfr7NYoIhIjuF3e-FlBJewrgNeAegBH_ciHpQ6HLQpIYd7WyozSRXujeAK9Vq8YdE4fIPxBuYLBwjNa8fieu_OS73z-KSDLKfoj8LnI9d_5CBUvy7d41mBERTjsb2wqg671XkGdzeroF3rvh3Lqy-Hu8Vwc3gvTN8F8II4ILfw

Requested by

Host: b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com
URL: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 01 Oct 2022 13:38:24 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame C2DA 42 B
64 B 69ms
69ms Fetch
image/gif 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvl7nV9j2NeeS6V_SBnAiwncm16GxjTDhJWdgV9_VTezXPPoP5Kiomv6XRHh0FT9Nza4OtsfynHNTx1EbGMYSOOps1Nm6yBDXQ8yM7RJoJ7kf0xGDU6fIlzZzzYTrS7RkuNha90HQ&sai=AMfl-YTAaE0KzoEso4hnYEHnr4BbhC50Rx7DWDX9NaULDTByZjTxb1yk-QrY4g1IqmsHgqd_1bYGF0Z1AbgxWcpyffdcXmaZrMshYoPe7SAxkgpjXawIXf54Sx7k6y8QDOE&sig=Cg0ArKJSzHn5w7e9N_J1EAE&cid=CAASJeRo_ysZ9A6w0hy8OQmNengSVuizNEgNjtdwKJpqRLKs1JaRyP8&id=lidar2&mcvt=1015&p=47,560,137,1288&mtos=1015,1015,1015,1015,1015&tos=1015,0,0,0,0&v=20220928&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=3914305483&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1664631502662&rpt=718&isd=0&lsd=0&met=ce&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 01 Oct 2022 13:38:24 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame EAD8 0
28 B 64ms
64ms Image
image/gif 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BeLdlz0I4Y8aaCYuc3gP4qJHADQAAAAA4AeAEAg&bg=!mZqlmt7NAAYQgTJdMIE7ACkAdvg8WvsMA0WvSIdpO7ngyZabVTBRV2TGyvK8LLW9P5We_S2mxjqnbgIAAADkUgAAAAJoAQeZAwIzXPpoAPOfoh9WhxbmygeKg5HNDHJHgh5_WD90cDZtXFD8t4dr6fPWGyBtcDppYzBv_JKZRe6UgBvEVXQPF7822tO_OyULphvlNbLAsHEPptuz_wWilQj_VuCi3IfWg1aCh605kkdq8Q__nQB0gcHz00CNEP7w18kltvKywdswaYfWmCAgglUKsEnKx0xmldXAJIeYPve2u2DjGys878BEEkKddUthPml8mOVw5-_LzYQRGJ1M_lPFTCRxL7Ym5bcd2E55AQkdOhsR_9PpxeIHUY49MuY59ZBF5bvdMPCIcKTr8EuYfKReS_OJNwTgEE_bW3ZXCIXAY0jT1j1sndFdcTA9QOJehNL1O4fiuRJACrKXbenKcROOarytuu-szsRRH2wVAqGvnqjohNdpUYa1bfFyPYcn_v5VFtj01vQLbnYLvDwXDFlA5sUNOV59gB2sYYkau8Qag7I7QX5m8epb-cMoZOEKF6I7Ki9-uuhhtxr3skpbGGl1zq7GI-YLqBc4FRgJvAe1oZXxKEaca4_b-SH4ckvmhiFZ0mYuG1_izycrquU5kj3PQvou_hmOGBTBZwGpJdCt6M8hIRyvWP9dyfqvJbmPAgvdfc_sVxgEMPU0vFUlgtAu_FIjrFB5zJAN5qW2kIYgXYI08u8GdKWp36ghRky0ZGZ26gLKnT8lh4fxRJcXgCwBdIT8I-XQe3dkxEoineZl5YqV08L9QCuIEpzfHuy4x4HyDfuiOGL9pNw86ftxF-JEkyuW30oVoL7gotyFXW1ba0rwJ-tGkFE8_64iQZe3nIzzk1T7d2pigsW8Cb2Q5WFpac--KspyM0L7BZPBw0CIvF5NJFSfjqovXEJRYjl5LhTD_o8FOQGBcSP8d4mpp4v1gtSVz5o55ws2dB05U9etu-X1xliUwknAcWEIDz_P-4DYvyso1cbyppEBtD03A2izLdZ_nEDOg_kx1KeqfRtNNi6-xKogJLgb1ksOS8IA-KYE0WXbUGoWufv7ikYkp6YkBxDtGKqgFKRMXQ

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 01 Oct 2022 13:38:24 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 video-loader2.1-cr.js Show response
cdn.avantisvideo.com/js/ 115 KB
37 KB 9ms
8ms Script
application/javascript 2600:9000:2057:1c00:1c:38a0:8a40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.avantisvideo.com/js/video-loader2.1-cr.js?id=1c35f5e5-f7c0-4c97-8283-6c9f94ba8c53&tagId=1
Requested by: Host: cdn.avantisvideo.com
URL: https://cdn.avantisvideo.com/js/video-loader2.1-cr.js?id=1c35f5e5-f7c0-4c97-8283-6c9f94ba8c53&tagId=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2057:1c00:1c:38a0:8a40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 9f85b446cf7c5640aa90f2663bf232af45a2d4ebd65fcf60a3105f400ea8bdac

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Fri, 30 Sep 2022 23:15:50 GMT
x-amz-version-id: R3srv_l_.CCJ9VrYZEKFH47S4Xn_qYV0
content-encoding: gzip
last-modified: Mon, 15 Aug 2022 08:52:18 GMT
server: AmazonS3
via: 1.1 f038e7175be9761825b2eefc2b0a832e.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA6-C1
etag: W/"e47a13a604e4ac4e6ccdc005c9e93287"
age: 51755
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
x-amz-cf-id: 4RiApbZtR-Be0AK1M6xiCuWMWhy_4ScAumH8_P6i3v_qESpoQRUVgQ==

GET
H2 200 MazdaType150-Regular.woff2
assets.euw1.jivox.com/widgets/2022/9/a72798z63243e4fb4f84/1/300x250/fonts/MazdaType150Regular/ Frame 3B08 42 KB
42 KB 495ms
163ms Font
application/octet-stream 52.85.24.95
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.euw1.jivox.com/widgets/2022/9/a72798z63243e4fb4f84/1/300x250/fonts/MazdaType150Regular/MazdaType150-Regular.woff2
Requested by: Host: as.euw1.jivox.com
URL: https://as.euw1.jivox.com/unit/layout_renderer.php?es_pId=9f38299&isDynamic=1&campaignId=159897&gdpr_consent=&dspId=DBM&bDim=300x250&ap_DataSignal1=18269839860&jvxVer=2&gdpr=&bUnitId=2000&r=1664631501850674&cMacro=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCB-kDzUI4Y_L1M5ms9u8PrdWLyAnJ3tjBbMify9vdEN_kor3AARABIO_2kCFglYKAgKAHoAHm497pAsgBCakCFoTab7hxsD6oAwGqBO0BT9Ce4HNOHhFVqnPnTnflrO7RyyNBarJ6B7Aj_JF19_3tdRv-taLHNeUu7zUKnJC1PIsYC8nvQzPtKx2W0MEbnER6jkBwi9sA-8O71R1ohavLpUjX91qDOa7f10WOt78MrAjtfi7ZwLAdMXMkWkT-akUBCl5OOi76DLRe1yXTHczLRr63pQEev9JOtcJ2-xm6fJok4FjB9BVujjUVXHlwWt5xNu_9JmmUO36qFfXyxdyBryluk2JyhBDu2ov7n1A_rYfTmHhW3Zf2_YtOiAv2IMl5W5OYFxsSE4t8bPz2i3E4s64kn7ZqU4LAl4USwASR1Yu9kgTgBAOQBgGgBk2AB4KcoZYBqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgH35-xAtgHANIIEQiA4YAQEAEYHTICqgI6AoBAgAoDmAsByAsBgAwBsBPG6McQ0BMA2BMN2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAASJeRo6x_F_ff-rWyeeOXrhXXxZEVwn9dFbwrJbvAUU6GZpYTHzAM%26sig%3DAOD64_0SFm02YNJ4ggWP8zr-vI5VGGWC9g%26client%3Dca-pub-4627517680249670%26dbm_c%3DAKAmf-C3PeD9duwzJ08zdFLunA_q-6Tv406ifyM94DXwTzZrbUIQvq-Dp2JWg4KmpNa1HLhkdZIqhTUUitatTGmOHNsBd6BHobZr-JkxuEZtrVK_p_NENoR7aZIfLoCS_nDb6O0qQL8p6DfjgHp_JgmcxsJtOQDrFkyjYJlyORi4ZQbxwXSQQxQ%26cry%3D1%26dbm_d%3DAKAmf-D-SAL_SJyk9A3ZN5aaLmYYD2vZCX7g0YybWwU2WjoovPJhEG5T-OgXkpEUHYy4v1y0Gc5gUFvuKt88lbWxD7-scp3oIlle9-9Tr_sPkQikOMgUXX7I3XVB0ZMxerlimYfSRiC8Yq_Z7CM9v4Qbh0a62Ei3vXCyf1DZB82TrH34z-QVKgXM9fJF0zT3ppyBHGXxEfQsk7gPqzvkJJcWAcHBDI0vkrn68f3AZgOtQni9Wvr8oUKCfVvq1n6PkoMNH4kXPiLjl4H9ji3iw1NMIENxajAonsMgkhft_xE9-7W4URsG8KPVkoYg4-fBc1vk_LtHbOCs6vOtMBniufiYEhJu3wB2JjNUyQ-yLvCiXCbYD4Nf_IsIeBGL3_PtQ4GLQUmai6GCWiwo8eU-OYp2Uog-yv1T0JJA9UmUrNMoDgR57PXV72Yy-k9XE4mQ9dfQB-mfSZ4ogmjvd3djVx1qj2Ffl518tXXcvvIjMmFVu5KsKwrjBY1ZOVHf47LYF4aA43OCiZgZ0qzgd9Hd7vyQGLgIPPGy-lTzMKM4zIHHMn3UC-gfy1vzMsdwTjWcP9tuIVDj1KjKOhN92dwT1XqrN3Fk16_tdmwrCUvPtWQtfDdd8OFBVzoa7IKfE9lx2F_tiJwS2IC6%26adurl%3D&us_privacy=%24%7BUS_PRIVACY%7D&ts_pId=9f38299&siteId=961ee94c58df6c&creativeUnitType=20&objectName=jvx_633842cf1620d&adUnitId=2000&jvxSessionId=1664631503.3758&base=1&creativeResolveBeginTime=1664631503000&omid=0&localTimeOffset=0&pageURL=https%3A%2F%2Fb5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-38%2Fhtml%2Fcontainer.html&allowExp=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.85.24.95 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-85-24-95.cpt52.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 678b3cae19452e95842bebedd844ab5491a4fe873ba5b3e5bca522cc4e45c3fd

Request headers

Referer: https://as.euw1.jivox.com/
Origin: https://as.euw1.jivox.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

x-amz-version-id: null
date: Sat, 01 Oct 2022 01:26:46 GMT
via: 1.1 c6af59b17d8f953c3a5592e894fe69b4.cloudfront.net (CloudFront)
x-amz-cf-pop: CPT52-C1
age: 43899
x-cache: Hit from cloudfront
content-length: 42740
last-modified: Fri, 16 Sep 2022 09:13:53 GMT
server: AmazonS3
etag: "3f2a9073b5b7460866937e4cd2251bb8"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: max-age=86400, s-maxage=86400
vary: Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
accept-ranges: bytes
x-amz-cf-id: bFK4SWgPLF0LsRnwRMQ9d_MLfz63cds2Op8Nf3w0R_LfrolADPd25g==

GET
H2 200 t Show response
avm.avantisvideo.com/api/v1/tag/1c35f5e5-f7c0-4c97-8283-6c9f94ba8c53/1/desktop/generate/ 3 KB
3 KB 149ms
148ms XHR
text/plain 2600:9000:2057:d000:3:748e:7940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://avm.avantisvideo.com/api/v1/tag/1c35f5e5-f7c0-4c97-8283-6c9f94ba8c53/1/desktop/generate/t?subId=eoct_nationalday_china_remail&browser=chrome&utm=eoct_nationalday_china_remail&os=windows&url=https%3A%2F%2Fwww.123greetings.com%2Fevents%2Fnational_day_china%2F%3Futm_source%3Deoct_nationalday_china_remail&eu=true&country=DE&hour=13&amp=false

Requested by

Host: cdn.avantisvideo.com
URL: https://cdn.avantisvideo.com/js/video-loader2.1-cr.js?id=1c35f5e5-f7c0-4c97-8283-6c9f94ba8c53&tagId=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2057:d000:3:748e:7940:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

f5cc0170d9bebf7d43aa74b381ff2899cc5a3d3fec051e7f7966451db10f0257

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.123greetings.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
Content-Type: application/json

Response headers

date: Sat, 01 Oct 2022 13:38:24 GMT
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
via: 1.1 d8e97d2c28917e4c41ab79bb1e94b844.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies: none
x-amz-cf-pop: FRA6-C1
x-dns-prefetch-control: off
x-cache: Miss from cloudfront
content-length: 2771
x-xss-protection: 0
referrer-policy: no-referrer
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
vary: Origin
content-type: text/plain; charset=utf-8
access-control-allow-origin: https://www.123greetings.com
x-download-options: noopen
access-control-allow-credentials: true
x-amz-cf-id: BwcvXI4EgirC3_-Hm8reebXn4c-GEbSX6LXvpleLD9dffreGxhNejw==

OPTIONS
H2 204 t
avm.avantisvideo.com/api/v1/tag/1c35f5e5-f7c0-4c97-8283-6c9f94ba8c53/1/desktop/generate/ Frame 0
0 148ms
147ms Preflight 2600:9000:2057:d000:3:748e:7940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2057:d000:3:748e:7940:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: GET
Origin: https://www.123greetings.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET,HEAD,PUT,POST,DELETE,PATCH
access-control-allow-origin: https://www.123greetings.com
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
date: Sat, 01 Oct 2022 13:38:24 GMT
expect-ct: max-age=0
referrer-policy: no-referrer
strict-transport-security: max-age=15552000; includeSubDomains
vary: Origin
via: 1.1 d8e97d2c28917e4c41ab79bb1e94b844.cloudfront.net (CloudFront)
x-amz-cf-id: pfbxOtxRBcoF9cNP0r1Bfn9V-7gmdUGjFchgMUczIUra6W8KDDC70g==
x-amz-cf-pop: FRA6-C1
x-cache: Miss from cloudfront
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-xss-protection: 0

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 63ms
63ms Image
text/html 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20220928&jk=3900156577675395&bg=!NzSlNHDNAAYQgTJdMIE7ACkAdvg8WrCd9FVMw_1mS8TxWE3RHp_qEHagJLQt85-e-WZUl54yWQ2U4gIAAAIcUgAAAAJoAQeZArj9tTHaL4xNhD6f6c9udH916jifrZPgXTHk0a3DHDJUZ86mnRTQsMIvLxeVoHo0_7MqduxtggkgyD-wsAs5rAXeG7rGYBMZmjkV0tRYdcycFswuLYDF_KY55dZzDIEJVW-gfVR5NYsmcdvHSq8xNqAgZK1K6Ct519UulTdqG21FWC8m2RfbbR4ntdr2Ttg81CI3txATQLXW8MBo1YDd4xWhg7z6dvfd1NskZgwLhnidnJknjGfmQ9uoHO8BNHQH8wipLirv9UhUEOaBPg803hLd0C7vXeBreEIwW4P80PeVE9malSweDoCcEmgJfpIvCAVDVcDIjbxkT2L8akHFdxEiF7_rBJwrVX2S9leE22krCqQqhbOL7hv-3d6VgOAlDuVO2Rv-ykpf-tVDfx4wamVG5W8rTmUMu5T0CKg9IxZf_6uZm4w3IGJUmv6WUdVhCmZ6LcR--2JmNKdfOnzV2GAoy5bOWgnXLgNOo0JVApavHmJIKBr72zaHk4aHKOFH_CKp3_RhwDwJ8DXoEPeB6kVE8IHA4bb38M1-Yv4Kco0ci2nBS6ERvpmPxLJBUqzftlXCkq-o37unZmrGEaQEcnsqcg0Jmn_35yYGDZS6yMb6qSC8RBqJAU-uXpXqFfUE9eZC2N5J3mBwwNUDGaD-R29Iu4ItL4xlCf82EJJXH5eI5FSTV7rLunKWbpQJUQCSZ379vI0H5JyNNchcLLzAOK6CLhK9T0Xqp-gXOr20iCT5oMwMaj4ykuSd2BYdCVuaxtAZzG82PLLCTo8PNfLKdUYhuBBXiKYx2ti2Sn1u2xxE6VH71UDjMkiFok2cfRRCUOvoggP_68ZavPSuOkkmnyhhgMTquc4I7XIC_HUJo9LIC_DdyT6jIj8FCL5WoMJedAY9Oerd2hjTwBfMAZsrVi5phqfERgEF2K0
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

POST
H2 204 /
events1.avantisvideo.com/ 0
34 B 167ms
166ms Ping
text/plain 44.241.52.146
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://events1.avantisvideo.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 44.241.52.146 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-241-52-146.us-west-2.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.123greetings.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Sat, 01 Oct 2022 13:38:24 GMT

GET
H2 200 video-loader2-cr.js Show response
cdn.avantisvideo.com/js/ 115 KB
37 KB 9ms
8ms Script
application/javascript 2600:9000:2057:1c00:1c:38a0:8a40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.avantisvideo.com/js/video-loader2-cr.js?id=1c35f5e5-f7c0-4c97-8283-6c9f94ba8c53&tagId=1
Requested by: Host: cdn.avantisvideo.com
URL: https://cdn.avantisvideo.com/js/video-loader2-cr.js?id=1c35f5e5-f7c0-4c97-8283-6c9f94ba8c53&tagId=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2057:1c00:1c:38a0:8a40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: b2675f2bc3393449a44784c7815f9c36449024e4397d7f174812c42c6bbaa148

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

x-amz-version-id: 23HYQ0o2ylfY4CikTtNpDIRIBjFm3stq
content-encoding: gzip
via: 1.1 f038e7175be9761825b2eefc2b0a832e.cloudfront.net (CloudFront)
date: Sat, 01 Oct 2022 05:16:31 GMT
last-modified: Wed, 10 Aug 2022 07:12:05 GMT
server: AmazonS3
x-amz-cf-pop: FRA6-C1
age: 30114
etag: W/"34fc05e1a66d53097cb2d428812d10e3"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
x-amz-cf-id: BWUIS8Zu38BLmrFOPjRK9zmRq_3nBkFXQTz_dbdEzmEvxfu57TVNLw==

