www.123greetings.com Open in urlscan Pro
184.72.245.68 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://www.maqors.com/cgi-bin/click.pl?cid=nl010952202102&lid=206841&uid=203601343
Effective URL:
https://www.123greetings.com/events/dance_day/?utm_source=Email&utm_medium=Special_NL&utm_campaign=SNL_june20_events
Submission: On September 04 via api (September 4th 2021, 4:35:42 am UTC) from US

Summary HTTP 523 Redirects Links 12 Behaviour Indicators

Summary

This website contacted 66 IPs in 8 countries across 71 domains to perform 523 HTTP transactions. The main IP is 184.72.245.68, located in Ashburn, United States and belongs to AMAZON-AES, US. The main domain is www.123greetings.com.
TLS certificate: Issued by Go Daddy Secure Certificate Authority... on April 29th 2020. Valid for: 2 years.

This is the only time www.123greetings.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	184.73.249.63 184.73.249.63	14618 (AMAZON-AES) (AMAZON-AES)
1	184.72.245.68 184.72.245.68	14618 (AMAZON-AES) (AMAZON-AES)
43	67.27.233.252 67.27.233.252	3356 (LEVEL3) (LEVEL3)
3	2a00:1450:400... 2a00:1450:4001:812::2016	15169 (GOOGLE) (GOOGLE)
64	2a00:1450:400... 2a00:1450:4001:80f::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:810::2008	15169 (GOOGLE) (GOOGLE)
2	2a03:2880:f02... 2a03:2880:f02d:12:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
1 3	3.222.63.32 3.222.63.32	14618 (AMAZON-AES) (AMAZON-AES)
10	2a00:1450:400... 2a00:1450:4001:829::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:829::200e	15169 (GOOGLE) (GOOGLE)
9	2a00:1450:400... 2a00:1450:4001:828::2002	15169 (GOOGLE) (GOOGLE)
17	216.58.212.130 216.58.212.130	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400c:c08::9c	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82a::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:830::2002	15169 (GOOGLE) (GOOGLE)
14	2a00:1450:400... 2a00:1450:4001:813::2002	15169 (GOOGLE) (GOOGLE)
7	2a00:1450:400... 2a00:1450:4001:811::2001	15169 (GOOGLE) (GOOGLE)
1 2	2a03:2880:f12... 2a03:2880:f12d:181:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
33	2a00:1450:400... 2a00:1450:4001:827::2001	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:810::2001	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82f::200a	15169 (GOOGLE) (GOOGLE)
5	2600:9000:224... 2600:9000:2240:fa00:1c:38a0:8a40:93a1	16509 (AMAZON-02) (AMAZON-02)
2	2a00:1450:400... 2a00:1450:4001:802::2003	15169 (GOOGLE) (GOOGLE)
4	54.154.149.33 54.154.149.33	16509 (AMAZON-02) (AMAZON-02)
5	2a00:1450:400... 2a00:1450:4001:831::2004	15169 (GOOGLE) (GOOGLE)
4	2600:9000:223... 2600:9000:223f:1c00:8:9ed9:9c40:93a1	16509 (AMAZON-02) (AMAZON-02)
3	2600:9000:224... 2600:9000:2240:7c00:1c:38a0:8a40:93a1	16509 (AMAZON-02) (AMAZON-02)
77	2a00:1450:400... 2a00:1450:4001:813::2006	15169 (GOOGLE) (GOOGLE)
18 63	172.217.16.130 172.217.16.130	15169 (GOOGLE) (GOOGLE)
3 19	2.18.234.21 2.18.234.21	16625 (AKAMAI-AS) (AKAMAI-AS)
3 8	185.33.220.243 185.33.220.243	29990 (ASN-APPNEX) (ASN-APPNEX)
2 3	34.98.64.218 34.98.64.218	15169 (GOOGLE) (GOOGLE)
2 4	104.111.242.245 104.111.242.245	16625 (AKAMAI-AS) (AKAMAI-AS)
2	2600:1f18:612... 2600:1f18:612b:4216:faf1:9619:7fb0:de49	14618 (AMAZON-AES) (AMAZON-AES)
2 3	185.94.180.126 185.94.180.126	35220 (SPOTX-AMS) (SPOTX-AMS)
1	2a00:1288:80:... 2a00:1288:80:800::7000	203220 (YAHOO-DEB) (YAHOO-DEB)
8 14	3.126.56.137 3.126.56.137	16509 (AMAZON-02) (AMAZON-02)
3 4	2.18.234.233 2.18.234.233	16625 (AKAMAI-AS) (AKAMAI-AS)
1 1	154.57.158.48 154.57.158.48	26558 (FREEWHEEL) (FREEWHEEL)
5 7	76.223.111.131 76.223.111.131	16509 (AMAZON-02) (AMAZON-02)
12	142.250.184.226 142.250.184.226	15169 (GOOGLE) (GOOGLE)
8	2600:9000:223... 2600:9000:223c:7c00:3:748e:7940:93a1	16509 (AMAZON-02) (AMAZON-02)
4	52.209.62.127 52.209.62.127	16509 (AMAZON-02) (AMAZON-02)
2 2	185.29.134.248 185.29.134.248	30419 (MEDIAMATH...) (MEDIAMATH-INC)
1 1	35.190.0.66 35.190.0.66	15169 (GOOGLE) (GOOGLE)
2 2	72.251.244.142 72.251.244.142	29791 (VOXEL-DOT...) (VOXEL-DOT-NET)
1 1	31.172.81.159 31.172.81.159	44066 (DE-FIRSTC...) (DE-FIRSTCOLO www.first-colo.net)
1 1	31.172.81.158 31.172.81.158	44066 (DE-FIRSTC...) (DE-FIRSTCOLO www.first-colo.net)
2 2	54.87.192.123 54.87.192.123	14618 (AMAZON-AES) (AMAZON-AES)
2 2	178.162.133.149 178.162.133.149	60781 (LEASEWEB-...) (LEASEWEB-NL-AMS-01 Netherlands)
1 1	2.18.235.93 2.18.235.93	16625 (AKAMAI-AS) (AKAMAI-AS)
4 6	2001:678:cb4:... 2001:678:cb4:bbbb::11	56396 (TURN) (TURN)
1 1	63.32.201.39 63.32.201.39	16509 (AMAZON-02) (AMAZON-02)
1 2	2606:4700::68... 2606:4700::6812:d05	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5 5	151.101.14.49 151.101.14.49	54113 (FASTLY) (FASTLY)
2 2	185.64.190.78 185.64.190.78	62713 (AS-PUBMATIC) (AS-PUBMATIC)
1 1	13.32.121.100 13.32.121.100	16509 (AMAZON-02) (AMAZON-02)
3 3	52.58.206.142 52.58.206.142	16509 (AMAZON-02) (AMAZON-02)
2 2	3.125.99.7 3.125.99.7	16509 (AMAZON-02) (AMAZON-02)
1 1	3.210.105.251 3.210.105.251	14618 (AMAZON-AES) (AMAZON-AES)
1 1	52.48.144.237 52.48.144.237	16509 (AMAZON-02) (AMAZON-02)
4	104.244.36.20 104.244.36.20	7415 (ADSAFE-1) (ADSAFE-1)
2 2	3.64.144.49 3.64.144.49	16509 (AMAZON-02) (AMAZON-02)
1 1	80.64.106.148 80.64.106.148	20764 (RASCOM-AS...) (RASCOM-AS CJSC RASCOM ISP)
1 1	37.9.245.57 37.9.245.57	16345 (BEE-AS Ru...) (BEE-AS Russia)
4 4	217.66.147.169 217.66.147.169	29209 (SPBMTS-AS...) (SPBMTS-AS Malaya Monetnaya Street 2-A)
2 2	213.87.44.187 213.87.44.187	13174 (MTSNET Mo...) (MTSNET Moscow)
1	2620:116:800d... 2620:116:800d:21:f916:5049:f87f:108e	16509 (AMAZON-02) (AMAZON-02)
1 2	193.0.160.128 193.0.160.128	54312 (ROCKETFUEL) (ROCKETFUEL)
1 1	178.62.202.251 178.62.202.251	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
2 2	213.19.147.45 213.19.147.45	3356 (LEVEL3) (LEVEL3)
1 1	185.86.137.121 185.86.137.121	201081 (SMARTADSE...) (SMARTADSERVER)
1	34.96.105.8 34.96.105.8	15169 (GOOGLE) (GOOGLE)
1 1	85.114.159.118 85.114.159.118	24961 (MYLOC-AS ...) (MYLOC-AS IP Backbone of myLoc managed IT AG)
2 2	135.125.160.160 135.125.160.160	16276 (OVH) (OVH)
1 1	35.227.252.103 35.227.252.103	15169 (GOOGLE) (GOOGLE)
1 1	69.173.144.165 69.173.144.165	26667 (RUBICONPR...) (RUBICONPROJECT)
7	52.34.57.2 52.34.57.2	16509 (AMAZON-02) (AMAZON-02)
1	2a02:26f0:6c0... 2a02:26f0:6c00:28a::2c79	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
5	2a02:26f0:6c0... 2a02:26f0:6c00:2ab::2c79	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
12	18.214.42.169 18.214.42.169	14618 (AMAZON-AES) (AMAZON-AES)
2	3.214.14.12 3.214.14.12	14618 (AMAZON-AES) (AMAZON-AES)
5 5	185.33.221.89 185.33.221.89	29990 (ASN-APPNEX) (ASN-APPNEX)
2	44.194.158.136 44.194.158.136	14618 (AMAZON-AES) (AMAZON-AES)
4	52.2.252.150 52.2.252.150	14618 (AMAZON-AES) (AMAZON-AES)
4	18.195.102.77 18.195.102.77	16509 (AMAZON-02) (AMAZON-02)
4	185.94.180.124 185.94.180.124	35220 (SPOTX-AMS) (SPOTX-AMS)
4	23.37.38.181 23.37.38.181	16625 (AKAMAI-AS) (AKAMAI-AS)
16	2a00:1450:400... 2a00:1450:4001:82a::200a	15169 (GOOGLE) (GOOGLE)
7 7	18.156.147.57 18.156.147.57	16509 (AMAZON-02) (AMAZON-02)
1 2	52.46.154.242 52.46.154.242	16509 (AMAZON-02) (AMAZON-02)
1	192.132.33.46 192.132.33.46	18568 (BIDTELLECT) (BIDTELLECT)
2 2	51.178.20.140 51.178.20.140	16276 (OVH) (OVH)
2	2a00:1288:110... 2a00:1288:110:c305::8000	34010 (YAHOO-IRD) (YAHOO-IRD)
1	169.197.150.8 169.197.150.8	398989 (DEEPINTENT) (DEEPINTENT)
1	2606:4700:20:... 2606:4700:20::681a:ad1	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 2	52.30.14.23 52.30.14.23	16509 (AMAZON-02) (AMAZON-02)
5	142.250.185.194 142.250.185.194	15169 (GOOGLE) (GOOGLE)
523	66

1 184.73.249.63 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-184-73-249-63.compute-1.amazonaws.com

www.maqors.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 184.72.245.68 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: www.123greetings.com

www.123greetings.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

43 67.27.233.252 (United States)

ASN3356 (LEVEL3, US)

c.123g.us	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
i.123g.us	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:812::2016 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

i.ytimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

64 2a00:1450:4001:80f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:810::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f02d:12:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 3.222.63.32 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-222-63-32.compute-1.amazonaws.com

trkn.us	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a00:1450:4001:829::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:829::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a00:1450:4001:828::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 216.58.212.130 (Mountain View, United States)

ASN15169 (GOOGLE, US)
PTR: fra16s46-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c08::9c (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82a::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:830::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 2a00:1450:4001:813::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:811::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f12d:181:face:b00c:0:25de (Frankfurt am Main, Germany) 1 redirects

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

33 2a00:1450:4001:827::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:810::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

cdn.ampproject.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82f::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2600:9000:2240:fa00:1c:38a0:8a40:93a1 (United States)

ASN16509 (AMAZON-02, US)

cdn.avantisvideo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:802::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 54.154.149.33 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-154-149-33.eu-west-1.compute.amazonaws.com

pixel.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:831::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2600:9000:223f:1c00:8:9ed9:9c40:93a1 (United States)

ASN16509 (AMAZON-02, US)

static.avantisvideo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2600:9000:2240:7c00:1c:38a0:8a40:93a1 (United States)

ASN16509 (AMAZON-02, US)

cdn1.avantisvideo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

77 2a00:1450:4001:813::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

63 172.217.16.130 (United States) 18 redirects

ASN15169 (GOOGLE, US)
PTR: fra15s46-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

19 2.18.234.21 (Frankfurt am Main, Germany) 3 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-234-21.deploy.static.akamaitechnologies.com

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
js-sec.indexww.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ssum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 185.33.220.243 (Amsterdam, Netherlands) 3 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 722.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 34.98.64.218 (Kansas City, United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: 218.64.98.34.bc.googleusercontent.com

us-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 104.111.242.245 (Frankfurt am Main, Germany) 2 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-242-245.deploy.static.akamaitechnologies.com

sync.teads.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:1f18:612b:4216:faf1:9619:7fb0:de49 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

partners.tremorhub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 185.94.180.126 (Amsterdam, Netherlands) 2 redirects

ASN35220 (SPOTX-AMS, US)

sync.search.spotxchange.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1288:80:800::7000 (Frankfurt am Main, Germany)

ASN203220 (YAHOO-DEB, GB)

ads.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 3.126.56.137 (Frankfurt am Main, Germany) 8 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-126-56-137.eu-central-1.compute.amazonaws.com

ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2.18.234.233 (Frankfurt am Main, Germany) 3 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-234-233.deploy.static.akamaitechnologies.com

ads.stickyadstv.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 154.57.158.48 (United States) 1 redirects

ASN26558 (FREEWHEEL, US)

1f2e7.v.fwmrm.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 76.223.111.131 (United States) 5 redirects

ASN16509 (AMAZON-02, US)
PTR: a97adde81b00f2ca4.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 142.250.184.226 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s12-in-f2.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2600:9000:223c:7c00:3:748e:7940:93a1 (United States)

ASN16509 (AMAZON-02, US)

avm.avantisvideo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 52.209.62.127 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-209-62-127.eu-west-1.compute.amazonaws.com

static.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.29.134.248 (United Kingdom) 2 redirects

ASN30419 (MEDIAMATH-INC, US)

sync.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.190.0.66 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 66.0.190.35.bc.googleusercontent.com

ads.travelaudience.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 72.251.244.142 (Amsterdam, Netherlands) 2 redirects

ASN29791 (VOXEL-DOT-NET, US)
PTR: tracking-failover-03.ams2.m6r.eu

tracking.m6r.eu	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 31.172.81.159 (Germany) 1 redirects

ASN44066 (DE-FIRSTCOLO www.first-colo.net, DE)

sync3.sniperlog.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 31.172.81.158 (Germany) 1 redirects

ASN44066 (DE-FIRSTCOLO www.first-colo.net, DE)

sync.bumlam.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.87.192.123 (Ashburn, United States) 2 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-87-192-123.compute-1.amazonaws.com

sync.srv.stackadapt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 178.162.133.149 (Netherlands) 2 redirects

ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL)
PTR: ams-1-sync.go.sonobi.com

sync.go.sonobi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2.18.235.93 (Frankfurt am Main, Germany) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-235-93.deploy.static.akamaitechnologies.com

cs.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2001:678:cb4:bbbb::11 (United Kingdom) 4 redirects

ASN56396 (TURN, GB)

ad.turn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
r.turn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 63.32.201.39 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-63-32-201-39.eu-west-1.compute.amazonaws.com

pixel.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6812:d05 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

a.tribalfusion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
s.tribalfusion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 151.101.14.49 (Frankfurt am Main, Germany) 5 redirects

ASN54113 (FASTLY, US)

sync-tm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.64.190.78 (United Kingdom) 2 redirects

ASN62713 (AS-PUBMATIC, US)

image6.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.32.121.100 (United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: server-13-32-121-100.fra60.r.cloudfront.net

s.ad.smaato.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 52.58.206.142 (Frankfurt am Main, Germany) 3 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-58-206-142.eu-central-1.compute.amazonaws.com

match.360yield.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.125.99.7 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-125-99-7.eu-central-1.compute.amazonaws.com

pm.w55c.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.210.105.251 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-210-105-251.compute-1.amazonaws.com

fksnk.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.48.144.237 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-48-144-237.eu-west-1.compute.amazonaws.com

ads.yieldmo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 104.244.36.20 (United States)

ASN7415 (ADSAFE-1, US)
PTR: nyidt.adsafeprotected.com

dt.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.64.144.49 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 80.64.106.148 (Russian Federation) 1 redirects

ASN20764 (RASCOM-AS CJSC RASCOM ISP, RU)
PTR: s-fr3.rutarget.ru

google-sync.rutarget.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 37.9.245.57 (Russian Federation) 1 redirects

ASN16345 (BEE-AS Russia, RU)

google.ops.beeline.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 217.66.147.169 (St Petersburg, Russian Federation) 4 redirects

ASN29209 (SPBMTS-AS Malaya Monetnaya Street 2-A, RU)

sm.rtb.mts.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 213.87.44.187 (Moscow, Russian Federation) 2 redirects

ASN13174 (MTSNET Moscow, Russia, RU)
PTR: infrastructure-187-44.mts.ru

tech.rtb.mts.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:116:800d:21:f916:5049:f87f:108e (United States)

ASN16509 (AMAZON-02, US)

cms.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 193.0.160.128 (United States) 1 redirects

ASN54312 (ROCKETFUEL, US)

p.rfihub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
a.rfihub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.62.202.251 (Amsterdam, Netherlands) 1 redirects

ASN14061 (DIGITALOCEAN-ASN, US)

match.adsby.bidtheatre.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 213.19.147.45 (United Kingdom) 2 redirects

ASN3356 (LEVEL3, US)

sync.1rx.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
sync.targeting.unrulymedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.86.137.121 (France) 1 redirects

ASN201081 (SMARTADSERVER, FR)

ssbsync.smartadserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.96.105.8 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 8.105.96.34.bc.googleusercontent.com

tr.blismedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 85.114.159.118 (Germany) 1 redirects

ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE)
PTR: dsp.adfarm1.adition.com

dsp.adfarm1.adition.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 135.125.160.160 (France) 2 redirects

ASN16276 (OVH, FR)
PTR: ns3198892.ip-135-125-160.eu

c.eu1.dyntrk.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.227.252.103 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)

rtb.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.173.144.165 (Frankfurt am Main, Germany) 1 redirects

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 52.34.57.2 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-34-57-2.us-west-2.compute.amazonaws.com

events1.avantisvideo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:6c00:28a::2c79 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

play.aniview.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a02:26f0:6c00:2ab::2c79 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

player.aniview.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 18.214.42.169 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-18-214-42-169.compute-1.amazonaws.com

track1.aniview.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.214.14.12 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-214-14-12.compute-1.amazonaws.com

go1.aniview.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 185.33.221.89 (Amsterdam, Netherlands) 5 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 719.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 44.194.158.136 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-44-194-158-136.compute-1.amazonaws.com

sync.aniview.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 52.2.252.150 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-2-252-150.compute-1.amazonaws.com

s2s.aniview.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 18.195.102.77 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-195-102-77.eu-central-1.compute.amazonaws.com

ads.adaptv.advertising.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 185.94.180.124 (Amsterdam, Netherlands)

ASN35220 (SPOTX-AMS, US)

search.spotxchange.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 23.37.38.181 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-37-38-181.deploy.static.akamaitechnologies.com

htlb.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 2a00:1450:4001:82a::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

imasdk.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 18.156.147.57 (Frankfurt am Main, Germany) 7 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-156-147-57.eu-central-1.compute.amazonaws.com

pixel.advertising.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.46.154.242 (Ashburn, United States) 1 redirects

ASN16509 (AMAZON-02, US)

s.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.132.33.46 (United States)

ASN18568 (BIDTELLECT, US)
PTR: 46.bidtellect.com

bttrack.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 51.178.20.140 (France) 2 redirects

ASN16276 (OVH, FR)
PTR: ns31193670.ip-51-178-20.eu

gu.dyntrk.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1288:110:c305::8000 (Dublin, Ireland)

ASN34010 (YAHOO-IRD, GB)

pr-bh.ybp.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 169.197.150.8 (United States)

ASN398989 (DEEPINTENT, US)
PTR: g.deepintent.com

match.deepintent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:20::681a:ad1 (United States)

ASN13335 (CLOUDFLARENET, US)

ad4m.at	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.30.14.23 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-30-14-23.eu-west-1.compute.amazonaws.com

bcp.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 142.250.185.194 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s52-in-f2.1e100.net

ade.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
109	googlesyndication.com pagead2.googlesyndication.com a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com tpc.googlesyndication.com ade.googlesyndication.com	728 KB
106	doubleclick.net 18 redirects googleads.g.doubleclick.net securepubads.g.doubleclick.net stats.g.doubleclick.net cm.g.doubleclick.net googleads4.g.doubleclick.net pubads.g.doubleclick.net	353 KB
77	2mdn.net s0.2mdn.net	1 MB
43	123g.us c.123g.us i.123g.us	791 KB
27	avantisvideo.com cdn.avantisvideo.com static.avantisvideo.com cdn1.avantisvideo.com avm.avantisvideo.com events1.avantisvideo.com	210 KB
26	aniview.com play.aniview.com player.aniview.com track1.aniview.com go1.aniview.com sync.aniview.com s2s.aniview.com	393 KB
19	casalemedia.com 3 redirects dsum-sec.casalemedia.com htlb.casalemedia.com ssum-sec.casalemedia.com	20 KB
17	yahoo.com 8 redirects ads.yahoo.com ups.analytics.yahoo.com pr-bh.ybp.yahoo.com	13 KB
17	googleapis.com fonts.googleapis.com imasdk.googleapis.com	2 MB
15	google.com adservice.google.com www.google.com	2 KB
13	adnxs.com 8 redirects ib.adnxs.com secure.adnxs.com	12 KB
12	adsafeprotected.com pixel.adsafeprotected.com static.adsafeprotected.com dt.adsafeprotected.com	189 KB
11	advertising.com 7 redirects ads.adaptv.advertising.com pixel.advertising.com	3 KB
10	googletagservices.com www.googletagservices.com	347 KB
7	adsrvr.org 5 redirects match.adsrvr.org	3 KB
7	spotxchange.com 2 redirects sync.search.spotxchange.com search.spotxchange.com	6 KB
6	mts.ru 6 redirects sm.rtb.mts.ru tech.rtb.mts.ru	5 KB
6	everesttech.net 6 redirects pixel.everesttech.net sync-tm.everesttech.net	2 KB
6	turn.com 4 redirects ad.turn.com r.turn.com	3 KB
5	ampproject.org cdn.ampproject.org	102 KB
4	indexww.com js-sec.indexww.com	4 KB
4	dyntrk.com 4 redirects c.eu1.dyntrk.com gu.dyntrk.com	3 KB
4	stickyadstv.com 3 redirects ads.stickyadstv.com	3 KB
4	teads.tv 2 redirects sync.teads.tv	1 KB
4	openx.net 3 redirects us-u.openx.net rtb.openx.net	1 KB
3	360yield.com 3 redirects match.360yield.com	1 KB
3	trkn.us 1 redirects trkn.us	3 KB
3	ytimg.com i.ytimg.com	9 KB
2	crwdcntrl.net 1 redirects bcp.crwdcntrl.net	1 KB
2	amazon-adsystem.com 1 redirects s.amazon-adsystem.com	2 KB
2	rfihub.com 1 redirects p.rfihub.com a.rfihub.com	2 KB
2	bidswitch.net 2 redirects x.bidswitch.net	1 KB
2	w55c.net 2 redirects pm.w55c.net	2 KB
2	pubmatic.com 2 redirects image6.pubmatic.com	1 KB
2	tribalfusion.com 1 redirects a.tribalfusion.com s.tribalfusion.com	1 KB
2	sonobi.com 2 redirects sync.go.sonobi.com	2 KB
2	stackadapt.com 2 redirects sync.srv.stackadapt.com	1 KB
2	m6r.eu 2 redirects tracking.m6r.eu	1 KB
2	mathtag.com 2 redirects sync.mathtag.com	1 KB
2	tremorhub.com partners.tremorhub.com	365 B
2	gstatic.com fonts.gstatic.com	31 KB
2	facebook.com 1 redirects www.facebook.com	1 KB
2	google.de adservice.google.de	439 B
2	google-analytics.com www.google-analytics.com	19 KB
2	facebook.net connect.facebook.net	67 KB
1	ad4m.at ad4m.at
1	deepintent.com match.deepintent.com	44 B
1	bttrack.com bttrack.com	380 B
1	rubiconproject.com 1 redirects pixel.rubiconproject.com	457 B
1	adition.com 1 redirects dsp.adfarm1.adition.com	584 B
1	blismedia.com tr.blismedia.com	136 B
1	smartadserver.com 1 redirects ssbsync.smartadserver.com	457 B
1	unrulymedia.com 1 redirects sync.targeting.unrulymedia.com	582 B
1	1rx.io 1 redirects sync.1rx.io	697 B
1	bidtheatre.com 1 redirects match.adsby.bidtheatre.com	565 B
1	quantserve.com cms.quantserve.com	464 B
1	beeline.ru 1 redirects google.ops.beeline.ru	761 B
1	rutarget.ru 1 redirects google-sync.rutarget.ru	577 B
1	yieldmo.com 1 redirects ads.yieldmo.com	462 B
1	fksnk.com 1 redirects fksnk.com	614 B
1	smaato.net 1 redirects s.ad.smaato.net	689 B
1	media.net 1 redirects cs.media.net	1 KB
1	bumlam.com 1 redirects sync.bumlam.com	681 B
1	sniperlog.ru 1 redirects sync3.sniperlog.ru	370 B
1	travelaudience.com 1 redirects ads.travelaudience.com	523 B
1	fwmrm.net 1 redirects 1f2e7.v.fwmrm.net	460 B
1	googleadservices.com partner.googleadservices.com	660 B
1	googletagmanager.com www.googletagmanager.com	40 KB
1	123greetings.com www.123greetings.com	8 KB
1	maqors.com 1 redirects www.maqors.com	317 B
0	wbtrk.net Failed um.wbtrk.net Failed
523	71

	Domain	Requested by
77	s0.2mdn.net	www.123greetings.com s0.2mdn.net a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com imasdk.googleapis.com
64	pagead2.googlesyndication.com	www.123greetings.com pagead2.googlesyndication.com a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com googleads.g.doubleclick.net www.googletagservices.com tpc.googlesyndication.com s0.2mdn.net srcdoc
63	cm.g.doubleclick.net	18 redirects googleads.g.doubleclick.net a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com
33	tpc.googlesyndication.com	pagead2.googlesyndication.com www.123greetings.com a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com cdn.ampproject.org tpc.googlesyndication.com s0.2mdn.net
23	i.123g.us	www.123greetings.com
20	c.123g.us	www.123greetings.com c.123g.us
16	imasdk.googleapis.com	player.aniview.com imasdk.googleapis.com
14	ups.analytics.yahoo.com	8 redirects
14	googleads.g.doubleclick.net	pagead2.googlesyndication.com a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com www.123greetings.com
12	track1.aniview.com	player.aniview.com
12	googleads4.g.doubleclick.net	www.123greetings.com
12	dsum-sec.casalemedia.com	3 redirects googleads.g.doubleclick.net ssum-sec.casalemedia.com
10	adservice.google.com	pagead2.googlesyndication.com securepubads.g.doubleclick.net imasdk.googleapis.com
10	www.googletagservices.com	c.123g.us pagead2.googlesyndication.com securepubads.g.doubleclick.net a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com
8	pubads.g.doubleclick.net	imasdk.googleapis.com
8	avm.avantisvideo.com	cdn1.avantisvideo.com cdn.avantisvideo.com
8	ib.adnxs.com	3 redirects googleads.g.doubleclick.net player.aniview.com
8	securepubads.g.doubleclick.net	www.googletagservices.com securepubads.g.doubleclick.net www.123greetings.com
7	pixel.advertising.com	7 redirects
7	events1.avantisvideo.com	cdn.avantisvideo.com
7	match.adsrvr.org	5 redirects a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com ssum-sec.casalemedia.com
7	a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
5	ade.googlesyndication.com
5	secure.adnxs.com	5 redirects
5	player.aniview.com	cdn.avantisvideo.com player.aniview.com
5	sync-tm.everesttech.net	5 redirects
5	www.google.com	a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com tpc.googlesyndication.com
5	cdn.avantisvideo.com	securepubads.g.doubleclick.net cdn.avantisvideo.com
5	cdn.ampproject.org	securepubads.g.doubleclick.net
4	js-sec.indexww.com	player.aniview.com ssum-sec.casalemedia.com
4	htlb.casalemedia.com	player.aniview.com
4	search.spotxchange.com	player.aniview.com
4	ads.adaptv.advertising.com	player.aniview.com
4	s2s.aniview.com	player.aniview.com
4	sm.rtb.mts.ru	4 redirects
4	dt.adsafeprotected.com	a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com
4	ad.turn.com	4 redirects
4	static.adsafeprotected.com	pixel.adsafeprotected.com a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com
4	ads.stickyadstv.com	3 redirects googleads.g.doubleclick.net
4	sync.teads.tv	2 redirects googleads.g.doubleclick.net
4	static.avantisvideo.com	cdn.avantisvideo.com
4	pixel.adsafeprotected.com	a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com
3	ssum-sec.casalemedia.com	js-sec.indexww.com ssum-sec.casalemedia.com
3	match.360yield.com	3 redirects
3	sync.search.spotxchange.com	2 redirects googleads.g.doubleclick.net
3	us-u.openx.net	2 redirects googleads.g.doubleclick.net
3	cdn1.avantisvideo.com	cdn.avantisvideo.com
3	trkn.us	1 redirects www.123greetings.com
3	i.ytimg.com	www.123greetings.com
2	bcp.crwdcntrl.net	1 redirects ssum-sec.casalemedia.com
2	pr-bh.ybp.yahoo.com	ssum-sec.casalemedia.com
2	gu.dyntrk.com	2 redirects
2	s.amazon-adsystem.com	1 redirects ssum-sec.casalemedia.com
2	sync.aniview.com	player.aniview.com
2	go1.aniview.com	player.aniview.com
2	c.eu1.dyntrk.com	2 redirects
2	tech.rtb.mts.ru	2 redirects
2	x.bidswitch.net	2 redirects
2	pm.w55c.net	2 redirects
2	image6.pubmatic.com	2 redirects
2	r.turn.com	a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com
2	sync.go.sonobi.com	2 redirects
2	sync.srv.stackadapt.com	2 redirects
2	tracking.m6r.eu	2 redirects
2	sync.mathtag.com	2 redirects
2	partners.tremorhub.com	googleads.g.doubleclick.net
2	fonts.gstatic.com	fonts.googleapis.com
2	www.facebook.com	1 redirects connect.facebook.net
2	adservice.google.de	pagead2.googlesyndication.com securepubads.g.doubleclick.net
2	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
2	connect.facebook.net	www.123greetings.com connect.facebook.net
1	ad4m.at	ssum-sec.casalemedia.com
1	match.deepintent.com	ssum-sec.casalemedia.com
1	bttrack.com	ssum-sec.casalemedia.com
1	play.aniview.com	cdn.avantisvideo.com
1	pixel.rubiconproject.com	1 redirects
1	rtb.openx.net	1 redirects
1	dsp.adfarm1.adition.com	1 redirects
1	tr.blismedia.com	a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com
1	ssbsync.smartadserver.com	1 redirects
1	sync.targeting.unrulymedia.com	1 redirects
1	sync.1rx.io	1 redirects
1	match.adsby.bidtheatre.com	1 redirects
1	a.rfihub.com
1	p.rfihub.com	1 redirects
1	cms.quantserve.com	a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com
1	google.ops.beeline.ru	1 redirects
1	google-sync.rutarget.ru	1 redirects
1	ads.yieldmo.com	1 redirects
1	fksnk.com	1 redirects
1	s.ad.smaato.net	1 redirects
1	s.tribalfusion.com	a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com
1	a.tribalfusion.com	1 redirects
1	pixel.everesttech.net	1 redirects
1	cs.media.net	1 redirects
1	sync.bumlam.com	1 redirects
1	sync3.sniperlog.ru	1 redirects
1	ads.travelaudience.com	1 redirects
1	1f2e7.v.fwmrm.net	1 redirects
1	ads.yahoo.com	googleads.g.doubleclick.net
1	fonts.googleapis.com	securepubads.g.doubleclick.net
1	partner.googleadservices.com	pagead2.googlesyndication.com
1	stats.g.doubleclick.net	www.google-analytics.com
1	www.googletagmanager.com	www.123greetings.com
1	www.123greetings.com
1	www.maqors.com	1 redirects
0	um.wbtrk.net Failed	a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com
523	107

This site contains links to these domains. Also see Links.

Domain
studio.123greetings.com
itunes.apple.com
play.google.com
nl.123greetings.com
www.addthis.com
info.123greetings.com
blog.123greetings.com
widgets.123greetings.com
help.123greetings.com

Subject Issuer	Validity	Valid
*.123greetings.com Go Daddy Secure Certificate Authority - G2	`2020-04-29` - `2022-04-29`	2 years	crt.sh
*.123g.us Go Daddy Secure Certificate Authority - G2	`2021-08-11` - `2022-09-12`	a year	crt.sh
edgestatic.com GTS CA 1C3	`2021-08-16` - `2021-11-08`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-08-16` - `2021-11-08`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-08-16` - `2021-11-08`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2021-07-20` - `2021-10-18`	3 months	crt.sh
trkn.us Go Daddy Secure Certificate Authority - G2	`2021-01-19` - `2022-02-20`	a year	crt.sh
*.googleadservices.com GTS CA 1C3	`2021-08-16` - `2021-11-08`	3 months	crt.sh
*.google.de GTS CA 1C3	`2021-08-16` - `2021-11-08`	3 months	crt.sh
*.google.com GTS CA 1C3	`2021-08-16` - `2021-11-08`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2021-08-16` - `2021-11-08`	3 months	crt.sh
misc-sni.google.com GTS CA 1C3	`2021-08-16` - `2021-11-08`	3 months	crt.sh
upload.video.google.com GTS CA 1O1	`2021-08-16` - `2021-11-08`	3 months	crt.sh
*.avantisvideo.com Amazon	`2020-12-24` - `2022-01-22`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2021-08-16` - `2021-11-08`	3 months	crt.sh
fw.adsafeprotected.com Amazon	`2021-08-11` - `2022-09-09`	a year	crt.sh
www.google.com GTS CA 1C3	`2021-08-16` - `2021-11-08`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2021-08-16` - `2021-11-08`	3 months	crt.sh
san.casalemedia.com GeoTrust RSA CA 2018	`2021-02-05` - `2022-02-09`	a year	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2021-03-05` - `2022-02-19`	a year	crt.sh
*.openx.net GeoTrust RSA CA 2018	`2021-07-08` - `2022-08-08`	a year	crt.sh
teads.tv R3	`2021-08-23` - `2021-11-21`	3 months	crt.sh
*.tremorhub.com Amazon	`2021-06-27` - `2022-07-26`	a year	crt.sh
*.search.spotxchange.com GeoTrust RSA CA 2018	`2021-04-08` - `2022-05-09`	a year	crt.sh
*.ads.yahoo.com DigiCert SHA2 High Assurance Server CA	`2021-08-16` - `2021-10-06`	2 months	crt.sh
ads.stickyadstv.com DigiCert TLS RSA SHA256 2020 CA1	`2020-11-13` - `2021-11-17`	a year	crt.sh
static.adsafeprotected.com Amazon	`2021-01-06` - `2022-02-04`	a year	crt.sh
*.turn.com RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1	`2021-03-31` - `2022-03-31`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-07-08` - `2022-07-07`	a year	crt.sh
*.adsafeprotected.com Sectigo RSA Domain Validation Secure Server CA	`2021-05-26` - `2022-06-17`	a year	crt.sh
*.quantserve.com DigiCert SHA2 High Assurance Server CA	`2020-10-02` - `2021-10-07`	a year	crt.sh
*.rfihub.com Sectigo RSA Domain Validation Secure Server CA	`2020-06-18` - `2022-06-18`	2 years	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2021-03-18` - `2022-04-19`	a year	crt.sh
tr.blismedia.com GTS CA 1D4	`2021-08-26` - `2021-11-24`	3 months	crt.sh
*.aniview.com DigiCert SHA2 Secure Server CA	`2021-02-23` - `2022-02-27`	a year	crt.sh
*.v.ssp.yahoo.com DigiCert SHA2 High Assurance Server CA	`2021-05-24` - `2021-11-17`	6 months	crt.sh
*.spotxchange.com GeoTrust RSA CA 2018	`2021-03-10` - `2022-03-29`	a year	crt.sh
ups.analytics.yahoo.com DigiCert SHA2 High Assurance Server CA	`2021-08-17` - `2022-02-09`	6 months	crt.sh
s.amazon-adsystem.com Amazon	`2021-07-14` - `2022-06-27`	a year	crt.sh
*.bttrack.com Sectigo RSA Domain Validation Secure Server CA	`2021-03-29` - `2022-03-29`	a year	crt.sh
*.pbp.bf2.yahoo.com DigiCert SHA2 High Assurance Server CA	`2021-08-18` - `2021-11-17`	3 months	crt.sh
*.deepintent.com Go Daddy Secure Certificate Authority - G2	`2020-04-09` - `2022-06-08`	2 years	crt.sh
*.crwdcntrl.net Go Daddy Secure Certificate Authority - G2	`2021-04-29` - `2022-05-31`	a year	crt.sh

This page contains 79 frames:

Primary Page: https://www.123greetings.com/events/dance_day/?utm_source=Email&utm_medium=Special_NL&utm_campaign=SNL_june20_events
Frame ID: 3B0EE9021DC8FA8C41388F63109263F6
Requests: 122 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20210831/r20190131/zrt_lookup.html
Frame ID: 6B47B6D4CA31E60F50E2DA120A51F5A9
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8275302107693664&output=html&adk=1812271804&adf=3025194257&lmt=1630726664&plat=1%3A16777216%2C8%3A134217728%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fwww.123greetings.com%2Fevents%2Fdance_day%2F%3Futm_source%3DEmail%26amp%3Butm_medium%3DSpecial_NL%26amp%3Butm_campaign%3DSNL_june20_events&ea=0&flash=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1630730123904&bpp=2&bdt=253&idt=83&shv=r20210831&mjsv=m202109010101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=3415642258927&frm=20&pv=2&ga_vid=220270117.1630730124&ga_sid=1630730124&ga_hid=13391113&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062369%2C31062297%2C31062093&oid=3&pvsid=2168193984601864&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=107
Frame ID: D37503E71462B101EC8DDB19A2F83E83
Requests: 1 HTTP requests in this frame

Frame: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: F0455B82E43E7C3374BDDA48E6036140
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/login/?next=https%3A%2F%2Fwww.facebook.com%2Fplugins%2Fpage.php%3Fadapt_container_width%3Dtrue%26app_id%3D6268317308%26channel%3Dhttps%253A%252F%252Fstaticxx.facebook.com%252Fx%252Fconnect%252Fxd_arbiter%252F%253Fversion%253D46%2523cb%253Df297ee723aa476c%2526domain%253Dwww.123greetings.com%2526is_canvas%253Dfalse%2526origin%253Dhttps%25253A%25252F%25252Fwww.123greetings.com%25252Ff2aa2379db271%2526relation%253Dparent.parent%26container_width%3D320%26height%3D287%26hide_cover%3Dfalse%26href%3Dhttps%253A%252F%252Fwww.facebook.com%252F123GreetingsCom%26locale%3Den_US%26sdk%3Djoey%26show_facepile%3Dtrue%26show_posts%3Dtrue%26small_header%3Dtrue%26width%3D320
Frame ID: 5E85C5E28EC3993F67F455BDDA5E66A6
Requests: 1 HTTP requests in this frame

Frame: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 017935D36CAC4C53DD0F66D854CA188C
Requests: 16 HTTP requests in this frame

Frame: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 276365C68686ACA260B65C1C2E1242B0
Requests: 21 HTTP requests in this frame

Frame: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: A514ED574A5B7D09B44A1A528B437ECA
Requests: 21 HTTP requests in this frame

Frame: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 3061053D3CF09DB06C1E283951720704
Requests: 15 HTTP requests in this frame

Frame: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: A9A080205995DC4E8C2740C80AC13C43
Requests: 14 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012108170213000/amp4ads-v0.mjs
Frame ID: 9F4C681D2CB3B81C3F138F7119815F1D
Requests: 16 HTTP requests in this frame

Frame: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 8759042B36B1C8B2E3663C182405FED3
Requests: 13 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssuuJXgVHr2ATMUw16Ti9l_ZVJ4Jj-km7U-H_3Y2S-FuS1SLtW7AjbhZdqEuA5DhJfy68ev9aO1f-wwHDkh2N28nIByvvtLfKZpr1qD_8gJpN6fiDHnDiZGdiGhbg1dcL1VUJ9KKQen9Sgn5yILJnflabiePAJqQhyb3tozUTHutrsWj1TMCYXwrw9VmJ2HnT9zGxXpOfocI7VFWorAFFNlYe_OKmUZk_3PLiluad1jqTin7hZkHwiNdJQfVzQ7pTwWciaH1m43kwdLejbUw5lLkxW1nBVyn7_G-KP8bZIrCmM-2Tk-bOuK4ZjoMYZCjDHDym47L4TAZo6jhPB88A&sig=Cg0ArKJSzC3y_svR3dAREAE&urlfix=1&adurl=
Frame ID: 679B56930746CA039CA9DC377AED3BF5
Requests: 8 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvzjMuKBTgoXE0HFrmIhDnM_uinfUyJQW9Diql647e-CDF7J4i5QATjPDV4fjD7ckGp7hASM9cl-iipJ-mFKgre0vTzmg-zj0UpUfgUavvh-Rsuzgu8GqanoQAV3PKzpsNm6zNk2kmoTQVcOF1gBiE0nCdhHZjGb7UvgAqsuKUImQcDWKlqygy13Qyl-pGdCn6NivvmBnhIO6U0m-H1Uxhhkt58WcGgb1h4hJJXfNRrvVSa68KFrMX3kQ0w0sn7Ipc3pMhZlLZhIJAdRViR85B8suz-_3phLlrfCtXcovwLRaU9nSoH6qxLi4fDqN-QmRl4j0gIVqm_4UzrELWg1QS13syg_lHJ9Q&sig=Cg0ArKJSzEwfL-0AwcPmEAE&urlfix=1&adurl=
Frame ID: D77CA7D053F4D8E7E14BE9C95465FD54
Requests: 9 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CL6Q0AIQzafaAhiJmuiZATAB&v=APEucNWZYje3XCvZQRp-tyqPtF0rdMmpwSgWZRUrMFxSh37YxTeTEdK6JmPLK-sWkBOmOtd25RSfrkME0TDyS9HvaCPkiGWp6A
Frame ID: 17CE59BDA5069A592E9477829F5BB938
Requests: 4 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJjjZhCPtKICGL2r9ZQBMAE&v=APEucNVcqO1BvY0qCH7y9D994D85h4S9FgAqW-5prbg_rTdORhsKK-tFuO6RaewAcxsng4LOGxj88BisxQgp5oIkjpEimTSwUA
Frame ID: 391F24807D371439A88A5D68352EBCCC
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CL6Q0AIQzafaAhiJmuiZATAB&v=APEucNVduylRc1-ANx2dfGDzOyZvxRsPIaMTcONzBdq5xl_BqopQOSR9aHpoCM7mr0FsEL_q0XbxYr_dNnvQ_o28ov6yUNpH3Q
Frame ID: A6CCC40F9460056F1A1352C09D1776FB
Requests: 4 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJjjZhCPtKICGO-61JoBMAE&v=APEucNX9O8FavPT5R0PG9ulP4iZ1V5W3izU_jGcHPF2tLDJ1xV9Zawy1ykggw_lbPsMQ3K3qx1iczOA5pFspAyBG58X4M9gkLQ
Frame ID: 89DF0B952B9694B14CA0D4CDD09E4EB9
Requests: 4 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJjjZhCPtKICGO-61JoBMAE&v=APEucNXqJPToUUtdNH3hBQKyRPCDOVjmjEsbw3yb_WSj4Ww7gl_tsIdBackYWOlzT_r2SxM9aKbJ0kOIJDVtc8Upi9sU-8DtJw
Frame ID: D4B87E31055DECB41DBD06ACC335B4F3
Requests: 4 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJjjZhCPtKICGO-61JoBMAE&v=APEucNUGKEasJuo1XMAfavxNaib5AIMESj3moczF3WolZejU0D9gNRxAL0SSXqrzZHRZu4owyninDxy4hqCOtBPcbVZKRDKezQ
Frame ID: 96503B52AD3F2523B82366F3FE625122
Requests: 4 HTTP requests in this frame

Frame: https://cdn1.avantisvideo.com/connect/u_d.html
Frame ID: CFC6AE6C64CB233DB4019E689569D69B
Requests: 2 HTTP requests in this frame

Frame: https://cdn1.avantisvideo.com/connect/u_d.html
Frame ID: 38E2B5C1872FC1D6274872DF32B8E156
Requests: 2 HTTP requests in this frame

Frame: https://s0.2mdn.net/9506911/1604308179092/index.html
Frame ID: 56760B132DF0CC44B7DDCFD19A626C36
Requests: 12 HTTP requests in this frame

Frame: https://s0.2mdn.net/ads/richmedia/studio/pv2/61380784/20210806085505080/index.html?e=69&leftOffset=0&topOffset=0&c=32X825vgkC&t=1&renderingType=2
Frame ID: F30634139CBDA142D14BAA42FECE106E
Requests: 8 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 2C4791ABA3023BEAE82344F986C85AF0
Requests: 9 HTTP requests in this frame

Frame: https://s0.2mdn.net/9506911/1609938295867/index.html
Frame ID: 2BCC2CFC91281AC3DE57B7BFA68F4E6A
Requests: 13 HTTP requests in this frame

Frame: https://s0.2mdn.net/9506911/1609938295867/index.html
Frame ID: 45A82F469F24AF5798EA9F61619A160A
Requests: 13 HTTP requests in this frame

Frame: https://s0.2mdn.net/ads/richmedia/studio/pv2/61380784/20210806085505080/index.html?e=69&leftOffset=0&topOffset=0&c=gAFXV1gCGD&t=1&renderingType=2
Frame ID: 58B18CBEB42F4608336CC0130DC9CB07
Requests: 7 HTTP requests in this frame

Frame: https://s0.2mdn.net/9506911/1609938328780/index.html
Frame ID: 1AB153CCF67D7F34AEC7AC349138BCF8
Requests: 14 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: C3645B7EF89A9FF4EFB792DA202C4642
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 4B653946A39388F772043CAA3B4BAF16
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 41B597DB00BF0166AAF7A16521209D4B
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 3A811230FF2CAB4436C564C70A36F4CC
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: B4B0ADE989774207DA1E67E027DBD42A
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: E064046DD40429E9FA166E06EC87E0EF
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html
Frame ID: 7BCA9CF8A53F2457AAFD55346AAD3C35
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 36AF330E280C2764904000560A6008C5
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 0356C7D3DDCB420CDC650BCE3B8879E5
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 7733996E65A629C36D647FED8395B9CC
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: E22D609126CEC939D495A35487E92A26
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 3BA489F064F516B83B36C7E0AAB99CFB
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 512A067E1B462502442B5E4529B511D5
Requests: 3 HTTP requests in this frame

Frame: https://static.adsafeprotected.com/sca.17.5.12.js
Frame ID: EDC40632AD27F7B966B6E4E3F042182A
Requests: 1 HTTP requests in this frame

Frame: https://static.adsafeprotected.com/sca.17.5.12.js
Frame ID: 2A4C68C439C0F228B5CF4EEAADBCA3BA
Requests: 1 HTTP requests in this frame

Frame: https://cdn1.avantisvideo.com/connect/u_d.html
Frame ID: 1314745A6260C154FED317F7F05C5EDD
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/4M_hU0z2aGWsE6Fh5g73T3aOvXi4a4lK__VWYOQ1wYI.js
Frame ID: 23048F2876EB1E5C0A0A7B2394E1D457
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/4M_hU0z2aGWsE6Fh5g73T3aOvXi4a4lK__VWYOQ1wYI.js
Frame ID: 8D1B7F8957FB5C4CAD3BE6AE06BBB54B
Requests: 1 HTTP requests in this frame

Frame: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=5e5bd02728a06124e30d85c3
Frame ID: 4CD9B36BC17D7F51CD2175638B9812B5
Requests: 2 HTTP requests in this frame

Frame: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=5e5bd02728a06124e30d85c3
Frame ID: E83ADBFCAE996C6AB8B516675C5DBAE4
Requests: 2 HTTP requests in this frame

Frame: https://sync.aniview.com/cookiesyncendpoint?auid=1630730128514-952271023603-008770-014-002257&biddername=55&key=4823418735745576492
Frame ID: C2BC4B18D09C37C50D6DFA35B62C9B0A
Requests: 1 HTTP requests in this frame

Frame: https://sync.aniview.com/cookiesyncendpoint?auid=1630730128515-932215023603-008434-011-009939&biddername=55&key=5975205377461622294
Frame ID: 60272E90818AEC12818140102B2F1368
Requests: 1 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/sdkloader/ima3.js
Frame ID: AB373B83EDB7A828A6964405FD741297
Requests: 3 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/sdkloader/ima3.js
Frame ID: 27220DDDEE1512EAF11F8AF3E82A107B
Requests: 3 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.478.2_en.html
Frame ID: B02A7889D06DF9E888233CBC420F12DC
Requests: 2 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.478.2_en.html
Frame ID: 9F67C5BDE5CEFA4F56CA7686CA83C7D8
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Frame ID: 6174B186318B58DDA2A5096E54317369
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Frame ID: F5D3786A20EDA380CFA6CE3032EB7C27
Requests: 1 HTTP requests in this frame

Frame: https://js-sec.indexww.com/um/ixmatch.html
Frame ID: A117B936E410D812475DC6ED5DBD8204
Requests: 1 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/sdkloader/ima3.js
Frame ID: 93C28B108A6DA244F022BE269627597B
Requests: 3 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/sdkloader/ima3.js
Frame ID: 30EC795380A74EEF6908798FAEDD6536
Requests: 3 HTTP requests in this frame

Frame: https://ssum-sec.casalemedia.com/usermatch?d=https://www.123greetings.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Frame ID: 2839F8D248472BC3538624E50240266F
Requests: 10 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.478.2_en.html
Frame ID: 316B66F671F237B91AA28D34FDDB7158
Requests: 2 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.478.2_en.html
Frame ID: 6C8524EFE82AB37827FD8C1172F6B1B1
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Frame ID: 8709A07C7CD01D30257423A57BC7F19C
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Frame ID: 3CEB9EC0E171DB2D397E68F075C3DB03
Requests: 1 HTTP requests in this frame

Frame: https://js-sec.indexww.com/um/ixmatch.html
Frame ID: BF2C496C5961739F66DBC879D74C31AE
Requests: 1 HTTP requests in this frame

Frame: https://ssum-sec.casalemedia.com/usermatch?d=https://www.123greetings.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Frame ID: C3B313F9411AB0B5C0E9F8CC50075B54
Requests: 10 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/sdkloader/ima3.js
Frame ID: A222DBA1EDADCCCB1BDF2DC5B5D3E685
Requests: 3 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/sdkloader/ima3.js
Frame ID: 5B658B37F384A66E01FC006E9927262E
Requests: 3 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.478.2_en.html
Frame ID: FE22EB64CDEFFED40494CA9FD81D9633
Requests: 2 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.478.2_en.html
Frame ID: C7BDE285C5B8C3F753586AD69EC9BBA7
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Frame ID: 4BA253592260A3A504EF5DEFBC28C26C
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Frame ID: 89482810E236A39F6FFD062207C4A504
Requests: 1 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/sdkloader/ima3.js
Frame ID: 2F7253F6452F5339910A40A362206BB1
Requests: 3 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/sdkloader/ima3.js
Frame ID: 64D102E7DBEA0588DA912D9E0578A53B
Requests: 3 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.478.2_en.html
Frame ID: 6D7016E6C4493F0E8950D594B59E1008
Requests: 2 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.478.2_en.html
Frame ID: 8FC550A0E638141E12E12A9A486C2809
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Frame ID: DB2AAAFF23686472739C08DD1E8770B5
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Frame ID: 4173CEF96EDEB186BFCA67731783E69D
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Dance Day Cards, Free Dance Day Wishes, Greeting Cards | 123 Greetings

Page URL History Show full URLs

http://www.maqors.com/cgi-bin/click.pl?cid=nl010952202102&lid=206841&uid=203601343 HTTP 302
https://www.123greetings.com/events/dance_day/?utm_source=Email&utm_medium=Special_NL&utm_campaig... Page URL

Detected technologies

CentOS (Operating Systems) Expand

Overall confidence: 100%
Detected patterns

headers server /CentOS/i

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i

DoubleClick for Publishers (DFP) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

script /googletagservices\.com\/tag\/js\/gpt(?:_mobile)?\.js/i

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

script /\/\/connect\.facebook\.net\/[^/]*\/[a-z]*\.js/i

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

script /googlesyndication\.com\//i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Page Statistics

523
Requests

97 %
HTTPS

34 %
IPv6

71
Domains

107
Subdomains

66
IPs

8
Countries

7336 kB
Transfer

19516 kB
Size

7
Cookies

12 Outgoing links

These are links going to different origins than the main page.

URL: https://studio.123greetings.com/
Title: Studio

Search URL Search Domain Scan URL

URL: https://itunes.apple.com/in/app/123greetings/id718873921?mt=8

Search URL Search Domain Scan URL

URL: https://play.google.com/store/apps/details?id=com.g123

Search URL Search Domain Scan URL

URL: https://nl.123greetings.com/
Title: Newsletter

Search URL Search Domain Scan URL

URL: https://nl.123greetings.com/blog/
Title: Editor Bob's Blog

Search URL Search Domain Scan URL

URL: https://www.addthis.com/bookmark.php

Search URL Search Domain Scan URL

URL: https://info.123greetings.com/company/pressroom/
Title: Press Room

Search URL Search Domain Scan URL

URL: https://blog.123greetings.com/
Title: Blog

Search URL Search Domain Scan URL

URL: https://widgets.123greetings.com/
Title: Widgets

Search URL Search Domain Scan URL

URL: https://nl.123greetings.com/tell-a-friend
Title: Recommend Us

Search URL Search Domain Scan URL

URL: https://help.123greetings.com/
Title: Help

Search URL Search Domain Scan URL

URL: https://help.123greetings.com/contact_us.html
Title: Contact Us

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://www.maqors.com/cgi-bin/click.pl?cid=nl010952202102&lid=206841&uid=203601343 HTTP 302
https://www.123greetings.com/events/dance_day/?utm_source=Email&utm_medium=Special_NL&utm_campaign=SNL_june20_events Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 69

https://trkn.us/info/?sid=1efbd474-f6d6-4c7a-ab0e-0a28232c817d&ord=4427447957.283512&ref=https%3A%2F%2Fwww.123greetings.com%2Fevents%2Fdance_day%2F%3Futm_source%3DEmail%26amp%3Butm_medium%3DSpecial_NL%26amp%3Butm_campaign%3DSNL_june20_events&dvis=visible HTTP 302
https://trkn.us/info/?sid=1efbd474-f6d6-4c7a-ab0e-0a28232c817d&ord=4427447957.283512&ref=https%3A%2F%2Fwww.123greetings.com%2Fevents%2Fdance_day%2F%3Futm_source%3DEmail%26amp%3Butm_medium%3DSpecial_NL%26amp%3Butm_campaign%3DSNL_june20_events&dvis=visible&ip=185.236.201.227&cuidchk=1

Request Chain 70

https://www.facebook.com/v2.4/plugins/page.php?adapt_container_width=true&app_id=6268317308&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df297ee723aa476c%26domain%3Dwww.123greetings.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.123greetings.com%252Ff2aa2379db271%26relation%3Dparent.parent&container_width=320&height=287&hide_cover=false&href=https%3A%2F%2Fwww.facebook.com%2F123GreetingsCom&locale=en_US&sdk=joey&show_facepile=true&show_posts=true&small_header=true&width=320 HTTP 302
https://www.facebook.com/login/?next=https%3A%2F%2Fwww.facebook.com%2Fplugins%2Fpage.php%3Fadapt_container_width%3Dtrue%26app_id%3D6268317308%26channel%3Dhttps%253A%252F%252Fstaticxx.facebook.com%252Fx%252Fconnect%252Fxd_arbiter%252F%253Fversion%253D46%2523cb%253Df297ee723aa476c%2526domain%253Dwww.123greetings.com%2526is_canvas%253Dfalse%2526origin%253Dhttps%25253A%25252F%25252Fwww.123greetings.com%25252Ff2aa2379db271%2526relation%253Dparent.parent%26container_width%3D320%26height%3D287%26hide_cover%3Dfalse%26href%3Dhttps%253A%252F%252Fwww.facebook.com%252F123GreetingsCom%26locale%3Den_US%26sdk%3Djoey%26show_facepile%3Dtrue%26show_posts%3Dtrue%26small_header%3Dtrue%26width%3D320

Request Chain 172

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJ5LIJT1SABij6jZHbNxXDY&google_cver=1

Request Chain 173

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YTL3jXnrA8PqVqdAMk99hwAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJ5LIJT1SABij6jZHbNxXDY&google_cver=1

Request Chain 174

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEHO0GgZm6FELhrBOx9ZiLXk&google_cver=1 HTTP 307
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEHO0GgZm6FELhrBOx9ZiLXk%26google_cver%3D1

Request Chain 175

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MzY4ODQ5NTE2MTE1MzQ0Njk4Mg%3D%3D

Request Chain 176

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEJZpLCJBiy9eNdk86C63xDc&google_cver=1

Request Chain 177

https://us-u.openx.net/w/1.0/cm?id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D HTTP 302
https://us-u.openx.net/w/1.0/cm?cc=1&id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=OTg2ZjA4MDktOGY1NS0yY2RhLWYzOTYtZTI5NmIxM2QwNmM5

Request Chain 178

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm HTTP 302
https://sync.teads.tv/um?eid=3&uid=CAESEDGQKGaHq8XmG7nGdUVJwfw&google_cver=1

Request Chain 179

https://sync.teads.tv/um?eid=3&uid=&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_dbm%26google_hm%3D%5BVID_B64%5D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_hm=NDA3ODgzY2YtZGYyNC00OWQ3LTgwMjItMjQzYjNkY2RiZDQz

Request Chain 180

https://cm.g.doubleclick.net/pixel?google_nid=tremor_video_dbm&google_cm&google_dbm HTTP 302
https://partners.tremorhub.com/sync?UIGL=CAESEButH8EbLUG1PSSK0eENnpc&google_cver=1

Request Chain 181

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm HTTP 302
https://sync.teads.tv/um?eid=3&uid=CAESEDGQKGaHq8XmG7nGdUVJwfw&google_cver=1

Request Chain 182

https://sync.teads.tv/um?eid=3&uid=&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_dbm%26google_hm%3D%5BVID_B64%5D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_hm=M2RlM2NmOWYtNzMxOS00MjI1LWFhYjMtODc4ZTE0YzRhNDU3

Request Chain 183

https://cm.g.doubleclick.net/pixel?google_nid=tremor_video_dbm&google_cm&google_dbm HTTP 302
https://partners.tremorhub.com/sync?UIGL=CAESEButH8EbLUG1PSSK0eENnpc&google_cver=1

Request Chain 184

https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_cm&google_dbm HTTP 302
https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESELDuRfo9GJXswwwtnCppkuw&google_cver=1

Request Chain 185

https://sync.search.spotxchange.com/partner?adv_id=7025&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dspotxchange_dbm%26google_hm%3D%24SPOTX_BASE64_USER_ID HTTP 302
https://sync.search.spotxchange.com/partner?adv_id=7025&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dspotxchange_dbm%26google_hm%3D%24SPOTX_BASE64_USER_ID&__user_check__=1&sync_id=861ad089-0d39-11ec-af42-1ebee0f60406 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_hm=ODYxYWQwNDUtMGQzOS0xMWVjLWFmNDItMWViZWUwZjYwNDA2

Request Chain 187

https://ups.analytics.yahoo.com/ups/58269/sync?_origin=1&redir=true HTTP 302
https://ups.analytics.yahoo.com/ups/58269/sync?_origin=1&redir=true&verify=true HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=oath_dbm&google_hm=eS1rT1MuQkFCRTJ1RjhOMnJCRC45Znh1WXBidVpoTEtZQ35B

Request Chain 188

https://cm.g.doubleclick.net/pixel?google_nid=stickyxchange_dbm&google_cm&google_dbm HTTP 302
https://ads.stickyadstv.com/user-registering?dataProviderId=141&userId=CAESENvdD6oslh_ZMtZDWHrAVo8&google_cver=1 HTTP 302
https://1f2e7.v.fwmrm.net/ad/u?_dv=2&dsp_user_mapping=true&127719=d49ab0ac22cbeba0ef657f1f6b4ef0c8&rdU=https%3A%2F%2Fads.stickyadstv.com%2Fuser-registering%3FdataProviderId%3D1169%26userId%3d%23%7buser.id%7d HTTP 302
https://ads.stickyadstv.com/user-registering?dataProviderId=1169&userId=g022_7003932555477941946 HTTP 302
https://match.adsrvr.org/track/cmf/generic?ttd_pid=stickyads&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP 302
https://match.adsrvr.org/track/cmb/generic?ttd_pid=stickyads&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP 302
https://ads.stickyadstv.com/user-registering?dataProviderId=208&userId=a6029364-f33d-4faa-94e4-60cd39f61691

Request Chain 189

https://ads.stickyadstv.com/user-matching?id=11 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=stickyxchange_dbm&google_hm=ZDQ5YWIwYWMyMmNiZWJhMGVmNjU3ZjFmNmI0ZWYwYzg=&gdpr=0&gdpr_consent=

Request Chain 248

https://sync.mathtag.com/sync/img?mt_exid=4&google_gid=CAESEO8BKrxl03-Wn0koSAR1YLk&google_cver=1&google_push=AYg5qPLCBsbsPlzQEZ7nlZRaevhpnl1JAmzvdhRAm4Glm6OzUxjiBJhnScffScfRndwzwXbgm3sZwo5ZbKQ58Yw26bRgEvCBkyDY HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=AYg5qPLCBsbsPlzQEZ7nlZRaevhpnl1JAmzvdhRAm4Glm6OzUxjiBJhnScffScfRndwzwXbgm3sZwo5ZbKQ58Yw26bRgEvCBkyDY

Request Chain 249

https://ads.travelaudience.com/google_pixel?google_gid=CAESEAfjEpZkd20_FaarHg3XmSE&google_cver=1&google_push=AYg5qPLxwTdCjwQ4Lar2AwDPDdwx0KeL-WWw9V9WvyNp1iKbn2I_2JhfRbNwzbOKG0vg_kjaeh-5jMWOjGARmq8CTwj7Xns1VnM HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=ks8GxOxITkylTqAjuhHoew2&google_push=AYg5qPLxwTdCjwQ4Lar2AwDPDdwx0KeL-WWw9V9WvyNp1iKbn2I_2JhfRbNwzbOKG0vg_kjaeh-5jMWOjGARmq8CTwj7Xns1VnM

Request Chain 250

https://tracking.m6r.eu/sync/adxRedirect?gdprFallback=true&google_gid=&google_gid=CAESENPziV1IUpyYAq69-5etqaI&google_cver=1&google_push=AYg5qPKQu2uiZnRL-5fCOyg2H4GQiSkLwD2x0UDIZB1qmkLGo2drmxu1FiXbEno_5aB__h1X_RTHumcCCMo5Qg4x3cJM-6vGqU8 HTTP 302
https://tracking.m6r.eu/sync/adxRedirect?gdprFallback=true&google_gid=&google_gid=CAESENPziV1IUpyYAq69-5etqaI&google_cver=1&google_push=AYg5qPKQu2uiZnRL-5fCOyg2H4GQiSkLwD2x0UDIZB1qmkLGo2drmxu1FiXbEno_5aB__h1X_RTHumcCCMo5Qg4x3cJM-6vGqU8&checkcookies=true HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=m6r&google_ula=158217889&google_hm=ifj3HiS2M5MFU4R-BvfngA&google_push=AYg5qPKQu2uiZnRL-5fCOyg2H4GQiSkLwD2x0UDIZB1qmkLGo2drmxu1FiXbEno_5aB__h1X_RTHumcCCMo5Qg4x3cJM-6vGqU8

Request Chain 251

https://sync3.sniperlog.ru/?src=ggl_nga&google_gid=CAESEE3z55D7UUEbkOtBRUaRLu8&google_cver=1&google_push=AYg5qPLDqaeWI_t2dDDaBVrVeaRqps5KAHP1paSds948m6kGUQS5EDVZOIUHh1OwjnOd0Os1f4lWziXe08Vlzvz17M6tCSRpId6v HTTP 301
https://sync.bumlam.com/?src=ggl_nga&google_gid=CAESEE3z55D7UUEbkOtBRUaRLu8&google_cver=1&google_push=AYg5qPLDqaeWI_t2dDDaBVrVeaRqps5KAHP1paSds948m6kGUQS5EDVZOIUHh1OwjnOd0Os1f4lWziXe08Vlzvz17M6tCSRpId6v HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=adsniperru&google_push=AYg5qPLDqaeWI_t2dDDaBVrVeaRqps5KAHP1paSds948m6kGUQS5EDVZOIUHh1OwjnOd0Os1f4lWziXe08Vlzvz17M6tCSRpId6v

Request Chain 252

https://sync.srv.stackadapt.com/sync?nid=154&google_gid=CAESEJ3v_EmCy6Wv-ayI3BwerZY&google_cver=1&google_push=AYg5qPKsl_qWIdBDV-QbEAw9RQqAGdH6BE9dzR9dn14se8R2l-YA6sKhdXx7tsh6Q3JAT9s7g4KPtMg2WpPtXrVSBbZY5LjOEMeq HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=stackadapt_usd&google_hm=M3ebFia_QSZ6REiEfmkJrbnsyeM&google_push=AYg5qPKsl_qWIdBDV-QbEAw9RQqAGdH6BE9dzR9dn14se8R2l-YA6sKhdXx7tsh6Q3JAT9s7g4KPtMg2WpPtXrVSBbZY5LjOEMeq

Request Chain 253

https://sync.go.sonobi.com/us?loc=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dsonobi%26google_push%3DAYg5qPKHs4aWAXp3glvTmz3ew7hYU6HyftfOUPTsX8KSgXZHjdV_3qzMy5g2E9S8gZOa9ml0VGdr5g-v3n3J_IQjZt172Cxagx5-%26google_hm%3D%5BUID%5D&google_gid=CAESEN5dPbRS6x2saqanTALTSvM&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=sonobi&google_push=AYg5qPKHs4aWAXp3glvTmz3ew7hYU6HyftfOUPTsX8KSgXZHjdV_3qzMy5g2E9S8gZOa9ml0VGdr5g-v3n3J_IQjZt172Cxagx5-&google_hm=08f3b2f0-8a20-420a-b054-7c9fc4ae6496

Request Chain 254

https://cs.media.net/cksync?type=g&google_gid=CAESEJe_lTM00lHkVwCm9BFVg0c&google_cver=1&google_push=AYg5qPIBujeaW8qLvjOcCHu1N7dtE9-3bZ8JlGL_lRoonHbj8ByZ8GWd-Qc4ABVl0bi1EIGGBU11sHD-ilqQpBws-tn_08U_Y0GI HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=media&google_hm=MjczNzMxNzI2MDMxMzk5ODAwMFYxMA%3d%3d&mn_hm=MjczNzMxNzI2MDMxMzk5ODAwMFYxMA%3d%3d&google_sc=1&google_push=AYg5qPIBujeaW8qLvjOcCHu1N7dtE9-3bZ8JlGL_lRoonHbj8ByZ8GWd-Qc4ABVl0bi1EIGGBU11sHD-ilqQpBws-tn_08U_Y0GI&gdpr=&gdpr_consent=

Request Chain 258

https://ad.turn.com/r/cs?pid=3&google_gid=CAESEO6TUCncnSI2yIUoP9rItQE&google_cver=1&google_push=AYg5qPK3w95MQI22FUdKUIlP8a11mFPIktvJETeYyq-A1tfTU2d88Y2Xcm2QgpAyEZMaj2vKOOvTm6n4WUJG7OSb-9BBOTxIkspp HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=Mjc1NzAwNDUwNTY1MTE1MTY2OQ== HTTP 302
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?google_gid=CAESEO6TUCncnSI2yIUoP9rItQE&google_cver=1

Request Chain 259

https://pixel.everesttech.net/1/m?url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Deverest%26google_hm%3D__EFGSURFER_USB64__%26google_push%3DAYg5qPKp7mdfgiN_pMlE1PJ-1C987cN3_8P0UvjcKOW1a9GYQIwjF1TBRUZQEpwnO6BiYCwOm9H-ArtyElBoMg7leXEttLheh9m8&google_gid=CAESEJ85j0v9BDRdMOT2rJxD280&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WVRMM2pnQUFCZGdZTVd0cg&google_push=AYg5qPKp7mdfgiN_pMlE1PJ-1C987cN3_8P0UvjcKOW1a9GYQIwjF1TBRUZQEpwnO6BiYCwOm9H-ArtyElBoMg7leXEttLheh9m8

Request Chain 260

https://a.tribalfusion.com/i.match?p=b6&u=CAESEBL_3dkX9P0q09KV0OBmimw&google_cver=1&google_push=AYg5qPJOlKBRo6Zambf8aOc4GP39c_Exo6B3qQRqptUCUJM5HXXj4pxZuDSBN2JEb7wMHhcAjV2xXnKOIl6xQ4lNTbYWVbk97oxk&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAYg5qPJOlKBRo6Zambf8aOc4GP39c_Exo6B3qQRqptUCUJM5HXXj4pxZuDSBN2JEb7wMHhcAjV2xXnKOIl6xQ4lNTbYWVbk97oxk%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24 HTTP 302
https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEBL_3dkX9P0q09KV0OBmimw&google_cver=1&google_push=AYg5qPJOlKBRo6Zambf8aOc4GP39c_Exo6B3qQRqptUCUJM5HXXj4pxZuDSBN2JEb7wMHhcAjV2xXnKOIl6xQ4lNTbYWVbk97oxk&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAYg5qPJOlKBRo6Zambf8aOc4GP39c_Exo6B3qQRqptUCUJM5HXXj4pxZuDSBN2JEb7wMHhcAjV2xXnKOIl6xQ4lNTbYWVbk97oxk%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24

Request Chain 261

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESEFw7u5cevgI1NXoJ00p_mok&google_cver=1&google_push=AYg5qPIpgAvTupEaVKBWPRWG7TkpmSS8JCKbfj7Xagd5Os6o-2mDhq6MOwfRxuNFk_Ky0V3YJTivFNhadbJYWMhlfjgfYmmUw2Sj HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEFw7u5cevgI1NXoJ00p_mok&google_push=AYg5qPIpgAvTupEaVKBWPRWG7TkpmSS8JCKbfj7Xagd5Os6o-2mDhq6MOwfRxuNFk_Ky0V3YJTivFNhadbJYWMhlfjgfYmmUw2Sj

Request Chain 262

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEP1CXD_BTH4d_9_9UOzGZHQ&google_cver=1&google_push=AYg5qPKaMgd2eLJPEl0ciFEZu2_p3JEjyctH81uG8JMl34YBVgEDNhle0u1lgX8DzpWlI7Tlgih3xYFJzpZIgImqtWpyvEHUu7xd HTTP 302
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEP1CXD_BTH4d_9_9UOzGZHQ&google_cver=1&google_push=AYg5qPKaMgd2eLJPEl0ciFEZu2_p3JEjyctH81uG8JMl34YBVgEDNhle0u1lgX8DzpWlI7Tlgih3xYFJzpZIgImqtWpyvEHUu7xd&rdf=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=eTunpiLfRXGVli6HihW4KQ%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPKaMgd2eLJPEl0ciFEZu2_p3JEjyctH81uG8JMl34YBVgEDNhle0u1lgX8DzpWlI7Tlgih3xYFJzpZIgImqtWpyvEHUu7xd

Request Chain 263

https://s.ad.smaato.net/c/n///-?adNetInit=g&google_gid=CAESEHUFn1veoKPBU6Bd8y4dHfA&google_cver=1&google_push=AYg5qPJeP_kDguQic4UwBOGa97MVh4aT5yrnxlEHK-Av5PYzhCgXcqpiY_ZYdZAqUmxDfJLPm4M0DuO__B2GI7mhMlrSMb3bV_OZ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_hm=8324f8302112b5fb45b3&google_redir=https%3A%2F%2Fs.ad.smaato.net%2Fc%2F%3FadExInit%3Dg&google_push=AYg5qPJeP_kDguQic4UwBOGa97MVh4aT5yrnxlEHK-Av5PYzhCgXcqpiY_ZYdZAqUmxDfJLPm4M0DuO__B2GI7mhMlrSMb3bV_OZ

Request Chain 264

https://match.360yield.com/match/ebda?google_gid=CAESEKRQCgLQ3NuF1Qj2JO0yAOA&google_cver=1&google_push=AYg5qPJLkePutbfmNnu_uPqzt2vVpXahzK_84MsLOhpzg8m3jX9jEdJsVTL_hbkoekD91Vzsz4eJ9n9URFJMT3gWZlIQcyXBLLlq HTTP 302
https://match.360yield.com/ul_cb/match/ebda?google_gid=CAESEKRQCgLQ3NuF1Qj2JO0yAOA&google_cver=1&google_push=AYg5qPJLkePutbfmNnu_uPqzt2vVpXahzK_84MsLOhpzg8m3jX9jEdJsVTL_hbkoekD91Vzsz4eJ9n9URFJMT3gWZlIQcyXBLLlq HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=LMoL9ujcQcix105V0Emgjg&google_push=AYg5qPJLkePutbfmNnu_uPqzt2vVpXahzK_84MsLOhpzg8m3jX9jEdJsVTL_hbkoekD91Vzsz4eJ9n9URFJMT3gWZlIQcyXBLLlq

Request Chain 266

https://pm.w55c.net/ping_match.gif?ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEESLnpVbxDsYO2X-0YhHmKk&google_cver=1&google_push=AYg5qPJvW2oOtU0Uostcyhtsjf_3oLQPi9ysFHWV6RWyvaxBXY5rFeMAuVY9Bm2dNpGPdJcupqdRGcX1yBlLMteB5gwtRyYfEGA HTTP 302
https://pm.w55c.net/ping_match.gif?scc=1&ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEESLnpVbxDsYO2X-0YhHmKk&google_cver=1&google_push=AYg5qPJvW2oOtU0Uostcyhtsjf_3oLQPi9ysFHWV6RWyvaxBXY5rFeMAuVY9Bm2dNpGPdJcupqdRGcX1yBlLMteB5gwtRyYfEGA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=RThNcThzdjkxTW1ub081&google_gid=CAESEESLnpVbxDsYO2X-0YhHmKk&google_cver=1&google_push=AYg5qPJvW2oOtU0Uostcyhtsjf_3oLQPi9ysFHWV6RWyvaxBXY5rFeMAuVY9Bm2dNpGPdJcupqdRGcX1yBlLMteB5gwtRyYfEGA

Request Chain 267

https://fksnk.com/cs/google?google_gid=CAESEINrYKvbFXk2itzpJgpz6yI&google_cver=1&google_push=AYg5qPKGHW96G26t5nHwtzBg-Wm1unZ15cUUxW3P5j5vt4-KaFbn5IucfzLFVGmb_bw9AxJBGGBSYw64I--TtKHkwP2YsOVLzP8 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=fiksu&google_hm=NzQ0MUQyM0MwOUUyQkNFQg==

Request Chain 268

https://sync.srv.stackadapt.com/sync?nid=154&google_gid=CAESEJ3v_EmCy6Wv-ayI3BwerZY&google_cver=1&google_push=AYg5qPKgv7xShULY09VnIFvi7cBVY_eB_BBS9ffLiR6Q_6CWu-pOXrIJgcZkiz90vYPIGCsJZVE0M3Zz6_e7kefCgCHOsu4V3Zs HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=stackadapt_usd&google_hm=URUCmwD-TZBBQG5LXfRidbnsyeM&google_push=AYg5qPKgv7xShULY09VnIFvi7cBVY_eB_BBS9ffLiR6Q_6CWu-pOXrIJgcZkiz90vYPIGCsJZVE0M3Zz6_e7kefCgCHOsu4V3Zs

Request Chain 269

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEFNRz_XN4LLLZ9_jwYoIiSE&google_cver=1&google_push=AYg5qPIQs3pxPjc1qfQIDEo5wmznE6BkgWELA0BnkIfm6KARTAmRXjhbmAkMymHZKS7aEaguq0wsav6q89YT001J5cpqx2IceNc HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTL3jXnrA8PqVqdAMk99hwAABKwAAAIB&google_push=AYg5qPIQs3pxPjc1qfQIDEo5wmznE6BkgWELA0BnkIfm6KARTAmRXjhbmAkMymHZKS7aEaguq0wsav6q89YT001J5cpqx2IceNc&google_gid=CAESEFNRz_XN4LLLZ9_jwYoIiSE&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTL3jXnrA8PqVqdAMk99hwAABKwAAAIB&google_push=AYg5qPIQs3pxPjc1qfQIDEo5wmznE6BkgWELA0BnkIfm6KARTAmRXjhbmAkMymHZKS7aEaguq0wsav6q89YT001J5cpqx2IceNc&google_gid=CAESEFNRz_XN4LLLZ9_jwYoIiSE&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTL3jXnrA8PqVqdAMk99hwAABKwAAAIB&google_push=AYg5qPIQs3pxPjc1qfQIDEo5wmznE6BkgWELA0BnkIfm6KARTAmRXjhbmAkMymHZKS7aEaguq0wsav6q89YT001J5cpqx2IceNc&google_gid=CAESEFNRz_XN4LLLZ9_jwYoIiSE&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTL3jXnrA8PqVqdAMk99hwAABKwAAAIB&google_push=AYg5qPIQs3pxPjc1qfQIDEo5wmznE6BkgWELA0BnkIfm6KARTAmRXjhbmAkMymHZKS7aEaguq0wsav6q89YT001J5cpqx2IceNc&google_gid=CAESEFNRz_XN4LLLZ9_jwYoIiSE&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTL3jXnrA8PqVqdAMk99hwAABKwAAAIB&google_push=AYg5qPIQs3pxPjc1qfQIDEo5wmznE6BkgWELA0BnkIfm6KARTAmRXjhbmAkMymHZKS7aEaguq0wsav6q89YT001J5cpqx2IceNc&google_gid=CAESEFNRz_XN4LLLZ9_jwYoIiSE&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTL3jXnrA8PqVqdAMk99hwAABKwAAAIB&google_push=AYg5qPIQs3pxPjc1qfQIDEo5wmznE6BkgWELA0BnkIfm6KARTAmRXjhbmAkMymHZKS7aEaguq0wsav6q89YT001J5cpqx2IceNc&google_gid=CAESEFNRz_XN4LLLZ9_jwYoIiSE&google_cver=1&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTL3jXnrA8PqVqdAMk99hwAABKwAAAIB&google_push=AYg5qPIQs3pxPjc1qfQIDEo5wmznE6BkgWELA0BnkIfm6KARTAmRXjhbmAkMymHZKS7aEaguq0wsav6q89YT001J5cpqx2IceNc&google_gid=CAESEFNRz_XN4LLLZ9_jwYoIiSE&google_cver=1&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTL3jXnrA8PqVqdAMk99hwAABKwAAAIB&google_push=AYg5qPIQs3pxPjc1qfQIDEo5wmznE6BkgWELA0BnkIfm6KARTAmRXjhbmAkMymHZKS7aEaguq0wsav6q89YT001J5cpqx2IceNc&google_gid=CAESEFNRz_XN4LLLZ9_jwYoIiSE&google_cver=1&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTL3jXnrA8PqVqdAMk99hwAABKwAAAIB&google_push=AYg5qPIQs3pxPjc1qfQIDEo5wmznE6BkgWELA0BnkIfm6KARTAmRXjhbmAkMymHZKS7aEaguq0wsav6q89YT001J5cpqx2IceNc&google_gid=CAESEFNRz_XN4LLLZ9_jwYoIiSE&google_cver=1&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTL3jXnrA8PqVqdAMk99hwAABKwAAAIB&google_push=AYg5qPIQs3pxPjc1qfQIDEo5wmznE6BkgWELA0BnkIfm6KARTAmRXjhbmAkMymHZKS7aEaguq0wsav6q89YT001J5cpqx2IceNc&google_gid=CAESEFNRz_XN4LLLZ9_jwYoIiSE&google_cver=1&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTL3jXnrA8PqVqdAMk99hwAABKwAAAIB&google_push=AYg5qPIQs3pxPjc1qfQIDEo5wmznE6BkgWELA0BnkIfm6KARTAmRXjhbmAkMymHZKS7aEaguq0wsav6q89YT001J5cpqx2IceNc&google_gid=CAESEFNRz_XN4LLLZ9_jwYoIiSE&google_cver=1&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTL3jXnrA8PqVqdAMk99hwAABKwAAAIB&google_push=AYg5qPIQs3pxPjc1qfQIDEo5wmznE6BkgWELA0BnkIfm6KARTAmRXjhbmAkMymHZKS7aEaguq0wsav6q89YT001J5cpqx2IceNc&google_gid=CAESEFNRz_XN4LLLZ9_jwYoIiSE&google_cver=1&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTL3jXnrA8PqVqdAMk99hwAABKwAAAIB&google_push=AYg5qPIQs3pxPjc1qfQIDEo5wmznE6BkgWELA0BnkIfm6KARTAmRXjhbmAkMymHZKS7aEaguq0wsav6q89YT001J5cpqx2IceNc&google_gid=CAESEFNRz_XN4LLLZ9_jwYoIiSE&google_cver=1&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTL3jXnrA8PqVqdAMk99hwAABKwAAAIB&google_push=AYg5qPIQs3pxPjc1qfQIDEo5wmznE6BkgWELA0BnkIfm6KARTAmRXjhbmAkMymHZKS7aEaguq0wsav6q89YT001J5cpqx2IceNc&google_gid=CAESEFNRz_XN4LLLZ9_jwYoIiSE&google_cver=1&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTL3jXnrA8PqVqdAMk99hwAABKwAAAIB&google_push=AYg5qPIQs3pxPjc1qfQIDEo5wmznE6BkgWELA0BnkIfm6KARTAmRXjhbmAkMymHZKS7aEaguq0wsav6q89YT001J5cpqx2IceNc&google_gid=CAESEFNRz_XN4LLLZ9_jwYoIiSE&google_cver=1&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTL3jXnrA8PqVqdAMk99hwAABKwAAAIB&google_push=AYg5qPIQs3pxPjc1qfQIDEo5wmznE6BkgWELA0BnkIfm6KARTAmRXjhbmAkMymHZKS7aEaguq0wsav6q89YT001J5cpqx2IceNc&google_gid=CAESEFNRz_XN4LLLZ9_jwYoIiSE&google_cver=1&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTL3jXnrA8PqVqdAMk99hwAABKwAAAIB&google_push=AYg5qPIQs3pxPjc1qfQIDEo5wmznE6BkgWELA0BnkIfm6KARTAmRXjhbmAkMymHZKS7aEaguq0wsav6q89YT001J5cpqx2IceNc&google_gid=CAESEFNRz_XN4LLLZ9_jwYoIiSE&google_cver=1&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTL3jXnrA8PqVqdAMk99hwAABKwAAAIB&google_push=AYg5qPIQs3pxPjc1qfQIDEo5wmznE6BkgWELA0BnkIfm6KARTAmRXjhbmAkMymHZKS7aEaguq0wsav6q89YT001J5cpqx2IceNc&google_gid=CAESEFNRz_XN4LLLZ9_jwYoIiSE&google_cver=1&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTL3jXnrA8PqVqdAMk99hwAABKwAAAIB&google_push=AYg5qPIQs3pxPjc1qfQIDEo5wmznE6BkgWELA0BnkIfm6KARTAmRXjhbmAkMymHZKS7aEaguq0wsav6q89YT001J5cpqx2IceNc&google_gid=CAESEFNRz_XN4LLLZ9_jwYoIiSE&google_cver=1&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTL3jXnrA8PqVqdAMk99hwAABKwAAAIB&google_push=AYg5qPIQs3pxPjc1qfQIDEo5wmznE6BkgWELA0BnkIfm6KARTAmRXjhbmAkMymHZKS7aEaguq0wsav6q89YT001J5cpqx2IceNc&google_gid=CAESEFNRz_XN4LLLZ9_jwYoIiSE&google_cver=1&google_tc=

Request Chain 270

https://ads.yieldmo.com/exptsync?google_gid=CAESEEY_OtHOzQHNPt3dbA3hXzI&google_cver=1&google_push=AYg5qPLsVrFxHPOdxekugfSic8VsPfOJegiwPppmcy_sR-a3OUepU7F4e6WquF-bvvDIgIsyPrDPiILC2J0-HhSXgFTw5D6Pmj8 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=yieldmo&google_push=AYg5qPLsVrFxHPOdxekugfSic8VsPfOJegiwPppmcy_sR-a3OUepU7F4e6WquF-bvvDIgIsyPrDPiILC2J0-HhSXgFTw5D6Pmj8&google_hm=Zzg4M2RiNWZmYTk5ZjVmNDA5ZmE=

Request Chain 271

https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEL-WlEJUoUBXgankHVTFkSA&google_cver=1&google_push=AYg5qPK1r1FqgOjUixr5r4Dv3XAzK2a_PRPJZEOekHm-XXB2xGVw0Kc6ws5uOBXJAgPFF0g8CM0KLxlmyUMHliclHyPvRlKwXj0 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS01OEptemFsRTJ1RlI4RngwdnBPX3NUWnBHS1RSUTVkTX5B&google_push=AYg5qPK1r1FqgOjUixr5r4Dv3XAzK2a_PRPJZEOekHm-XXB2xGVw0Kc6ws5uOBXJAgPFF0g8CM0KLxlmyUMHliclHyPvRlKwXj0

Request Chain 272

https://ads.avads.net/sync/ggl?google_gid=CAESEAQQLWhUYePTGVczzlzSiqE&google_cver=1&google_push=AYg5qPJjPxTUN9wC8YMohh_vc-tb14adxDJKR6YkrKi0tBwbjftWZnkQswac8AeQb1ltbo-De_KW9UOs0GCW_aFzEklYZeq0AF8Z HTTP 302
https://ads.avads.net/sync/ggl?google_gid=CAESEAQQLWhUYePTGVczzlzSiqE&google_cver=1&google_push=AYg5qPJjPxTUN9wC8YMohh_vc-tb14adxDJKR6YkrKi0tBwbjftWZnkQswac8AeQb1ltbo-De_KW9UOs0GCW_aFzEklYZeq0AF8Z&av_tc=True HTTP 302
https://ads.avads.net/sync/ggl?google_gid=CAESEAQQLWhUYePTGVczzlzSiqE&google_cver=1&google_push=AYg5qPJjPxTUN9wC8YMohh_vc-tb14adxDJKR6YkrKi0tBwbjftWZnkQswac8AeQb1ltbo-De_KW9UOs0GCW_aFzEklYZeq0AF8Z HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=antvoice&google_hm=ZmE1MDQ2OGYtNTY5YS00MzdlLTk0MjgtOGM3YmY1ZmMyZDM3&google_push=AYg5qPJjPxTUN9wC8YMohh_vc-tb14adxDJKR6YkrKi0tBwbjftWZnkQswac8AeQb1ltbo-De_KW9UOs0GCW_aFzEklYZeq0AF8Z HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=antvoice&google_hm=ZmE1MDQ2OGYtNTY5YS00MzdlLTk0MjgtOGM3YmY1ZmMyZDM3&google_push=AYg5qPJjPxTUN9wC8YMohh_vc-tb14adxDJKR6YkrKi0tBwbjftWZnkQswac8AeQb1ltbo-De_KW9UOs0GCW_aFzEklYZeq0AF8Z HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=antvoice&google_hm=ZmE1MDQ2OGYtNTY5YS00MzdlLTk0MjgtOGM3YmY1ZmMyZDM3&google_push=AYg5qPJjPxTUN9wC8YMohh_vc-tb14adxDJKR6YkrKi0tBwbjftWZnkQswac8AeQb1ltbo-De_KW9UOs0GCW_aFzEklYZeq0AF8Z HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=antvoice&google_hm=ZmE1MDQ2OGYtNTY5YS00MzdlLTk0MjgtOGM3YmY1ZmMyZDM3&google_push=AYg5qPJjPxTUN9wC8YMohh_vc-tb14adxDJKR6YkrKi0tBwbjftWZnkQswac8AeQb1ltbo-De_KW9UOs0GCW_aFzEklYZeq0AF8Z&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=antvoice&google_hm=ZmE1MDQ2OGYtNTY5YS00MzdlLTk0MjgtOGM3YmY1ZmMyZDM3&google_push=AYg5qPJjPxTUN9wC8YMohh_vc-tb14adxDJKR6YkrKi0tBwbjftWZnkQswac8AeQb1ltbo-De_KW9UOs0GCW_aFzEklYZeq0AF8Z&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=antvoice&google_hm=ZmE1MDQ2OGYtNTY5YS00MzdlLTk0MjgtOGM3YmY1ZmMyZDM3&google_push=AYg5qPJjPxTUN9wC8YMohh_vc-tb14adxDJKR6YkrKi0tBwbjftWZnkQswac8AeQb1ltbo-De_KW9UOs0GCW_aFzEklYZeq0AF8Z&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=antvoice&google_hm=ZmE1MDQ2OGYtNTY5YS00MzdlLTk0MjgtOGM3YmY1ZmMyZDM3&google_push=AYg5qPJjPxTUN9wC8YMohh_vc-tb14adxDJKR6YkrKi0tBwbjftWZnkQswac8AeQb1ltbo-De_KW9UOs0GCW_aFzEklYZeq0AF8Z&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=antvoice&google_hm=ZmE1MDQ2OGYtNTY5YS00MzdlLTk0MjgtOGM3YmY1ZmMyZDM3&google_push=AYg5qPJjPxTUN9wC8YMohh_vc-tb14adxDJKR6YkrKi0tBwbjftWZnkQswac8AeQb1ltbo-De_KW9UOs0GCW_aFzEklYZeq0AF8Z&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=antvoice&google_hm=ZmE1MDQ2OGYtNTY5YS00MzdlLTk0MjgtOGM3YmY1ZmMyZDM3&google_push=AYg5qPJjPxTUN9wC8YMohh_vc-tb14adxDJKR6YkrKi0tBwbjftWZnkQswac8AeQb1ltbo-De_KW9UOs0GCW_aFzEklYZeq0AF8Z&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=antvoice&google_hm=ZmE1MDQ2OGYtNTY5YS00MzdlLTk0MjgtOGM3YmY1ZmMyZDM3&google_push=AYg5qPJjPxTUN9wC8YMohh_vc-tb14adxDJKR6YkrKi0tBwbjftWZnkQswac8AeQb1ltbo-De_KW9UOs0GCW_aFzEklYZeq0AF8Z&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=antvoice&google_hm=ZmE1MDQ2OGYtNTY5YS00MzdlLTk0MjgtOGM3YmY1ZmMyZDM3&google_push=AYg5qPJjPxTUN9wC8YMohh_vc-tb14adxDJKR6YkrKi0tBwbjftWZnkQswac8AeQb1ltbo-De_KW9UOs0GCW_aFzEklYZeq0AF8Z&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=antvoice&google_hm=ZmE1MDQ2OGYtNTY5YS00MzdlLTk0MjgtOGM3YmY1ZmMyZDM3&google_push=AYg5qPJjPxTUN9wC8YMohh_vc-tb14adxDJKR6YkrKi0tBwbjftWZnkQswac8AeQb1ltbo-De_KW9UOs0GCW_aFzEklYZeq0AF8Z&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=antvoice&google_hm=ZmE1MDQ2OGYtNTY5YS00MzdlLTk0MjgtOGM3YmY1ZmMyZDM3&google_push=AYg5qPJjPxTUN9wC8YMohh_vc-tb14adxDJKR6YkrKi0tBwbjftWZnkQswac8AeQb1ltbo-De_KW9UOs0GCW_aFzEklYZeq0AF8Z&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=antvoice&google_hm=ZmE1MDQ2OGYtNTY5YS00MzdlLTk0MjgtOGM3YmY1ZmMyZDM3&google_push=AYg5qPJjPxTUN9wC8YMohh_vc-tb14adxDJKR6YkrKi0tBwbjftWZnkQswac8AeQb1ltbo-De_KW9UOs0GCW_aFzEklYZeq0AF8Z&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=antvoice&google_hm=ZmE1MDQ2OGYtNTY5YS00MzdlLTk0MjgtOGM3YmY1ZmMyZDM3&google_push=AYg5qPJjPxTUN9wC8YMohh_vc-tb14adxDJKR6YkrKi0tBwbjftWZnkQswac8AeQb1ltbo-De_KW9UOs0GCW_aFzEklYZeq0AF8Z&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=antvoice&google_hm=ZmE1MDQ2OGYtNTY5YS00MzdlLTk0MjgtOGM3YmY1ZmMyZDM3&google_push=AYg5qPJjPxTUN9wC8YMohh_vc-tb14adxDJKR6YkrKi0tBwbjftWZnkQswac8AeQb1ltbo-De_KW9UOs0GCW_aFzEklYZeq0AF8Z&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=antvoice&google_hm=ZmE1MDQ2OGYtNTY5YS00MzdlLTk0MjgtOGM3YmY1ZmMyZDM3&google_push=AYg5qPJjPxTUN9wC8YMohh_vc-tb14adxDJKR6YkrKi0tBwbjftWZnkQswac8AeQb1ltbo-De_KW9UOs0GCW_aFzEklYZeq0AF8Z&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=antvoice&google_hm=ZmE1MDQ2OGYtNTY5YS00MzdlLTk0MjgtOGM3YmY1ZmMyZDM3&google_push=AYg5qPJjPxTUN9wC8YMohh_vc-tb14adxDJKR6YkrKi0tBwbjftWZnkQswac8AeQb1ltbo-De_KW9UOs0GCW_aFzEklYZeq0AF8Z&google_tc=

Request Chain 275

https://ad.turn.com/r/cs?pid=3&google_gid=CAESEO6TUCncnSI2yIUoP9rItQE&google_cver=1&google_push=AYg5qPItht74jzxynAqntyiu1JnMnBlbCe7Jl29yvUAwXNAvt3jxXzI9jjIjOXy5WSGydgKREyTnIDPAI0z2_LCINdLBrNBUrgw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=Mjc1NzAwNDUwNTY1MTE1MTY2OQ== HTTP 302
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?google_gid=CAESEO6TUCncnSI2yIUoP9rItQE&google_cver=1

Request Chain 276

https://x.bidswitch.net/sync?ssp=google&google_gid=CAESENn4XGFIRaAk2auJR1dZN5g&google_cver=1&google_push=AYg5qPLXf8Hmli7_3U4au79a3KNP_YT55CarvaZ4-Fulh6SxwQtObsE06toPVRn4AmH6m_0tzzlfOw_JcBVs4O4lDQk4CGWg_Q HTTP 302
https://x.bidswitch.net/ul_cb/sync?ssp=google&google_gid=CAESENn4XGFIRaAk2auJR1dZN5g&google_cver=1&google_push=AYg5qPLXf8Hmli7_3U4au79a3KNP_YT55CarvaZ4-Fulh6SxwQtObsE06toPVRn4AmH6m_0tzzlfOw_JcBVs4O4lDQk4CGWg_Q HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=AYg5qPLXf8Hmli7_3U4au79a3KNP_YT55CarvaZ4-Fulh6SxwQtObsE06toPVRn4AmH6m_0tzzlfOw_JcBVs4O4lDQk4CGWg_Q&google_hm=ah_iiUfpR3G8l0X_4cLlow==

Request Chain 278

https://google-sync.rutarget.ru/sync?google_gid=CAESELwmMipWy5HiGlKb1_Dm83A&google_cver=1&google_push=AYg5qPIa5gCNxCN7vV_Y0oN30G1F_8zDVBC1j49HPAvxTDHbyFtMv2_YSzp-c7GVMF01ceeN--BwG9GyVK7N4KC2OXCHdXWUBA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=segmentoru&google_hm=cDlvTXNFNHVTTkhh&google_ula=2046794&google_push=AYg5qPIa5gCNxCN7vV_Y0oN30G1F_8zDVBC1j49HPAvxTDHbyFtMv2_YSzp-c7GVMF01ceeN--BwG9GyVK7N4KC2OXCHdXWUBA

Request Chain 279

https://sync.go.sonobi.com/us?loc=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dsonobi%26google_push%3DAYg5qPJj0udGssMdA2nH9vsUmpgVRLoL5QzLzoU8yGAYJzB_iG7wkEsltTERyN1fPIHWurqsSdk-FZssqxIrWdrwP0a7gDLD4A%26google_hm%3D%5BUID%5D&google_gid=CAESEN5dPbRS6x2saqanTALTSvM&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=sonobi&google_push=AYg5qPJj0udGssMdA2nH9vsUmpgVRLoL5QzLzoU8yGAYJzB_iG7wkEsltTERyN1fPIHWurqsSdk-FZssqxIrWdrwP0a7gDLD4A&google_hm=08f3b2f0-8a20-420a-b054-7c9fc4ae6496

Request Chain 280

https://google.ops.beeline.ru/p?ssp=gl&google_gid=CAESEOdr1J4osFTC-dqAsKU7z9Q&google_cver=1&google_push=AYg5qPIqx3AD7TF5lJ5ikKXzpnP-h0t7hE0Qtf1Xaf7bYbh8GMFTFa-GEHHsRtya_LMxNRBmlgMWE8RYeElifghKrxJTs10xI6o HTTP 301
https://cm.g.doubleclick.net/pixel?google_nid=vimpelcom_pjsc&google_hm=ODhkOWJlODMtZTNkZS00NDE2LWIwNzUtNTU0ZGE4OWQ2MzVm&google_push=AYg5qPIqx3AD7TF5lJ5ikKXzpnP-h0t7hE0Qtf1Xaf7bYbh8GMFTFa-GEHHsRtya_LMxNRBmlgMWE8RYeElifghKrxJTs10xI6o

Request Chain 281

https://sm.rtb.mts.ru/p?ssp=googlevid&pm=1&google_gid=CAESEA78mDCeFD8FpsxEOOzgSd4&google_cver=1&google_push=AYg5qPJFdq4ujn_AcBahNKrbjSzRYHqRHt3M8HyocsbTT8TYhBFEcZz_IEZmdHIfHizY80qqoP9DSLc4HKKJnDipc5Sch5tv3wc HTTP 301
https://sm.rtb.mts.ru/match/second?r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dstream_llc_2%26id%3D77172dee-980f-400a-b36d-f7663619bec5%26google_push%3DAYg5qPJFdq4ujn_AcBahNKrbjSzRYHqRHt3M8HyocsbTT8TYhBFEcZz_IEZmdHIfHizY80qqoP9DSLc4HKKJnDipc5Sch5tv3wc&ssp=googlevid&exu=CAESEA78mDCeFD8FpsxEOOzgSd4 HTTP 301
https://tech.rtb.mts.ru/?dsp_uid=77172dee-980f-400a-b36d-f7663619bec5&return_url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dstream_llc_2%26id%3D77172dee-980f-400a-b36d-f7663619bec5%26google_push%3DAYg5qPJFdq4ujn_AcBahNKrbjSzRYHqRHt3M8HyocsbTT8TYhBFEcZz_IEZmdHIfHizY80qqoP9DSLc4HKKJnDipc5Sch5tv3wc HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=stream_llc_2&id=77172dee-980f-400a-b36d-f7663619bec5&google_push=AYg5qPJFdq4ujn_AcBahNKrbjSzRYHqRHt3M8HyocsbTT8TYhBFEcZz_IEZmdHIfHizY80qqoP9DSLc4HKKJnDipc5Sch5tv3wc

Request Chain 284

https://p.rfihub.com/cm?in=1&pub=445&google_gid=CAESEB_GrXR316znKJKyyYISRIw&google_cver=1&google_push=AYg5qPJOTHhGSM56c3qfZUwPCgF3K_WH9CQNicrlk02GicG33_UIf6A1B1sxojt3rAJYUCzBK9QR-kHhlgTeU0IBxOcJXnt9APZ6 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=zeta_interactive&google_push=AYg5qPJOTHhGSM56c3qfZUwPCgF3K_WH9CQNicrlk02GicG33_UIf6A1B1sxojt3rAJYUCzBK9QR-kHhlgTeU0IBxOcJXnt9APZ6&google_hm=NTI2NDQxODUxNTg2MDY3NDQ3NQ== HTTP 302
https://a.rfihub.com/cm?pub=445&google_error=5

Request Chain 285

https://match.adsby.bidtheatre.com/adxcookie?id=&google_gid=CAESELL7Gnt9EtbpUhsiXTIr1jo&google_cver=1&google_push=AYg5qPKmmI4oS2y9rmFREUHVGNifbDctPraoAfDED7jTXb5gGok3BFZgnsBqHkTcyUKERaYUTejqn43DPH5oCA0iI6YRnIMh76A HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=bt&google_push=AYg5qPKmmI4oS2y9rmFREUHVGNifbDctPraoAfDED7jTXb5gGok3BFZgnsBqHkTcyUKERaYUTejqn43DPH5oCA0iI6YRnIMh76A

Request Chain 287

https://match.360yield.com/match/ebda?google_gid=CAESEKRQCgLQ3NuF1Qj2JO0yAOA&google_cver=1&google_push=AYg5qPJf2DGKWuX6sZFhiRMKYgbf3YQYYO6RzJi5sP81O8bzjr1EARtOS2bLcjdIlXMmIO-6y6lNA4fQdSRdCxmcdm3kff7JYGo HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=LMoL9ujcQcix105V0Emgjg&google_push=AYg5qPJf2DGKWuX6sZFhiRMKYgbf3YQYYO6RzJi5sP81O8bzjr1EARtOS2bLcjdIlXMmIO-6y6lNA4fQdSRdCxmcdm3kff7JYGo

Request Chain 288

https://sync.1rx.io/usersync2/rmpssp?sub=google&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3D%5BRX_SPD%5D%26google_hm%3D%5BRX_UUID_B64_BIN%5D&google_gid=CAESEOfzmZHxpSM6mpMTScg0H48&google_cver=1&google_push=AYg5qPK7im3XplB8D1KtuhTvexqwF-Rq7JEL92l_n7zSaIdb-Wcpvv9_1ncXffUfbZXIZXnOCVEYSrbATyiUfq_U_IEO8oU9EE_u HTTP 302
https://sync.targeting.unrulymedia.com/csync/RX-34d936c4-b089-47ce-b9b7-e89e80d1de9c-003?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3DAYg5qPK7im3XplB8D1KtuhTvexqwF-Rq7JEL92l_n7zSaIdb-Wcpvv9_1ncXffUfbZXIZXnOCVEYSrbATyiUfq_U_IEO8oU9EE_u%26google_hm%3DAzTZNsSwiUfOubfonoDR3pw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AYg5qPK7im3XplB8D1KtuhTvexqwF-Rq7JEL92l_n7zSaIdb-Wcpvv9_1ncXffUfbZXIZXnOCVEYSrbATyiUfq_U_IEO8oU9EE_u&google_hm=AzTZNsSwiUfOubfonoDR3pw

Request Chain 289

https://ssbsync.smartadserver.com/api/sync?callerId=3&google_gid=CAESEBiNWlW8Exn0aYxAuE6LOPo&google_cver=1&google_push=AYg5qPKpPCD2L0goSsoaOv0ZHvHcaMbbY9PfnDUzmMWTiuAHb3ZgRMLqYIHBI3SbKBxQ52SbkzRkm5s7GXkkpecr1c3XNqYa9Xy7 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=smart_adserver_eb&google_push=AYg5qPKpPCD2L0goSsoaOv0ZHvHcaMbbY9PfnDUzmMWTiuAHb3ZgRMLqYIHBI3SbKBxQ52SbkzRkm5s7GXkkpecr1c3XNqYa9Xy7&google_hm=MjA5NzExODg5MDMyMjc5MzQ1MQ%3D%3D

Request Chain 293

https://dsp.adfarm1.adition.com/cookie/?ssp=2&google_gid=CAESENBaqDrZhT8ybLXgB7-_1uA&google_cver=1&google_push=AYg5qPKCq3Py2VKLBobOq5bOPxLC5H__uAj8XpV2s4rQilAgzYdLT5K7odApeIwWgRSNDd-6XGT3viXGVuZJqeZCCWp_33FNVCwD HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzAwMzkzMjU1OTc3NjkzODEzNw%3D%3D&google_push=AYg5qPKCq3Py2VKLBobOq5bOPxLC5H__uAj8XpV2s4rQilAgzYdLT5K7odApeIwWgRSNDd-6XGT3viXGVuZJqeZCCWp_33FNVCwD

Request Chain 294

https://c.eu1.dyntrk.com/adx/ga/us.php?dynk=ga2ex&google_gid=CAESEN34ZLVkqVEOTOFWhL2kD-A&google_cver=1&google_push=AYg5qPKKYbqraWutRe-qAsKNcAOBEMW1HZZ0PUrKKq1j1EoiLVXYKioPx7uNpHFK7KG3-Lw05OjsAjv1o_QZn27JCbd1oTYO2p2J HTTP 302
https://c.eu1.dyntrk.com/adx/ga/us.php?dynk=ga2ex&google_gid=CAESEN34ZLVkqVEOTOFWhL2kD-A&google_cver=1&google_push=AYg5qPKKYbqraWutRe-qAsKNcAOBEMW1HZZ0PUrKKq1j1EoiLVXYKioPx7uNpHFK7KG3-Lw05OjsAjv1o_QZn27JCbd1oTYO2p2J&prevuid=05030001_6132f78f53c38&knw=0 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=dynadmic&google_push=AYg5qPKKYbqraWutRe-qAsKNcAOBEMW1HZZ0PUrKKq1j1EoiLVXYKioPx7uNpHFK7KG3-Lw05OjsAjv1o_QZn27JCbd1oTYO2p2J&google_hm=MDUwMzAwMDFfNjEzMmY3OGY1M2MzOA%3D%3D

Request Chain 295

https://rtb.openx.net/sync/dds?google_gid=CAESEM_So39OiXSrKS9mYqE1C4w&google_cver=1&google_push=AYg5qPLoBoEmifOzRm2hv--5Q_eEHSBYZlNYEwb4ieD51xkf05XJbqtKMqMi3m7QcgjrKMN5SxpNoITst9N6IaRyIkD1-0994PM_ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPLoBoEmifOzRm2hv--5Q_eEHSBYZlNYEwb4ieD51xkf05XJbqtKMqMi3m7QcgjrKMN5SxpNoITst9N6IaRyIkD1-0994PM_&google_hm=a1ZR_--ky1AAAvSYqMbyEw==

Request Chain 296

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEJzgJBgCf4hgr8l0ibQnfSE&google_cver=1&google_push=AYg5qPKcCqH1rMyNA7U9wciIRjqA86OeMVTKtPQg0myYUgIeHpocq7W1pW7tjjEyuaiyUDp24102ewwJ6D1spP8bn-680TRZjHSj HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1Q1QU0yRkctTi03UTUz&google_push=AYg5qPKcCqH1rMyNA7U9wciIRjqA86OeMVTKtPQg0myYUgIeHpocq7W1pW7tjjEyuaiyUDp24102ewwJ6D1spP8bn-680TRZjHSj

Request Chain 297

https://sm.rtb.mts.ru/p?ssp=googlevid&pm=1&google_gid=CAESEA78mDCeFD8FpsxEOOzgSd4&google_cver=1&google_push=AYg5qPJsJnadJJCAEWWnP9Dv-hvltdt8RByazrkQzlRF5odYLUomyRxl2MgS65U5jGEjZOsXil0yV6qNGEijZIv76oJTHmVsPxdH HTTP 301
https://sm.rtb.mts.ru/match/second?r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dstream_llc_2%26id%3D499745a5-6749-438d-97f8-23c9acaef2c3%26google_push%3DAYg5qPJsJnadJJCAEWWnP9Dv-hvltdt8RByazrkQzlRF5odYLUomyRxl2MgS65U5jGEjZOsXil0yV6qNGEijZIv76oJTHmVsPxdH&ssp=googlevid&exu=CAESEA78mDCeFD8FpsxEOOzgSd4 HTTP 301
https://tech.rtb.mts.ru/?dsp_uid=77172dee-980f-400a-b36d-f7663619bec5&return_url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dstream_llc_2%26id%3D499745a5-6749-438d-97f8-23c9acaef2c3%26google_push%3DAYg5qPJsJnadJJCAEWWnP9Dv-hvltdt8RByazrkQzlRF5odYLUomyRxl2MgS65U5jGEjZOsXil0yV6qNGEijZIv76oJTHmVsPxdH HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=stream_llc_2&id=499745a5-6749-438d-97f8-23c9acaef2c3&google_push=AYg5qPJsJnadJJCAEWWnP9Dv-hvltdt8RByazrkQzlRF5odYLUomyRxl2MgS65U5jGEjZOsXil0yV6qNGEijZIv76oJTHmVsPxdH HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=stream_llc_2&id=499745a5-6749-438d-97f8-23c9acaef2c3&google_push=AYg5qPJsJnadJJCAEWWnP9Dv-hvltdt8RByazrkQzlRF5odYLUomyRxl2MgS65U5jGEjZOsXil0yV6qNGEijZIv76oJTHmVsPxdH&google_tc=

Request Chain 396

https://secure.adnxs.com/getuid?https%3A%2F%2Fsync.aniview.com%2Fcookiesyncendpoint%3Fauid%3D1630730128514-952271023603-008770-014-002257%26biddername%3D55%26key%3D%24UID HTTP 307
https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fsync.aniview.com%252Fcookiesyncendpoint%253Fauid%253D1630730128514-952271023603-008770-014-002257%2526biddername%253D55%2526key%253D%2524UID HTTP 302
https://sync.aniview.com/cookiesyncendpoint?auid=1630730128514-952271023603-008770-014-002257&biddername=55&key=4823418735745576492

Request Chain 401

https://secure.adnxs.com/getuid?https%3A%2F%2Fsync.aniview.com%2Fcookiesyncendpoint%3Fauid%3D1630730128515-932215023603-008434-011-009939%26biddername%3D55%26key%3D%24UID HTTP 307
https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fsync.aniview.com%252Fcookiesyncendpoint%253Fauid%253D1630730128515-932215023603-008434-011-009939%2526biddername%253D55%2526key%253D%2524UID HTTP 302
https://sync.aniview.com/cookiesyncendpoint?auid=1630730128515-932215023603-008434-011-009939&biddername=55&key=5975205377461622294

Request Chain 424

https://match.adsrvr.org/track/cmf/generic?ttd_pid=adaptv&ttd_tpi=1 HTTP 302
https://match.adsrvr.org/track/cmb/generic?ttd_pid=adaptv&ttd_tpi=1 HTTP 302
https://ups.analytics.yahoo.com/ups/55953/sync?uid=3fbf10f0-5e71-4598-8dcd-adf7fd341aab&_origin=1&gdpr=1&gdpr_consent=

Request Chain 425

https://pixel.advertising.com/ups/57304/sync?gdpr=&gdpr_consent=&_origin=0&redir=true HTTP 302
https://pixel.advertising.com/ups/57304/sync?gdpr=&gdpr_consent=&_origin=0&redir=true&verify=true HTTP 302
https://ups.analytics.yahoo.com/ups/57304/sync?gdpr=&gdpr_consent=&_origin=0&redir=true&apid=UP8899cba9-0d39-11ec-8f0b-06a17173c662 HTTP 302
https://ups.analytics.yahoo.com/ups/57304/sync?gdpr=&gdpr_consent=&_origin=0&redir=true&apid=UP8899cba9-0d39-11ec-8f0b-06a17173c662&verify=true HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=adaptv_dbm&google_cm&google_hm=VVA4ODk5Y2JhOS0wZDM5LTExZWMtOGYwYi0wNmExNzE3M2M2NjI%3D HTTP 302
https://pixel.advertising.com/ups/57304/sync?uid=CAESEOd3vx-wKdB6Kk_XAT19x6M&google_cver=1 HTTP 302
https://ups.analytics.yahoo.com/ups/57304/sync?uid=CAESEOd3vx-wKdB6Kk_XAT19x6M&google_cver=1&apid=UP8899cba9-0d39-11ec-8f0b-06a17173c662

Request Chain 426

https://sync-tm.everesttech.net/upi/pid/m7y5t93k?gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fpixel.advertising.com%2Fups%2F55986%2Fsync%3Fuid%3D%24%7BUSER_ID%7D%26_origin%3D0&gdpr=0&gdpr_consent= HTTP 302
https://sync-tm.everesttech.net/ct/upi/pid/m7y5t93k?gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fpixel.advertising.com%2Fups%2F55986%2Fsync%3Fuid%3D%24%7BUSER_ID%7D%26_origin%3D0&gdpr=0&gdpr_consent=&_test=YTL3kQAERRxnbwBg HTTP 302
https://pixel.advertising.com/ups/55986/sync?uid=YTL3kQAERRxnbwBg&_origin=0&gdpr=0&gdpr_consent=&_test=YTL3kQAERRxnbwBg HTTP 302
https://ups.analytics.yahoo.com/ups/55986/sync?uid=YTL3kQAERRxnbwBg&_origin=0&gdpr=0&gdpr_consent=&_test=YTL3kQAERRxnbwBg&apid=UP8899cba9-0d39-11ec-8f0b-06a17173c662 HTTP 302
https://ups.analytics.yahoo.com/ups/55986/sync?uid=YTL3kQAERRxnbwBg&_origin=0&gdpr=0&gdpr_consent=&_test=YTL3kQAERRxnbwBg&apid=UP8899cba9-0d39-11ec-8f0b-06a17173c662&verify=true

Request Chain 447

https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=YTL3kKYyndRmi8RveD-PFAAA HTTP 302
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEIcNXPYvixVNObvsrlcFjzE&google_cver=1

Request Chain 448

https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=YTL3kKYyndRmi8RveD_PFAAABF4AAAIB&gdpr_consent=&us_privacy=&gdpr= HTTP 302
https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=&google_gid=CAESEBpbz0P1C3bHrjyOE8ge9qU&google_cver=1

Request Chain 449

https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=YTL3kKYyndRmi8RveD_PFAAABF4AAAIB HTTP 302
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=YTL3kKYyndRmi8RveD_PFAAABF4AAAIB&dcc=t

Request Chain 450

https://ad.turn.com/r/cs?pid=21 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=4&external_user_id=8162451057914217269

Request Chain 452

https://gu.dyntrk.com/adx/ie/us.php?dynk=1nd3xx6ch1 HTTP 302
https://gu.dyntrk.com/adx/ie/us.php?dynk=1nd3xx6ch1&prevuid=03030002_6132f792456d1&knw=0 HTTP 302
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=196&external_user_id=03030002_6132f792456d1

Request Chain 453

https://sync-tm.everesttech.net/upi/pid/ZMAwryCI?redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Frum%3Fcm_dsp_id%3D88%26external_user_id%3D%24%7BTM_USER_ID%7D HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=88&external_user_id=YTL3kQAERRxnbwBg

Request Chain 467

https://match.adsrvr.org/track/cmf/generic?ttd_pid=adaptv&ttd_tpi=1 HTTP 302
https://ups.analytics.yahoo.com/ups/55953/sync?uid=3fbf10f0-5e71-4598-8dcd-adf7fd341aab&_origin=1&gdpr=1&gdpr_consent=

Request Chain 468

https://sync-tm.everesttech.net/upi/pid/m7y5t93k?gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fpixel.advertising.com%2Fups%2F55986%2Fsync%3Fuid%3D%24%7BUSER_ID%7D%26_origin%3D0&gdpr=0&gdpr_consent= HTTP 302
https://pixel.advertising.com/ups/55986/sync?uid=YTL3kQAERRxnbwBg&_origin=0&gdpr=0&gdpr_consent= HTTP 302
https://ups.analytics.yahoo.com/ups/55986/sync?uid=YTL3kQAERRxnbwBg&_origin=0&gdpr=0&gdpr_consent=&apid=UP8899cba9-0d39-11ec-8f0b-06a17173c662

Request Chain 469

https://pixel.advertising.com/ups/57304/sync?gdpr=&gdpr_consent=&_origin=0&redir=true HTTP 302
https://ups.analytics.yahoo.com/ups/57304/sync?gdpr=&gdpr_consent=&_origin=0&redir=true&apid=UP8899cba9-0d39-11ec-8f0b-06a17173c662 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=adaptv_dbm&google_cm&google_hm=VVA4ODk5Y2JhOS0wZDM5LTExZWMtOGYwYi0wNmExNzE3M2M2NjI%3D HTTP 302
https://pixel.advertising.com/ups/57304/sync?uid=CAESEOd3vx-wKdB6Kk_XAT19x6M&google_cver=1 HTTP 302
https://ups.analytics.yahoo.com/ups/57304/sync?uid=CAESEOd3vx-wKdB6Kk_XAT19x6M&google_cver=1&apid=UP8899cba9-0d39-11ec-8f0b-06a17173c662

Request Chain 474

https://secure.adnxs.com/getuid?https://dsum-sec.casalemedia.com/crum?cm_dsp_id=46&external_user_id=$UID HTTP 302
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=46&external_user_id=5975205377461622294

Request Chain 476

https://sync.mathtag.com/sync/img?mt_exid=15&redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Fcrum%3Fcm_dsp_id%3D3%26external_user_id%3D%5BMM_UUID%5D HTTP 302
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=3&external_user_id=1d436132-f792-4e00-b01f-d8c654a3be28

Request Chain 477

https://ups.analytics.yahoo.com/ups/55940/sync?_origin=1&redir2=true&uid=YTL3kKYyndRmi8RveD_PFAAABF4AAAIB&gdpr_consent=&us_privacy=&gdpr= HTTP 302
https://pr-bh.ybp.yahoo.com/sync/casale/YTL3kKYyndRmi8RveD_PFAAABF4AAAIB

Request Chain 478

https://ad.turn.com/r/cs?pid=21 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=4&external_user_id=8162451057914217269

Request Chain 481

https://bcp.crwdcntrl.net/map/c=6725/tp=INDX/tpid=YTL3kKYyndRmi8RveD-PFAAA%261118?gdpr_consent=&us_privacy=&gdpr= HTTP 302
https://bcp.crwdcntrl.net/map/ct=y/c=6725/tp=INDX/tpid=YTL3kKYyndRmi8RveD-PFAAA%261118?gdpr_consent=&us_privacy=&gdpr=

523 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request

Cookie set / Show response
www.123greetings.com/events/dance_day/
Redirect Chain

http://www.maqors.com/cgi-bin/click.pl?cid=nl010952202102&lid=206841&uid=203601343
https://www.123greetings.com/events/dance_day/?utm_source=Email&utm_medium=Special_NL&utm_campaign=SNL_june20_events

33 KB
8 KB

470ms
120ms

Document
text/html

184.72.245.68
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://www.123greetings.com/events/dance_day/?utm_source=Email&utm_medium=Special_NL&utm_campaign=SNL_june20_events

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

184.72.245.68 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

www.123greetings.com

Software

Apache/2.2.15 (CentOS) /

Resource Hash

f38499b189feda475cc32afb82c7fc784f4f4b685b95be9cb10ace6812e48b0c

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Host: www.123greetings.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Sat, 04 Sep 2021 04:28:49 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 8159
Connection: close
Cache-Control: max-age=900
Content-Encoding: gzip
ETag: "84b6-5cb2323889200"
Last-Modified: Sat, 04 Sep 2021 03:37:44 GMT
Server: Apache/2.2.15 (CentOS)
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
Expires: Sat, 04 Sep 2021 04:43:49 GMT
Age: 394
Accept-Ranges: bytes
Set-Cookie: SERVERID=; Expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/

Redirect headers

Content-Type: text/html; charset=iso-8859-1
Date: Sat, 04 Sep 2021 04:35:22 GMT
Location: https://www.123greetings.com/events/dance_day/?utm_source=Email&utm_medium=Special_NL&utm_campaign=SNL_june20_events
Server: Apache/2.2.15 (CentOS)
Content-Length: 396
Connection: keep-alive

GET
H/1.1 200
OK sub_categories_R1.css
c.123g.us/css/ 9 KB
3 KB 87ms
21ms Stylesheet
text/css 67.27.233.252
LEVEL3

General

Check archive.org

Show headers Download Go to

Full URL: https://c.123g.us/css/sub_categories_R1.css
Requested by: Host: www.123greetings.com
URL: https://www.123greetings.com/events/dance_day/?utm_source=Email&utm_medium=Special_NL&utm_campaign=SNL_june20_events
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 67.27.233.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 0596974ea0a4aa88cce0d0683b3af837fb80d633788395a98723d319f39c8de4

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Sun, 15 Aug 2021 11:31:12 GMT
Content-Encoding: gzip
Last-Modified: Thu, 19 Jul 2018 11:23:06 GMT
Server: Apache/2.2.15 (CentOS)
Age: 1703051
ETag: "225f-571586732da80"
Vary: Accept-Encoding
Content-Type: text/css
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2397
jake_test: Test_Pass
Expires: Tue, 17 Aug 2021 07:18:01 GMT

GET
H/1.1 200
OK 116520_th.gif
i.123g.us/c/ejan_danceday/th/ 8 KB
8 KB 89ms
22ms Image
image/gif 67.27.233.252
LEVEL3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.123g.us/c/ejan_danceday/th/116520_th.gif
Requested by: Host: www.123greetings.com
URL: https://www.123greetings.com/events/dance_day/?utm_source=Email&utm_medium=Special_NL&utm_campaign=SNL_june20_events
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 67.27.233.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 7c064bb7845bad5366d5e5948aaa8941f38f7b0293716e4cae2c135006119514

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Sun, 15 Aug 2021 08:02:35 GMT
Last-Modified: Mon, 24 Feb 2014 09:44:23 GMT
Server: Apache/2.2.15 (CentOS)
Age: 1715568
ETag: "1ecc-4f323d104cbc0"
Content-Type: image/gif
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 7884
jake_test: Test_Pass
Expires: Sun, 15 Aug 2021 08:17:36 GMT

GET
H/1.1 200
OK 328747_th.gif
i.123g.us/c/ejan_danceday/th/ 8 KB
8 KB 94ms
26ms Image
image/gif 67.27.233.252
LEVEL3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.123g.us/c/ejan_danceday/th/328747_th.gif
Requested by: Host: www.123greetings.com
URL: https://www.123greetings.com/events/dance_day/?utm_source=Email&utm_medium=Special_NL&utm_campaign=SNL_june20_events
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 67.27.233.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Footprint Distributor V6.1.1162 /
Resource Hash: a4803c0d08f7b3c253ae073fe3676b984e2b01be010724ae57b9666120af058c

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Sun, 22 Aug 2021 02:04:03 GMT
Last-Modified: Tue, 25 Apr 2017 13:23:32 GMT
Server: Footprint Distributor V6.1.1162
Age: 1132280
ETag: "1ff3-54dfda1501d00"
Content-Type: image/gif
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 8179
jake_test: Test_Pass
Expires: Sat, 28 Aug 2021 07:00:28 GMT

GET
H/1.1 200
OK 343147_th.gif
i.123g.us/c/ejan_danceday/th/ 7 KB
8 KB 89ms
22ms Image
image/gif 67.27.233.252
LEVEL3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.123g.us/c/ejan_danceday/th/343147_th.gif
Requested by: Host: www.123greetings.com
URL: https://www.123greetings.com/events/dance_day/?utm_source=Email&utm_medium=Special_NL&utm_campaign=SNL_june20_events
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 67.27.233.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 1afb484fcec98354ab3b6c1735fc7b25214457a4072dc45c5d1e519d9707f8f5

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Thu, 26 Aug 2021 18:06:29 GMT
Last-Modified: Tue, 28 Apr 2020 05:25:19 GMT
Server: Apache/2.2.15 (CentOS)
Age: 728934
ETag: "1dc8-5a4530eaccdc0"
Content-Type: image/gif
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 7624
jake_test: Test_Pass
Expires: Wed, 01 Sep 2021 13:23:57 GMT

GET
H/1.1 200
OK 327281_th.jpg
i.123g.us/c/ejan_danceday/th/ 10 KB
11 KB 89ms
22ms Image
image/jpeg 67.27.233.252
LEVEL3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.123g.us/c/ejan_danceday/th/327281_th.jpg
Requested by: Host: www.123greetings.com
URL: https://www.123greetings.com/events/dance_day/?utm_source=Email&utm_medium=Special_NL&utm_campaign=SNL_june20_events
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 67.27.233.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 24e1088d0aba3881894dbd9bde07a9752e068cbba705c520aad91000182375a5

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Tue, 31 Aug 2021 10:24:36 GMT
Last-Modified: Mon, 02 Jan 2017 13:14:27 GMT
Server: Apache/2.2.15 (CentOS)
Age: 324647
ETag: "2903-5451c54c2b2c0"
Content-Type: image/jpeg
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 10499
jake_test: Test_Pass
Expires: Tue, 31 Aug 2021 10:54:11 GMT

GET
H/1.1 200
OK 328643_th.gif
i.123g.us/c/ejan_danceday/th/ 7 KB
7 KB 102ms
22ms Image
image/gif 67.27.233.252
LEVEL3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.123g.us/c/ejan_danceday/th/328643_th.gif
Requested by: Host: www.123greetings.com
URL: https://www.123greetings.com/events/dance_day/?utm_source=Email&utm_medium=Special_NL&utm_campaign=SNL_june20_events
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 67.27.233.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: c35ffac173a56fd6ff32e34be11581eb7a3c290269df68f7ae624f9d7c47b2d9

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Tue, 31 Aug 2021 11:00:56 GMT
Last-Modified: Mon, 17 Apr 2017 12:49:56 GMT
Server: Apache/2.2.15 (CentOS)
Age: 322467
ETag: "1c91-54d5c3a6b6500"
Content-Type: image/gif
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 7313
jake_test: Test_Pass
Expires: Tue, 31 Aug 2021 11:15:57 GMT

GET
H/1.1 200
OK 103872_th.gif
i.123g.us/c/ejan_danceday/th/ 5 KB
6 KB 23ms
23ms Image
image/gif 67.27.233.252
LEVEL3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.123g.us/c/ejan_danceday/th/103872_th.gif
Requested by: Host: www.123greetings.com
URL: https://www.123greetings.com/events/dance_day/?utm_source=Email&utm_medium=Special_NL&utm_campaign=SNL_june20_events
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 67.27.233.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 70e65f2870cf252f728376c7525ae4a6badc6144c7fb438e933ede030b3bc56a

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Fri, 27 Aug 2021 13:38:22 GMT
Last-Modified: Mon, 24 Feb 2014 09:44:23 GMT
Server: Apache/2.2.15 (CentOS)
Age: 658621
ETag: "15b0-4f323d104cbc0"
Content-Type: image/gif
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 5552
jake_test: Test_Pass
Expires: Fri, 27 Aug 2021 13:53:23 GMT

GET
H/1.1 200
OK 125226_th.gif
i.123g.us/c/ejan_danceday/th/ 8 KB
8 KB 25ms
22ms Image
image/gif 67.27.233.252
LEVEL3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.123g.us/c/ejan_danceday/th/125226_th.gif
Requested by: Host: www.123greetings.com
URL: https://www.123greetings.com/events/dance_day/?utm_source=Email&utm_medium=Special_NL&utm_campaign=SNL_june20_events
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 67.27.233.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: eed762f0ad9462ad6ad3c8e18195bf64a88e19513024eacc3058411706ddcaef

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Sat, 21 Aug 2021 18:38:29 GMT
Last-Modified: Mon, 24 Feb 2014 09:44:23 GMT
Server: Apache/2.2.15 (CentOS)
Age: 1159014
ETag: "1fe7-4f323d104cbc0"
Content-Type: image/gif
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 8167
jake_test: Test_Pass
Expires: Tue, 31 Aug 2021 23:42:34 GMT

GET
H/1.1 200
OK 343937_th.gif
i.123g.us/c/ejan_danceday/th/ 6 KB
6 KB 23ms
22ms Image
image/gif 67.27.233.252
LEVEL3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.123g.us/c/ejan_danceday/th/343937_th.gif
Requested by: Host: www.123greetings.com
URL: https://www.123greetings.com/events/dance_day/?utm_source=Email&utm_medium=Special_NL&utm_campaign=SNL_june20_events
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 67.27.233.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 7c2c47543c18e87d331bec491e57add9968eb4c8fa2003f9a79ab23d667550b3

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Tue, 24 Aug 2021 11:04:25 GMT
Last-Modified: Thu, 23 Jul 2020 07:47:33 GMT
Server: Apache/2.2.15 (CentOS)
Age: 927058
ETag: "1679-5ab1711b18f40"
Content-Type: image/gif
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 5753
jake_test: Test_Pass
Expires: Thu, 02 Sep 2021 18:13:43 GMT

GET
H/1.1 200
OK 343084_th.gif
i.123g.us/c/ejan_danceday/th/ 8 KB
8 KB 25ms
22ms Image
image/gif 67.27.233.252
LEVEL3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.123g.us/c/ejan_danceday/th/343084_th.gif
Requested by: Host: www.123greetings.com
URL: https://www.123greetings.com/events/dance_day/?utm_source=Email&utm_medium=Special_NL&utm_campaign=SNL_june20_events
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 67.27.233.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: e69fb5fa59f6a8a2981469b5096619e5bb08fe20cfee9eca5a378099b40c9d59

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Sun, 08 Aug 2021 08:10:20 GMT
Last-Modified: Fri, 24 Apr 2020 13:46:20 GMT
Server: Apache/2.2.15 (CentOS)
Age: 2319903
ETag: "1e40-5a4099715c300"
Content-Type: image/gif
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 7744
jake_test: Test_Pass
Expires: Sun, 08 Aug 2021 08:25:20 GMT

GET
H2 200 3.jpg
i.ytimg.com/vi/CHNGP6_eER0/ 938 B
1 KB 18ms
18ms Image
image/jpeg 2a00:1450:4001:812::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.ytimg.com/vi/CHNGP6_eER0/3.jpg

Requested by

Host: www.123greetings.com
URL: https://www.123greetings.com/events/dance_day/?utm_source=Email&utm_medium=Special_NL&utm_campaign=SNL_june20_events

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2016 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

736ce08649fd5f84932faff044c359b163e396d4316c7bd4174bbc36ff5aca73

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:35:23 GMT
x-content-type-options: nosniff
server: sffe
age: 0
etag: "1526667346"
vary: Origin
content-type: image/jpeg
cache-control: public, max-age=7200
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 938
x-xss-protection: 0
expires: Sat, 04 Sep 2021 06:35:23 GMT

GET
H/1.1 200
OK cal_block2.gif
i.123g.us/images/special_block/ 24 KB
24 KB 24ms
22ms Image
image/gif 67.27.233.252
LEVEL3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.123g.us/images/special_block/cal_block2.gif
Requested by: Host: www.123greetings.com
URL: https://www.123greetings.com/events/dance_day/?utm_source=Email&utm_medium=Special_NL&utm_campaign=SNL_june20_events
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 67.27.233.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 21026407398ed753d48cd817a1f47881738ab30f449b90aa3f83d179ff3ed267

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Fri, 03 Sep 2021 06:26:44 GMT
Last-Modified: Mon, 05 Jul 2021 06:17:05 GMT
Server: Apache/2.2.15 (CentOS)
Age: 79719
ETag: "5fd2-5c65a4117fa40"
Content-Type: image/gif
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 24530
jake_test: Test_Pass
Expires: Fri, 03 Sep 2021 06:41:45 GMT

GET
H/1.1 200
OK 333131_ic.gif
i.123g.us/c/birth_happybirthday/ic/ 3 KB
4 KB 29ms
21ms Image
image/gif 67.27.233.252
LEVEL3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.123g.us/c/birth_happybirthday/ic/333131_ic.gif
Requested by: Host: www.123greetings.com
URL: https://www.123greetings.com/events/dance_day/?utm_source=Email&utm_medium=Special_NL&utm_campaign=SNL_june20_events
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 67.27.233.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 0677a3e17670aa44ed3ec4f010d6dfdc869b02f79aec76a79f7de6fcc7679833

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Fri, 03 Sep 2021 03:59:46 GMT
Last-Modified: Sat, 17 Feb 2018 06:15:32 GMT
Server: Apache/2.2.15 (CentOS)
Age: 88537
ETag: "d6e-5656263602900"
Content-Type: image/gif
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3438
jake_test: Test_Pass
Expires: Fri, 03 Sep 2021 04:15:04 GMT

GET
H/1.1 200
OK 340306_ic.jpg
i.123g.us/c/esep_roshhashanah_happy/ic/ 2 KB
3 KB 26ms
21ms Image
image/jpeg 67.27.233.252
LEVEL3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.123g.us/c/esep_roshhashanah_happy/ic/340306_ic.jpg
Requested by: Host: www.123greetings.com
URL: https://www.123greetings.com/events/dance_day/?utm_source=Email&utm_medium=Special_NL&utm_campaign=SNL_june20_events
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 67.27.233.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Footprint Distributor V6.1.1162 /
Resource Hash: 8ff93a61ffca62bd50b92cd3d9988832e62634f89a7cbb6fb56625b6a556cd12