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 4ED8 42 B
64 B 69ms
68ms Fetch
image/gif 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstFfMYldDbeIvK7cFcvMBcNtlDU4cvtifco6lcZktRcJBT3ryJZnnb14XMPAmssJU6Ld8bw47fqIJvQ2_Q6EVxBBX7OpQp_9C_JiCFL-4ylkN0J1vf_kWxxgWwC9HK9vyTj5beV4Q&sai=AMfl-YSnz0pzaGmQhUy5xrz3xw0Vf56ApLhPHw0ApY4wheVAY69TWp2DqqAVDJTaodw5FKsYbpVOhTG7UN1QisFpakyRG-TSGsByLwhT6xsRf0TWzBiUrvsU7GLSTCFpPss&sig=Cg0ArKJSzBlF8pTQFJUvEAE&cid=CAASJeRoxhPD2yJRWf2AyF0CPpQeQvaIp-BAVGTAsk36U6Sh-IsQ8Qk&id=lidar2&mcvt=1006&p=518,970,768,1270&mtos=1006,1006,1006,1006,1006&tos=1006,0,0,0,0&v=20220928&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=4293624944&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1664631502733&rpt=915&isd=0&lsd=0&met=ie&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 01 Oct 2022 13:38:24 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame AA87 42 B
64 B 65ms
64ms Fetch
image/gif 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsviBT9gLvltlgTm-ZsuZje6WizzHRuYlpdXt1-BEAusn3oarIqFE_KYUgGyb4CQwa7RmVU_s7udK4M1cJnG58EbUf1IiNwwLWluGRlHBeaIPXR3evHlHUVUQloc&sai=AMfl-YTEXCET6pA-sb03qDI5Nv9PSz69Hh425oFgaxoAAwzcnOPSvwuKrPfDrFm9QvbCI3CM8eEv0cz9JEIgfQIpDlQ18vYOyZ1ev7zeZUGKGzC_3J3SCQwhU2KA4Fe1y64&sig=Cg0ArKJSzFbrz5UiQ-tkEAE&cid=CAASJeRoA3_4VYO1EQZH06ETe3Lb_MXeUBvnE55Vw8yRLgRmJo6Ihlk&id=lidar2&mcvt=1001&p=236,970,486,1270&mtos=1001,1001,1001,1001,1001&tos=1001,0,0,0,0&v=20220928&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=20&adk=1127719608&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1664631502728&rpt=1012&isd=0&lsd=0&met=mue&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 01 Oct 2022 13:38:24 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 3.ef52796c7477ec4eb321-video-loader2.1-cr.js Show response
cdn.avantisvideo.com/js/ 22 KB
8 KB 11ms
11ms Script
application/javascript 2600:9000:2057:1c00:1c:38a0:8a40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.avantisvideo.com/js/3.ef52796c7477ec4eb321-video-loader2.1-cr.js
Requested by: Host: cdn.avantisvideo.com
URL: https://cdn.avantisvideo.com/js/video-loader2.1-cr.js?id=1c35f5e5-f7c0-4c97-8283-6c9f94ba8c53&tagId=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2057:1c00:1c:38a0:8a40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: df9967e26296ab6659acbbecd377f7933cd3743d50935a5c44c800f90b9c6687

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

x-amz-version-id: 6v8pusNP91qhc6WfOs2Z_DMNTyQxoq0Q
content-encoding: gzip
via: 1.1 f038e7175be9761825b2eefc2b0a832e.cloudfront.net (CloudFront)
date: Fri, 30 Sep 2022 23:29:05 GMT
last-modified: Mon, 15 Aug 2022 08:52:18 GMT
server: AmazonS3
x-amz-cf-pop: FRA6-C1
age: 50960
etag: W/"97f2ecd515fcc6a9d26763251ef08b4f"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
x-amz-cf-id: FDdFVvsGDmEW_pWcJiMe5v5Wxamv1g-P87e-zc2Ri7yfN8YH6MQUOA==

GET
H/1.1 200
OK adb.js Show response
play.aniview.com/59918a0e073ef4782e4e347f/5ebd46100b22d93ee56a465f/ 2 B
746 B 93ms
18ms Script
text/javascript 2a02:26f0:10e:29b::2c79
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://play.aniview.com/59918a0e073ef4782e4e347f/5ebd46100b22d93ee56a465f/adb.js
Requested by: Host: cdn.avantisvideo.com
URL: https://cdn.avantisvideo.com/js/3.ef52796c7477ec4eb321-video-loader2.1-cr.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2a02:26f0:10e:29b::2c79 Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: UploadServer /
Resource Hash: d8a957038679125d4840554fc43375697e662283121561afdefc2c3fbecaf729

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Date: Sat, 01 Oct 2022 13:38:24 GMT
X-GUploader-UploadID: ABg5-UzoGnLBMGCHS6j7VTsUr7AZ5zBWHdzdjjYVYSRMqe-BYHEVKNeKmDso6U2X_8wPYdYApM7JF1x02zrA-K1QJ3UxKuTJQg
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
Connection: keep-alive
Content-Length: 2
Last-Modified: Thu, 14 May 2020 13:22:36 GMT
Server: UploadServer
ETag: "56f785241d0ed9fe51a8170b9dd50272"
x-goog-generation: 1589462556858294
Content-Type: text/javascript
Access-Control-Allow-Origin: *
x-goog-hash: crc32c=cz4mSA==
Access-Control-Expose-Headers: Content-Type
Cache-Control: public, max-age=1800
x-goog-stored-content-length: 2
Accept-Ranges: bytes
Expires: Sat, 01 Oct 2022 14:08:24 GMT

GET
H2 200 aniview.js Show response
player.aniview.com/script/6.1/ 28 KB
10 KB 63ms
19ms Script
application/javascript 2a02:26f0:10e:29b::2c79
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://player.aniview.com/script/6.1/aniview.js
Requested by: Host: cdn.avantisvideo.com
URL: https://cdn.avantisvideo.com/js/video-loader2.1-cr.js?id=1c35f5e5-f7c0-4c97-8283-6c9f94ba8c53&tagId=1
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2a02:26f0:10e:29b::2c79 Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: UploadServer /
Resource Hash: 756fc7dbf6e4ba97c61ad14913289b7cda96f360cd385aad2e82f8311d708233

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Sat, 01 Oct 2022 13:38:25 GMT
content-encoding: gzip
x-guploader-uploadid: ADPycdsY-COfZkvAp5f7J7ItUVDWldqiXByqroXvDg2XaB0B6HxFTIIoqrkWVb8IuxcAV5OMqlROEILA985AJPKoObWhtcaf_G7D
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
content-length: 9907
last-modified: Thu, 22 Sep 2022 10:35:01 GMT
server: UploadServer
etag: "f0b55e7b963e0c631589cbf691100f44"
vary: Accept-Encoding
x-goog-generation: 1663842901839103
content-type: application/javascript
access-control-allow-origin: *
x-goog-hash: crc32c=1g9Qig==, md5=8LVee5Y+DGMVicv2kRAPRA==
access-control-expose-headers: Content-Type
cache-control: public, max-age=300
x-goog-stored-content-length: 9907
accept-ranges: bytes
expires: Sat, 01 Oct 2022 13:43:25 GMT

GET
H2 200 AVmanager.js Show response
player.aniview.com/script/6.1/ Frame 913F 390 KB
111 KB 18ms
18ms Script
application/javascript 2a02:26f0:10e:29b::2c79
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=5e5bd02728a06124e30d85c3
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/aniview.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2a02:26f0:10e:29b::2c79 Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: UploadServer /
Resource Hash: dba6cd6ea8cd4b220a20275c440ac8b66e7f96c21bf5b220d7805524bc5da486

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Sat, 01 Oct 2022 13:38:25 GMT
content-encoding: gzip
x-guploader-uploadid: ADPycdtVwuCnxiRQc_24DVBZvapC7pEKHCab5_DCmfFOXxbwJGxO59Ws53oZ7lHIhNJhT2aPqRYkbphcG95WPYowo9Zuyg
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
content-length: 112390
last-modified: Thu, 22 Sep 2022 10:35:01 GMT
server: UploadServer
etag: "338e56b1f4ce4f7715f277f4b2749547"
vary: Accept-Encoding
x-goog-generation: 1663842901832027
content-type: application/javascript
access-control-allow-origin: *
x-goog-hash: crc32c=61SVsA==, md5=M45WsfTOT3cV8nf0snSVRw==
access-control-expose-headers: Content-Type
cache-control: public, max-age=300
x-goog-stored-content-length: 112390
accept-ranges: bytes
expires: Sat, 01 Oct 2022 13:43:25 GMT

GET
H2 200 AVmanager.js Show response
player.aniview.com/script/6.1/ab5/ Frame D12A 390 KB
111 KB 42ms
42ms Script
application/javascript 2a02:26f0:10e:29b::2c79
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://player.aniview.com/script/6.1/ab5/AVmanager.js?v=1.0&type=s&pid=5e5bd02728a06124e30d85c3
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/aniview.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2a02:26f0:10e:29b::2c79 Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: UploadServer /
Resource Hash: dba6cd6ea8cd4b220a20275c440ac8b66e7f96c21bf5b220d7805524bc5da486

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Sat, 01 Oct 2022 13:38:25 GMT
content-encoding: gzip
x-guploader-uploadid: ADPycdvRSIzTjQ4gKGfyt7xxo-M4-6N8JQS0JJ4qs2b3Y5BooecQgPZ1t-Ht78UVUsWyXyRCe0tnzpQr-tT9c2Vt48egpQ
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
content-length: 112390
last-modified: Thu, 22 Sep 2022 10:35:02 GMT
server: UploadServer
etag: "b1115cd9fdce3ea082dfd570b544e394"
vary: Accept-Encoding
x-goog-generation: 1663842901979668
content-type: application/javascript
access-control-allow-origin: *
x-goog-hash: crc32c=dg5YAA==, md5=sRFc2f3OPqCC39VwtUTjlA==
access-control-expose-headers: Content-Type
cache-control: public, max-age=300
x-goog-stored-content-length: 112390
accept-ranges: bytes
expires: Sat, 01 Oct 2022 13:43:25 GMT

GET
H2 200 track
track1.aniview.com/ 0
70 B 318ms
91ms Image
text/plain 34.226.74.25

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track1.aniview.com/track?r=www.123greetings.com&sn=eoct_nationalday_china_remail&ic=0&tgt=0&app=&wi=400&he=225&test=&d36=6.2.56&apppkg=&fv=3&proto=https&clsid=3ab11263-1d1a-467c-860d-75db5d008588&rando=55&pid=5e5bd02728a06124e30d85c3&cid=5e5bd1f528a0610dd725f7d8&stagid=&stplid=&e=inventory&vi=100&cb=1664631505180
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.226.74.25 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Sat, 01 Oct 2022 13:38:25 GMT
cache-control: max-age=0, no-cache, no-store
content-length: 0

GET
H2 200 track
track1.aniview.com/ 0
71 B 284ms
91ms Image
text/plain 34.226.74.25

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track1.aniview.com/track?r=www.123greetings.com&sn=eoct_nationalday_china_remail&ic=0&tgt=0&app=&wi=600&he=338&test=5&d36=6.2.56&apppkg=&fv=3&proto=https&clsid=cd09cba4-9ec1-4d29-be42-4ed87359541c&rando=56&pid=5e5bd02728a06124e30d85c3&cid=5ec3e3871f5e5c792c20f9f7&stagid=&stplid=&e=inventory&vi=100&cb=1664631505214
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.226.74.25 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Sat, 01 Oct 2022 13:38:25 GMT
cache-control: max-age=0, no-cache, no-store
content-length: 0

GET
DATA 200
OK truncated
/ 331 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c9e42e2c7cd3ec42f6febe248c715522b2e5f6bc92b389b101fbd33a069ee7ed

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 740 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7a9054758a4808c97c188f5be469879eef19a2f7cbd9bb0e740cee3199a6c747

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 384 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8030594b4999eca38901464b09383ca988c454a4f7ab6b963be75e6c42da011d

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 782 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5028f77ac0afdac1bb66eaeeef41e77cea0f2487a66cb1df354d8680db1bb64e

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 395 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f0d7d05ef7ae154e283b8c8e462aeb6e9b5bca53225c42743e2028c34828c08a

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 449 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f86a1105ed755e9ae9b75708a5b19d5c478212605b9f8d7c98796b451de18c63

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 577 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d23484cf0f36a73cc699ceffc6da8f0e9ffd6b372dcb615ec942cdc287845505

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 / Show response
go1.aniview.com/api/adserver/tag/ 34 KB
6 KB 353ms
138ms XHR
application/json 3.224.43.174

General

Check archive.org

Show headers Download Go to

Full URL: https://go1.aniview.com/api/adserver/tag/?AV_URL=https%3A%2F%2Fwww.123greetings.com%2Fevents%2Fnational_day_china%2F%3Futm_source&AV_SUBID=eoct_nationalday_china_remail&AV_SECURED=1&AV_LANGUAGE=en&AV_PUBLISHERID=5e5bd02728a06124e30d85c3&AV_CHANNELID=5e5bd1f528a0610dd725f7d8&tgt=0&AV_CDIM1=&AV_CDIM2=&AV_CDIM3=&AV_ABT=&pce=1&npx=1&AV_DETDOMAIN=www.123greetings.com&AV_DADPOS=3&d36=6.2.56&responsive=1&sver=2&avtoken=505179&omv=1.0.1&clsid=3ab11263-1d1a-467c-860d-75db5d008588&rando=55&AV_WIDTH=400&AV_HEIGHT=225&AV_DNT=0&cb=1664631505225&wfc=1
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=5e5bd02728a06124e30d85c3
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.224.43.174 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: fd4fffd1b44975052d6df5b48492c7080c53dfeeb4eec59ad228e9da5e5c8196

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Sat, 01 Oct 2022 13:38:25 GMT
content-encoding: gzip
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://www.123greetings.com
cache-control: no-cache
access-control-allow-credentials: true
expires: Mon, 19 Sep 2022 23:51:45 GMT

POST
H2 204 /
events1.avantisvideo.com/ 0
34 B 166ms
166ms Ping
text/plain 44.241.52.146
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://events1.avantisvideo.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 44.241.52.146 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-241-52-146.us-west-2.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.123greetings.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Sat, 01 Oct 2022 13:38:25 GMT

GET
H2 200 / Show response
go1.aniview.com/api/adserver/tag/5/ 34 KB
6 KB 429ms
229ms XHR
application/json 3.224.43.174

General

Check archive.org

Show headers Download Go to

Full URL: https://go1.aniview.com/api/adserver/tag/5/?AV_URL=https%3A%2F%2Fwww.123greetings.com%2Fevents%2Fnational_day_china%2F%3Futm_source&AV_SUBID=eoct_nationalday_china_remail&AV_SECURED=1&AV_LANGUAGE=en&AV_PUBLISHERID=5e5bd02728a06124e30d85c3&AV_CHANNELID=5ec3e3871f5e5c792c20f9f7&tgt=0&AV_CDIM1=&AV_CDIM2=&AV_CDIM3=&AV_ABT=5&pce=1&npx=1&AV_DETDOMAIN=www.123greetings.com&AV_DADPOS=3&d36=6.2.56&responsive=1&sver=2&avtoken=505213&omv=1.0.1&clsid=cd09cba4-9ec1-4d29-be42-4ed87359541c&rando=56&AV_WIDTH=600&AV_HEIGHT=338&AV_DNT=0&cb=1664631505241&wfc=1
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/ab5/AVmanager.js?v=1.0&type=s&pid=5e5bd02728a06124e30d85c3
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.224.43.174 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 95fc7e3828b0b354d19974abb86910bcf89434f04ec31ceea2b4a77e4cf15d61

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Sat, 01 Oct 2022 13:38:25 GMT
content-encoding: gzip
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://www.123greetings.com
cache-control: no-cache
access-control-allow-credentials: true
expires: Mon, 19 Sep 2022 23:51:45 GMT

GET
H2 200 2021_CX-60_GER_LHD_C117_EXT_FQ_White_High_Japanese_Premium_WhiteLeather_City_till20240131.jpg
cdn.euw1.jivox.com/files/72839/Template2_FinalVersion_DE_V3/300x250/Frame1/ Frame 3B08 85 KB
86 KB 77ms
21ms Image
image/jpeg 18.66.15.53
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.euw1.jivox.com/files/72839/Template2_FinalVersion_DE_V3/300x250/Frame1/2021_CX-60_GER_LHD_C117_EXT_FQ_White_High_Japanese_Premium_WhiteLeather_City_till20240131.jpg
Requested by: Host: as.euw1.jivox.com
URL: https://as.euw1.jivox.com/unit/layout_renderer.php?es_pId=9f38299&isDynamic=1&campaignId=159897&gdpr_consent=&dspId=DBM&bDim=300x250&ap_DataSignal1=18269839860&jvxVer=2&gdpr=&bUnitId=2000&r=1664631501850674&cMacro=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCB-kDzUI4Y_L1M5ms9u8PrdWLyAnJ3tjBbMify9vdEN_kor3AARABIO_2kCFglYKAgKAHoAHm497pAsgBCakCFoTab7hxsD6oAwGqBO0BT9Ce4HNOHhFVqnPnTnflrO7RyyNBarJ6B7Aj_JF19_3tdRv-taLHNeUu7zUKnJC1PIsYC8nvQzPtKx2W0MEbnER6jkBwi9sA-8O71R1ohavLpUjX91qDOa7f10WOt78MrAjtfi7ZwLAdMXMkWkT-akUBCl5OOi76DLRe1yXTHczLRr63pQEev9JOtcJ2-xm6fJok4FjB9BVujjUVXHlwWt5xNu_9JmmUO36qFfXyxdyBryluk2JyhBDu2ov7n1A_rYfTmHhW3Zf2_YtOiAv2IMl5W5OYFxsSE4t8bPz2i3E4s64kn7ZqU4LAl4USwASR1Yu9kgTgBAOQBgGgBk2AB4KcoZYBqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgH35-xAtgHANIIEQiA4YAQEAEYHTICqgI6AoBAgAoDmAsByAsBgAwBsBPG6McQ0BMA2BMN2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAASJeRo6x_F_ff-rWyeeOXrhXXxZEVwn9dFbwrJbvAUU6GZpYTHzAM%26sig%3DAOD64_0SFm02YNJ4ggWP8zr-vI5VGGWC9g%26client%3Dca-pub-4627517680249670%26dbm_c%3DAKAmf-C3PeD9duwzJ08zdFLunA_q-6Tv406ifyM94DXwTzZrbUIQvq-Dp2JWg4KmpNa1HLhkdZIqhTUUitatTGmOHNsBd6BHobZr-JkxuEZtrVK_p_NENoR7aZIfLoCS_nDb6O0qQL8p6DfjgHp_JgmcxsJtOQDrFkyjYJlyORi4ZQbxwXSQQxQ%26cry%3D1%26dbm_d%3DAKAmf-D-SAL_SJyk9A3ZN5aaLmYYD2vZCX7g0YybWwU2WjoovPJhEG5T-OgXkpEUHYy4v1y0Gc5gUFvuKt88lbWxD7-scp3oIlle9-9Tr_sPkQikOMgUXX7I3XVB0ZMxerlimYfSRiC8Yq_Z7CM9v4Qbh0a62Ei3vXCyf1DZB82TrH34z-QVKgXM9fJF0zT3ppyBHGXxEfQsk7gPqzvkJJcWAcHBDI0vkrn68f3AZgOtQni9Wvr8oUKCfVvq1n6PkoMNH4kXPiLjl4H9ji3iw1NMIENxajAonsMgkhft_xE9-7W4URsG8KPVkoYg4-fBc1vk_LtHbOCs6vOtMBniufiYEhJu3wB2JjNUyQ-yLvCiXCbYD4Nf_IsIeBGL3_PtQ4GLQUmai6GCWiwo8eU-OYp2Uog-yv1T0JJA9UmUrNMoDgR57PXV72Yy-k9XE4mQ9dfQB-mfSZ4ogmjvd3djVx1qj2Ffl518tXXcvvIjMmFVu5KsKwrjBY1ZOVHf47LYF4aA43OCiZgZ0qzgd9Hd7vyQGLgIPPGy-lTzMKM4zIHHMn3UC-gfy1vzMsdwTjWcP9tuIVDj1KjKOhN92dwT1XqrN3Fk16_tdmwrCUvPtWQtfDdd8OFBVzoa7IKfE9lx2F_tiJwS2IC6%26adurl%3D&us_privacy=%24%7BUS_PRIVACY%7D&ts_pId=9f38299&siteId=961ee94c58df6c&creativeUnitType=20&objectName=jvx_633842cf1620d&adUnitId=2000&jvxSessionId=1664631503.3758&base=1&creativeResolveBeginTime=1664631503000&omid=0&localTimeOffset=0&pageURL=https%3A%2F%2Fb5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-38%2Fhtml%2Fcontainer.html&allowExp=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.15.53 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-15-53.vie50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: f6aa9c0bdd746606d7fb70178bcb63b1be988d49f7ff4a6bab11d0cf3b0fb3ab