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Tue, 31 Aug 2021 20:44:18 GMT
Last-Modified: Sat, 07 Sep 2019 06:28:06 GMT
Server: Footprint Distributor V6.1.1162
Age: 287465
ETag: "8fd-591f0a856e980"
Content-Type: image/jpeg
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2301
jake_test: Test_Pass
Expires: Thu, 02 Sep 2021 08:12:05 GMT

GET
H/1.1 200
OK 105816_ic.gif
i.123g.us/c/esep_roshhashanah_thanku/ic/ 2 KB
3 KB 22ms
21ms Image
image/gif 67.27.233.252
LEVEL3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.123g.us/c/esep_roshhashanah_thanku/ic/105816_ic.gif
Requested by: Host: www.123greetings.com
URL: https://www.123greetings.com/events/dance_day/?utm_source=Email&utm_medium=Special_NL&utm_campaign=SNL_june20_events
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 67.27.233.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 08d00ff2cce487220599803e146a8e6ec56c64c9e44111d6e4cd259fedb779f3

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Mon, 23 Aug 2021 07:18:33 GMT
Last-Modified: Mon, 24 Feb 2014 09:45:23 GMT
Server: Apache/2.2.15 (CentOS)
Age: 1027010
ETag: "9f7-4f323d49852c0"
Content-Type: image/gif
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2551
jake_test: Test_Pass
Expires: Thu, 26 Aug 2021 18:58:53 GMT

GET
H/1.1 200
OK 325316_ic.jpg
i.123g.us/c/birth_fun/ic/ 3 KB
3 KB 22ms
21ms Image
image/jpeg 67.27.233.252
LEVEL3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.123g.us/c/birth_fun/ic/325316_ic.jpg
Requested by: Host: www.123greetings.com
URL: https://www.123greetings.com/events/dance_day/?utm_source=Email&utm_medium=Special_NL&utm_campaign=SNL_june20_events
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 67.27.233.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 14c9fbe3c72b37dee6b92294dd299a1a5ef9e6473921d1077bb6cb81019a353e

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Fri, 03 Sep 2021 11:01:50 GMT
Last-Modified: Tue, 30 Aug 2016 07:10:55 GMT
Server: Apache/2.2.15 (CentOS)
Age: 63213
ETag: "b21-53b44ae801dc0"
Content-Type: image/jpeg
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2849
jake_test: Test_Pass
Expires: Fri, 03 Sep 2021 11:16:51 GMT

GET
H3-29 200 default.jpg
i.ytimg.com/vi/EKQrBURDtQE/ 5 KB
5 KB 23ms
7ms Image
image/jpeg 2a00:1450:4001:812::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.ytimg.com/vi/EKQrBURDtQE/default.jpg

Requested by

Host: www.123greetings.com
URL: https://www.123greetings.com/events/dance_day/?utm_source=Email&utm_medium=Special_NL&utm_campaign=SNL_june20_events

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2016 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a36d6c6c03c7ba4db1d35c8e00d933fc1ce336cc52bfdf50652134be67d4d759

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 02:52:55 GMT
x-content-type-options: nosniff
server: sffe
age: 6148
etag: "0"
vary: Origin
content-type: image/jpeg
cache-control: public, max-age=7200
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4966
x-xss-protection: 0
expires: Sat, 04 Sep 2021 04:52:55 GMT

GET
H/1.1 200
OK 120707_ic.gif
i.123g.us/c/esep_laborday_happy/ic/ 3 KB
3 KB 36ms
27ms Image
image/gif 67.27.233.252
LEVEL3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.123g.us/c/esep_laborday_happy/ic/120707_ic.gif
Requested by: Host: www.123greetings.com
URL: https://www.123greetings.com/events/dance_day/?utm_source=Email&utm_medium=Special_NL&utm_campaign=SNL_june20_events
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 67.27.233.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: aea7b1303319ccfd89bc9a9770e30917bbe180a40b7db8587e633ac0a065147b

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Thu, 12 Aug 2021 18:24:30 GMT
Last-Modified: Tue, 20 Aug 2019 13:53:00 GMT
Server: Apache/2.2.15 (CentOS)
Age: 1937453
ETag: "c43-5908cc6484700"
Content-Type: image/gif
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3139
jake_test: Test_Pass
Expires: Fri, 13 Aug 2021 08:33:01 GMT

GET
H/1.1 200
OK 103105_ic.gif
i.123g.us/c/esep_flowerofthemonth/ic/ 3 KB
3 KB 29ms
22ms Image
image/gif 67.27.233.252
LEVEL3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.123g.us/c/esep_flowerofthemonth/ic/103105_ic.gif
Requested by: Host: www.123greetings.com
URL: https://www.123greetings.com/events/dance_day/?utm_source=Email&utm_medium=Special_NL&utm_campaign=SNL_june20_events
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 67.27.233.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 3644c7d20e5506c54c5b0a56ee92f2346f93263115b1ca259c6138cffeabc6bb

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Sun, 29 Aug 2021 23:33:04 GMT
Last-Modified: Wed, 05 Aug 2015 10:55:34 GMT
Server: Apache/2.2.15 (CentOS)
Age: 450139
ETag: "a2b-51c8e3df5b580"
Content-Type: image/gif
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2603
jake_test: Test_Pass
Expires: Mon, 30 Aug 2021 05:55:53 GMT

GET
H3-29 200 default.jpg
i.ytimg.com/vi/2cyY3Z3Pm-U/ 3 KB
3 KB 23ms
7ms Image
image/jpeg 2a00:1450:4001:812::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.ytimg.com/vi/2cyY3Z3Pm-U/default.jpg

Requested by

Host: www.123greetings.com
URL: https://www.123greetings.com/events/dance_day/?utm_source=Email&utm_medium=Special_NL&utm_campaign=SNL_june20_events

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2016 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ce04f68d2b035b6adfab2de7758c64c455c8c2a1db70d0df2f2725ae7c41426d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:24:00 GMT
x-content-type-options: nosniff
server: sffe
age: 683
etag: "1345738479"
vary: Origin
content-type: image/jpeg
cache-control: public, max-age=7200
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3320
x-xss-protection: 0
expires: Sat, 04 Sep 2021 06:24:00 GMT

GET
H/1.1 200
OK 111086_ic.gif
i.123g.us/c/esep_laborday_weekend/ic/ 4 KB
4 KB 26ms
22ms Image
image/gif 67.27.233.252
LEVEL3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.123g.us/c/esep_laborday_weekend/ic/111086_ic.gif
Requested by: Host: www.123greetings.com
URL: https://www.123greetings.com/events/dance_day/?utm_source=Email&utm_medium=Special_NL&utm_campaign=SNL_june20_events
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 67.27.233.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 4859383f77274f674ef678cde3203242dc5fd669c701466e7efc77832cd12ee4

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Tue, 31 Aug 2021 07:15:49 GMT
Last-Modified: Mon, 24 Feb 2014 09:41:27 GMT
Server: Apache/2.2.15 (CentOS)
Age: 335974
ETag: "e15-4f323c6873fc0"
Content-Type: image/gif
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3605
jake_test: Test_Pass
Expires: Thu, 02 Sep 2021 08:02:51 GMT

GET
H/1.1 200
OK 318697_ic.jpg
i.123g.us/c/esep_roshhashanah_family/ic/ 3 KB
3 KB 23ms
21ms Image
image/jpeg 67.27.233.252
LEVEL3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.123g.us/c/esep_roshhashanah_family/ic/318697_ic.jpg
Requested by: Host: www.123greetings.com
URL: https://www.123greetings.com/events/dance_day/?utm_source=Email&utm_medium=Special_NL&utm_campaign=SNL_june20_events
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 67.27.233.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: b0528499b441e38c1df530e872b6674aba3c4c55abcd811d1292bccb4c0bae5a

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Thu, 12 Aug 2021 14:39:36 GMT
Last-Modified: Fri, 04 Sep 2015 14:43:55 GMT
Server: Apache/2.2.15 (CentOS)
Age: 1950947
ETag: "b1f-51eecedd7a0c0"
Content-Type: image/jpeg
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2847
jake_test: Test_Pass
Expires: Sat, 28 Aug 2021 10:36:56 GMT

GET
H/1.1 200
OK 120028_ic.gif
i.123g.us/c/esep_roshhashanah_friends/ic/ 4 KB
4 KB 22ms
21ms Image
image/gif 67.27.233.252
LEVEL3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.123g.us/c/esep_roshhashanah_friends/ic/120028_ic.gif
Requested by: Host: www.123greetings.com
URL: https://www.123greetings.com/events/dance_day/?utm_source=Email&utm_medium=Special_NL&utm_campaign=SNL_june20_events
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 67.27.233.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 25e03362f174b3808a73c0cc86e56fb7a13d88b4490709fe7370587651f50b92

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Thu, 26 Aug 2021 16:25:44 GMT
Last-Modified: Mon, 24 Feb 2014 09:44:08 GMT
Server: Apache/2.2.15 (CentOS)
Age: 734979
ETag: "e28-4f323d01fea00"
Content-Type: image/gif
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3624
jake_test: Test_Pass
Expires: Thu, 26 Aug 2021 16:40:44 GMT

GET
H/1.1 200
OK 103117_ic.gif
i.123g.us/c/esep_nathoneymonth/ic/ 2 KB
3 KB 39ms
24ms Image
image/gif 67.27.233.252
LEVEL3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.123g.us/c/esep_nathoneymonth/ic/103117_ic.gif
Requested by: Host: www.123greetings.com
URL: https://www.123greetings.com/events/dance_day/?utm_source=Email&utm_medium=Special_NL&utm_campaign=SNL_june20_events
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 67.27.233.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 5d64b7235acc0c2316fc199c7d90707105d389eeac3dbc3d49470faa5b2d2dc7

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Mon, 09 Aug 2021 17:31:40 GMT
Last-Modified: Wed, 05 Aug 2015 10:55:59 GMT
Server: Apache/2.2.15 (CentOS)
Age: 2199823
ETag: "8f6-51c8e3f732dc0"
Content-Type: image/gif
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2294
jake_test: Test_Pass
Expires: Wed, 18 Aug 2021 17:47:19 GMT

GET
H/1.1 200
OK 105952_ic.gif
i.123g.us/c/esep_laborday_thanku/ic/ 4 KB
4 KB 24ms
24ms Image
image/gif 67.27.233.252
LEVEL3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.123g.us/c/esep_laborday_thanku/ic/105952_ic.gif
Requested by: Host: www.123greetings.com
URL: https://www.123greetings.com/events/dance_day/?utm_source=Email&utm_medium=Special_NL&utm_campaign=SNL_june20_events
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 67.27.233.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 9775d6c214a05f699701974c19e12cb9d1ac1b6ef9eb815335b22f7276133c1c

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Fri, 20 Aug 2021 08:35:38 GMT
Last-Modified: Wed, 05 Aug 2015 11:52:01 GMT
Server: Apache/2.2.15 (CentOS)
Age: 1281585
ETag: "e52-51c8f07d73a40"
Content-Type: image/gif
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3666
jake_test: Test_Pass
Expires: Fri, 20 Aug 2021 08:50:38 GMT

GET
H/1.1 200
OK 105807_ic.gif
i.123g.us/c/esep_roshhashanah_shalom/ic/ 4 KB
4 KB 23ms
23ms Image
image/gif 67.27.233.252
LEVEL3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.123g.us/c/esep_roshhashanah_shalom/ic/105807_ic.gif
Requested by: Host: www.123greetings.com
URL: https://www.123greetings.com/events/dance_day/?utm_source=Email&utm_medium=Special_NL&utm_campaign=SNL_june20_events
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 67.27.233.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: b658a8b132845145dbc692bf1d77e8597ef503daae1d1bd918ef590819c9d674

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Sun, 08 Aug 2021 16:07:03 GMT
Last-Modified: Wed, 05 Aug 2015 13:54:33 GMT
Server: Apache/2.2.15 (CentOS)
Age: 2291300
ETag: "edc-51c90be0dd840"
Content-Type: image/gif
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3804
jake_test: Test_Pass
Expires: Mon, 23 Aug 2021 14:49:41 GMT

GET
H/1.1 200
OK 335289_ic.jpg
i.123g.us/c/esep_roshhashanah_greetings/ic/ 29 KB
30 KB 22ms
22ms Image
image/jpeg 67.27.233.252
LEVEL3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.123g.us/c/esep_roshhashanah_greetings/ic/335289_ic.jpg
Requested by: Host: www.123greetings.com
URL: https://www.123greetings.com/events/dance_day/?utm_source=Email&utm_medium=Special_NL&utm_campaign=SNL_june20_events
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 67.27.233.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: bd842cf720db8dd91f5445eb93ca810e2d6fbce902fe76aa648097daebcbf070

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Sat, 21 Aug 2021 18:21:38 GMT
Last-Modified: Fri, 24 Aug 2018 10:05:15 GMT
Server: Apache/2.2.15 (CentOS)
Age: 1160025
ETag: "7551-5742b83128cc0"
Content-Type: image/jpeg
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 30033
jake_test: Test_Pass
Expires: Wed, 01 Sep 2021 10:22:10 GMT

GET
H/1.1 200
OK jquery-1.11.1.js Show response
c.123g.us/js2/ 94 KB
33 KB 91ms
22ms Script
text/javascript 67.27.233.252
LEVEL3

General

Check archive.org

Show headers Download Go to

Full URL: https://c.123g.us/js2/jquery-1.11.1.js
Requested by: Host: www.123greetings.com
URL: https://www.123greetings.com/events/dance_day/?utm_source=Email&utm_medium=Special_NL&utm_campaign=SNL_june20_events
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 67.27.233.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 91222f96f34735ebc88df208017e54d4329b9202e3e52367fb8b149698a1a5ef

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Thu, 26 Aug 2021 21:34:02 GMT
Content-Encoding: gzip
Last-Modified: Tue, 07 Mar 2017 11:41:22 GMT
Server: Apache/2.2.15 (CentOS)
Age: 716481
ETag: "2c463-1762e-54a227db65c80"
Vary: Accept-Encoding
Content-Type: text/javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 33234
jake_test: Test_Pass

GET
H/1.1 200
OK jquery-migrate-1.2.1.min.js Show response
c.123g.us/js2/ 7 KB
3 KB 90ms
21ms Script
text/javascript 67.27.233.252
LEVEL3

General

Check archive.org

Show headers Download Go to

Full URL: https://c.123g.us/js2/jquery-migrate-1.2.1.min.js
Requested by: Host: www.123greetings.com
URL: https://www.123greetings.com/events/dance_day/?utm_source=Email&utm_medium=Special_NL&utm_campaign=SNL_june20_events
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 67.27.233.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 5336fb757df91e343cca414c112da532ff47f3d40b0d6e1b3c39ea00c8e24ab6

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Thu, 26 Aug 2021 21:34:02 GMT
Content-Encoding: gzip
Last-Modified: Tue, 07 Mar 2017 11:41:22 GMT
Server: Apache/2.2.15 (CentOS)
Age: 716481
ETag: "2c442-1cb3-54a227db65c80"
Vary: Accept-Encoding
Content-Type: text/javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3152
jake_test: Test_Pass

GET
H/1.1 200
OK swfobject.js Show response
c.123g.us/js2/ 10 KB
4 KB 96ms
27ms Script
text/javascript 67.27.233.252
LEVEL3

General

Check archive.org

Show headers Download Go to

Full URL: https://c.123g.us/js2/swfobject.js
Requested by: Host: www.123greetings.com
URL: https://www.123greetings.com/events/dance_day/?utm_source=Email&utm_medium=Special_NL&utm_campaign=SNL_june20_events
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 67.27.233.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: cafd612ebd6bc497a7a05d3dfef133a0b793f1e04e277b31c424d6d8892a1d48

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Tue, 24 Aug 2021 18:35:56 GMT
Content-Encoding: gzip
Last-Modified: Fri, 21 Apr 2017 06:58:31 GMT
Server: Apache/2.2.15 (CentOS)
Age: 899967
ETag: "261f-54da7c90553c0"
Vary: Accept-Encoding
Content-Type: text/javascript
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3868
jake_test: Test_Pass
Expires: Wed, 25 Aug 2021 07:33:04 GMT

GET
H/1.1 200
OK 123g_utils_v1.js Show response
c.123g.us/js2/ 123 KB
30 KB 101ms
22ms Script
text/javascript 67.27.233.252
LEVEL3

General

Check archive.org

Show headers Download Go to

Full URL: https://c.123g.us/js2/123g_utils_v1.js
Requested by: Host: www.123greetings.com
URL: https://www.123greetings.com/events/dance_day/?utm_source=Email&utm_medium=Special_NL&utm_campaign=SNL_june20_events
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 67.27.233.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 0fbe8ac90edf1af5508d89417ab916da0892806ca5259c435ef897160dca6daa

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Fri, 06 Aug 2021 06:10:58 GMT
Content-Encoding: gzip
Last-Modified: Fri, 04 Jun 2021 12:51:22 GMT
Server: Apache/2.2.15 (CentOS)
Age: 2499865
ETag: "2c3d8-1ed3a-5c3f026148680"
Vary: Accept-Encoding
Content-Type: text/javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 30667
jake_test: Test_Pass

GET
H/1.1 200
OK utilsopt.js Show response
c.123g.us/js2/ 22 KB
7 KB 100ms
22ms Script
text/javascript 67.27.233.252
LEVEL3

General

Check archive.org

Show headers Download Go to

Full URL: https://c.123g.us/js2/utilsopt.js
Requested by: Host: www.123greetings.com
URL: https://www.123greetings.com/events/dance_day/?utm_source=Email&utm_medium=Special_NL&utm_campaign=SNL_june20_events
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 67.27.233.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 0ae485367eb0862700624f4b18563586fe0fd2ecd7abd1efb8a4896ead71fdd3

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Thu, 26 Aug 2021 18:39:58 GMT
Content-Encoding: gzip
Last-Modified: Wed, 04 Nov 2020 10:41:25 GMT
Server: Apache/2.2.15 (CentOS)
Age: 726925
ETag: "57b2-5b3459efc3f40"
Vary: Accept-Encoding
Content-Type: text/javascript
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 6801
jake_test: Test_Pass
Expires: Thu, 26 Aug 2021 18:55:00 GMT

GET
H/1.1 200
OK 123g_subcategory_opt.js Show response
c.123g.us/js2/ 9 KB
3 KB 22ms
22ms Script
text/javascript 67.27.233.252
LEVEL3

General

Check archive.org

Show headers Download Go to

Full URL: https://c.123g.us/js2/123g_subcategory_opt.js
Requested by: Host: www.123greetings.com
URL: https://www.123greetings.com/events/dance_day/?utm_source=Email&utm_medium=Special_NL&utm_campaign=SNL_june20_events
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 67.27.233.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 987a85ec33287307910313fc7b22a8ab6cd0dc24e9fe5945f8a42af4223c1550

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Thu, 26 Aug 2021 09:49:18 GMT
Content-Encoding: gzip
Last-Modified: Tue, 22 Sep 2020 12:15:33 GMT
Server: Apache/2.2.15 (CentOS)
Age: 758765
ETag: "2c43e-2257-5afe5ec74c340"
Vary: Accept-Encoding
Content-Type: text/javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2831
jake_test: Test_Pass

GET
H/1.1 200
OK rakpanel.js Show response
c.123g.us/js2/ 3 KB
2 KB 22ms
21ms Script
text/javascript 67.27.233.252
LEVEL3

General

Check archive.org

Show headers Download Go to

Full URL: https://c.123g.us/js2/rakpanel.js
Requested by: Host: www.123greetings.com
URL: https://www.123greetings.com/events/dance_day/?utm_source=Email&utm_medium=Special_NL&utm_campaign=SNL_june20_events
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 67.27.233.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: f48f1b088976f2de3bb46a5c5bc609160ef0a6f919109e08f784596b0a93b7d8

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Mon, 30 Aug 2021 00:05:51 GMT
Content-Encoding: gzip
Last-Modified: Thu, 09 Aug 2018 13:50:01 GMT
Server: Apache/2.2.15 (CentOS)
Age: 448172
ETag: "d4c-57300e747f440"
Vary: Accept-Encoding
Content-Type: text/javascript
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1626
jake_test: Test_Pass
Expires: Mon, 30 Aug 2021 11:15:29 GMT

GET
H/1.1 200
OK jquery.ajax_autocomplete.js Show response
c.123g.us/js2/ 32 KB
10 KB 22ms
22ms Script
text/javascript 67.27.233.252
LEVEL3

General

Check archive.org

Show headers Download Go to

Full URL: https://c.123g.us/js2/jquery.ajax_autocomplete.js
Requested by: Host: www.123greetings.com
URL: https://www.123greetings.com/events/dance_day/?utm_source=Email&utm_medium=Special_NL&utm_campaign=SNL_june20_events
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 67.27.233.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 969cfdee4bd0977fdc16895cc9f97e342e7f722518333f2145a0ea47f8662944

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Thu, 12 Aug 2021 02:48:33 GMT
Content-Encoding: gzip
Last-Modified: Wed, 14 Oct 2020 08:18:53 GMT
Server: Apache/2.2.15 (CentOS)
Age: 1993610
ETag: "7f11-5b19d2e943540"
Vary: Accept-Encoding
Content-Type: text/javascript
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 9770
jake_test: Test_Pass
Expires: Thu, 12 Aug 2021 08:00:16 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 138 KB
49 KB 64ms
40ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: www.123greetings.com
URL: https://www.123greetings.com/events/dance_day/?utm_source=Email&utm_medium=Special_NL&utm_campaign=SNL_june20_events

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d42551b36f344c14cbab00492d682f78ff716f25436e56f2ec19605017f49071

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:35:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 49509
x-xss-protection: 0
server: cafe
etag: 7468415767210843005
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Sat, 04 Sep 2021 04:35:23 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 101 KB
40 KB 17ms
15ms Script
application/javascript 2a00:1450:4001:810::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-5085183-1

Requested by

Host: www.123greetings.com
URL: https://www.123greetings.com/events/dance_day/?utm_source=Email&utm_medium=Special_NL&utm_campaign=SNL_june20_events

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

c7a3df314feb82249ea4f314f22fa4e077c696f2520b103ad7572d7066c89f51

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:35:23 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 41194
x-xss-protection: 0
last-modified: Sat, 04 Sep 2021 03:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sat, 04 Sep 2021 04:35:23 GMT

GET
H/1.1 200
OK styleopt_R1.css
c.123g.us/css/ 80 KB
16 KB 22ms
22ms Stylesheet
text/css 67.27.233.252
LEVEL3

General

Check archive.org

Show headers Download Go to

Full URL: https://c.123g.us/css/styleopt_R1.css
Requested by: Host: c.123g.us
URL: https://c.123g.us/css/sub_categories_R1.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 67.27.233.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: f1e39db75b34ff4da77fbb5d728ae7278c79ab84cd41553cbe757463d8a38796

Request headers

Referer: https://c.123g.us/css/sub_categories_R1.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Wed, 25 Aug 2021 21:40:47 GMT
Content-Encoding: gzip
Last-Modified: Fri, 28 May 2021 11:38:55 GMT
Server: Apache/2.2.15 (CentOS)
Age: 802476
ETag: "13f87-5c3625216f1c0"
Vary: Accept-Encoding
Content-Type: text/css
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 16152
jake_test: Test_Pass
Expires: Wed, 25 Aug 2021 21:55:55 GMT

GET
H/1.1 200
OK modal_window_R1.css
c.123g.us/css/ 33 KB
7 KB 25ms
21ms Stylesheet
text/css 67.27.233.252
LEVEL3

General

Check archive.org

Show headers Download Go to

Full URL: https://c.123g.us/css/modal_window_R1.css
Requested by: Host: c.123g.us
URL: https://c.123g.us/css/sub_categories_R1.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 67.27.233.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: c40c9c0117af4abd3ab87c81eb1725c442ec682095d29cc8bc2206e3e5ac1c23

Request headers

Referer: https://c.123g.us/css/sub_categories_R1.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Wed, 11 Aug 2021 08:16:17 GMT
Content-Encoding: gzip
Last-Modified: Wed, 10 Jun 2020 09:39:02 GMT
Server: Apache/2.2.15 (CentOS)
Age: 2060346
ETag: "8220-5a7b79d367980"
Vary: Accept-Encoding
Content-Type: text/css
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 6727
jake_test: Test_Pass
Expires: Sun, 22 Aug 2021 07:33:17 GMT

GET
H2 200 sdk.js Show response
connect.facebook.net/en_US/ 3 KB
2 KB 6ms
6ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/sdk.js

Requested by

Host: www.123greetings.com
URL: https://www.123greetings.com/events/dance_day/?utm_source=Email&utm_medium=Special_NL&utm_campaign=SNL_june20_events

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

845b258ca2c1dd104a71d86e500496ab3759a6c644dd807b1c318583a9fc299b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: kUHcos1xL9Tu1dUOHvT4fQ==
cross-origin-resource-policy: cross-origin
expires: Sat, 04 Sep 2021 04:42:01 GMT
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 1685
x-fb-rlafr: 0
x-fb-debug: imeQZXpz65Ldy9TcjEaNVoNMQo0cL60TMFfMgUoGyraIoWv3CGiX5kPM+EzVh9qZPZb7mg8LOGycrS7oaZmx3Q==
x-fb-trip-id: 917726464
x-fb-content-md5: 96ba57a0c6051c418dc686dad09f39a6
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
date: Sat, 04 Sep 2021 04:35:23 GMT
x-frame-options: DENY
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public,max-age=1200,stale-while-revalidate=3600
etag: "35fc537241c83cd7f1a627120a204201"
timing-allow-origin: *
priority: u=3,i
access-control-expose-headers: X-FB-Content-MD5

GET
H/1.1 200
OK 123g_master_bg.png
c.123g.us/images/ 145 B
501 B 28ms
27ms Image
image/png 67.27.233.252
LEVEL3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.123g.us/images/123g_master_bg.png
Requested by: Host: c.123g.us
URL: https://c.123g.us/css/styleopt_R1.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 67.27.233.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: abfaa28e509b104c2edc0bd048809340d5e006ec872e1966baff8383ff8a0e22

Request headers

Referer: https://c.123g.us/css/styleopt_R1.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Sat, 07 Aug 2021 13:30:21 GMT
Last-Modified: Fri, 21 Apr 2017 06:58:09 GMT
Server: Apache/2.2.15 (CentOS)
Age: 2387102
ETag: "91-54da7c7b5a240"
Content-Type: image/png
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 145
jake_test: Test_Pass
Expires: Tue, 17 Aug 2021 21:32:38 GMT

GET
H/1.1 200
OK master_img_menu.png
c.123g.us/images/ 6 KB
6 KB 24ms
23ms Image
image/png 67.27.233.252
LEVEL3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.123g.us/images/master_img_menu.png
Requested by: Host: c.123g.us
URL: https://c.123g.us/css/styleopt_R1.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 67.27.233.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 12ba93c7b0114439929f7ac0efcdc60e6eee9da57a2fe6ce68bb969f00f4a54e

Request headers

Referer: https://c.123g.us/css/styleopt_R1.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Sat, 21 Aug 2021 12:06:49 GMT
Last-Modified: Fri, 21 Apr 2017 06:58:09 GMT
Server: Apache/2.2.15 (CentOS)
Age: 1182514
ETag: "1861-54da7c7b5a240"
Content-Type: image/png
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 6241
jake_test: Test_Pass
Expires: Sat, 21 Aug 2021 12:22:23 GMT

GET
H/1.1 200
OK icon_set_R1.png
c.123g.us/images/ 140 KB
141 KB 23ms
22ms Image
image/png 67.27.233.252
LEVEL3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.123g.us/images/icon_set_R1.png
Requested by: Host: c.123g.us
URL: https://c.123g.us/css/styleopt_R1.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 67.27.233.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 00d2454ee3db7d2a389c0e7cefd7a4b84c26a983af51e38fa9a7621c9be5f66c

Request headers

Referer: https://c.123g.us/css/styleopt_R1.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Wed, 18 Aug 2021 14:04:27 GMT
Last-Modified: Mon, 18 Nov 2019 12:30:19 GMT
Server: Apache/2.2.15 (CentOS)
Age: 1434656
ETag: "230cb-5979e1c4d2cc0"
Content-Type: image/png
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 143563
jake_test: Test_Pass
Expires: Wed, 18 Aug 2021 14:19:30 GMT

GET
H/1.1 200
OK big_img_sprite.png
c.123g.us/images/ 134 KB
134 KB 23ms
23ms Image
image/png 67.27.233.252
LEVEL3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.123g.us/images/big_img_sprite.png
Requested by: Host: c.123g.us
URL: https://c.123g.us/css/styleopt_R1.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 67.27.233.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 69303f97bf43e5d9fd7a0c8e6b5f4b49de4466684c7e2b8e2108de98e5c98483

Request headers

Referer: https://c.123g.us/css/styleopt_R1.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Fri, 27 Aug 2021 15:00:09 GMT
Last-Modified: Wed, 11 Sep 2019 08:42:36 GMT
Server: Apache/2.2.15 (CentOS)
Age: 653714
ETag: "9cd35-21653-5924300b6d700"
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 136787
jake_test: Test_Pass

GET
H/1.1 200
OK master_icon_set_2.png
c.123g.us/images/ 88 KB
88 KB 23ms
22ms Image
image/png 67.27.233.252
LEVEL3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.123g.us/images/master_icon_set_2.png
Requested by: Host: c.123g.us
URL: https://c.123g.us/css/styleopt_R1.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 67.27.233.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 89b03d4a2f2ca3d04df1fda63a5247ef31cea689a0ca553e353122ab3d22b646

Request headers

Referer: https://c.123g.us/css/styleopt_R1.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Mon, 09 Aug 2021 06:34:22 GMT
Last-Modified: Tue, 16 Feb 2021 07:04:35 GMT
Server: Apache/2.2.15 (CentOS)
Age: 2239261
ETag: "15fce-5bb6eb70666c0"
Content-Type: image/png
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 90062
jake_test: Test_Pass
Expires: Mon, 09 Aug 2021 06:50:10 GMT

GET
H/1.1 200
OK 123g_master_icon_set_2.png
c.123g.us/images/ 60 KB
61 KB 23ms
23ms Image
image/png 67.27.233.252
LEVEL3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.123g.us/images/123g_master_icon_set_2.png
Requested by: Host: c.123g.us
URL: https://c.123g.us/css/styleopt_R1.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 67.27.233.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 4330d4072d013510b91ca5648f210b614c2e4e8ecbea94a1f8a8373aa6068532

Request headers

Referer: https://c.123g.us/css/styleopt_R1.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Thu, 12 Aug 2021 11:32:56 GMT
Last-Modified: Tue, 16 Feb 2021 07:04:27 GMT
Server: Apache/2.2.15 (CentOS)
Age: 1962147
ETag: "9d037-f1d2-5bb6eb68c54c0"
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 61906
jake_test: Test_Pass

GET
H/1.1 200
OK request.js Show response
trkn.us/info/ 2 KB
1 KB 494ms
125ms Script
application/javascript 3.222.63.32
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://trkn.us/info/request.js?sid=1efbd474-f6d6-4c7a-ab0e-0a28232c817d&ord=4427447957.283512

Requested by

Host: www.123greetings.com
URL: https://www.123greetings.com/events/dance_day/?utm_source=Email&utm_medium=Special_NL&utm_campaign=SNL_june20_events

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.222.63.32 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-3-222-63-32.compute-1.amazonaws.com

Software

Apache /

Resource Hash

8643f415648398a15ed3270adff5d0d66d95a1b80c4b2a343717c689b394138d

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 04 Sep 2021 04:35:24 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: Apache
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: keep-alive
Content-Length: 732
Expires: Sun, 01 Jan 2014 00:00:00 GMT

GET
H/1.1 200
OK addressbook.js Show response
c.123g.us/js2/ 401 KB
76 KB 22ms
22ms Script
text/javascript 67.27.233.252
LEVEL3

General

Check archive.org

Show headers Download Go to

Full URL: https://c.123g.us/js2/addressbook.js
Requested by: Host: c.123g.us
URL: https://c.123g.us/js2/jquery-1.11.1.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 67.27.233.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 82bd02cee2c77b75a28a94f51c1163035315c09ef8eafe6fa5f79f35b97424e5

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Tue, 31 Aug 2021 08:44:53 GMT
Content-Encoding: gzip
Last-Modified: Tue, 31 Aug 2021 08:44:13 GMT
Server: Apache/2.2.15 (CentOS)
Age: 330630
ETag: "2c7ab-6427b-5cad6f43cf140"
Vary: Accept-Encoding
Content-Type: text/javascript
Transfer-Encoding: chunked
Connection: keep-alive
jake_test: Test_Pass

GET
H2 200 gpt.js Show response
www.googletagservices.com/tag/js/ 70 KB
25 KB 36ms
14ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: c.123g.us
URL: https://c.123g.us/js2/123g_utils_v1.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3948b89c1dbd03a0c6db7e6a4197ff149d266cd15a55ac81a3a811cfd7cb2489

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:35:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "977 / 251 of 1000 / last-modified: 1630706924"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 24938
x-xss-protection: 0
expires: Sat, 04 Sep 2021 04:35:23 GMT

GET
H/1.1 200
OK closeBtn_h.png
c.123g.us/images/ 1 KB
1 KB 22ms
22ms Image
image/png 67.27.233.252
LEVEL3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.123g.us/images/closeBtn_h.png
Requested by: Host: www.123greetings.com
URL: https://www.123greetings.com/events/dance_day/?utm_source=Email&utm_medium=Special_NL&utm_campaign=SNL_june20_events
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 67.27.233.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 1e66c06ab180f7bf3da83626313d8c1b45efa2ddd191b430ffec9993a3f9675f

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Fri, 20 Aug 2021 09:17:28 GMT
Last-Modified: Tue, 07 Mar 2017 11:40:43 GMT
Server: Apache/2.2.15 (CentOS)
Age: 1279075
ETag: "9cf1d-42a-54a227b6344c0"
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1066
jake_test: Test_Pass

GET
H3-29 200 sdk.js Show response
connect.facebook.net/en_US/ 222 KB
65 KB 8ms
7ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/sdk.js?hash=48b7fe1fbccebeac39d3147ab235485c

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

0ab0bbfff8ab1ac6fa3cbd6ba8824dd545c0cc6bae45d11438a44c60ef758457

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Origin: https://www.123greetings.com
Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: SZKZtykzcFdgTIXhZwoXNA==
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 66827
x-fb-rlafr: 0
x-fb-debug: V2x7mX5LVdVeqgqsvAaTcr4ukU4IsZA+ZKW/9fway2mXrnMWPT19z3CCzk7nJaM3m3a34mP8dXdpVFq23wJl/w==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
x-fb-content-md5: 443a8c528712c7738a391583f8f73e8a
x-frame-options: DENY
date: Sat, 04 Sep 2021 04:35:23 GMT
vary: Accept-Encoding
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
etag: "08e042d77b6fb1b176ac56377830c8c7"
timing-allow-origin: *
priority: u=3,i
expires: Sun, 04 Sep 2022 03:40:34 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 48 KB
19 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:829::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-5085183-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

fd222137f245c06ddb4c4d44db41f12138dad6cf8ef5d4d4a5e500f38f0c8c62

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 11 Aug 2021 00:32:57 GMT
server: Golfe2
age: 6203
date: Sat, 04 Sep 2021 02:52:00 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19747
expires: Sat, 04 Sep 2021 04:52:00 GMT

GET
H3-29 200 show_ads_impl_with_ama_fy2019.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202109010101/ 250 KB
93 KB 49ms
35ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202109010101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-8275302107693664&plah=www.123greetings.com

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

cb658d8af264091d320d32e952cb1756ea0145c2f6497b182a39e7ce4e466653

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:35:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 95178
x-xss-protection: 0
server: cafe
etag: 9330497266985682447
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Sat, 04 Sep 2021 04:35:23 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20210831/r20190131/ Frame 6B47 10 KB
5 KB 6ms
6ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20210831/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

bf5230ffb8745d28c11ae8b743868364f9be8379300bd59d235f402a53ea96ee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/html/r20210831/r20190131/zrt_lookup.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.123greetings.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://www.123greetings.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Fri, 03 Sep 2021 16:11:58 GMT
expires: Fri, 17 Sep 2021 16:11:58 GMT
content-type: text/html; charset=UTF-8
etag: 13836150016441684253
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 4591
x-xss-protection: 0
age: 44605
cache-control: public, max-age=1209600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H3-29 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 13ms
13ms XHR
text/plain 2a00:1450:4001:829::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j93&a=13391113&t=pageview&_s=1&dl=https%3A%2F%2Fwww.123greetings.com%2Fevents%2Fdance_day%2F%3Futm_source%3DEmail%26amp%3Butm_medium%3DSpecial_NL%26amp%3Butm_campaign%3DSNL_june20_events&ul=en-us&de=UTF-8&dt=Dance%20Day%20Cards%2C%20Free%20Dance%20Day%20Wishes%2C%20Greeting%20Cards%20%7C%20123%20Greetings&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAUABAAAAAC~&jid=1998505953&gjid=470371287&cid=220270117.1630730124&tid=UA-5085183-1&_gid=159468701.1630730124&_r=1&gtm=2ou910&z=700866571

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:35:23 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.123greetings.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK connect_config.js Show response
c.123g.us/js2/ 201 B
466 B 23ms
22ms Script
text/javascript 67.27.233.252
LEVEL3

General

Check archive.org

Show headers Download Go to

Full URL: https://c.123g.us/js2/connect_config.js
Requested by: Host: c.123g.us
URL: https://c.123g.us/js2/jquery-1.11.1.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 67.27.233.252 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 8a4a4dfac1d187a4eeaf1f9d90fae93ab7d76f1ff885b43ef1edab642f4a5c9a

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Tue, 24 Aug 2021 05:58:13 GMT
Content-Encoding: gzip
Last-Modified: Tue, 07 Mar 2017 11:41:22 GMT
Server: Apache/2.2.15 (CentOS)
Age: 945430
ETag: "2c454-c9-54a227db65c80"
Vary: Accept-Encoding
Content-Type: text/javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 120
jake_test: Test_Pass

GET
H2 200 pubads_impl_2021083101.js Show response
securepubads.g.doubleclick.net/gpt/ 333 KB
117 KB 86ms
31ms Script
text/javascript 216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021083101.js

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.212.130 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s46-in-f2.1e100.net

Software

sffe /

Resource Hash

821bdc4f69b0d71c8ee65e9e97c232e0a127004991b92133da9019dbe8f90047

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:35:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 31 Aug 2021 08:39:05 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, immutable, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 119248
x-xss-protection: 0
expires: Sat, 04 Sep 2021 04:35:24 GMT

GET
H2 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 414 B
844 B 88ms
33ms XHR
application/json 216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=www.123greetings.com

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.212.130 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s46-in-f2.1e100.net

Software

cafe /

Resource Hash

e91e7d4b434bf577e8f9f0fef4a45ab94c41fd0493ff9e760bcd398732f6fdc4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 04 Sep 2021 04:35:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 186
x-xss-protection: 0
expires: Sat, 04 Sep 2021 04:35:24 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 1 B
88 B 14ms
14ms XHR
text/plain 2a00:1450:400c:c08::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j93&tid=UA-5085183-1&cid=220270117.1630730124&jid=1998505953&gjid=470371287&_gid=159468701.1630730124&_u=YEBAAUAAAAAAAC~&z=1643074581

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c08::9c Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Sat, 04 Sep 2021 04:35:23 GMT
content-type: text/plain
access-control-allow-origin: https://www.123greetings.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 206 B
660 B 85ms
32ms Script
text/javascript 216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=www.123greetings.com&callback=_gfp_s_&client=ca-pub-8275302107693664

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202109010101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-8275302107693664&plah=www.123greetings.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.212.130 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s46-in-f2.1e100.net

Software

cafe /

Resource Hash

0ae44c10c0da89d0ba862a31ff258905d28015b7996b9e3feb30f72a7fa7a400

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:35:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 194
x-xss-protection: 0

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 14ms
14ms Image
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=ach_evt&url=https%3A%2F%2Fwww.123greetings.com%2Fevents%2Fdance_day%2F%3Futm_source%3DEmail%26amp%3Butm_medium%3DSpecial_NL%26amp%3Butm_campaign%3DSNL_june20_events&tn=DIV&id=cookie_bar&cls=cookie_bar&ign=false&pw=1600&ph=1200&x=1575&y=1175

Requested by

Host: www.123greetings.com
URL: https://www.123greetings.com/events/dance_day/?utm_source=Email&utm_medium=Special_NL&utm_campaign=SNL_june20_events

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:35:24 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
317 B 15ms
14ms Script
application/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.123greetings.com

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 04 Sep 2021 04:35:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
313 B 15ms
14ms Script
application/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.123greetings.com

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 04 Sep 2021 04:35:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame D375 0
19 B 89ms
87ms Document
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8275302107693664&output=html&adk=1812271804&adf=3025194257&lmt=1630726664&plat=1%3A16777216%2C8%3A134217728%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fwww.123greetings.com%2Fevents%2Fdance_day%2F%3Futm_source%3DEmail%26amp%3Butm_medium%3DSpecial_NL%26amp%3Butm_campaign%3DSNL_june20_events&ea=0&flash=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1630730123904&bpp=2&bdt=253&idt=83&shv=r20210831&mjsv=m202109010101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=3415642258927&frm=20&pv=2&ga_vid=220270117.1630730124&ga_sid=1630730124&ga_hid=13391113&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062369%2C31062297%2C31062093&oid=3&pvsid=2168193984601864&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=107

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-8275302107693664&output=html&adk=1812271804&adf=3025194257&lmt=1630726664&plat=1%3A16777216%2C8%3A134217728%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fwww.123greetings.com%2Fevents%2Fdance_day%2F%3Futm_source%3DEmail%26amp%3Butm_medium%3DSpecial_NL%26amp%3Butm_campaign%3DSNL_june20_events&ea=0&flash=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1630730123904&bpp=2&bdt=253&idt=83&shv=r20210831&mjsv=m202109010101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=3415642258927&frm=20&pv=2&ga_vid=220270117.1630730124&ga_sid=1630730124&ga_hid=13391113&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062369%2C31062297%2C31062093&oid=3&pvsid=2168193984601864&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=107
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.123greetings.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://www.123greetings.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Sat, 04 Sep 2021 04:35:24 GMT
server: cafe
content-length: 0
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Sat, 04-Sep-2021 04:50:24 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sat, 04 Sep 2021 04:35:24 GMT
cache-control: private

GET
H3-29 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ 72 KB
27 KB 34ms
21ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bd3a2482b7b952b621e16a05c3bb1847829d057fb1384f4c32d1362b8153e967

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:35:24 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1630496339498273"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27562
x-xss-protection: 0
expires: Sat, 04 Sep 2021 04:35:24 GMT

GET
H3-29 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
122 B 29ms
16ms Script
application/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.123greetings.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021083101.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 04 Sep 2021 04:35:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 29ms
15ms Script
application/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.123greetings.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021083101.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 04 Sep 2021 04:35:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 170 KB
50 KB 826ms
795ms XHR
text/plain 216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=2168193984601864&correlator=1216118186808690&output=ldjh&impl=fifs&eid=31062297%2C31062093&vrg=2021083101&ptt=17&sc=1&sfv=1-0-38&ecs=20210904&iu_parts=46400095%2CDesktopWeb_SubCategory_LB%2CDesktopWeb_SubCategory_Mrec%2CDesktopWeb_SubCategory_SecondMrec%2CDesktopWeb_SubCategory_LowerMrec%2CDesktopWeb_SubCategory_BottomLrec%2CDesktopWeb_SubCategory_BottomSecondLrec%2CDesktopWeb_SubCategory_LowerLB%2CDesktopWeb_SubCategory_Video%2CDesktopWeb_SubCategory_VideoInContent&enc_prev_ius=%2F0%2F1%2C%2F0%2F2%2C%2F0%2F3%2C%2F0%2F4%2C%2F0%2F5%2C%2F0%2F6%2C%2F0%2F7%2C%2F0%2F8%2C%2F0%2F9&prev_iu_szs=728x90%2C300x250%2C300x250%2C300x250%2C300x250%2C300x250%2C970x90%7C728x90%7C970x250%2C1x1%2C1x1&cust_params=site%3D123greetings.com%26section%3Dejan_danceday%26page%3Dsubcategory&cookie=ID%3Dce8f539ebdc05cc5-223843bdecc80030%3AT%3D1630730124%3ART%3D1630730124%3AS%3DALNI_Mbp_rU8kniLnsTtIiXw0qw__N_ZDQ&bc=31&abxe=1&lmt=1630726664&dt=1630730124151&dlt=1630730123651&idt=470&frm=20&biw=1600&bih=1200&oid=3&adxs=560%2C970%2C970%2C970%2C970%2C970%2C310%2C0%2C320&adys=47%2C236%2C518%2C1873%2C2155%2C2437%2C2725%2C2918%2C1157&adks=3914305483%2C1127719608%2C4293624944%2C3694362538%2C3926068587%2C1178609660%2C2276923048%2C933155397%2C4230775942&ucis=1%7C2%7C3%7C4%7C5%7C6%7C7%7C8%7C9&ifi=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=120&u_java=false&flash=0&url=https%3A%2F%2Fwww.123greetings.com%2Fevents%2Fdance_day%2F%3Futm_source%3DEmail%26amp%3Butm_medium%3DSpecial_NL%26amp%3Butm_campaign%3DSNL_june20_events&vis=1&dmc=8&scr_x=0&scr_y=0&psz=980x90%7C320x262%7C320x262%7C320x262%7C320x262%7C320x262%7C980x37%7C1600x2898%7C630x0&msz=728x90%7C300x250%7C300x250%7C300x250%7C300x250%7C300x250%7C980x0%7C1600x0%7C630x0&ga_vid=220270117.1630730124&ga_sid=1630730124&ga_hid=13391113&ga_fc=false&fws=4%2C4%2C4%2C4%2C4%2C4%2C0%2C0%2C0&ohw=728%2C300%2C300%2C300%2C300%2C300%2C0%2C0%2C0&btvi=0%7C0%7C0%7C1%7C2%7C3%7C4%7C5%7C0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021083101.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

216.58.212.130 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s46-in-f2.1e100.net

Software

cafe /

Resource Hash

01b31cc1e091a30210647b07199c520f8c787dd884b6435100142a979911ee40

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:35:24 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2,-2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 50720
x-xss-protection: 0
google-lineitem-id: -1,-1,-1,-1,-1,-1,-1,5501288042,5461263814
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -1,-1,-1,-1,-1,-1,-1,138326033967,138321279906
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.123greetings.com
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame F045 6 KB
3 KB 57ms
13ms Document
text/html 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021083101.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.123greetings.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://www.123greetings.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 3108
date: Sat, 04 Sep 2021 04:35:24 GMT
expires: Sun, 04 Sep 2022 04:35:24 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H/1.1

200
OK

/
trkn.us/info/
Redirect Chain

https://trkn.us/info/?sid=1efbd474-f6d6-4c7a-ab0e-0a28232c817d&ord=4427447957.283512&ref=https%3A%2F%2Fwww.123greetings.com%2Fevents%2Fdance_day%2F%3Futm_source%3DEmail%26amp%3Butm_medium%3DSpecial...
https://trkn.us/info/?sid=1efbd474-f6d6-4c7a-ab0e-0a28232c817d&ord=4427447957.283512&ref=https%3A%2F%2Fwww.123greetings.com%2Fevents%2Fdance_day%2F%3Futm_source%3DEmail%26amp%3Butm_medium%3DSpecial...

42 B
780 B

127ms
127ms

Image
image/gif

3.222.63.32
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://trkn.us/info/?sid=1efbd474-f6d6-4c7a-ab0e-0a28232c817d&ord=4427447957.283512&ref=https%3A%2F%2Fwww.123greetings.com%2Fevents%2Fdance_day%2F%3Futm_source%3DEmail%26amp%3Butm_medium%3DSpecial_NL%26amp%3Butm_campaign%3DSNL_june20_events&dvis=visible&ip=185.236.201.227&cuidchk=1

Requested by

Host: www.123greetings.com
URL: https://www.123greetings.com/events/dance_day/?utm_source=Email&utm_medium=Special_NL&utm_campaign=SNL_june20_events

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.222.63.32 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-3-222-63-32.compute-1.amazonaws.com

Software

Apache /

Resource Hash

b2c78c910f5ea29e3a9d223dabc203c055c8708b1fe7d83788b490638126db4d

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 04 Sep 2021 04:35:24 GMT
X-Content-Type-Options: nosniff
Last-Modified: Sun, 9 Nov 1980 12:59:00 GMT
Server: Apache
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Cache-Control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Connection: keep-alive
Content-Type: image/gif
Content-Length: 42
Expires: Sun, 9 Nov 1980 12:58:00 GMT

Redirect headers

Date: Sat, 04 Sep 2021 04:35:24 GMT
X-Content-Type-Options: nosniff
Server: Apache
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Location: /info/?sid=1efbd474-f6d6-4c7a-ab0e-0a28232c817d&ord=4427447957.283512&ref=https%3A%2F%2Fwww.123greetings.com%2Fevents%2Fdance_day%2F%3Futm_source%3DEmail%26amp%3Butm_medium%3DSpecial_NL%26amp%3Butm_campaign%3DSNL_june20_events&dvis=visible&ip=185.236.201.227&cuidchk=1
Connection: keep-alive
Content-Type: text/html; charset=UTF-8
Content-Length: 0

GET
H3-29

200

/
www.facebook.com/login/ Frame 5E85
Redirect Chain

https://www.facebook.com/v2.4/plugins/page.php?adapt_container_width=true&app_id=6268317308&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df297ee723...
https://www.facebook.com/login/?next=https%3A%2F%2Fwww.facebook.com%2Fplugins%2Fpage.php%3Fadapt_container_width%3Dtrue%26app_id%3D6268317308%26channel%3Dhttps%253A%252F%252Fstaticxx.facebook.com%2...

0
0

134ms
133ms

Document
text/html

2a03:2880:f12d:181:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/login/?next=https%3A%2F%2Fwww.facebook.com%2Fplugins%2Fpage.php%3Fadapt_container_width%3Dtrue%26app_id%3D6268317308%26channel%3Dhttps%253A%252F%252Fstaticxx.facebook.com%252Fx%252Fconnect%252Fxd_arbiter%252F%253Fversion%253D46%2523cb%253Df297ee723aa476c%2526domain%253Dwww.123greetings.com%2526is_canvas%253Dfalse%2526origin%253Dhttps%25253A%25252F%25252Fwww.123greetings.com%25252Ff2aa2379db271%2526relation%253Dparent.parent%26container_width%3D320%26height%3D287%26hide_cover%3Dfalse%26href%3Dhttps%253A%252F%252Fwww.facebook.com%252F123GreetingsCom%26locale%3Den_US%26sdk%3Djoey%26show_facepile%3Dtrue%26show_posts%3Dtrue%26small_header%3Dtrue%26width%3D320

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js?hash=48b7fe1fbccebeac39d3147ab235485c

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f12d:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.com .facebook.com fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com cdninstagram.com .cdninstagram.com data: blob: 'self';script-src .facebook.com .fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.com .facebook.com fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com cdninstagram.com .cdninstagram.com;connect-src .facebook.com facebook.com .fbcdn.net wss://.facebook.com: attachment.fbsbx.com blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

:method: GET
:authority: www.facebook.com
:scheme: https
:path: /login/?next=https%3A%2F%2Fwww.facebook.com%2Fplugins%2Fpage.php%3Fadapt_container_width%3Dtrue%26app_id%3D6268317308%26channel%3Dhttps%253A%252F%252Fstaticxx.facebook.com%252Fx%252Fconnect%252Fxd_arbiter%252F%253Fversion%253D46%2523cb%253Df297ee723aa476c%2526domain%253Dwww.123greetings.com%2526is_canvas%253Dfalse%2526origin%253Dhttps%25253A%25252F%25252Fwww.123greetings.com%25252Ff2aa2379db271%2526relation%253Dparent.parent%26container_width%3D320%26height%3D287%26hide_cover%3Dfalse%26href%3Dhttps%253A%252F%252Fwww.facebook.com%252F123GreetingsCom%26locale%3Den_US%26sdk%3Djoey%26show_facepile%3Dtrue%26show_posts%3Dtrue%26small_header%3Dtrue%26width%3D320
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.123greetings.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: about:blank

Response headers

vary: Accept-Encoding
content-encoding: br
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/"}],"group":"coep_report"}
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
x-fb-rlafr: 0
cross-origin-opener-policy: same-origin-allow-popups
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
content-security-policy-report-only: default-src 'self' data: blob: https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src static.xx.fbcdn.net 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net data:;connect-src wss://gateway.facebook.com wss://edge-chat.facebook.com *.facebook.com *.fbcdn.net wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;frame-src *.facebook.com *.fbsbx.com;worker-src blob:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-security-policy: default-src facebook.com *.facebook.com fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com cdninstagram.com *.cdninstagram.com data: blob: 'self';script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.com *.facebook.com fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com cdninstagram.com *.cdninstagram.com;connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
x-frame-options: DENY
strict-transport-security: max-age=15552000; preload
content-type: text/html; charset="utf-8"
x-fb-debug: 8ckVW9blxuYzl78GAjEyjgRpidKBQ+ewBKAN2hB6ae8EXPEXUb54f5BxM+OHMAVv44qzRkZyYf5OgIb0q27/+g==
date: Sat, 04 Sep 2021 04:35:24 GMT
priority: u=3,i
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600

Redirect headers

location: https://www.facebook.com/login/?next=https%3A%2F%2Fwww.facebook.com%2Fplugins%2Fpage.php%3Fadapt_container_width%3Dtrue%26app_id%3D6268317308%26channel%3Dhttps%253A%252F%252Fstaticxx.facebook.com%252Fx%252Fconnect%252Fxd_arbiter%252F%253Fversion%253D46%2523cb%253Df297ee723aa476c%2526domain%253Dwww.123greetings.com%2526is_canvas%253Dfalse%2526origin%253Dhttps%25253A%25252F%25252Fwww.123greetings.com%25252Ff2aa2379db271%2526relation%253Dparent.parent%26container_width%3D320%26height%3D287%26hide_cover%3Dfalse%26href%3Dhttps%253A%252F%252Fwww.facebook.com%252F123GreetingsCom%26locale%3Den_US%26sdk%3Djoey%26show_facepile%3Dtrue%26show_posts%3Dtrue%26small_header%3Dtrue%26width%3D320
x-fb-rlafr: 0
cross-origin-opener-policy: unsafe-none
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
content-security-policy-report-only: default-src 'self' data: blob: https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src connect.facebook.net static.xx.fbcdn.net 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net data:;connect-src wss://gateway.facebook.com wss://edge-chat.facebook.com *.facebook.com *.fbcdn.net wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com;worker-src blob:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
facebook-api-version: v4.0
strict-transport-security: max-age=15552000; preload
content-type: text/html; charset="utf-8"
x-fb-debug: tDxFAdKxN1UdtuIlCJM0Ajm4KsiszvT7jUT3uH+G3OjUVsh4F1X+BGGtyXuF292QORIYyynXpZWHBSY7VQA9ww==
content-length: 0
date: Sat, 04 Sep 2021 04:35:24 GMT
priority: u=3,i
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600

GET
H3-29 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 11 KB
8 KB 31ms
18ms XHR
application/json 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20210831&st=env

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

66778518af6c869dad0db96d8a4bc2c6b0bb946bc220cdc279d1715bdc8612ec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 04 Sep 2021 04:35:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8510
x-xss-protection: 0

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 947ms
927ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:35:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1624308425655142"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6467
x-xss-protection: 0
expires: Sat, 04 Sep 2021 04:35:25 GMT

GET
H3-29 200 container.html Show response
a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 0179 6 KB
3 KB 20ms
7ms Document
text/html 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021083101.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.123greetings.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://www.123greetings.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 3108
date: Sat, 04 Sep 2021 04:35:24 GMT
expires: Sun, 04 Sep 2022 04:35:24 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 container.html Show response
a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 2763 6 KB
3 KB 15ms
6ms Document
text/html 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021083101.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.123greetings.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://www.123greetings.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 3108
date: Sat, 04 Sep 2021 04:35:24 GMT
expires: Sun, 04 Sep 2022 04:35:24 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 container.html Show response
a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame A514 6 KB
3 KB 6ms
5ms Document
text/html 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021083101.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.123greetings.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://www.123greetings.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 3108
date: Sat, 04 Sep 2021 04:35:24 GMT
expires: Sun, 04 Sep 2022 04:35:24 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 container.html Show response
a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 3061 6 KB
3 KB 6ms
5ms Document
text/html 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021083101.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.123greetings.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://www.123greetings.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 3108
date: Sat, 04 Sep 2021 04:35:24 GMT
expires: Sun, 04 Sep 2022 04:35:24 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 container.html Show response
a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame A9A0 6 KB
3 KB 6ms
5ms Document
text/html 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021083101.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.123greetings.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://www.123greetings.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 3108
date: Sat, 04 Sep 2021 04:35:24 GMT
expires: Sun, 04 Sep 2022 04:35:24 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 amp4ads-v0.mjs Show response
cdn.ampproject.org/rtv/012108170213000/ Frame 9F4C 188 KB
55 KB 34ms
6ms Script
text/javascript 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012108170213000/amp4ads-v0.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021083101.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c76cc68adbbc958993e23bf9ad18979f7aeaab6274b1f2322afb581d22eb855f

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 199220
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 55333
x-xss-protection: 0
server: sffe
date: Wed, 01 Sep 2021 21:15:05 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "55ff93a1040e5c38"
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 01 Sep 2022 21:15:05 GMT

GET
H2 200 amp-ad-exit-0.1.mjs Show response
cdn.ampproject.org/rtv/012108170213000/v0/ Frame 9F4C 13 KB
5 KB 45ms
17ms Script
text/javascript 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012108170213000/v0/amp-ad-exit-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021083101.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fae2773cd95cb857866b4b3a54777c88f6c03e0167bf323c2a1f431985887b61

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 200129
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4999
x-xss-protection: 0
server: sffe
date: Wed, 01 Sep 2021 20:59:56 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "6b551ff8c0a78d7e"
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 01 Sep 2022 20:59:56 GMT

GET
H2 200 amp-analytics-0.1.mjs Show response
cdn.ampproject.org/rtv/012108170213000/v0/ Frame 9F4C 89 KB
28 KB 45ms
17ms Script
text/javascript 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012108170213000/v0/amp-analytics-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021083101.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

48bb89434a42b4fb519f27e9272e018e8151383b4b7f46f26260f5fd29e5f05e

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 200129
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28538
x-xss-protection: 0
server: sffe
date: Wed, 01 Sep 2021 20:59:56 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "523ca413d5eb4bb0"
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 01 Sep 2022 20:59:56 GMT

GET
H2 200 amp-fit-text-0.1.mjs Show response
cdn.ampproject.org/rtv/012108170213000/v0/ Frame 9F4C 4 KB
2 KB 46ms
19ms Script
text/javascript 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012108170213000/v0/amp-fit-text-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021083101.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f4a74fe2cef1d4e3ca293944e20763b350954439d0966a662691d304d9e1aac3

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 200129
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1653
x-xss-protection: 0
server: sffe
date: Wed, 01 Sep 2021 20:59:56 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "a4d9605fb26cf0ce"
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 01 Sep 2022 20:59:56 GMT

GET
H2 200 amp-form-0.1.mjs Show response
cdn.ampproject.org/rtv/012108170213000/v0/ Frame 9F4C 40 KB
13 KB 47ms
19ms Script
text/javascript 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012108170213000/v0/amp-form-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021083101.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9158e53d7052a6df65c12e3a59a8c77a8be353425523e4eff057fa5578e654ad

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 200129
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12821
x-xss-protection: 0
server: sffe
date: Wed, 01 Sep 2021 20:59:56 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "bd81b3ba02634f28"
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 01 Sep 2022 20:59:56 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 9F4C 6 KB
765 B 17ms
16ms Stylesheet
text/css 2a00:1450:4001:82f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021083101.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

fbe1583d8642d89d0c349b00c0125e485dd55976282165a6b5f2d29ea9d44549

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Sat, 04 Sep 2021 03:21:46 GMT
server: ESF
date: Sat, 04 Sep 2021 04:35:25 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sat, 04 Sep 2021 04:35:25 GMT

GET
H2 200 2076313506083323656
tpc.googlesyndication.com/simgad/16424173724665405889/ Frame 9F4C 40 KB
40 KB 7ms
6ms Image
image/jpeg 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/16424173724665405889/2076313506083323656

Requested by

Host: www.123greetings.com
URL: https://www.123greetings.com/events/dance_day/?utm_source=Email&utm_medium=Special_NL&utm_campaign=SNL_june20_events

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cd431da656c29b405e1940717dd99087868cd47330c71e6c667214f8a9e32595

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 31 Aug 2021 20:14:04 GMT
x-content-type-options: nosniff
age: 289281
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 40500
x-xss-protection: 0
last-modified: Mon, 15 Mar 2021 10:19:46 GMT
server: sffe
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 31 Aug 2022 20:14:04 GMT

GET
DATA 200
OK truncated
/ Frame 9F4C 220 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1f9d973a500b918626b8470a7ab1a5df98ee84994dab44f77aff973d90abac5b

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame 9F4C 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 3b5fe37e49b185f4b68d8472dd4ec4601758b24f9e747b976cdd20056593e6ff

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-29 200 container.html Show response
a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 8759 6 KB
3 KB 6ms
6ms Document
text/html 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021083101.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.123greetings.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://www.123greetings.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 3108
date: Sat, 04 Sep 2021 04:35:24 GMT
expires: Sun, 04 Sep 2022 04:35:24 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 view
securepubads.g.doubleclick.net/pcs/ Frame 679B 0
0 35ms
34ms Fetch
image/gif 216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssuuJXgVHr2ATMUw16Ti9l_ZVJ4Jj-km7U-H_3Y2S-FuS1SLtW7AjbhZdqEuA5DhJfy68ev9aO1f-wwHDkh2N28nIByvvtLfKZpr1qD_8gJpN6fiDHnDiZGdiGhbg1dcL1VUJ9KKQen9Sgn5yILJnflabiePAJqQhyb3tozUTHutrsWj1TMCYXwrw9VmJ2HnT9zGxXpOfocI7VFWorAFFNlYe_OKmUZk_3PLiluad1jqTin7hZkHwiNdJQfVzQ7pTwWciaH1m43kwdLejbUw5lLkxW1nBVyn7_G-KP8bZIrCmM-2Tk-bOuK4ZjoMYZCjDHDym47L4TAZo6jhPB88A&sig=Cg0ArKJSzC3y_svR3dAREAE&urlfix=1&adurl=

Requested by

Host: www.123greetings.com
URL: https://www.123greetings.com/events/dance_day/?utm_source=Email&utm_medium=Special_NL&utm_campaign=SNL_june20_events

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

216.58.212.130 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s46-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 04 Sep 2021 04:35:25 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H2 200 video-loader.js Show response
cdn.avantisvideo.com/avm/js/ Frame 679B 31 KB
11 KB 29ms
5ms Script
application/javascript 2600:9000:2240:fa00:1c:38a0:8a40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.avantisvideo.com/avm/js/video-loader.js?id=1c35f5e5-f7c0-4c97-8283-6c9f94ba8c53&tagId=1
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021083101.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2240:fa00:1c:38a0:8a40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: c8aba5a821df184d25014d3dda38619d690d340b154bb2d7725187e074c3c542

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

x-amz-version-id: 0DrLkH_Ns8jDuJ7reO0cQzOfMbQ5KPOT
content-encoding: gzip
last-modified: Tue, 20 Apr 2021 09:58:31 GMT
server: AmazonS3
age: 112856
etag: W/"cb2b3e45ae50a1cfc9646f528ea92b50"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 d7433132a7c6595c9aab2dc2272e7061.cloudfront.net (CloudFront)
date: Fri, 03 Sep 2021 09:26:48 GMT
x-amz-cf-pop: FRA60-P1
x-amz-cf-id: QeXviHunbvj8odGFwfqbqkSkH0AaVcVRVDlhV3p0KPWVXpLMjnnOUQ==

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 679B 122 KB
37 KB 15ms
15ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021083101.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0299ce766df424b69a25530d8afe7c2352cb6240c7510fe7be67d8cd53bd3467

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:35:25 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1630496346997469"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37796
x-xss-protection: 0
expires: Sat, 04 Sep 2021 04:35:25 GMT

GET
H3-29 200 view
securepubads.g.doubleclick.net/pcs/ Frame D77C 0
0 34ms
33ms Fetch
image/gif 216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvzjMuKBTgoXE0HFrmIhDnM_uinfUyJQW9Diql647e-CDF7J4i5QATjPDV4fjD7ckGp7hASM9cl-iipJ-mFKgre0vTzmg-zj0UpUfgUavvh-Rsuzgu8GqanoQAV3PKzpsNm6zNk2kmoTQVcOF1gBiE0nCdhHZjGb7UvgAqsuKUImQcDWKlqygy13Qyl-pGdCn6NivvmBnhIO6U0m-H1Uxhhkt58WcGgb1h4hJJXfNRrvVSa68KFrMX3kQ0w0sn7Ipc3pMhZlLZhIJAdRViR85B8suz-_3phLlrfCtXcovwLRaU9nSoH6qxLi4fDqN-QmRl4j0gIVqm_4UzrELWg1QS13syg_lHJ9Q&sig=Cg0ArKJSzEwfL-0AwcPmEAE&urlfix=1&adurl=

Requested by

Host: www.123greetings.com
URL: https://www.123greetings.com/events/dance_day/?utm_source=Email&utm_medium=Special_NL&utm_campaign=SNL_june20_events

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

216.58.212.130 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s46-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 04 Sep 2021 04:35:25 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H2 200 video-loader.js Show response
cdn.avantisvideo.com/avm/js/ Frame D77C 31 KB
11 KB 24ms
6ms Script
application/javascript 2600:9000:2240:fa00:1c:38a0:8a40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.avantisvideo.com/avm/js/video-loader.js?id=1c35f5e5-f7c0-4c97-8283-6c9f94ba8c53&tagId=1
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021083101.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2240:fa00:1c:38a0:8a40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: c8aba5a821df184d25014d3dda38619d690d340b154bb2d7725187e074c3c542

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

x-amz-version-id: 0DrLkH_Ns8jDuJ7reO0cQzOfMbQ5KPOT
content-encoding: gzip
last-modified: Tue, 20 Apr 2021 09:58:31 GMT
server: AmazonS3
age: 112856
etag: W/"cb2b3e45ae50a1cfc9646f528ea92b50"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 d7433132a7c6595c9aab2dc2272e7061.cloudfront.net (CloudFront)
date: Fri, 03 Sep 2021 09:26:48 GMT
x-amz-cf-pop: FRA60-P1
x-amz-cf-id: LsHMQakxSjXDpAlHRTBfxnxCoLXm0_MpftNfw89ch-2OkMjLFBxxIA==

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame D77C 122 KB
37 KB 22ms
22ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021083101.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0299ce766df424b69a25530d8afe7c2352cb6240c7510fe7be67d8cd53bd3467

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:35:25 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1630496346997469"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37796
x-xss-protection: 0
expires: Sat, 04 Sep 2021 04:35:25 GMT