Request headers

Referer: https://as.euw1.jivox.com/
Origin: https://as.euw1.jivox.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

x-amz-version-id: null
date: Sat, 01 Oct 2022 10:32:47 GMT
via: 1.1 4f41a6860ab116e6fd0a110c5ba1420a.cloudfront.net (CloudFront)
x-amz-cf-pop: VIE50-P1
age: 72326
x-cache: Hit from cloudfront
content-length: 87207
last-modified: Thu, 25 Aug 2022 16:13:25 GMT
server: AmazonS3
etag: "6027670b323bb2f3c7143d1df479ba2e"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: image/jpeg
access-control-allow-origin: https://as.euw1.jivox.com
access-control-expose-headers: Content-Range
cache-control: max-age=86400, s-maxage=86400
access-control-allow-credentials: true
vary: Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
accept-ranges: bytes
x-amz-cf-id: RZeg8Z2yirCsGgReeK9dzM73H2Uw5uTVNq6B9w5eYQeWejuPJIQQaQ==

GET
H2 200 es_encParams_L2FwX0RhdGFTaWduYWwxPTE4MjY5ODM5ODYwL2FkYjEta2V5PTgxNi9hZGIxLWlkX3ZlcnNpb249Mjk2NDRfMS9lc19ldD0yL2JEaW09MzAweDI1MC9qdnhSYW5kb209MC4xODM1ODA0MzU2NDI4MzU4OC9lc19jZ05hbWU9RGVmYXVsdF9ubyts...
evs.euw1.jivox.com/trk/72/205806/2000/159897/961ee94c58df6c/20/jvxSId_1664631503.3758/es_pId_9f38299/ Frame FCA6 43 B
229 B 31ms
31ms Image
image/gif 34.242.157.79
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://evs.euw1.jivox.com/trk/72/205806/2000/159897/961ee94c58df6c/20/jvxSId_1664631503.3758/es_pId_9f38299/es_encParams_L2FwX0RhdGFTaWduYWwxPTE4MjY5ODM5ODYwL2FkYjEta2V5PTgxNi9hZGIxLWlkX3ZlcnNpb249Mjk2NDRfMS9lc19ldD0yL2JEaW09MzAweDI1MC9qdnhSYW5kb209MC4xODM1ODA0MzU2NDI4MzU4OC9lc19jZ05hbWU9RGVmYXVsdF9ubytsb2NhdGlvbl9XZWVrZW5kX0RheV9Cb25kX3doaXRlX3Y2L2VzX3NlZ05hbWU9R2VuZXJpY19XZWVrRW5kX0RheQ==
Requested by: Host: b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com
URL: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.242.157.79 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-242-157-79.eu-west-1.compute.amazonaws.com
Software: akka-http/10.1.11 /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

access-control-allow-origin: *
date: Sat, 01 Oct 2022 13:38:25 GMT
access-control-allow-credentials: false
content-type: image/gif
server: akka-http/10.1.11
content-length: 43
p3p: CP='IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA'

POST
H2 200 /
track.adform.net/serving/unload/ Frame AA87 35 B
503 B 18ms
18ms Ping
image/gif 37.157.3.28
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/serving/unload/?version=15&unload=6630838398584944844@@57588194,4975180853957513125,100|1071|0|0|0|0|0|0|0||42|1|||0||1|0|0|o-2_gUZhERHxBx_RTJEBJ3XGkc-rlYEu-Fi9xG0I6t4yrY1GSkq4IfL_QlhaeLlf0|||11||0

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.3.28 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Sat, 01 Oct 2022 13:38:25 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET, POST
content-type: image/gif
access-control-allow-origin: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
expires: -1

POST
H2 204 /
events1.avantisvideo.com/ 0
34 B 169ms
169ms Ping
text/plain 44.241.52.146
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://events1.avantisvideo.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 44.241.52.146 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-241-52-146.us-west-2.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.123greetings.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Sat, 01 Oct 2022 13:38:25 GMT

GET
H2 200 Mazda_CX-60_CraftedInJapan_Sideshot_40_Interface_RGB_5000x3750_2022_Eur_Engl.jpg
cdn.euw1.jivox.com/files/72839/Template2_FinalVersion_DE_V3/300x250/Frame2/ Frame 3B08 508 KB
510 KB 20ms
19ms Image
image/jpeg 18.66.15.53
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.euw1.jivox.com/files/72839/Template2_FinalVersion_DE_V3/300x250/Frame2/Mazda_CX-60_CraftedInJapan_Sideshot_40_Interface_RGB_5000x3750_2022_Eur_Engl.jpg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.15.53 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-15-53.vie50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 0da5019efb496dabcb5d6edb18088b09f815aa4462190c7a6bbb25d7059c941a

Request headers

Referer: https://as.euw1.jivox.com/
Origin: https://as.euw1.jivox.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

x-amz-version-id: null
date: Sat, 01 Oct 2022 06:16:36 GMT
via: 1.1 4f41a6860ab116e6fd0a110c5ba1420a.cloudfront.net (CloudFront)
x-amz-cf-pop: VIE50-P1
age: 26860
x-cache: Hit from cloudfront
content-length: 520688
last-modified: Thu, 25 Aug 2022 16:13:26 GMT
server: AmazonS3
etag: "f028679728a805f399edf4be876b3258"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: image/jpeg
access-control-allow-origin: https://as.euw1.jivox.com
access-control-expose-headers: Content-Range
cache-control: max-age=86400, s-maxage=86400
access-control-allow-credentials: true
vary: Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
accept-ranges: bytes
x-amz-cf-id: Qoe0jQarAHqzvIH-hoHblemXswkqy7UqzVUEqXYnueWUF9GbgCDrhQ==

GET
H2 200 Mazda_CX-60_CraftedInJapan_Sideshot_49_RGB_5000x3750_2022_Eur_Engl.jpg
cdn.euw1.jivox.com/files/72839/Template2_FinalVersion_DE_V3/300x250/Frame3/ Frame 3B08 226 KB
227 KB 18ms
18ms Image
image/jpeg 18.66.15.53
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.euw1.jivox.com/files/72839/Template2_FinalVersion_DE_V3/300x250/Frame3/Mazda_CX-60_CraftedInJapan_Sideshot_49_RGB_5000x3750_2022_Eur_Engl.jpg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.15.53 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-15-53.vie50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 03000928322c62fe9a01c55bdb0c91a08b5a226198f4e4a387d7a2652d56ec91

Request headers

Referer: https://as.euw1.jivox.com/
Origin: https://as.euw1.jivox.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

x-amz-version-id: null
date: Sat, 01 Oct 2022 04:29:36 GMT
via: 1.1 4f41a6860ab116e6fd0a110c5ba1420a.cloudfront.net (CloudFront)
x-amz-cf-pop: VIE50-P1
age: 32930
x-cache: Hit from cloudfront
content-length: 231279
last-modified: Thu, 25 Aug 2022 16:13:26 GMT
server: AmazonS3
etag: "feb79b529d7f82885e236920798ff2f1"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: image/jpeg
access-control-allow-origin: https://as.euw1.jivox.com
access-control-expose-headers: Content-Range
cache-control: max-age=86400, s-maxage=86400
access-control-allow-credentials: true
vary: Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
accept-ranges: bytes
x-amz-cf-id: ihQKdbFvEVgR2mslEHX65X9dSvZgIwCRU_UwAjC4axFQCQz1TT5HlQ==

GET
H2 200 logo.png
assets.euw1.jivox.com/widgets/2022/9/a72798z63243e4fb4f84/1/300x250/images/ Frame 3B08 16 KB
16 KB 165ms
165ms Image
image/png 52.85.24.95
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.euw1.jivox.com/widgets/2022/9/a72798z63243e4fb4f84/1/300x250/images/logo.png?1663154481597
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.85.24.95 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-85-24-95.cpt52.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: e38423b55ffa87c8d9803d8c50f28bbb28086658b6ca3973d9849bcbd29fe45e

Request headers

Referer: https://as.euw1.jivox.com/
Origin: https://as.euw1.jivox.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

x-amz-version-id: null
date: Sat, 01 Oct 2022 05:49:48 GMT
via: 1.1 c6af59b17d8f953c3a5592e894fe69b4.cloudfront.net (CloudFront)
x-amz-cf-pop: CPT52-C1
age: 28118
x-cache: Hit from cloudfront
content-length: 16349
last-modified: Fri, 16 Sep 2022 09:13:53 GMT
server: AmazonS3
etag: "7f0160e79867e7360cc692e067174aeb"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=86400, s-maxage=86400
vary: Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
accept-ranges: bytes
x-amz-cf-id: UyfcM51pJVq_CJGNdU0ILFxS8Xaor-0rIZqoC8M5f1CSK__WYpeWZA==

GET
H2

200

cookiesyncendpoint Show response
sync.aniview.com/ Frame C248
Redirect Chain

https://secure.adnxs.com/getuid?https%3A%2F%2Fsync.aniview.com%2Fcookiesyncendpoint%3Fauid%3D1664631505489-919491282646-005900-003-004066%26biddername%3D55%26key%3D%24UID
https://sync.aniview.com/cookiesyncendpoint?auid=1664631505489-919491282646-005900-003-004066&biddername=55&key=5407465011447374603

0
37 B

333ms
96ms

Document
text/plain

54.204.116.94

General

Check archive.org

Show headers Download Go to

Full URL: https://sync.aniview.com/cookiesyncendpoint?auid=1664631505489-919491282646-005900-003-004066&biddername=55&key=5407465011447374603
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=5e5bd02728a06124e30d85c3
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.204.116.94 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.123greetings.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

content-length: 0
date: Sat, 01 Oct 2022 13:38:26 GMT

Redirect headers

AN-X-Request-Uuid: 74fee638-9699-4603-9dfa-9d58bdd100ed
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Length: 0
Content-Type: text/html; charset=utf-8
Date: Sat, 01 Oct 2022 13:38:25 GMT
Expires: Sat, 15 Nov 2008 16:00:00 GMT
Location: https://sync.aniview.com/cookiesyncendpoint?auid=1664631505489-919491282646-005900-003-004066&biddername=55&key=5407465011447374603
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Pragma: no-cache
Server: nginx/1.21.3
X-Proxy-Origin: 178.162.209.140; 178.162.209.140; 868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
X-XSS-Protection: 0

GET
H/1.1 204
No Content pixel
ap.lijit.com/ Frame 8BFA 0
0 50ms
15ms Document
text/plain 216.52.2.48

General

Check archive.org

Show headers Download Go to

Full URL: https://ap.lijit.com/pixel?us_privacy=1---&gdpr=1&gdpr_consent=&redir=https%3A%2F%2Fsync.aniview.com%2Fcookiesyncendpoint%3Fauid%3D1664631505489-919491282646-005900-003-004066%26biddername%3D18%26key%3D%24UID
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=5e5bd02728a06124e30d85c3
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.48 -, , ASN (),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://www.123greetings.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: X-Requested-With, Content-Type
access-control-allow-methods: GET, POST, DELETE, PUT
access-control-allow-origin: *
date: Sat, 01 Oct 2022 13:38:25 GMT
pod: X-Sovrn-Pod: ad_ap5ams1

GET
H2 204 occ
ups.analytics.yahoo.com/ups/58543/ Frame 9234 0
0 10ms
10ms Document
text/plain 18.156.0.31
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://ups.analytics.yahoo.com/ups/58543/occ?gdpr=1&gdpr_consent=

Requested by

Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=5e5bd02728a06124e30d85c3

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

18.156.0.31 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-156-0-31.eu-central-1.compute.amazonaws.com

Software

ATS/9.1.10.25 /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://www.123greetings.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 0
date: Sat, 01 Oct 2022 13:38:25 GMT
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
server: ATS/9.1.10.25
strict-transport-security: max-age=31536000

GET
H2 204 services
sync.technoratimedia.com/ Frame B30F 0
0 325ms
93ms Document
text/plain 193.122.174.27

General

Check archive.org

Show headers Download Go to

Full URL: https://sync.technoratimedia.com/services?srv=cs&pid=70&uid=1664631505489-919491282646-005900-003-004066&cb=https%3A%2F%2Fsync.aniview.com%2Fcookiesyncendpoint%3Fauid%3D1664631505489-919491282646-005900-003-004066%26biddername%3D3%26key%3D%5BUSER_ID%5D
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=5e5bd02728a06124e30d85c3
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 193.122.174.27 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Referer: https://www.123greetings.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-methods: POST,GET,HEAD,OPTIONS
access-control-allow-origin: https://www.123greetings.com/
age: 0
date: Sat, 01 Oct 2022 13:38:26 GMT
server: nginx
via: 1.1 varnish
x-varnish: 450644791

GET
H2

200

cookiesyncendpoint Show response
sync.aniview.com/ Frame DDFB
Redirect Chain

https://sync.1rx.io/usersync2/rmpssp?sub=aniview&gdpr=1&gdpr_pd=0&gdpr_consent=&redir=https%3A%2F%2Fsync.aniview.com%2Fcookiesyncendpoint%3Fauid%3D1664631505489-919491282646-005900-003-004066%26bid...
https://sync.aniview.com/cookiesyncendpoint?auid=1664631505489-919491282646-005900-003-004066&biddername=200&key=OPTOUT

0
200 B

320ms
95ms

Document
text/plain

54.204.116.94

General

Check archive.org

Show headers Download Go to

Full URL: https://sync.aniview.com/cookiesyncendpoint?auid=1664631505489-919491282646-005900-003-004066&biddername=200&key=OPTOUT
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=5e5bd02728a06124e30d85c3
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.204.116.94 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.123greetings.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

content-length: 0
date: Sat, 01 Oct 2022 13:38:26 GMT

Redirect headers

cache-control: no-store, no-cache, must-revalidate
content-type: text/html
date: Sat, 01 Oct 2022 13:38:25 GMT
etag: OPTOUT
expires: 0
location: https://sync.aniview.com/cookiesyncendpoint?auid=1664631505489-919491282646-005900-003-004066&biddername=200&key=OPTOUT
pragma: no-cache

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame D862 15 KB
6 KB 78ms
20ms Document
text/html 184.51.9.34

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=160993&gdpr=1&gdpr_consent=&predirect=https%3A%2F%2Fsync.aniview.com%2Fcookiesyncendpoint%3Fauid%3D1664631505489-919491282646-005900-003-004066%26biddername%3D1%26key%3D
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=5e5bd02728a06124e30d85c3
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 184.51.9.34 -, , ASN (),
Reverse DNS
Software: Apache /
Resource Hash: ec24ec80719b83e32448bd568739a6b7c36f96cc746c3003a9d32a1ef4535152

Request headers

Referer: https://www.123greetings.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
cache-control: max-age=95437
content-encoding: gzip
content-length: 5549
content-type: text/html; charset=UTF-8
date: Sat, 01 Oct 2022 13:38:25 GMT
etag: "1300708-3de4-5d6ef246ef4cf"
expires: Sun, 02 Oct 2022 16:09:02 GMT
last-modified: Tue, 01 Feb 2022 06:38:00 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: Apache
vary: Accept-Encoding

GET
H2 204 /
csync.loopme.me/ Frame 2C39 0
0 51ms
26ms Document
text/plain 2606:4700::6813:ad6c

General

Check archive.org

Show headers Download Go to

Full URL: https://csync.loopme.me/?redirect=https%3A%2F%2Fsync.aniview.com%2Fcookiesyncendpoint%3Fauid%3D1664631505489-919491282646-005900-003-004066%26biddername%3D56%26pid%3D59c9148628a0612da3689288%26key%3D%7Bdevice_id%7D
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=5e5bd02728a06124e30d85c3
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6813:ad6c -, , ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Referer: https://www.123greetings.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 7535993f1f485b50-FRA
date: Sat, 01 Oct 2022 13:38:25 GMT
server: cloudflare

GET
H2 200 cm Show response
u.openx.net/w/1.0/ Frame 66A2 43 B
128 B 55ms
20ms Document
text/html 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://u.openx.net/w/1.0/cm?id=ec4c2ec9-18b8-454e-98be-3ee1e6bfea65&gdpr=1&gdpr_consent=&r=https%3A%2F%2Fsync.aniview.com%2Fcookiesyncendpoint%3Fauid%3D1664631505489-919491282646-005900-003-004066%26biddername%3D23%26key%3D
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=5e5bd02728a06124e30d85c3
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: e963e7196beb9123059ec3534b042ebcd1ef0a470fa568bfbebfeab2f33c4fda

Request headers

Referer: https://www.123greetings.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=0, no-cache
content-encoding: gzip
content-length: 56
content-type: text/html
date: Sat, 01 Oct 2022 13:38:25 GMT
expires: Mon, 26 Jul 1997 05:00:00 GMT
p3p: CP="CUR ADM OUR NOR STA NID"
pragma: no-cache
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
via: 1.1 google

GET
H2

200

cookiesyncendpoint Show response
sync.aniview.com/ Frame EBC7
Redirect Chain

https://bh.contextweb.com/bh/rtset?pid=562704&ev=1&us_privacy=${us_privacy}&rurl=https%3A%2F%2Fsync.aniview.com%2Fcookiesyncendpoint%3Fauid%3D1664631505489-919491282646-005900-003-004066%26bidderna...
https://sync.aniview.com/cookiesyncendpoint?auid=1664631505489-919491282646-005900-003-004066&biddername=10&pid=59c9148628a0612da3689288&key=WmAtqgJxJSZi&ev=1&us_privacy=${us_privacy}&pid=562704

0
37 B

95ms
95ms

Document
text/plain

54.204.116.94

General

Check archive.org

Show headers Download Go to

Full URL: https://sync.aniview.com/cookiesyncendpoint?auid=1664631505489-919491282646-005900-003-004066&biddername=10&pid=59c9148628a0612da3689288&key=WmAtqgJxJSZi&ev=1&us_privacy=${us_privacy}&pid=562704
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=5e5bd02728a06124e30d85c3
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.204.116.94 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.123greetings.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

content-length: 0
date: Sat, 01 Oct 2022 13:38:26 GMT

Redirect headers

cache-control: private, max-age=0, no-cache, no-store
content-language: de-DE
cw-server: bh-deployment-5d5cf8576-c6sss
expires: -1
location: https://sync.aniview.com/cookiesyncendpoint?auid=1664631505489-919491282646-005900-003-004066&biddername=10&pid=59c9148628a0612da3689288&key=WmAtqgJxJSZi&ev=1&us_privacy=${us_privacy}&pid=562704
p3p: policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
server: Jetty(9.4.14.v20181114)
strict-transport-security: max-age=15768000

GET
H2 200 avpb7.12.0.js Show response
player.aniview.com/script/6.1/libs/prebid/ Frame 913F 174 KB
55 KB 19ms
18ms Script
application/javascript 2a02:26f0:10e:29b::2c79
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://player.aniview.com/script/6.1/libs/prebid/avpb7.12.0.js
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=5e5bd02728a06124e30d85c3
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2a02:26f0:10e:29b::2c79 Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: UploadServer /
Resource Hash: 02fc09dfabfbab52f8760422f0e2f1d8a5009cfee409e7e03effdc567579f681

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Sat, 01 Oct 2022 13:38:25 GMT
content-encoding: gzip
x-guploader-uploadid: ADPycdu1D27hs8qKiUNAPqHle8wgKvlJXF61tShsEA4ChFu-wa4acwEkdR-WJwNESwZyEeMyN-aSKmT0rKymyBSXkouvhQ
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
content-length: 55752
last-modified: Thu, 22 Sep 2022 10:35:02 GMT
server: UploadServer
etag: "1795de334800689d8e696cd76eb42c2c"
vary: Accept-Encoding
x-goog-generation: 1663842902451355
content-type: application/javascript
access-control-allow-origin: *
x-goog-hash: crc32c=mLxcag==, md5=F5XeM0gAaJ2OaWzXbrQsLA==
access-control-expose-headers: Content-Type
cache-control: public, max-age=300
x-goog-stored-content-length: 55752
accept-ranges: bytes
expires: Sat, 01 Oct 2022 13:43:25 GMT

GET
H2 200 avpb7.12.0a0.js Show response
player.aniview.com/script/6.1/libs/prebid/ Frame 913F 70 KB
24 KB 22ms
21ms Script
application/javascript 2a02:26f0:10e:29b::2c79
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://player.aniview.com/script/6.1/libs/prebid/avpb7.12.0a0.js
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=5e5bd02728a06124e30d85c3
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2a02:26f0:10e:29b::2c79 Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: UploadServer /
Resource Hash: 88512810d8338e837273ffd5f6e896fac568468af72ad38192cd16b0b5408f52

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Sat, 01 Oct 2022 13:38:25 GMT
content-encoding: gzip
x-guploader-uploadid: ADPycdsV5NZel9SG81P3mm9tGGz7USQFm0Ar4CnVsFYFVa6Il_eTZ1M02Du4Noembjf5HK2uVpZftGOsBM-1BgsuCPCM7Q
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
content-length: 23786
last-modified: Thu, 22 Sep 2022 10:35:02 GMT
server: UploadServer
etag: "b45baf218cc998a9875aeed985913ffc"
vary: Accept-Encoding
x-goog-generation: 1663842902483554
x-goog-hash: crc32c=FyjiGw==, md5=tFuvIYzJmKmHWu7ZhZE//A==
access-control-allow-origin: *
access-control-expose-headers: Content-Type
cache-control: public, max-age=300
x-goog-stored-content-length: 23786
accept-ranges: bytes
content-type: application/javascript
expires: Sat, 01 Oct 2022 13:43:25 GMT

GET
H2 200 avpb7.12.0a1.js Show response
player.aniview.com/script/6.1/libs/prebid/ Frame 913F 62 KB
21 KB 22ms
22ms Script
application/javascript 2a02:26f0:10e:29b::2c79
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://player.aniview.com/script/6.1/libs/prebid/avpb7.12.0a1.js
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=5e5bd02728a06124e30d85c3
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2a02:26f0:10e:29b::2c79 Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: UploadServer /
Resource Hash: 255eef079d3f18e253c2b3288b4ed0d621b1266c2845679b66af9db6d8faea2e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Sat, 01 Oct 2022 13:38:25 GMT
content-encoding: gzip
x-guploader-uploadid: ADPycdtk35PcAkoiFBqaFuAS23MfWpTEp8tZP9oLuRnnofWZSWxnzXlCMHVK7ScJH4mTDsvKhJFzTFM4L8j4EoZQQsLOzQ
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
content-length: 20450
last-modified: Thu, 22 Sep 2022 10:35:02 GMT
server: UploadServer
etag: "1b4766e0324b00513af07d0731e996b7"
vary: Accept-Encoding
x-goog-generation: 1663842902531685
x-goog-hash: crc32c=VcLHxw==, md5=G0dm4DJLAFE68H0HMemWtw==
access-control-allow-origin: *
access-control-expose-headers: Content-Type
cache-control: public, max-age=300
x-goog-stored-content-length: 20450
accept-ranges: bytes
content-type: application/javascript
expires: Sat, 01 Oct 2022 13:43:25 GMT

GET
H2 200 avpb7.12.0a3.js Show response
player.aniview.com/script/6.1/libs/prebid/ Frame 913F 62 KB
20 KB 23ms
23ms Script
application/javascript 2a02:26f0:10e:29b::2c79
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://player.aniview.com/script/6.1/libs/prebid/avpb7.12.0a3.js
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=5e5bd02728a06124e30d85c3
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2a02:26f0:10e:29b::2c79 Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: UploadServer /
Resource Hash: 0688c689d53abf96083b536daceff19a6e0d73b041089128cdd65e01b4f93aa7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Sat, 01 Oct 2022 13:38:25 GMT
content-encoding: gzip
x-guploader-uploadid: ADPycdvT1xuwzFoc6hy49BiCuQBU8mikaZe72rRkMLprvU_SyNYRlMsLn4BKGKfpg22OTw61npR75jp3eg_Zh4AgggoYFQ
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
content-length: 19946
last-modified: Thu, 22 Sep 2022 10:35:02 GMT
server: UploadServer
etag: "429da441cdf3ad7efeffd1db9edca615"
vary: Accept-Encoding
x-goog-generation: 1663842902580838
content-type: application/javascript
access-control-allow-origin: *
x-goog-hash: crc32c=aaVRzw==, md5=Qp2kQc3zrX7+/9HbntymFQ==
access-control-expose-headers: Content-Type
cache-control: public, max-age=300
x-goog-stored-content-length: 19946
accept-ranges: bytes
expires: Sat, 01 Oct 2022 13:43:25 GMT

GET
H2 200 adServe.do Show response
web.ssp.yahoo.com/admax/ 240 B
546 B 227ms
86ms Fetch
text/xml 35.157.246.167

General

Check archive.org

Show headers Download Go to

Full URL: https://web.ssp.yahoo.com/admax/adServe.do?dcn=8a969558018080038b3c07fe379f0081&pos=8a969558018080038b3c07ff3c3d0083&secure=1&euconsent=&gdpr=1&us_privacy=1---&d(id24)=&ht=225&wd=400&reserve=4.8&req(url)=123greetings.com&schain=1.0,1!avantisvideo.com,8079,1,,,!aniview.com,59918a0e073ef4782e4e347f,1,,,&cbb=4631505602&imp_id=62f7ccd4-607e-4315-a8df-69a7c83fb8eb
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=5e5bd02728a06124e30d85c3
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 35.157.246.167 -, , ASN (),
Reverse DNS
Software: ATS/9.1.10.25 /
Resource Hash: 1dbfeb07cd50a1857b9576b5415f8a4c6ef010279666f39448fa0aa125d433b7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 01 Oct 2022 13:38:25 GMT
server: ATS/9.1.10.25
age: 0
access-control-allow-methods: GET,POST
content-type: text/xml;charset=utf-8
access-control-allow-origin: https://www.123greetings.com
access-control-expose-headers: X-Nexage-AdTid
cache-control: no-store, no-cache, must-revalidate, max-age=0, no-transform, post-check=0, pre-check=0
access-control-allow-credentials: true
content-length: 240
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK ptv Show response
ib.adnxs.com/ 27 B
880 B 9ms
8ms Fetch
application/xml 37.252.172.250
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ptv?id=19012622&referrer=https%3A%2F%2Fwww.123greetings.com%2Fevents%2Fnational_day_china%2F%3Futm_source&us_privacy=1---&cbb=4631505604&imp_id=62f7ccd4-607e-4315-a8df-69a7c83fb8eb

Requested by

Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=5e5bd02728a06124e30d85c3

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.172.250 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

538.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

a71702232a771b558b12f8c0012a15f5652b500fd2e33464d283406cee36754d

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 01 Oct 2022 13:38:25 GMT
AN-X-Request-Uuid: f39c6ba2-a2b6-4650-ab45-18fc12536097
Server: nginx/1.21.3
Content-Type: application/xml; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.123greetings.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 178.162.209.140; 178.162.209.140; 538.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 27
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK sync
x.bidswitch.net/ 43 B
220 B 9ms
8ms Image
image/gif 3.122.20.151
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://x.bidswitch.net/sync?ssp=&user_id=1664631505489-919491282646-005900-003-004066&gdpr=1&gdpr_consent=&us_privacy=1---
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.122.20.151 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-122-20-151.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Date: Sat, 01 Oct 2022 13:38:25 GMT
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif

GET
H/1.1 200
OK https%3A%2F%2Fsync.aniview.com%2Fcookiesyncendpoint%3Fauid%3D1664631505489-919491282646-005900-003-004066%26biddername%3D24%26pid%3D59c9148628a0612da3689288%26key%3D%24%7BBSW_UUID%7D
x.bidswitch.net/check_uuid/ 43 B
220 B 9ms
9ms Image
image/gif 3.122.20.151
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://x.bidswitch.net/check_uuid/https%3A%2F%2Fsync.aniview.com%2Fcookiesyncendpoint%3Fauid%3D1664631505489-919491282646-005900-003-004066%26biddername%3D24%26pid%3D59c9148628a0612da3689288%26key%3D%24%7BBSW_UUID%7D?gdpr=1&gdpr_consent=&us_privacy=1---
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.122.20.151 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-122-20-151.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Date: Sat, 01 Oct 2022 13:38:25 GMT
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif

GET
H2 200 track
track1.aniview.com/ 0
70 B 94ms
93ms Image
text/plain 34.226.74.25

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track1.aniview.com/track?d=Chrome&cou=DE&cos=Windows&r=www.123greetings.com&rs=www.123greetings.com&sid=6859&t=1664631505&cip=178.162.209.140&sn=eoct_nationalday_china_remail&tgt=0&osv=10&bv=106.0&brn=Chrome&wi=400&he=225&app=&AV_PUBLISHERID=5e5bd02728a06124e30d85c3&test=&aafaid=&proto=https&uid=1664631505489-919491282646-005900-003-004066&cha=0.7&stagid=&stplid=&d35=&d36=6.2.56&cb=20166914944&d39=&d65=&apppkg=&d9=1000&AV_WIDTH=400&AV_HEIGHT=225&&ppid=5e5bd02728a06124e30d85c3&nid=59918a0e073ef4782e4e347f&pcid=5e5bd1f528a0610dd725f7d8&ncid=5e8b3e740cd6ad6132403f66&pasid=5e8b42ae145a8138e61d4a85&e=request&cb=1664631505605&asid=60e594da4123720f2e250d24%2C6102687900a33569ec0d3097%2C628b7da850e97943a83f7d3b%2C626a7b5c1576bc4c20574e49%2C62d3f4e0d8665b0ec66c9327%2C62b86e392f65d47a516f6f3b%2C5e9030afdc817965520eb855%2C626a7b7bc98a5f17f9370c17%2C6114f48c04b3691b08691b7c%2C6114f476dd0eb2621e735342&ofpr=%2C%2C1.3%2C0.35%2C0.2%2C0.2%2C%2C0.15%2C0.13%2C0.12&fpo=%2C%2C%2C%2C%2C%2C%2C%2C%2C
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.226.74.25 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Sat, 01 Oct 2022 13:38:25 GMT
cache-control: max-age=0, no-cache, no-store
content-length: 0

GET
H2 200 track
track1.aniview.com/ 0
70 B 91ms
91ms Image
text/plain 34.226.74.25

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track1.aniview.com/track?d=Chrome&cou=DE&cos=Windows&r=www.123greetings.com&rs=www.123greetings.com&sid=6859&t=1664631505&cip=178.162.209.140&sn=eoct_nationalday_china_remail&tgt=0&osv=10&bv=106.0&brn=Chrome&wi=400&he=225&app=&AV_PUBLISHERID=5e5bd02728a06124e30d85c3&test=&aafaid=&proto=https&uid=1664631505489-919491282646-005900-003-004066&cha=0.7&stagid=&stplid=&d35=&d36=6.2.56&cb=20166914944&d39=&d65=&apppkg=&d9=1000&AV_WIDTH=400&AV_HEIGHT=225&&copid=59918a0e073ef4782e4e347f&nid=59c9148628a0612da3689288&cocid=5e8b3e740cd6ad6132403f66&ncid=6252cd490f4ad400b27f24ae&coasid=628cec03ef40666330025114&e=request&cb=1664631505605&asid=62b1a8beecf705053613baa5%2C6250243f0f4db040a1785fc9%2C62a704a4e22df13bef59f407%2C6252c41a4d38992da0433725%2C6252bf57e35a4e32222ec526&ofpr=%2C5%2C%2C4%2C4&fpo=%2C%2C%2C%2C
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.226.74.25 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Sat, 01 Oct 2022 13:38:25 GMT
cache-control: max-age=0, no-cache, no-store
content-length: 0

GET
H2 200 avpb7.12.0.js Show response
player.aniview.com/script/6.1/ab5/libs/prebid/ Frame D12A 174 KB
55 KB 19ms
18ms Script
application/javascript 2a02:26f0:10e:29b::2c79
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://player.aniview.com/script/6.1/ab5/libs/prebid/avpb7.12.0.js
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/ab5/AVmanager.js?v=1.0&type=s&pid=5e5bd02728a06124e30d85c3
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2a02:26f0:10e:29b::2c79 Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: UploadServer /
Resource Hash: 02fc09dfabfbab52f8760422f0e2f1d8a5009cfee409e7e03effdc567579f681

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Sat, 01 Oct 2022 13:38:25 GMT
content-encoding: gzip
x-guploader-uploadid: ADPycdu84cu5pp8EqYCAUPeCT_SDHx-yh54_5XE60JVoKiAYt4xwrozjCCqvXjot_JPdNNUQqy8wv2ugy5PSdg3BrBK0X-19brcv
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
content-length: 55752
last-modified: Thu, 22 Sep 2022 10:35:02 GMT
server: UploadServer
etag: "8362633e131af8e1443e5002f9e5de51"
vary: Accept-Encoding
x-goog-generation: 1663842902070487
content-type: application/javascript
access-control-allow-origin: *
x-goog-hash: crc32c=rUli8g==, md5=g2JjPhMa+OFEPlAC+eXeUQ==
access-control-expose-headers: Content-Type
cache-control: public, max-age=300
x-goog-stored-content-length: 55752
accept-ranges: bytes
expires: Sat, 01 Oct 2022 13:43:25 GMT

GET
H2 200 avpb7.12.0a0.js Show response
player.aniview.com/script/6.1/ab5/libs/prebid/ Frame D12A 70 KB
24 KB 21ms
21ms Script
application/javascript 2a02:26f0:10e:29b::2c79
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://player.aniview.com/script/6.1/ab5/libs/prebid/avpb7.12.0a0.js
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/ab5/AVmanager.js?v=1.0&type=s&pid=5e5bd02728a06124e30d85c3
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2a02:26f0:10e:29b::2c79 Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: UploadServer /
Resource Hash: 88512810d8338e837273ffd5f6e896fac568468af72ad38192cd16b0b5408f52

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Sat, 01 Oct 2022 13:38:25 GMT
content-encoding: gzip
x-guploader-uploadid: ADPycdtfJU56FkwF5seXSKMn3ZpOYXmEzXzQy6iwrnV9An0EyDxc7S-DFMMCqP-kuhFnbkFDLUBD5GpK8Wex_pzctaHm9Q
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
content-length: 23786
last-modified: Thu, 22 Sep 2022 10:35:02 GMT
server: UploadServer
etag: "d16ab5d4c4bf6042d259af6c62c03240"
vary: Accept-Encoding
x-goog-generation: 1663842902079311
content-type: application/javascript
access-control-allow-origin: *
x-goog-hash: crc32c=EWy2sg==, md5=0Wq11MS/YELSWa9sYsAyQA==
access-control-expose-headers: Content-Type
cache-control: public, max-age=300
x-goog-stored-content-length: 23786
accept-ranges: bytes
expires: Sat, 01 Oct 2022 13:43:25 GMT

GET
H2 200 avpb7.12.0a1.js Show response
player.aniview.com/script/6.1/ab5/libs/prebid/ Frame D12A 62 KB
21 KB 22ms
22ms Script
application/javascript 2a02:26f0:10e:29b::2c79
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://player.aniview.com/script/6.1/ab5/libs/prebid/avpb7.12.0a1.js
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/ab5/AVmanager.js?v=1.0&type=s&pid=5e5bd02728a06124e30d85c3
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2a02:26f0:10e:29b::2c79 Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: UploadServer /
Resource Hash: 255eef079d3f18e253c2b3288b4ed0d621b1266c2845679b66af9db6d8faea2e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Sat, 01 Oct 2022 13:38:25 GMT
content-encoding: gzip
x-guploader-uploadid: ADPycdumW0fLaDWUwy-o2z69guOVrLMzJSHvGnItEfwNgAP4d1GyiHsuJkeIwYEeA8nGHcVrKoebo6p8bG7sDPIX4BzxCg
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
content-length: 20450
last-modified: Thu, 22 Sep 2022 10:35:02 GMT
server: UploadServer
etag: "ef1b4aa16754d211316d4f3c0d868564"
vary: Accept-Encoding
x-goog-generation: 1663842902114750
x-goog-hash: crc32c=isSWtg==, md5=7xtKoWdU0hExbU88DYaFZA==
access-control-allow-origin: *
access-control-expose-headers: Content-Type
cache-control: public, max-age=300
x-goog-stored-content-length: 20450
accept-ranges: bytes
content-type: application/javascript
expires: Sat, 01 Oct 2022 13:43:25 GMT