GET
H3-29 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 9F4C 2 KB
2 KB 25ms
7ms Image
image/png 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: www.123greetings.com
URL: https://www.123greetings.com/events/dance_day/?utm_source=Email&utm_medium=Special_NL&utm_campaign=SNL_june20_events

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 03 Sep 2021 11:04:13 GMT
x-content-type-options: nosniff
server: cafe
age: 63072
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Sat, 04 Sep 2021 11:04:13 GMT

GET
H3-29 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 9F4C 295 B
319 B 24ms
7ms Image
image/png 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: www.123greetings.com
URL: https://www.123greetings.com/events/dance_day/?utm_source=Email&utm_medium=Special_NL&utm_campaign=SNL_june20_events

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 03 Sep 2021 07:57:47 GMT
x-content-type-options: nosniff
server: cafe
age: 74258
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Sat, 04 Sep 2021 07:57:47 GMT

GET
H3-29 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 9F4C 0
0 35ms
34ms Image
text/html 216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CRQgKjPcyYYiTD9Kv3gPggrWIB6vQlp9ki4z3-8ANwI23ARABIIXskgJg9ZXOgeAEoAHWsJj6A8gBCakCt872iB_usz7gAgCoAwHIAwqqBK8CT9CQtYEBrEtMXFYNznvgnOMo7ug3IFESxg1XXfT1t05DosOtfnXr5qVnsNbeh5CXjR6We8PNkO3yQ8Wk-kTJIGNXQ6Zz1K9E7X3tKqaTPh2nbEkDJ1JQNgEe7LsCy2suvDCxWxMhvV8dPOJ3BlMoHB4QLuiFIqicIyPy345JYVD7uvbRhaDiQz492Jv02qeBkHa9eRtqjYSmu1L55HbNA_E2KHJJy3vHW7hDoTELzA4nbwYzG9OrOV9y7ds7aVD0WznOXfckUDkQJ1lTTM8y9xokvVv4ijuD-uCejAw9UQ0uewsWyYuf1vNtZI5Q6K8Wlffo_TOlUNUI_Wsnm9ykho9DzG83jwEwqw5-Aak5Z0VO76Bu50ejCB9QYflFlWJ9f9B4nC9tGzvuYL6bjH3TwASc04KXvQPgBAGSBQQIBBgBkgUECAUYBKAGLoAHks_nBagH1ckbqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAfulrECqAemvhvYBwDyBwQQqNIM0ggHCIBhEAEYHYAKAcgLAdgTDYgUA9AVAYAXAbIXHgocCAASFHB1Yi04Mjc1MzAyMTA3NjkzNjY0GP_XFw&sigh=cJu-2oGqQKY&template_id=484
Requested by: Host: www.123greetings.com
URL: https://www.123greetings.com/events/dance_day/?utm_source=Email&utm_medium=Special_NL&utm_campaign=SNL_june20_events
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 216.58.212.130 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s46-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

GET
H2 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v27/ Frame 9F4C 15 KB
16 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.123greetings.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 03 Sep 2021 07:18:45 GMT
x-content-type-options: nosniff
age: 76600
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15828
x-xss-protection: 0
last-modified: Mon, 05 Apr 2021 21:10:46 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 03 Sep 2022 07:18:45 GMT

GET
H2 200 KFOlCnqEu92Fr1MmSU5fBBc4.woff2
fonts.gstatic.com/s/roboto/v27/ Frame 9F4C 15 KB
15 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmSU5fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

33530b007071281a97e79baab13ddf7cc4b9de942ebd3e212224857335f7cb97

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.123greetings.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 28 Aug 2021 16:32:47 GMT
x-content-type-options: nosniff
age: 561758
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15732
x-xss-protection: 0
last-modified: Mon, 05 Apr 2021 21:10:39 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 28 Aug 2022 16:32:47 GMT

GET
DATA 200
OK truncated
/ Frame 679B 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4b9519f364a48b95aade2628c86c0c1f408abf40ceefab0f31b68bd53f70655d

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-29 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 17CE 478 B
251 B 16ms
15ms Document
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CL6Q0AIQzafaAhiJmuiZATAB&v=APEucNWZYje3XCvZQRp-tyqPtF0rdMmpwSgWZRUrMFxSh37YxTeTEdK6JmPLK-sWkBOmOtd25RSfrkME0TDyS9HvaCPkiGWp6A

Requested by

Host: a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com
URL: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0414d0221112224b4c926de91a6e316f9d9aba685aa8b05fd0654848d8fcdf55

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /xbbe/pixel?d=CL6Q0AIQzafaAhiJmuiZATAB&v=APEucNWZYje3XCvZQRp-tyqPtF0rdMmpwSgWZRUrMFxSh37YxTeTEdK6JmPLK-sWkBOmOtd25RSfrkME0TDyS9HvaCPkiGWp6A
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUkJc79v1oKKr2h487hu3YeFRps7p5h5X3Ay4LPf-v8_IAentMVSu6BTOVTK36k
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Sat, 04 Sep 2021 04:35:25 GMT
server: cafe
cache-control: private
content-length: 230
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 2763 75 KB
29 KB 45ms
44ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-A9ytF8atEoEvarLXpZqP87FI3OniVDY968EYDJDGhVBTVUoz7W3gZWSsxeoWZhIwDIy2EV1qYvnzgtwbP5n2Vs53MfwnqmfYT-Zoh1a-nuC0b78GIOE_0m3AzWRlEE0071-UDgfQpotd4bX3tncQz_4u8Yqg&dbm_d=AKAmf-CZCx7LiK0iXKbPpEx1__75Jbn6A1YitLw7KoKwZciS3gwVlrBzPprXJoTWn1U8kQzCaEbsEuNPejiEkkh4OV6ZsKjcKyMY6rirb-g3nsb1mnJFiRb1-f_L5DbzlMUf9lxLPmNmK5AEqf5mWW5OElIkABV5l7MgP_YHy-2oUvhP_CfWAAt89XwoJCN0vB_0kFk5zgrJUeoj5vKni8ZDz3aOi9svLty7jWr1chYhluvRgNzLpFG4GK1SCZIoXKWRSZQUsulKN4PyQZrOOfFAlyq5-Zyxv26ola-2RTeuZYrQZrBCraOX1YyIxEfyx9V_67LjbpZaDFaPIrWzFqKEBESF4NQ0L6KJY9YupEBN5mcKEbRQcXCxF0SDxEEhmFKJFxKUuXWM-Ek0XgmnM7OdNx2jY1p70ZAZRVdlM-GDp9iDELulk9eVheYGPeB0WimajvbKO6S_E3fNrhiKXZ_Z2TPU0zzqVL8rnwH_X6daeSwMPcqUPSv5W6LZXdIJ7ZukkiWZaMO0aNFAXaT9W9lwipqeLdY_ThkPLl1WkkM3gYYYX9WtNSzTAJUufO1Ah0xpM8Y830LIX9A7b4JpER6XQ-8ohlzNChPXils8MWJAtL-jcLns_eWx0vqquO6NJ5TY6yd6Lt8HaNPxq3DYyLylbLKfR8HLPCHpHIb6RIJVyZ8egJK8WU4YcaVnap23rzZF1lYNh0O9YXhcjcq-oicK8MFzn6GCzXOGI0Xwue4WF5Bfig_EOsEMQKt813_hpZ8bhOLCIm56JAc8MNDDLzCkP_pkg_h6RpAB82tvwcBg4G6aGQhfLO6hi_ILOLoHyixKC3cdJQdo3acKh-G0ysexlcU241Hefq3lN00bCww2NpzjQar192Faz_3NQW3WSKGwFcHNb5Mr7x_THl5i9vD7u26v3RCD66CjfipKxcqddfpOSjKYIqvRiArVJ5CuYcstBGV5-5BQur-UPRLIyz89yyA8DpW6CUKto4vlo1_U32LGrwoXJlFnyj6LM7s0kFTz1rvzOV5YTA9kGQ-Qnug826HFNEr50fAVqnbUXFpiUYq9dH2FKdDcR7kOtEAepQB8s7dCdO-HCJZzFTUKYwtzFlChFT6WoBIeUsUMuekhRcoe12Vt1qk5zzdcXXMGbTRQsC_zfJtZ5TexEfZejrDTHKI3SuB4hDhGb2xKES38tnEN42V7DFSV18Ww1e4JnGvOzQn9tSNgpj-gFULBUsqCd0En8y1JJ55cUpIFPUyvbE8xykEoo0xpmVictUuVMaj_YoiHZliSy5GqUyIApDhljJHqtsgOvQYTlQNcFASWeDbBTq1kK_Elr0_Nw2s2Gr3GgosEI9dd8xu3W-l8VGLVlbupXWiAgLtYzcO0B-HTws5FbpgL_1zT7xEDuaBlZ3K1UHvkLdcMsdsdrpHZv3lDjKP0UHGaagyxwTCCfUxINqIqNRZof7uGho_lq3I6405I8JtpPRe4XtWuFGs6ltkkIPI9zrJ_nbQIbJvUaVi520lYyzcOUgI8GHkAz4tXxiiyN7U-4TTgnDOwJ_vS0bQfQ1NgUQwzKPeRfOTvA7zuJLySL9UEW2zYpIFNeVk5dw_phWmvbval7ul2NAi4sSBIgM2_BNLlwviFZ1bCkcrEi1q4VSbceP7rWipbTYgQER9gd9IN_PBhaU_7xfPSA-7zNrK2irndDZhyqiAIU7dQExyZn8PTmsfsvzQQ1tjhbJ6p-YA4rZlXXjnvRH2dvm_r9wAMexdZMVoSI_syWkiAWbU652SVchgrfJsjRn9gLeQ7ftC_Zsr_fDT8u6KhvQ_idfszCaO8ko4gqpUiXxgZJmwAINlW27uGuYDrEPf1jhuA2cW5inWOp_kOhMIXiQFj_gS3f3shySZvnkl6idC6QvdkaVIzPtSqjA-enN86YPTdy0j9aVCLKc6u2si6gXUkxr1tkaF7FBabJGbFfUeD6LfgrhioOiJUIecxTwLy1GAtzlfBKWAVUiynPyu_bugiB2rW2KvrviP5o8NHimYOjJbSRQDpuG-KSPms9KEAChEkFS3AbVCMwlvlcPBe2g7yoQb_lMqEee9t-FBMRFFuwdxpf388kYjyZj6CXVLc3MaG6R36S3JS8cd3RZYePzwMy_SNttEU3EocVmqKXOAlC2vHVM97YZiYAUnO9ppLYR-dgzDjV1XPXOC06qivC4sFchgXgtEB2vCqTkZVfBfkXIk3vL39_G-BG2qoyxaIJOTIO0zaTDYEpmfaAoCl095HLrqShvoihsjKHpr0bfZrQQz_cb-eJa57LDTx4-AhvqLhWOGm4NgwPlG2Tj9xZfHTSJ6YRxloy2FpgMfGYqh-qY-k5131uP_xvN9Rp_sHK6t1bxkUJH1sKzuTIOT4lPPfIOTOOez7_ncb1oITbBiKypvRUIkFEcSiurC4wImUUgi9zBza6ScAHcKVPWZTx4omymqaRxq3e3znWdVxKFx3kZxv0Hr3KDywZVCQTdg2HyzyZ7vzKgabOCA4VcqrAPUFk7FZPBpJA6Q6My4GRiqBkhRTtkoDrtHJooMPmipBuw3cgZEyNNjFckQqgiWovNkOKfbl-qex5FlQI4RFVJqhXU5f4ln407zKOyo3JD5Ocrf8NKMeCp2sL0bMQVhyQb96xDuSe2v3Wc3pNB8h0-iHeGOfqLRpnQ0N8MKKSV64rvXxvRtisPZGivIKjoFPB3PM6BSMOdap_DSfJpIq2Ci7yC0pEai3JpJtVWug8OI8q6cEdxTnW8IXKOTLXwz-cJRVkdLwPfc_um-STrrTb-pe3_lZsE2siUNkxW9mjlcOF8MySMg4kt-hMqmgFH4yw9IQe-rWiL7IlntDGGsIoNwSWD6KqV8Ih6El1-RHYfp4pDOZbLRZR2sfACOwpt0fkgz8ju-1fFYzTHrCj44mbcS86z5Pm_SK0tAAQkEs70Yd0gdzocqIUHUaswsFMhxY5cGOxMSFwPDONRhtU2aiX-ZQ3VdO8XSAyR2LcwTqOyt7nv39oTfZR_P-sFYAIJg_mKZj-1WRwU8kMdCLgBmOtp5gK7_oxmwkTEJdEfSOaI6L3o57HcANiuuOk8F6zwdXpk5t375-kfAyK1xL65C9nN7kxd4JDAMFUvuncYUCVNvnQx4AUM82moKt-I6DPFmnja3su3C-FLZE0lw97iZ1dQIEwLdqqPTHnUDeIpttLej0jkMer2Mn--CQTJdvMjN2NSFZefuUF7jiP_BtGnDxfFw1KnEbgtMrm24g3uVrlOkHJ5YfI_pNVt5h&cid=CAASEuRoa_NUDp9SwKdqdzURLM65PQ&rfl=1%2Chttps%253A%252F%252Fwww.123greetings.com%252F%240

Requested by

Host: www.123greetings.com
URL: https://www.123greetings.com/events/dance_day/?utm_source=Email&utm_medium=Special_NL&utm_campaign=SNL_june20_events

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

990a229ef6644371c33a0c1ad8818c43361bd7bdced543645a14a21493cd9784

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:35:25 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29587
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 2763 42 B
63 B 15ms
15ms Image
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-BoQVkg4S-ioMAZaSKcsLK14_RZXScZH532joXm_A5W5jNIBDIJFHfHwoFKGyD9G8nbrCUD4Y-PhxXSUJ-kHQ13Xpx5F85WoyMBqiSwPEUIga0oX50

Requested by

Host: a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com
URL: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:35:25 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 jload Show response
pixel.adsafeprotected.com/ Frame 2763 46 KB
13 KB 193ms
93ms Script
application/javascript 54.154.149.33
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel.adsafeprotected.com/jload?anId=930701&advId=5673933&campId=34339388&pubId=1&placementId=322571529&adsafe_par&bundleId=&dealId=&bidurl=https://www.123greetings.com/events/dance_day/
Requested by: Host: a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com
URL: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.154.149.33 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-154-149-33.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 7f9eaf0875d3f17d744a2c5cf0e00ae9cdc95168e29074282ed6f44f95f17f7e

Request headers

Referer: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:35:25 GMT
content-encoding: gzip
x-server-name: app20.ie.303net.net
content-type: application/javascript;charset=utf-8
access-control-allow-origin: pixel.adsafeprotected.com
cache-control: no-cache
access-control-allow-credentials: true
server: nginx
expires: Wed, 31 Dec 1969 23:59:59 GMT

GET
H3-29 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210830/r20110914/client/ Frame 2763 2 KB
1 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210830/r20110914/client/window_focus_fy2019.js

Requested by

Host: a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com
URL: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b6f6d0902ff385f68ec17c4c059d4fe89a0a08f1c022ab70580ea8552dfc0a11

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 03:47:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2891
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1339
x-xss-protection: 0
server: cafe
etag: 2275704724217174249
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 18 Sep 2021 03:47:14 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 2763 122 KB
37 KB 29ms
28ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com
URL: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0299ce766df424b69a25530d8afe7c2352cb6240c7510fe7be67d8cd53bd3467

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:35:25 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1630496346997469"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37796
x-xss-protection: 0
expires: Sat, 04 Sep 2021 04:35:25 GMT

GET
H3-29 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210830/r20110914/client/ Frame 2763 14 KB
6 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210830/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com
URL: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

114dabe187311ee2e303549831223ef80d06385cb854e2aa1647ec1e0ca148f5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:02:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1999
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6183
x-xss-protection: 0
server: cafe
etag: 901432759052127119
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 18 Sep 2021 04:02:06 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame 2763 0
0 14ms
13ms Image
text/html 2a00:1450:4001:831::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSe_pDtwzFkdSFUQMCIEd0940_PrTCTfkL84H1xMSVleMTPJ4on1oH5rI55mD7axj9oe8R4HsEklA7v4iuHiyHPzByrrA
Requested by: Host: a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com
URL: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:831::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

GET
H3-29 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 391F 611 B
316 B 18ms
16ms Document
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CJjjZhCPtKICGL2r9ZQBMAE&v=APEucNVcqO1BvY0qCH7y9D994D85h4S9FgAqW-5prbg_rTdORhsKK-tFuO6RaewAcxsng4LOGxj88BisxQgp5oIkjpEimTSwUA

Requested by

Host: a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com
URL: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

55b198b5ed1bd02e77f84c6971a69d5c2160c0c32fd770ce33405e194750f5fd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /xbbe/pixel?d=CJjjZhCPtKICGL2r9ZQBMAE&v=APEucNVcqO1BvY0qCH7y9D994D85h4S9FgAqW-5prbg_rTdORhsKK-tFuO6RaewAcxsng4LOGxj88BisxQgp5oIkjpEimTSwUA
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUkJc79v1oKKr2h487hu3YeFRps7p5h5X3Ay4LPf-v8_IAentMVSu6BTOVTK36k
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Sat, 04 Sep 2021 04:35:25 GMT
server: cafe
cache-control: private
content-length: 295
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 0179 69 KB
28 KB 38ms
37ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-A8IA6z4ZmdSoEELpDjnXBtqbk9BriiEyMNVmnmTd_gXtCd7xN29vgzbpNheQLk5ibfNoT4tXtJu_EbKIMe1ZS6s7EV9UVtP1oMckdcCv8P7MB9VXiktkbcMsX9zd3ppsMtMvY0oNfZj4T3fyEmTnY6yOaSJg&dbm_d=AKAmf-DINKNf1n4GTPyOZB-pON2fQK0JzoENgBaMQKp_7KqpjJxHh9dqteVndBb0w3xgrca8rrCdnK_Qhg6I4d5F0rNXQGgKmiB1lAOTOoS-63J-dVKQJwp_tTRWI1tKTv36tVWEXDS_te_hLf2PPbH2hMr4QGwae7PUtBWqragDx0YZiA3Wd1bt59IIvqp3S_grAy65ru9w1oJElwUhlQrtN0b7Z7pfK6XfaWmZWSO7GsFSFTmmprpeT1yt0nPhzt4IeqVpGUsqa5ARWf6f6vzEHgcnFQnpOTVmLF5t2DeOSBuUdHWRE53yFZcdcDY_4meNxPrt4XxnA8heKnxHN8CwpQXr4mjDHeVQkCByNjPu7RKz93K7-AXjl9Eicqrhu89fPAXotKecN8wTn8Cq47vVLYB8QWC9uDXii_OT2wGnOCdzS4Ow4rP9w12YRMC0M9liAfuUEuMdeA07VugEeALPO7PpKMI4XvI5PoEWfvtjXK_PGnIwLw1GfO0N4I0kr_pg4nnuaaFoaA8ADHm1r3btHiSRA2kU9vxCQ8Qx1WUophy110z1HLPIq0GUTyb5x9Kv9Tw-xs1AoiDjnOE_CYEu6c9EosSVkHKPNWoyLlybHuz3bfH_lmeGQI2UbDzlNm_OJC4LkyW5Af589xS-phi7qvK7V76RGesc3zSFl2MYvDVKMP-D1JbZHEDUl7ND5Vyt6bO_axVjTfZpoHbAZvHw-Nriochc1-4Emt3MWVe53nFAR8JX5a3B4m5MId-2jXEHykugD1mkBXorJzNH7oB4n9WXelQJ2F7V7DbyTjMwYYxQkKVsF7LoUtZnBA0W2FcA1-GknuDVOEOlKNfFgqR17VjKmsQWK0vDfpPa-dcVGqEAzHrh_ed65-vox1FrHbre5q0KDjkB37yQCsvUCmxG7nTqk39e_yTCaAN-oHt0DKxF2xCbE7KSDfj7SGMxahAP3dKUKUu2YmOlqpQ794NNR_4Lkk-7ynh2xPUlqD5260nNSdi2urBHRlugMF08UBI-qBwL8-SL_OCs-YNBxjIsq986479Nxo7qGPu0V0BYcTU3Zvk9lxzlShvC-lz08NHc5mFSxtxMDUsGIk3C4Hk7SepaCNLqMpGiDzKunRqb6bPRzvKzrzWFr5Pdibrqt_swU8CiOCyYezRvm5l7gS5IbBSQ0iQEqQmdmdWDPcin_rN5HXqbZHylkWHiBYEiAxWKk6YIDJY7hqQu0X1gL-25tEwCr_W3j1XX0q5E9wjkbeKL3MkSyIErja-y7CWuhmvBDEq06_XQEmQmTkF9k7zzh8dIbVdhpe8KEf0n_SCCzkZyrSZAz9NOsfcI09D82s9INc46CSUXgqP3UpaJ0GZJbzlv-QXIVlPqOf_zEsb8o7NpT159E_5Sq1lLPbUvPe9X1DXnFTXHBTAPZOvAPekZfaUiYMy9gWWvZxJE_I8zau2KaQNPyYUhLGxI4aKEiMhBt7FYGt6rUBAMvs7xL6yYy0jnlLC2QSap4_BKLBq_y9vtBh33x0NAQ8hJIqM6Z5K04LnEsAfUCh9rUqmqQ8jWrhrBgmWiPsow6BRlND3dbrA8JtNLR9kXPGs6PRbuXj3XIckjm47-vxG8ssL0jIxi3XrCOygZmz03eRCpHSalXZcIDRHmCGpDZ2HAMbKQ4Ho9yvKIY_d3PQMY3nRtLATc3Ja6SsmuxNcXrKYDYuQTJmr0sN3E8llFOxZLsZDBQf6G1mwqxl2nPDCKlwwTrvym9-f1lLfTN2AsqNmEgD1_UT4pOJhw-vioaQoneLvtiY91ztC8ZytpJhav0V3wg7Cyzx-kWZ44WspDA-03S6XERus6wsTPz8y8nduQkdbirmHM0gXI1pl7w4H0o_ZG_LXwiA55w-i6PJyGQkE-jZ1_wLKlNGb9sGCLG_2wQIRMHGWyC9uQD7ErV-0ewfBIcVzyHj2sQRQ1ez6okvo95UmFmR0LYZ-J2fFpn1_wYbIkMuS5biqZroRIQubndgfM3hj5ME4eQ6CBktWVbyTlbNns0-KmOveN-NQSNPC9PSqE8VD0LrNPsUT0lq6vjzqOLaZ9pRs4D0UrPtnPjiHIQrKNyIhrRN_QPBHV9W7tOI8OG9zyPzPQlW9cgx3USYZKixF-4WDnAwMMlQqPgvA3osv0-2meWy6FL-4Ox5dn3N-_1tGRAI2-126mXF23r91OHqPIjBfE8lNXtaWwWkEJxle62AOru4YHqiSOQo8W0jFKyPRfctvFoyJlGzk2pT6FhIzVaTq7ZI1AKVCxPhfvraGNzEejRapW4uSI589P9iF6iJ_lmNzcGiqCZwJ0zOMZsd58kqtFxTqClVffv8ul5c7bAmEWbEKG_oZTzC6HkBhdnBVAWiROxszZ8-XL6r3Pa5SCCXiWicVg-vacdrKOP7Rhdgnv_yLGcfSaNs-i4dDehTfdwVd4ghPsH_e-FW2Em6Lu7qoG3QsfM3NaT4IKkYeWxWDcdLWD25QLNhq5tEm8UUOEAjhI_G85wG8hm80mylWIBUkQtVyK_ACepKF79T2bqOPVgDs3BT-h3QXbmmGveKWe73FmDdtEloXNRv6hfz5o1Wy9Bqnrpd2uqTrbbk9ngpZyn0p9LDXomkoHH2kFK1zLLHm1un7PodpLhkDwSB3I-DasYI7xCpi4Fmdxi-irjq1iigAT89GWRCRI8W-sLvYMqVQZq6J8h4XBSg9z_P4kU8sZZeLWC-AxjJSMkEenEcQOa3XQtUQNAmhxcrGK0yIKZgwg9e7evNXiNaDfoYZ7KBK0AfRwhL8641VE2i8LCS-_7nBhSXjLe7RRHcQnLRnPiLlgtNFN1aL_ykE3cxEOAwg7rfDAFxADN7kS7ijgxfvWhF0YMLnpuJT9Ovsfg_GzOXjKgWOamXrY9wR8p0h9BYCkGI_OeomR8-XAbDpQzje4y3M9u2PF_S85A74_EdsTRQl-R_iKbL9I6M9jQV3fvEsdsrkufiPYNkue83eStY6NPcxnbzywmpk3EYjKCuD1sl4J-Lx9fRUYnDepfJnd0z-oYIBjYS5_hZ36kdz_Ox_WFIS31BFbiFPsjr76cL59XfKRV9KDTMNu3H6yAwK0vnofxWHdyuvZqUvH7i2wtCr0JNKMTHiANi3E_GxMUIPXpxWGdLsCPnMHuKGYWo_m5El9vocXJGGD4pUrcpLxdkMfeypfIjE&cid=CAASEuRoiJwivkXL3dCJw23rC_GwjQ&rfl=1%2Chttps%253A%252F%252Fwww.123greetings.com%252F%240

Requested by

Host: www.123greetings.com
URL: https://www.123greetings.com/events/dance_day/?utm_source=Email&utm_medium=Special_NL&utm_campaign=SNL_june20_events

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

412101374b58ededac3ccc3646403bafbdb2873076a590c7e270aaa59b4a86e1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:35:25 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28355
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 0179 42 B
63 B 16ms
14ms Image
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-D7wIzTYdYsrY9heepeSb7sDnlOgUFxpYjjpuURcgOu7WpYH9OlqmrZsmQyluZ1_RdnUgYUdovPk2XWdLd91F4_aryaHEbstYpkllCI3S7oMzqaQcA

Requested by

Host: a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com
URL: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:35:25 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210830/r20110914/client/ Frame 0179 2 KB
1 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210830/r20110914/client/window_focus_fy2019.js

Requested by

Host: a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com
URL: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b6f6d0902ff385f68ec17c4c059d4fe89a0a08f1c022ab70580ea8552dfc0a11

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 03:47:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2891
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1339
x-xss-protection: 0
server: cafe
etag: 2275704724217174249
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 18 Sep 2021 03:47:14 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 0179 122 KB
37 KB 35ms
34ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com
URL: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0299ce766df424b69a25530d8afe7c2352cb6240c7510fe7be67d8cd53bd3467

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:35:25 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1630496346997469"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37796
x-xss-protection: 0
expires: Sat, 04 Sep 2021 04:35:25 GMT

GET
H3-29 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210830/r20110914/client/ Frame 0179 14 KB
6 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210830/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com
URL: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

114dabe187311ee2e303549831223ef80d06385cb854e2aa1647ec1e0ca148f5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:02:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1999
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6183
x-xss-protection: 0
server: cafe
etag: 901432759052127119
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 18 Sep 2021 04:02:06 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame 0179 0
0 14ms
13ms Image
text/html 2a00:1450:4001:831::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaTJjmo-WNiMiO-SE_afzosZEnDq5JaNzme3R6qtZOORJIcwbWBTeP2hVhPW4_gj_Jd6nWJ93zDqbd1R0h_ORnDxvAdUsw
Requested by: Host: a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com
URL: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:831::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

GET
DATA 200
OK truncated
/ Frame D77C 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b4cf88dbc8de3e3865f52fe3c47bf906368e000907056002aa56962db3190e7d

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-29 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame A6CC 441 B
248 B 21ms
19ms Document
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CL6Q0AIQzafaAhiJmuiZATAB&v=APEucNVduylRc1-ANx2dfGDzOyZvxRsPIaMTcONzBdq5xl_BqopQOSR9aHpoCM7mr0FsEL_q0XbxYr_dNnvQ_o28ov6yUNpH3Q

Requested by

Host: a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com
URL: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

bf051f3ee7aa85b70fbdb5a9c4dbe61dc57372814f700b1b23ecb4f7dfb9ce63

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /xbbe/pixel?d=CL6Q0AIQzafaAhiJmuiZATAB&v=APEucNVduylRc1-ANx2dfGDzOyZvxRsPIaMTcONzBdq5xl_BqopQOSR9aHpoCM7mr0FsEL_q0XbxYr_dNnvQ_o28ov6yUNpH3Q
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUkJc79v1oKKr2h487hu3YeFRps7p5h5X3Ay4LPf-v8_IAentMVSu6BTOVTK36k
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Sat, 04 Sep 2021 04:35:25 GMT
server: cafe
cache-control: private
content-length: 227
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame A514 74 KB
29 KB 48ms
46ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DdE8ry0DAMHZZyE43AhsG1tPWHbaixrYOljhRTnZmADvwo2bqBnJEJ4Rik9D0XpnWEkIbfAP3AQkwE1dn0TMaj3Y4lizK_L7WjIWkBuJlqwNLSMuE12iRuzf4gQlCRUR914aC7AFgrB_n4rKVmgb9yzA1R1Q&dbm_d=AKAmf-CLiiInipsspdoIPaxJd5tt9duFPKB2yJ3s7FlQStAjC7exPTj8Ta-1U-QKjx0OOo6kwbtzolCIjgjwXGud1_n1sGR8Z5kLxjWjcvRahFaRO840WeUv2hXmtLns7SCpJu_W6Tsy2lC6tmFqYOlQxOwDEP8iQvHY2TqTPC8LYBvL8qsZQaOgWqSkwCgqY6pDd_hcHZKmRwAvkmgqgwLhPf88ZFE6PQEVRMarbyxaG34u32y9W2egyb8wME6n9Ebha87lpsagUA_vD7GsDKlWNrET3suVRCtEKQwOcb83otG88EnRBhz6F-Fr89PBx1h_rhikZB3A69r7l79boVDx5976io3DyvU-cfxGXcenGE44BrAo2fU6WcdPXVLaF5eaTtGVFs7aJBZZGbOOsHrzsr6rfPSf1swb0amRHGWzMTKxC9Hmmt9jLs1dfjos2uGusgYxlFPpfFvAsJG_pvs-Xp7NqCILL93RPzGU1aCF4nal-XOclIR7NwrzbmHXBeaDnjmRscQr_B35Nc7_G3Oee6j_OXOgDrErz9SheUeZU_nCQjxlP2BT8t-8i_O_7WytyVGi-84xDCgXhlxy25_2ebTKtQBQHjMXytZIU-CWt1ahwnyUpf_cbtUguiRALKWMe_VTeQy3IHlks5nZcK8b1YSGEHDI88kEH2v1ikU1Sl7_ocgJrWmCGbYYyJoKpYbDh3JIn4-r6WgMdrz74Hqq75uWw-dsI3QXtjwWHvMF4PM0GocLqF1OP86XkjbNIh0ljbgvNDq-GSgDdsIWacBDtH9-6to7FRc67rCZPMNLdICrf7JPKyFOQukG7VTONpbPVEOlVOBnWbvdD5_mBdlrHNo-j1TrDh__hekSDA-ox2Drb1NckNrv9LwRJS-CUMmNrnZiTUocXF3nYXBKG68bFX2ZGI6RsNtLVfyxreMxp4pRe1xJfjYzCHNpqyYdPa3zwggAshY-FrTXluxYqYhIvQqLovjXbxswmwtnNKtSUpi0ct6X7f51h_JdcW-PrB4_lfGer_OM9beZjHFXZ6t4ijaeOxXhAxtIL2FgvUl4XorGDjjTPGWV24KAIlSYC7GFxEWzkNnbivzSFKtyRzAcKk-TxKRLUt7S3BLbcSxRs1wjnuXlaoWAUbam7LH9--sONc3_XxcYkq2mT4GW8W1eWUPIKqJQUKeJuUhi8caR9Q-jamJNrN_usl03PKAZz3KmIZRYpYmj429YVyR03isgFGwf8Ri9HOsNPyA-MJwoQ5pxJONJlO7JLYydjzqM9VbdE6Hbv_OE06pxgMy0rohJ9cjEDffxW4xgDuEgNTyXogjgXSuw12Xl1Ll_Qzmjxn51RgDJ-EiCdX1bpkozfaE-m2ohjlCwgz2YOzl5AO2aGGACcxrPl425n0NlbyIg-d5m8N8XbU-tiGpsgqHp64ThAv1uIzEY8UKoG86z8rLVDoA5R_kbud4HOd3EFK88neQLAqNbKRt9AdAR1wmXOVCtJJ-xzocg5qfn8qdKUj0HRWZbiuXkTA1ci2rwsWT8e4ZopmWW0L2RtOkgm1D1Rd4MMvECLFwe-HNArjDATGhYrM7ka1obqg4664hRk3RFyJKxf0JaYlJyZjd5ffTI7e_hqueNJrGxFgDO_UiCifoZcb-eAkZZ8ylIN_OmcwzNhEhza_YKQBlyRK1XYHnFvyY9Ok17dgD7jAD5Eb_bV7CWrghgcCrKx89CMghmAYAl3RqPOUifHVvbF16FFj7fArSC7ggOZ9kBAFRxZJkNFnfz0ChO03yIuCxc4gisPxO5EMk2dJIXlZY4yG1Va29VEd1Vj37CWq8XU05QSUKKyS_2SDHjy94iVgUskbT0gUdVndnnFYNhX1tGQA2TF0sRF8h2XVeGvuUEPHmGxYT2t7-ucratzBG30JswfvkA_smQpm3AGWb4iPA5B5SQ7il1GZuBI62RIFEkrQNQt8oTfPIaOEHe4Ff7LEg0DXUC_SEK8JMmoNANqA5UlrTuo_HOAuEAa6HbwqcdJeVEvtDbCRu_7WeLXQEdKw8TVZb51D4mKLVZla-n7YxvkwA69ArgDwRzVuS6wqaAF2x4kFEy9mcT0GLBCpjhlkaHSlK5DD0PyYLDwKWmOo-rYZRJz2cDryW39XyWoIFAzc32Nnne3LJOAblHSJUG5O2XGbpuaZ754W9UBLLB4w4n_Ip50HWYpgKJBnf0fmGyXNPHJr8iDvCdJf0Fowyf6vLtz8NFBziYegF2AlviZDkGNugdTxmfdD0-lt_cNx1Ec07DflFdY5kFojpxN6O2h3vY_NH7Hx5PfIiNmv_DdOIe8jsOuwrtVaM46_sCwTWksrZfJ_ITl6I0A7sShOkDNFffGP9IafjIUnUj8hya3AUDiO74jm2ZsFCm-LPp8AKU38aQvt5yHNs4PRTlIupVGYBkYSRefPK-6ThisnSyEmHa-HIb_xcxbSKNgxrpBWRMKrkCJ222vLC4JSpic97zUfi740GRQI-DuUASV_4p2fN1N4HW5oSobgqK5R8KjAFawp-Qpql5tjJX6GF3TOMKNMFXHUi72D4s6OErld10o1WUns27pakzq4mAubtv8Ov8QfH8REldnk5udB12YGwMG4f2QazJgACT3JQUxAcsFXpXS0adySHJ-anDrNKLbLzhBAd7FT-r2xPAQf2lpQONPnPo-5iZDKEAYBzu2IjiyXb7rTzU-k5lAVjyFmfbSnoqyZotV8krtHlUA0jVIHt4NdoZqrvgYUKmRjwskwMcCUI4FOyt0Bm-r3TbMeuLXV4GGOVbfkEr6U2BykOnrsDWdkxCwocGji4XJGHbZp3WIWjFPN5rSflmYB8j5hL9elNuA8StqeGwIKhTOj4OGun7NUTpOcfoneNZwNfxMnacGs76njOj3ToMEt97Wzv3LNCcUYAMVGbRjb9nBGtAn4Yp5-C_cPipwdwitcOBo_7UF3u7oCWzLd3NsTB3wrS5XWd4tIB0bxlUMi1Luhjg7dMFKKh59K7mjhSK51p9cPMJtsix9dRw2f5Lde2fJf5DpXgvQojba-DfG1mQhIbTcRPoZUiILXmg5pM7HcpsPdRd5m5_7fpvu48owLaepQ9v880Ap4I6lF3C9JxjEz--MvZNzSy1cvnn3UBvkDxyV6Qxbc6-N3RAwi3Q9KLVSHwo_aMucPY04Qklsnlwg_1PrwDrAmOvYSMnYKDvYe1j-yWEni37LuJ6CuzblZyW-z1O9RtOxM0xxVKTtgxFPxIqZNclGBkmEjOXzV5hBsxRQH2j1Qyz&cid=CAASEuRoHuin9-Uuv4RCreadAfNlOw&rfl=1%2Chttps%253A%252F%252Fwww.123greetings.com%252F%240

Requested by

Host: www.123greetings.com
URL: https://www.123greetings.com/events/dance_day/?utm_source=Email&utm_medium=Special_NL&utm_campaign=SNL_june20_events

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c078a68f137c41e3ddfa65ed2d97200dd1d6693883b233042e0ab35b536651d2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:35:25 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29442
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame A514 42 B
63 B 18ms
14ms Image
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-BisVEqVQBDHTIUSH0K4Ie7skE5P9pgJHeShDR8BEbFJUIz0G3OTWg7AcfXr1iEWWEmI96SF-6GZGv9wZrHoOFCkYG4Xdi4OM4gLqhIoXSD1gCCo9Y

Requested by

Host: a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com
URL: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:35:25 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 jload Show response
pixel.adsafeprotected.com/ Frame A514 46 KB
13 KB 170ms
97ms Script
application/javascript 54.154.149.33
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel.adsafeprotected.com/jload?anId=930701&advId=5673933&campId=34339388&pubId=1&placementId=322571529&adsafe_par&bundleId=&dealId=&bidurl=https://www.123greetings.com/events/dance_day/
Requested by: Host: a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com
URL: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.154.149.33 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-154-149-33.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: f80be9c43b010e56c1020c10ec14420938958db1df4c2312eb8ff8448df1b499

Request headers

Referer: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:35:25 GMT
content-encoding: gzip
x-server-name: app07.ie.303net.net
content-type: application/javascript;charset=utf-8
access-control-allow-origin: pixel.adsafeprotected.com
cache-control: no-cache
access-control-allow-credentials: true
server: nginx
expires: Wed, 31 Dec 1969 23:59:59 GMT

GET
H3-29 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210830/r20110914/client/ Frame A514 2 KB
1 KB 11ms
6ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210830/r20110914/client/window_focus_fy2019.js

Requested by

Host: a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com
URL: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b6f6d0902ff385f68ec17c4c059d4fe89a0a08f1c022ab70580ea8552dfc0a11

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 03:47:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2891
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1339
x-xss-protection: 0
server: cafe
etag: 2275704724217174249
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 18 Sep 2021 03:47:14 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame A514 122 KB
37 KB 31ms
29ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com
URL: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0299ce766df424b69a25530d8afe7c2352cb6240c7510fe7be67d8cd53bd3467

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:35:25 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1630496346997469"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37796
x-xss-protection: 0
expires: Sat, 04 Sep 2021 04:35:25 GMT

GET
H3-29 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210830/r20110914/client/ Frame A514 14 KB
6 KB 9ms
6ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210830/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com
URL: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

114dabe187311ee2e303549831223ef80d06385cb854e2aa1647ec1e0ca148f5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:02:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1999
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6183
x-xss-protection: 0
server: cafe
etag: 901432759052127119
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 18 Sep 2021 04:02:06 GMT

GET
H3-29 204 l
www.google.com/ads/measurement/ Frame A514 0
0 18ms
15ms Image
text/html 2a00:1450:4001:831::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaTmkD9sWm5Somjyd4l2YIQ1ZBljIFqf_LequmMK4IlFjGeSi8Pe82NQvmGT3NwiI5NWOHXZqn4n34NV_WR7rjch3Ernbw
Requested by: Host: a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com
URL: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:831::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

GET
H3-29 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 89DF 441 B
248 B 20ms
18ms Document
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CJjjZhCPtKICGO-61JoBMAE&v=APEucNX9O8FavPT5R0PG9ulP4iZ1V5W3izU_jGcHPF2tLDJ1xV9Zawy1ykggw_lbPsMQ3K3qx1iczOA5pFspAyBG58X4M9gkLQ

Requested by

Host: a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com
URL: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

bf051f3ee7aa85b70fbdb5a9c4dbe61dc57372814f700b1b23ecb4f7dfb9ce63

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /xbbe/pixel?d=CJjjZhCPtKICGO-61JoBMAE&v=APEucNX9O8FavPT5R0PG9ulP4iZ1V5W3izU_jGcHPF2tLDJ1xV9Zawy1ykggw_lbPsMQ3K3qx1iczOA5pFspAyBG58X4M9gkLQ
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUkJc79v1oKKr2h487hu3YeFRps7p5h5X3Ay4LPf-v8_IAentMVSu6BTOVTK36k
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Sat, 04 Sep 2021 04:35:25 GMT
server: cafe
cache-control: private
content-length: 227
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 3061 70 KB
28 KB 39ms
37ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BbBMZwxg8TqUZ1CHhB1fLVZUB1mqkZoMGEDfgX-g8GrSG1LjIZv5XlvQalovcbGs6VmtqQwG_9WE3I8EQ2JNTUtnK0Tz2EQenEngrEvLJhR_uCnWilXX18UIOB9IGD6jhm021Z9tEqXHXIBy8qfwnL9sfPVg&dbm_d=AKAmf-BJhRafbprHIvY3tWg0cZTxi-GeilWSBG1lBXuOHdKd8GKro_gcZvZQsNmW-Nwrk5FmNDak_t86J27_f8l0AzOlSBM3sqBTYAZRv-qS1MmyPdT-N5_VoAFQtzrYk6WbxvjsTQNAWDmPYSD_ADVYQ4FzI1cb7_mO6dp_1y_7O7msAhS8ZnEs-LaSmKp4b6UWmfZybxIcNtPZ3BCGObjTPIHCVrkpF7F_VV8usK0M9Cr0CWLXtUbt3Wq_Vzl6x_yvQrCDo_rS3yAl1bDtZ-fGfWkRNnFJv4U2TRhQNYCX-JeDYdFOy_3D_-Dikt-hlFUzc5VxQxVq3Kj3NFUQp6b0927gIesXEpHmnRCUN5oQxkbIwfcUstqWxeXgW2-sLDnnPoVgJ-S_7o9_ZH2CvLdx7vE1jbBHpqPCO5WTcGqMhLkTKcgSOP7CKo2nhFA-CmUkQKttfxUygfgTbPLZq6ADXLvi_bxXUJVHDyzpG5V7Boxd4w6timKGgo2OgRKLAhqLszss6FdzGPGRwVcyJ9vLuzVUpHOu5IeW23Kf0gbuy_EiDwcLYKvdL9rgJietsrQccdBAz7990TTHmuNikj72C_xwbJQxlx--HGMD-kNj0YAiVfkRdjvkXWtNh4KlDqbxoyTU1sVt9SLBq_R9stAQgueJTTyMJs9049YDAB73jvlOz82lz7IJ75ZxcolEq-ZXeyKAcmxAavpz6v_WsGMKIj0NWnRrV9IL7NgIbeizqXjnW8vJ1SRRuLNfdj-7QCNZd8HEYLqNGy3V0snVr_H5Hb5clqcsoqkmlvSQkigW0SUM-qT15MQmvckKw2LsCmMnLb1PjJNZTtGh4R4KIgFh490dU7RcsLxni86JGqjzkRecdjnI7V5u7_g8MWQGj-StseGaNC3pFmr6umx7YmRJfOD65tt-4wsRn04B28iUGFHTANTZ0TnPIRgpEmZ1aBhtgh8Nl3KSsn1Oh_WmVch0n9UMBZ0wEpc7CV0p56sQruEKbtzQum-jBQ7VdCeS6gxA-6tyNuiMXZyYlS8nWiLxFqyzmCndoV4UDNprec4gIEe2paag4lnQbx6K7ffe225EEw2Kvv2N6VXo_FKFVFhw5f498pgVb5X0R8efR-ANIUoiT6mTe2zcmkJ1D12KTgy-E6JouQpPw5q9NceT_ZP3Bxn5qXL6IUxy2WuG6y0XC8mCtpNxuYBCmzYLFUU1FJJgkVaXoB_t8g4Uk2FofDG7oW1KXbfIRfTzsBPmhvZTZj7N-ydBe6qGS2JiaNduWzvjnAhQZm5a25Y5-adeR9ax8NRGZdVPhKkClZVaOt41uKbEvoTF8qPAgBPIlMMTP84z1qoCfHPYW5Azm-hZM8LIyixT0RiobIdFRpySdKzrvt7hgJk7t2Ir43PjguvtY7sOvLdwH7rUQJ46JnqbT9G8cap4mNDYwQpqp1BYnVXIZlVSj9_zEdJ_wEbHFfRgbQB8lJyFms2HLdbstfWCMyWiV5zGO6jv49Izu2BcgRBrp3qqFDpLAjD_fC2iJoGpTObVDCnknujwbK8aS5-CtA6ILGq5XZ3RuFQOcOSpZfmL8aWVLPxsMAgeOx_oPeXM1EokrhDXpU3KYSC6jCDlt34NfjvD7IaJOKRIntqxMJ9fqVa1Jmji1d71TzpU_TR3R1K8T7ZOEMPrByfoORmd9M3zKITqngTi_aL7xjttfuRHX0uUWJAOomROQZQ-nWkTeRkmZp58_zqSMG06w7L4GDAYMZ6ivtEcGb4jPy1w3lvCuINaNipOyvRRkYRyDvtyZ7-tXxz9OX4d0FfYWSlkAM0IGL8YxDdCMKdof0HOdFw4Ijo17emHc--KTKzEVFZFP0uOxifOmEieQ491Sj_O-Ch_qWuSTQnl3VG5swUXVk9WLn24k6mKgxRXeAjSIPnvTjY7Ep3ep1eZr7QOvGfgJdDeniuaZQ28u-Caj3PHdhiYg9AeRZYxNe5nBuY83xuGYcpTBsU5IZjt_IvlgagJ0xkycaQVPefNEoQzzplLlooW7-e_eZZq9hTqORWA4A-p3gMB2Yjj5svKiN50ESDbtePhqUMW4izrTSsPz0GPQXSY2g_2b0dsp7V3DWnYRgLeZw7K0a6_i4oTWmn8BHbGMuHBfpcW4-OwN3ikiei90VUMu73KYHPpZOfeC5gzjRS6Yg3zJ0sWpxKtjcoX26Am2U6jxdvLZJnICLD6Cv0qpcP7tbQCJEGa4SLIHiWfJqGwLANG29cGIgB03ZQo4v2QOMp3uKytICxoWN91C_9Zt5loQ4X3zK1yI6DfdNvtBJRvJ8K-HEB5aNk4n_5QgjGiO985YC0Hc3Mlwri-y_uxF6R7EKp-VmcAtEkvuxZH_5npi2xg1iKO3-x5rScW_t3j5VLGQTeaZHhVn1Z8JLD_NiRXKpN_3VzCu_CqCj7VsAoikKI7H8jo3jiFC1RVDgCsumdi6PB_pILU7fTtuySTwF4PokIgRC8EO1LoKohT2QiY6O8CuLxE5DLVqV6fYjcgRPb6UBEd18EKLibu4FjryCsg_J0qnZ-fmaVl7GwfyjqxtYYSKsIx72OxRwxrntZM64UNpjky9Ht3Y0ucOn7yKKDhaZgMPWjELqYFTtl-a0SvkHSilXfIf1siUjWQCDaHNb7_6vWgP7YEKqaqktlvm8kY9l4teC0QyscdslI-nagVph4u1pPpG49r1OgTQWo9KgA9F-PzEfQwiK9Mgm-hIoQ33OQrNl--3sPUaiFNhtniIbMjrnTCKnr3pzEdicY8jdrwaD4oLDu7AuDFH6HPcy1JZpxHkRarrKL-U1bS7LAqfTtLkXY5seGG7x7fvw3CgRKb-Rzg4-7tSsAoIVOcKa9-daMqXmhYHefkATfdBro-7409Zd0pbQRu5nVcKoBUb9yNvv7T7mOYcSpg4WSdYqhIZDj2WaM9fAattyt6iKUeYxDL6-UuXAGAxxDIXsfnb3oZwZjKT6-W55KXdwbjFhhPwkgfd8Rf-v_4Zl3u3u31_S4Pp-C6hRB35g8P1gmlcshHhlivgSLOYKsz4xjkJXS5FJ5yQ67EOUX43NsMM87R6fYhswa71jw0VGlkOVe62lJ37BxVr6Bb2RRR-umG89uTVKszvAXJHA6MMcrSbqVYvnBudOhWD_037MTbfVIEbp8Yg7UhyDFqITdap1DjmTGKkp9UlmdwzX6pOJ3hDW2S0rsgq47mXYe4&cid=CAASEuRo7iqUoIo2Xu8fus6tb1BPpQ&rfl=1%2Chttps%253A%252F%252Fwww.123greetings.com%252F%240

Requested by

Host: www.123greetings.com
URL: https://www.123greetings.com/events/dance_day/?utm_source=Email&utm_medium=Special_NL&utm_campaign=SNL_june20_events

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

796afc03a1870c7dc1e15d01e2f28a1859e33ba50219bbeb93a5ce93a96bd870

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:35:25 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28481
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 3061 42 B
63 B 16ms
15ms Image
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-AnKW1rSYVgTfKlT9suFqgOtUfUFyLqg2kdhhr9BcOIZWHyNWLCz-4FWfLipxxkj6VCAz2Wfa-dUQakozdh0OWKbUCKhkinXwCqlz1alRyhQxghNO0

Requested by

Host: a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com
URL: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:35:25 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210830/r20110914/client/ Frame 3061 2 KB
1 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210830/r20110914/client/window_focus_fy2019.js

Requested by

Host: a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com
URL: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b6f6d0902ff385f68ec17c4c059d4fe89a0a08f1c022ab70580ea8552dfc0a11

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 03:47:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2891
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1339
x-xss-protection: 0
server: cafe
etag: 2275704724217174249
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 18 Sep 2021 03:47:14 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 3061 122 KB
37 KB 19ms
18ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com
URL: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0299ce766df424b69a25530d8afe7c2352cb6240c7510fe7be67d8cd53bd3467

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:35:25 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1630496346997469"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37796
x-xss-protection: 0
expires: Sat, 04 Sep 2021 04:35:25 GMT

GET
H3-29 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210830/r20110914/client/ Frame 3061 14 KB
6 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210830/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com
URL: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

114dabe187311ee2e303549831223ef80d06385cb854e2aa1647ec1e0ca148f5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:02:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1999
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6183
x-xss-protection: 0
server: cafe
etag: 901432759052127119
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 18 Sep 2021 04:02:06 GMT

GET
H3-29 204 l
www.google.com/ads/measurement/ Frame 3061 0
0 16ms
15ms Image
text/html 2a00:1450:4001:831::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQ7y3PjUCPD0AxstdW0GRqymP4LJiI5E2m7qqosXOcvTdD9i5z35nSKuqvBvocMU3vhtqBee2VuSNIQIZvfPwXD9G9sxQ
Requested by: Host: a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com
URL: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:831::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

GET
H2 200 abc.txt Show response
static.avantisvideo.com/data/ Frame 679B 20 KB
5 KB 26ms
7ms XHR
text/plain 2600:9000:223f:1c00:8:9ed9:9c40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.avantisvideo.com/data/abc.txt
Requested by: Host: cdn.avantisvideo.com
URL: https://cdn.avantisvideo.com/avm/js/video-loader.js?id=1c35f5e5-f7c0-4c97-8283-6c9f94ba8c53&tagId=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223f:1c00:8:9ed9:9c40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 2468d8defc10a0ab4f1c4cdfdb085d486de1d1190998cc1b0ef86f0540da2d34

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain

Response headers

date: Fri, 03 Sep 2021 14:33:58 GMT
content-encoding: gzip
last-modified: Thu, 02 Sep 2021 14:33:35 GMT
server: AmazonS3
age: 50488
etag: W/"f23827029dd04ecae86e39a98fd24430"
vary: Origin
access-control-allow-methods: GET
content-type: text/plain
access-control-allow-origin: https://www.123greetings.com
access-control-allow-credentials: true
x-cache: Hit from cloudfront
x-amz-cf-pop: FRA56-P5
x-amz-cf-id: H0b4HATST51pez0sudyhQ6XdGWMFIMOJ5qphmJmpdW3h0MoFXp418w==
via: 1.1 edffe6978db53d114a80cda421e0b6b9.cloudfront.net (CloudFront)

GET
H2 200 abc.txt Show response
static.avantisvideo.com/data/ Frame 679B 20 KB
5 KB 22ms
8ms XHR
text/plain 2600:9000:223f:1c00:8:9ed9:9c40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.avantisvideo.com/data/abc.txt
Requested by: Host: cdn.avantisvideo.com
URL: https://cdn.avantisvideo.com/avm/js/video-loader.js?id=1c35f5e5-f7c0-4c97-8283-6c9f94ba8c53&tagId=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223f:1c00:8:9ed9:9c40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 2468d8defc10a0ab4f1c4cdfdb085d486de1d1190998cc1b0ef86f0540da2d34

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain

Response headers

date: Sat, 04 Sep 2021 04:35:25 GMT
content-encoding: gzip
last-modified: Thu, 02 Sep 2021 14:33:35 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P5
etag: W/"f23827029dd04ecae86e39a98fd24430"
vary: Origin
access-control-allow-methods: GET
content-type: text/plain
access-control-allow-origin: https://www.123greetings.com
access-control-allow-credentials: true
x-cache: Hit from cloudfront
x-amz-cf-id: rDkrXmYJtAMa-PLxNGi2pGnuMlpXkkdYJSCU6Axb-HJPNWT6BBJ9Yw==
via: 1.1 edffe6978db53d114a80cda421e0b6b9.cloudfront.net (CloudFront)

GET
H3-29 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame D4B8 499 B
334 B 22ms
16ms Document
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CJjjZhCPtKICGO-61JoBMAE&v=APEucNXqJPToUUtdNH3hBQKyRPCDOVjmjEsbw3yb_WSj4Ww7gl_tsIdBackYWOlzT_r2SxM9aKbJ0kOIJDVtc8Upi9sU-8DtJw

Requested by

Host: a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com
URL: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

583eda12fed77c078f7391866e53eedd80aec5b9b178a3537a3c4c3b09575485

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /xbbe/pixel?d=CJjjZhCPtKICGO-61JoBMAE&v=APEucNXqJPToUUtdNH3hBQKyRPCDOVjmjEsbw3yb_WSj4Ww7gl_tsIdBackYWOlzT_r2SxM9aKbJ0kOIJDVtc8Upi9sU-8DtJw
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUkJc79v1oKKr2h487hu3YeFRps7p5h5X3Ay4LPf-v8_IAentMVSu6BTOVTK36k
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Sat, 04 Sep 2021 04:35:25 GMT
server: cafe
cache-control: private
content-length: 313
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame A9A0 70 KB
28 KB 45ms
38ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CgyL8juo5mN7xTFyiPS3pFt1kmwd1Wx-xoSlJhBSqViM8-CVIP7KJX9WKsfyUnY5tvzfG4ExIiuyMV0gI3G0ANXWK819NZdcYvYPb57m6RJ1GWfL93AHjl0LkAxQGEMPvo4NhUziY_73x7ZZhap7bNFXZEeg&dbm_d=AKAmf-CKvAM0hh8M6tfe1MNsKp_PiR6bZzUczwuQOUo3oFrodrsoLM46lHorcoujkhDFm4IkU5nm2CEaliX_uzN6q8Q2AIEoZTI9N23KJCrI9aDL5CU-4e_OuXjVugGwYoKR_MFOGjMgarg6udMW5EWh7udCO075azp5MKBt3MudheHwZdgmKUHhm3kPwxup73lbK0Zt9TaYwHCHwXxDkCSsV-T70zlVPPEcst-ZtxB1ju8xtDiRvq466FOPmVt90Pmpq8ycnSKd4QZX3scLLkVNqO4tuqQ5EVPyLn8EWa5NUP9FQGlB635o6Y7hOv7p2tL9Hy-g2ffdy0Jg3__TCQMIc25sc1Z-N3PYhrkrfJWs1ui5uHjt-kw66n-sjtPmmwqz9qokpY2MPPPJZVmkIXJ7xP1kqQrX3R8m3iZD5yZSb3R-_B4-tFwBmM3O5fCL--ULlcfXuNMSpcOpcIv7CdhlV2CSYVRTjhB_Ocx7T-KipeHCsXDVp9KsguCAzS_lfD7hBTv7gvMmqVlQMEnn9ZrumfdiD3I-lGBfE_UCyU5AiAztziqa7PhJZ7-TpF2HCPfr6cQP8oxUJ03AaZU8FaaXflwSBZ58IUGAAy_DBk3mhxGJ3k1Ektn_UnI7-0x9ZXYeSFfzgps1X2-bZzwG7rViRr7UJrbhITp9l58Y_uwy3EAqzbZzcn_cwmibjxQfyx3__DNmfmd9TTd2OXSdfJSObZn6ooPpdhGbPRwKXak-Dwf4Tx201-9DjrM7vmOHeoGsQWcNJI3VN4Cqd0PBQq_EL4z0YARie-9IqHlUzSBq7zXbtJc68095-LMA77QfTnivFzM7hGIbus_7odUcoMcdJRckc5yvWaZsyn0jYFJlR3BgUgHYCA23ED99A24xNynIiqzP2U-VQzjvVBIiWMxHwE01y_PbJesJHEwbtrIUFRWS1oTuBn4ITvR483fmpzYwLtoomPvFv_cApl0yrifpMEc6E2DCPyESewxWmeaS2NlORkPhoA-ZPcwKpFAFhaEjoNKwUAw1W_X8Q9oAJscErfnKBXiNlXIkVhAux22qCywydw-Plcv9L2vLcut7N4MXJ-3CDtUnbuqb70dNurRbPDUAHDxIGrQ3QsHDbe-kJhEMMstZ5gvzzhZTTAvc-DmKnoBl2rJIp5YmYOyznHL5-ROmW67Yeu_GYhTwEmC-v_xVve470EJFxsaa6KZ8Y5C73sqZ2oMOa5to-dhiFKB3EEDJc1tfF0WgEmR4vbscpBR1emDKnqrJxFvh7DjOS9AcKE8vvK8LGdB6ApO--_tywPyQMDaqwu6GEQ4u6B-COhT3wLORWbWwVipe9n0jbfXd2J2wpcbUsmo5_8QIG16UxsK_RdDrKP8wSrpkxtLRzntcWe08iwhhg_DwdR4b8SM4_RrM-wQAO1Ak24I3uu7ow23lnyjJwjgauXTDeVwbXDhAM8-S4V3GOVlZJdpI2OriXIGiClSo-0_4SrB9lGa5ARrcybHvYiqAuS30PLrXfCeMzHp3hRBlqFMk2zqPMyIbn40RZiZDnn9mHLHkbAVWBm5kmrjKOIUx0UlcPYwOZoSETvMpweOKNnq96ik_7dB1CmqtPMnTxUkP0vrRgmBPOme9gccUuosSacAvepNG-RLDxj1JVQzxk1HK2VVpqXpzMQ3P8_mIwzPBNgpNTX_EbhRl8vzksnes_p_2Iw0rS9no3CMKacfdDuzbapV7RuO0PoW_zqf1i6Dt9Hd7x4Rbq0V99eYeaOcflty3nth9gKFucsvUNYpQtTLEbfw1A_XBypQAcV0a9ZROrrZDT89jEYeJbAp3XlrFRo64fnLCGfmVRE4JvWou1i3DjSvHQ1kkcIjl4sI3TdAwg-N0o7zh_ZAb0UidzKjrtnbKct69U1bfTxdPFdph9srIZ3PWPaGrjdS-ZR0FkEqQ32rn9ZDNwQ7xFLjbqxCiQEnhTbGlabkxjYX2NQTeZX1gSUQw173IJGYFs1XaX3p_tAVtXcIqHS5U0jUU1xA4nrX26uCNI0Y6AEpT8hQ-CL93IBWZDY9X_TIvb24uI4cvo6MuJXfoi7J_VkBTU_AnKOXBCKVc01ItKkZYCjlYScy0ZVbtANoHVOvCh7IhiUvTcEEH407d5WoPmSUq3FgNBTqoiLqA9N83k4zeHRHj5K07DxK81u6MIahQpphzDXMwiZ_pcJw8ISKepoJMdz152EJmmM9KK7YsRfZ-7uZJock94k1asEFG2FLcKgWk9oGz6vS-4m0hcIEtMpQ7VjJq58PnzzTS_PVgIZP92sKCqrjlYrjOFx_AxKuTL3_4tnDOMArLNbpEcMe6N_-RZmXEbG1UxBse2rYOY_tASmsEPzPzDY0aujLMewt-gNdQjT0j2C5ofRlAew2rFs9_QKTP7M3WwecA2y-uEu6qpFXew3iAhTGU9mE7Xwlc-DQPO0myO3AeVGJRAnXKuOEDkROdxvwxD2N5HwKRzrW5bQdcsBoA44somfu7zlBIY37PJ3guFl99qQSz0vKzRTKlhABD5qPXfUyoZe_KFJUgyhDEhLIeOnESTsF-mOPW2FnZxM0GdGXo9Tl4BHUZPJfQeJKC7mbXX09GdJi8qAx0XCQMEKmfVfF0dWEEYYSBf3d5AoCrx1WeQO5Lm3-ko7f2ZNr37_wW5K2GDl94IU0Z6n-n7jYzRdNHyZYPYSx5KLEnP9VbNx1PDdZQKxGGwCG_sf9v_MOwndD-w_NDkHIHo2ZT9NYldp2SxphonNHX0q0259oGXEKZn2My4LuN5PCoQJCCwjMp_GhYNDDov6jTSHbEekQX2F_gVzjnQIgLWF5hulULw0yTE9_h3nI8V89IpaK9BeUgnduv1S79tqhJcPhWfhiQqlXS3COOED3Re5DuvgmnHQyRcIOz_a3ucz91752hwDoX5CUPAKjOmkpax6kexiNXOBcEeavmXU4UKml2ppStoFOgY731ONvWe5_yaotrBN2IQBvU5oP-pKXEVCY4DS1XFmyjcH2xi8XUOfTUOh4-ITk_5TrTo-4UjjcXncQ12Sur69JKtS2NBQPFcmsB5hG8es44wFeudDNhCj8Skaa_pfDCFiB83MDP5q_SMBoLXQnmxhL2G6mX5prOzEnTGOE9olLLwVSmoKFt3K3jx4_ce9mGNoVS3JSfs_saRvGNuJYfpurYM0lLQdWPaWpLgHK7GY4hRAx8fgDPqDaE&cid=CAASEuRoTKpo0_gcql_luvr4S9nMhA&rfl=1%2Chttps%253A%252F%252Fwww.123greetings.com%252F%240

Requested by

Host: www.123greetings.com
URL: https://www.123greetings.com/events/dance_day/?utm_source=Email&utm_medium=Special_NL&utm_campaign=SNL_june20_events

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ff79cc485d95ad5cbea8dce16801d6fe848d6741a6a8c76d361f6770b7bf0d40

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:35:25 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28503
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame A9A0 42 B
63 B 19ms
14ms Image
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-BVP84qSv55-7xOgCoodaiaCErWsQBZPHtcsDR-f3NVezD1ZmaJvIGhB6bbFhLyz2P00aSMtL0YuWwWxjRYwcvDjkDHMKFbXu7RlJ7GPfX4LV-7fHc

Requested by

Host: a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com
URL: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:35:25 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210830/r20110914/client/ Frame A9A0 2 KB
1 KB 12ms
7ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210830/r20110914/client/window_focus_fy2019.js

Requested by

Host: a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com
URL: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b6f6d0902ff385f68ec17c4c059d4fe89a0a08f1c022ab70580ea8552dfc0a11

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 03:47:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2891
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1339
x-xss-protection: 0
server: cafe
etag: 2275704724217174249
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 18 Sep 2021 03:47:14 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame A9A0 122 KB
37 KB 17ms
14ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com
URL: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0299ce766df424b69a25530d8afe7c2352cb6240c7510fe7be67d8cd53bd3467

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:35:25 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1630496346997469"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37796
x-xss-protection: 0
expires: Sat, 04 Sep 2021 04:35:25 GMT

GET
H3-29 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210830/r20110914/client/ Frame A9A0 14 KB
6 KB 10ms
7ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210830/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com
URL: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

114dabe187311ee2e303549831223ef80d06385cb854e2aa1647ec1e0ca148f5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:02:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1999
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6183
x-xss-protection: 0
server: cafe
etag: 901432759052127119
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 18 Sep 2021 04:02:06 GMT

GET
H2 200 abc.txt Show response
static.avantisvideo.com/data/ Frame D77C 20 KB
5 KB 14ms
8ms XHR
text/plain 2600:9000:223f:1c00:8:9ed9:9c40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.avantisvideo.com/data/abc.txt
Requested by: Host: cdn.avantisvideo.com
URL: https://cdn.avantisvideo.com/avm/js/video-loader.js?id=1c35f5e5-f7c0-4c97-8283-6c9f94ba8c53&tagId=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223f:1c00:8:9ed9:9c40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 2468d8defc10a0ab4f1c4cdfdb085d486de1d1190998cc1b0ef86f0540da2d34

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain

Response headers

date: Sat, 04 Sep 2021 04:35:25 GMT
content-encoding: gzip
last-modified: Thu, 02 Sep 2021 14:33:35 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P5
etag: W/"f23827029dd04ecae86e39a98fd24430"
vary: Origin
access-control-allow-methods: GET
content-type: text/plain
access-control-allow-origin: https://www.123greetings.com
access-control-allow-credentials: true
x-cache: Hit from cloudfront
x-amz-cf-id: d3Pgt2mRvl5O6fOh_CQVv3wMEl7Le_SYaIvuIaBrE0HXDs1h_cvf0g==
via: 1.1 edffe6978db53d114a80cda421e0b6b9.cloudfront.net (CloudFront)

GET
H2 200 abc.txt Show response
static.avantisvideo.com/data/ Frame D77C 20 KB
5 KB 12ms
8ms XHR
text/plain 2600:9000:223f:1c00:8:9ed9:9c40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.avantisvideo.com/data/abc.txt
Requested by: Host: cdn.avantisvideo.com
URL: https://cdn.avantisvideo.com/avm/js/video-loader.js?id=1c35f5e5-f7c0-4c97-8283-6c9f94ba8c53&tagId=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223f:1c00:8:9ed9:9c40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 2468d8defc10a0ab4f1c4cdfdb085d486de1d1190998cc1b0ef86f0540da2d34

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain

Response headers

date: Fri, 03 Sep 2021 14:33:58 GMT
content-encoding: gzip
last-modified: Thu, 02 Sep 2021 14:33:35 GMT
server: AmazonS3
age: 50488
etag: W/"f23827029dd04ecae86e39a98fd24430"
vary: Origin
access-control-allow-methods: GET
content-type: text/plain
access-control-allow-origin: https://www.123greetings.com
access-control-allow-credentials: true
x-cache: Hit from cloudfront
x-amz-cf-pop: FRA56-P5
x-amz-cf-id: dTBODw6ZUJex9tm6TZK9IoMXbsmYGtOkrfU197Jr_Hgh5wNyfoBdEQ==
via: 1.1 edffe6978db53d114a80cda421e0b6b9.cloudfront.net (CloudFront)