GET
H2 200 avpb7.12.0a3.js Show response
player.aniview.com/script/6.1/ab5/libs/prebid/ Frame D12A 62 KB
20 KB 23ms
23ms Script
application/javascript 2a02:26f0:10e:29b::2c79
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://player.aniview.com/script/6.1/ab5/libs/prebid/avpb7.12.0a3.js
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/ab5/AVmanager.js?v=1.0&type=s&pid=5e5bd02728a06124e30d85c3
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2a02:26f0:10e:29b::2c79 Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: UploadServer /
Resource Hash: 0688c689d53abf96083b536daceff19a6e0d73b041089128cdd65e01b4f93aa7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Sat, 01 Oct 2022 13:38:25 GMT
content-encoding: gzip
x-guploader-uploadid: ADPycdvU71YeG7XTTF5Nj59AVoWv5BsDEU8iaFNMdcd2lyOR0PjL_MfV7zjFh_vMRfuZJh6IB4DeS3Z59MhQ8IwjDMGxrQ
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
content-length: 19946
last-modified: Thu, 22 Sep 2022 10:35:02 GMT
server: UploadServer
etag: "8b51d71733df06757c38a72da7c80131"
vary: Accept-Encoding
x-goog-generation: 1663842902082628
content-type: application/javascript
access-control-allow-origin: *
x-goog-hash: crc32c=YTfT4g==, md5=i1HXFzPfBnV8OKctp8gBMQ==
access-control-expose-headers: Content-Type
cache-control: public, max-age=300
x-goog-stored-content-length: 19946
accept-ranges: bytes
expires: Sat, 01 Oct 2022 13:43:25 GMT

GET
H2 200 adServe.do Show response
web.ssp.yahoo.com/admax/ 240 B
276 B 158ms
101ms Fetch
text/xml 35.157.246.167

General

Check archive.org

Show headers Download Go to

Full URL: https://web.ssp.yahoo.com/admax/adServe.do?dcn=8a969558018080038b3c07fe379f0081&pos=8a969558018080038b3c07ff3c3d0083&secure=1&euconsent=&gdpr=1&us_privacy=1---&d(id24)=&ht=338&wd=600&reserve=4.8&req(url)=123greetings.com&schain=1.0,1!avantisvideo.com,8079,1,,,!aniview.com,59918a0e073ef4782e4e347f,1,,,&cbb=4631505687&imp_id=4f477608-de92-49c8-a387-50a2ac5e4a55
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/ab5/AVmanager.js?v=1.0&type=s&pid=5e5bd02728a06124e30d85c3
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 35.157.246.167 -, , ASN (),
Reverse DNS
Software: ATS/9.1.10.25 /
Resource Hash: 1dbfeb07cd50a1857b9576b5415f8a4c6ef010279666f39448fa0aa125d433b7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 01 Oct 2022 13:38:25 GMT
server: ATS/9.1.10.25
age: 0
access-control-allow-methods: GET,POST
content-type: text/xml;charset=utf-8
access-control-allow-origin: https://www.123greetings.com
access-control-expose-headers: X-Nexage-AdTid
cache-control: no-store, no-cache, must-revalidate, max-age=0, no-transform, post-check=0, pre-check=0
access-control-allow-credentials: true
content-length: 240
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK ptv Show response
ib.adnxs.com/ 85 B
1 KB 137ms
137ms Fetch
application/xml 37.252.172.250
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/ab5/AVmanager.js?v=1.0&type=s&pid=5e5bd02728a06124e30d85c3

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.172.250 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

538.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

b2effcb18f514a7896e737bdda537f2ef3b5bb989eb247f4ab2aa3facf1148ea

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 01 Oct 2022 13:38:25 GMT
AN-X-Request-Uuid: 5240066a-e920-4bfb-954d-795ce3b82324
Server: nginx/1.21.3
Content-Type: application/xml; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.123greetings.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 178.162.209.140; 178.162.209.140; 538.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 85
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 track
track1.aniview.com/ 0
70 B 95ms
95ms Image
text/plain 34.226.74.25

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track1.aniview.com/track?d=Chrome&cou=DE&cos=Windows&r=www.123greetings.com&rs=www.123greetings.com&sid=18133&t=1664631505&cip=178.162.209.140&sn=eoct_nationalday_china_remail&tgt=0&osv=10&bv=106.0&brn=Chrome&wi=600&he=338&app=&AV_PUBLISHERID=5e5bd02728a06124e30d85c3&test=5&aafaid=&proto=https&uid=1664631505492-989815282646-008789-007-003389&cha=0.7&stagid=&stplid=&d35=&d36=6.2.56&cb=67327907007&d39=&d65=&apppkg=&d9=1000&AV_WIDTH=600&AV_HEIGHT=338&&ppid=5e5bd02728a06124e30d85c3&nid=59918a0e073ef4782e4e347f&pcid=5ec3e3871f5e5c792c20f9f7&ncid=5e8b3e740cd6ad6132403f66&pasid=5e8b42ae145a8138e61d4a85&e=request&cb=1664631505689&asid=6102687900a33569ec0d3097%2C60e594da4123720f2e250d24%2C628b7da850e97943a83f7d3b%2C626a7b5c1576bc4c20574e49%2C62b86e392f65d47a516f6f3b%2C62d3f4e0d8665b0ec66c9327%2C5e9030afdc817965520eb855%2C626a7b7bc98a5f17f9370c17%2C6114f48c04b3691b08691b7c%2C6114f476dd0eb2621e735342&ofpr=%2C%2C1.3%2C0.35%2C0.2%2C0.2%2C%2C0.15%2C0.13%2C0.12&fpo=%2C%2C%2C%2C%2C%2C%2C%2C%2C
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.226.74.25 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Sat, 01 Oct 2022 13:38:25 GMT
cache-control: max-age=0, no-cache, no-store
content-length: 0

GET
H2 200 track
track1.aniview.com/ 0
70 B 92ms
92ms Image
text/plain 34.226.74.25

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track1.aniview.com/track?d=Chrome&cou=DE&cos=Windows&r=www.123greetings.com&rs=www.123greetings.com&sid=18133&t=1664631505&cip=178.162.209.140&sn=eoct_nationalday_china_remail&tgt=0&osv=10&bv=106.0&brn=Chrome&wi=600&he=338&app=&AV_PUBLISHERID=5e5bd02728a06124e30d85c3&test=5&aafaid=&proto=https&uid=1664631505492-989815282646-008789-007-003389&cha=0.7&stagid=&stplid=&d35=&d36=6.2.56&cb=67327907007&d39=&d65=&apppkg=&d9=1000&AV_WIDTH=600&AV_HEIGHT=338&&copid=59918a0e073ef4782e4e347f&nid=59c9148628a0612da3689288&cocid=5e8b3e740cd6ad6132403f66&ncid=6252cd490f4ad400b27f24ae&coasid=628cec03ef40666330025114&e=request&cb=1664631505689&asid=62b1a8beecf705053613baa5%2C6250243f0f4db040a1785fc9%2C62a704a4e22df13bef59f407%2C6252bf57e35a4e32222ec526%2C6252c41a4d38992da0433725&ofpr=%2C5%2C%2C4%2C4&fpo=%2C%2C%2C%2C
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.226.74.25 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Sat, 01 Oct 2022 13:38:25 GMT
cache-control: max-age=0, no-cache, no-store
content-length: 0

OPTIONS
H2 200 PBJS
c2shb.pubgw.yahoo.com/admax/bid/partners/ Frame 0
0 197ms
8ms Preflight 52.28.203.152

General

Check archive.org

Show headers Download Go to

Full URL: https://c2shb.pubgw.yahoo.com/admax/bid/partners/PBJS
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 52.28.203.152 -, , ASN (),
Reverse DNS
Software: ATS/9.1.10.25 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,x-openrtb-version
Access-Control-Request-Method: POST
Origin: https://www.123greetings.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: X-Requested-With,Content-Type,X-Openrtb-Version
access-control-allow-methods: GET,POST,OPTIONS
access-control-allow-origin: https://www.123greetings.com
access-control-max-age: 600
age: 0
content-length: 0
date: Sat, 01 Oct 2022 13:38:25 GMT
server: ATS/9.1.10.25

POST
H2 200 auction Show response
prebid-server.rubiconproject.com/openrtb2/ 186 B
414 B 103ms
12ms XHR
application/json 18.194.34.97

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-server.rubiconproject.com/openrtb2/auction
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/libs/prebid/avpb7.12.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.194.34.97 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c010aa85c358792618bfe13d05db1f07400723e707781a4f5883de34c4fbf44a

Request headers

Referer: https://www.123greetings.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sat, 01 Oct 2022 13:38:25 GMT
content-encoding: gzip
x-prebid: pbs-java/1.100.0
content-type: application/json
access-control-allow-origin: https://www.123greetings.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-length: 175
expires: 0

GET
H2 200 pbjs Show response
htlb.casalemedia.com/openrtb/ 36 B
565 B 129ms
97ms XHR
application/json 104.18.19.126
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://htlb.casalemedia.com/openrtb/pbjs?s=512884&v=8.1&ac=j&sd=1&nf=1&r=%7B%22id%22%3A%223f09fc1786510b%22%2C%22site%22%3A%7B%22ref%22%3A%22https%3A%2F%2Fwww.123greetings.com%2Fevents%2Fnational_day_china%2F%3Futm_source%3Deoct_nationalday_china_remail%22%2C%22page%22%3A%22https%3A%2F%2Fwww.123greetings.com%2Fevents%2Fnational_day_china%2F%3Futm_source%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%2C%22ixdiag%22%3A%7B%22msd%22%3A0%2C%22msi%22%3A0%2C%22mfu%22%3A0%2C%22bu%22%3A0%2C%22iu%22%3A0%2C%22nu%22%3A0%2C%22ou%22%3A1%2C%22allu%22%3A1%2C%22ren%22%3Atrue%2C%22version%22%3A%227.12.0%22%2C%22userIds%22%3A%5B%5D%2C%22url%22%3A%22https%3A%2F%2Fwww.123greetings.com%2Fevents%2Fnational_day_china%2F%22%2C%22tmax%22%3A8000%2C%22syncsPerBidder%22%3A5%2C%22adunitcode%22%3A%225e8b42ae145a8138e61d4a85%7C6114f476dd0eb2621e735342%22%7D%7D%2C%22imp%22%3A%5B%7B%22id%22%3A%2243a2e9f6eb6e74%22%2C%22ext%22%3A%7B%22siteID%22%3A%22512884%22%2C%22tid%22%3A%22e05ab9ad-1845-49b6-9342-23ef0ccd0788%22%2C%22fl%22%3A%22p%22%7D%2C%22video%22%3A%7B%22mimes%22%3A%5B%22video%2Fmp4%22%2C%22video%2Fwebm%22%2C%22application%2Fjavascript%22%5D%2C%22minduration%22%3A1%2C%22maxduration%22%3A60%2C%22api%22%3A%5B2%5D%2C%22protocols%22%3A%5B2%2C3%2C5%2C6%5D%2C%22playerSize%22%3A%5B%5B400%2C225%5D%5D%2C%22w%22%3A400%2C%22h%22%3A225%2C%22placement%22%3A4%7D%2C%22bidfloor%22%3A0.12%2C%22bidfloorcur%22%3A%22USD%22%7D%5D%2C%22at%22%3A1%2C%22source%22%3A%7B%22ext%22%3A%7B%22schain%22%3A%7B%22complete%22%3A1%2C%22ver%22%3A%221.0%22%2C%22nodes%22%3A%5B%7B%22hp%22%3A1%2C%22asi%22%3A%22avantisvideo.com%22%2C%22sid%22%3A%228079%22%7D%5D%7D%7D%7D%7D
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/libs/prebid/avpb7.12.0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.19.126 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d0c4d59afad964c72f798b5320db4f59a8bb2e618f6c168ddf3a52f798faa2c5

Request headers

Referer: https://www.123greetings.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sat, 01 Oct 2022 13:38:25 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YR2J3FJ5vKutzKcMMuz7s4PrmOJfJSDSwG7sGN5byAX9C9WEIz7m9ariFTLfAuxvOg89i3g6FKakxWGdSDDtnmE2V45QrrbL03cjTDAZfko4dZkauOsUrKy4JGQJ%2BI4D6kKteNLK"}],"group":"cf-nel","max_age":604800}
content-type: application/json
access-control-allow-origin: https://www.123greetings.com
cache-control: no-cache
access-control-allow-credentials: true
cf-ray: 7535993f6d449957-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 36
expires: 0

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 138 B
993 B 7ms
7ms XHR
application/json 37.252.172.250
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/libs/prebid/avpb7.12.0.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.172.250 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

538.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

d7aa0dc69254afff4dd07264d4746a5f687b43af909092932177d928fe206fbd

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.123greetings.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Sat, 01 Oct 2022 13:38:25 GMT
AN-X-Request-Uuid: b1e3a8d2-42d7-4d90-8340-a927835228e3
Server: nginx/1.21.3
Content-Type: application/json; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.123greetings.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 178.162.209.140; 178.162.209.140; 538.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 138
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 403 tag Show response
p4dt2-ha1hf.ads.tremorhub.com/ad/ 949 B
1 KB 338ms
93ms XHR
text/html 2600:1f18:612b:4232:aab9:bdfe:4216:bd10

General

Check archive.org

Show headers Download Go to

Full URL: https://p4dt2-ha1hf.ads.tremorhub.com/ad/tag?adCode=p4dt2-3dhcf&playerWidth=400&playerHeight=225&srcPageUrl=https%3A%2F%2Fwww.123greetings.com%2Fevents%2Fnational_day_china%2F%3Futm_source%3Deoct_nationalday_china_remail&supplyCode=p4dt2-ha1hf&mediaId=VideoId&schain=1.0,1!avantisvideo.com,8079,1,,,!spotim.market,isp_avantis,1,,,&transactionId=9fc38dc5-3bc5-4506-b013-7569537a81f9&floor=USD:0.2&referrer=https%3A%2F%2Fwww.123greetings.com%2Fevents%2Fnational_day_china%2F%3Futm_source&hb=1&fmt=json
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/libs/prebid/avpb7.12.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:612b:4232:aab9:bdfe:4216:bd10 -, , ASN (),
Reverse DNS
Software: Apache-Coyote/1.1 /
Resource Hash: 9d60ac0d334c77a039cad6f125f940635ff0043a610271fc0729d61cc9546401

Request headers

Referer: https://www.123greetings.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
Content-Type: text/plain

Response headers

date: Sat, 01 Oct 2022 13:38:26 GMT
server: Apache-Coyote/1.1
p3p: CP='This is not a P3P policy. See https://telaria.com/privacy-policy/'
access-control-allow-origin: https://www.123greetings.com
content-type: text/html;charset=utf-8
access-control-allow-credentials: true
x-tremorvideo-status: REJECTED_BY_SEAT_QPS_LIMIT
content-language: en
content-length: 949

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ 0
63 B 103ms
17ms XHR
text/plain 198.47.127.22

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/libs/prebid/avpb7.12.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 198.47.127.22 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.123greetings.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://www.123greetings.com
date: Sat, 01 Oct 2022 13:38:24 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true

POST
H2 204 PBJS Show response
c2shb.pubgw.yahoo.com/admax/bid/partners/ 0
19 B 86ms
84ms XHR
text/plain 35.157.246.167

General

Check archive.org

Show headers Download Go to

Full URL: https://c2shb.pubgw.yahoo.com/admax/bid/partners/PBJS
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/libs/prebid/avpb7.12.0.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 35.157.246.167 -, , ASN (),
Reverse DNS
Software: ATS/9.1.10.25 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.123greetings.com/
x-openrtb-version: 2.5
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
Content-Type: application/json

Response headers

access-control-allow-origin: https://www.123greetings.com
date: Sat, 01 Oct 2022 13:38:26 GMT
access-control-allow-credentials: true
server: ATS/9.1.10.25
age: 0
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods: POST,GET,HEAD,OPTIONS

POST
H2 200 auction Show response
prebid-server.rubiconproject.com/openrtb2/ 186 B
414 B 101ms
19ms XHR
application/json 18.194.34.97

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-server.rubiconproject.com/openrtb2/auction
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/libs/prebid/avpb7.12.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.194.34.97 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a9ff0637968b9f798752ccacf1c56f22be78f1ea6668c2f3b15cdae375c52e1d

Request headers

Referer: https://www.123greetings.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sat, 01 Oct 2022 13:38:25 GMT
content-encoding: gzip
x-prebid: pbs-java/1.100.0
content-type: application/json
access-control-allow-origin: https://www.123greetings.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-length: 176
expires: 0

POST
H2 200 auction Show response
prebid-server.rubiconproject.com/openrtb2/ 186 B
414 B 99ms
18ms XHR
application/json 18.194.34.97

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-server.rubiconproject.com/openrtb2/auction
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/libs/prebid/avpb7.12.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.194.34.97 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ad034c8a7ccd7398466698490c8d5bbc8adf4cfd140e8bc38fe74cf9c23f4f7f

Request headers

Referer: https://www.123greetings.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sat, 01 Oct 2022 13:38:25 GMT
content-encoding: gzip
x-prebid: pbs-java/1.100.0
content-type: application/json
access-control-allow-origin: https://www.123greetings.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-length: 176
expires: 0

POST
H2 200 auction Show response
prebid-server.rubiconproject.com/openrtb2/ 184 B
411 B 100ms
20ms XHR
application/json 18.194.34.97

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-server.rubiconproject.com/openrtb2/auction
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/libs/prebid/avpb7.12.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.194.34.97 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5befd22dea8fd01a87889baa8bb4fb3fb5ebeb79e04172bb6c899c2ef1e84e6e

Request headers

Referer: https://www.123greetings.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sat, 01 Oct 2022 13:38:25 GMT
content-encoding: gzip
x-prebid: pbs-java/1.100.0
content-type: application/json
access-control-allow-origin: https://www.123greetings.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-length: 173
expires: 0

POST
H2 200 prebid-request Show response
onetag-sys.com/ 15 B
367 B 16ms
16ms XHR
application/json 51.89.9.252
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://onetag-sys.com/prebid-request

Requested by

Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/libs/prebid/avpb7.12.0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.89.9.252 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

ip252.ip-51-89-9.eu

Software

Resource Hash

663dab1310a7e64c3bdd7dfdc81b7fc9a28884d4ee290b96077c7b32bbe84707

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://www.123greetings.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
Content-Type: text/plain