GET
H3-29 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 9650 342 B
236 B 16ms
16ms Document
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CJjjZhCPtKICGO-61JoBMAE&v=APEucNUGKEasJuo1XMAfavxNaib5AIMESj3moczF3WolZejU0D9gNRxAL0SSXqrzZHRZu4owyninDxy4hqCOtBPcbVZKRDKezQ

Requested by

Host: a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com
URL: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5d6b864869c19ea1f500174a8dc3f327fd5fdc7e8f92f569788a6744341e4f27

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /xbbe/pixel?d=CJjjZhCPtKICGO-61JoBMAE&v=APEucNUGKEasJuo1XMAfavxNaib5AIMESj3moczF3WolZejU0D9gNRxAL0SSXqrzZHRZu4owyninDxy4hqCOtBPcbVZKRDKezQ
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUkJc79v1oKKr2h487hu3YeFRps7p5h5X3Ay4LPf-v8_IAentMVSu6BTOVTK36k
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Sat, 04 Sep 2021 04:35:25 GMT
server: cafe
cache-control: private
content-length: 215
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 8759 70 KB
28 KB 36ms
36ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-Cad9LAsGn1WKkfwVwDoeSMRsVDgnZwNDIEKaBWm5E34isF_E-SAAl6F-Y5JOzZ7tmiL9ZzNZLUFnEUCnREqxENufoHOMb3XwG0xkANZz4sDJucb7VdUA0bB32Ha4mb-u7FBlwVRUsRgQgChn7ZyoinNKP-Gg&dbm_d=AKAmf-DKgaSjTRc_eHbr7T3kh-WpM6QkHPXNfeL1iN1Ix20z3fQ3XE-8gHoKcoPJfwUVezrmC4njm7wVM4NuljoJ541Z9164JfL5EoKitMH0SvDXgR6jEhRHDXF7bRBxbNXLZj0bKqDSbL7KrGXTJluFS5TirKu9YqAnIuhtfPDFmyD-_sT5gEH6APmz2If0V_FZVEh1kktRg3E_erzmeKMHUeJ3pxtLI17ScsVDUo1oHigEtb2cVCxNokAfnM1NsilH_dKu0-AjREWfh4_qjACzC8Dfu7S5hgRY9OtB-ODzb9ODobRw4vMW_rvnKeSMzmx7qfOM44YvJxkSKcD6GMKjhTcU4wUiGwRZK2WmGrygWDSQwSruj4WsmY8mS4uVjsd4ljqk-1EQifv2cfnUwO0GQ5cEL0tgxRS3r0IijtjlCRtV-4Nr_675llurcvjqc7Mi8yVhNFlzvB2DXceop3e42lizGrlhXxYaJwSivCMxj90EkwL-z_NWX8TzAgTPOqZ_4ZxozYzuNFCNNacmTrTfXHjrhgOxWLGZNsCrth2YJF2tcckFGD6dzcj_s8XP8JF-QqxxNGE4JSBRt4CKoc3e7OlyICcU-Ow4yzF9LYJizF8_Uqa3e_IAIZc3WocUKylcsxm1xp5Cy-M_G2odyBw4JSOczyse-3nOH77TCrrr1Pk1eokEUQzbKcXEBQNibNVUDxcYiwNxvX7rmUIFzcNttu9ybu_dBrEzPZE1nA9M2JmnS5CFl2hzUYlm36lSAEkT7yvPldrOz9xk8QH1NK4WzPwA6PnJNuS_HFN1ti6lyWhz9MqImupc4zMDltaKNHZ8q5BWNc1SZqI9GJH-pJBz7FLw_9HrB-FpdJnXMzoylz8sjHWCNcW26BIUvC2WTFCiOIqQsLHZgD8vSJ9NAqzmzcke9pfPPTwTrQ52pRJMyt1AoScYQLZOz8cQof9pIJlZx6a_2DWZQMZdWj9I_MPdyEFopocOUnc21MlMZAHDFyOkneZxCdvMtxHz5xW1F65i_rc1So1vSjepXFrLCLL3H6qZXz_Ssg7YJsfrnw8vSlfoOq-NSIo2hCbQ-1UahGVcqUGgQNRzBvPUeGJC39qUAfYKOL10oy3w2U1RMobTwpDnIWGd-6_dnnx1bnAcw9z6J8J45x8EnWs60aBB78mbniDSbEzc96GkaUdBF2uhKX4MmyFNMQW-u9_aqqfeBBSEhlyMO1KdI0REGZno2Eh3Jt5IKmh1i5jlLYN2GcsPJ4Fr3c9XokWnDjfoJo_8QqkHwrnUgcHlSy8bJ2_ntUnhql7FIuBB2Jlu_Y1QfGeXBH2V25q3cTXBxVEV8MlNky3OwgqT5Mj59umya2e7dQAbyQZOeOGiuJdbrwTbJmVk3htOfd-TcVb5CASl6zBlpizTISqAwe8jVH3QnQCV9tlcJ4Mww3DQ0Ey9j7CyPBjQJAzm1MGM2F_DSvGypFW647fOYTJFRGGZKIUD72u1W9IN-F88h20bzE7zJ_1OBnYAqNSW4vU1F564UQ29apZWbQhV3yz-tszY3xVzH5ZOtxyLTKbyYollD2xf_PuHw6p_6jTfAbOqah-kfVJryyM3R3VKwVOhrjZG5FlQnEcje9saJ01DIGlDau6ngNvoYIMcbaY4fjHEKnU1R1eXviqnRrbRrEM10e9pQD77pjnU4dAA4VprbE9BnAypj1SsEwA4ZUgeFI3WhpbgBTpcSWYuY0JxjyMzgM_MoEODjDUDcaq_YRippZA8vbkuD7yxlPhb6szh3lli2iqgXnRKuOP1-2C9NAk_d2QOiUl6Ag_HWRqvclPvy1KSiK0qPFAjjZC_2BrsB9YtgnxbKz4TfRuQ_ik-pM3tlqTPhcaVCnHwNhiPCD6JPT_ADksu1ExYphQY352azO4a3tWiB8P0yOHys6sbuddBe5k9aA6jbDTBXCrmHQ5PNkvy8Xz7rlQnx2-T7hlaZ759WXv354w7tumlqBWAOeJxyN26ECokLRa1oT3_etetNoK1u7rYuuL8ujHWlu8K8XlsNq1b1pYKpeaT5Es9oJewA81xGf3x2_LlqxtE_P3Y0g8fX3dOID7S5lTtDTigYYaKt60Gf-EosXCO7KuZpvbgVXnpN1sozzUTt3KJNBM1Mx_ZvILfy2zT2UiL_mk2IMAFLxE_5eDx4bZPhaz0isenkWD-iVuoLiHLsphMyhFs9bD74i_5h31gNed48ggMo5yNxc7geMGNG7Vb6te5s_zMRF_BPxxKgKe525vEr_mmSkULdCsKx70VDuD_Z7m5yu5tz418J8UGwOZ4andlF-a75yINp4CSBgSoaxENqs-MOSzoiTPwX-LDZJm3Wzi0WCnvQkDCMqxWyIv4IAl3rvYnEP8FXaCQkiYNFdJihLZpy6CHBmqKV7Nystvo7GvoTRuTGwJsBJK6xP_wwos1lXROStqy3NUDOuYMuoa8dSnCzlEaN92_-RiXohXk5JdOzXwE39fPSGYu9JnfzDQ8fivnkFbHLk_ZbZinUKZUc4eDUgaGmhJwFcF5IH2vhpk8k6eHbGqmNLK4t--SgT6XSi5w6LGuAqTQDvU97jT1hyVw3ureAlIWPm7VmqRjp2z-yKQOAgSA076mgy6N7xeZeuJDk2Zuenxh3k_V3ZsTmFc4KfDXGtAb57b5wVQ-L9h1-G9pK8vCjTIG39s0RR_B35EIxaPxGP_ITFWiZCeFermHW85FQcgeU5hmPFQLk64ipwxpgdyH2hz7gac1a7g62ri7WDNhFCs3xFtPwLsz1kGf6jjp0uMTx1b2vbcUJN3NWMKB2qc3QH66VBHxg4_AgYNEBs-9l9Cpp-QFbXiw9_23w96ObKgbC2AjgMIPy6gyaRlLV5FY1HEqr_1U1Z5CiMFGT58Kz9ICAfQgDejbgL_BINYTKoHvoeFU9gKJygeoXaKt9_uuF_kGiJes_zWFHE023FCXdRYsbn-XgVFY2P9s8EVFhq_zV0bz5E26km5F3-RvXdgYBFw35fwcsfI5_Hf7GFKvZ1JHP1oeyMPMmqckXCp_zozDH1jEOcrNrqOZHmY5kFEFyAxDM_J1wUIq0lrCf5molCnBJPmOuoIz_s14HS19NuFl0XZ7MZJbDFa6Me9ylWiZ6FYBDFxEXaM1w5qV3Fw0r0p9s9cH1y8fGBtQ58qcdG2-Ck1jDjlSfEDodL-MfDE&cid=CAASEuRols267zHqG-ryYHFjPX2vCw&rfl=1%2Chttps%253A%252F%252Fwww.123greetings.com%252F%240

Requested by

Host: www.123greetings.com
URL: https://www.123greetings.com/events/dance_day/?utm_source=Email&utm_medium=Special_NL&utm_campaign=SNL_june20_events

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

11439fb0f78d913c4d859b82ddb2d4c44fdd7255fafa706302285e3bc38e8201

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:35:25 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28541
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 8759 42 B
63 B 15ms
14ms Image
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-Bl47QYKg9vfO_swKZ7QZhxGDIqLPVgLuag3ZWGToiS1A6AUI6mDsrAxvhvNxU8lVZyxc4yvmUonvBanNeIOHXiFv7jRzHgfM61Msy-3wXU49lBcwU

Requested by

Host: a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com
URL: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:35:25 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210830/r20110914/client/ Frame 8759 2 KB
1 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210830/r20110914/client/window_focus_fy2019.js

Requested by

Host: a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com
URL: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b6f6d0902ff385f68ec17c4c059d4fe89a0a08f1c022ab70580ea8552dfc0a11

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 03:47:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2891
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1339
x-xss-protection: 0
server: cafe
etag: 2275704724217174249
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 18 Sep 2021 03:47:14 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 8759 122 KB
37 KB 25ms
24ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com
URL: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0299ce766df424b69a25530d8afe7c2352cb6240c7510fe7be67d8cd53bd3467

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:35:25 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1630496346997469"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37796
x-xss-protection: 0
expires: Sat, 04 Sep 2021 04:35:25 GMT

GET
H3-29 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210830/r20110914/client/ Frame 8759 14 KB
6 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210830/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com
URL: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

114dabe187311ee2e303549831223ef80d06385cb854e2aa1647ec1e0ca148f5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:02:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1999
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6183
x-xss-protection: 0
server: cafe
etag: 901432759052127119
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 18 Sep 2021 04:02:06 GMT

GET
H3-29 200 view
securepubads.g.doubleclick.net/pcs/ Frame 679B 0
0 62ms
33ms Fetch
image/gif 216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvtZCxAph786VF77DeyEVb55UPuud04-wyI9ZRQdeYMVtOYsoNCirf0L2QPYzoANlVLeoWWuBQcwzMICXaq5me1AOPxwJReyxfLU-u6Zqa7SQT5qCBl9Q6muMD-nemafivv00s-HVgH2duKUrsqpwv0-Id4kneuFCF3Ec5NtaDHSvtMzZAym9qEjoAOPC0YHQjx1GSpZFMxHteWct6W4J9h8rax6cr9aA71_SL8ZqQDtKEuFMOq1zUPVkyUD0iCAUYmnFvf_1W9AFuxW7iJ62n9LMKr28qjeJFiAHYCe_foGGnCA1AFOB5EJNMGNz30s1icBYMnCVIkPTZwMxgZG3TK&sig=Cg0ArKJSzEJW6IX5z0usEAE&urlfix=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ%3D%3D&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

216.58.212.130 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s46-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 04 Sep 2021 04:35:25 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Sat, 04 Sep 2021 04:35:25 GMT

GET
H3-29 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 9F4C 2 KB
2 KB 7ms
6ms Image
image/png 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012108170213000/amp4ads-v0.mjs

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 03 Sep 2021 11:04:13 GMT
x-content-type-options: nosniff
server: cafe
age: 63072
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Sat, 04 Sep 2021 11:04:13 GMT

GET
H3-29 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 9F4C 295 B
319 B 7ms
6ms Image
image/png 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012108170213000/amp4ads-v0.mjs

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 03 Sep 2021 07:57:47 GMT
x-content-type-options: nosniff
server: cafe
age: 74258
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Sat, 04 Sep 2021 07:57:47 GMT

GET
H3-29 200 view
securepubads.g.doubleclick.net/pcs/ Frame D77C 0
0 52ms
33ms Fetch
image/gif 216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssmGw-J7d4OEEUdN6fyBP9mo24-3m68_uZc4qYNAG5yjD2E7w61LPwquBt_qFOP0kUBE25J_BnN4T43A5OjnlUb9IEhRjW7csBACJvoz4D-0N7I4KcYxJmx6hseAqdPilbvUT88c__3VkMDoTv2eyEkuYI6KjIBmi1OPmytumhEiaetzTnvWxJBdd77zsvD0zMvRJA0AZGuzZP-TrFUN1X72d2JB3YnmDUWFGrfKW6Xg8RNCcJiawyTW4t01sOigBn-aOE0yTRf3J5M3vVbN5k6jOgDt_vfjCV5o5aVh4G1T2wUjGE8yO3hs5TiL_x0LMjaVGuZbTGHARYVv9GXz5AxheFj-PoRbKT6&sig=Cg0ArKJSzKAA-zybSXCJEAE&urlfix=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ%3D%3D&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

216.58.212.130 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s46-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 04 Sep 2021 04:35:25 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Sat, 04 Sep 2021 04:35:25 GMT

GET
H2 200 u_d.html Show response
cdn1.avantisvideo.com/connect/ Frame CFC6 42 KB
15 KB 36ms
6ms Document
text/html 2600:9000:2240:7c00:1c:38a0:8a40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn1.avantisvideo.com/connect/u_d.html
Requested by: Host: cdn.avantisvideo.com
URL: https://cdn.avantisvideo.com/avm/js/video-loader.js?id=1c35f5e5-f7c0-4c97-8283-6c9f94ba8c53&tagId=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2240:7c00:1c:38a0:8a40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 3fac6fcea268523d827b4512f268a9bb1df0479b8a4603d118c9e4df7489a038

Request headers

:method: GET
:authority: cdn1.avantisvideo.com
:scheme: https
:path: /connect/u_d.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.123greetings.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://www.123greetings.com/

Response headers

content-type: text/html
date: Fri, 03 Sep 2021 05:41:35 GMT
last-modified: Tue, 30 Mar 2021 10:01:49 GMT
etag: W/"f5694815436f3e426c35d9ae8274ad04"
x-amz-version-id: Ftlos22uEwPvOcBw5odXpMxKfkl_0T1Q
server: AmazonS3
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 9ef1b108656dc6d0707b168b862883dd.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P1
x-amz-cf-id: Fg-VE-EHFFth3uAm87AJgER90LzR9bz85Izr2WCMzqmty4LCIqBNSQ==
age: 82431

GET
H2 200 u_d.html Show response
cdn1.avantisvideo.com/connect/ Frame 38E2 42 KB
15 KB 33ms
7ms Document
text/html 2600:9000:2240:7c00:1c:38a0:8a40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn1.avantisvideo.com/connect/u_d.html
Requested by: Host: cdn.avantisvideo.com
URL: https://cdn.avantisvideo.com/avm/js/video-loader.js?id=1c35f5e5-f7c0-4c97-8283-6c9f94ba8c53&tagId=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2240:7c00:1c:38a0:8a40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 3fac6fcea268523d827b4512f268a9bb1df0479b8a4603d118c9e4df7489a038

Request headers

:method: GET
:authority: cdn1.avantisvideo.com
:scheme: https
:path: /connect/u_d.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.123greetings.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://www.123greetings.com/

Response headers

content-type: text/html
date: Fri, 03 Sep 2021 05:41:35 GMT
last-modified: Tue, 30 Mar 2021 10:01:49 GMT
etag: W/"f5694815436f3e426c35d9ae8274ad04"
x-amz-version-id: Ftlos22uEwPvOcBw5odXpMxKfkl_0T1Q
server: AmazonS3
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 9ef1b108656dc6d0707b168b862883dd.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P1
x-amz-cf-id: 4quPlHbOjC99UnMvB9JToCvn2OK0UKBZrSh7FU13LxA8Kz5ywj0saQ==
age: 82431

GET
H2 200 express_html_inpage_rendering_lib_200_273.js Show response
s0.2mdn.net/879366/ Frame 0179 114 KB
40 KB 27ms
6ms Script
text/javascript 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_273.js

Requested by

Host: www.123greetings.com
URL: https://www.123greetings.com/events/dance_day/?utm_source=Email&utm_medium=Special_NL&utm_campaign=SNL_june20_events

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2bc98b5956d216197013af35c909aa49d3aa7c26b48de9e9930eb4bd6b846391

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com
Referer: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 03 Sep 2021 19:06:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 34116
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 40185
x-xss-protection: 0
last-modified: Wed, 30 Jun 2021 20:54:50 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 04 Sep 2021 19:06:49 GMT

GET
H3-29 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20210831/r20110914/elements/html/ Frame 0179 8 KB
3 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210831/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-A8IA6z4ZmdSoEELpDjnXBtqbk9BriiEyMNVmnmTd_gXtCd7xN29vgzbpNheQLk5ibfNoT4tXtJu_EbKIMe1ZS6s7EV9UVtP1oMckdcCv8P7MB9VXiktkbcMsX9zd3ppsMtMvY0oNfZj4T3fyEmTnY6yOaSJg&dbm_d=AKAmf-DINKNf1n4GTPyOZB-pON2fQK0JzoENgBaMQKp_7KqpjJxHh9dqteVndBb0w3xgrca8rrCdnK_Qhg6I4d5F0rNXQGgKmiB1lAOTOoS-63J-dVKQJwp_tTRWI1tKTv36tVWEXDS_te_hLf2PPbH2hMr4QGwae7PUtBWqragDx0YZiA3Wd1bt59IIvqp3S_grAy65ru9w1oJElwUhlQrtN0b7Z7pfK6XfaWmZWSO7GsFSFTmmprpeT1yt0nPhzt4IeqVpGUsqa5ARWf6f6vzEHgcnFQnpOTVmLF5t2DeOSBuUdHWRE53yFZcdcDY_4meNxPrt4XxnA8heKnxHN8CwpQXr4mjDHeVQkCByNjPu7RKz93K7-AXjl9Eicqrhu89fPAXotKecN8wTn8Cq47vVLYB8QWC9uDXii_OT2wGnOCdzS4Ow4rP9w12YRMC0M9liAfuUEuMdeA07VugEeALPO7PpKMI4XvI5PoEWfvtjXK_PGnIwLw1GfO0N4I0kr_pg4nnuaaFoaA8ADHm1r3btHiSRA2kU9vxCQ8Qx1WUophy110z1HLPIq0GUTyb5x9Kv9Tw-xs1AoiDjnOE_CYEu6c9EosSVkHKPNWoyLlybHuz3bfH_lmeGQI2UbDzlNm_OJC4LkyW5Af589xS-phi7qvK7V76RGesc3zSFl2MYvDVKMP-D1JbZHEDUl7ND5Vyt6bO_axVjTfZpoHbAZvHw-Nriochc1-4Emt3MWVe53nFAR8JX5a3B4m5MId-2jXEHykugD1mkBXorJzNH7oB4n9WXelQJ2F7V7DbyTjMwYYxQkKVsF7LoUtZnBA0W2FcA1-GknuDVOEOlKNfFgqR17VjKmsQWK0vDfpPa-dcVGqEAzHrh_ed65-vox1FrHbre5q0KDjkB37yQCsvUCmxG7nTqk39e_yTCaAN-oHt0DKxF2xCbE7KSDfj7SGMxahAP3dKUKUu2YmOlqpQ794NNR_4Lkk-7ynh2xPUlqD5260nNSdi2urBHRlugMF08UBI-qBwL8-SL_OCs-YNBxjIsq986479Nxo7qGPu0V0BYcTU3Zvk9lxzlShvC-lz08NHc5mFSxtxMDUsGIk3C4Hk7SepaCNLqMpGiDzKunRqb6bPRzvKzrzWFr5Pdibrqt_swU8CiOCyYezRvm5l7gS5IbBSQ0iQEqQmdmdWDPcin_rN5HXqbZHylkWHiBYEiAxWKk6YIDJY7hqQu0X1gL-25tEwCr_W3j1XX0q5E9wjkbeKL3MkSyIErja-y7CWuhmvBDEq06_XQEmQmTkF9k7zzh8dIbVdhpe8KEf0n_SCCzkZyrSZAz9NOsfcI09D82s9INc46CSUXgqP3UpaJ0GZJbzlv-QXIVlPqOf_zEsb8o7NpT159E_5Sq1lLPbUvPe9X1DXnFTXHBTAPZOvAPekZfaUiYMy9gWWvZxJE_I8zau2KaQNPyYUhLGxI4aKEiMhBt7FYGt6rUBAMvs7xL6yYy0jnlLC2QSap4_BKLBq_y9vtBh33x0NAQ8hJIqM6Z5K04LnEsAfUCh9rUqmqQ8jWrhrBgmWiPsow6BRlND3dbrA8JtNLR9kXPGs6PRbuXj3XIckjm47-vxG8ssL0jIxi3XrCOygZmz03eRCpHSalXZcIDRHmCGpDZ2HAMbKQ4Ho9yvKIY_d3PQMY3nRtLATc3Ja6SsmuxNcXrKYDYuQTJmr0sN3E8llFOxZLsZDBQf6G1mwqxl2nPDCKlwwTrvym9-f1lLfTN2AsqNmEgD1_UT4pOJhw-vioaQoneLvtiY91ztC8ZytpJhav0V3wg7Cyzx-kWZ44WspDA-03S6XERus6wsTPz8y8nduQkdbirmHM0gXI1pl7w4H0o_ZG_LXwiA55w-i6PJyGQkE-jZ1_wLKlNGb9sGCLG_2wQIRMHGWyC9uQD7ErV-0ewfBIcVzyHj2sQRQ1ez6okvo95UmFmR0LYZ-J2fFpn1_wYbIkMuS5biqZroRIQubndgfM3hj5ME4eQ6CBktWVbyTlbNns0-KmOveN-NQSNPC9PSqE8VD0LrNPsUT0lq6vjzqOLaZ9pRs4D0UrPtnPjiHIQrKNyIhrRN_QPBHV9W7tOI8OG9zyPzPQlW9cgx3USYZKixF-4WDnAwMMlQqPgvA3osv0-2meWy6FL-4Ox5dn3N-_1tGRAI2-126mXF23r91OHqPIjBfE8lNXtaWwWkEJxle62AOru4YHqiSOQo8W0jFKyPRfctvFoyJlGzk2pT6FhIzVaTq7ZI1AKVCxPhfvraGNzEejRapW4uSI589P9iF6iJ_lmNzcGiqCZwJ0zOMZsd58kqtFxTqClVffv8ul5c7bAmEWbEKG_oZTzC6HkBhdnBVAWiROxszZ8-XL6r3Pa5SCCXiWicVg-vacdrKOP7Rhdgnv_yLGcfSaNs-i4dDehTfdwVd4ghPsH_e-FW2Em6Lu7qoG3QsfM3NaT4IKkYeWxWDcdLWD25QLNhq5tEm8UUOEAjhI_G85wG8hm80mylWIBUkQtVyK_ACepKF79T2bqOPVgDs3BT-h3QXbmmGveKWe73FmDdtEloXNRv6hfz5o1Wy9Bqnrpd2uqTrbbk9ngpZyn0p9LDXomkoHH2kFK1zLLHm1un7PodpLhkDwSB3I-DasYI7xCpi4Fmdxi-irjq1iigAT89GWRCRI8W-sLvYMqVQZq6J8h4XBSg9z_P4kU8sZZeLWC-AxjJSMkEenEcQOa3XQtUQNAmhxcrGK0yIKZgwg9e7evNXiNaDfoYZ7KBK0AfRwhL8641VE2i8LCS-_7nBhSXjLe7RRHcQnLRnPiLlgtNFN1aL_ykE3cxEOAwg7rfDAFxADN7kS7ijgxfvWhF0YMLnpuJT9Ovsfg_GzOXjKgWOamXrY9wR8p0h9BYCkGI_OeomR8-XAbDpQzje4y3M9u2PF_S85A74_EdsTRQl-R_iKbL9I6M9jQV3fvEsdsrkufiPYNkue83eStY6NPcxnbzywmpk3EYjKCuD1sl4J-Lx9fRUYnDepfJnd0z-oYIBjYS5_hZ36kdz_Ox_WFIS31BFbiFPsjr76cL59XfKRV9KDTMNu3H6yAwK0vnofxWHdyuvZqUvH7i2wtCr0JNKMTHiANi3E_GxMUIPXpxWGdLsCPnMHuKGYWo_m5El9vocXJGGD4pUrcpLxdkMfeypfIjE&cid=CAASEuRoiJwivkXL3dCJw23rC_GwjQ&rfl=1%2Chttps%253A%252F%252Fwww.123greetings.com%252F%240

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

966ee1486939f4b7c9815a6ce8dd42420c5859a42efdbbd5b91aff45e0b1cc38

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:14:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1260
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3124
x-xss-protection: 0
server: cafe
etag: 4537136162986801320
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 18 Sep 2021 04:14:25 GMT

GET
H3-29 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20210831/r20110914/ Frame 0179 23 KB
9 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210831/r20110914/abg_lite.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5738c733f2f7b04e67edebebb67f01a2022d611ce73cbbf9ac15aa8186c6613e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:06:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1713
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9263
x-xss-protection: 0
server: cafe
etag: 16747441857000454541
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 18 Sep 2021 04:06:52 GMT

GET
H2 200 html_inpage_rendering_lib_200_273.js Show response
s0.2mdn.net/879366/ Frame 2763 169 KB
59 KB 21ms
12ms Script
text/javascript 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_273.js

Requested by

Host: www.123greetings.com
URL: https://www.123greetings.com/events/dance_day/?utm_source=Email&utm_medium=Special_NL&utm_campaign=SNL_june20_events

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2cff7ab03cb4e476b49ea05511c6cfcc71af6d5ed20d40e9b40ee31062149e77

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com
Referer: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 03 Sep 2021 10:43:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 64327
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 59842
x-xss-protection: 0
last-modified: Wed, 30 Jun 2021 20:54:49 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 04 Sep 2021 10:43:18 GMT

GET
H3-29 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20210831/r20110914/elements/html/ Frame 2763 8 KB
3 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210831/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-A9ytF8atEoEvarLXpZqP87FI3OniVDY968EYDJDGhVBTVUoz7W3gZWSsxeoWZhIwDIy2EV1qYvnzgtwbP5n2Vs53MfwnqmfYT-Zoh1a-nuC0b78GIOE_0m3AzWRlEE0071-UDgfQpotd4bX3tncQz_4u8Yqg&dbm_d=AKAmf-CZCx7LiK0iXKbPpEx1__75Jbn6A1YitLw7KoKwZciS3gwVlrBzPprXJoTWn1U8kQzCaEbsEuNPejiEkkh4OV6ZsKjcKyMY6rirb-g3nsb1mnJFiRb1-f_L5DbzlMUf9lxLPmNmK5AEqf5mWW5OElIkABV5l7MgP_YHy-2oUvhP_CfWAAt89XwoJCN0vB_0kFk5zgrJUeoj5vKni8ZDz3aOi9svLty7jWr1chYhluvRgNzLpFG4GK1SCZIoXKWRSZQUsulKN4PyQZrOOfFAlyq5-Zyxv26ola-2RTeuZYrQZrBCraOX1YyIxEfyx9V_67LjbpZaDFaPIrWzFqKEBESF4NQ0L6KJY9YupEBN5mcKEbRQcXCxF0SDxEEhmFKJFxKUuXWM-Ek0XgmnM7OdNx2jY1p70ZAZRVdlM-GDp9iDELulk9eVheYGPeB0WimajvbKO6S_E3fNrhiKXZ_Z2TPU0zzqVL8rnwH_X6daeSwMPcqUPSv5W6LZXdIJ7ZukkiWZaMO0aNFAXaT9W9lwipqeLdY_ThkPLl1WkkM3gYYYX9WtNSzTAJUufO1Ah0xpM8Y830LIX9A7b4JpER6XQ-8ohlzNChPXils8MWJAtL-jcLns_eWx0vqquO6NJ5TY6yd6Lt8HaNPxq3DYyLylbLKfR8HLPCHpHIb6RIJVyZ8egJK8WU4YcaVnap23rzZF1lYNh0O9YXhcjcq-oicK8MFzn6GCzXOGI0Xwue4WF5Bfig_EOsEMQKt813_hpZ8bhOLCIm56JAc8MNDDLzCkP_pkg_h6RpAB82tvwcBg4G6aGQhfLO6hi_ILOLoHyixKC3cdJQdo3acKh-G0ysexlcU241Hefq3lN00bCww2NpzjQar192Faz_3NQW3WSKGwFcHNb5Mr7x_THl5i9vD7u26v3RCD66CjfipKxcqddfpOSjKYIqvRiArVJ5CuYcstBGV5-5BQur-UPRLIyz89yyA8DpW6CUKto4vlo1_U32LGrwoXJlFnyj6LM7s0kFTz1rvzOV5YTA9kGQ-Qnug826HFNEr50fAVqnbUXFpiUYq9dH2FKdDcR7kOtEAepQB8s7dCdO-HCJZzFTUKYwtzFlChFT6WoBIeUsUMuekhRcoe12Vt1qk5zzdcXXMGbTRQsC_zfJtZ5TexEfZejrDTHKI3SuB4hDhGb2xKES38tnEN42V7DFSV18Ww1e4JnGvOzQn9tSNgpj-gFULBUsqCd0En8y1JJ55cUpIFPUyvbE8xykEoo0xpmVictUuVMaj_YoiHZliSy5GqUyIApDhljJHqtsgOvQYTlQNcFASWeDbBTq1kK_Elr0_Nw2s2Gr3GgosEI9dd8xu3W-l8VGLVlbupXWiAgLtYzcO0B-HTws5FbpgL_1zT7xEDuaBlZ3K1UHvkLdcMsdsdrpHZv3lDjKP0UHGaagyxwTCCfUxINqIqNRZof7uGho_lq3I6405I8JtpPRe4XtWuFGs6ltkkIPI9zrJ_nbQIbJvUaVi520lYyzcOUgI8GHkAz4tXxiiyN7U-4TTgnDOwJ_vS0bQfQ1NgUQwzKPeRfOTvA7zuJLySL9UEW2zYpIFNeVk5dw_phWmvbval7ul2NAi4sSBIgM2_BNLlwviFZ1bCkcrEi1q4VSbceP7rWipbTYgQER9gd9IN_PBhaU_7xfPSA-7zNrK2irndDZhyqiAIU7dQExyZn8PTmsfsvzQQ1tjhbJ6p-YA4rZlXXjnvRH2dvm_r9wAMexdZMVoSI_syWkiAWbU652SVchgrfJsjRn9gLeQ7ftC_Zsr_fDT8u6KhvQ_idfszCaO8ko4gqpUiXxgZJmwAINlW27uGuYDrEPf1jhuA2cW5inWOp_kOhMIXiQFj_gS3f3shySZvnkl6idC6QvdkaVIzPtSqjA-enN86YPTdy0j9aVCLKc6u2si6gXUkxr1tkaF7FBabJGbFfUeD6LfgrhioOiJUIecxTwLy1GAtzlfBKWAVUiynPyu_bugiB2rW2KvrviP5o8NHimYOjJbSRQDpuG-KSPms9KEAChEkFS3AbVCMwlvlcPBe2g7yoQb_lMqEee9t-FBMRFFuwdxpf388kYjyZj6CXVLc3MaG6R36S3JS8cd3RZYePzwMy_SNttEU3EocVmqKXOAlC2vHVM97YZiYAUnO9ppLYR-dgzDjV1XPXOC06qivC4sFchgXgtEB2vCqTkZVfBfkXIk3vL39_G-BG2qoyxaIJOTIO0zaTDYEpmfaAoCl095HLrqShvoihsjKHpr0bfZrQQz_cb-eJa57LDTx4-AhvqLhWOGm4NgwPlG2Tj9xZfHTSJ6YRxloy2FpgMfGYqh-qY-k5131uP_xvN9Rp_sHK6t1bxkUJH1sKzuTIOT4lPPfIOTOOez7_ncb1oITbBiKypvRUIkFEcSiurC4wImUUgi9zBza6ScAHcKVPWZTx4omymqaRxq3e3znWdVxKFx3kZxv0Hr3KDywZVCQTdg2HyzyZ7vzKgabOCA4VcqrAPUFk7FZPBpJA6Q6My4GRiqBkhRTtkoDrtHJooMPmipBuw3cgZEyNNjFckQqgiWovNkOKfbl-qex5FlQI4RFVJqhXU5f4ln407zKOyo3JD5Ocrf8NKMeCp2sL0bMQVhyQb96xDuSe2v3Wc3pNB8h0-iHeGOfqLRpnQ0N8MKKSV64rvXxvRtisPZGivIKjoFPB3PM6BSMOdap_DSfJpIq2Ci7yC0pEai3JpJtVWug8OI8q6cEdxTnW8IXKOTLXwz-cJRVkdLwPfc_um-STrrTb-pe3_lZsE2siUNkxW9mjlcOF8MySMg4kt-hMqmgFH4yw9IQe-rWiL7IlntDGGsIoNwSWD6KqV8Ih6El1-RHYfp4pDOZbLRZR2sfACOwpt0fkgz8ju-1fFYzTHrCj44mbcS86z5Pm_SK0tAAQkEs70Yd0gdzocqIUHUaswsFMhxY5cGOxMSFwPDONRhtU2aiX-ZQ3VdO8XSAyR2LcwTqOyt7nv39oTfZR_P-sFYAIJg_mKZj-1WRwU8kMdCLgBmOtp5gK7_oxmwkTEJdEfSOaI6L3o57HcANiuuOk8F6zwdXpk5t375-kfAyK1xL65C9nN7kxd4JDAMFUvuncYUCVNvnQx4AUM82moKt-I6DPFmnja3su3C-FLZE0lw97iZ1dQIEwLdqqPTHnUDeIpttLej0jkMer2Mn--CQTJdvMjN2NSFZefuUF7jiP_BtGnDxfFw1KnEbgtMrm24g3uVrlOkHJ5YfI_pNVt5h&cid=CAASEuRoa_NUDp9SwKdqdzURLM65PQ&rfl=1%2Chttps%253A%252F%252Fwww.123greetings.com%252F%240

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

966ee1486939f4b7c9815a6ce8dd42420c5859a42efdbbd5b91aff45e0b1cc38

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:14:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1260
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3124
x-xss-protection: 0
server: cafe
etag: 4537136162986801320
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 18 Sep 2021 04:14:25 GMT

GET
H3-29 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20210831/r20110914/ Frame 2763 23 KB
9 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210831/r20110914/abg_lite.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5738c733f2f7b04e67edebebb67f01a2022d611ce73cbbf9ac15aa8186c6613e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:06:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1713
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9263
x-xss-protection: 0
server: cafe
etag: 16747441857000454541
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 18 Sep 2021 04:06:52 GMT

GET
H3-29 200 express_html_inpage_rendering_lib_200_273.js Show response
s0.2mdn.net/879366/ Frame 3061 114 KB
39 KB 20ms
6ms Script
text/javascript 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_273.js

Requested by

Host: www.123greetings.com
URL: https://www.123greetings.com/events/dance_day/?utm_source=Email&utm_medium=Special_NL&utm_campaign=SNL_june20_events

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2bc98b5956d216197013af35c909aa49d3aa7c26b48de9e9930eb4bd6b846391

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com
Referer: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 03 Sep 2021 19:06:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 34116
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 40185
x-xss-protection: 0
last-modified: Wed, 30 Jun 2021 20:54:50 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 04 Sep 2021 19:06:49 GMT

GET
H3-29 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20210831/r20110914/elements/html/ Frame 3061 8 KB
3 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210831/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BbBMZwxg8TqUZ1CHhB1fLVZUB1mqkZoMGEDfgX-g8GrSG1LjIZv5XlvQalovcbGs6VmtqQwG_9WE3I8EQ2JNTUtnK0Tz2EQenEngrEvLJhR_uCnWilXX18UIOB9IGD6jhm021Z9tEqXHXIBy8qfwnL9sfPVg&dbm_d=AKAmf-BJhRafbprHIvY3tWg0cZTxi-GeilWSBG1lBXuOHdKd8GKro_gcZvZQsNmW-Nwrk5FmNDak_t86J27_f8l0AzOlSBM3sqBTYAZRv-qS1MmyPdT-N5_VoAFQtzrYk6WbxvjsTQNAWDmPYSD_ADVYQ4FzI1cb7_mO6dp_1y_7O7msAhS8ZnEs-LaSmKp4b6UWmfZybxIcNtPZ3BCGObjTPIHCVrkpF7F_VV8usK0M9Cr0CWLXtUbt3Wq_Vzl6x_yvQrCDo_rS3yAl1bDtZ-fGfWkRNnFJv4U2TRhQNYCX-JeDYdFOy_3D_-Dikt-hlFUzc5VxQxVq3Kj3NFUQp6b0927gIesXEpHmnRCUN5oQxkbIwfcUstqWxeXgW2-sLDnnPoVgJ-S_7o9_ZH2CvLdx7vE1jbBHpqPCO5WTcGqMhLkTKcgSOP7CKo2nhFA-CmUkQKttfxUygfgTbPLZq6ADXLvi_bxXUJVHDyzpG5V7Boxd4w6timKGgo2OgRKLAhqLszss6FdzGPGRwVcyJ9vLuzVUpHOu5IeW23Kf0gbuy_EiDwcLYKvdL9rgJietsrQccdBAz7990TTHmuNikj72C_xwbJQxlx--HGMD-kNj0YAiVfkRdjvkXWtNh4KlDqbxoyTU1sVt9SLBq_R9stAQgueJTTyMJs9049YDAB73jvlOz82lz7IJ75ZxcolEq-ZXeyKAcmxAavpz6v_WsGMKIj0NWnRrV9IL7NgIbeizqXjnW8vJ1SRRuLNfdj-7QCNZd8HEYLqNGy3V0snVr_H5Hb5clqcsoqkmlvSQkigW0SUM-qT15MQmvckKw2LsCmMnLb1PjJNZTtGh4R4KIgFh490dU7RcsLxni86JGqjzkRecdjnI7V5u7_g8MWQGj-StseGaNC3pFmr6umx7YmRJfOD65tt-4wsRn04B28iUGFHTANTZ0TnPIRgpEmZ1aBhtgh8Nl3KSsn1Oh_WmVch0n9UMBZ0wEpc7CV0p56sQruEKbtzQum-jBQ7VdCeS6gxA-6tyNuiMXZyYlS8nWiLxFqyzmCndoV4UDNprec4gIEe2paag4lnQbx6K7ffe225EEw2Kvv2N6VXo_FKFVFhw5f498pgVb5X0R8efR-ANIUoiT6mTe2zcmkJ1D12KTgy-E6JouQpPw5q9NceT_ZP3Bxn5qXL6IUxy2WuG6y0XC8mCtpNxuYBCmzYLFUU1FJJgkVaXoB_t8g4Uk2FofDG7oW1KXbfIRfTzsBPmhvZTZj7N-ydBe6qGS2JiaNduWzvjnAhQZm5a25Y5-adeR9ax8NRGZdVPhKkClZVaOt41uKbEvoTF8qPAgBPIlMMTP84z1qoCfHPYW5Azm-hZM8LIyixT0RiobIdFRpySdKzrvt7hgJk7t2Ir43PjguvtY7sOvLdwH7rUQJ46JnqbT9G8cap4mNDYwQpqp1BYnVXIZlVSj9_zEdJ_wEbHFfRgbQB8lJyFms2HLdbstfWCMyWiV5zGO6jv49Izu2BcgRBrp3qqFDpLAjD_fC2iJoGpTObVDCnknujwbK8aS5-CtA6ILGq5XZ3RuFQOcOSpZfmL8aWVLPxsMAgeOx_oPeXM1EokrhDXpU3KYSC6jCDlt34NfjvD7IaJOKRIntqxMJ9fqVa1Jmji1d71TzpU_TR3R1K8T7ZOEMPrByfoORmd9M3zKITqngTi_aL7xjttfuRHX0uUWJAOomROQZQ-nWkTeRkmZp58_zqSMG06w7L4GDAYMZ6ivtEcGb4jPy1w3lvCuINaNipOyvRRkYRyDvtyZ7-tXxz9OX4d0FfYWSlkAM0IGL8YxDdCMKdof0HOdFw4Ijo17emHc--KTKzEVFZFP0uOxifOmEieQ491Sj_O-Ch_qWuSTQnl3VG5swUXVk9WLn24k6mKgxRXeAjSIPnvTjY7Ep3ep1eZr7QOvGfgJdDeniuaZQ28u-Caj3PHdhiYg9AeRZYxNe5nBuY83xuGYcpTBsU5IZjt_IvlgagJ0xkycaQVPefNEoQzzplLlooW7-e_eZZq9hTqORWA4A-p3gMB2Yjj5svKiN50ESDbtePhqUMW4izrTSsPz0GPQXSY2g_2b0dsp7V3DWnYRgLeZw7K0a6_i4oTWmn8BHbGMuHBfpcW4-OwN3ikiei90VUMu73KYHPpZOfeC5gzjRS6Yg3zJ0sWpxKtjcoX26Am2U6jxdvLZJnICLD6Cv0qpcP7tbQCJEGa4SLIHiWfJqGwLANG29cGIgB03ZQo4v2QOMp3uKytICxoWN91C_9Zt5loQ4X3zK1yI6DfdNvtBJRvJ8K-HEB5aNk4n_5QgjGiO985YC0Hc3Mlwri-y_uxF6R7EKp-VmcAtEkvuxZH_5npi2xg1iKO3-x5rScW_t3j5VLGQTeaZHhVn1Z8JLD_NiRXKpN_3VzCu_CqCj7VsAoikKI7H8jo3jiFC1RVDgCsumdi6PB_pILU7fTtuySTwF4PokIgRC8EO1LoKohT2QiY6O8CuLxE5DLVqV6fYjcgRPb6UBEd18EKLibu4FjryCsg_J0qnZ-fmaVl7GwfyjqxtYYSKsIx72OxRwxrntZM64UNpjky9Ht3Y0ucOn7yKKDhaZgMPWjELqYFTtl-a0SvkHSilXfIf1siUjWQCDaHNb7_6vWgP7YEKqaqktlvm8kY9l4teC0QyscdslI-nagVph4u1pPpG49r1OgTQWo9KgA9F-PzEfQwiK9Mgm-hIoQ33OQrNl--3sPUaiFNhtniIbMjrnTCKnr3pzEdicY8jdrwaD4oLDu7AuDFH6HPcy1JZpxHkRarrKL-U1bS7LAqfTtLkXY5seGG7x7fvw3CgRKb-Rzg4-7tSsAoIVOcKa9-daMqXmhYHefkATfdBro-7409Zd0pbQRu5nVcKoBUb9yNvv7T7mOYcSpg4WSdYqhIZDj2WaM9fAattyt6iKUeYxDL6-UuXAGAxxDIXsfnb3oZwZjKT6-W55KXdwbjFhhPwkgfd8Rf-v_4Zl3u3u31_S4Pp-C6hRB35g8P1gmlcshHhlivgSLOYKsz4xjkJXS5FJ5yQ67EOUX43NsMM87R6fYhswa71jw0VGlkOVe62lJ37BxVr6Bb2RRR-umG89uTVKszvAXJHA6MMcrSbqVYvnBudOhWD_037MTbfVIEbp8Yg7UhyDFqITdap1DjmTGKkp9UlmdwzX6pOJ3hDW2S0rsgq47mXYe4&cid=CAASEuRo7iqUoIo2Xu8fus6tb1BPpQ&rfl=1%2Chttps%253A%252F%252Fwww.123greetings.com%252F%240

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

966ee1486939f4b7c9815a6ce8dd42420c5859a42efdbbd5b91aff45e0b1cc38

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:14:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1260
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3124
x-xss-protection: 0
server: cafe
etag: 4537136162986801320
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 18 Sep 2021 04:14:25 GMT

GET
H3-29 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20210831/r20110914/ Frame 3061 23 KB
9 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210831/r20110914/abg_lite.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5738c733f2f7b04e67edebebb67f01a2022d611ce73cbbf9ac15aa8186c6613e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:06:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1713
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9263
x-xss-protection: 0
server: cafe
etag: 16747441857000454541
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 18 Sep 2021 04:06:52 GMT

GET
H3-29 200 html_inpage_rendering_lib_200_273.js Show response
s0.2mdn.net/879366/ Frame A514 169 KB
58 KB 12ms
6ms Script
text/javascript 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_273.js

Requested by

Host: www.123greetings.com
URL: https://www.123greetings.com/events/dance_day/?utm_source=Email&utm_medium=Special_NL&utm_campaign=SNL_june20_events

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2cff7ab03cb4e476b49ea05511c6cfcc71af6d5ed20d40e9b40ee31062149e77

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com
Referer: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 03 Sep 2021 10:43:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 64327
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 59842
x-xss-protection: 0
last-modified: Wed, 30 Jun 2021 20:54:49 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 04 Sep 2021 10:43:18 GMT

GET
H3-29 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20210831/r20110914/elements/html/ Frame A514 8 KB
3 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210831/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DdE8ry0DAMHZZyE43AhsG1tPWHbaixrYOljhRTnZmADvwo2bqBnJEJ4Rik9D0XpnWEkIbfAP3AQkwE1dn0TMaj3Y4lizK_L7WjIWkBuJlqwNLSMuE12iRuzf4gQlCRUR914aC7AFgrB_n4rKVmgb9yzA1R1Q&dbm_d=AKAmf-CLiiInipsspdoIPaxJd5tt9duFPKB2yJ3s7FlQStAjC7exPTj8Ta-1U-QKjx0OOo6kwbtzolCIjgjwXGud1_n1sGR8Z5kLxjWjcvRahFaRO840WeUv2hXmtLns7SCpJu_W6Tsy2lC6tmFqYOlQxOwDEP8iQvHY2TqTPC8LYBvL8qsZQaOgWqSkwCgqY6pDd_hcHZKmRwAvkmgqgwLhPf88ZFE6PQEVRMarbyxaG34u32y9W2egyb8wME6n9Ebha87lpsagUA_vD7GsDKlWNrET3suVRCtEKQwOcb83otG88EnRBhz6F-Fr89PBx1h_rhikZB3A69r7l79boVDx5976io3DyvU-cfxGXcenGE44BrAo2fU6WcdPXVLaF5eaTtGVFs7aJBZZGbOOsHrzsr6rfPSf1swb0amRHGWzMTKxC9Hmmt9jLs1dfjos2uGusgYxlFPpfFvAsJG_pvs-Xp7NqCILL93RPzGU1aCF4nal-XOclIR7NwrzbmHXBeaDnjmRscQr_B35Nc7_G3Oee6j_OXOgDrErz9SheUeZU_nCQjxlP2BT8t-8i_O_7WytyVGi-84xDCgXhlxy25_2ebTKtQBQHjMXytZIU-CWt1ahwnyUpf_cbtUguiRALKWMe_VTeQy3IHlks5nZcK8b1YSGEHDI88kEH2v1ikU1Sl7_ocgJrWmCGbYYyJoKpYbDh3JIn4-r6WgMdrz74Hqq75uWw-dsI3QXtjwWHvMF4PM0GocLqF1OP86XkjbNIh0ljbgvNDq-GSgDdsIWacBDtH9-6to7FRc67rCZPMNLdICrf7JPKyFOQukG7VTONpbPVEOlVOBnWbvdD5_mBdlrHNo-j1TrDh__hekSDA-ox2Drb1NckNrv9LwRJS-CUMmNrnZiTUocXF3nYXBKG68bFX2ZGI6RsNtLVfyxreMxp4pRe1xJfjYzCHNpqyYdPa3zwggAshY-FrTXluxYqYhIvQqLovjXbxswmwtnNKtSUpi0ct6X7f51h_JdcW-PrB4_lfGer_OM9beZjHFXZ6t4ijaeOxXhAxtIL2FgvUl4XorGDjjTPGWV24KAIlSYC7GFxEWzkNnbivzSFKtyRzAcKk-TxKRLUt7S3BLbcSxRs1wjnuXlaoWAUbam7LH9--sONc3_XxcYkq2mT4GW8W1eWUPIKqJQUKeJuUhi8caR9Q-jamJNrN_usl03PKAZz3KmIZRYpYmj429YVyR03isgFGwf8Ri9HOsNPyA-MJwoQ5pxJONJlO7JLYydjzqM9VbdE6Hbv_OE06pxgMy0rohJ9cjEDffxW4xgDuEgNTyXogjgXSuw12Xl1Ll_Qzmjxn51RgDJ-EiCdX1bpkozfaE-m2ohjlCwgz2YOzl5AO2aGGACcxrPl425n0NlbyIg-d5m8N8XbU-tiGpsgqHp64ThAv1uIzEY8UKoG86z8rLVDoA5R_kbud4HOd3EFK88neQLAqNbKRt9AdAR1wmXOVCtJJ-xzocg5qfn8qdKUj0HRWZbiuXkTA1ci2rwsWT8e4ZopmWW0L2RtOkgm1D1Rd4MMvECLFwe-HNArjDATGhYrM7ka1obqg4664hRk3RFyJKxf0JaYlJyZjd5ffTI7e_hqueNJrGxFgDO_UiCifoZcb-eAkZZ8ylIN_OmcwzNhEhza_YKQBlyRK1XYHnFvyY9Ok17dgD7jAD5Eb_bV7CWrghgcCrKx89CMghmAYAl3RqPOUifHVvbF16FFj7fArSC7ggOZ9kBAFRxZJkNFnfz0ChO03yIuCxc4gisPxO5EMk2dJIXlZY4yG1Va29VEd1Vj37CWq8XU05QSUKKyS_2SDHjy94iVgUskbT0gUdVndnnFYNhX1tGQA2TF0sRF8h2XVeGvuUEPHmGxYT2t7-ucratzBG30JswfvkA_smQpm3AGWb4iPA5B5SQ7il1GZuBI62RIFEkrQNQt8oTfPIaOEHe4Ff7LEg0DXUC_SEK8JMmoNANqA5UlrTuo_HOAuEAa6HbwqcdJeVEvtDbCRu_7WeLXQEdKw8TVZb51D4mKLVZla-n7YxvkwA69ArgDwRzVuS6wqaAF2x4kFEy9mcT0GLBCpjhlkaHSlK5DD0PyYLDwKWmOo-rYZRJz2cDryW39XyWoIFAzc32Nnne3LJOAblHSJUG5O2XGbpuaZ754W9UBLLB4w4n_Ip50HWYpgKJBnf0fmGyXNPHJr8iDvCdJf0Fowyf6vLtz8NFBziYegF2AlviZDkGNugdTxmfdD0-lt_cNx1Ec07DflFdY5kFojpxN6O2h3vY_NH7Hx5PfIiNmv_DdOIe8jsOuwrtVaM46_sCwTWksrZfJ_ITl6I0A7sShOkDNFffGP9IafjIUnUj8hya3AUDiO74jm2ZsFCm-LPp8AKU38aQvt5yHNs4PRTlIupVGYBkYSRefPK-6ThisnSyEmHa-HIb_xcxbSKNgxrpBWRMKrkCJ222vLC4JSpic97zUfi740GRQI-DuUASV_4p2fN1N4HW5oSobgqK5R8KjAFawp-Qpql5tjJX6GF3TOMKNMFXHUi72D4s6OErld10o1WUns27pakzq4mAubtv8Ov8QfH8REldnk5udB12YGwMG4f2QazJgACT3JQUxAcsFXpXS0adySHJ-anDrNKLbLzhBAd7FT-r2xPAQf2lpQONPnPo-5iZDKEAYBzu2IjiyXb7rTzU-k5lAVjyFmfbSnoqyZotV8krtHlUA0jVIHt4NdoZqrvgYUKmRjwskwMcCUI4FOyt0Bm-r3TbMeuLXV4GGOVbfkEr6U2BykOnrsDWdkxCwocGji4XJGHbZp3WIWjFPN5rSflmYB8j5hL9elNuA8StqeGwIKhTOj4OGun7NUTpOcfoneNZwNfxMnacGs76njOj3ToMEt97Wzv3LNCcUYAMVGbRjb9nBGtAn4Yp5-C_cPipwdwitcOBo_7UF3u7oCWzLd3NsTB3wrS5XWd4tIB0bxlUMi1Luhjg7dMFKKh59K7mjhSK51p9cPMJtsix9dRw2f5Lde2fJf5DpXgvQojba-DfG1mQhIbTcRPoZUiILXmg5pM7HcpsPdRd5m5_7fpvu48owLaepQ9v880Ap4I6lF3C9JxjEz--MvZNzSy1cvnn3UBvkDxyV6Qxbc6-N3RAwi3Q9KLVSHwo_aMucPY04Qklsnlwg_1PrwDrAmOvYSMnYKDvYe1j-yWEni37LuJ6CuzblZyW-z1O9RtOxM0xxVKTtgxFPxIqZNclGBkmEjOXzV5hBsxRQH2j1Qyz&cid=CAASEuRoHuin9-Uuv4RCreadAfNlOw&rfl=1%2Chttps%253A%252F%252Fwww.123greetings.com%252F%240

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

966ee1486939f4b7c9815a6ce8dd42420c5859a42efdbbd5b91aff45e0b1cc38

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:14:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1260
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3124
x-xss-protection: 0
server: cafe
etag: 4537136162986801320
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 18 Sep 2021 04:14:25 GMT

GET
H3-29 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20210831/r20110914/ Frame A514 23 KB
9 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210831/r20110914/abg_lite.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5738c733f2f7b04e67edebebb67f01a2022d611ce73cbbf9ac15aa8186c6613e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:06:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1713
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9263
x-xss-protection: 0
server: cafe
etag: 16747441857000454541
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 18 Sep 2021 04:06:52 GMT

GET
H3-29 200 express_html_inpage_rendering_lib_200_273.js Show response
s0.2mdn.net/879366/ Frame A9A0 114 KB
39 KB 12ms
11ms Script
text/javascript 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_273.js

Requested by

Host: www.123greetings.com
URL: https://www.123greetings.com/events/dance_day/?utm_source=Email&utm_medium=Special_NL&utm_campaign=SNL_june20_events

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2bc98b5956d216197013af35c909aa49d3aa7c26b48de9e9930eb4bd6b846391

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com
Referer: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 03 Sep 2021 19:06:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 34116
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 40185
x-xss-protection: 0
last-modified: Wed, 30 Jun 2021 20:54:50 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 04 Sep 2021 19:06:49 GMT

GET
H3-29 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20210831/r20110914/elements/html/ Frame A9A0 8 KB
3 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210831/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CgyL8juo5mN7xTFyiPS3pFt1kmwd1Wx-xoSlJhBSqViM8-CVIP7KJX9WKsfyUnY5tvzfG4ExIiuyMV0gI3G0ANXWK819NZdcYvYPb57m6RJ1GWfL93AHjl0LkAxQGEMPvo4NhUziY_73x7ZZhap7bNFXZEeg&dbm_d=AKAmf-CKvAM0hh8M6tfe1MNsKp_PiR6bZzUczwuQOUo3oFrodrsoLM46lHorcoujkhDFm4IkU5nm2CEaliX_uzN6q8Q2AIEoZTI9N23KJCrI9aDL5CU-4e_OuXjVugGwYoKR_MFOGjMgarg6udMW5EWh7udCO075azp5MKBt3MudheHwZdgmKUHhm3kPwxup73lbK0Zt9TaYwHCHwXxDkCSsV-T70zlVPPEcst-ZtxB1ju8xtDiRvq466FOPmVt90Pmpq8ycnSKd4QZX3scLLkVNqO4tuqQ5EVPyLn8EWa5NUP9FQGlB635o6Y7hOv7p2tL9Hy-g2ffdy0Jg3__TCQMIc25sc1Z-N3PYhrkrfJWs1ui5uHjt-kw66n-sjtPmmwqz9qokpY2MPPPJZVmkIXJ7xP1kqQrX3R8m3iZD5yZSb3R-_B4-tFwBmM3O5fCL--ULlcfXuNMSpcOpcIv7CdhlV2CSYVRTjhB_Ocx7T-KipeHCsXDVp9KsguCAzS_lfD7hBTv7gvMmqVlQMEnn9ZrumfdiD3I-lGBfE_UCyU5AiAztziqa7PhJZ7-TpF2HCPfr6cQP8oxUJ03AaZU8FaaXflwSBZ58IUGAAy_DBk3mhxGJ3k1Ektn_UnI7-0x9ZXYeSFfzgps1X2-bZzwG7rViRr7UJrbhITp9l58Y_uwy3EAqzbZzcn_cwmibjxQfyx3__DNmfmd9TTd2OXSdfJSObZn6ooPpdhGbPRwKXak-Dwf4Tx201-9DjrM7vmOHeoGsQWcNJI3VN4Cqd0PBQq_EL4z0YARie-9IqHlUzSBq7zXbtJc68095-LMA77QfTnivFzM7hGIbus_7odUcoMcdJRckc5yvWaZsyn0jYFJlR3BgUgHYCA23ED99A24xNynIiqzP2U-VQzjvVBIiWMxHwE01y_PbJesJHEwbtrIUFRWS1oTuBn4ITvR483fmpzYwLtoomPvFv_cApl0yrifpMEc6E2DCPyESewxWmeaS2NlORkPhoA-ZPcwKpFAFhaEjoNKwUAw1W_X8Q9oAJscErfnKBXiNlXIkVhAux22qCywydw-Plcv9L2vLcut7N4MXJ-3CDtUnbuqb70dNurRbPDUAHDxIGrQ3QsHDbe-kJhEMMstZ5gvzzhZTTAvc-DmKnoBl2rJIp5YmYOyznHL5-ROmW67Yeu_GYhTwEmC-v_xVve470EJFxsaa6KZ8Y5C73sqZ2oMOa5to-dhiFKB3EEDJc1tfF0WgEmR4vbscpBR1emDKnqrJxFvh7DjOS9AcKE8vvK8LGdB6ApO--_tywPyQMDaqwu6GEQ4u6B-COhT3wLORWbWwVipe9n0jbfXd2J2wpcbUsmo5_8QIG16UxsK_RdDrKP8wSrpkxtLRzntcWe08iwhhg_DwdR4b8SM4_RrM-wQAO1Ak24I3uu7ow23lnyjJwjgauXTDeVwbXDhAM8-S4V3GOVlZJdpI2OriXIGiClSo-0_4SrB9lGa5ARrcybHvYiqAuS30PLrXfCeMzHp3hRBlqFMk2zqPMyIbn40RZiZDnn9mHLHkbAVWBm5kmrjKOIUx0UlcPYwOZoSETvMpweOKNnq96ik_7dB1CmqtPMnTxUkP0vrRgmBPOme9gccUuosSacAvepNG-RLDxj1JVQzxk1HK2VVpqXpzMQ3P8_mIwzPBNgpNTX_EbhRl8vzksnes_p_2Iw0rS9no3CMKacfdDuzbapV7RuO0PoW_zqf1i6Dt9Hd7x4Rbq0V99eYeaOcflty3nth9gKFucsvUNYpQtTLEbfw1A_XBypQAcV0a9ZROrrZDT89jEYeJbAp3XlrFRo64fnLCGfmVRE4JvWou1i3DjSvHQ1kkcIjl4sI3TdAwg-N0o7zh_ZAb0UidzKjrtnbKct69U1bfTxdPFdph9srIZ3PWPaGrjdS-ZR0FkEqQ32rn9ZDNwQ7xFLjbqxCiQEnhTbGlabkxjYX2NQTeZX1gSUQw173IJGYFs1XaX3p_tAVtXcIqHS5U0jUU1xA4nrX26uCNI0Y6AEpT8hQ-CL93IBWZDY9X_TIvb24uI4cvo6MuJXfoi7J_VkBTU_AnKOXBCKVc01ItKkZYCjlYScy0ZVbtANoHVOvCh7IhiUvTcEEH407d5WoPmSUq3FgNBTqoiLqA9N83k4zeHRHj5K07DxK81u6MIahQpphzDXMwiZ_pcJw8ISKepoJMdz152EJmmM9KK7YsRfZ-7uZJock94k1asEFG2FLcKgWk9oGz6vS-4m0hcIEtMpQ7VjJq58PnzzTS_PVgIZP92sKCqrjlYrjOFx_AxKuTL3_4tnDOMArLNbpEcMe6N_-RZmXEbG1UxBse2rYOY_tASmsEPzPzDY0aujLMewt-gNdQjT0j2C5ofRlAew2rFs9_QKTP7M3WwecA2y-uEu6qpFXew3iAhTGU9mE7Xwlc-DQPO0myO3AeVGJRAnXKuOEDkROdxvwxD2N5HwKRzrW5bQdcsBoA44somfu7zlBIY37PJ3guFl99qQSz0vKzRTKlhABD5qPXfUyoZe_KFJUgyhDEhLIeOnESTsF-mOPW2FnZxM0GdGXo9Tl4BHUZPJfQeJKC7mbXX09GdJi8qAx0XCQMEKmfVfF0dWEEYYSBf3d5AoCrx1WeQO5Lm3-ko7f2ZNr37_wW5K2GDl94IU0Z6n-n7jYzRdNHyZYPYSx5KLEnP9VbNx1PDdZQKxGGwCG_sf9v_MOwndD-w_NDkHIHo2ZT9NYldp2SxphonNHX0q0259oGXEKZn2My4LuN5PCoQJCCwjMp_GhYNDDov6jTSHbEekQX2F_gVzjnQIgLWF5hulULw0yTE9_h3nI8V89IpaK9BeUgnduv1S79tqhJcPhWfhiQqlXS3COOED3Re5DuvgmnHQyRcIOz_a3ucz91752hwDoX5CUPAKjOmkpax6kexiNXOBcEeavmXU4UKml2ppStoFOgY731ONvWe5_yaotrBN2IQBvU5oP-pKXEVCY4DS1XFmyjcH2xi8XUOfTUOh4-ITk_5TrTo-4UjjcXncQ12Sur69JKtS2NBQPFcmsB5hG8es44wFeudDNhCj8Skaa_pfDCFiB83MDP5q_SMBoLXQnmxhL2G6mX5prOzEnTGOE9olLLwVSmoKFt3K3jx4_ce9mGNoVS3JSfs_saRvGNuJYfpurYM0lLQdWPaWpLgHK7GY4hRAx8fgDPqDaE&cid=CAASEuRoTKpo0_gcql_luvr4S9nMhA&rfl=1%2Chttps%253A%252F%252Fwww.123greetings.com%252F%240

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

966ee1486939f4b7c9815a6ce8dd42420c5859a42efdbbd5b91aff45e0b1cc38

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:14:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1260
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3124
x-xss-protection: 0
server: cafe
etag: 4537136162986801320
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 18 Sep 2021 04:14:25 GMT

GET
H3-29 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20210831/r20110914/ Frame A9A0 23 KB
9 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210831/r20110914/abg_lite.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5738c733f2f7b04e67edebebb67f01a2022d611ce73cbbf9ac15aa8186c6613e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:06:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1713
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9263
x-xss-protection: 0
server: cafe
etag: 16747441857000454541
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 18 Sep 2021 04:06:52 GMT

GET
H3-29 200 express_html_inpage_rendering_lib_200_273.js Show response
s0.2mdn.net/879366/ Frame 8759 114 KB
39 KB 11ms
10ms Script
text/javascript 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_273.js

Requested by

Host: www.123greetings.com
URL: https://www.123greetings.com/events/dance_day/?utm_source=Email&utm_medium=Special_NL&utm_campaign=SNL_june20_events

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2bc98b5956d216197013af35c909aa49d3aa7c26b48de9e9930eb4bd6b846391

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com
Referer: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 03 Sep 2021 19:06:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 34116
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 40185
x-xss-protection: 0
last-modified: Wed, 30 Jun 2021 20:54:50 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 04 Sep 2021 19:06:49 GMT