Response headers

strict-transport-security: max-age=15552000
content-encoding: gzip
content-type: application/json
access-control-allow-origin: https://www.123greetings.com
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'
cache-control: no-transform, no-cache
access-control-allow-credentials: true
access-control-allow-headers: content-type, origin, referer, user-agent
content-length: 41

OPTIONS
H2 200 PBJS
c2shb.pubgw.yahoo.com/admax/bid/partners/ Frame 0
0 138ms
9ms Preflight 52.28.203.152

General

Check archive.org

Show headers Download Go to

Full URL: https://c2shb.pubgw.yahoo.com/admax/bid/partners/PBJS
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 52.28.203.152 -, , ASN (),
Reverse DNS
Software: ATS/9.1.10.25 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,x-openrtb-version
Access-Control-Request-Method: POST
Origin: https://www.123greetings.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: X-Requested-With,Content-Type,X-Openrtb-Version
access-control-allow-methods: GET,POST,OPTIONS
access-control-allow-origin: https://www.123greetings.com
access-control-max-age: 600
age: 0
content-length: 0
date: Sat, 01 Oct 2022 13:38:25 GMT
server: ATS/9.1.10.25

POST
H2 200 auction Show response
prebid-server.rubiconproject.com/openrtb2/ 186 B
414 B 44ms
17ms XHR
application/json 18.194.34.97

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-server.rubiconproject.com/openrtb2/auction
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/ab5/libs/prebid/avpb7.12.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.194.34.97 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b586bfdfea220fa6018be762909f8a1c161180cc8596ec51fb15a84ba6105886

Request headers

Referer: https://www.123greetings.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sat, 01 Oct 2022 13:38:25 GMT
content-encoding: gzip
x-prebid: pbs-java/1.100.0
content-type: application/json
access-control-allow-origin: https://www.123greetings.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-length: 176
expires: 0

GET
H2 403 tag Show response
p4dt2-ha1hf.ads.tremorhub.com/ad/ 949 B
1 KB 277ms
93ms XHR
text/html 2600:1f18:612b:4232:aab9:bdfe:4216:bd10

General

Check archive.org

Show headers Download Go to

Full URL: https://p4dt2-ha1hf.ads.tremorhub.com/ad/tag?adCode=p4dt2-3dhcf&playerWidth=600&playerHeight=338&srcPageUrl=https%3A%2F%2Fwww.123greetings.com%2Fevents%2Fnational_day_china%2F%3Futm_source%3Deoct_nationalday_china_remail&supplyCode=p4dt2-ha1hf&mediaId=VideoId&schain=1.0,1!avantisvideo.com,8079,1,,,!spotim.market,isp_avantis,1,,,&transactionId=bd1bfcdf-f652-463a-822a-87a602519666&floor=USD:0.2&referrer=https%3A%2F%2Fwww.123greetings.com%2Fevents%2Fnational_day_china%2F%3Futm_source&hb=1&fmt=json
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/ab5/libs/prebid/avpb7.12.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:612b:4232:aab9:bdfe:4216:bd10 -, , ASN (),
Reverse DNS
Software: Apache-Coyote/1.1 /
Resource Hash: 9d60ac0d334c77a039cad6f125f940635ff0043a610271fc0729d61cc9546401

Request headers

Referer: https://www.123greetings.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
Content-Type: text/plain

Response headers

date: Sat, 01 Oct 2022 13:38:26 GMT
server: Apache-Coyote/1.1
p3p: CP='This is not a P3P policy. See https://telaria.com/privacy-policy/'
access-control-allow-origin: https://www.123greetings.com
content-type: text/html;charset=utf-8
access-control-allow-credentials: true
x-tremorvideo-status: REJECTED_BY_SEAT_QPS_LIMIT
content-language: en
content-length: 949

POST
H2 204 PBJS Show response
c2shb.pubgw.yahoo.com/admax/bid/partners/ 0
133 B 84ms
84ms XHR
text/plain 35.157.246.167

General

Check archive.org

Show headers Download Go to

Full URL: https://c2shb.pubgw.yahoo.com/admax/bid/partners/PBJS
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/ab5/libs/prebid/avpb7.12.0.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 35.157.246.167 -, , ASN (),
Reverse DNS
Software: ATS/9.1.10.25 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.123greetings.com/
x-openrtb-version: 2.5
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
Content-Type: application/json

Response headers

access-control-allow-origin: https://www.123greetings.com
date: Sat, 01 Oct 2022 13:38:26 GMT
access-control-allow-credentials: true
server: ATS/9.1.10.25
age: 0
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods: POST,GET,HEAD,OPTIONS

POST
H2 200 auction Show response
prebid-server.rubiconproject.com/openrtb2/ 186 B
413 B 38ms
17ms XHR
application/json 18.194.34.97

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-server.rubiconproject.com/openrtb2/auction
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/ab5/libs/prebid/avpb7.12.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.194.34.97 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 44ca41a0a5e2e275d908271d8ff7c40491139df448d37e7cdbd8414f298443ac

Request headers

Referer: https://www.123greetings.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sat, 01 Oct 2022 13:38:25 GMT
content-encoding: gzip
x-prebid: pbs-java/1.100.0
content-type: application/json
access-control-allow-origin: https://www.123greetings.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-length: 175
expires: 0

POST
H2 200 auction Show response
prebid-server.rubiconproject.com/openrtb2/ 184 B
411 B 39ms
19ms XHR
application/json 18.194.34.97

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-server.rubiconproject.com/openrtb2/auction
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/ab5/libs/prebid/avpb7.12.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.194.34.97 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d5478dea9cf82b1e161f683fb088cf7c902c86b792759d651aedcbd52126461b

Request headers

Referer: https://www.123greetings.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sat, 01 Oct 2022 13:38:25 GMT
content-encoding: gzip
x-prebid: pbs-java/1.100.0
content-type: application/json
access-control-allow-origin: https://www.123greetings.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-length: 173
expires: 0

POST
H2 200 auction Show response
prebid-server.rubiconproject.com/openrtb2/ 186 B
413 B 36ms
18ms XHR
application/json 18.194.34.97

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-server.rubiconproject.com/openrtb2/auction
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/ab5/libs/prebid/avpb7.12.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.194.34.97 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a1b65667ab45703c44a92a12fe931840aba9bb9ab4efcdb8e61e00f48572d540

Request headers

Referer: https://www.123greetings.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sat, 01 Oct 2022 13:38:25 GMT
content-encoding: gzip
x-prebid: pbs-java/1.100.0
content-type: application/json
access-control-allow-origin: https://www.123greetings.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-length: 175
expires: 0

GET
H2 200 pbjs Show response
htlb.casalemedia.com/openrtb/ 37 B
309 B 96ms
95ms XHR
application/json 104.18.19.126
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://htlb.casalemedia.com/openrtb/pbjs?s=512884&v=8.1&ac=j&sd=1&nf=1&r=%7B%22id%22%3A%2213562763990d9ae%22%2C%22site%22%3A%7B%22ref%22%3A%22https%3A%2F%2Fwww.123greetings.com%2Fevents%2Fnational_day_china%2F%3Futm_source%3Deoct_nationalday_china_remail%22%2C%22page%22%3A%22https%3A%2F%2Fwww.123greetings.com%2Fevents%2Fnational_day_china%2F%3Futm_source%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%2C%22ixdiag%22%3A%7B%22msd%22%3A0%2C%22msi%22%3A0%2C%22mfu%22%3A0%2C%22bu%22%3A0%2C%22iu%22%3A0%2C%22nu%22%3A0%2C%22ou%22%3A1%2C%22allu%22%3A1%2C%22ren%22%3Atrue%2C%22version%22%3A%227.12.0%22%2C%22userIds%22%3A%5B%5D%2C%22url%22%3A%22https%3A%2F%2Fwww.123greetings.com%2Fevents%2Fnational_day_china%2F%22%2C%22tmax%22%3A8000%2C%22syncsPerBidder%22%3A5%2C%22adunitcode%22%3A%225e8b42ae145a8138e61d4a85%7C6114f476dd0eb2621e735342%22%7D%7D%2C%22imp%22%3A%5B%7B%22id%22%3A%22147535f59540012%22%2C%22ext%22%3A%7B%22siteID%22%3A%22512884%22%2C%22tid%22%3A%22f74bfdfd-6490-4cd6-973b-e5e632d34103%22%2C%22fl%22%3A%22p%22%7D%2C%22video%22%3A%7B%22mimes%22%3A%5B%22video%2Fmp4%22%2C%22video%2Fwebm%22%2C%22application%2Fjavascript%22%5D%2C%22minduration%22%3A1%2C%22maxduration%22%3A60%2C%22api%22%3A%5B2%5D%2C%22protocols%22%3A%5B2%2C3%2C5%2C6%5D%2C%22playerSize%22%3A%5B%5B600%2C338%5D%5D%2C%22w%22%3A600%2C%22h%22%3A338%2C%22placement%22%3A4%7D%2C%22bidfloor%22%3A0.12%2C%22bidfloorcur%22%3A%22USD%22%7D%5D%2C%22at%22%3A1%2C%22source%22%3A%7B%22ext%22%3A%7B%22schain%22%3A%7B%22nodes%22%3A%5B%7B%22sid%22%3A%228079%22%2C%22hp%22%3A1%2C%22asi%22%3A%22avantisvideo.com%22%7D%5D%2C%22complete%22%3A1%2C%22ver%22%3A%221.0%22%7D%7D%7D%7D
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/ab5/libs/prebid/avpb7.12.0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.19.126 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1ae123c244a4576989f6c0b8177bf76676c4612e76af2940f6e77f5c8111580

Request headers

Referer: https://www.123greetings.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sat, 01 Oct 2022 13:38:25 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zlzCL5qDUTb4wFeHs0EO3x5g4a7CG2aYqYiKD9jB9c6yDG1AnjIrTOgVLtWM6q7jNUXnpz0anUbp%2BI5tuojfuGMJ3axc5DItRL%2B3i10IMcdyHBWZgccWb1nHReOmz4fRes9OdAZT"}],"group":"cf-nel","max_age":604800}
content-type: application/json
access-control-allow-origin: https://www.123greetings.com
cache-control: no-cache
access-control-allow-credentials: true
cf-ray: 7535993fadc29957-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 37
expires: 0

POST
H2 200 prebid-request Show response
onetag-sys.com/ 15 B
367 B 16ms
15ms XHR
application/json 51.89.9.252
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://onetag-sys.com/prebid-request

Requested by

Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/ab5/libs/prebid/avpb7.12.0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.89.9.252 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

ip252.ip-51-89-9.eu

Software

Resource Hash

663dab1310a7e64c3bdd7dfdc81b7fc9a28884d4ee290b96077c7b32bbe84707

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://www.123greetings.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
Content-Type: text/plain

Response headers

strict-transport-security: max-age=15552000
content-encoding: gzip
content-type: application/json
access-control-allow-origin: https://www.123greetings.com
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'
cache-control: no-transform, no-cache
access-control-allow-credentials: true
access-control-allow-headers: content-type, origin, referer, user-agent
content-length: 41

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ 0
119 B 26ms
15ms XHR
text/plain 198.47.127.22

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/ab5/libs/prebid/avpb7.12.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 198.47.127.22 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.123greetings.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://www.123greetings.com
date: Sat, 01 Oct 2022 13:38:25 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 145 B
1 KB 145ms
145ms XHR
application/json 37.252.172.250
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/ab5/libs/prebid/avpb7.12.0.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.172.250 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

538.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

8f7c697d1254368ab61d2623d6787b075e15b45a2065f78a19e00f0c59295831

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.123greetings.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Sat, 01 Oct 2022 13:38:26 GMT
AN-X-Request-Uuid: 84f22b57-99b0-4463-a852-f4b34473888f
Server: nginx/1.21.3
Content-Type: application/json; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.123greetings.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 178.162.209.140; 178.162.209.140; 538.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 145
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 MazdaType-Regular.woff2
assets.euw1.jivox.com/widgets/2022/9/a72798z63243e4fb4f84/1/300x250/fonts/MazdaTypeRegular/ Frame 3B08 26 KB
26 KB 165ms
165ms Font
application/octet-stream 52.85.24.95
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.euw1.jivox.com/widgets/2022/9/a72798z63243e4fb4f84/1/300x250/fonts/MazdaTypeRegular/MazdaType-Regular.woff2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.85.24.95 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-85-24-95.cpt52.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 04044f475eb29011291b64adae97d21de0cc6204463562500d98e7552454fabd

Request headers

Referer: https://as.euw1.jivox.com/
Origin: https://as.euw1.jivox.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

x-amz-version-id: null
date: Sat, 01 Oct 2022 05:49:49 GMT
via: 1.1 c6af59b17d8f953c3a5592e894fe69b4.cloudfront.net (CloudFront)
x-amz-cf-pop: CPT52-C1
age: 28117
x-cache: Hit from cloudfront
content-length: 26212
last-modified: Fri, 16 Sep 2022 09:13:53 GMT
server: AmazonS3
etag: "0435c128bf57231c4b9f022807ff1167"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: max-age=86400, s-maxage=86400
vary: Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
accept-ranges: bytes
x-amz-cf-id: 8ztEXUngkPzm7D5BeKsDz5yQAbeNCHQardm2ves1Hij15nYz5IgTjw==

POST
H2 200 all
csm.eu.criteo.net/ Frame C3C4 0
127 B 14ms
14ms Ping
text/plain 178.250.2.150
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.150 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Sat, 01 Oct 2022 13:38:25 GMT
strict-transport-security: max-age=31536000; preload;
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0

GET
H2 200 PugMaster Show response
image6.pubmatic.com/AdServer/ Frame D862 0
39 B 23ms
22ms Script
text/plain 185.64.190.78
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=73402379&p=160993&s=0&a=0&ptask=ALL&np=0&fp=0&rp=0&mpc=0&spug=1&coppa=0&gdpr=1&gdpr_consent=&us_privacy=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=160993&gdpr=1&gdpr_consent=&predirect=https%3A%2F%2Fsync.aniview.com%2Fcookiesyncendpoint%3Fauid%3D1664631505489-919491282646-005900-003-004066%26biddername%3D1%26key%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.78 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Sat, 01 Oct 2022 13:38:25 GMT
content-length: 0

GET
H2 200 track
track1.aniview.com/ 0
70 B 95ms
94ms Image
text/plain 34.226.74.25

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track1.aniview.com/track?d=Chrome&cou=DE&cos=Windows&r=www.123greetings.com&rs=www.123greetings.com&sid=18133&t=1664631505&cip=178.162.209.140&sn=eoct_nationalday_china_remail&tgt=0&osv=10&bv=106.0&brn=Chrome&wi=600&he=338&app=&AV_PUBLISHERID=5e5bd02728a06124e30d85c3&test=5&aafaid=&proto=https&uid=1664631505492-989815282646-008789-007-003389&cha=0.7&stagid=&stplid=&d35=&d36=6.2.56&cb=67327907007&d39=&d65=&apppkg=&d9=1000&AV_WIDTH=600&AV_HEIGHT=338&&ppid=5e5bd02728a06124e30d85c3&nid=59918a0e073ef4782e4e347f&pcid=5ec3e3871f5e5c792c20f9f7&ncid=5e8b3e740cd6ad6132403f66&pasid=5e8b42ae145a8138e61d4a85&e=bid&cb=1664631506169&asid=6102687900a33569ec0d3097%2C60e594da4123720f2e250d24&ofpr=%2C&fpo=%2C
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.226.74.25 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Sat, 01 Oct 2022 13:38:26 GMT
cache-control: max-age=0, no-cache, no-store
content-length: 0

GET
H2 200 track
track1.aniview.com/ 0
70 B 93ms
93ms Image
text/plain 34.226.74.25

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track1.aniview.com/track?d=Chrome&cou=DE&cos=Windows&r=www.123greetings.com&rs=www.123greetings.com&sid=18133&t=1664631505&cip=178.162.209.140&sn=eoct_nationalday_china_remail&tgt=0&osv=10&bv=106.0&brn=Chrome&wi=600&he=338&app=&AV_PUBLISHERID=5e5bd02728a06124e30d85c3&test=5&aafaid=&proto=https&uid=1664631505492-989815282646-008789-007-003389&cha=0.7&stagid=&stplid=&d35=&d36=6.2.56&cb=67327907007&d39=&d65=&apppkg=&d9=1000&AV_WIDTH=600&AV_HEIGHT=338&&copid=59918a0e073ef4782e4e347f&nid=59c9148628a0612da3689288&cocid=5e8b3e740cd6ad6132403f66&ncid=6252cd490f4ad400b27f24ae&coasid=628cec03ef40666330025114&e=bid&cb=1664631506169&asid=62b1a8beecf705053613baa5&ofpr=&fpo=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.226.74.25 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Sat, 01 Oct 2022 13:38:26 GMT
cache-control: max-age=0, no-cache, no-store
content-length: 0

GET
H2 200 track
track1.aniview.com/ 0
70 B 91ms
91ms Image
text/plain 34.226.74.25

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track1.aniview.com/track?d=Chrome&cou=DE&cos=Windows&r=www.123greetings.com&rs=www.123greetings.com&sid=6859&t=1664631505&cip=178.162.209.140&sn=eoct_nationalday_china_remail&tgt=0&osv=10&bv=106.0&brn=Chrome&wi=400&he=225&app=&AV_PUBLISHERID=5e5bd02728a06124e30d85c3&test=&aafaid=&proto=https&uid=1664631505489-919491282646-005900-003-004066&cha=0.7&stagid=&stplid=&d35=&d36=6.2.56&cb=20166914944&d39=&d65=&apppkg=&d9=1000&AV_WIDTH=400&AV_HEIGHT=225&&ppid=5e5bd02728a06124e30d85c3&nid=59918a0e073ef4782e4e347f&pcid=5e5bd1f528a0610dd725f7d8&ncid=5e8b3e740cd6ad6132403f66&pasid=5e8b42ae145a8138e61d4a85&e=bid&cb=1664631506203&asid=60e594da4123720f2e250d24%2C6102687900a33569ec0d3097&ofpr=%2C&fpo=%2C
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.226.74.25 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Sat, 01 Oct 2022 13:38:26 GMT
cache-control: max-age=0, no-cache, no-store
content-length: 0

GET
H2 200 track
track1.aniview.com/ 0
70 B 94ms
93ms Image
text/plain 34.226.74.25

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track1.aniview.com/track?d=Chrome&cou=DE&cos=Windows&r=www.123greetings.com&rs=www.123greetings.com&sid=6859&t=1664631505&cip=178.162.209.140&sn=eoct_nationalday_china_remail&tgt=0&osv=10&bv=106.0&brn=Chrome&wi=400&he=225&app=&AV_PUBLISHERID=5e5bd02728a06124e30d85c3&test=&aafaid=&proto=https&uid=1664631505489-919491282646-005900-003-004066&cha=0.7&stagid=&stplid=&d35=&d36=6.2.56&cb=20166914944&d39=&d65=&apppkg=&d9=1000&AV_WIDTH=400&AV_HEIGHT=225&&copid=59918a0e073ef4782e4e347f&nid=59c9148628a0612da3689288&cocid=5e8b3e740cd6ad6132403f66&ncid=6252cd490f4ad400b27f24ae&coasid=628cec03ef40666330025114&e=bid&cb=1664631506203&asid=62b1a8beecf705053613baa5&ofpr=&fpo=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.226.74.25 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Sat, 01 Oct 2022 13:38:26 GMT
cache-control: max-age=0, no-cache, no-store
content-length: 0