GET
H3-29 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20210831/r20110914/elements/html/ Frame 8759 8 KB
3 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210831/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-Cad9LAsGn1WKkfwVwDoeSMRsVDgnZwNDIEKaBWm5E34isF_E-SAAl6F-Y5JOzZ7tmiL9ZzNZLUFnEUCnREqxENufoHOMb3XwG0xkANZz4sDJucb7VdUA0bB32Ha4mb-u7FBlwVRUsRgQgChn7ZyoinNKP-Gg&dbm_d=AKAmf-DKgaSjTRc_eHbr7T3kh-WpM6QkHPXNfeL1iN1Ix20z3fQ3XE-8gHoKcoPJfwUVezrmC4njm7wVM4NuljoJ541Z9164JfL5EoKitMH0SvDXgR6jEhRHDXF7bRBxbNXLZj0bKqDSbL7KrGXTJluFS5TirKu9YqAnIuhtfPDFmyD-_sT5gEH6APmz2If0V_FZVEh1kktRg3E_erzmeKMHUeJ3pxtLI17ScsVDUo1oHigEtb2cVCxNokAfnM1NsilH_dKu0-AjREWfh4_qjACzC8Dfu7S5hgRY9OtB-ODzb9ODobRw4vMW_rvnKeSMzmx7qfOM44YvJxkSKcD6GMKjhTcU4wUiGwRZK2WmGrygWDSQwSruj4WsmY8mS4uVjsd4ljqk-1EQifv2cfnUwO0GQ5cEL0tgxRS3r0IijtjlCRtV-4Nr_675llurcvjqc7Mi8yVhNFlzvB2DXceop3e42lizGrlhXxYaJwSivCMxj90EkwL-z_NWX8TzAgTPOqZ_4ZxozYzuNFCNNacmTrTfXHjrhgOxWLGZNsCrth2YJF2tcckFGD6dzcj_s8XP8JF-QqxxNGE4JSBRt4CKoc3e7OlyICcU-Ow4yzF9LYJizF8_Uqa3e_IAIZc3WocUKylcsxm1xp5Cy-M_G2odyBw4JSOczyse-3nOH77TCrrr1Pk1eokEUQzbKcXEBQNibNVUDxcYiwNxvX7rmUIFzcNttu9ybu_dBrEzPZE1nA9M2JmnS5CFl2hzUYlm36lSAEkT7yvPldrOz9xk8QH1NK4WzPwA6PnJNuS_HFN1ti6lyWhz9MqImupc4zMDltaKNHZ8q5BWNc1SZqI9GJH-pJBz7FLw_9HrB-FpdJnXMzoylz8sjHWCNcW26BIUvC2WTFCiOIqQsLHZgD8vSJ9NAqzmzcke9pfPPTwTrQ52pRJMyt1AoScYQLZOz8cQof9pIJlZx6a_2DWZQMZdWj9I_MPdyEFopocOUnc21MlMZAHDFyOkneZxCdvMtxHz5xW1F65i_rc1So1vSjepXFrLCLL3H6qZXz_Ssg7YJsfrnw8vSlfoOq-NSIo2hCbQ-1UahGVcqUGgQNRzBvPUeGJC39qUAfYKOL10oy3w2U1RMobTwpDnIWGd-6_dnnx1bnAcw9z6J8J45x8EnWs60aBB78mbniDSbEzc96GkaUdBF2uhKX4MmyFNMQW-u9_aqqfeBBSEhlyMO1KdI0REGZno2Eh3Jt5IKmh1i5jlLYN2GcsPJ4Fr3c9XokWnDjfoJo_8QqkHwrnUgcHlSy8bJ2_ntUnhql7FIuBB2Jlu_Y1QfGeXBH2V25q3cTXBxVEV8MlNky3OwgqT5Mj59umya2e7dQAbyQZOeOGiuJdbrwTbJmVk3htOfd-TcVb5CASl6zBlpizTISqAwe8jVH3QnQCV9tlcJ4Mww3DQ0Ey9j7CyPBjQJAzm1MGM2F_DSvGypFW647fOYTJFRGGZKIUD72u1W9IN-F88h20bzE7zJ_1OBnYAqNSW4vU1F564UQ29apZWbQhV3yz-tszY3xVzH5ZOtxyLTKbyYollD2xf_PuHw6p_6jTfAbOqah-kfVJryyM3R3VKwVOhrjZG5FlQnEcje9saJ01DIGlDau6ngNvoYIMcbaY4fjHEKnU1R1eXviqnRrbRrEM10e9pQD77pjnU4dAA4VprbE9BnAypj1SsEwA4ZUgeFI3WhpbgBTpcSWYuY0JxjyMzgM_MoEODjDUDcaq_YRippZA8vbkuD7yxlPhb6szh3lli2iqgXnRKuOP1-2C9NAk_d2QOiUl6Ag_HWRqvclPvy1KSiK0qPFAjjZC_2BrsB9YtgnxbKz4TfRuQ_ik-pM3tlqTPhcaVCnHwNhiPCD6JPT_ADksu1ExYphQY352azO4a3tWiB8P0yOHys6sbuddBe5k9aA6jbDTBXCrmHQ5PNkvy8Xz7rlQnx2-T7hlaZ759WXv354w7tumlqBWAOeJxyN26ECokLRa1oT3_etetNoK1u7rYuuL8ujHWlu8K8XlsNq1b1pYKpeaT5Es9oJewA81xGf3x2_LlqxtE_P3Y0g8fX3dOID7S5lTtDTigYYaKt60Gf-EosXCO7KuZpvbgVXnpN1sozzUTt3KJNBM1Mx_ZvILfy2zT2UiL_mk2IMAFLxE_5eDx4bZPhaz0isenkWD-iVuoLiHLsphMyhFs9bD74i_5h31gNed48ggMo5yNxc7geMGNG7Vb6te5s_zMRF_BPxxKgKe525vEr_mmSkULdCsKx70VDuD_Z7m5yu5tz418J8UGwOZ4andlF-a75yINp4CSBgSoaxENqs-MOSzoiTPwX-LDZJm3Wzi0WCnvQkDCMqxWyIv4IAl3rvYnEP8FXaCQkiYNFdJihLZpy6CHBmqKV7Nystvo7GvoTRuTGwJsBJK6xP_wwos1lXROStqy3NUDOuYMuoa8dSnCzlEaN92_-RiXohXk5JdOzXwE39fPSGYu9JnfzDQ8fivnkFbHLk_ZbZinUKZUc4eDUgaGmhJwFcF5IH2vhpk8k6eHbGqmNLK4t--SgT6XSi5w6LGuAqTQDvU97jT1hyVw3ureAlIWPm7VmqRjp2z-yKQOAgSA076mgy6N7xeZeuJDk2Zuenxh3k_V3ZsTmFc4KfDXGtAb57b5wVQ-L9h1-G9pK8vCjTIG39s0RR_B35EIxaPxGP_ITFWiZCeFermHW85FQcgeU5hmPFQLk64ipwxpgdyH2hz7gac1a7g62ri7WDNhFCs3xFtPwLsz1kGf6jjp0uMTx1b2vbcUJN3NWMKB2qc3QH66VBHxg4_AgYNEBs-9l9Cpp-QFbXiw9_23w96ObKgbC2AjgMIPy6gyaRlLV5FY1HEqr_1U1Z5CiMFGT58Kz9ICAfQgDejbgL_BINYTKoHvoeFU9gKJygeoXaKt9_uuF_kGiJes_zWFHE023FCXdRYsbn-XgVFY2P9s8EVFhq_zV0bz5E26km5F3-RvXdgYBFw35fwcsfI5_Hf7GFKvZ1JHP1oeyMPMmqckXCp_zozDH1jEOcrNrqOZHmY5kFEFyAxDM_J1wUIq0lrCf5molCnBJPmOuoIz_s14HS19NuFl0XZ7MZJbDFa6Me9ylWiZ6FYBDFxEXaM1w5qV3Fw0r0p9s9cH1y8fGBtQ58qcdG2-Ck1jDjlSfEDodL-MfDE&cid=CAASEuRols267zHqG-ryYHFjPX2vCw&rfl=1%2Chttps%253A%252F%252Fwww.123greetings.com%252F%240

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

966ee1486939f4b7c9815a6ce8dd42420c5859a42efdbbd5b91aff45e0b1cc38

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:14:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1260
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3124
x-xss-protection: 0
server: cafe
etag: 4537136162986801320
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 18 Sep 2021 04:14:25 GMT

GET
H3-29 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20210831/r20110914/ Frame 8759 23 KB
9 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210831/r20110914/abg_lite.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5738c733f2f7b04e67edebebb67f01a2022d611ce73cbbf9ac15aa8186c6613e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:06:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1713
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9263
x-xss-protection: 0
server: cafe
etag: 16747441857000454541
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 18 Sep 2021 04:06:52 GMT

GET
H2 200 pixel
cm.g.doubleclick.net/ Frame 17CE 170 B
243 B 31ms
30ms Image
image/png 172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=adscale&google_cm&google_dbm

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CL6Q0AIQzafaAhiJmuiZATAB&v=APEucNWZYje3XCvZQRp-tyqPtF0rdMmpwSgWZRUrMFxSh37YxTeTEdK6JmPLK-sWkBOmOtd25RSfrkME0TDyS9HvaCPkiGWp6A

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:35:25 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 17CE
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJ5LIJT1SABij6jZHbNxXDY&google_cver=1

43 B
1014 B

39ms
38ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJ5LIJT1SABij6jZHbNxXDY&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CL6Q0AIQzafaAhiJmuiZATAB&v=APEucNWZYje3XCvZQRp-tyqPtF0rdMmpwSgWZRUrMFxSh37YxTeTEdK6JmPLK-sWkBOmOtd25RSfrkME0TDyS9HvaCPkiGWp6A
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 04 Sep 2021 04:35:25 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Sat, 04 Sep 2021 04:35:25 GMT

Redirect headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:35:25 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJ5LIJT1SABij6jZHbNxXDY&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 17CE
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YTL3jXnrA8PqVqdAMk99hwAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJ5LIJT1SABij6jZHbNxXDY&google_cver=1

43 B
894 B

37ms
36ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJ5LIJT1SABij6jZHbNxXDY&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CL6Q0AIQzafaAhiJmuiZATAB&v=APEucNWZYje3XCvZQRp-tyqPtF0rdMmpwSgWZRUrMFxSh37YxTeTEdK6JmPLK-sWkBOmOtd25RSfrkME0TDyS9HvaCPkiGWp6A
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 04 Sep 2021 04:35:25 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Sat, 04 Sep 2021 04:35:25 GMT

Redirect headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:35:25 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJ5LIJT1SABij6jZHbNxXDY&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

bounce
ib.adnxs.com/ Frame 391F
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEHO0GgZm6FELhrBOx9ZiLXk&google_cver=1
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEHO0GgZm6FELhrBOx9ZiLXk%26google_cver%3D1

43 B
1 KB

44ms
44ms

Image
image/gif

185.33.220.243
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEHO0GgZm6FELhrBOx9ZiLXk%26google_cver%3D1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJjjZhCPtKICGL2r9ZQBMAE&v=APEucNVcqO1BvY0qCH7y9D994D85h4S9FgAqW-5prbg_rTdORhsKK-tFuO6RaewAcxsng4LOGxj88BisxQgp5oIkjpEimTSwUA

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.220.243 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

722.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 04 Sep 2021 04:35:25 GMT
X-Proxy-Origin: 185.236.201.227; 185.236.201.227; 722.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 39672342-16bf-446b-b7ce-4a65e219971c
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Sat, 04 Sep 2021 04:35:25 GMT
X-Proxy-Origin: 185.236.201.227; 185.236.201.227; 722.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 66cfb4c7-49d9-42ad-9dfe-947ad03ffd40
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEHO0GgZm6FELhrBOx9ZiLXk%26google_cver%3D1
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 391F
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MzY4ODQ5NTE2MTE1MzQ0Njk4Mg%3D%3D

170 B
188 B

32ms
32ms

Image
image/png

172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MzY4ODQ5NTE2MTE1MzQ0Njk4Mg%3D%3D

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:35:25 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Sat, 04 Sep 2021 04:35:25 GMT
X-Proxy-Origin: 185.236.201.227; 185.236.201.227; 722.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: bf189e98-7f8b-4d4f-a910-4dd709a81433
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MzY4ODQ5NTE2MTE1MzQ0Njk4Mg%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

sd
us-u.openx.net/w/1.0/ Frame 391F
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEJZpLCJBiy9eNdk86C63xDc&google_cver=1

43 B
106 B

32ms
31ms

Image
image/gif

34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEJZpLCJBiy9eNdk86C63xDc&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJjjZhCPtKICGL2r9ZQBMAE&v=APEucNVcqO1BvY0qCH7y9D994D85h4S9FgAqW-5prbg_rTdORhsKK-tFuO6RaewAcxsng4LOGxj88BisxQgp5oIkjpEimTSwUA
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/16.214.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:35:25 GMT
via: 1.1 google
server: OXGW/16.214.0
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: clear
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:35:25 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEJZpLCJBiy9eNdk86C63xDc&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 391F
Redirect Chain

https://us-u.openx.net/w/1.0/cm?id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D
https://us-u.openx.net/w/1.0/cm?cc=1&id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D
https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=OTg2ZjA4MDktOGY1NS0yY2RhLWYzOTYtZTI5NmIxM2QwNmM5

170 B
188 B

32ms
32ms

Image
image/png

172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=OTg2ZjA4MDktOGY1NS0yY2RhLWYzOTYtZTI5NmIxM2QwNmM5

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:35:25 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Sat, 04 Sep 2021 04:35:25 GMT
content-encoding: gzip
server: OXGW/16.214.0
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
location: https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=OTg2ZjA4MDktOGY1NS0yY2RhLWYzOTYtZTI5NmIxM2QwNmM5
content-type: image/gif
alt-svc: clear
content-length: 0
via: 1.1 google

GET
H2

200

um
sync.teads.tv/ Frame A6CC
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm
https://sync.teads.tv/um?eid=3&uid=CAESEDGQKGaHq8XmG7nGdUVJwfw&google_cver=1

23 B
172 B

52ms
51ms

Image
image/gif

104.111.242.245
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um?eid=3&uid=CAESEDGQKGaHq8XmG7nGdUVJwfw&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CL6Q0AIQzafaAhiJmuiZATAB&v=APEucNVduylRc1-ANx2dfGDzOyZvxRsPIaMTcONzBdq5xl_BqopQOSR9aHpoCM7mr0FsEL_q0XbxYr_dNnvQ_o28ov6yUNpH3Q
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.111.242.245 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-242-245.deploy.static.akamaitechnologies.com
Software: akka-http/10.2.3 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:35:25 GMT
cache-control: max-age=0, no-cache, no-store
expires: Sat, 04 Sep 2021 04:35:25 GMT
server: akka-http/10.2.3
content-length: 23
content-type: image/gif

Redirect headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:35:25 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://sync.teads.tv/um?eid=3&uid=CAESEDGQKGaHq8XmG7nGdUVJwfw&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 281
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame A6CC
Redirect Chain

https://sync.teads.tv/um?eid=3&uid=&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_dbm%26google_hm%3D%5BVID_B64%5D
https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_hm=NDA3ODgzY2YtZGYyNC00OWQ3LTgwMjItMjQzYjNkY2RiZDQz

170 B
188 B

33ms
32ms

Image
image/png

172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_hm=NDA3ODgzY2YtZGYyNC00OWQ3LTgwMjItMjQzYjNkY2RiZDQz

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CL6Q0AIQzafaAhiJmuiZATAB&v=APEucNVduylRc1-ANx2dfGDzOyZvxRsPIaMTcONzBdq5xl_BqopQOSR9aHpoCM7mr0FsEL_q0XbxYr_dNnvQ_o28ov6yUNpH3Q

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:35:25 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:35:25 GMT
server: akka-http/10.2.3
content-type: text/html; charset=UTF-8
location: https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_hm=NDA3ODgzY2YtZGYyNC00OWQ3LTgwMjItMjQzYjNkY2RiZDQz
cache-control: max-age=0, no-cache, no-store
content-length: 189
expires: Sat, 04 Sep 2021 04:35:25 GMT

GET
H2

200

sync
partners.tremorhub.com/ Frame A6CC
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=tremor_video_dbm&google_cm&google_dbm
https://partners.tremorhub.com/sync?UIGL=CAESEButH8EbLUG1PSSK0eENnpc&google_cver=1

43 B
183 B

291ms
94ms

Image
image/gif

2600:1f18:612b:4216:faf1:9619:7fb0:de49
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://partners.tremorhub.com/sync?UIGL=CAESEButH8EbLUG1PSSK0eENnpc&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CL6Q0AIQzafaAhiJmuiZATAB&v=APEucNVduylRc1-ANx2dfGDzOyZvxRsPIaMTcONzBdq5xl_BqopQOSR9aHpoCM7mr0FsEL_q0XbxYr_dNnvQ_o28ov6yUNpH3Q
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:612b:4216:faf1:9619:7fb0:de49 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: Apache-Coyote/1.1 /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:35:25 GMT
server: Apache-Coyote/1.1
p3p: CP='This is not a P3P policy. See https://telaria.com/privacy-policy/'
content-type: image/gif

Redirect headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:35:25 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://partners.tremorhub.com/sync?UIGL=CAESEButH8EbLUG1PSSK0eENnpc&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 283
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

um
sync.teads.tv/ Frame 89DF
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm
https://sync.teads.tv/um?eid=3&uid=CAESEDGQKGaHq8XmG7nGdUVJwfw&google_cver=1

23 B
172 B

52ms
52ms

Image
image/gif

104.111.242.245
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um?eid=3&uid=CAESEDGQKGaHq8XmG7nGdUVJwfw&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJjjZhCPtKICGO-61JoBMAE&v=APEucNX9O8FavPT5R0PG9ulP4iZ1V5W3izU_jGcHPF2tLDJ1xV9Zawy1ykggw_lbPsMQ3K3qx1iczOA5pFspAyBG58X4M9gkLQ
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.111.242.245 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-242-245.deploy.static.akamaitechnologies.com
Software: akka-http/10.2.3 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:35:25 GMT
cache-control: max-age=0, no-cache, no-store
expires: Sat, 04 Sep 2021 04:35:25 GMT
server: akka-http/10.2.3
content-length: 23
content-type: image/gif

Redirect headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:35:25 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://sync.teads.tv/um?eid=3&uid=CAESEDGQKGaHq8XmG7nGdUVJwfw&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 281
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 89DF
Redirect Chain

https://sync.teads.tv/um?eid=3&uid=&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_dbm%26google_hm%3D%5BVID_B64%5D
https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_hm=M2RlM2NmOWYtNzMxOS00MjI1LWFhYjMtODc4ZTE0YzRhNDU3

170 B
188 B

33ms
33ms

Image
image/png

172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_hm=M2RlM2NmOWYtNzMxOS00MjI1LWFhYjMtODc4ZTE0YzRhNDU3

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJjjZhCPtKICGO-61JoBMAE&v=APEucNX9O8FavPT5R0PG9ulP4iZ1V5W3izU_jGcHPF2tLDJ1xV9Zawy1ykggw_lbPsMQ3K3qx1iczOA5pFspAyBG58X4M9gkLQ

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:35:25 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:35:25 GMT
server: akka-http/10.2.3
content-type: text/html; charset=UTF-8
location: https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_hm=M2RlM2NmOWYtNzMxOS00MjI1LWFhYjMtODc4ZTE0YzRhNDU3
cache-control: max-age=0, no-cache, no-store
content-length: 189
expires: Sat, 04 Sep 2021 04:35:25 GMT

GET
H2

200

sync
partners.tremorhub.com/ Frame 89DF
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=tremor_video_dbm&google_cm&google_dbm
https://partners.tremorhub.com/sync?UIGL=CAESEButH8EbLUG1PSSK0eENnpc&google_cver=1

43 B
182 B

290ms
94ms

Image
image/gif

2600:1f18:612b:4216:faf1:9619:7fb0:de49
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://partners.tremorhub.com/sync?UIGL=CAESEButH8EbLUG1PSSK0eENnpc&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJjjZhCPtKICGO-61JoBMAE&v=APEucNX9O8FavPT5R0PG9ulP4iZ1V5W3izU_jGcHPF2tLDJ1xV9Zawy1ykggw_lbPsMQ3K3qx1iczOA5pFspAyBG58X4M9gkLQ
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:612b:4216:faf1:9619:7fb0:de49 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: Apache-Coyote/1.1 /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:35:25 GMT
server: Apache-Coyote/1.1
p3p: CP='This is not a P3P policy. See https://telaria.com/privacy-policy/'
content-type: image/gif

Redirect headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:35:25 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://partners.tremorhub.com/sync?UIGL=CAESEButH8EbLUG1PSSK0eENnpc&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 283
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200

partner
sync.search.spotxchange.com/ Frame D4B8
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_cm&google_dbm
https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESELDuRfo9GJXswwwtnCppkuw&google_cver=1

43 B
548 B

92ms
32ms

Image
image/gif

185.94.180.126
SPOTX-AMS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESELDuRfo9GJXswwwtnCppkuw&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJjjZhCPtKICGO-61JoBMAE&v=APEucNXqJPToUUtdNH3hBQKyRPCDOVjmjEsbw3yb_WSj4Ww7gl_tsIdBackYWOlzT_r2SxM9aKbJ0kOIJDVtc8Upi9sU-8DtJw
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.94.180.126 Amsterdam, Netherlands, ASN35220 (SPOTX-AMS, US),
Reverse DNS
Software: nginx /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Sat, 04 Sep 2021 04:35:25 GMT
Server: nginx
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: image/gif
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials: false
X-fe: 90
Connection: keep-alive
Content-Length: 43

Redirect headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:35:25 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESELDuRfo9GJXswwwtnCppkuw&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 306
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame D4B8
Redirect Chain

https://sync.search.spotxchange.com/partner?adv_id=7025&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dspotxchange_dbm%26google_hm%3D%24SPOTX_BASE64_USER_ID
https://sync.search.spotxchange.com/partner?adv_id=7025&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dspotxchange_dbm%26google_hm%3D%24SPOTX_BASE64_USER_ID&__user_check__=1&sync_i...
https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_hm=ODYxYWQwNDUtMGQzOS0xMWVjLWFmNDItMWViZWUwZjYwNDA2

170 B
188 B

33ms
33ms

Image
image/png

172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_hm=ODYxYWQwNDUtMGQzOS0xMWVjLWFmNDItMWViZWUwZjYwNDA2

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJjjZhCPtKICGO-61JoBMAE&v=APEucNXqJPToUUtdNH3hBQKyRPCDOVjmjEsbw3yb_WSj4Ww7gl_tsIdBackYWOlzT_r2SxM9aKbJ0kOIJDVtc8Upi9sU-8DtJw

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:35:25 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Sat, 04 Sep 2021 04:35:25 GMT
Server: nginx
Location: https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_hm=ODYxYWQwNDUtMGQzOS0xMWVjLWFmNDItMWViZWUwZjYwNDA2
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/plain
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials: false
X-fe: 46
Connection: keep-alive
Content-Length: 0

GET
H2 204 v1
ads.yahoo.com/cms/ Frame D4B8 0
445 B 21ms
6ms Image
text/plain 2a00:1288:80:800::7000
YAHOO-DEB

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ads.yahoo.com/cms/v1?esig=1~b04e41039133c73fafd60e0ed8cb49a70ecfb061&nwid=10000483131&sigv=1

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1288:80:800::7000 Frankfurt am Main, Germany, ASN203220 (YAHOO-DEB, GB),

Reverse DNS

Software

ATS /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:35:25 GMT
cache-control: no-store
x-content-type-options: nosniff
server: ATS
strict-transport-security: max-age=15552000
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-xss-protection: 1; mode=block

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 9650
Redirect Chain

https://ups.analytics.yahoo.com/ups/58269/sync?_origin=1&redir=true
https://ups.analytics.yahoo.com/ups/58269/sync?_origin=1&redir=true&verify=true
https://cm.g.doubleclick.net/pixel?google_nid=oath_dbm&google_hm=eS1rT1MuQkFCRTJ1RjhOMnJCRC45Znh1WXBidVpoTEtZQ35B

170 B
188 B

32ms
32ms

Image
image/png

172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=oath_dbm&google_hm=eS1rT1MuQkFCRTJ1RjhOMnJCRC45Znh1WXBidVpoTEtZQ35B

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJjjZhCPtKICGO-61JoBMAE&v=APEucNUGKEasJuo1XMAfavxNaib5AIMESj3moczF3WolZejU0D9gNRxAL0SSXqrzZHRZu4owyninDxy4hqCOtBPcbVZKRDKezQ

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:35:25 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Sat, 04 Sep 2021 04:35:25 GMT
Server: ATS/7.1.2.138
Age: 0
Strict-Transport-Security: max-age=31536000
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Location: https://cm.g.doubleclick.net/pixel?google_nid=oath_dbm&google_hm=eS1rT1MuQkFCRTJ1RjhOMnJCRC45Znh1WXBidVpoTEtZQ35B
Connection: keep-alive
Content-Length: 0

GET
H/1.1

200
OK

user-registering
ads.stickyadstv.com/ Frame 9650
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=stickyxchange_dbm&google_cm&google_dbm
https://ads.stickyadstv.com/user-registering?dataProviderId=141&userId=CAESENvdD6oslh_ZMtZDWHrAVo8&google_cver=1
https://1f2e7.v.fwmrm.net/ad/u?_dv=2&dsp_user_mapping=true&127719=d49ab0ac22cbeba0ef657f1f6b4ef0c8&rdU=https%3A%2F%2Fads.stickyadstv.com%2Fuser-registering%3FdataProviderId%3D1169%26userId%3d%23%7b...
https://ads.stickyadstv.com/user-registering?dataProviderId=1169&userId=g022_7003932555477941946
https://match.adsrvr.org/track/cmf/generic?ttd_pid=stickyads&ttd_tpi=1&gdpr=0&gdpr_consent=
https://match.adsrvr.org/track/cmb/generic?ttd_pid=stickyads&ttd_tpi=1&gdpr=0&gdpr_consent=
https://ads.stickyadstv.com/user-registering?dataProviderId=208&userId=a6029364-f33d-4faa-94e4-60cd39f61691

43 B
729 B

37ms
37ms

Image
image/gif

2.18.234.233
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.stickyadstv.com/user-registering?dataProviderId=208&userId=a6029364-f33d-4faa-94e4-60cd39f61691
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJjjZhCPtKICGO-61JoBMAE&v=APEucNUGKEasJuo1XMAfavxNaib5AIMESj3moczF3WolZejU0D9gNRxAL0SSXqrzZHRZu4owyninDxy4hqCOtBPcbVZKRDKezQ
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.233 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-233.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 04 Sep 2021 04:35:27 GMT
Server: nginx
Content-Type: image/gif
Access-Control-Allow-Origin: *
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 43
x-sticky-vk: 1630730127347043-588
Expires: Sat, 04 Sep 2021 04:35:27 GMT

Redirect headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:35:27 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://ads.stickyadstv.com/user-registering?dataProviderId=208&userId=a6029364-f33d-4faa-94e4-60cd39f61691
cache-control: private,no-cache, must-revalidate
content-type: text/html
content-length: 245

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 9650
Redirect Chain

https://ads.stickyadstv.com/user-matching?id=11
https://cm.g.doubleclick.net/pixel?google_nid=stickyxchange_dbm&google_hm=ZDQ5YWIwYWMyMmNiZWJhMGVmNjU3ZjFmNmI0ZWYwYzg=&gdpr=0&gdpr_consent=

170 B
188 B

32ms
31ms

Image
image/png

172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=stickyxchange_dbm&google_hm=ZDQ5YWIwYWMyMmNiZWJhMGVmNjU3ZjFmNmI0ZWYwYzg=&gdpr=0&gdpr_consent=

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:35:25 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Sat, 04 Sep 2021 04:35:25 GMT
Server: nginx
Access-Control-Allow-Origin: *
Location: https://cm.g.doubleclick.net/pixel?google_nid=stickyxchange_dbm&google_hm=ZDQ5YWIwYWMyMmNiZWJhMGVmNjU3ZjFmNmI0ZWYwYzg=&gdpr=0&gdpr_consent=
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 0
x-sticky-vk: 1630730125466017-403
Expires: Sat, 04 Sep 2021 04:35:25 GMT

GET
H3-29 200 index.html Show response
s0.2mdn.net/9506911/1604308179092/ Frame 5676 129 KB
23 KB 20ms
6ms Document
text/html 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/9506911/1604308179092/index.html

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_273.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e144286a6fd7250ec2c718987fbfa8f6fab94042a1b182af938dd2aac3bd1c4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: s0.2mdn.net
:scheme: https
:path: /9506911/1604308179092/index.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
content-length: 23538
date: Fri, 03 Sep 2021 14:16:48 GMT
expires: Sat, 04 Sep 2021 14:16:48 GMT
last-modified: Mon, 02 Nov 2020 09:09:39 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
age: 51517
cache-control: public, max-age=86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 0179 0
61 B 95ms
42ms Ping
image/gif 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsu-DkaXfrJjfW1G0BTSnllrI6m4AOSoPyfBCv5gqj2REvDxwcnvFBN2YWgTXeaC1XTABSRon7TAHU-oere8GL0eKxLvbMga8MIYcDmbhnH4rxidP7qRmitKOJ--XtFLuGH_CTrCEeN6MokQC2t19SaQmFW6SfjEfnD07oE-yn0iuN7NLEPUdBzK1GfkOst1Wr4U0RAx11fHWW0GbZgiBmXDtqT7JVZv9HnUwNuop_CZ28P2gBYGHp6nLAydDqsoiRLUDkAkRsbjdllyJGr2EZiNBv16Fdr6vrud-JSdxTQG4_u4JrIbpuZxhsb5u-CXxP5NXpktMr9xwybfIEtF46fmLY5ydOqLoFgOF3XEp9-u1lmCahZogMxg9GtXSQsYCdW86ZL_nTyOP5TjRuVfrrSzpJAOmINovVHwpdSlQJUvZu9yNggG62_2SoH3-F9ewrAD0UNfoHCqluh5u3vV-J987a6bulnjokgkvOWN9RGdgUsSpIVytVEnxEsKm21HWCR0k_3RRZu4Ok8Tvl9TCqRNVKr7x4TycH-BOkVbVwJ8oZXoAWW9nkTvTuZXTTY4Ur0nEjoDqFiPwbjewVuegxnHe9jb3jdfguiZaoIshDB8vn615j4sCxQJK6nhqWh2lTpRkjH2vP96-UyxFjEv6oTEUTwe4UdkU83x-Nn0v8ZLZYUrD-mX5G0-1iGCc9bupAHKhRUl7lFBijlF02msCFmPHy_z-wMzlla4MxF3MpdIYynujuDOe8K7ByTGorevLRfJThOSHEaMzZ_JFlreN52_tbjQq93WGH4gCD_izmtoDbMSXFVmWirS1FfLPWbj8ZyoM7FqqkrJtYGRKhCiqSEoLYxmbsSA3v-jbRwt5XvrioGFex7ZMwwdxw8RgM1NtD0YIsQRfK0VVXGIryys_Ms4hyzpWMv2x49eDfs2sAj-L_KfoOGJ8lOcGBBOVfMlWUacAeYWsDS3WeUi774jfFHAaro3-9bPagHrqJTkd__7UDi7RbjO5GMUnRJCG58RpzoRiEVW2XcpkCYI_C14XAc0JnqWEVfIjPKwsMMWGUybi4SN_pbYacXUOWZ95tVFpQGhvVzqFrnJKmqQnI5vXr8VdcCSERdzndscy7AuMir7l312B5aRq-paNHXAh5gtd9KZv1zxNwn4PNgKX1-NNLJwNFSfv7kxYrDTXrOL_klmRNAy6s2fqI5IAAcH6M6-PUMBpbvnUdOg3Q&sai=AMfl-YRlXT2u5RGL59NvJxrnHMVYJfCuWx7WcR_1tQUo2AasbHwjttNuexCg7B1Wnzyyup6bkKpezJdYV11bqFg2MLlfp-1w58o7iR9_cvM0EOCpFuI9pd-qf_f6WnHRpo-_rQf5lzHjpQKee5Ss8BUiJdguBEvnMO2S-bNiUtVICHjesn94D1a3DA&sig=Cg0ArKJSzG1rqaxxIyd0EAE&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=156&cbvp=1&cstd=153&cisv=r20210831.66243&adurl=

Requested by

Host: www.123greetings.com
URL: https://www.123greetings.com/events/dance_day/?utm_source=Email&utm_medium=Special_NL&utm_campaign=SNL_june20_events

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
date: Sat, 04 Sep 2021 04:35:25 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3-29 200 index.html Show response
s0.2mdn.net/ads/richmedia/studio/pv2/61380784/20210806085505080/ Frame F306 73 KB
52 KB 15ms
14ms Document
text/html 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/richmedia/studio/pv2/61380784/20210806085505080/index.html?e=69&leftOffset=0&topOffset=0&c=32X825vgkC&t=1&renderingType=2

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_273.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f8640cd475f8af1924516f1a2fc4b5b220b6ba1540ddad4de8f82e355611a746

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: s0.2mdn.net
:scheme: https
:path: /ads/richmedia/studio/pv2/61380784/20210806085505080/index.html?e=69&leftOffset=0&topOffset=0&c=32X825vgkC&t=1&renderingType=2
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 53267
date: Sat, 04 Sep 2021 04:35:25 GMT
expires: Sun, 05 Sep 2021 04:35:25 GMT
cache-control: public, max-age=86400
last-modified: Fri, 06 Aug 2021 15:55:05 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 2763 0
583 B 74ms
40ms Ping
image/gif 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsv2ZO2Bi3znZJteHjCqbzGahDJvBkfuRfnTVtJf5TFhY1jyhgj5KRv9iyMMAwUYVBWkFNaCJMJtBCPSugZTxYGR_4RnqBHa4eBgd2RJjVWjFYMsAnNUZDLdhU3LdcdLgYp6OQ4LOkJijSJGAY25ToMDs-9cxiXwJTv0uWUf9alsmPbqpUjHtbO-AA3yuinbYXzuhU9DCKowYNacCbvAkl-SDp-ht543bgrAew7sG2uGztx_v0T22b80Foxy2X0x-GdR3bImYbc0IL7RKo08gUerjj66HYsvBmp9WBTHE6m7a-9K4_s7kUt8htNPb0jgiFesAKjmtlVIRY4F6vj3SZNt_Audd-V2tW4yDvKsJeerUq82fQ0LEvQ6xnfeA86DO_hXxfuJdkMHOR5iNCICIhFeUXicfAXcbVRCFR0zb58YTx-ZYOYWOViqvMlz2d2IusDBCUHXzYXNFiP1iO-1Z_WIRRyTR0BzSVru0rinucEcgnyXhcHVbNvOMyr8Q0h9sjJmCdm1YF_iQXuGNNZKG9jDZh1zGJXE2SLba0tdnN3oYY_quHTjTYrh8bKmnulCijkrR28oelzXShnBZddkb82VlBWgnyAtogVo1KXMzHn0rMbgsqTNED9T_x_t00s_q84hyNvipITWm6192GInrdsFncC-WKn-C-h1yh8Op0-rbKJlzFxv4h4tRmNOqqdvjQm1izhrC08421tRKBQLvaDWSfnu_MIsspFiDcAh5hwYZ4tn2fSrpGbcUydWflUODOWuFZeRVldyflk64SG3JAon2apCLw5htMbYh7SukFan9OUKIuJLEMbJaBSo2rT2XPXj6ZkwMVtIFwu9hWDcz4pXXTkL1ndbaEJdxbs5sGMRHarXLQ26s5NaZHBobgN5xlQGIV6MwlKUWpiMHpOnplg1whM8st8VtjGodpivSTYPgf3Bw5j4prQIFMvRuCqOwhnYMKV5HKesJZk460ywtpckgmgj50PjY9JvvlH0MIty2Qh4CMz_je8Zt9AR2MLkKrAexYfs__a03FgmxK-PX4bHpyAzguhGFaFkqByLTyM2BtrKleyloOmU7j64KX1EuEh7X52FzgnzbnWHx_F2Ju1zwpDN8eKa3Fe8pHVnzpmpVEvq3nWQBWXrke2YcNrwfRTXrTMzGUT2DNVjBKCGD7aaxmnIKh-50IgiVZnS0x73zoHAomSr1rsabDM&sai=AMfl-YRIYFxzgYGubJQXAZ-7cP3sLt4xrL8Hh_OFskbtdZj3mgrrbXwKx0zJEM6_RFlFCCXDppcWhyYy9qtDTwD6x3Hr0zjfqZ7LVDJ3AHwROalz5hALNpgo8F8Up2-Y5VHItNODhLnW7Gk-K0W04TFfVPnf3_wXYA&sig=Cg0ArKJSzLvhQsGJ0GWsEAE&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=163&cbvp=1&cstd=156&cisv=r20210831.69471&adurl=

Requested by

Host: www.123greetings.com
URL: https://www.123greetings.com/events/dance_day/?utm_source=Email&utm_medium=Special_NL&utm_campaign=SNL_june20_events

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
date: Sat, 04 Sep 2021 04:35:25 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3-29 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 0179 41 KB
15 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com
URL: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 03 Sep 2021 12:28:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 58014
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 03 Sep 2022 12:28:31 GMT

GET
H3-29 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 2C47 1 KB
749 B 6ms
6ms Document
text/html 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com
URL: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: pagead2.googlesyndication.com
:scheme: https
:path: /pagead/s/cookie_push_onload.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Fri, 03 Sep 2021 12:12:35 GMT
expires: Sat, 04 Sep 2021 12:12:35 GMT
content-type: text/html; charset=UTF-8
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
age: 58970
cache-control: public, max-age=86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame 0179 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 72a2c640fe4786ceaf2c6908e281b7c1c58f49f1c70077b1afe4fff782524857

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 geoip Show response
avm.avantisvideo.com/api/v1/ Frame CFC6 116 B
871 B 153ms
152ms XHR
application/json 2600:9000:223c:7c00:3:748e:7940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://avm.avantisvideo.com/api/v1/geoip

Requested by

Host: cdn1.avantisvideo.com
URL: https://cdn1.avantisvideo.com/connect/u_d.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223c:7c00:3:748e:7940:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

d81386cb76a2f803a6a7674bab45293bde918693a683a583ccd20f85619df9ef

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://cdn1.avantisvideo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: application/json

Response headers

content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
via: 1.1 0c688bb347bc402edc1209f13e04d88c.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-permitted-cross-domain-policies: none
x-amz-cf-pop: FRA56-P2
x-dns-prefetch-control: off
x-cache: Miss from cloudfront
vary: Origin
content-length: 116
x-xss-protection: 0
referrer-policy: no-referrer
x-frame-options: SAMEORIGIN
date: Sat, 04 Sep 2021 04:35:25 GMT
expect-ct: max-age=0
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
content-type: application/json; charset=utf-8
access-control-allow-origin: https://cdn1.avantisvideo.com
access-control-allow-credentials: true
x-amz-cf-id: VDHjLE3oHYfAgvEAYsQXPm-mN_i7KwwqxQb3brETCuFIcKg0AOX5zA==

OPTIONS
H2 204 geoip
avm.avantisvideo.com/api/v1/ Frame 0
0 171ms
146ms Preflight 2600:9000:223c:7c00:3:748e:7940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://avm.avantisvideo.com/api/v1/geoip

Protocol

Server

2600:9000:223c:7c00:3:748e:7940:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Origin: https://cdn1.avantisvideo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Sat, 04 Sep 2021 04:35:25 GMT
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-dns-prefetch-control: off
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
vary: Origin
access-control-allow-origin: https://cdn1.avantisvideo.com
access-control-allow-credentials: true
access-control-allow-methods: GET,HEAD,PUT,POST,DELETE,PATCH
access-control-allow-headers: content-type
x-cache: Miss from cloudfront
via: 1.1 0c688bb347bc402edc1209f13e04d88c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P2
x-amz-cf-id: ePNqlVpF7pvOn0Xvgt7p1ucNL0h6OWr-VFHLw-51fURdaVRM5lBxXQ==

GET
H2 200 geoip Show response
avm.avantisvideo.com/api/v1/ Frame 38E2 116 B
870 B 154ms
154ms XHR
application/json 2600:9000:223c:7c00:3:748e:7940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://avm.avantisvideo.com/api/v1/geoip

Requested by

Host: cdn1.avantisvideo.com
URL: https://cdn1.avantisvideo.com/connect/u_d.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223c:7c00:3:748e:7940:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

d81386cb76a2f803a6a7674bab45293bde918693a683a583ccd20f85619df9ef

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://cdn1.avantisvideo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: application/json

Response headers

content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
via: 1.1 0c688bb347bc402edc1209f13e04d88c.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-permitted-cross-domain-policies: none
x-amz-cf-pop: FRA56-P2
x-dns-prefetch-control: off
x-cache: Miss from cloudfront
vary: Origin
content-length: 116
x-xss-protection: 0
referrer-policy: no-referrer
x-frame-options: SAMEORIGIN
date: Sat, 04 Sep 2021 04:35:25 GMT
expect-ct: max-age=0
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
content-type: application/json; charset=utf-8
access-control-allow-origin: https://cdn1.avantisvideo.com
access-control-allow-credentials: true
x-amz-cf-id: GyuarsjXxCD-d2-eOdN70Dravx45JTTGqQunJJCNnT07UybYXvOc0Q==

OPTIONS
H2 204 geoip
avm.avantisvideo.com/api/v1/ Frame 0
0 169ms
147ms Preflight 2600:9000:223c:7c00:3:748e:7940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://avm.avantisvideo.com/api/v1/geoip

Protocol

Server

2600:9000:223c:7c00:3:748e:7940:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Origin: https://cdn1.avantisvideo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Sat, 04 Sep 2021 04:35:25 GMT
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-dns-prefetch-control: off
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
vary: Origin
access-control-allow-origin: https://cdn1.avantisvideo.com
access-control-allow-credentials: true
access-control-allow-methods: GET,HEAD,PUT,POST,DELETE,PATCH
access-control-allow-headers: content-type
x-cache: Miss from cloudfront
via: 1.1 0c688bb347bc402edc1209f13e04d88c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P2
x-amz-cf-id: DYbesxhd9pn_t0x4dy6GWD5jWJPt-eGOnPKyHY4sPzN_C67XQ6e1BQ==

GET
H3-29 200 index.html Show response
s0.2mdn.net/9506911/1609938295867/ Frame 2BCC 167 KB
26 KB 7ms
6ms Document
text/html 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/9506911/1609938295867/index.html

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_273.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b61eed4e105e7f6be5632474cc5df5fd3cafa3c75c602657e480de2ad370a2da

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: s0.2mdn.net
:scheme: https
:path: /9506911/1609938295867/index.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
content-length: 26889
date: Fri, 03 Sep 2021 16:55:54 GMT
expires: Sat, 04 Sep 2021 16:55:54 GMT
last-modified: Wed, 06 Jan 2021 13:04:55 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
age: 41971
cache-control: public, max-age=86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 3061 0
61 B 38ms
38ms Ping
image/gif 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjst5KBe733y7TVYuQ6Mjc0AKeJ0gFTzWQAMwoibnLwqDfQ2c-qevktBAmAiWjvI25vH7NT35q2Rh3YpUHJjOOiW_BWWVgSKgJekFOXmuo7XRNe6Etka9L1XAVdH6lXMrugvZBPRJ7RXC0ju2hCx2LfOhnFvWCGIFFIGdDp3rXZ-9iI1sErBO2ZnH5Qgk0LvEyp8tmqQGwIXR4zPJqOZ5iGAo9coHSp6X52le2NU5Q1ffbFXDOSniIIFwjmcLYh_UNFGa3nHpwAlvHoal0IIh0TjTTtsboyf17Xy9DmvEJw8KV_gLJzMYNrrM74Vbvh1bUQFKAf9164C6bKSH8YBS7AkP8McU4vwDElJWQT6nm4zuu1PyDTnhqCz9MkMrMAKyfuAanZQ2E8T0qRY7pjhAplkuuUaS5URZsK1YtnIEYnPje82Tf_hVJAy1mVF8vCfT5uHyJj4kK46qNQqrPF4lzJhPCZJzzwN79GMQO2Bw_2eA2WSeKP6qC0zWWKWNgrlNUCuMc2C9evfPUVzkoV6uOfvEk3uzL_fkQ4OXr9c49e9RpeNCRNcAqOHvfZZKu4ro-qrSwxM1jyLBr46hCFqPSXBL0y4a0Vc2udds8KUPt_4ntXp1w0V3UdYRtG6jmfnkQdHQYRGnBsjPif2Gh2SRueMmwGUHlMOjmRLhvOFJxEjqbXQ4CxtKnhuQams26qWzcUGLRwCxYpeZ8MdnwKIJK7t9rFRsCDosWAfBsq6fM0RxHMLGFOyeSq6Xk7SzRL0VthBUJ-9wLnidqWsdq-tbtc8Ast-QRCYJwBvOl6aCJiqFCiNgqvJKpS9TQwJ5RbNEOb4vtTasC1aKchVtme4hPUJlbMnjKYww9trHlvNMaE1SCAW9xL3oIGc5FsKQAmGt7c-jIZ-STZRuq3-JbkYwg_2dar3N-axX2QaJiphvOT7CV2W7hCgAv6m2ph77DhWPEmrQECIWFhcs1UkBYJUbq5x0veNGVweoLloCkIZV5UtS3uzj0TNs3jKkovEtDRRFUBUt3i1J4wL0B9KTpt9tukhBanjZVsEsFJLFEPB4kKY_qIoLOcS-whlFArNizVd7DKf-61Xy7Ek4K_b53h66mXcL6yFnncwTCdZr-d2KBelLHHs0XeKTiYfwvVmqxt5Xv0t2sCRvCU9DKvVxHaVoa5QgBJc4LVgk0hd83Dk_2PlF-zBgJhe2XKllHCOhXHDEC5WKrg3AIHsht_dDlPyTQCYSIg&sai=AMfl-YSeHGkTCdAuPIGb0GY9SIayL_ckFjLZf_-mWYPgaMaRWDE0V0PQqPLH7jzPg-5yteZ8TW64wirGeCoc3QMmbkCd0mEPHNeQSMMGI8g5pV4QVuXvaRJZS-MNi7vh2HW6Ogxqr1zjQnW3fZagwicNE-3JEpsyABJk5cpt3oE2Di5n4VAFLZhmFQ&sig=Cg0ArKJSzHhvpe0eofVHEAE&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=184&cbvp=1&cstd=182&cisv=r20210831.23123&adurl=

Requested by

Host: www.123greetings.com
URL: https://www.123greetings.com/events/dance_day/?utm_source=Email&utm_medium=Special_NL&utm_campaign=SNL_june20_events

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
date: Sat, 04 Sep 2021 04:35:25 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3-29 200 index.html Show response
s0.2mdn.net/9506911/1609938295867/ Frame 45A8 167 KB
26 KB 6ms
6ms Document
text/html 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/9506911/1609938295867/index.html

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_273.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b61eed4e105e7f6be5632474cc5df5fd3cafa3c75c602657e480de2ad370a2da

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: s0.2mdn.net
:scheme: https
:path: /9506911/1609938295867/index.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
content-length: 26889
date: Fri, 03 Sep 2021 16:55:54 GMT
expires: Sat, 04 Sep 2021 16:55:54 GMT
last-modified: Wed, 06 Jan 2021 13:04:55 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
age: 41971
cache-control: public, max-age=86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame A9A0 0
61 B 41ms
41ms Ping
image/gif 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssplbEoMdNyu26eiAMTmMeBie_81hDNg49q4v2Y1ydfWCNkECjc7Q1ZHVT-GBvQWDFdeNLU9QgvpmVG3tMLjJ8BOv71H15KLpa3--LQ27IBFPqVwcxz13oCkFIkxcVB0pCyKRIIX31L1zqOezYZ_H0OnmPRanlElymsh2oz8LfnU3makoUwafGSca67l_P8cfbcOUiWx6SDUb7NFvaNZPE4M-bTJfA_OqDcqc0S8fSvnfKT9yxYLeav9oU2HBF4ou-gp6OCfxwfEim_cd7hncuVfkMFzoWAEluJpHoIxqI3wJnOxaNHoLdoQCSyyAp0VZR2_D326wr3mbrPaFXmNhlgxXKkRjSu-R2OLYNYjVRYORFZ3Tfs2u_iD6lD1mULqddfEMvFk4QYpEL9nqMwr5__Ggv6BB-6SY80Ltti_Zbj1P-4Pfmv8bQRHasMAtzEco0EFFkFjyg5P0nB3OgyL0s6m2KkTRukjvFwXeLnkrxNfEYnmTpUStJgCpolOFDCD439995KpAszZYgcF_nDf7NwbpmnZMUN_5RsKkhfoN4VI_drDgU90QEV7WmbGaHg4P3mzp27HiMf4qvbYwpe-Xom6xs61wEN6HIFRSPqKU97gn_R4yhd9rSr3Qnxen9cXA6Hx9eJpcF4N64beJ_AbGS9kKpoc4mHiDg1cD8K8Duh7XjrbWlt1y7rvTnYu29eOJj0OB0frpcWjYM91HSjiiSzRqdMKVs3SFN4zH5-x_z8tWgxA07-4GLtuDTGSHv36pcal8iAzyKUmMD1CSBJ8gcLMLZHlrxPiHPSD-_0MliTQnTRXx0JvEGOSs3NzqlIpHHy5KL-fPuKmhqjHMfTQqCDIPzaNdlGPwA-aUWe0Dd5EJ5e08CWRlAoRPwdONhvhyDy9VLr82x9jUHJdhIuGMNsnlkVG71KHF95Y7cltfuGO5-mvXSA8qzmnj0qkcoT5eQwUU0M9WsY5FChS9eMi03LC6KF_7B_8Icbc15D9hzf96AttoJK97p-BrqjeTdYt93CeQz_QHZnO_AB8SYmlRMlQX6xye2_XugraiBhLgTzQOxGfPvYLVUp8LUHf5Ya2ZQpKvU7jRfXlhcoMOTqu5mqiEfjZiQdU28v3lLARXiXfADB2KlQPzPfP9KA0SpLqgrJPIJnLAeQ_b6o6spZieAAMnIBIcIRYylFPAGg5yD_ks4xAcAKebQ-vxhvMR5lemi6QD0WfswDlboJLJ7NkWVCYA&sai=AMfl-YQqvdJjrEWYCfWrq6ni3tqJBtXqowRuNYgB3v_gNVgIJgRxmM6J6IH6MUEKRspACWGaZeg6y1ayAmHU6MRKC7zEY293B5UbXn4fWlmUyjfubc35fcRkNTJLc83jKy34XzgUe42YHgczWj3UBVNNj5iUQ7tcY0-hT6wgh2-5X60NeQpVjvF2kg&sig=Cg0ArKJSzE6LM_8w7EogEAE&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=175&cbvp=1&cstd=174&cisv=r20210831.27197&adurl=

Requested by

Host: www.123greetings.com
URL: https://www.123greetings.com/events/dance_day/?utm_source=Email&utm_medium=Special_NL&utm_campaign=SNL_june20_events

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
date: Sat, 04 Sep 2021 04:35:25 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3-29 200 index.html Show response
s0.2mdn.net/ads/richmedia/studio/pv2/61380784/20210806085505080/ Frame 58B1 73 KB
52 KB 15ms
14ms Document
text/html 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/richmedia/studio/pv2/61380784/20210806085505080/index.html?e=69&leftOffset=0&topOffset=0&c=gAFXV1gCGD&t=1&renderingType=2

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_273.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f8640cd475f8af1924516f1a2fc4b5b220b6ba1540ddad4de8f82e355611a746

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: s0.2mdn.net
:scheme: https
:path: /ads/richmedia/studio/pv2/61380784/20210806085505080/index.html?e=69&leftOffset=0&topOffset=0&c=gAFXV1gCGD&t=1&renderingType=2
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 53267
date: Sat, 04 Sep 2021 04:35:25 GMT
expires: Sun, 05 Sep 2021 04:35:25 GMT
cache-control: public, max-age=86400
last-modified: Fri, 06 Aug 2021 15:55:05 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame A514 0
61 B 41ms
40ms Ping
image/gif 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstA1PlZeTpSoOu5gQz-J4hZiJHPnb8xKW_0VwZ9CAxwNiqz-2Tshr3zC7NnailFTryX5A9Zg_YxBXGHqIfxhlkqh8m4rkgUz7_dZPAUM7Dg_EargK3zL3R-u534YriDEpMutUS6qZnch5waiVYfPqZaZsoVn5lxi0mXOnF9mJSkjZ7WoT5GqQiCykgYW5Kr82cBeY7_YUz1b3NdWU6MwqIph_sKSD8E8hUdq_7pYhUA49XdjDf4GSePGR8J2vZSAiyVPMJszp2jMls5rAnkcSTEJ9zb_m2PbcSC5c-O1w8XeA8yp4kviYb115EQV8bGueIjXEdlXPAB6Yg4cgefF95SRKU4RYp9bIszol2HsmtIuGj4-cOvtdb2a3Kx8K6ifHa13N31KGf16oclG7Y9Y8AdJk6SPhJSVmMyM9p4agvhmtfWzmU1vIC6GPuWxjdPbiDbEXapLdQzH9a65rrFZdsSwtELJJA4bEpQeUxJayle86kRqMCPsPt_Les-yqz7bHOlTtIoy_vuLVbwzlfhMeG7pSC8Vy7D4Ls_cx3uGQjvLW5WJQniEbH37kIWTSNtCfp1kTsTqC422KqvKKZnUbfoua0dPcgcoqSfwjMORGT8m8Map8Pm0dmwiEqTuljUZm4cgyM6uTW_bLV1Pe12WfvGc3r7TysMy5cj4fl7wCdxvPO4tPPXlWM3y1VjAz62G4ZN1SaZAgWNPJGdksebNIHhzOjHCWAJ_8se-0SNTFmXiLOMhstn3C6OVti_qpxVqZraqZhXwnMiNUeH83FHv7KjKyKDcbI9VRseL-STke3rN9Q7_yGeX7xWChlK89V3YYR2tvmDPCpen48MK_Wd3CjHoIJMjAghwe8GOkDZNENDnf3ORhd9YGhFzH_CxkT2fpRNRwr92Z_wXxccZYTdEsGKvfUy3BPI8_e1a0wK4HVz2mumxX9oNKdpupcmiJMTxrgsL90v3bk1HnnDcQbATNnZV6aJ4kdhBGIu0SBiAyYnX22qlHhw2c8xlpePnz1QX7jEuVutSfRqBckDouL89OpW-3tmswqu7s9JJpr4HaSa3Xn45ZTvOv4s8tBU8zEu7aqQkmWtUFbrspSnik4en8aao_VQcuHF_YXI5PHHRtV8ynasYPKFmvOUbfsvMJ7RaNCi7bKyzU-UUSZucygLNh4ncGk9b3iEGkzwiaXm8KExpvvNvdAcTjibZg&sai=AMfl-YRBmCvtZ_l6oU0aV07f5YndkUE_B3j2nlrF5HQbyhhJWvRcSVRZjuww7Yj2M-LGpYEC-zHAnsH071nVq-_vDbpxX90wwRMPBLVG3eoIpvSM4KYEF7QzRD-Kb5Z0uYFZDXEVX5LxjPIVP5WR1uwXa4ZXZ3zW6Q&sig=Cg0ArKJSzBXU8TsXX2lGEAE&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=190&cbvp=1&cstd=186&cisv=r20210831.19362&adurl=

Requested by

Host: www.123greetings.com
URL: https://www.123greetings.com/events/dance_day/?utm_source=Email&utm_medium=Special_NL&utm_campaign=SNL_june20_events

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
date: Sat, 04 Sep 2021 04:35:25 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3-29 200 index.html Show response
s0.2mdn.net/9506911/1609938328780/ Frame 1AB1 166 KB
26 KB 7ms
7ms Document
text/html 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/9506911/1609938328780/index.html

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_273.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

079f180cafeebed9a4762f3b2d1df57ed5745d4baee54466b6f683ed15c7c4cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: s0.2mdn.net
:scheme: https
:path: /9506911/1609938328780/index.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
content-length: 26351
date: Sat, 04 Sep 2021 04:25:34 GMT
expires: Sun, 05 Sep 2021 04:25:34 GMT
last-modified: Wed, 06 Jan 2021 13:05:28 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
age: 591
cache-control: public, max-age=86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 8759 0
61 B 42ms
42ms Ping
image/gif 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsveecf2-2Gq8M3w63X4UtsEYzTUzRzW5j41rVX3ONIHx14v4f1fQBoqFHNREbLK69RuSJ3m8-t1-nvxuS68SX8J4VPaerxJjvzZND0XgYoAmk6T3B6fzMvwaGasxuubhF7qbzF71oQhz1CgaXVCD8XR3_tEvXd5U9YUK8b5EQB5UTzq6nxUro-3jl7szp17rIy0lKeJAPxl7G9MwkMlzq_afqrXlAp2q0m4RVXCGJR_ty_j73Rd2ERShRmcZzQRKX-fEe-z4Nt_rQiFXrQlDmWJWHH-7IrQWcgFIfOCkT9j-BWopX6AelPMXWiby6eBy_PV8R9DBTz2HjRf3nYgket5-PpSNEjBDY8XTfl3IN9AQ1rffh80of0vz4PNu3fRxQtK7j0tAzgdugODejyoC8XeUMwyeCibkkA0TT-OPI_Avas93zzst1JMacBFjK5p57e9lj--6uXpwSUUZMREZJya0yuTRb17SIj8wEzGOzH31C0J5WrYiC3_aD9GSj34B-t0laV9W7ud2ggQGqaZaxWNis-pYq-gDXHdVpH5KwLMnA4m6LWOwtscEk5jovFnZW1K46irk744LUwkgRa1ZywTgvgv_7wldDn0ausWSe8H8mAH7e1VDTXtLc_s5vssOSUjnwYNaWuM11C9jhQQCawJwTAbFEP2ldpCf5oRVgJ4EXFfWddK96vq6vPUmAVqgkTpZCV2NjLZhJC7FFPhmu_6onNmZTaky6ajmvsAQwYAAEq3iL5g4FQ8MeZHxZKE4_xdcS0gqT0FqTRIM1vjIHCvto-hDuwfqFzxztVxJlB7eMs-F7d2I2TB-mnFwuS2EPyUTRvMLn_uXhASMSNXS7CF9nzBibr4Ff0v4508Cht26eEGtNt0BZFTcO1mTadED5JUJqlDWHiWgGHH6BtLWUyiJvKAOJmUsTlFScKX7sRoE9hsA7utFYCQ7VJBF5mu2dM2A4-Owa_1Qr0HhFMRJX2yZDAReA4yF820DCShlUySF8RUBEGX0b4_PpLTdj_KNijkYJbe2BRBgc9HHw9HKCkhFs0V3xi-fqzs5NiXTffc-NZew6YP29tvYmi27yTUCUgZWOPsrgulINStQra19DaCb4ncD5jtFaxTHp2cpuFultQRkBzm1uD40_mlWM0MmjrG3lnQ_x2UCXjDrmMroyQ_Uonxvy4b285_igHg1XRnTK3kndrDJr6zcVpSBrmfcVm_fu8FQD0aWHYa3vE&sai=AMfl-YTuaF8hPuK-6R5vGtmJzU_Or2ZSTm6Xygk4M6L9G5HcEmW3_vafduUDa8mLRBVLI-H-Tt_YbkE3k_GM6fel6uh-T11mqz9DUG1kghdDj918SqCAXl4GjdB6VCrADMN0vSBXfHyCMku4xp-8NORPKwdzh0_2-zbZSqn_lWpMKs-JJGB3UdBT9A&sig=Cg0ArKJSzHNKfp6Rfyg-EAE&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=181&cbvp=1&cstd=180&cisv=r20210831.50113&adurl=

Requested by

Host: www.123greetings.com
URL: https://www.123greetings.com/events/dance_day/?utm_source=Email&utm_medium=Special_NL&utm_campaign=SNL_june20_events

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
date: Sat, 04 Sep 2021 04:35:25 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3-29 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 2763 41 KB
15 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com
URL: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 03 Sep 2021 12:28:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 58014
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 03 Sep 2022 12:28:31 GMT

GET
H2 200 main.gr.19.8.242.js Show response
static.adsafeprotected.com/ Frame 2763 187 KB
59 KB 176ms
80ms Script
application/javascript 52.209.62.127
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/main.gr.19.8.242.js
Requested by: Host: pixel.adsafeprotected.com
URL: https://pixel.adsafeprotected.com/jload?anId=930701&advId=5673933&campId=34339388&pubId=1&placementId=322571529&adsafe_par&bundleId=&dealId=&bidurl=https://www.123greetings.com/events/dance_day/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.209.62.127 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-209-62-127.eu-west-1.compute.amazonaws.com
Software: nginx/1.16.1 /
Resource Hash: 5e9dc26b28d8f13a4129556d996723b6478e4c42120ac19d60f7fc7b4357750e

Request headers

Referer: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:35:25 GMT
content-encoding: gzip
last-modified: Wed, 01 Sep 2021 20:47:29 GMT
server: nginx/1.16.1
etag: W/"605440a6f1da03ee6c7a85ebb9d7ba51"
x-cache-status: HIT
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000

GET
H3-29 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame C364 1 KB
749 B 7ms
6ms Document
text/html 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com
URL: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: pagead2.googlesyndication.com
:scheme: https
:path: /pagead/s/cookie_push_onload.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Fri, 03 Sep 2021 12:12:35 GMT
expires: Sat, 04 Sep 2021 12:12:35 GMT
content-type: text/html; charset=UTF-8
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
age: 58970
cache-control: public, max-age=86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame 2763 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 539aeffc528b97c89410e67270a20b66a3588aa09af5343cfbafd2603d6ef0c9

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-29 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 3061 41 KB
15 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com
URL: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 03 Sep 2021 12:28:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 58014
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 03 Sep 2022 12:28:31 GMT

GET
H3-29 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 4B65 1 KB
749 B 6ms
5ms Document
text/html 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com
URL: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: pagead2.googlesyndication.com
:scheme: https
:path: /pagead/s/cookie_push_onload.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Fri, 03 Sep 2021 12:12:35 GMT
expires: Sat, 04 Sep 2021 12:12:35 GMT
content-type: text/html; charset=UTF-8
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
age: 58970
cache-control: public, max-age=86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame 3061 217 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 93c5f78f90ea98ed7d89c9bd1c46c5c91970b3fc443e91e177e31a0380466ec6

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-29 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame A514 41 KB
15 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com
URL: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 03 Sep 2021 12:28:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 58014
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 03 Sep 2022 12:28:31 GMT

GET
H2 200 main.gr.19.8.242.js Show response
static.adsafeprotected.com/ Frame A514 187 KB
59 KB 155ms
122ms Script
application/javascript 52.209.62.127
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/main.gr.19.8.242.js
Requested by: Host: pixel.adsafeprotected.com
URL: https://pixel.adsafeprotected.com/jload?anId=930701&advId=5673933&campId=34339388&pubId=1&placementId=322571529&adsafe_par&bundleId=&dealId=&bidurl=https://www.123greetings.com/events/dance_day/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.209.62.127 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-209-62-127.eu-west-1.compute.amazonaws.com
Software: nginx/1.16.1 /
Resource Hash: 5e9dc26b28d8f13a4129556d996723b6478e4c42120ac19d60f7fc7b4357750e

Request headers

Referer: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:35:25 GMT
content-encoding: gzip
last-modified: Wed, 01 Sep 2021 20:47:29 GMT
server: nginx/1.16.1
age: 1
etag: W/"605440a6f1da03ee6c7a85ebb9d7ba51"
x-cache-status: HIT
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000

GET
H3-29 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 41B5 1 KB
749 B 6ms
6ms Document
text/html 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com
URL: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: pagead2.googlesyndication.com
:scheme: https
:path: /pagead/s/cookie_push_onload.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Fri, 03 Sep 2021 12:12:35 GMT
expires: Sat, 04 Sep 2021 12:12:35 GMT
content-type: text/html; charset=UTF-8
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
age: 58970
cache-control: public, max-age=86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame A514 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 96b0532b6de53d06fc84412562cb873286050276f594e9a86a855dc0c9245216

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-29 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame A9A0 41 KB
15 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com
URL: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 03 Sep 2021 12:28:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 58014
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 03 Sep 2022 12:28:31 GMT

GET
H3-29 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 3A81 1 KB
749 B 6ms
6ms Document
text/html 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com
URL: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: pagead2.googlesyndication.com
:scheme: https
:path: /pagead/s/cookie_push_onload.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Fri, 03 Sep 2021 12:12:35 GMT
expires: Sat, 04 Sep 2021 12:12:35 GMT
content-type: text/html; charset=UTF-8
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
age: 58970
cache-control: public, max-age=86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame A9A0 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 89e92951df35fe298a4b3fac2b9286a7af4e6c1bf3dad9e3c390bf38d73d9bff

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-29 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 8759 41 KB
15 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com
URL: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 03 Sep 2021 12:28:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 58014
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 03 Sep 2022 12:28:31 GMT

GET
H3-29 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame B4B0 1 KB
749 B 6ms
6ms Document
text/html 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com
URL: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: pagead2.googlesyndication.com
:scheme: https
:path: /pagead/s/cookie_push_onload.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Fri, 03 Sep 2021 12:12:35 GMT
expires: Sat, 04 Sep 2021 12:12:35 GMT
content-type: text/html; charset=UTF-8
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
age: 58970
cache-control: public, max-age=86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame 8759 217 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f2a7414e16730826045fb64c49cb3ba6f22e90f1058737c65e4930e386aa75de

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-29 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame E064 22 KB
8 KB 6ms
6ms Document
text/html 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/Enqz_20U.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 8395
date: Wed, 01 Sep 2021 05:13:41 GMT
expires: Thu, 01 Sep 2022 05:13:41 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 256904
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/224/ Frame 7BCA 12 KB
5 KB 6ms
6ms Document
text/html 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/224/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.123greetings.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://www.123greetings.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 5029
date: Fri, 03 Sep 2021 16:41:00 GMT
expires: Sat, 03 Sep 2022 16:41:00 GMT
last-modified: Wed, 02 Jun 2021 17:09:45 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 42865
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 36AF 783 B
531 B 16ms
16ms Document
text/html 2a00:1450:4001:831::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

b4a7a5af4f593de120b7a26e2411b94d8f86980b32fd4d254f57b099edae04c0

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-hR/eo3FHgNQ/NfhRInKkCA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /recaptcha/api2/aframe
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.123greetings.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://www.123greetings.com/

Response headers

expires: Sat, 04 Sep 2021 04:35:25 GMT
date: Sat, 04 Sep 2021 04:35:25 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-hR/eo3FHgNQ/NfhRInKkCA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 512
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 0356 22 KB
8 KB 7ms
6ms Document
text/html 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/Enqz_20U.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 8395
date: Wed, 01 Sep 2021 05:13:41 GMT
expires: Thu, 01 Sep 2022 05:13:41 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 256904
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 7733 22 KB
8 KB 6ms
6ms Document
text/html 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/Enqz_20U.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 8395
date: Wed, 01 Sep 2021 05:13:41 GMT
expires: Thu, 01 Sep 2022 05:13:41 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 256904
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame E22D 22 KB
8 KB 6ms
6ms Document
text/html 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/Enqz_20U.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 8395
date: Wed, 01 Sep 2021 05:13:41 GMT
expires: Thu, 01 Sep 2022 05:13:41 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 256904
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 3BA4 22 KB
8 KB 6ms
6ms Document
text/html 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/Enqz_20U.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 8395
date: Wed, 01 Sep 2021 05:13:41 GMT
expires: Thu, 01 Sep 2022 05:13:41 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 256904
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 DcmEnabler_01_245.js Show response
s0.2mdn.net/879366/ Frame 5676 28 KB
10 KB 8ms
6ms Script
text/javascript 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/DcmEnabler_01_245.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/9506911/1604308179092/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

18c864956bf2492c5c86e79b0fec65f0ecbb4b02bfdcfe854b2c5501857fecdb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/9506911/1604308179092/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 03 Sep 2021 19:16:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 33546
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10285
x-xss-protection: 0
last-modified: Wed, 14 Oct 2020 19:32:53 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 04 Sep 2021 19:16:19 GMT

GET
H3-29 200 Enabler_01_246.js Show response
s0.2mdn.net/879366/ Frame F306 116 KB
39 KB 8ms
6ms Script
text/javascript 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_246.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61380784/20210806085505080/index.html?e=69&leftOffset=0&topOffset=0&c=32X825vgkC&t=1&renderingType=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b64291fc91dc77833930ffcead244193c5cfd9e882af312ecc89b580160c22a1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61380784/20210806085505080/index.html?e=69&leftOffset=0&topOffset=0&c=32X825vgkC&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 03 Sep 2021 04:50:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 85475
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 40237
x-xss-protection: 0
last-modified: Wed, 30 Jun 2021 20:54:51 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 04 Sep 2021 04:50:50 GMT

GET
H3-29 200 createjs_2019.11.15_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame F306 236 KB
63 KB 19ms
17ms Script
text/javascript 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/createjs_2019.11.15_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61380784/20210806085505080/index.html?e=69&leftOffset=0&topOffset=0&c=32X825vgkC&t=1&renderingType=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bc12347103da4da2ac30f8b4defd567679284e0bad691a54fad78ad804fc9c27

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61380784/20210806085505080/index.html?e=69&leftOffset=0&topOffset=0&c=32X825vgkC&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:35:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 64275
x-xss-protection: 0
last-modified: Fri, 15 Nov 2019 19:16:20 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 04 Sep 2021 04:35:25 GMT

GET
H3-29 200 vF300x250_SWISS.js Show response
s0.2mdn.net/ads/richmedia/studio/pv2/61380784/20210806085505080/ Frame F306 52 KB
36 KB 9ms
7ms Script
text/javascript 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/richmedia/studio/pv2/61380784/20210806085505080/vF300x250_SWISS.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61380784/20210806085505080/index.html?e=69&leftOffset=0&topOffset=0&c=32X825vgkC&t=1&renderingType=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9822ecfb3c91c2ac91b40bae8674875ca2e35d29892fc100ccc6d34fe3d6c961

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61380784/20210806085505080/index.html?e=69&leftOffset=0&topOffset=0&c=32X825vgkC&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 03 Sep 2021 13:29:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 54330
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37266
x-xss-protection: 0
last-modified: Fri, 06 Aug 2021 15:55:05 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 04 Sep 2021 13:29:55 GMT

GET
H3-29 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 512A 22 KB
8 KB 6ms
6ms Document
text/html 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/Enqz_20U.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 8395
date: Wed, 01 Sep 2021 05:13:41 GMT
expires: Thu, 01 Sep 2022 05:13:41 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 256904
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 Enabler_01_246.js Show response
s0.2mdn.net/879366/ Frame 58B1 116 KB
39 KB 8ms
5ms Script
text/javascript 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_246.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61380784/20210806085505080/index.html?e=69&leftOffset=0&topOffset=0&c=gAFXV1gCGD&t=1&renderingType=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b64291fc91dc77833930ffcead244193c5cfd9e882af312ecc89b580160c22a1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61380784/20210806085505080/index.html?e=69&leftOffset=0&topOffset=0&c=gAFXV1gCGD&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 03 Sep 2021 04:50:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 85475
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 40237
x-xss-protection: 0
last-modified: Wed, 30 Jun 2021 20:54:51 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 04 Sep 2021 04:50:50 GMT

GET
H3-29 200 createjs_2019.11.15_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame 58B1 236 KB
63 KB 14ms
13ms Script
text/javascript 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/createjs_2019.11.15_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61380784/20210806085505080/index.html?e=69&leftOffset=0&topOffset=0&c=gAFXV1gCGD&t=1&renderingType=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bc12347103da4da2ac30f8b4defd567679284e0bad691a54fad78ad804fc9c27

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61380784/20210806085505080/index.html?e=69&leftOffset=0&topOffset=0&c=gAFXV1gCGD&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:35:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 64275
x-xss-protection: 0
last-modified: Fri, 15 Nov 2019 19:16:20 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 04 Sep 2021 04:35:25 GMT

GET
H3-29 200 vF300x250_SWISS.js Show response
s0.2mdn.net/ads/richmedia/studio/pv2/61380784/20210806085505080/ Frame 58B1 52 KB
36 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/richmedia/studio/pv2/61380784/20210806085505080/vF300x250_SWISS.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61380784/20210806085505080/index.html?e=69&leftOffset=0&topOffset=0&c=gAFXV1gCGD&t=1&renderingType=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9822ecfb3c91c2ac91b40bae8674875ca2e35d29892fc100ccc6d34fe3d6c961

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61380784/20210806085505080/index.html?e=69&leftOffset=0&topOffset=0&c=gAFXV1gCGD&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 03 Sep 2021 13:29:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 54330
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37266
x-xss-protection: 0
last-modified: Fri, 06 Aug 2021 15:55:05 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 04 Sep 2021 13:29:55 GMT

GET
H2 200 sca.17.5.12.js Show response
static.adsafeprotected.com/ Frame EDC4 80 KB
21 KB 43ms
41ms Script
application/javascript 52.209.62.127
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/sca.17.5.12.js
Requested by: Host: a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com
URL: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.209.62.127 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-209-62-127.eu-west-1.compute.amazonaws.com
Software: nginx/1.16.1 /
Resource Hash: 233bc983d773cb9a38ca251753bd43f9a2288279fab44598b49c433b32f6d285

Request headers

Referer: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:35:25 GMT
content-encoding: gzip
last-modified: Thu, 19 Aug 2021 16:31:24 GMT
server: nginx/1.16.1
age: 1110603
etag: W/"9304f57298c3834ff107ea7ccb547996"
x-cache-status: HIT
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000

GET
H2 200 mon
pixel.adsafeprotected.com/ Frame 2763 43 B
216 B 57ms
56ms Image
image/gif 54.154.149.33
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.adsafeprotected.com/mon?anId=930701&advId=5673933&campId=34339388&pubId=1&placementId=322571529&adsafe_par&bundleId=&dealId=&bidurl=https://www.123greetings.com/events/dance_day/&adsafe_url=https%3A%2F%2Fwww.123greetings.com%2F&adsafe_type=e&adsafe_url=https%3A%2F%2Fa20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com%2F&adsafe_type=f&adsafe_url=https%3A%2F%2Fa20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-38%2Fhtml%2Fcontainer.html&adsafe_type=d&adsafe_jsinfo=,id:f9ee2c03-693f-5721-687b-3aed9d6583ce,c:ndLK3D,sl:na,em:true,fr:false,thd:1,mn:app20ie,pt:1-5-15,br:u,abv:na,an:n,oam:0,scm:publ1.grpm1,nbld:0,mtim:305,fm:sI0Vq0u+11%7C12%7C13%7C14%7C15%7C161%7C162%7C163%7C164%7C17*.930701%7C171%7C172%7C173%7C174%7C181%7C182%7C183%7C184%7C191%7C192%7C193%7C194%7C1a1%7C1a2%7C1a3%7C1a4%7C1b%7C1c1%7C1c2%7C1c3%7C1c4%7C1d1%7C1e1%7C1f%7C1g,idMap:17*,rp:s,pl:,rmeas:1,rend:1,renddet:DIV.qs.sn,es:0,sc:1,ha:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,gm:1,tt:jload,et:340,oid:85f78284-0d39-11ec-a9a2-02467abe7cd0,v:19.8.242,sp:1,st:0,fwm:0,wr:1600.1200,sr:1600.1200,ov:0
Requested by: Host: a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com
URL: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.154.149.33 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-154-149-33.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:35:26 GMT
x-server-name: app14.ie.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H3-29 200 DcmEnabler_01_245.js Show response
s0.2mdn.net/879366/ Frame 2BCC 28 KB
10 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/DcmEnabler_01_245.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/9506911/1609938295867/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

18c864956bf2492c5c86e79b0fec65f0ecbb4b02bfdcfe854b2c5501857fecdb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/9506911/1609938295867/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 03 Sep 2021 19:16:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 33547
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10285
x-xss-protection: 0
last-modified: Wed, 14 Oct 2020 19:32:53 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 04 Sep 2021 19:16:19 GMT

GET
H3-29 200 DcmEnabler_01_245.js Show response
s0.2mdn.net/879366/ Frame 45A8 28 KB
10 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/DcmEnabler_01_245.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/9506911/1609938295867/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

18c864956bf2492c5c86e79b0fec65f0ecbb4b02bfdcfe854b2c5501857fecdb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/9506911/1609938295867/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 03 Sep 2021 19:16:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 33547
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10285
x-xss-protection: 0
last-modified: Wed, 14 Oct 2020 19:32:53 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 04 Sep 2021 19:16:19 GMT

GET
H2 200 sca.17.5.12.js Show response
static.adsafeprotected.com/ Frame 2A4C 80 KB
21 KB 42ms
41ms Script
application/javascript 52.209.62.127
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/sca.17.5.12.js
Requested by: Host: a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com
URL: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.209.62.127 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-209-62-127.eu-west-1.compute.amazonaws.com
Software: nginx/1.16.1 /
Resource Hash: 233bc983d773cb9a38ca251753bd43f9a2288279fab44598b49c433b32f6d285

Request headers

Referer: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:35:26 GMT
content-encoding: gzip
last-modified: Thu, 19 Aug 2021 16:31:24 GMT
server: nginx/1.16.1
age: 1111073
etag: W/"9304f57298c3834ff107ea7ccb547996"
x-cache-status: HIT
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000

GET
H2 200 mon
pixel.adsafeprotected.com/ Frame A514 43 B
216 B 54ms
54ms Image
image/gif 54.154.149.33
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.adsafeprotected.com/mon?anId=930701&advId=5673933&campId=34339388&pubId=1&placementId=322571529&adsafe_par&bundleId=&dealId=&bidurl=https://www.123greetings.com/events/dance_day/&adsafe_url=https%3A%2F%2Fwww.123greetings.com%2F&adsafe_type=e&adsafe_url=https%3A%2F%2Fa20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com%2F&adsafe_type=f&adsafe_url=https%3A%2F%2Fa20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-38%2Fhtml%2Fcontainer.html&adsafe_type=d&adsafe_jsinfo=,id:57defb38-59ad-2db2-7936-8259127130e3,c:ndLK4E,sl:na,em:true,fr:false,thd:1,mn:app07ie,pt:1-5-15,br:u,abv:na,an:n,oam:0,scm:publ1.grpm1,nbld:0,mtim:328,fm:sI0Vq1u+11%7C12%7C13%7C14%7C15%7C161%7C162%7C163%7C164%7C171%7C172%7C173%7C174%7C175%7C18*.930701%7C181%7C182%7C183%7C184%7C191%7C192%7C193%7C194%7C1a1%7C1a2%7C1a3%7C1a4%7C1b%7C1c1%7C1c2%7C1c3%7C1c4%7C1d1%7C1e1%7C1f%7C1g,idMap:18*,rp:s,pl:,rmeas:1,rend:1,renddet:DIV.qs.sn,es:0,sc:1,ha:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,gm:1,tt:jload,et:340,oid:85f781df-0d39-11ec-b818-06aaa1ae1a14,v:19.8.242,sp:1,st:0,fwm:0,wr:1600.1200,sr:1600.1200,ov:0
Requested by: Host: a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com
URL: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.154.149.33 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-154-149-33.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:35:26 GMT
x-server-name: app07.ie.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H3-29 200 DcmEnabler_01_245.js Show response
s0.2mdn.net/879366/ Frame 1AB1 28 KB
10 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/DcmEnabler_01_245.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/9506911/1609938328780/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

18c864956bf2492c5c86e79b0fec65f0ecbb4b02bfdcfe854b2c5501857fecdb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/9506911/1609938328780/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 03 Sep 2021 19:16:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 33547
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10285
x-xss-protection: 0
last-modified: Wed, 14 Oct 2020 19:32:53 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 04 Sep 2021 19:16:19 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 2C47
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=4&google_gid=CAESEO8BKrxl03-Wn0koSAR1YLk&google_cver=1&google_push=AYg5qPLCBsbsPlzQEZ7nlZRaevhpnl1JAmzvdhRAm4Glm6OzUxjiBJhnScffScfRndwzwXbgm3sZwo5ZbKQ58Yw2...
https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=AYg5qPLCBsbsPlzQEZ7nlZRaevhpnl1JAmzvdhRAm4Glm6OzUxjiBJhnScffScfRndwzwXbgm3sZwo5ZbKQ58Yw26bRgEvCBkyDY

170 B
188 B

33ms
33ms

Image
image/png

172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=AYg5qPLCBsbsPlzQEZ7nlZRaevhpnl1JAmzvdhRAm4Glm6OzUxjiBJhnScffScfRndwzwXbgm3sZwo5ZbKQ58Yw26bRgEvCBkyDY

Requested by

Host: a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com
URL: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:35:26 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Sat, 04 Sep 2021 04:35:26 GMT
Server: MT3 3905 f19d76c master cdg-pixel-x31
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=AYg5qPLCBsbsPlzQEZ7nlZRaevhpnl1JAmzvdhRAm4Glm6OzUxjiBJhnScffScfRndwzwXbgm3sZwo5ZbKQ58Yw26bRgEvCBkyDY
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Sat, 04 Sep 2021 04:35:25 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 2C47
Redirect Chain

https://ads.travelaudience.com/google_pixel?google_gid=CAESEAfjEpZkd20_FaarHg3XmSE&google_cver=1&google_push=AYg5qPLxwTdCjwQ4Lar2AwDPDdwx0KeL-WWw9V9WvyNp1iKbn2I_2JhfRbNwzbOKG0vg_kjaeh-5jMWOjGARmq8C...
https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=ks8GxOxITkylTqAjuhHoew2&google_push=AYg5qPLxwTdCjwQ4Lar2AwDPDdwx0KeL-WWw9V9WvyNp1iKbn2I_2JhfRbNwzbOKG0vg_kjaeh-5jMWOjGARmq8CTwj7Xns1VnM

170 B
188 B

32ms
32ms

Image
image/png

172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=ks8GxOxITkylTqAjuhHoew2&google_push=AYg5qPLxwTdCjwQ4Lar2AwDPDdwx0KeL-WWw9V9WvyNp1iKbn2I_2JhfRbNwzbOKG0vg_kjaeh-5jMWOjGARmq8CTwj7Xns1VnM

Requested by

Host: a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com
URL: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:35:26 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Sat, 04 Sep 2021 04:35:26 GMT
via: 1.1 google
x-engine-version: 0.0.0
server: nginx/1.15.12
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR LAW CUR DEV PSA PSD IVA OUR BUS UNI COM NAV INT CNT LOC"
location: https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=ks8GxOxITkylTqAjuhHoew2&google_push=AYg5qPLxwTdCjwQ4Lar2AwDPDdwx0KeL-WWw9V9WvyNp1iKbn2I_2JhfRbNwzbOKG0vg_kjaeh-5jMWOjGARmq8CTwj7Xns1VnM
x-host: tde-deliveryengine-production-558f8dfd5f-k7v8j
alt-svc: clear
content-length: 0

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 2C47
Redirect Chain

https://tracking.m6r.eu/sync/adxRedirect?gdprFallback=true&google_gid=&google_gid=CAESENPziV1IUpyYAq69-5etqaI&google_cver=1&google_push=AYg5qPKQu2uiZnRL-5fCOyg2H4GQiSkLwD2x0UDIZB1qmkLGo2drmxu1FiXbE...
https://tracking.m6r.eu/sync/adxRedirect?gdprFallback=true&google_gid=&google_gid=CAESENPziV1IUpyYAq69-5etqaI&google_cver=1&google_push=AYg5qPKQu2uiZnRL-5fCOyg2H4GQiSkLwD2x0UDIZB1qmkLGo2drmxu1FiXbE...
https://cm.g.doubleclick.net/pixel?google_nid=m6r&google_ula=158217889&google_hm=ifj3HiS2M5MFU4R-BvfngA&google_push=AYg5qPKQu2uiZnRL-5fCOyg2H4GQiSkLwD2x0UDIZB1qmkLGo2drmxu1FiXbEno_5aB__h1X_RTHumcCC...

170 B
188 B

35ms
33ms

Image
image/png

172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=m6r&google_ula=158217889&google_hm=ifj3HiS2M5MFU4R-BvfngA&google_push=AYg5qPKQu2uiZnRL-5fCOyg2H4GQiSkLwD2x0UDIZB1qmkLGo2drmxu1FiXbEno_5aB__h1X_RTHumcCCMo5Qg4x3cJM-6vGqU8

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:35:26 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Sat, 04 Sep 2021 04:35:26 GMT
Server: nginx
Vary: Accept
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=m6r&google_ula=158217889&google_hm=ifj3HiS2M5MFU4R-BvfngA&google_push=AYg5qPKQu2uiZnRL-5fCOyg2H4GQiSkLwD2x0UDIZB1qmkLGo2drmxu1FiXbEno_5aB__h1X_RTHumcCCMo5Qg4x3cJM-6vGqU8
Connection: close
Content-Type: text/plain; charset=utf-8
Content-Length: 237

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 2C47
Redirect Chain

https://sync3.sniperlog.ru/?src=ggl_nga&google_gid=CAESEE3z55D7UUEbkOtBRUaRLu8&google_cver=1&google_push=AYg5qPLDqaeWI_t2dDDaBVrVeaRqps5KAHP1paSds948m6kGUQS5EDVZOIUHh1OwjnOd0Os1f4lWziXe08Vlzvz17M6t...
https://sync.bumlam.com/?src=ggl_nga&google_gid=CAESEE3z55D7UUEbkOtBRUaRLu8&google_cver=1&google_push=AYg5qPLDqaeWI_t2dDDaBVrVeaRqps5KAHP1paSds948m6kGUQS5EDVZOIUHh1OwjnOd0Os1f4lWziXe08Vlzvz17M6tCSR...
https://cm.g.doubleclick.net/pixel?google_nid=adsniperru&google_push=AYg5qPLDqaeWI_t2dDDaBVrVeaRqps5KAHP1paSds948m6kGUQS5EDVZOIUHh1OwjnOd0Os1f4lWziXe08Vlzvz17M6tCSRpId6v

170 B
188 B

32ms
32ms

Image
image/png

172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=adsniperru&google_push=AYg5qPLDqaeWI_t2dDDaBVrVeaRqps5KAHP1paSds948m6kGUQS5EDVZOIUHh1OwjnOd0Os1f4lWziXe08Vlzvz17M6tCSRpId6v

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:35:26 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Sat, 04 Sep 2021 04:35:26 GMT
Server: nginx
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=adsniperru&google_push=AYg5qPLDqaeWI_t2dDDaBVrVeaRqps5KAHP1paSds948m6kGUQS5EDVZOIUHh1OwjnOd0Os1f4lWziXe08Vlzvz17M6tCSRpId6v
Cache-Control: no-cache, must-revalidate, post-check=0, pre-check=0, no-cache=Set-Cookie, max-age=0, proxy-revalidate, s-maxage=0
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 2C47
Redirect Chain

https://sync.srv.stackadapt.com/sync?nid=154&google_gid=CAESEJ3v_EmCy6Wv-ayI3BwerZY&google_cver=1&google_push=AYg5qPKsl_qWIdBDV-QbEAw9RQqAGdH6BE9dzR9dn14se8R2l-YA6sKhdXx7tsh6Q3JAT9s7g4KPtMg2WpPtXrV...
https://cm.g.doubleclick.net/pixel?google_nid=stackadapt_usd&google_hm=M3ebFia_QSZ6REiEfmkJrbnsyeM&google_push=AYg5qPKsl_qWIdBDV-QbEAw9RQqAGdH6BE9dzR9dn14se8R2l-YA6sKhdXx7tsh6Q3JAT9s7g4KPtMg2WpPtXr...

170 B
188 B

35ms
32ms

Image
image/png

172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=stackadapt_usd&google_hm=M3ebFia_QSZ6REiEfmkJrbnsyeM&google_push=AYg5qPKsl_qWIdBDV-QbEAw9RQqAGdH6BE9dzR9dn14se8R2l-YA6sKhdXx7tsh6Q3JAT9s7g4KPtMg2WpPtXrVSBbZY5LjOEMeq

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:35:26 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=stackadapt_usd&google_hm=M3ebFia_QSZ6REiEfmkJrbnsyeM&google_push=AYg5qPKsl_qWIdBDV-QbEAw9RQqAGdH6BE9dzR9dn14se8R2l-YA6sKhdXx7tsh6Q3JAT9s7g4KPtMg2WpPtXrVSBbZY5LjOEMeq
Date: Sat, 04 Sep 2021 04:35:26 GMT
Connection: keep-alive
Content-Length: 242
Content-Type: text/html; charset=utf-8

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 2C47
Redirect Chain

https://sync.go.sonobi.com/us?loc=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dsonobi%26google_push%3DAYg5qPKHs4aWAXp3glvTmz3ew7hYU6HyftfOUPTsX8KSgXZHjdV_3qzMy5g2E9S8gZOa9ml0VGdr5g-v3n...
https://cm.g.doubleclick.net/pixel?google_nid=sonobi&google_push=AYg5qPKHs4aWAXp3glvTmz3ew7hYU6HyftfOUPTsX8KSgXZHjdV_3qzMy5g2E9S8gZOa9ml0VGdr5g-v3n3J_IQjZt172Cxagx5-&google_hm=08f3b2f0-8a20-420a-b0...

170 B
188 B

32ms
32ms

Image
image/png

172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=sonobi&google_push=AYg5qPKHs4aWAXp3glvTmz3ew7hYU6HyftfOUPTsX8KSgXZHjdV_3qzMy5g2E9S8gZOa9ml0VGdr5g-v3n3J_IQjZt172Cxagx5-&google_hm=08f3b2f0-8a20-420a-b054-7c9fc4ae6496

Requested by

Host: a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com
URL: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:35:26 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Sat, 04 Sep 2021 04:35:26 GMT
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: xcp-ams-1-7-9
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Location: https://cm.g.doubleclick.net/pixel?google_nid=sonobi&google_push=AYg5qPKHs4aWAXp3glvTmz3ew7hYU6HyftfOUPTsX8KSgXZHjdV_3qzMy5g2E9S8gZOa9ml0VGdr5g-v3n3J_IQjZt172Cxagx5-&google_hm=08f3b2f0-8a20-420a-b054-7c9fc4ae6496
Cache-Control: no-cache, no-store, private
Tcn: Choice
Content-Type: text/plain; charset=utf8
Content-Length: 0
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 2C47
Redirect Chain

https://cs.media.net/cksync?type=g&google_gid=CAESEJe_lTM00lHkVwCm9BFVg0c&google_cver=1&google_push=AYg5qPIBujeaW8qLvjOcCHu1N7dtE9-3bZ8JlGL_lRoonHbj8ByZ8GWd-Qc4ABVl0bi1EIGGBU11sHD-ilqQpBws-tn_08U_Y0GI
https://cm.g.doubleclick.net/pixel?google_nid=media&google_hm=MjczNzMxNzI2MDMxMzk5ODAwMFYxMA%3d%3d&mn_hm=MjczNzMxNzI2MDMxMzk5ODAwMFYxMA%3d%3d&google_sc=1&google_push=AYg5qPIBujeaW8qLvjOcCHu1N7dtE9-...

170 B
188 B

33ms
32ms

Image
image/png

172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=media&google_hm=MjczNzMxNzI2MDMxMzk5ODAwMFYxMA%3d%3d&mn_hm=MjczNzMxNzI2MDMxMzk5ODAwMFYxMA%3d%3d&google_sc=1&google_push=AYg5qPIBujeaW8qLvjOcCHu1N7dtE9-3bZ8JlGL_lRoonHbj8ByZ8GWd-Qc4ABVl0bi1EIGGBU11sHD-ilqQpBws-tn_08U_Y0GI&gdpr=&gdpr_consent=

Requested by

Host: a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com
URL: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:35:26 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Sat, 04 Sep 2021 04:35:26 GMT
Server: Apache
P3P: CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA, CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
Location: https://cm.g.doubleclick.net/pixel?google_nid=media&google_hm=MjczNzMxNzI2MDMxMzk5ODAwMFYxMA%3d%3d&mn_hm=MjczNzMxNzI2MDMxMzk5ODAwMFYxMA%3d%3d&google_sc=1&google_push=AYg5qPIBujeaW8qLvjOcCHu1N7dtE9-3bZ8JlGL_lRoonHbj8ByZ8GWd-Qc4ABVl0bi1EIGGBU11sHD-ilqQpBws-tn_08U_Y0GI&gdpr=&gdpr_consent=
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: text/html
Content-Length: 154
X-MNET-HL2: E
Expires: Sat, 04 Sep 2021 04:35:26 GMT

GET
H3-29 204 attr
cm.g.doubleclick.net/pixel/ Frame 2C47 0
12 B 30ms
30ms Image
text/html 172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13I53rNi6wed0yy4o91bgYQU0U-p47I3g1wzCwjzReCBVrHCEHY-k1mqMPk4nUUzKkt0DFDC

Requested by

Host: a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com
URL: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:35:26 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3-29 200 CoopCondBd.woff
s0.2mdn.net/9506911/1604308179092/ Frame 5676 29 KB
29 KB 7ms
6ms Font
font/woff 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/9506911/1604308179092/CoopCondBd.woff

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/9506911/1604308179092/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

63b176462a62d19e5a2af4cc0a845119d0389aae23ef15decd83efd182c91c40

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://s0.2mdn.net
Referer: https://s0.2mdn.net/9506911/1604308179092/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 03 Sep 2021 19:24:24 GMT
x-content-type-options: nosniff
last-modified: Mon, 02 Nov 2020 09:09:39 GMT
server: sffe
age: 33062
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29944
x-xss-protection: 0
expires: Sat, 04 Sep 2021 19:24:24 GMT

GET
H3-29 200 CoopBd.woff
s0.2mdn.net/9506911/1604308179092/ Frame 5676 32 KB
32 KB 7ms
7ms Font
font/woff 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/9506911/1604308179092/CoopBd.woff

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/9506911/1604308179092/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

660dafdc78011b6e915b39cbfd9546c82a36aa6c20bfc6a75e144bc700a290a8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://s0.2mdn.net
Referer: https://s0.2mdn.net/9506911/1604308179092/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 03 Sep 2021 13:33:22 GMT
x-content-type-options: nosniff
last-modified: Mon, 02 Nov 2020 09:09:39 GMT
server: sffe
age: 54124
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 32612
x-xss-protection: 0
expires: Sat, 04 Sep 2021 13:33:22 GMT

GET
H2

200

/
r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/ Frame C364
Redirect Chain

https://ad.turn.com/r/cs?pid=3&google_gid=CAESEO6TUCncnSI2yIUoP9rItQE&google_cver=1&google_push=AYg5qPK3w95MQI22FUdKUIlP8a11mFPIktvJETeYyq-A1tfTU2d88Y2Xcm2QgpAyEZMaj2vKOOvTm6n4WUJG7OSb-9BBOTxIkspp
https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=Mjc1NzAwNDUwNTY1MTE1MTY2OQ==
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?google_gid=CAESEO6TUCncnSI2yIUoP9rItQE&google_cver=1

43 B
407 B

18ms
15ms

Image
image/gif

2001:678:cb4:bbbb::11
TURN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?google_gid=CAESEO6TUCncnSI2yIUoP9rItQE&google_cver=1
Requested by: Host: a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com
URL: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2001:678:cb4:bbbb::11 , United Kingdom, ASN56396 (TURN, GB),
Reverse DNS
Software: /
Resource Hash: 48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:35:26 GMT
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-type: image/gif
content-length: 43
p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

Redirect headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:35:26 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?google_gid=CAESEO6TUCncnSI2yIUoP9rItQE&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 301
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame C364
Redirect Chain

https://pixel.everesttech.net/1/m?url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Deverest%26google_hm%3D__EFGSURFER_USB64__%26google_push%3DAYg5qPKp7mdfgiN_pMlE1PJ-1C987cN3_8P0UvjcKOW...
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WVRMM2pnQUFCZGdZTVd0cg&google_push=AYg5qPKp7mdfgiN_pMlE1PJ-1C987cN3_8P0UvjcKOW1a9GYQIwjF1TBRUZQEpwnO6BiYCwOm9H-ArtyElBoMg7leXEttLheh9m8

170 B
188 B

33ms
33ms

Image
image/png

172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WVRMM2pnQUFCZGdZTVd0cg&google_push=AYg5qPKp7mdfgiN_pMlE1PJ-1C987cN3_8P0UvjcKOW1a9GYQIwjF1TBRUZQEpwnO6BiYCwOm9H-ArtyElBoMg7leXEttLheh9m8

Requested by

Host: a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com
URL: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:35:26 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WVRMM2pnQUFCZGdZTVd0cg&google_push=AYg5qPKp7mdfgiN_pMlE1PJ-1C987cN3_8P0UvjcKOW1a9GYQIwjF1TBRUZQEpwnO6BiYCwOm9H-ArtyElBoMg7leXEttLheh9m8
Date: Sat, 04 Sep 2021 04:35:26 GMT
Server: Apache
Connection: keep-alive
Content-Length: 391
Content-Type: text/html; charset=iso-8859-1

GET
H2

200

i.match
s.tribalfusion.com/z/ Frame C364
Redirect Chain

https://a.tribalfusion.com/i.match?p=b6&u=CAESEBL_3dkX9P0q09KV0OBmimw&google_cver=1&google_push=AYg5qPJOlKBRo6Zambf8aOc4GP39c_Exo6B3qQRqptUCUJM5HXXj4pxZuDSBN2JEb7wMHhcAjV2xXnKOIl6xQ4lNTbYWVbk97oxk&...
https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEBL_3dkX9P0q09KV0OBmimw&google_cver=1&google_push=AYg5qPJOlKBRo6Zambf8aOc4GP39c_Exo6B3qQRqptUCUJM5HXXj4pxZuDSBN2JEb7wMHhcAjV2xXnKOIl6xQ4lNTbYWVbk97ox...

43 B
421 B

167ms
166ms

Image
image/gif

2606:4700::6812:d05
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEBL_3dkX9P0q09KV0OBmimw&google_cver=1&google_push=AYg5qPJOlKBRo6Zambf8aOc4GP39c_Exo6B3qQRqptUCUJM5HXXj4pxZuDSBN2JEb7wMHhcAjV2xXnKOIl6xQ4lNTbYWVbk97oxk&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAYg5qPJOlKBRo6Zambf8aOc4GP39c_Exo6B3qQRqptUCUJM5HXXj4pxZuDSBN2JEb7wMHhcAjV2xXnKOIl6xQ4lNTbYWVbk97oxk%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
Requested by: Host: a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com
URL: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:d05 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:35:26 GMT
cf-cache-status: DYNAMIC
x-function: 302
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
cf-ray: 689482da5834dfcf-FRA
p3p: CP="NOI DEVo TAIa OUR BUS"
cache-control: no-cache, private
content-type: image/gif; charset=utf-8
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 43
expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:35:26 GMT
cf-cache-status: DYNAMIC
x-function: 206
server: cloudflare
x-reuse-index: 556
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
cf-ray: 689482d8cf43dfcf-FRA
p3p: CP="NOI DEVo TAIa OUR BUS"
location: https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEBL_3dkX9P0q09KV0OBmimw&google_cver=1&google_push=AYg5qPJOlKBRo6Zambf8aOc4GP39c_Exo6B3qQRqptUCUJM5HXXj4pxZuDSBN2JEb7wMHhcAjV2xXnKOIl6xQ4lNTbYWVbk97oxk&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAYg5qPJOlKBRo6Zambf8aOc4GP39c_Exo6B3qQRqptUCUJM5HXXj4pxZuDSBN2JEb7wMHhcAjV2xXnKOIl6xQ4lNTbYWVbk97oxk%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
cache-control: no-cache, private
content-type: text/html
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame C364
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESE...
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEFw7u5cevgI1NXoJ00p_mok&google_push=AYg5qPIpgAvTupEaVKBWPRWG7TkpmSS8JCKbfj7Xagd5Os6o-2mDhq6MOw...

170 B
188 B

33ms
32ms

Image
image/png

172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEFw7u5cevgI1NXoJ00p_mok&google_push=AYg5qPIpgAvTupEaVKBWPRWG7TkpmSS8JCKbfj7Xagd5Os6o-2mDhq6MOwfRxuNFk_Ky0V3YJTivFNhadbJYWMhlfjgfYmmUw2Sj

Requested by

Host: a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com
URL: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:35:26 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:35:26 GMT
via: 1.1 varnish
server: Jetty(9.4.35.v20201120)
x-timer: S1630730126.195418,VS0,VE92
x-served-by: cache-fra19167-FRA
x-cache: MISS
p3p: CP="NOI DSP COR LAW PSAo PSDo IVAo IVDo OUR BUS UNI DEM"
location: https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEFw7u5cevgI1NXoJ00p_mok&google_push=AYg5qPIpgAvTupEaVKBWPRWG7TkpmSS8JCKbfj7Xagd5Os6o-2mDhq6MOwfRxuNFk_Ky0V3YJTivFNhadbJYWMhlfjgfYmmUw2Sj
cache-control: no-cache
accept-ranges: bytes
access-control-allow-origin: *
content-length: 0
x-cache-hits: 0

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame C364
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=eTunpiLfRXGVli6HihW4KQ%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

34ms
33ms

Image
image/png

172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=eTunpiLfRXGVli6HihW4KQ%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPKaMgd2eLJPEl0ciFEZu2_p3JEjyctH81uG8JMl34YBVgEDNhle0u1lgX8DzpWlI7Tlgih3xYFJzpZIgImqtWpyvEHUu7xd

Requested by

Host: a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com
URL: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:35:26 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=eTunpiLfRXGVli6HihW4KQ%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPKaMgd2eLJPEl0ciFEZu2_p3JEjyctH81uG8JMl34YBVgEDNhle0u1lgX8DzpWlI7Tlgih3xYFJzpZIgImqtWpyvEHUu7xd
date: Sat, 04 Sep 2021 04:35:26 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame C364
Redirect Chain

https://s.ad.smaato.net/c/n///-?adNetInit=g&google_gid=CAESEHUFn1veoKPBU6Bd8y4dHfA&google_cver=1&google_push=AYg5qPJeP_kDguQic4UwBOGa97MVh4aT5yrnxlEHK-Av5PYzhCgXcqpiY_ZYdZAqUmxDfJLPm4M0DuO__B2GI7mh...
https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_hm=8324f8302112b5fb45b3&google_redir=https%3A%2F%2Fs.ad.smaato.net%2Fc%2F%3FadExInit%3Dg&google_push=AYg5qPJeP_kDguQic4UwBOGa97MVh4aT5yrn...

170 B
188 B

34ms
33ms

Image
image/png

172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_hm=8324f8302112b5fb45b3&google_redir=https%3A%2F%2Fs.ad.smaato.net%2Fc%2F%3FadExInit%3Dg&google_push=AYg5qPJeP_kDguQic4UwBOGa97MVh4aT5yrnxlEHK-Av5PYzhCgXcqpiY_ZYdZAqUmxDfJLPm4M0DuO__B2GI7mhMlrSMb3bV_OZ

Requested by

Host: a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com
URL: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:35:26 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Sat, 04 Sep 2021 04:35:26 GMT
via: 1.1 b3fce8903671f8346e7a6a138d2d4610.cloudfront.net (CloudFront)
server: CloudFront
x-amz-cf-pop: FRA60-P1
x-cache: Miss from cloudfront
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_hm=8324f8302112b5fb45b3&google_redir=https%3A%2F%2Fs.ad.smaato.net%2Fc%2F%3FadExInit%3Dg&google_push=AYg5qPJeP_kDguQic4UwBOGa97MVh4aT5yrnxlEHK-Av5PYzhCgXcqpiY_ZYdZAqUmxDfJLPm4M0DuO__B2GI7mhMlrSMb3bV_OZ
cache-control: no-cache, must-revalidate
content-length: 0
x-amz-cf-id: L4mg1p1F0fPhwiwm19TZfxBibQNYmXS2VztsLbgV2xZxdhurercejA==

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame C364
Redirect Chain

https://match.360yield.com/match/ebda?google_gid=CAESEKRQCgLQ3NuF1Qj2JO0yAOA&google_cver=1&google_push=AYg5qPJLkePutbfmNnu_uPqzt2vVpXahzK_84MsLOhpzg8m3jX9jEdJsVTL_hbkoekD91Vzsz4eJ9n9URFJMT3gWZlIQcy...
https://match.360yield.com/ul_cb/match/ebda?google_gid=CAESEKRQCgLQ3NuF1Qj2JO0yAOA&google_cver=1&google_push=AYg5qPJLkePutbfmNnu_uPqzt2vVpXahzK_84MsLOhpzg8m3jX9jEdJsVTL_hbkoekD91Vzsz4eJ9n9URFJMT3gW...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=LMoL9ujcQcix105V0Emgjg&google_push=AYg5qPJLkePutbfmNnu_uPqzt2vVpXahzK_84MsLOhpzg8m3jX9jEdJsVTL_hbkoekD91Vzsz4eJ9n9URFJMT3g...

170 B
188 B

34ms
34ms

Image
image/png

172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=LMoL9ujcQcix105V0Emgjg&google_push=AYg5qPJLkePutbfmNnu_uPqzt2vVpXahzK_84MsLOhpzg8m3jX9jEdJsVTL_hbkoekD91Vzsz4eJ9n9URFJMT3gWZlIQcyXBLLlq

Requested by

Host: a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com
URL: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:35:26 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=LMoL9ujcQcix105V0Emgjg&google_push=AYg5qPJLkePutbfmNnu_uPqzt2vVpXahzK_84MsLOhpzg8m3jX9jEdJsVTL_hbkoekD91Vzsz4eJ9n9URFJMT3gWZlIQcyXBLLlq
date: Sat, 04 Sep 2021 04:35:26 GMT
access-control-allow-origin: *
content-type: text/plain
content-length: 0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

GET
H3-29 204 attr
cm.g.doubleclick.net/pixel/ Frame C364 0
12 B 31ms
30ms Image
text/html 172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13IfSjR83YbNK1muq6vn2zDamvMZ8CBTFBvOj5ymfQgskG5GyyxH3QnosXWVABIUHlAnvNvm

Requested by

Host: a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com
URL: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:35:26 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 4B65
Redirect Chain

https://pm.w55c.net/ping_match.gif?ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEESLnpVbxDsYO2X-0YhHmKk&google_cve...
https://pm.w55c.net/ping_match.gif?scc=1&ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEESLnpVbxDsYO2X-0YhHmKk&goog...
https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=RThNcThzdjkxTW1ub081&google_gid=CAESEESLnpVbxDsYO2X-0YhHmKk&google_cver=1&google_push=AYg5qPJvW2oOtU0Uostcyhtsjf_3oLQPi9ysFHWV6RWyvax...

170 B
188 B

33ms
32ms

Image
image/png

172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=RThNcThzdjkxTW1ub081&google_gid=CAESEESLnpVbxDsYO2X-0YhHmKk&google_cver=1&google_push=AYg5qPJvW2oOtU0Uostcyhtsjf_3oLQPi9ysFHWV6RWyvaxBXY5rFeMAuVY9Bm2dNpGPdJcupqdRGcX1yBlLMteB5gwtRyYfEGA

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:35:26 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Sat, 04 Sep 2021 04:35:25 GMT
Server: PingMatch/v2.0.30-675-ga433434#rel-ec2-master i-01c11bd40c0af9d54@eu-central-1b@dxedge-app-eu-central-1-prod-asg
Strict-Transport-Security: max-age=2592000; includeSubDomains
P3P: policyref="https://cts.w55c.net/ct/p3p_policy_ref.xml", CP="UNI PUR COM INT STA OTC STP OUR CUR TAIo COR DSP NOI"
Location: https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=RThNcThzdjkxTW1ub081&google_gid=CAESEESLnpVbxDsYO2X-0YhHmKk&google_cver=1&google_push=AYg5qPJvW2oOtU0Uostcyhtsjf_3oLQPi9ysFHWV6RWyvaxBXY5rFeMAuVY9Bm2dNpGPdJcupqdRGcX1yBlLMteB5gwtRyYfEGA
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 4B65
Redirect Chain

https://fksnk.com/cs/google?google_gid=CAESEINrYKvbFXk2itzpJgpz6yI&google_cver=1&google_push=AYg5qPKGHW96G26t5nHwtzBg-Wm1unZ15cUUxW3P5j5vt4-KaFbn5IucfzLFVGmb_bw9AxJBGGBSYw64I--TtKHkwP2YsOVLzP8
https://cm.g.doubleclick.net/pixel?google_nid=fiksu&google_hm=NzQ0MUQyM0MwOUUyQkNFQg==

170 B
188 B

31ms
31ms

Image
image/png

172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=fiksu&google_hm=NzQ0MUQyM0MwOUUyQkNFQg==

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:35:26 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=fiksu&google_hm=NzQ0MUQyM0MwOUUyQkNFQg==
date: Sat, 04 Sep 2021 04:35:26 GMT
content-language: en-US
content-type: text/html;charset=ISO-8859-1

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 4B65
Redirect Chain

https://sync.srv.stackadapt.com/sync?nid=154&google_gid=CAESEJ3v_EmCy6Wv-ayI3BwerZY&google_cver=1&google_push=AYg5qPKgv7xShULY09VnIFvi7cBVY_eB_BBS9ffLiR6Q_6CWu-pOXrIJgcZkiz90vYPIGCsJZVE0M3Zz6_e7kef...
https://cm.g.doubleclick.net/pixel?google_nid=stackadapt_usd&google_hm=URUCmwD-TZBBQG5LXfRidbnsyeM&google_push=AYg5qPKgv7xShULY09VnIFvi7cBVY_eB_BBS9ffLiR6Q_6CWu-pOXrIJgcZkiz90vYPIGCsJZVE0M3Zz6_e7ke...

170 B
188 B

32ms
32ms

Image
image/png

172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=stackadapt_usd&google_hm=URUCmwD-TZBBQG5LXfRidbnsyeM&google_push=AYg5qPKgv7xShULY09VnIFvi7cBVY_eB_BBS9ffLiR6Q_6CWu-pOXrIJgcZkiz90vYPIGCsJZVE0M3Zz6_e7kefCgCHOsu4V3Zs

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:35:26 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=stackadapt_usd&google_hm=URUCmwD-TZBBQG5LXfRidbnsyeM&google_push=AYg5qPKgv7xShULY09VnIFvi7cBVY_eB_BBS9ffLiR6Q_6CWu-pOXrIJgcZkiz90vYPIGCsJZVE0M3Zz6_e7kefCgCHOsu4V3Zs
Date: Sat, 04 Sep 2021 04:35:26 GMT
Connection: keep-alive
Content-Length: 241
Content-Type: text/html; charset=utf-8

GET

pixel
cm.g.doubleclick.net/ Frame 4B65
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEFNRz_XN4LLLZ9_jwYoIiSE&google_cver=1&googl...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTL3jXnrA8PqVqdAMk99hwAABKwAAAIB&google_push=AYg5qPIQs3pxPjc1qfQIDEo5wmznE6BkgWELA0BnkIfm6KARTAmRXjhbmAkMymHZKS7aEaguq0wsav6q89YT001J5c...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTL3jXnrA8PqVqdAMk99hwAABKwAAAIB&google_push=AYg5qPIQs3pxPjc1qfQIDEo5wmznE6BkgWELA0BnkIfm6KARTAmRXjhbmAkMymHZKS7aEaguq0wsav6q89YT001J5c...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTL3jXnrA8PqVqdAMk99hwAABKwAAAIB&google_push=AYg5qPIQs3pxPjc1qfQIDEo5wmznE6BkgWELA0BnkIfm6KARTAmRXjhbmAkMymHZKS7aEaguq0wsav6q89YT001J5c...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTL3jXnrA8PqVqdAMk99hwAABKwAAAIB&google_push=AYg5qPIQs3pxPjc1qfQIDEo5wmznE6BkgWELA0BnkIfm6KARTAmRXjhbmAkMymHZKS7aEaguq0wsav6q89YT001J5c...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTL3jXnrA8PqVqdAMk99hwAABKwAAAIB&google_push=AYg5qPIQs3pxPjc1qfQIDEo5wmznE6BkgWELA0BnkIfm6KARTAmRXjhbmAkMymHZKS7aEaguq0wsav6q89YT001J5c...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTL3jXnrA8PqVqdAMk99hwAABKwAAAIB&google_push=AYg5qPIQs3pxPjc1qfQIDEo5wmznE6BkgWELA0BnkIfm6KARTAmRXjhbmAkMymHZKS7aEaguq0wsav6q89YT001J5c...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTL3jXnrA8PqVqdAMk99hwAABKwAAAIB&google_push=AYg5qPIQs3pxPjc1qfQIDEo5wmznE6BkgWELA0BnkIfm6KARTAmRXjhbmAkMymHZKS7aEaguq0wsav6q89YT001J5c...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTL3jXnrA8PqVqdAMk99hwAABKwAAAIB&google_push=AYg5qPIQs3pxPjc1qfQIDEo5wmznE6BkgWELA0BnkIfm6KARTAmRXjhbmAkMymHZKS7aEaguq0wsav6q89YT001J5c...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTL3jXnrA8PqVqdAMk99hwAABKwAAAIB&google_push=AYg5qPIQs3pxPjc1qfQIDEo5wmznE6BkgWELA0BnkIfm6KARTAmRXjhbmAkMymHZKS7aEaguq0wsav6q89YT001J5c...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTL3jXnrA8PqVqdAMk99hwAABKwAAAIB&google_push=AYg5qPIQs3pxPjc1qfQIDEo5wmznE6BkgWELA0BnkIfm6KARTAmRXjhbmAkMymHZKS7aEaguq0wsav6q89YT001J5c...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTL3jXnrA8PqVqdAMk99hwAABKwAAAIB&google_push=AYg5qPIQs3pxPjc1qfQIDEo5wmznE6BkgWELA0BnkIfm6KARTAmRXjhbmAkMymHZKS7aEaguq0wsav6q89YT001J5c...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTL3jXnrA8PqVqdAMk99hwAABKwAAAIB&google_push=AYg5qPIQs3pxPjc1qfQIDEo5wmznE6BkgWELA0BnkIfm6KARTAmRXjhbmAkMymHZKS7aEaguq0wsav6q89YT001J5c...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTL3jXnrA8PqVqdAMk99hwAABKwAAAIB&google_push=AYg5qPIQs3pxPjc1qfQIDEo5wmznE6BkgWELA0BnkIfm6KARTAmRXjhbmAkMymHZKS7aEaguq0wsav6q89YT001J5c...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTL3jXnrA8PqVqdAMk99hwAABKwAAAIB&google_push=AYg5qPIQs3pxPjc1qfQIDEo5wmznE6BkgWELA0BnkIfm6KARTAmRXjhbmAkMymHZKS7aEaguq0wsav6q89YT001J5c...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTL3jXnrA8PqVqdAMk99hwAABKwAAAIB&google_push=AYg5qPIQs3pxPjc1qfQIDEo5wmznE6BkgWELA0BnkIfm6KARTAmRXjhbmAkMymHZKS7aEaguq0wsav6q89YT001J5c...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTL3jXnrA8PqVqdAMk99hwAABKwAAAIB&google_push=AYg5qPIQs3pxPjc1qfQIDEo5wmznE6BkgWELA0BnkIfm6KARTAmRXjhbmAkMymHZKS7aEaguq0wsav6q89YT001J5c...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTL3jXnrA8PqVqdAMk99hwAABKwAAAIB&google_push=AYg5qPIQs3pxPjc1qfQIDEo5wmznE6BkgWELA0BnkIfm6KARTAmRXjhbmAkMymHZKS7aEaguq0wsav6q89YT001J5c...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTL3jXnrA8PqVqdAMk99hwAABKwAAAIB&google_push=AYg5qPIQs3pxPjc1qfQIDEo5wmznE6BkgWELA0BnkIfm6KARTAmRXjhbmAkMymHZKS7aEaguq0wsav6q89YT001J5c...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTL3jXnrA8PqVqdAMk99hwAABKwAAAIB&google_push=AYg5qPIQs3pxPjc1qfQIDEo5wmznE6BkgWELA0BnkIfm6KARTAmRXjhbmAkMymHZKS7aEaguq0wsav6q89YT001J5c...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTL3jXnrA8PqVqdAMk99hwAABKwAAAIB&google_push=AYg5qPIQs3pxPjc1qfQIDEo5wmznE6BkgWELA0BnkIfm6KARTAmRXjhbmAkMymHZKS7aEaguq0wsav6q89YT001J5c...

0
0

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 4B65
Redirect Chain

https://ads.yieldmo.com/exptsync?google_gid=CAESEEY_OtHOzQHNPt3dbA3hXzI&google_cver=1&google_push=AYg5qPLsVrFxHPOdxekugfSic8VsPfOJegiwPppmcy_sR-a3OUepU7F4e6WquF-bvvDIgIsyPrDPiILC2J0-HhSXgFTw5D6Pmj8
https://cm.g.doubleclick.net/pixel?google_nid=yieldmo&google_push=AYg5qPLsVrFxHPOdxekugfSic8VsPfOJegiwPppmcy_sR-a3OUepU7F4e6WquF-bvvDIgIsyPrDPiILC2J0-HhSXgFTw5D6Pmj8&google_hm=Zzg4M2RiNWZmYTk5ZjVmN...

170 B
188 B

33ms
33ms

Image
image/png

172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=yieldmo&google_push=AYg5qPLsVrFxHPOdxekugfSic8VsPfOJegiwPppmcy_sR-a3OUepU7F4e6WquF-bvvDIgIsyPrDPiILC2J0-HhSXgFTw5D6Pmj8&google_hm=Zzg4M2RiNWZmYTk5ZjVmNDA5ZmE=

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:35:26 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:35:26 GMT
location: https://cm.g.doubleclick.net/pixel?google_nid=yieldmo&google_push=AYg5qPLsVrFxHPOdxekugfSic8VsPfOJegiwPppmcy_sR-a3OUepU7F4e6WquF-bvvDIgIsyPrDPiILC2J0-HhSXgFTw5D6Pmj8&google_hm=Zzg4M2RiNWZmYTk5ZjVmNDA5ZmE=
access-control-allow-methods: POST, GET, OPTIONS
content-type: application/json;charset=utf-8
access-control-allow-origin: *
access-control-allow-headers: Cache-Control, Pragma, *
content-length: 0

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 4B65
Redirect Chain

https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEL-WlEJUoUBXgankHVTFkSA&google_cver=1&google_push=AYg5qPK1r1FqgOjUixr5r4Dv3XAzK2a_PRPJZEOekHm-XXB2xGVw0Kc6ws5uOBXJAgPFF0g8CM...
https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS01OEptemFsRTJ1RlI4RngwdnBPX3NUWnBHS1RSUTVkTX5B&google_push=AYg5qPK1r1FqgOjUixr5r4Dv3XAzK2a_PRPJZEOekHm-XXB2xGVw0Kc6w...

170 B
188 B

32ms
32ms

Image
image/png

172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS01OEptemFsRTJ1RlI4RngwdnBPX3NUWnBHS1RSUTVkTX5B&google_push=AYg5qPK1r1FqgOjUixr5r4Dv3XAzK2a_PRPJZEOekHm-XXB2xGVw0Kc6ws5uOBXJAgPFF0g8CM0KLxlmyUMHliclHyPvRlKwXj0

Requested by

Host: a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com
URL: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:35:26 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Sat, 04 Sep 2021 04:35:26 GMT
Server: ATS/7.1.2.138
Age: 0
Strict-Transport-Security: max-age=31536000
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Location: https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS01OEptemFsRTJ1RlI4RngwdnBPX3NUWnBHS1RSUTVkTX5B&google_push=AYg5qPK1r1FqgOjUixr5r4Dv3XAzK2a_PRPJZEOekHm-XXB2xGVw0Kc6ws5uOBXJAgPFF0g8CM0KLxlmyUMHliclHyPvRlKwXj0
Connection: keep-alive
Content-Length: 0

GET

pixel
cm.g.doubleclick.net/ Frame 4B65
Redirect Chain

https://ads.avads.net/sync/ggl?google_gid=CAESEAQQLWhUYePTGVczzlzSiqE&google_cver=1&google_push=AYg5qPJjPxTUN9wC8YMohh_vc-tb14adxDJKR6YkrKi0tBwbjftWZnkQswac8AeQb1ltbo-De_KW9UOs0GCW_aFzEklYZeq0AF8Z
https://ads.avads.net/sync/ggl?google_gid=CAESEAQQLWhUYePTGVczzlzSiqE&google_cver=1&google_push=AYg5qPJjPxTUN9wC8YMohh_vc-tb14adxDJKR6YkrKi0tBwbjftWZnkQswac8AeQb1ltbo-De_KW9UOs0GCW_aFzEklYZeq0AF8Z&...
https://ads.avads.net/sync/ggl?google_gid=CAESEAQQLWhUYePTGVczzlzSiqE&google_cver=1&google_push=AYg5qPJjPxTUN9wC8YMohh_vc-tb14adxDJKR6YkrKi0tBwbjftWZnkQswac8AeQb1ltbo-De_KW9UOs0GCW_aFzEklYZeq0AF8Z
https://cm.g.doubleclick.net/pixel?google_nid=antvoice&google_hm=ZmE1MDQ2OGYtNTY5YS00MzdlLTk0MjgtOGM3YmY1ZmMyZDM3&google_push=AYg5qPJjPxTUN9wC8YMohh_vc-tb14adxDJKR6YkrKi0tBwbjftWZnkQswac8AeQb1ltbo-...
https://cm.g.doubleclick.net/pixel?google_nid=antvoice&google_hm=ZmE1MDQ2OGYtNTY5YS00MzdlLTk0MjgtOGM3YmY1ZmMyZDM3&google_push=AYg5qPJjPxTUN9wC8YMohh_vc-tb14adxDJKR6YkrKi0tBwbjftWZnkQswac8AeQb1ltbo-...
https://cm.g.doubleclick.net/pixel?google_nid=antvoice&google_hm=ZmE1MDQ2OGYtNTY5YS00MzdlLTk0MjgtOGM3YmY1ZmMyZDM3&google_push=AYg5qPJjPxTUN9wC8YMohh_vc-tb14adxDJKR6YkrKi0tBwbjftWZnkQswac8AeQb1ltbo-...
https://cm.g.doubleclick.net/pixel?google_nid=antvoice&google_hm=ZmE1MDQ2OGYtNTY5YS00MzdlLTk0MjgtOGM3YmY1ZmMyZDM3&google_push=AYg5qPJjPxTUN9wC8YMohh_vc-tb14adxDJKR6YkrKi0tBwbjftWZnkQswac8AeQb1ltbo-...
https://cm.g.doubleclick.net/pixel?google_nid=antvoice&google_hm=ZmE1MDQ2OGYtNTY5YS00MzdlLTk0MjgtOGM3YmY1ZmMyZDM3&google_push=AYg5qPJjPxTUN9wC8YMohh_vc-tb14adxDJKR6YkrKi0tBwbjftWZnkQswac8AeQb1ltbo-...
https://cm.g.doubleclick.net/pixel?google_nid=antvoice&google_hm=ZmE1MDQ2OGYtNTY5YS00MzdlLTk0MjgtOGM3YmY1ZmMyZDM3&google_push=AYg5qPJjPxTUN9wC8YMohh_vc-tb14adxDJKR6YkrKi0tBwbjftWZnkQswac8AeQb1ltbo-...
https://cm.g.doubleclick.net/pixel?google_nid=antvoice&google_hm=ZmE1MDQ2OGYtNTY5YS00MzdlLTk0MjgtOGM3YmY1ZmMyZDM3&google_push=AYg5qPJjPxTUN9wC8YMohh_vc-tb14adxDJKR6YkrKi0tBwbjftWZnkQswac8AeQb1ltbo-...
https://cm.g.doubleclick.net/pixel?google_nid=antvoice&google_hm=ZmE1MDQ2OGYtNTY5YS00MzdlLTk0MjgtOGM3YmY1ZmMyZDM3&google_push=AYg5qPJjPxTUN9wC8YMohh_vc-tb14adxDJKR6YkrKi0tBwbjftWZnkQswac8AeQb1ltbo-...
https://cm.g.doubleclick.net/pixel?google_nid=antvoice&google_hm=ZmE1MDQ2OGYtNTY5YS00MzdlLTk0MjgtOGM3YmY1ZmMyZDM3&google_push=AYg5qPJjPxTUN9wC8YMohh_vc-tb14adxDJKR6YkrKi0tBwbjftWZnkQswac8AeQb1ltbo-...
https://cm.g.doubleclick.net/pixel?google_nid=antvoice&google_hm=ZmE1MDQ2OGYtNTY5YS00MzdlLTk0MjgtOGM3YmY1ZmMyZDM3&google_push=AYg5qPJjPxTUN9wC8YMohh_vc-tb14adxDJKR6YkrKi0tBwbjftWZnkQswac8AeQb1ltbo-...
https://cm.g.doubleclick.net/pixel?google_nid=antvoice&google_hm=ZmE1MDQ2OGYtNTY5YS00MzdlLTk0MjgtOGM3YmY1ZmMyZDM3&google_push=AYg5qPJjPxTUN9wC8YMohh_vc-tb14adxDJKR6YkrKi0tBwbjftWZnkQswac8AeQb1ltbo-...
https://cm.g.doubleclick.net/pixel?google_nid=antvoice&google_hm=ZmE1MDQ2OGYtNTY5YS00MzdlLTk0MjgtOGM3YmY1ZmMyZDM3&google_push=AYg5qPJjPxTUN9wC8YMohh_vc-tb14adxDJKR6YkrKi0tBwbjftWZnkQswac8AeQb1ltbo-...
https://cm.g.doubleclick.net/pixel?google_nid=antvoice&google_hm=ZmE1MDQ2OGYtNTY5YS00MzdlLTk0MjgtOGM3YmY1ZmMyZDM3&google_push=AYg5qPJjPxTUN9wC8YMohh_vc-tb14adxDJKR6YkrKi0tBwbjftWZnkQswac8AeQb1ltbo-...
https://cm.g.doubleclick.net/pixel?google_nid=antvoice&google_hm=ZmE1MDQ2OGYtNTY5YS00MzdlLTk0MjgtOGM3YmY1ZmMyZDM3&google_push=AYg5qPJjPxTUN9wC8YMohh_vc-tb14adxDJKR6YkrKi0tBwbjftWZnkQswac8AeQb1ltbo-...
https://cm.g.doubleclick.net/pixel?google_nid=antvoice&google_hm=ZmE1MDQ2OGYtNTY5YS00MzdlLTk0MjgtOGM3YmY1ZmMyZDM3&google_push=AYg5qPJjPxTUN9wC8YMohh_vc-tb14adxDJKR6YkrKi0tBwbjftWZnkQswac8AeQb1ltbo-...
https://cm.g.doubleclick.net/pixel?google_nid=antvoice&google_hm=ZmE1MDQ2OGYtNTY5YS00MzdlLTk0MjgtOGM3YmY1ZmMyZDM3&google_push=AYg5qPJjPxTUN9wC8YMohh_vc-tb14adxDJKR6YkrKi0tBwbjftWZnkQswac8AeQb1ltbo-...
https://cm.g.doubleclick.net/pixel?google_nid=antvoice&google_hm=ZmE1MDQ2OGYtNTY5YS00MzdlLTk0MjgtOGM3YmY1ZmMyZDM3&google_push=AYg5qPJjPxTUN9wC8YMohh_vc-tb14adxDJKR6YkrKi0tBwbjftWZnkQswac8AeQb1ltbo-...
https://cm.g.doubleclick.net/pixel?google_nid=antvoice&google_hm=ZmE1MDQ2OGYtNTY5YS00MzdlLTk0MjgtOGM3YmY1ZmMyZDM3&google_push=AYg5qPJjPxTUN9wC8YMohh_vc-tb14adxDJKR6YkrKi0tBwbjftWZnkQswac8AeQb1ltbo-...

0
0

GET
H3-29 204 attr
cm.g.doubleclick.net/pixel/ Frame 4B65 0
12 B 31ms
31ms Image
text/html 172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13J7dyrWZX2hH-QQMH-3JL9gJLNy2RM4kTY1OdVb-_usxQvTgkT943r2yTBBvWMrckak8QP8pDg

Requested by

Host: a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com
URL: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:35:26 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H/1.1 200
OK dt
dt.adsafeprotected.com/ Frame 2763 43 B
301 B 314ms
103ms Image
image/gif 104.244.36.20
ADSAFE-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=930701&asId=f9ee2c03-693f-5721-687b-3aed9d6583ce&tv=%7Bc:ndLK8n,pingTime:-2,time:633,type:a,im:%7Bsf:0,pom:1,prf:%7BbeA:618,beZ:619,mfA:923,cmA:924,inA:924,inZ:929,prA:929,prZ:950,si:957,poA:958,poZ:969,cmZ:969,mfZ:969,loA:1046,loZ:1049,ltA:1250,ltZ:1250,idA:969,idZ:1026%7D%7D,sca:%7Bdfp:%7Bdf:4,sz:300.250,dom:div%7D%7D,env:%7Bgca:false,cca:false,gca2:false%7D,clog:%5B%7Bpiv:-1,vs:n,r:l,w:300,h:250,t:339%7D%5D,es:0,sc:1,ha:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:%7Bi:0,o:0,n:633,pp:0,pm:0%7D,slEvents:%5B%7Bsl:n,t:338,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:i,cc:NaN.NaN.300.250,piv:-1,obst:0,th:0,reas:l,bkn:%7Bpiv:%5B325~1%5D,as:%5B325~300.250%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:jload,dtt:0,fm:sI0Vq0u+11%7C12%7C13%7C14%7C15%7C161%7C162%7C163%7C164%7C17*.930701%7C171%7C172%7C173%7C174%7C18.930701%7C181%7C182%7C183%7C184%7C191%7C192%7C193%7C194%7C1a1%7C1a2%7C1a3%7C1a4%7C1b%7C1c1%7C1c2%7C1c3%7C1c4%7C1d1%7C1e1%7C1f%7C1g,idMap:17*,rmeas:1,rend:1,renddet:DIV.qs.sn,sinceFw:292,readyFired:true%7D&br=u
Requested by: Host: a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com
URL: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.244.36.20 , United States, ASN7415 (ADSAFE-1, US),
Reverse DNS: nyidt.adsafeprotected.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 04 Sep 2021 04:35:26 GMT
X-Server-Name: dt51.303net.pvt
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Server: nginx

GET
H2

200

/
r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/ Frame 41B5
Redirect Chain

https://ad.turn.com/r/cs?pid=3&google_gid=CAESEO6TUCncnSI2yIUoP9rItQE&google_cver=1&google_push=AYg5qPItht74jzxynAqntyiu1JnMnBlbCe7Jl29yvUAwXNAvt3jxXzI9jjIjOXy5WSGydgKREyTnIDPAI0z2_LCINdLBrNBUrgw
https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=Mjc1NzAwNDUwNTY1MTE1MTY2OQ==
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?google_gid=CAESEO6TUCncnSI2yIUoP9rItQE&google_cver=1

43 B
407 B

16ms
16ms

Image
image/gif

2001:678:cb4:bbbb::11
TURN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?google_gid=CAESEO6TUCncnSI2yIUoP9rItQE&google_cver=1
Requested by: Host: a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com
URL: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2001:678:cb4:bbbb::11 , United Kingdom, ASN56396 (TURN, GB),
Reverse DNS
Software: /
Resource Hash: 48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:35:26 GMT
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-type: image/gif
content-length: 43
p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

Redirect headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:35:26 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?google_gid=CAESEO6TUCncnSI2yIUoP9rItQE&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 301
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 41B5
Redirect Chain

https://x.bidswitch.net/sync?ssp=google&google_gid=CAESENn4XGFIRaAk2auJR1dZN5g&google_cver=1&google_push=AYg5qPLXf8Hmli7_3U4au79a3KNP_YT55CarvaZ4-Fulh6SxwQtObsE06toPVRn4AmH6m_0tzzlfOw_JcBVs4O4lDQk4...
https://x.bidswitch.net/ul_cb/sync?ssp=google&google_gid=CAESENn4XGFIRaAk2auJR1dZN5g&google_cver=1&google_push=AYg5qPLXf8Hmli7_3U4au79a3KNP_YT55CarvaZ4-Fulh6SxwQtObsE06toPVRn4AmH6m_0tzzlfOw_JcBVs4O...
https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=AYg5qPLXf8Hmli7_3U4au79a3KNP_YT55CarvaZ4-Fulh6SxwQtObsE06toPVRn4AmH6m_0tzzlfOw_JcBVs4O4lDQk4CGWg_Q&google_hm=ah_iiUfpR3G8l0X_4cLlow==

170 B
188 B

34ms
33ms

Image
image/png

172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=AYg5qPLXf8Hmli7_3U4au79a3KNP_YT55CarvaZ4-Fulh6SxwQtObsE06toPVRn4AmH6m_0tzzlfOw_JcBVs4O4lDQk4CGWg_Q&google_hm=ah_iiUfpR3G8l0X_4cLlow==

Requested by

Host: a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com
URL: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:35:26 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: //cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=AYg5qPLXf8Hmli7_3U4au79a3KNP_YT55CarvaZ4-Fulh6SxwQtObsE06toPVRn4AmH6m_0tzzlfOw_JcBVs4O4lDQk4CGWg_Q&google_hm=ah_iiUfpR3G8l0X_4cLlow==
date: Sat, 04 Sep 2021 04:35:26 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0

GET
H3-29 200 dot.gif
s0.2mdn.net/ Frame 41B5 43 B
63 B 15ms
14ms Image
image/gif 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/dot.gif?google_gid=CAESEDBU1qLsAEa-VQEj5tpU2pU&google_cver=1&google_push=AYg5qPIe32eTso14cXbF1u-eByQvkehyQwMnZAr1DZS7Hjgt59iqsnlH1McEELQzZZL56zDGvaVmbprJ08JejsXohlx59MgDRzM

Requested by

Host: a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com
URL: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:35:26 GMT
x-content-type-options: nosniff
last-modified: Sun, 01 Feb 2009 08:00:00 GMT
server: sffe
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 43
x-xss-protection: 0
expires: Sun, 05 Sep 2021 04:35:26 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 41B5
Redirect Chain

https://google-sync.rutarget.ru/sync?google_gid=CAESELwmMipWy5HiGlKb1_Dm83A&google_cver=1&google_push=AYg5qPIa5gCNxCN7vV_Y0oN30G1F_8zDVBC1j49HPAvxTDHbyFtMv2_YSzp-c7GVMF01ceeN--BwG9GyVK7N4KC2OXCHdXWUBA
https://cm.g.doubleclick.net/pixel?google_nid=segmentoru&google_hm=cDlvTXNFNHVTTkhh&google_ula=2046794&google_push=AYg5qPIa5gCNxCN7vV_Y0oN30G1F_8zDVBC1j49HPAvxTDHbyFtMv2_YSzp-c7GVMF01ceeN--BwG9GyVK...

170 B
188 B

121ms
121ms

Image
image/png

172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=segmentoru&google_hm=cDlvTXNFNHVTTkhh&google_ula=2046794&google_push=AYg5qPIa5gCNxCN7vV_Y0oN30G1F_8zDVBC1j49HPAvxTDHbyFtMv2_YSzp-c7GVMF01ceeN--BwG9GyVK7N4KC2OXCHdXWUBA

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:35:27 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=segmentoru&google_hm=cDlvTXNFNHVTTkhh&google_ula=2046794&google_push=AYg5qPIa5gCNxCN7vV_Y0oN30G1F_8zDVBC1j49HPAvxTDHbyFtMv2_YSzp-c7GVMF01ceeN--BwG9GyVK7N4KC2OXCHdXWUBA
Date: Sat, 04 Sep 2021 04:35:27 GMT
Server: nginx
Connection: keep-alive
Content-Length: 0
P3P: CP="This is not a P3P policy. Please visit http://rutarget.ru/p3p/ to get more information."