POST
H2 200 /
track.adform.net/serving/unload/ Frame AA87 35 B
503 B 18ms
18ms Ping
image/gif 37.157.3.28
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/serving/unload/?version=15&unload=6630838398584944844@@57588194,4975180853957513125,100|2044|0|0|0|0|0|0|0||80|1|||2044||1|0|0|o-2_gUZhERHxBx_RTJEBJ3XGkc-rlYEu-Fi9xG0I6t4yrY1GSkq4IfL_QlhaeLlf0|||01||0

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.3.28 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Sat, 01 Oct 2022 13:38:26 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET, POST
content-type: image/gif
access-control-allow-origin: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
expires: -1

POST
H/1.1 200
OK postback Show response
s.gk.123greetings.com/2/2.69.4/945541/AYvM6_YDEehYAItJ/ 0
145 B 30ms
30ms XHR
text/plain 18.202.153.141
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.gk.123greetings.com/2/2.69.4/945541/AYvM6_YDEehYAItJ/postback?dt=9455411658248091559000&pd=mkt&mo=0&si=main&ci=945541&sid=AYvM6_YDEehYAItJ&oz_sc=bb727d3b25052ac5d94a6d68&oz_df=1664631506247&oz_l=106&cv=3
Requested by: Host: s.gk.123greetings.com
URL: https://s.gk.123greetings.com/2/2.69.4/main.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 18.202.153.141 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-202-153-141.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.123greetings.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: *
Date: Sat, 01 Oct 2022 13:38:25 GMT
Timing-Allow-Origin: *
Content-Length: 0
Vary: Origin

Verdicts & Comments Add Verdict or Comment

466 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

47 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.123greetings.com/	1969-12-31 23:59:59	Name: utm_source Value: eoct_nationalday_china_remail
www.123greetings.com/	1970-01-20 06:23:51	Name: config_data Value: CADB=1\|CLG=1\|CBR=1\|CUB=1\|CCC=1\|CFLC=1\|CPFR=1\|CBRR=1\|TCP=1\|TAP=1\|TCAP=1\|TRE=1\|QkDshLgd=0\|FBCon=0
.123greetings.com/	1970-01-20 15:59:51	Name: _ga_47Q5QDHYDP Value: GS1.1.1664631500.1.0.1664631500.0.0.0
.123greetings.com/	1970-01-20 15:59:51	Name: _ga Value: GA1.2.831880633.1664631500
.123greetings.com/	1970-01-20 06:25:17	Name: _gid Value: GA1.2.356940216.1664631500
.123greetings.com/	1970-01-20 06:23:51	Name: _gat_gtag_UA_5085183_1 Value: 1
.trkn.us/	1970-01-20 15:09:27	Name: barometric[cuid] Value: cuid_5fac82a9-c568-435f-970e-74d95fd3be1e
.123greetings.com/	1969-12-31 23:59:59	Name: cnFbAtkn Value:
.doubleclick.net/	1970-01-20 06:23:55	Name: DSID Value: NO_DATA
.doubleclick.net/	1970-01-20 15:45:27	Name: IDE Value: AHWqTUkHHrqBq8StRgbUFnFcmCI3wFmOexZ5BIUkY9PZYZNoG9kyzjJFm1npgjGZhfs
.123greetings.com/	1970-01-20 15:45:27	Name: __gads Value: ID=cc453374765d7a35:T=1664631500:S=ALNI_MYAlu7EvkI9Zz02i1sqFeqGsoY4FQ
.casalemedia.com/	1970-01-20 15:09:27	Name: CMID Value: YzhCz-ry9XBwdZPxX9EfRAAA
.casalemedia.com/	1970-01-20 08:33:27	Name: CMPS Value: 1107
.casalemedia.com/	1970-01-20 08:33:27	Name: CMPRO Value: 1107
.adnxs.com/	1970-01-20 08:33:27	Name: uuid2 Value: 5407465011447374603
.adform.net/	1970-01-20 07:08:33	Name: C Value: 1
.jivox.com/	1970-01-20 08:33:27	Name: jvxsync Value: tj1e8X9zyQBi
.adnxs.com/	1970-01-20 08:33:27	Name: anj Value: dTM7k!M41.D>6NRF']wIg2C%@vu<uw!@wnfH8K6pQK`!5=E<*L5?%K<1r3Ydhi4Pf4ADz(/i_<b1gMX[@<e2ndoT@V%nugO%v4VB%nlo/)ix'c
.spotxchange.com/	1970-01-20 07:04:10	Name: audience Value: 51d5d54e-418e-11ed-9b3e-1ab52fe70106
.yahoo.com/	1970-01-20 15:09:49	Name: A3 Value: d=AQABBM9COGMCEBuOtcx1JOQvOgGfYEKua7oFEgEBAQGUOWNCYwAAAAAA_eMAAA&S=AQAAAph05ju4WgnKy_pd_eTkwwo
.w55c.net/	1970-01-20 15:54:05	Name: wfivefivec Value: gMBnJdpk1OECHd5
.adform.net/	1970-01-20 07:50:19	Name: uid Value: 6630838398584944844
.w55c.net/	1970-01-20 07:07:03	Name: matchgoogle Value: 5
.1rx.io/	1970-01-20 15:09:27	Name: _rxuuid Value: %7B%22rx_uuid%22%3A%22RX-afc9c1da-435e-4f64-a643-9e938fb0840e-003%22%7D
.analytics.yahoo.com/	1970-01-20 15:09:27	Name: IDSYNC Value: "18yl~27h1:18yx~27h1"
.targeting.unrulymedia.com/	1970-01-20 15:09:27	Name: _rxuuid Value: %7B%22rx_uuid%22%3A%22RX-afc9c1da-435e-4f64-a643-9e938fb0840e-003%22%7D
.simpli.fi/	1970-01-20 15:10:53	Name: suid Value: 05CF89689C6F424FADBDE2FFE26F71AE
.adform.net/	1970-01-20 06:33:56	Name: TPC Value: 1664631503516
.turn.com/	1970-01-20 10:43:03	Name: uid Value: 8327106704491749555
.travelaudience.com/	1970-01-20 15:54:05	Name: _tracker Value: %7B%22UUID%22%3A%22CD4F2385-778D-4334-89D4-3CEF8EAAC278%22%7D
.krxd.net/	1970-01-20 10:43:03	Name: _kuid_ Value: PHKoeBBt
.casalemedia.com/	1970-01-20 08:33:27	Name: CMTS Value: 5129
.bidswitch.net/	1970-01-20 15:09:27	Name: tuuid Value: 24c7626d-aa65-4427-9890-f6c2395a2374
.bidswitch.net/	1970-01-20 15:09:27	Name: c Value: 1664631503
.bidswitch.net/	1970-01-20 15:09:27	Name: tuuid_lu Value: 1664631504
ads.travelaudience.com/	1970-01-20 15:54:05	Name: _tracker Value: %7B%22UUID%22%3A%22CD4F2385-778D-4334-89D4-3CEF8EAAC278%22%7D
.quantserve.com/	1970-01-20 08:33:27	Name: d Value: ECIBCQGdJ4EA
.quantserve.com/	1970-01-20 15:54:05	Name: mc Value: 633842d0-0752f-aff5d-5e1e4
.blismedia.com/	1970-01-20 15:09:31	Name: b Value: 633842D023A2F831C6361768BLIS
.360yield.com/	1970-01-20 08:33:27	Name: tuuid_lu Value: 1664631504
.360yield.com/	1970-01-20 08:33:27	Name: tuuid Value: a095e2e1-e681-41c6-8bdb-309275024906
.tribalfusion.com/	1970-01-20 08:33:27	Name: ANON_ID Value: a2nsIHP3rT6CiAyPrSjvIVSLyKy0VFDo6uSaYwTGkRSYnJWled4OY1cuIU0OZdXJ15nFZb8HiSrwcW7JjTro3vce79
.mathtag.com/	1970-01-20 15:49:46	Name: uuid Value: 9c436338-42d0-4300-8237-dddaffbee924
.mathtag.com/	1970-01-20 07:07:03	Name: mt_mop Value: 4:1664631504
.creative-serving.com/	1970-01-20 15:45:27	Name: tuuid Value: a9f03852-0a61-4b37-a9ae-082430b8e531
.creative-serving.com/	1970-01-20 15:45:27	Name: c Value: 1664631504
.creative-serving.com/	1970-01-20 15:45:27	Name: tuuid_lu Value: 1664631504

8 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
worker	error	URL: blob:https://www.123greetings.com/5c77acc0-fd78-43c6-bafa-219fe9bdbb21 Message: Mixed Content: The page at 'blob:https://www.123greetings.com/5c77acc0-fd78-43c6-bafa-219fe9bdbb21' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'chrome-extension://eppiocemhmnlbhjplcgkofciiegomcon/content/safecheck-notification/notification-iframe/index.html'. This request has been blocked; the content must be served over HTTPS.
worker	error	URL: blob:https://www.123greetings.com/5c77acc0-fd78-43c6-bafa-219fe9bdbb21 Message: Mixed Content: The page at 'blob:https://www.123greetings.com/5c77acc0-fd78-43c6-bafa-219fe9bdbb21' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'chrome-extension://cplklnmnlbnpmjogncfgfijoopmnlemp/skin/logo24.png'. This request has been blocked; the content must be served over HTTPS.
other	error	URL: chrome-error://chromewebdata/ Message: Refused to display 'https://www.facebook.com/' in a frame because it set 'X-Frame-Options' to 'deny'.
other	warning	URL: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html(Line 11) Message: Origin trial controlled feature not enabled: 'attribution-reporting'.
security	error	URL: https://b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html(Line 11) Message: Refused to frame 'https://pagead2.googlesyndication.com/' because it violates the following Content Security Policy directive: "frame-src cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp=er3$/17626451119355985920/index.html".
network	error	URL: https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESEH-pFncxED4jxFgA9BXIOqo&google_cver=1&google_push=AZmPxg8j3Op_RCzoBKIHEZOVz4VjRwxy6oadvA6jRQUJAUInPpif5TlD463rvk5YvfNQre4I0Tu2XwbevRr8zyawEnXVMAxRUP6q Message: Failed to load resource: the server responded with a status of 503 ()
network	error	URL: https://p4dt2-ha1hf.ads.tremorhub.com/ad/tag?adCode=p4dt2-3dhcf&playerWidth=600&playerHeight=338&srcPageUrl=https%3A%2F%2Fwww.123greetings.com%2Fevents%2Fnational_day_china%2F%3Futm_source%3Deoct_nationalday_china_remail&supplyCode=p4dt2-ha1hf&mediaId=VideoId&schain=1.0,1!avantisvideo.com,8079,1,,,!spotim.market,isp_avantis,1,,,&transactionId=bd1bfcdf-f652-463a-822a-87a602519666&floor=USD:0.2&referrer=https%3A%2F%2Fwww.123greetings.com%2Fevents%2Fnational_day_china%2F%3Futm_source&hb=1&fmt=json Message: Failed to load resource: the server responded with a status of 403 ()
network	error	URL: https://p4dt2-ha1hf.ads.tremorhub.com/ad/tag?adCode=p4dt2-3dhcf&playerWidth=400&playerHeight=225&srcPageUrl=https%3A%2F%2Fwww.123greetings.com%2Fevents%2Fnational_day_china%2F%3Futm_source%3Deoct_nationalday_china_remail&supplyCode=p4dt2-ha1hf&mediaId=VideoId&schain=1.0,1!avantisvideo.com,8079,1,,,!spotim.market,isp_avantis,1,,,&transactionId=9fc38dc5-3bc5-4506-b013-7569537a81f9&floor=USD:0.2&referrer=https%3A%2F%2Fwww.123greetings.com%2Fevents%2Fnational_day_china%2F%3Futm_source&hb=1&fmt=json Message: Failed to load resource: the server responded with a status of 403 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a.tribalfusion.com
ad.turn.com
ads.creative-serving.com
ads.eu.criteo.com
ads.pubmatic.com
ads.travelaudience.com
adservice.google.com
adservice.google.de
ap.lijit.com
as.euw1.jivox.com
assets.euw1.jivox.com
avm.avantisvideo.com
b5dcf21c74232def5d44c876671f2936.safeframe.googlesyndication.com
beacon.krxd.net
bh.contextweb.com
c.123g.us
c1.adform.net
c2shb.pubgw.yahoo.com
cat.fr.eu.criteo.com
cdn.avantisvideo.com
cdn.euw1.jivox.com
cdn1.avantisvideo.com
cm.g.doubleclick.net
cms.quantserve.com
code.createjs.com
connect.facebook.net
csm.eu.criteo.net
csync.loopme.me
dclk-match.dotomi.com
dsum-sec.casalemedia.com
events1.avantisvideo.com
evs.euw1.jivox.com
fonts.googleapis.com
fonts.gstatic.com
go1.aniview.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
hbopenbid.pubmatic.com
htlb.casalemedia.com
i.123g.us
ib.adnxs.com
image6.pubmatic.com
match.360yield.com
match.adsrvr.org
onetag-sys.com
p4dt2-ha1hf.ads.tremorhub.com
pagead2.googlesyndication.com
partner.googleadservices.com
pixel-sync.sitescout.com
pixel.rubiconproject.com
play.aniview.com
player.aniview.com
playercdn.jivox.com
pm.w55c.net
pr-bh.ybp.yahoo.com
prebid-server.rubiconproject.com
r.turn.com
region1.google-analytics.com
rtb.fr.eu.criteo.com
rtb.openx.net
s.gk.123greetings.com
s.tribalfusion.com
s0.2mdn.net
s1.adform.net
secure-gl.imrworldwide.com
secure.adnxs.com
securepubads.g.doubleclick.net
ssum-sec.casalemedia.com
static.avantisvideo.com
static.criteo.net
stats.g.doubleclick.net
sync-tm.everesttech.net
sync.1rx.io
sync.aniview.com
sync.mathtag.com
sync.search.spotxchange.com
sync.targeting.unrulymedia.com
sync.teads.tv
sync.technoratimedia.com
tpc.googlesyndication.com
tr.blismedia.com
track.adform.net
track1.aniview.com
trkn.us
u.openx.net
um.simpli.fi
ups.analytics.yahoo.com
us-u.openx.net
web.ssp.yahoo.com
www.123greetings.com
www.facebook.com
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
x.bidswitch.net
104.18.18.126
104.18.19.126
142.251.39.66
143.204.205.98
15.197.193.217
151.101.194.49
172.217.23.98
178.250.0.160
178.250.2.150
18.156.0.31
18.194.34.97
18.202.153.141
18.66.15.53
184.51.9.34
184.72.244.154
185.29.134.244
185.64.190.78
185.94.180.126
193.122.174.27
198.148.27.139
198.47.127.22
2.18.69.48
2001:4860:4802:32::36
2001:678:cb4:bbbb::11
213.19.147.44
216.52.2.48
216.58.212.130
2600:1f18:612b:4232:aab9:bdfe:4216:bd10
2600:9000:2057:1c00:1c:38a0:8a40:93a1
2600:9000:2057:d000:3:748e:7940:93a1
2600:9000:214f:7c00:1e:a43d:b640:93a1
2600:9000:214f:8c00:8:9ed9:9c40:93a1
2606:4700:4400::ac40:98f5
2606:4700::6813:ad6c
2620:116:800d:21:c5a4:625:6563:a5bb
2a00:1450:4001:800::2003
2a00:1450:4001:808::2008
2a00:1450:4001:80f::200e
2a00:1450:4001:82a::2004
2a00:1450:4001:82b::2002
2a00:1450:4001:831::2001
2a00:1450:4001:831::2003
2a00:1450:400d:804::2002
2a00:1450:400d:806::2001
2a00:1450:400d:80a::2002
2a00:1450:400d:80c::2002
2a00:1450:400d:80c::200a
2a00:1450:400d:80d::2002
2a00:1450:400d:80e::2006
2a00:1450:4025:402::9d
2a02:2638:1::3
2a02:2638::2
2a02:2638::b
2a02:26f0:10e:29b::2c79
2a02:26f0:3500:11::215:14dc
2a02:fa8:8806:12::1370
2a03:2880:f02d:100:face:b00c:0:3
2a03:2880:f12d:181:face:b00c:0:25de
2a05:d018:d29:3602:463b:6ffc:aac9:c7b0
3.121.93.31
3.122.20.151
3.123.174.3
3.224.43.174
3.228.232.15
34.226.74.25
34.242.157.79
34.96.105.8
35.157.246.167
35.186.253.211
35.190.0.66
35.204.74.118
35.244.159.8
37.157.2.249
37.157.3.28
37.157.6.242
37.252.172.123
37.252.172.250
44.241.52.146
51.89.9.252
52.17.103.74
52.213.108.198
52.28.203.152
52.85.24.95
54.204.116.94
54.73.102.103
66.155.71.25
67.27.157.252
69.173.144.138
015c6c3dfccd8b2c661ba9c2af816ff899c954df57ab4392b886ce7e23eba74d
02fc09dfabfbab52f8760422f0e2f1d8a5009cfee409e7e03effdc567579f681
03000928322c62fe9a01c55bdb0c91a08b5a226198f4e4a387d7a2652d56ec91
04044f475eb29011291b64adae97d21de0cc6204463562500d98e7552454fabd
05010037e0bf1c4ed0b6f84629d1226209720ef80e91d1e56132c89adc35a7a0
0596974ea0a4aa88cce0d0683b3af837fb80d633788395a98723d319f39c8de4
0616aad0b0f031f2c2dd50ec3110dbee9e4792efc1b827bd66fd0182d7be1124
0688c689d53abf96083b536daceff19a6e0d73b041089128cdd65e01b4f93aa7
095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6
0ae485367eb0862700624f4b18563586fe0fd2ecd7abd1efb8a4896ead71fdd3
0ae74371a872da00743b4c907dc6b5ea22377f13ede1ac75055a55f50676dba8
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0bcac89d72d5f0b2bef20f815406384ff05489e4294acee57409060c2eccffc5
0ce879cfe7244a0a086ea8a95996d7ac5838d30a9b1cd8e85f045f51c41d0df8
0da5019efb496dabcb5d6edb18088b09f815aa4462190c7a6bbb25d7059c941a
0ddeadca43a405855a40c8dae3b1c3335a742811130d425cffd24b2e20ea5ee1
1056d6f78489b757594f2f467c724130323d4096561b723f7a12ee218bbf55ad
121de8c119716546a401c21017d613a4316f0c3cb3f16bf183cc4774981742fa
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
12ba93c7b0114439929f7ac0efcdc60e6eee9da57a2fe6ce68bb969f00f4a54e
141d0c16f846671454c7819c37fafe483ceb63aecb14695abd4a911d67df3d49
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
1c45bfa2dc80f54eb8564aa778a0929a00811168617ee6340cc59f0af48e5cca
1c59201e7f61dd25d07f893a1e025199d394ae301e9a5d788d6fb831e09a1faa
1ca32633ca69f934f26636d73d322e2531df6572b5297ef9f6268c243778593b
1dbfeb07cd50a1857b9576b5415f8a4c6ef010279666f39448fa0aa125d433b7
1e66c06ab180f7bf3da83626313d8c1b45efa2ddd191b430ffec9993a3f9675f
1f8ed95a69872cc8e0b3199f723f660e7bc01223bf5dfa7e6bdfd06218ebf0e5
20b3bdbaed5af274d8f415e769e30b1f7907fb3aeddd629461f1bd3d1efb4d98
21026407398ed753d48cd817a1f47881738ab30f449b90aa3f83d179ff3ed267
23ff53c1f85cf6952e39181936dbe883cc594fbd13a627c9d4c81a140a0440d1
24374f583eeb0c88723c3cb830828d5798ce87144c8ce4e32076df4786f72848
254d41d323b97e21b036ccf367f7dc18d8ea96daaf756167bac6f0ebbf8fbcd1
255eef079d3f18e253c2b3288b4ed0d621b1266c2845679b66af9db6d8faea2e
258db6a3d082fd94def3ee14861869b4b104d237a7706cfb71de1e92604350ab
2c15005e0ad25e77c055181671a77000719088346e4b540df47ba3104602b3d9
2cdedf30b3876f3556aafea7e5ab6baa19f67f4cd776af5aa3132162b796381a
2e4386cf56ad2612f0ad0526372b3d1cd96d6ecb3f32836f141aa28207b3907e
303852ebcdd18a52d60552f9b1a31691f1163fb01909890bf7b8d80ced0785ba
30e9b409a7dd8350a4f38ee9a5dfc967053710f64a9e6b6677c4353bbd4c7619
328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7
34c9ee51c2dd7fafb4df5f5e0bbb0a2a3508db0692f97b90b44ab89a50a545ef
37ab5c060ae53ccda75b8bd212d874a17650f7954b11c4e31f568990ab40196b
3bc95e2d726f7fd5ed8decfc0ae24c18933404bffa252ad6000fd01905210042
3d2c7477e7418b42a967439d1fb117b25369aeb385be8ffb25c3f9c97cb85cee
3f5540651a7fc59fff9c418779bed42cfe8400f5a540b469fedd46b90b764787
3fa7286a17116434c61ab86a339583d0dc7b3861db8d069c22c5034aeead0372
418daae1b2eff2e9698e406734dc5b7ddbdc01149ad02918412fd7d4860b30d8
4330d4072d013510b91ca5648f210b614c2e4e8ecbea94a1f8a8373aa6068532
44ca41a0a5e2e275d908271d8ff7c40491139df448d37e7cdbd8414f298443ac
46d1791d45e9e6840842ef90f192c2c6f1f4247baa7c1f32f2da75d3a05c0de2
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4c671b182b66f3db52ef44dddcb755d6159ffc6303acfbc611d16892a637ac39
4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
5028f77ac0afdac1bb66eaeeef41e77cea0f2487a66cb1df354d8680db1bb64e
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
52017d9b15047560da219ccb1e603a2300690343092772e8272ff06a21dc107a
5336fb757df91e343cca414c112da532ff47f3d40b0d6e1b3c39ea00c8e24ab6
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
58b603271da250778cca7450c81343eba7a896c87d93812f4de54ca5e1108488
5b040d43b4044c9dfd57ea957dee07b673b43c0e1f0f1c017014b02bef027045
5befd22dea8fd01a87889baa8bb4fb3fb5ebeb79e04172bb6c899c2ef1e84e6e
5c3d5671eb464c4040b864da705012965774556b2515837a216e8f205e257f28
5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b
5ca26fbf12235c63350ad1338f2b0be4ca0e4abb13e85ef84c131f02a1c74141
5ce911a3a53fbfee2bc985a2fdeb5965e9d15a17854e7b536bbd6cc53b6ed52d
5dc2dd3da7e30d712b4dbbd6c6755a7547aa43880ab01799a7b856dc661924f8
5e9a22fac024371ed667ca4ebc25daaedaebd39fbfe03ebdd60c53a45a7913c3
5ecb58845a9ac30e4eb4b18eb0e7431ba1fb195ce035309735efaee67421c7a3
5f0207bbbd69497c7a37284c0b6f9bdcc9f83c574a4cda737e00a390d0ed268f
605b14697226eeb0be6b2c11db8206b70f4c8681c3f921e4ceca4793ce1a95ce
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
61db8778950ad1886b03d3a3ec7de2cc4094585148a7da735692c01eb60fe247
62cdccf1ab4b4215586295612a4a2ef96fa490250fa96dbccc565f659cab86ab
64bf5aabacaf62804fd8f5a6233899dfb17c7d265fa84e712bce1e764c20cf41
663dab1310a7e64c3bdd7dfdc81b7fc9a28884d4ee290b96077c7b32bbe84707
677fa4f3fb3ceb4a8b6a7371cb9f522b2a775e93d7026f533e076eb8ab384c03
678b3cae19452e95842bebedd844ab5491a4fe873ba5b3e5bca522cc4e45c3fd
69303f97bf43e5d9fd7a0c8e6b5f4b49de4466684c7e2b8e2108de98e5c98483
6a6ee3eed5f3385767ae35589e56aadaeab31d5f2984e9f0c720e9e3d3926e37
6b4ca39ba0cd182ca9f19cb8fd8b6292803ebca88a3558bd9b71f39bb61021d6
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6c7ca7b6c9d498b529ca3544f28700642415af2196101d77d65d8249be1603a1
6efff8ce63d77eba89e9cc15af6dbccc657068130e89225fc662a0c580cea9b7
7102d8f7a9cde287e023ce95be18b4e985ba2e45afe157fb968b0d6c82cf8508
725e869434fef8013208ed4c233d29744f9b363f867dcfb8f23e862880fa699a
73bacec85f74494351eec93ba493870da5ba3a19afacf211edb4124ffd695d7a
73eed57c07b846318e5205a9b5e305aebf3b1e019c957aed7c990c8f9cb6d871
756fc7dbf6e4ba97c61ad14913289b7cda96f360cd385aad2e82f8311d708233
77039ea0e5aee4d7b72c9ec3bbd1bef2759f4b9043460b120d571fbd480b9fed
77c67801c7995f4eaec6d68deb332882a6a342ad407d6eb25f8ffbf54c92bde7
7a0049831d92582305911a42f5ed743a1fbd56c69247dddca678d36c9d71b85e
7a1dd1bee7fb2e7ed17e9d3fe95f0cd31207577ab981ff4ebc6ebfb2d88f7c4c
7a9054758a4808c97c188f5be469879eef19a2f7cbd9bb0e740cee3199a6c747
8030594b4999eca38901464b09383ca988c454a4f7ab6b963be75e6c42da011d
81113214da7b946424bed9da1f2713c0e7280b577feb58cdc17ff672143aced7
8272ed99c2fe9a7e77a6af842513173821400a3a597748aa888bfcd284de29ab
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
848fe19ed492948709b881f504ce2eb6274baa694606ca88eb9b2990a2460caf
86d8e892ceacd8c8a7e7125c68dd0e1b311f8399871b6d64b8b6795f0235c1d4
88512810d8338e837273ffd5f6e896fac568468af72ad38192cd16b0b5408f52
89b03d4a2f2ca3d04df1fda63a5247ef31cea689a0ca553e353122ab3d22b646
8a16da0d4ff862bde6e973eb23f04a2f79575c3917cc2cac8672870cf272490b
8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14
8b748787a3a389a5f2297c5158b2f0838db39741085917ade991a174d08f11fe
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8eaa47a979e2451ec6dded08b289b21591a9c20c25b62ed0d049085ddec6d5a1
8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395
8f7c697d1254368ab61d2623d6787b075e15b45a2065f78a19e00f0c59295831
91222f96f34735ebc88df208017e54d4329b9202e3e52367fb8b149698a1a5ef
918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537
95fc7e3828b0b354d19974abb86910bcf89434f04ec31ceea2b4a77e4cf15d61
969231fe165a93933d6908d45bfa09c364b66de37160efea47d87d18d7d37bd8
981c0bff12cb03203363a70e8ffe9b7fdf4af3b0b10c7a02a639eb13327574c0
987a85ec33287307910313fc7b22a8ab6cd0dc24e9fe5945f8a42af4223c1550
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9c16346c37c164608164e7b460eeb10cf49a70852f68367c46b085d27c99e075
9c34b121084081f98f436ace0c8636dfba0a319e76bb0be20faacf58c61afacf
9d60ac0d334c77a039cad6f125f940635ff0043a610271fc0729d61cc9546401
9e25469f734732205f33dd80ff8ca12080406c18d2fa99a1f368103e51f7999f
9f85b446cf7c5640aa90f2663bf232af45a2d4ebd65fcf60a3105f400ea8bdac
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553
a1b65667ab45703c44a92a12fe931840aba9bb9ab4efcdb8e61e00f48572d540
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a4f92ae0d3ab6cc4e73bcc03c1d415ebbdd2ffc7fe5582c93dd0a70155f5f907
a558dc731872adb52490cf8550eb796d0d0b448df332e38f815228576dd0cd5a
a65fc129fb0750ba784553a74b4dd3442b53e562c27e43a6b5e8dc791daea556
a68a93e775b3785b588192bfdccbc6acf7b9c385c6e89dccd3006cdbb1ad0b84
a71702232a771b558b12f8c0012a15f5652b500fd2e33464d283406cee36754d
a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
a7bf67883867f93d08cbf4eeac0485e641cb9e5b123e18bef046b7c706cffd28
a84fb0803620acdf77c0f41d652eb5538002ed610424bd0be051203ee50cf940
a87352099e9b3946d71f4f73c69f9217ef99278088a177d5eef09df78c11e4ae
a8bd8f6002d82bd7edd3df6cf9ba87e77a26123e5c0c9a60cf4050aafc1208c2
a8d0cdd39efc95fb87ffa57797b7e322bfdb875b0015a3368c771e524e70aa01
a915754dd6e088c034edafadf0d920508bc0c3377967a3b0677e278c800bd9cd
a95725351a0f5632bfbc825ddefb79ede9cea7ec80fae42271e16ae723c92622
a9ff0637968b9f798752ccacf1c56f22be78f1ea6668c2f3b15cdae375c52e1d
aafb3ee79dc18d6ddc6b5c5503dc051c6e89d25a801b243cd4310ce7e0eac5ba
ab6521d7f8270a417139743c6dfb2cf083d647b4d350a25e13faade0e857a9fb
abfaa28e509b104c2edc0bd048809340d5e006ec872e1966baff8383ff8a0e22
ad034c8a7ccd7398466698490c8d5bbc8adf4cfd140e8bc38fe74cf9c23f4f7f
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b1ae123c244a4576989f6c0b8177bf76676c4612e76af2940f6e77f5c8111580
b2675f2bc3393449a44784c7815f9c36449024e4397d7f174812c42c6bbaa148
b2c78c910f5ea29e3a9d223dabc203c055c8708b1fe7d83788b490638126db4d
b2effcb18f514a7896e737bdda537f2ef3b5bb989eb247f4ab2aa3facf1148ea
b45a5297202f4af1ba907da7392a0da43fb1eee6fc5764f4242b576066d6db29
b516063fb43fe8dc9a0ee4d290c95bdab8c811a55a8ac73bd3cb3e6573ba4bb9
b586bfdfea220fa6018be762909f8a1c161180cc8596ec51fb15a84ba6105886
bd3ea71142da2f789c88adb1241f941633506f4139287c7e7a67b651d024f8c4
be4485b288025b8a00bcdc3c3622da9c06e77d21e6e9a3910d5a214f1a024711
c010aa85c358792618bfe13d05db1f07400723e707781a4f5883de34c4fbf44a
c2777526a216d9692dd29697ebee7836fe8ae65f3a290faa20b75b64c0625205
c40c9c0117af4abd3ab87c81eb1725c442ec682095d29cc8bc2206e3e5ac1c23
c447dd7677b419db7b21dbdfc6277c7816a913ffda76fd2e52702df538de0e49
c85583bca34f5f394dbd963addf48596d70e99f1c84827776e81277a564927eb
c8b0afc3dfec0f3ae8543ce07b9368ce0f1bd95adf754ba1577a3c819b430743
c9e42e2c7cd3ec42f6febe248c715522b2e5f6bc92b389b101fbd33a069ee7ed
ca9e0c65c02dd47b70c0afa444f7d5c98838155b4e7b9d7adb4b6837a8a3b39b
cafd612ebd6bc497a7a05d3dfef133a0b793f1e04e277b31c424d6d8892a1d48
ce4037c9f95f5008b2edf73ce9edbf58308ecbf03c2fd724a3e33c0c2a822f94
cffefa7393b0df0b5a0a111345b5ed43e9bf7e70d5b49cddbf8b44bd49880412
d0c4d59afad964c72f798b5320db4f59a8bb2e618f6c168ddf3a52f798faa2c5
d0e8821e889280c3b745b859e6b3971924723a4562bac65ba8aa0fe44bfc83b2
d23484cf0f36a73cc699ceffc6da8f0e9ffd6b372dcb615ec942cdc287845505
d2d07aac18bd7e8a933058bc7ba424813cf1c8d40880ec10bcafd14756f8d6ef
d37a1d0a9caf1a7ab47cf71e03cb92dbce54797914e91c6ad6bf88dabd0814ca
d5478dea9cf82b1e161f683fb088cf7c902c86b792759d651aedcbd52126461b
d6f09f5be74d631dd1f18673a373c0746c20ee37d6994f2b7cd08047693f7cb4
d7aa0dc69254afff4dd07264d4746a5f687b43af909092932177d928fe206fbd
d83ca845b009ef2714ac02d097dac2e539d4ece0f8e553b946b82259dc3050f8
d8a957038679125d4840554fc43375697e662283121561afdefc2c3fbecaf729
d8de354b3daf4d85422c4cba5054f5861a653699739bc9890f8efdbab8e2c1cb
d930f4b2818eee635146f400cd83c29f1191da650dee72af1d0d12fdd218a040
da8438b81e390283f6eb8cc9cf49ccde3d00c954b4fbccdf6372c162c4b58ab2
dba6cd6ea8cd4b220a20275c440ac8b66e7f96c21bf5b220d7805524bc5da486
dcbfcceec17c3382be97b25e659821c5151feb7cd01c2148649fb0441ec940e0
dd080c89636f8576e3364bea0867f18be3a32daa72d766da336cbb80ba5fb407
ddafcb62dd9406b687b84fe105a65220cfd60685bcf93cbcd092071368b4dde1
de0fd578562a17eeefddd802e0567c3cc63b35c67640d79f0e38faff98e18e1f
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
de6b1569f10d67682062caaa40c437ba7710fc5f9fc601169f0be9fc1fc4eb44
df9967e26296ab6659acbbecd377f7933cd3743d50935a5c44c800f90b9c6687
e37e804f139ba52491abb130f951381aa0732393702ab5c0e7d2cd54d30cfacb
e38423b55ffa87c8d9803d8c50f28bbb28086658b6ca3973d9849bcbd29fe45e
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e41d1ae45acbf836b8dcc29544c7e41cced4211214df601d5284a7e9c7134c73
e439bebf8de2df0582273906d2c1dceff2387c661efb2152ef1c28420ce4e7e5
e4deba3d8985c34c859d4c14d8f55c3d6cdff812e73089b7a1bccb54abc3cd65
e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e
e69b67b081d80773ed5ee30bdec31ac2fc49c02440b87365e4ade71dca0faf8d
e7c5876c9abc1c9481545e39db9900a31a356bb1a9f92541a05c650ed51b991b
e963e7196beb9123059ec3534b042ebcd1ef0a470fa568bfbebfeab2f33c4fda
ea294b654c071eb9a60c3185cc0266fa41324f4536265fca85c56f2855aa8b66
ec24ec80719b83e32448bd568739a6b7c36f96cc746c3003a9d32a1ef4535152
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f03f34a896200ac3d36794a86a5b23d054f1982d05740b454078c8526a33b631
f052e05510df623bc35067181908c03ff485e34fa5be60759607838f90584824
f0d7d05ef7ae154e283b8c8e462aeb6e9b5bca53225c42743e2028c34828c08a
f284353a7cc4d97f6fe20a5155131bd43587a0f1c98a56eeaf52cff72910f47d
f48f1b088976f2de3bb46a5c5bc609160ef0a6f919109e08f784596b0a93b7d8
f5058623ef093478fb73cf4322ffed1b85f77f015ed878922a4eae56aa16e7a8
f5ac04f16be2eb0fbb4477e9e100a88674bda296ce7acf2419ec2898858b37f1
f5c1bc8b8dcd115524672d43cab6c98437221c1436a87d82831b6973368db684
f5cc0170d9bebf7d43aa74b381ff2899cc5a3d3fec051e7f7966451db10f0257
f6aa9c0bdd746606d7fb70178bcb63b1be988d49f7ff4a6bab11d0cf3b0fb3ab
f6c84a15873bbae73ff06857139327b85a6869fa0e21d36666aa2bb5d9bbb19b
f7408c25067cd0a9d9fe835cb4c05e394a50751d3fcde0c461db19a309abb02a
f77932c1ed84c66e07cf14f8ed43a283d3499660202b34ebf58015284e581359
f86a1105ed755e9ae9b75708a5b19d5c478212605b9f8d7c98796b451de18c63
fa0cfc7c0df04e388fce64462a3df35118a753879ad5760e9a83235f1866dfa8
fa0f0672cffd642ffee15f4c66002727da5ec324968ce261d8e4ec22c220c0e7
fa85a4366200f608a99ecf4b1b933babdd9c5662cbe5d518b3daa57e53dbd85b
fcab803c6d01082f69e5510655ca566241f3a4fd3ee7aa1506b1308e2d069ccb
fd4fffd1b44975052d6df5b48492c7080c53dfeeb4eec59ad228e9da5e5c8196

www.123greetings.com Open in urlscan Pro 184.72.244.154 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

451 Requests

90 %HTTPS

39 %IPv6

56 Domains

97 Subdomains

76 IPs

10 Countries

6844 kBTransfer

13831 kBSize

47 Cookies

12 Outgoing links

Redirected requests

451 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 17 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.123greetings.com Open in urlscan Pro
184.72.244.154 Public Scan

Screenshot
Live screenshot

Full Image

451
Requests

90 %
HTTPS

39 %
IPv6

56
Domains

97
Subdomains

76
IPs

10
Countries

6844 kB
Transfer

13831 kB
Size

47
Cookies

451 HTTP transactions
17 data transactions