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 41B5
Redirect Chain

https://sync.go.sonobi.com/us?loc=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dsonobi%26google_push%3DAYg5qPJj0udGssMdA2nH9vsUmpgVRLoL5QzLzoU8yGAYJzB_iG7wkEsltTERyN1fPIHWurqsSdk-FZssqx...
https://cm.g.doubleclick.net/pixel?google_nid=sonobi&google_push=AYg5qPJj0udGssMdA2nH9vsUmpgVRLoL5QzLzoU8yGAYJzB_iG7wkEsltTERyN1fPIHWurqsSdk-FZssqxIrWdrwP0a7gDLD4A&google_hm=08f3b2f0-8a20-420a-b054...

170 B
188 B

32ms
32ms

Image
image/png

172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=sonobi&google_push=AYg5qPJj0udGssMdA2nH9vsUmpgVRLoL5QzLzoU8yGAYJzB_iG7wkEsltTERyN1fPIHWurqsSdk-FZssqxIrWdrwP0a7gDLD4A&google_hm=08f3b2f0-8a20-420a-b054-7c9fc4ae6496

Requested by

Host: a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com
URL: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:35:26 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Sat, 04 Sep 2021 04:35:26 GMT
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: xcp-ams-1-7-9
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Location: https://cm.g.doubleclick.net/pixel?google_nid=sonobi&google_push=AYg5qPJj0udGssMdA2nH9vsUmpgVRLoL5QzLzoU8yGAYJzB_iG7wkEsltTERyN1fPIHWurqsSdk-FZssqxIrWdrwP0a7gDLD4A&google_hm=08f3b2f0-8a20-420a-b054-7c9fc4ae6496
Cache-Control: no-cache, no-store, private
Tcn: Choice
Content-Type: text/plain; charset=utf8
Content-Length: 0
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 41B5
Redirect Chain

https://google.ops.beeline.ru/p?ssp=gl&google_gid=CAESEOdr1J4osFTC-dqAsKU7z9Q&google_cver=1&google_push=AYg5qPIqx3AD7TF5lJ5ikKXzpnP-h0t7hE0Qtf1Xaf7bYbh8GMFTFa-GEHHsRtya_LMxNRBmlgMWE8RYeElifghKrxJTs...
https://cm.g.doubleclick.net/pixel?google_nid=vimpelcom_pjsc&google_hm=ODhkOWJlODMtZTNkZS00NDE2LWIwNzUtNTU0ZGE4OWQ2MzVm&google_push=AYg5qPIqx3AD7TF5lJ5ikKXzpnP-h0t7hE0Qtf1Xaf7bYbh8GMFTFa-GEHHsRtya_...

170 B
188 B

33ms
33ms

Image
image/png

172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=vimpelcom_pjsc&google_hm=ODhkOWJlODMtZTNkZS00NDE2LWIwNzUtNTU0ZGE4OWQ2MzVm&google_push=AYg5qPIqx3AD7TF5lJ5ikKXzpnP-h0t7hE0Qtf1Xaf7bYbh8GMFTFa-GEHHsRtya_LMxNRBmlgMWE8RYeElifghKrxJTs10xI6o

Requested by

Host: a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com
URL: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:35:26 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Sat, 04 Sep 2021 04:35:26 GMT
x-route: http://upstream_cookiesync
server: nginx
location: https://cm.g.doubleclick.net/pixel?google_nid=vimpelcom_pjsc&google_hm=ODhkOWJlODMtZTNkZS00NDE2LWIwNzUtNTU0ZGE4OWQ2MzVm&google_push=AYg5qPIqx3AD7TF5lJ5ikKXzpnP-h0t7hE0Qtf1Xaf7bYbh8GMFTFa-GEHHsRtya_LMxNRBmlgMWE8RYeElifghKrxJTs10xI6o
access-control-allow-methods: HEAD,GET,POST,PUT,DELETE,OPTIONS, GET, HEAD, POST, OPTIONS, PUT, DELETE
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate
access-control-allow-credentials: true, true
x-host: 192.168.152.32
access-control-allow-headers: authorization, Content-Type, Authorization, Origin, X-Requested-With, Accept, Key, Accept-Encoding, DNT
content-length: 0
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 41B5
Redirect Chain

https://sm.rtb.mts.ru/p?ssp=googlevid&pm=1&google_gid=CAESEA78mDCeFD8FpsxEOOzgSd4&google_cver=1&google_push=AYg5qPJFdq4ujn_AcBahNKrbjSzRYHqRHt3M8HyocsbTT8TYhBFEcZz_IEZmdHIfHizY80qqoP9DSLc4HKKJnDipc...
https://sm.rtb.mts.ru/match/second?r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dstream_llc_2%26id%3D77172dee-980f-400a-b36d-f7663619bec5%26google_push%3DAYg5qPJFdq4ujn_AcBahNKrbjSzRY...
https://tech.rtb.mts.ru/?dsp_uid=77172dee-980f-400a-b36d-f7663619bec5&return_url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dstream_llc_2%26id%3D77172dee-980f-400a-b36d-f7663619bec5%2...
https://cm.g.doubleclick.net/pixel?google_nid=stream_llc_2&id=77172dee-980f-400a-b36d-f7663619bec5&google_push=AYg5qPJFdq4ujn_AcBahNKrbjSzRYHqRHt3M8HyocsbTT8TYhBFEcZz_IEZmdHIfHizY80qqoP9DSLc4HKKJnD...

170 B
188 B

34ms
33ms

Image
image/png

172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=stream_llc_2&id=77172dee-980f-400a-b36d-f7663619bec5&google_push=AYg5qPJFdq4ujn_AcBahNKrbjSzRYHqRHt3M8HyocsbTT8TYhBFEcZz_IEZmdHIfHizY80qqoP9DSLc4HKKJnDipc5Sch5tv3wc

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:35:26 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Sat, 04 Sep 2021 04:35:26 GMT
Server: nginx/1.13.12
Transfer-Encoding: chunked
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
Content-Type: text/html; charset=utf-8
Location: https://cm.g.doubleclick.net/pixel?google_nid=stream_llc_2&id=77172dee-980f-400a-b36d-f7663619bec5&google_push=AYg5qPJFdq4ujn_AcBahNKrbjSzRYHqRHt3M8HyocsbTT8TYhBFEcZz_IEZmdHIfHizY80qqoP9DSLc4HKKJnDipc5Sch5tv3wc
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With

GET
H3-29 204 attr
cm.g.doubleclick.net/pixel/ Frame 41B5 0
12 B 31ms
30ms Image
text/html 172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13KEFMcDdo_que3QrIXqZ7MKocRmeu0R2wKRYGdk9MtDI9pnJwMy1vhO2h7CB73dqvGuOcAW1J0

Requested by

Host: a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com
URL: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:35:26 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H2 200 dpixel
cms.quantserve.com/ Frame 3A81 35 B
464 B 26ms
8ms Image
image/gif 2620:116:800d:21:f916:5049:f87f:108e
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEG6OAK6RYj_-AfIzZ3FxDys&google_cver=1&google_push=AYg5qPJ2QvfY5x0nO6ooqvzpgAzjg6xNsiiwopUkeqG1BhbtSvDbSMfRyN_IzF9Y_04kxVbqbmgtDciDcj9vGelS4XKLdC6wBku8

Requested by

Host: a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com
URL: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:f916:5049:f87f:108e , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:35:26 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
cache-control: private, no-cache, no-store, proxy-revalidate
content-type: image/gif
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H/1.1

200
OK

cm
a.rfihub.com/ Frame 3A81
Redirect Chain

https://p.rfihub.com/cm?in=1&pub=445&google_gid=CAESEB_GrXR316znKJKyyYISRIw&google_cver=1&google_push=AYg5qPJOTHhGSM56c3qfZUwPCgF3K_WH9CQNicrlk02GicG33_UIf6A1B1sxojt3rAJYUCzBK9QR-kHhlgTeU0IBxOcJXnt...
https://cm.g.doubleclick.net/pixel?google_nid=zeta_interactive&google_push=AYg5qPJOTHhGSM56c3qfZUwPCgF3K_WH9CQNicrlk02GicG33_UIf6A1B1sxojt3rAJYUCzBK9QR-kHhlgTeU0IBxOcJXnt9APZ6&google_hm=NTI2NDQxODU...
https://a.rfihub.com/cm?pub=445&google_error=5

42 B
814 B

393ms
38ms

Image
image/gif

193.0.160.128
ROCKETFUEL

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://a.rfihub.com/cm?pub=445&google_error=5
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_CBC
Server: 193.0.160.128 , United States, ASN54312 (ROCKETFUEL, US),
Reverse DNS
Software: Jetty(9.3.29.v20201019) /
Resource Hash: 47043e4823a6c21a8881de789b4185355330b5804629d23f6b43dd93f5265292

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Sat, 04 Sep 2021 04:35:26 GMT
Cache-Control: no-cache
Server: Jetty(9.3.29.v20201019)
Content-Type: image/gif
Content-Length: 42
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

Redirect headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:35:26 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://a.rfihub.com/cm?pub=445&google_error=5
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 247
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 3A81
Redirect Chain

https://match.adsby.bidtheatre.com/adxcookie?id=&google_gid=CAESELL7Gnt9EtbpUhsiXTIr1jo&google_cver=1&google_push=AYg5qPKmmI4oS2y9rmFREUHVGNifbDctPraoAfDED7jTXb5gGok3BFZgnsBqHkTcyUKERaYUTejqn43DPH5...
https://cm.g.doubleclick.net/pixel?google_nid=bt&google_push=AYg5qPKmmI4oS2y9rmFREUHVGNifbDctPraoAfDED7jTXb5gGok3BFZgnsBqHkTcyUKERaYUTejqn43DPH5oCA0iI6YRnIMh76A

170 B
188 B

33ms
33ms

Image
image/png

172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=bt&google_push=AYg5qPKmmI4oS2y9rmFREUHVGNifbDctPraoAfDED7jTXb5gGok3BFZgnsBqHkTcyUKERaYUTejqn43DPH5oCA0iI6YRnIMh76A

Requested by

Host: a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com
URL: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:35:26 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=bt&google_push=AYg5qPKmmI4oS2y9rmFREUHVGNifbDctPraoAfDED7jTXb5gGok3BFZgnsBqHkTcyUKERaYUTejqn43DPH5oCA0iI6YRnIMh76A
Date: Sat, 04 Sep 2021 04:35:26 GMT
Server: Apache/2.4.41 (Ubuntu)
Connection: Keep-Alive
Keep-Alive: timeout=5, max=3000
Content-Length: 0
P3P: policyref="/w3c/p3p.xml", CP="DSP NON LAW OUR CUR DEVo PSAo PSDo IND STA NAV COM INT"

GET match
um.wbtrk.net/doubleclick/user/ Frame 3A81 0
0

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 3A81
Redirect Chain

https://match.360yield.com/match/ebda?google_gid=CAESEKRQCgLQ3NuF1Qj2JO0yAOA&google_cver=1&google_push=AYg5qPJf2DGKWuX6sZFhiRMKYgbf3YQYYO6RzJi5sP81O8bzjr1EARtOS2bLcjdIlXMmIO-6y6lNA4fQdSRdCxmcdm3kff...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=LMoL9ujcQcix105V0Emgjg&google_push=AYg5qPJf2DGKWuX6sZFhiRMKYgbf3YQYYO6RzJi5sP81O8bzjr1EARtOS2bLcjdIlXMmIO-6y6lNA4fQdSRdCxm...

170 B
188 B

32ms
32ms

Image
image/png

172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=LMoL9ujcQcix105V0Emgjg&google_push=AYg5qPJf2DGKWuX6sZFhiRMKYgbf3YQYYO6RzJi5sP81O8bzjr1EARtOS2bLcjdIlXMmIO-6y6lNA4fQdSRdCxmcdm3kff7JYGo

Requested by

Host: a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com
URL: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:35:26 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=LMoL9ujcQcix105V0Emgjg&google_push=AYg5qPJf2DGKWuX6sZFhiRMKYgbf3YQYYO6RzJi5sP81O8bzjr1EARtOS2bLcjdIlXMmIO-6y6lNA4fQdSRdCxmcdm3kff7JYGo
date: Sat, 04 Sep 2021 04:35:26 GMT
access-control-allow-origin: *
content-type: text/plain
content-length: 0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 3A81
Redirect Chain

https://sync.1rx.io/usersync2/rmpssp?sub=google&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3D%5BRX_SPD%5D%26google_hm%3D%5BRX_UUID_B64_BIN%5D&google_gid=CAESEO...
https://sync.targeting.unrulymedia.com/csync/RX-34d936c4-b089-47ce-b9b7-e89e80d1de9c-003?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3DAYg5qPK7im3XplB8D1KtuhTve...
https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AYg5qPK7im3XplB8D1KtuhTvexqwF-Rq7JEL92l_n7zSaIdb-Wcpvv9_1ncXffUfbZXIZXnOCVEYSrbATyiUfq_U_IEO8oU9EE_u&google_hm=AzTZNsSwiUfOubfonoDR3pw

170 B
188 B

32ms
32ms

Image
image/png

172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AYg5qPK7im3XplB8D1KtuhTvexqwF-Rq7JEL92l_n7zSaIdb-Wcpvv9_1ncXffUfbZXIZXnOCVEYSrbATyiUfq_U_IEO8oU9EE_u&google_hm=AzTZNsSwiUfOubfonoDR3pw

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:35:26 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AYg5qPK7im3XplB8D1KtuhTvexqwF-Rq7JEL92l_n7zSaIdb-Wcpvv9_1ncXffUfbZXIZXnOCVEYSrbATyiUfq_U_IEO8oU9EE_u&google_hm=AzTZNsSwiUfOubfonoDR3pw
date: Sat, 04 Sep 2021 04:35:26 GMT
server: Tengine
p3p: CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
etag: RX34d936c4b08947ceb9b7e89e80d1de9c003
content-type: text/html

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 3A81
Redirect Chain

https://ssbsync.smartadserver.com/api/sync?callerId=3&google_gid=CAESEBiNWlW8Exn0aYxAuE6LOPo&google_cver=1&google_push=AYg5qPKpPCD2L0goSsoaOv0ZHvHcaMbbY9PfnDUzmMWTiuAHb3ZgRMLqYIHBI3SbKBxQ52SbkzRkm5...
https://cm.g.doubleclick.net/pixel?google_nid=smart_adserver_eb&google_push=AYg5qPKpPCD2L0goSsoaOv0ZHvHcaMbbY9PfnDUzmMWTiuAHb3ZgRMLqYIHBI3SbKBxQ52SbkzRkm5s7GXkkpecr1c3XNqYa9Xy7&google_hm=MjA5NzExOD...

170 B
188 B

32ms
32ms

Image
image/png

172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=smart_adserver_eb&google_push=AYg5qPKpPCD2L0goSsoaOv0ZHvHcaMbbY9PfnDUzmMWTiuAHb3ZgRMLqYIHBI3SbKBxQ52SbkzRkm5s7GXkkpecr1c3XNqYa9Xy7&google_hm=MjA5NzExODg5MDMyMjc5MzQ1MQ%3D%3D

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:35:27 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=smart_adserver_eb&google_push=AYg5qPKpPCD2L0goSsoaOv0ZHvHcaMbbY9PfnDUzmMWTiuAHb3ZgRMLqYIHBI3SbKBxQ52SbkzRkm5s7GXkkpecr1c3XNqYa9Xy7&google_hm=MjA5NzExODg5MDMyMjc5MzQ1MQ%3D%3D
date: Sat, 04 Sep 2021 04:35:26 GMT
content-length: 0

GET
H3-29 204 attr
cm.g.doubleclick.net/pixel/ Frame 3A81 0
12 B 30ms
29ms Image
text/html 172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13Lblw9QH3Ihzm27Z4UmDneA3K5wrTkglH7l5NdFghzNh5_tqKTc2tzAyytwip7IZDfym8Qa

Requested by

Host: a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com
URL: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:35:26 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H2 200 google
match.adsrvr.org/track/cmf/ Frame B4B0 70 B
265 B 1149ms
43ms Image
image/gif 76.223.111.131
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/google?google_gid=CAESEOydDMGhfpbyVl21JiiPGNU&google_cver=1&google_push=AYg5qPJrBXO365eDmINNbaPD_L3TbuIUS43HI5UYpQYRrak3h2wKHY5F1HrOfiRgs-KHm-SPU0___hwctdsqfr0WiuoYUERkUFnw
Requested by: Host: a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com
URL: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 76.223.111.131 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a97adde81b00f2ca4.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:35:27 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H2 204 AdxPixel
tr.blismedia.com/v1/api/sync/ Frame B4B0 0
136 B 1081ms
29ms Image
text/plain 34.96.105.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tr.blismedia.com/v1/api/sync/AdxPixel?google_gid=CAESEDlbKN-e-P1siGY5fdZ4XtQ&google_cver=1&google_push=AYg5qPI79RUjlO9Jl70ey_Lml-WWvPovua8r6C4AJP9GPT2DJfIxrJr1DXsfS1M_DrwY0rCgZGn7yPz8StiSMGMbIXxpuuz8-iHD
Requested by: Host: a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com
URL: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.96.105.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.105.96.34.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:35:27 GMT
via: 1.1 google
alt-svc: clear

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame B4B0
Redirect Chain

https://dsp.adfarm1.adition.com/cookie/?ssp=2&google_gid=CAESENBaqDrZhT8ybLXgB7-_1uA&google_cver=1&google_push=AYg5qPKCq3Py2VKLBobOq5bOPxLC5H__uAj8XpV2s4rQilAgzYdLT5K7odApeIwWgRSNDd-6XGT3viXGVuZJqe...
https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzAwMzkzMjU1OTc3NjkzODEzNw%3D%3D&google_push=AYg5qPKCq3Py2VKLBobOq5bOPxLC5H__uAj8XpV2s4rQilAgzYdLT5K7odApeIwWgRSNDd-6XGT3viXGVuZJqeZCCW...

170 B
188 B

32ms
32ms

Image
image/png

172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzAwMzkzMjU1OTc3NjkzODEzNw%3D%3D&google_push=AYg5qPKCq3Py2VKLBobOq5bOPxLC5H__uAj8XpV2s4rQilAgzYdLT5K7odApeIwWgRSNDd-6XGT3viXGVuZJqeZCCWp_33FNVCwD

Requested by

Host: a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com
URL: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:35:26 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzAwMzkzMjU1OTc3NjkzODEzNw%3D%3D&google_push=AYg5qPKCq3Py2VKLBobOq5bOPxLC5H__uAj8XpV2s4rQilAgzYdLT5K7odApeIwWgRSNDd-6XGT3viXGVuZJqeZCCWp_33FNVCwD
Date: Sat, 04 Sep 2021 04:35:26 GMT
Server: nginx
Connection: keep-alive
Transfer-Encoding: chunked
p3p: policyref="http://imagesrv.adition.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame B4B0
Redirect Chain

https://c.eu1.dyntrk.com/adx/ga/us.php?dynk=ga2ex&google_gid=CAESEN34ZLVkqVEOTOFWhL2kD-A&google_cver=1&google_push=AYg5qPKKYbqraWutRe-qAsKNcAOBEMW1HZZ0PUrKKq1j1EoiLVXYKioPx7uNpHFK7KG3-Lw05OjsAjv1o_...
https://c.eu1.dyntrk.com/adx/ga/us.php?dynk=ga2ex&google_gid=CAESEN34ZLVkqVEOTOFWhL2kD-A&google_cver=1&google_push=AYg5qPKKYbqraWutRe-qAsKNcAOBEMW1HZZ0PUrKKq1j1EoiLVXYKioPx7uNpHFK7KG3-Lw05OjsAjv1o_...
https://cm.g.doubleclick.net/pixel?google_nid=dynadmic&google_push=AYg5qPKKYbqraWutRe-qAsKNcAOBEMW1HZZ0PUrKKq1j1EoiLVXYKioPx7uNpHFK7KG3-Lw05OjsAjv1o_QZn27JCbd1oTYO2p2J&google_hm=MDUwMzAwMDFfNjEzMmY...

170 B
188 B

33ms
33ms

Image
image/png

172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=dynadmic&google_push=AYg5qPKKYbqraWutRe-qAsKNcAOBEMW1HZZ0PUrKKq1j1EoiLVXYKioPx7uNpHFK7KG3-Lw05OjsAjv1o_QZn27JCbd1oTYO2p2J&google_hm=MDUwMzAwMDFfNjEzMmY3OGY1M2MzOA%3D%3D

Requested by

Host: a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com
URL: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:35:27 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Sat, 04 Sep 2021 04:35:27 GMT
server: nginx
access-control-allow-origin: *
transfer-encoding: chunked
access-control-allow-methods: POST, GET, OPTIONS
p3p: CP="NOI DEV OUR BUS UNI"
location: https://cm.g.doubleclick.net/pixel?google_nid=dynadmic&google_push=AYg5qPKKYbqraWutRe-qAsKNcAOBEMW1HZZ0PUrKKq1j1EoiLVXYKioPx7uNpHFK7KG3-Lw05OjsAjv1o_QZn27JCbd1oTYO2p2J&google_hm=MDUwMzAwMDFfNjEzMmY3OGY1M2MzOA%3D%3D
cache-control: no-cache
content-type: text/html; charset=UTF-8
access-control-allow-headers: Origin
keep-alive: timeout=10

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame B4B0
Redirect Chain

https://rtb.openx.net/sync/dds?google_gid=CAESEM_So39OiXSrKS9mYqE1C4w&google_cver=1&google_push=AYg5qPLoBoEmifOzRm2hv--5Q_eEHSBYZlNYEwb4ieD51xkf05XJbqtKMqMi3m7QcgjrKMN5SxpNoITst9N6IaRyIkD1-0994PM_
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPLoBoEmifOzRm2hv--5Q_eEHSBYZlNYEwb4ieD51xkf05XJbqtKMqMi3m7QcgjrKMN5SxpNoITst9N6IaRyIkD1-0994PM_&google_hm=a1ZR_--ky1AAAvSYqMbyEw==

170 B
188 B

33ms
33ms

Image
image/png

172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPLoBoEmifOzRm2hv--5Q_eEHSBYZlNYEwb4ieD51xkf05XJbqtKMqMi3m7QcgjrKMN5SxpNoITst9N6IaRyIkD1-0994PM_&google_hm=a1ZR_--ky1AAAvSYqMbyEw==

Requested by

Host: a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com
URL: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:35:27 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:35:26 GMT
via: 1.1 google
server: Cowboy
access-control-allow-origin: null
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
location: https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPLoBoEmifOzRm2hv--5Q_eEHSBYZlNYEwb4ieD51xkf05XJbqtKMqMi3m7QcgjrKMN5SxpNoITst9N6IaRyIkD1-0994PM_&google_hm=a1ZR_--ky1AAAvSYqMbyEw==
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
alt-svc: clear
content-length: 0
x-request-id: 5tor40vag2c9a4hgefobkkpoqkldd62t

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame B4B0
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEJzgJBgCf4hgr8l0ibQnfSE&google_cver=1&google_push=AYg5qPKcCqH1rMyNA7U9wciIRjqA86OeMVTKtPQg0myYUgIeHpocq7W1pW7tjjEyuaiyUDp2410...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1Q1QU0yRkctTi03UTUz&google_push=AYg5qPKcCqH1rMyNA7U9wciIRjqA86OeMVTKtPQg0myYUgIeHpocq7W1pW7tjjEyuaiyUDp24102ewwJ6D1spP8bn-680TRZjHSj

170 B
188 B

31ms
31ms

Image
image/png

172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1Q1QU0yRkctTi03UTUz&google_push=AYg5qPKcCqH1rMyNA7U9wciIRjqA86OeMVTKtPQg0myYUgIeHpocq7W1pW7tjjEyuaiyUDp24102ewwJ6D1spP8bn-680TRZjHSj

Requested by

Host: a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com
URL: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:35:26 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1Q1QU0yRkctTi03UTUz&google_push=AYg5qPKcCqH1rMyNA7U9wciIRjqA86OeMVTKtPQg0myYUgIeHpocq7W1pW7tjjEyuaiyUDp24102ewwJ6D1spP8bn-680TRZjHSj
Cache-Control: no-cache,no-store,must-revalidate
Content-Type: text/html
content-length: 0
X-RPHost: 704c1e4d3fcc922a3031d436b584678b
Expires: 0

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame B4B0
Redirect Chain

https://sm.rtb.mts.ru/p?ssp=googlevid&pm=1&google_gid=CAESEA78mDCeFD8FpsxEOOzgSd4&google_cver=1&google_push=AYg5qPJsJnadJJCAEWWnP9Dv-hvltdt8RByazrkQzlRF5odYLUomyRxl2MgS65U5jGEjZOsXil0yV6qNGEijZIv76...
https://sm.rtb.mts.ru/match/second?r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dstream_llc_2%26id%3D499745a5-6749-438d-97f8-23c9acaef2c3%26google_push%3DAYg5qPJsJnadJJCAEWWnP9Dv-hvlt...
https://tech.rtb.mts.ru/?dsp_uid=77172dee-980f-400a-b36d-f7663619bec5&return_url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dstream_llc_2%26id%3D499745a5-6749-438d-97f8-23c9acaef2c3%2...
https://cm.g.doubleclick.net/pixel?google_nid=stream_llc_2&id=499745a5-6749-438d-97f8-23c9acaef2c3&google_push=AYg5qPJsJnadJJCAEWWnP9Dv-hvltdt8RByazrkQzlRF5odYLUomyRxl2MgS65U5jGEjZOsXil0yV6qNGEijZI...
https://cm.g.doubleclick.net/pixel?google_nid=stream_llc_2&id=499745a5-6749-438d-97f8-23c9acaef2c3&google_push=AYg5qPJsJnadJJCAEWWnP9Dv-hvltdt8RByazrkQzlRF5odYLUomyRxl2MgS65U5jGEjZOsXil0yV6qNGEijZI...

170 B
188 B

33ms
32ms

Image
image/png

172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=stream_llc_2&id=499745a5-6749-438d-97f8-23c9acaef2c3&google_push=AYg5qPJsJnadJJCAEWWnP9Dv-hvltdt8RByazrkQzlRF5odYLUomyRxl2MgS65U5jGEjZOsXil0yV6qNGEijZIv76oJTHmVsPxdH&google_tc=

Requested by

Host: a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com
URL: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:35:27 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:35:26 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://cm.g.doubleclick.net/pixel?google_nid=stream_llc_2&id=499745a5-6749-438d-97f8-23c9acaef2c3&google_push=AYg5qPJsJnadJJCAEWWnP9Dv-hvltdt8RByazrkQzlRF5odYLUomyRxl2MgS65U5jGEjZOsXil0yV6qNGEijZIv76oJTHmVsPxdH&google_tc=
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 431
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 204 attr
cm.g.doubleclick.net/pixel/ Frame B4B0 0
12 B 31ms
29ms Image
text/html 172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13K35_7cS4DIjSxBhEwLVJs3b4IFzM100hxIbnV-N5L6DtQ9yauSOIN8SoiCkpGEmWoR4RYxhg

Requested by

Host: a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com
URL: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:35:26 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3-29 200 CoopBd.woff
s0.2mdn.net/9506911/1609938295867/ Frame 2BCC 32 KB
32 KB 7ms
7ms Font
font/woff 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/9506911/1609938295867/CoopBd.woff

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/9506911/1609938295867/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

660dafdc78011b6e915b39cbfd9546c82a36aa6c20bfc6a75e144bc700a290a8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://s0.2mdn.net
Referer: https://s0.2mdn.net/9506911/1609938295867/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 03 Sep 2021 09:44:43 GMT
x-content-type-options: nosniff
last-modified: Wed, 06 Jan 2021 13:04:56 GMT
server: sffe
age: 67843
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 32612
x-xss-protection: 0
expires: Sat, 04 Sep 2021 09:44:43 GMT

POST
H3-29 200 view
googleads4.g.doubleclick.net/pcs/ Frame 2763 0
23 B 63ms
33ms Ping
image/gif 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: www.123greetings.com
URL: https://www.123greetings.com/events/dance_day/?utm_source=Email&utm_medium=Special_NL&utm_campaign=SNL_june20_events

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Sat, 04 Sep 2021 04:35:26 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H/1.1 200
OK dt
dt.adsafeprotected.com/ Frame A514 43 B
301 B 313ms
102ms Image
image/gif 104.244.36.20
ADSAFE-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=930701&asId=57defb38-59ad-2db2-7936-8259127130e3&tv=%7Bc:ndLKa2,pingTime:-2,time:674,type:a,im:%7Bsf:0,pom:1,prf:%7BbeA:644,beZ:645,mfA:971,cmA:972,inA:972,inZ:973,prA:973,prZ:981,si:984,poA:984,poZ:988,cmZ:988,mfZ:988,loA:1043,loZ:1044,ltA:1317,ltZ:1317,idA:988,idZ:1043%7D%7D,sca:%7Bdfp:%7Bdf:4,sz:300.250,dom:div%7D%7D,env:%7Bgca:false,cca:false,gca2:false%7D,clog:%5B%7Bpiv:-1,vs:n,r:l,w:300,h:250,t:340%7D%5D,es:0,sc:1,ha:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:%7Bi:0,o:0,n:674,pp:0,pm:0%7D,slEvents:%5B%7Bsl:n,t:340,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:i,cc:NaN.NaN.300.250,piv:-1,obst:0,th:0,reas:l,bkn:%7Bpiv:%5B346~1%5D,as:%5B346~300.250%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:jload,dtt:0,fm:sI0Vq0u+11%7C12%7C13%7C14%7C15%7C161%7C162%7C163%7C164%7C17.930701%7C171%7C172%7C173%7C174%7C175%7C18*.930701%7C181%7C182%7C183%7C184%7C191%7C192%7C193%7C194%7C1a1%7C1a2%7C1a3%7C1a4%7C1b%7C1c1%7C1c2%7C1c3%7C1c4%7C1d1%7C1e1%7C1f%7C1g,idMap:18*,rmeas:1,rend:1,renddet:DIV.qs.sn,sinceFw:333,readyFired:true%7D&br=u
Requested by: Host: a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com
URL: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.244.36.20 , United States, ASN7415 (ADSAFE-1, US),
Reverse DNS: nyidt.adsafeprotected.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 04 Sep 2021 04:35:26 GMT
X-Server-Name: dt51.303net.pvt
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Server: nginx

POST
H3-29 200 view
googleads4.g.doubleclick.net/pcs/ Frame 0179 0
23 B 57ms
34ms Ping
image/gif 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: www.123greetings.com
URL: https://www.123greetings.com/events/dance_day/?utm_source=Email&utm_medium=Special_NL&utm_campaign=SNL_june20_events

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Sat, 04 Sep 2021 04:35:26 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

POST
H3-29 200 view
googleads4.g.doubleclick.net/pcs/ Frame A514 0
23 B 34ms
34ms Ping
image/gif 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: www.123greetings.com
URL: https://www.123greetings.com/events/dance_day/?utm_source=Email&utm_medium=Special_NL&utm_campaign=SNL_june20_events

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Sat, 04 Sep 2021 04:35:26 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3-29 200 CoopBd.woff
s0.2mdn.net/9506911/1609938295867/ Frame 45A8 32 KB
32 KB 6ms
6ms Font
font/woff 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/9506911/1609938295867/CoopBd.woff

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/9506911/1609938295867/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

660dafdc78011b6e915b39cbfd9546c82a36aa6c20bfc6a75e144bc700a290a8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://s0.2mdn.net
Referer: https://s0.2mdn.net/9506911/1609938295867/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 03 Sep 2021 09:44:43 GMT
x-content-type-options: nosniff
last-modified: Wed, 06 Jan 2021 13:04:56 GMT
server: sffe
age: 67843
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 32612
x-xss-protection: 0
expires: Sat, 04 Sep 2021 09:44:43 GMT

GET
H3-29 200 CoopCondBd.woff
s0.2mdn.net/9506911/1609938328780/ Frame 1AB1 29 KB
29 KB 7ms
6ms Font
font/woff 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/9506911/1609938328780/CoopCondBd.woff

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/9506911/1609938328780/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

63b176462a62d19e5a2af4cc0a845119d0389aae23ef15decd83efd182c91c40

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://s0.2mdn.net
Referer: https://s0.2mdn.net/9506911/1609938328780/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:25:35 GMT
x-content-type-options: nosniff
last-modified: Wed, 06 Jan 2021 13:05:29 GMT
server: sffe
age: 591
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29944
x-xss-protection: 0
expires: Sun, 05 Sep 2021 04:25:35 GMT

GET
H3-29 200 CoopBd.woff
s0.2mdn.net/9506911/1609938328780/ Frame 1AB1 32 KB
32 KB 7ms
7ms Font
font/woff 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/9506911/1609938328780/CoopBd.woff

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/9506911/1609938328780/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

660dafdc78011b6e915b39cbfd9546c82a36aa6c20bfc6a75e144bc700a290a8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://s0.2mdn.net
Referer: https://s0.2mdn.net/9506911/1609938328780/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 03 Sep 2021 20:22:05 GMT
x-content-type-options: nosniff
last-modified: Wed, 06 Jan 2021 13:05:28 GMT
server: sffe
age: 29601
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 32612
x-xss-protection: 0
expires: Sat, 04 Sep 2021 20:22:05 GMT

POST
H3-29 200 view
googleads4.g.doubleclick.net/pcs/ Frame 3061 0
23 B 35ms
34ms Ping
image/gif 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: www.123greetings.com
URL: https://www.123greetings.com/events/dance_day/?utm_source=Email&utm_medium=Special_NL&utm_campaign=SNL_june20_events

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Sat, 04 Sep 2021 04:35:26 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H2 200 video-loader2.1-cr.js Show response
cdn.avantisvideo.com/js/ Frame 679B 132 KB
39 KB 7ms
7ms Script
application/javascript 2600:9000:2240:fa00:1c:38a0:8a40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.avantisvideo.com/js/video-loader2.1-cr.js?id=1c35f5e5-f7c0-4c97-8283-6c9f94ba8c53&tagId=1
Requested by: Host: cdn.avantisvideo.com
URL: https://cdn.avantisvideo.com/avm/js/video-loader.js?id=1c35f5e5-f7c0-4c97-8283-6c9f94ba8c53&tagId=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2240:fa00:1c:38a0:8a40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 11a05afbf5502a5ee1f76168de53e9f2b18e5dccfce9f8488b040cbe6ff016c4

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 03 Sep 2021 08:09:56 GMT
content-encoding: gzip
last-modified: Mon, 30 Aug 2021 08:09:52 GMT
server: AmazonS3
age: 73531
etag: W/"afe56ce02ecafca022a24ddb31c9c756"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 d7433132a7c6595c9aab2dc2272e7061.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P1
x-amz-version-id: jeI0yvEpalr_BHIWvTTvKdCqKuIBs5Hx
x-amz-cf-id: C-8sDIcA0WXF_e52dYbdZdrDoETNEoeBTJgHFTW-OKzvWB9Ew9OwHQ==

GET
H2 200 video-loader2.1-cr.js Show response
cdn.avantisvideo.com/js/ Frame D77C 132 KB
39 KB 8ms
8ms Script
application/javascript 2600:9000:2240:fa00:1c:38a0:8a40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.avantisvideo.com/js/video-loader2.1-cr.js?id=1c35f5e5-f7c0-4c97-8283-6c9f94ba8c53&tagId=1
Requested by: Host: cdn.avantisvideo.com
URL: https://cdn.avantisvideo.com/avm/js/video-loader.js?id=1c35f5e5-f7c0-4c97-8283-6c9f94ba8c53&tagId=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2240:fa00:1c:38a0:8a40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 11a05afbf5502a5ee1f76168de53e9f2b18e5dccfce9f8488b040cbe6ff016c4

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 03 Sep 2021 08:09:56 GMT
content-encoding: gzip
last-modified: Mon, 30 Aug 2021 08:09:52 GMT
server: AmazonS3
age: 73531
etag: W/"afe56ce02ecafca022a24ddb31c9c756"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 d7433132a7c6595c9aab2dc2272e7061.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P1
x-amz-version-id: jeI0yvEpalr_BHIWvTTvKdCqKuIBs5Hx
x-amz-cf-id: zVNsWDtAcNRiPZW3VAeGMiZhErvkZAonB52uPRhNsBvVGZFhWx-fEA==

GET
H3-29 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame D77C 42 B
64 B 15ms
15ms Fetch
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsv-jvLjKEBZrTLC5abSj8EQcJaNLpa3a4zSkVEp3ZkqxwBhWg04vqNnHd2DbfQPA0vwhd9XR3VrkF-FowUqmviNk47twbv5swUiN1wehRQ27yRALRbq&sig=Cg0ArKJSzFe5KUPNAk9DEAE&id=lidar2&mcvt=1055&p=1172,635,1173,636&asp=1172,635,1173,636&mtos=1055,1055,1055,1055,1055&tos=1055,0,0,0,0&v=20210901&bin=7&avms=nio&bs=1600,1200&mc=1&app=0&itpl=19&adk=4230775942&rs=4&met=ce&la=0&cr=0&osd=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ%3D%3D&vs=4&eosm=0&rst=1630730125093&rpt=242&isd=0&lsd=0&r=v

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:35:26 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3-29 200 view
googleads4.g.doubleclick.net/pcs/ Frame A9A0 0
23 B 37ms
36ms Ping
image/gif 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: www.123greetings.com
URL: https://www.123greetings.com/events/dance_day/?utm_source=Email&utm_medium=Special_NL&utm_campaign=SNL_june20_events

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Sat, 04 Sep 2021 04:35:26 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

POST
H3-29 200 view
googleads4.g.doubleclick.net/pcs/ Frame 8759 0
23 B 34ms
34ms Ping
image/gif 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: www.123greetings.com
URL: https://www.123greetings.com/events/dance_day/?utm_source=Email&utm_medium=Special_NL&utm_campaign=SNL_june20_events

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Sat, 04 Sep 2021 04:35:26 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3-29 200 4M_hU0z2aGWsE6Fh5g73T3aOvXi4a4lK__VWYOQ1wYI.js Show response
pagead2.googlesyndication.com/bg/ Frame E064 35 KB
13 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/4M_hU0z2aGWsE6Fh5g73T3aOvXi4a4lK__VWYOQ1wYI.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e0cfe1534cf66865ac13a161e60ef74f768ebd78b86b894afff55660e435c182

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 03 Sep 2021 05:01:25 GMT
content-encoding: br
x-content-type-options: nosniff
age: 84841
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13264
x-xss-protection: 0
last-modified: Mon, 30 Aug 2021 12:58:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 03 Sep 2022 05:01:25 GMT

GET
H3-29 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame F306 6 KB
4 KB 20ms
16ms XHR
application/json 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_246&st=int

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_246.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0ddb0ff3f5c66e0bc36eae6a5f08292865a21847d18771c25de12f827152cc61

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 04 Sep 2021 04:35:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4525
x-xss-protection: 0

GET
H3-29 200 coop.jpg
s0.2mdn.net/9506911/1604308179092/ Frame 5676 7 KB
7 KB 11ms
8ms Image
image/jpeg 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/9506911/1604308179092/coop.jpg

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bc88881c267493814ada96b0cb57897aa9ff44610d2da1a67656c3cbcc0a874a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/9506911/1604308179092/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:34:32 GMT
x-content-type-options: nosniff
last-modified: Mon, 02 Nov 2020 09:09:39 GMT
server: sffe
age: 54
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7509
x-xss-protection: 0
expires: Sun, 05 Sep 2021 04:34:32 GMT

GET
H3-29 200 Coop-Icon.png
s0.2mdn.net/9506911/1604308179092/ Frame 5676 4 KB
4 KB 10ms
7ms Image
image/png 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/9506911/1604308179092/Coop-Icon.png

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

75519df306ca3d5504dc66f8e3398dc30f976a5859725309b90a0f2a3fdea6ec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/9506911/1604308179092/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 03 Sep 2021 07:53:06 GMT
x-content-type-options: nosniff
last-modified: Mon, 02 Nov 2020 09:09:39 GMT
server: sffe
age: 74540
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3753
x-xss-protection: 0
expires: Sat, 04 Sep 2021 07:53:06 GMT

GET
H3-29 200 Theke-frisch-300.jpg
s0.2mdn.net/9506911/1604308179092/ Frame 5676 17 KB
17 KB 13ms
11ms Image
image/jpeg 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/9506911/1604308179092/Theke-frisch-300.jpg

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

16567a7c25c8f64c0861b7eae3892722920bd09e5a77dd293799eb034194b551

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/9506911/1604308179092/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 03 Sep 2021 19:20:51 GMT
x-content-type-options: nosniff
last-modified: Mon, 02 Nov 2020 09:09:39 GMT
server: sffe
age: 33275
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17005
x-xss-protection: 0
expires: Sat, 04 Sep 2021 19:20:51 GMT

GET
H3-29 200 Ka_se-300.jpg
s0.2mdn.net/9506911/1604308179092/ Frame 5676 19 KB
19 KB 11ms
9ms Image
image/jpeg 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/9506911/1604308179092/Ka_se-300.jpg

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

81404aacb0d84988d864c671b075ca74f1baa4cebbb9f2b4c646233117d2d73e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/9506911/1604308179092/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:34:32 GMT
x-content-type-options: nosniff
last-modified: Mon, 02 Nov 2020 09:09:39 GMT
server: sffe
age: 54
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19900
x-xss-protection: 0
expires: Sun, 05 Sep 2021 04:34:32 GMT

GET
H3-29 200 lachs-300.jpg
s0.2mdn.net/9506911/1604308179092/ Frame 5676 21 KB
21 KB 11ms
9ms Image
image/jpeg 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/9506911/1604308179092/lachs-300.jpg

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

764a170851cb6e2d00a02685b39a0c28a3378a19c82a568c4cfbc5df52af8031

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/9506911/1604308179092/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 03 Sep 2021 05:43:54 GMT
x-content-type-options: nosniff
last-modified: Mon, 02 Nov 2020 09:09:39 GMT
server: sffe
age: 82292
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21126
x-xss-protection: 0
expires: Sat, 04 Sep 2021 05:43:54 GMT

GET
H3-29 200 brot-300.jpg
s0.2mdn.net/9506911/1604308179092/ Frame 5676 17 KB
17 KB 10ms
8ms Image
image/jpeg 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/9506911/1604308179092/brot-300.jpg

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

30302ebb7094c997809ca671e593375ba4e34efe494a86bc3003692ddd27099e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/9506911/1604308179092/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 03 Sep 2021 11:46:38 GMT
x-content-type-options: nosniff
last-modified: Mon, 02 Nov 2020 09:09:39 GMT
server: sffe
age: 60528
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17048
x-xss-protection: 0
expires: Sat, 04 Sep 2021 11:46:38 GMT

GET
H3-29 200 aufschnitt-300.jpg
s0.2mdn.net/9506911/1604308179092/ Frame 5676 16 KB
16 KB 13ms
11ms Image
image/jpeg 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/9506911/1604308179092/aufschnitt-300.jpg

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e6de2bd9b5cb6e9ebfbf874940becb16016151d713ee19049eab99dfe0965ebc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/9506911/1604308179092/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 03 Sep 2021 18:00:03 GMT
x-content-type-options: nosniff
last-modified: Mon, 02 Nov 2020 09:09:39 GMT
server: sffe
age: 38123
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15912
x-xss-protection: 0
expires: Sat, 04 Sep 2021 18:00:03 GMT

GET
H3-29 200 tete-300.jpg
s0.2mdn.net/9506911/1604308179092/ Frame 5676 24 KB
24 KB 12ms
11ms Image
image/jpeg 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/9506911/1604308179092/tete-300.jpg

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

aa4d27239f61f3f12e511f7774931c0d59c456971f9f6ef1d7a13a2408420d37

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/9506911/1604308179092/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 03 Sep 2021 14:16:51 GMT
x-content-type-options: nosniff
last-modified: Mon, 02 Nov 2020 09:09:39 GMT
server: sffe
age: 51515
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 24916
x-xss-protection: 0
expires: Sat, 04 Sep 2021 14:16:51 GMT

GET
H3-29 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 58B1 6 KB
4 KB 20ms
19ms XHR
application/json 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_246&st=int

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_246.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8d4f23855fd97ff345c97212b90df4992525f54579f5cdb816ce820b4aa93322

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 04 Sep 2021 04:35:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4555
x-xss-protection: 0

GET
H3-29 200 4M_hU0z2aGWsE6Fh5g73T3aOvXi4a4lK__VWYOQ1wYI.js Show response
pagead2.googlesyndication.com/bg/ Frame 0356 35 KB
13 KB 10ms
6ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/4M_hU0z2aGWsE6Fh5g73T3aOvXi4a4lK__VWYOQ1wYI.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e0cfe1534cf66865ac13a161e60ef74f768ebd78b86b894afff55660e435c182

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 03 Sep 2021 05:01:25 GMT
content-encoding: br
x-content-type-options: nosniff
age: 84841
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13264
x-xss-protection: 0
last-modified: Mon, 30 Aug 2021 12:58:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 03 Sep 2022 05:01:25 GMT

GET
H3-29 200 4M_hU0z2aGWsE6Fh5g73T3aOvXi4a4lK__VWYOQ1wYI.js Show response
pagead2.googlesyndication.com/bg/ Frame 7733 35 KB
13 KB 9ms
7ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/4M_hU0z2aGWsE6Fh5g73T3aOvXi4a4lK__VWYOQ1wYI.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e0cfe1534cf66865ac13a161e60ef74f768ebd78b86b894afff55660e435c182

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 03 Sep 2021 05:01:25 GMT
content-encoding: br
x-content-type-options: nosniff
age: 84841
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13264
x-xss-protection: 0
last-modified: Mon, 30 Aug 2021 12:58:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 03 Sep 2022 05:01:25 GMT

GET
H3-29 200 4M_hU0z2aGWsE6Fh5g73T3aOvXi4a4lK__VWYOQ1wYI.js Show response
pagead2.googlesyndication.com/bg/ Frame E22D 35 KB
13 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/4M_hU0z2aGWsE6Fh5g73T3aOvXi4a4lK__VWYOQ1wYI.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e0cfe1534cf66865ac13a161e60ef74f768ebd78b86b894afff55660e435c182

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 03 Sep 2021 05:01:25 GMT
content-encoding: br
x-content-type-options: nosniff
age: 84841
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13264
x-xss-protection: 0
last-modified: Mon, 30 Aug 2021 12:58:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 03 Sep 2022 05:01:25 GMT

GET
H3-29 200 4M_hU0z2aGWsE6Fh5g73T3aOvXi4a4lK__VWYOQ1wYI.js Show response
pagead2.googlesyndication.com/bg/ Frame 3BA4 35 KB
13 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/4M_hU0z2aGWsE6Fh5g73T3aOvXi4a4lK__VWYOQ1wYI.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e0cfe1534cf66865ac13a161e60ef74f768ebd78b86b894afff55660e435c182

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 03 Sep 2021 05:01:25 GMT
content-encoding: br
x-content-type-options: nosniff
age: 84841
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13264
x-xss-protection: 0
last-modified: Mon, 30 Aug 2021 12:58:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 03 Sep 2022 05:01:25 GMT

GET
H3-29 200 Kontrast-300.png
s0.2mdn.net/9506911/1609938295867/ Frame 2BCC 31 KB
31 KB 12ms
9ms Image
image/png 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/9506911/1609938295867/Kontrast-300.png

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

96e96292bf35ab4cfa60cf8f26578f55bacf27297ed4d97f7110a70e29229e0a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/9506911/1609938295867/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 03 Sep 2021 13:52:29 GMT
x-content-type-options: nosniff
last-modified: Wed, 06 Jan 2021 13:04:56 GMT
server: sffe
age: 52977
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 31808
x-xss-protection: 0
expires: Sat, 04 Sep 2021 13:52:29 GMT

GET
H3-29 200 Eier-90_1.png
s0.2mdn.net/9506911/1609938295867/ Frame 2BCC 5 KB
5 KB 11ms
9ms Image
image/png 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/9506911/1609938295867/Eier-90_1.png

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

48a989caa0e4be8c09df7aae34ca650aa4b0973825d092f3b500252f9df01ad8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/9506911/1609938295867/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 03 Sep 2021 15:23:38 GMT
x-content-type-options: nosniff
last-modified: Wed, 06 Jan 2021 13:04:56 GMT
server: sffe
age: 47508
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4892
x-xss-protection: 0
expires: Sat, 04 Sep 2021 15:23:38 GMT

GET
H3-29 200 spaghetti-160_1.png
s0.2mdn.net/9506911/1609938295867/ Frame 2BCC 7 KB
7 KB 15ms
12ms Image
image/png 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/9506911/1609938295867/spaghetti-160_1.png

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

db20203d2e3d3c689bae6647f1977fb9bb644c2b07408b0aedcad5005b428586

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/9506911/1609938295867/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 03 Sep 2021 12:49:44 GMT
x-content-type-options: nosniff
last-modified: Wed, 06 Jan 2021 13:04:56 GMT
server: sffe
age: 56742
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6832
x-xss-protection: 0
expires: Sat, 04 Sep 2021 12:49:44 GMT

GET
H3-29 200 Apfel-140_1.png
s0.2mdn.net/9506911/1609938295867/ Frame 2BCC 7 KB
7 KB 14ms
11ms Image
image/png 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/9506911/1609938295867/Apfel-140_1.png

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

940bdc70144188b863d137858d188c5bc8f06fb824ce9f8a6a146bae52e7b56f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/9506911/1609938295867/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 03 Sep 2021 18:52:34 GMT
x-content-type-options: nosniff
last-modified: Wed, 06 Jan 2021 13:04:56 GMT
server: sffe
age: 34972
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6896
x-xss-protection: 0
expires: Sat, 04 Sep 2021 18:52:34 GMT

GET
H3-29 200 johannisberg-150_1.png
s0.2mdn.net/9506911/1609938295867/ Frame 2BCC 6 KB
6 KB 14ms
12ms Image
image/png 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/9506911/1609938295867/johannisberg-150_1.png

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

78a69854cfec0c81eb2984ec5479bdcd88f9502879e78e34518113eda582856a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/9506911/1609938295867/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 03 Sep 2021 20:12:41 GMT
x-content-type-options: nosniff
last-modified: Wed, 06 Jan 2021 13:04:56 GMT
server: sffe
age: 30165
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6388
x-xss-protection: 0
expires: Sat, 04 Sep 2021 20:12:41 GMT

GET
H3-29 200 Rectangle_31-150_1.png
s0.2mdn.net/9506911/1609938295867/ Frame 2BCC 7 KB
7 KB 16ms
14ms Image
image/png 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/9506911/1609938295867/Rectangle_31-150_1.png

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6d11d75780091a50f5ff6f06a98e7deec983dd51413d915368dc4460c41268e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/9506911/1609938295867/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 03 Sep 2021 13:09:45 GMT
x-content-type-options: nosniff
last-modified: Wed, 06 Jan 2021 13:04:55 GMT
server: sffe
age: 55541
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7541
x-xss-protection: 0
expires: Sat, 04 Sep 2021 13:09:45 GMT

GET
H3-29 200 hakle-140_1.png
s0.2mdn.net/9506911/1609938295867/ Frame 2BCC 12 KB
12 KB 16ms
14ms Image
image/png 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/9506911/1609938295867/hakle-140_1.png

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8e21db5f5131558eb01e4241849ed66cf6ce8f0832773fff68d3f80f3c908d18

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/9506911/1609938295867/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:14:43 GMT
x-content-type-options: nosniff
last-modified: Wed, 06 Jan 2021 13:04:56 GMT
server: sffe
age: 1243
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12670
x-xss-protection: 0
expires: Sun, 05 Sep 2021 04:14:43 GMT

GET
H3-29 200 Kontrast-300-Henkel.png
s0.2mdn.net/9506911/1609938295867/ Frame 2BCC 3 KB
3 KB 18ms
16ms Image
image/png 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/9506911/1609938295867/Kontrast-300-Henkel.png

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1cbb58dea630e6854e6c5912004d1ec97ad9829d50725234801b850bc811d3a1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/9506911/1609938295867/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 03 Sep 2021 16:28:05 GMT
x-content-type-options: nosniff
last-modified: Wed, 06 Jan 2021 13:04:56 GMT
server: sffe
age: 43641
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2632
x-xss-protection: 0
expires: Sat, 04 Sep 2021 16:28:05 GMT

GET
H3-29 200 Coop-Icon.png
s0.2mdn.net/9506911/1609938295867/ Frame 2BCC 4 KB
4 KB 19ms
16ms Image
image/png 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/9506911/1609938295867/Coop-Icon.png

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

75519df306ca3d5504dc66f8e3398dc30f976a5859725309b90a0f2a3fdea6ec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/9506911/1609938295867/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 03 Sep 2021 10:53:39 GMT
x-content-type-options: nosniff
last-modified: Wed, 06 Jan 2021 13:04:55 GMT
server: sffe
age: 63707
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3753
x-xss-protection: 0
expires: Sat, 04 Sep 2021 10:53:39 GMT

GET
H3-29 200 coop.jpg
s0.2mdn.net/9506911/1609938295867/ Frame 2BCC 7 KB
7 KB 19ms
15ms Image
image/jpeg 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/9506911/1609938295867/coop.jpg

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bc88881c267493814ada96b0cb57897aa9ff44610d2da1a67656c3cbcc0a874a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/9506911/1609938295867/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 03 Sep 2021 18:43:02 GMT
x-content-type-options: nosniff
last-modified: Wed, 06 Jan 2021 13:04:55 GMT
server: sffe
age: 35544
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7509
x-xss-protection: 0
expires: Sat, 04 Sep 2021 18:43:02 GMT

GET
H3-29 200 4M_hU0z2aGWsE6Fh5g73T3aOvXi4a4lK__VWYOQ1wYI.js Show response
pagead2.googlesyndication.com/bg/ Frame 512A 35 KB
13 KB 8ms
6ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/4M_hU0z2aGWsE6Fh5g73T3aOvXi4a4lK__VWYOQ1wYI.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e0cfe1534cf66865ac13a161e60ef74f768ebd78b86b894afff55660e435c182

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 03 Sep 2021 05:01:25 GMT
content-encoding: br
x-content-type-options: nosniff
age: 84841
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13264
x-xss-protection: 0
last-modified: Mon, 30 Aug 2021 12:58:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 03 Sep 2022 05:01:25 GMT

GET
H3-29 200 Kontrast-300.png
s0.2mdn.net/9506911/1609938295867/ Frame 45A8 31 KB
31 KB 10ms
8ms Image
image/png 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/9506911/1609938295867/Kontrast-300.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/9506911/1609938295867/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

96e96292bf35ab4cfa60cf8f26578f55bacf27297ed4d97f7110a70e29229e0a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/9506911/1609938295867/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 03 Sep 2021 13:52:29 GMT
x-content-type-options: nosniff
last-modified: Wed, 06 Jan 2021 13:04:56 GMT
server: sffe
age: 52977
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 31808
x-xss-protection: 0
expires: Sat, 04 Sep 2021 13:52:29 GMT

GET
H3-29 200 Eier-90_1.png
s0.2mdn.net/9506911/1609938295867/ Frame 45A8 5 KB
5 KB 11ms
9ms Image
image/png 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/9506911/1609938295867/Eier-90_1.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/9506911/1609938295867/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

48a989caa0e4be8c09df7aae34ca650aa4b0973825d092f3b500252f9df01ad8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/9506911/1609938295867/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 03 Sep 2021 15:23:38 GMT
x-content-type-options: nosniff
last-modified: Wed, 06 Jan 2021 13:04:56 GMT
server: sffe
age: 47508
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4892
x-xss-protection: 0
expires: Sat, 04 Sep 2021 15:23:38 GMT

GET
H3-29 200 spaghetti-160_1.png
s0.2mdn.net/9506911/1609938295867/ Frame 45A8 7 KB
7 KB 14ms
12ms Image
image/png 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/9506911/1609938295867/spaghetti-160_1.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/9506911/1609938295867/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

db20203d2e3d3c689bae6647f1977fb9bb644c2b07408b0aedcad5005b428586

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/9506911/1609938295867/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 03 Sep 2021 12:49:44 GMT
x-content-type-options: nosniff
last-modified: Wed, 06 Jan 2021 13:04:56 GMT
server: sffe
age: 56742
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6832
x-xss-protection: 0
expires: Sat, 04 Sep 2021 12:49:44 GMT

GET
H3-29 200 Apfel-140_1.png
s0.2mdn.net/9506911/1609938295867/ Frame 45A8 7 KB
7 KB 13ms
11ms Image
image/png 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/9506911/1609938295867/Apfel-140_1.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/9506911/1609938295867/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

940bdc70144188b863d137858d188c5bc8f06fb824ce9f8a6a146bae52e7b56f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/9506911/1609938295867/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 03 Sep 2021 18:52:34 GMT
x-content-type-options: nosniff
last-modified: Wed, 06 Jan 2021 13:04:56 GMT
server: sffe
age: 34972
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6896
x-xss-protection: 0
expires: Sat, 04 Sep 2021 18:52:34 GMT

GET
H3-29 200 johannisberg-150_1.png
s0.2mdn.net/9506911/1609938295867/ Frame 45A8 6 KB
6 KB 13ms
11ms Image
image/png 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/9506911/1609938295867/johannisberg-150_1.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/9506911/1609938295867/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

78a69854cfec0c81eb2984ec5479bdcd88f9502879e78e34518113eda582856a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/9506911/1609938295867/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 03 Sep 2021 20:12:41 GMT
x-content-type-options: nosniff
last-modified: Wed, 06 Jan 2021 13:04:56 GMT
server: sffe
age: 30165
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6388
x-xss-protection: 0
expires: Sat, 04 Sep 2021 20:12:41 GMT

GET
H3-29 200 Rectangle_31-150_1.png
s0.2mdn.net/9506911/1609938295867/ Frame 45A8 7 KB
7 KB 16ms
14ms Image
image/png 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/9506911/1609938295867/Rectangle_31-150_1.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/9506911/1609938295867/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6d11d75780091a50f5ff6f06a98e7deec983dd51413d915368dc4460c41268e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/9506911/1609938295867/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 03 Sep 2021 13:09:45 GMT
x-content-type-options: nosniff
last-modified: Wed, 06 Jan 2021 13:04:55 GMT
server: sffe
age: 55541
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7541
x-xss-protection: 0
expires: Sat, 04 Sep 2021 13:09:45 GMT

GET
H3-29 200 hakle-140_1.png
s0.2mdn.net/9506911/1609938295867/ Frame 45A8 12 KB
12 KB 15ms
14ms Image
image/png 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/9506911/1609938295867/hakle-140_1.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/9506911/1609938295867/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8e21db5f5131558eb01e4241849ed66cf6ce8f0832773fff68d3f80f3c908d18

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/9506911/1609938295867/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:14:43 GMT
x-content-type-options: nosniff
last-modified: Wed, 06 Jan 2021 13:04:56 GMT
server: sffe
age: 1243
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12670
x-xss-protection: 0
expires: Sun, 05 Sep 2021 04:14:43 GMT

GET
H3-29 200 Kontrast-300-Henkel.png
s0.2mdn.net/9506911/1609938295867/ Frame 45A8 3 KB
3 KB 15ms
14ms Image
image/png 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/9506911/1609938295867/Kontrast-300-Henkel.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/9506911/1609938295867/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1cbb58dea630e6854e6c5912004d1ec97ad9829d50725234801b850bc811d3a1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/9506911/1609938295867/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 03 Sep 2021 16:28:05 GMT
x-content-type-options: nosniff
last-modified: Wed, 06 Jan 2021 13:04:56 GMT
server: sffe
age: 43641
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2632
x-xss-protection: 0
expires: Sat, 04 Sep 2021 16:28:05 GMT

GET
H3-29 200 Coop-Icon.png
s0.2mdn.net/9506911/1609938295867/ Frame 45A8 4 KB
4 KB 16ms
15ms Image
image/png 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/9506911/1609938295867/Coop-Icon.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/9506911/1609938295867/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

75519df306ca3d5504dc66f8e3398dc30f976a5859725309b90a0f2a3fdea6ec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/9506911/1609938295867/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 03 Sep 2021 10:53:39 GMT
x-content-type-options: nosniff
last-modified: Wed, 06 Jan 2021 13:04:55 GMT
server: sffe
age: 63707
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3753
x-xss-protection: 0
expires: Sat, 04 Sep 2021 10:53:39 GMT

GET
H3-29 200 coop.jpg
s0.2mdn.net/9506911/1609938295867/ Frame 45A8 7 KB
7 KB 16ms
15ms Image
image/jpeg 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/9506911/1609938295867/coop.jpg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/9506911/1609938295867/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bc88881c267493814ada96b0cb57897aa9ff44610d2da1a67656c3cbcc0a874a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/9506911/1609938295867/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 03 Sep 2021 18:43:02 GMT
x-content-type-options: nosniff
last-modified: Wed, 06 Jan 2021 13:04:55 GMT
server: sffe
age: 35544
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7509
x-xss-protection: 0
expires: Sat, 04 Sep 2021 18:43:02 GMT

GET
H3-29 200 Kontrast-300.png
s0.2mdn.net/9506911/1609938328780/ Frame 1AB1 31 KB
31 KB 17ms
15ms Image
image/png 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/9506911/1609938328780/Kontrast-300.png

Requested by

Host: a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com
URL: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

96e96292bf35ab4cfa60cf8f26578f55bacf27297ed4d97f7110a70e29229e0a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/9506911/1609938328780/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 03 Sep 2021 05:25:00 GMT
x-content-type-options: nosniff
last-modified: Wed, 06 Jan 2021 13:05:29 GMT
server: sffe
age: 83426
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 31808
x-xss-protection: 0
expires: Sat, 04 Sep 2021 05:25:00 GMT

GET
H3-29 200 Eier-90_1.png
s0.2mdn.net/9506911/1609938328780/ Frame 1AB1 5 KB
5 KB 19ms
16ms Image
image/png 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/9506911/1609938328780/Eier-90_1.png

Requested by

Host: a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com
URL: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

48a989caa0e4be8c09df7aae34ca650aa4b0973825d092f3b500252f9df01ad8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/9506911/1609938328780/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:25:35 GMT
x-content-type-options: nosniff
last-modified: Wed, 06 Jan 2021 13:05:29 GMT
server: sffe
age: 591
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4892
x-xss-protection: 0
expires: Sun, 05 Sep 2021 04:25:35 GMT

GET
H3-29 200 spaghetti-160_1.png
s0.2mdn.net/9506911/1609938328780/ Frame 1AB1 7 KB
7 KB 19ms
17ms Image
image/png 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/9506911/1609938328780/spaghetti-160_1.png

Requested by

Host: a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com
URL: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

db20203d2e3d3c689bae6647f1977fb9bb644c2b07408b0aedcad5005b428586

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/9506911/1609938328780/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 03 Sep 2021 18:08:35 GMT
x-content-type-options: nosniff
last-modified: Wed, 06 Jan 2021 13:05:29 GMT
server: sffe
age: 37611
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6832
x-xss-protection: 0
expires: Sat, 04 Sep 2021 18:08:35 GMT

GET
H3-29 200 Apfel-140_1.png
s0.2mdn.net/9506911/1609938328780/ Frame 1AB1 7 KB
7 KB 19ms
16ms Image
image/png 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/9506911/1609938328780/Apfel-140_1.png

Requested by

Host: a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com
URL: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

940bdc70144188b863d137858d188c5bc8f06fb824ce9f8a6a146bae52e7b56f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/9506911/1609938328780/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 03 Sep 2021 19:35:57 GMT
x-content-type-options: nosniff
last-modified: Wed, 06 Jan 2021 13:05:29 GMT
server: sffe
age: 32369
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6896
x-xss-protection: 0
expires: Sat, 04 Sep 2021 19:35:57 GMT

GET
H3-29 200 johannisberg-150_1.png
s0.2mdn.net/9506911/1609938328780/ Frame 1AB1 6 KB
6 KB 18ms
17ms Image
image/png 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/9506911/1609938328780/johannisberg-150_1.png

Requested by

Host: a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com
URL: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

78a69854cfec0c81eb2984ec5479bdcd88f9502879e78e34518113eda582856a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/9506911/1609938328780/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:25:35 GMT
x-content-type-options: nosniff
last-modified: Wed, 06 Jan 2021 13:05:29 GMT
server: sffe
age: 591
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6388
x-xss-protection: 0
expires: Sun, 05 Sep 2021 04:25:35 GMT

GET
H3-29 200 Rectangle_31-150_1.png
s0.2mdn.net/9506911/1609938328780/ Frame 1AB1 7 KB
7 KB 19ms
17ms Image
image/png 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/9506911/1609938328780/Rectangle_31-150_1.png

Requested by

Host: a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com
URL: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6d11d75780091a50f5ff6f06a98e7deec983dd51413d915368dc4460c41268e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/9506911/1609938328780/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 03 Sep 2021 13:12:41 GMT
x-content-type-options: nosniff
last-modified: Wed, 06 Jan 2021 13:05:28 GMT
server: sffe
age: 55365
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7541
x-xss-protection: 0
expires: Sat, 04 Sep 2021 13:12:41 GMT

GET
H3-29 200 hakle-140_1.png
s0.2mdn.net/9506911/1609938328780/ Frame 1AB1 12 KB
12 KB 15ms
13ms Image
image/png 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/9506911/1609938328780/hakle-140_1.png

Requested by

Host: a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com
URL: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8e21db5f5131558eb01e4241849ed66cf6ce8f0832773fff68d3f80f3c908d18

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/9506911/1609938328780/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 03 Sep 2021 13:12:41 GMT
x-content-type-options: nosniff
last-modified: Wed, 06 Jan 2021 13:05:28 GMT
server: sffe
age: 55365
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12670
x-xss-protection: 0
expires: Sat, 04 Sep 2021 13:12:41 GMT

GET
H3-29 200 Kontrast-300-Henkel.png
s0.2mdn.net/9506911/1609938328780/ Frame 1AB1 3 KB
3 KB 17ms
15ms Image
image/png 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/9506911/1609938328780/Kontrast-300-Henkel.png

Requested by

Host: a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com
URL: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1cbb58dea630e6854e6c5912004d1ec97ad9829d50725234801b850bc811d3a1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/9506911/1609938328780/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 03 Sep 2021 17:15:49 GMT
x-content-type-options: nosniff
last-modified: Wed, 06 Jan 2021 13:05:28 GMT
server: sffe
age: 40777
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2632
x-xss-protection: 0
expires: Sat, 04 Sep 2021 17:15:49 GMT

GET
H3-29 200 coop.jpg
s0.2mdn.net/9506911/1609938328780/ Frame 1AB1 7 KB
7 KB 17ms
15ms Image
image/jpeg 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/9506911/1609938328780/coop.jpg

Requested by

Host: a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com
URL: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bc88881c267493814ada96b0cb57897aa9ff44610d2da1a67656c3cbcc0a874a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/9506911/1609938328780/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 03 Sep 2021 05:25:00 GMT
x-content-type-options: nosniff
last-modified: Wed, 06 Jan 2021 13:05:28 GMT
server: sffe
age: 83426
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7509
x-xss-protection: 0
expires: Sat, 04 Sep 2021 05:25:00 GMT

GET
H3-29 200 Coop-Icon.png
s0.2mdn.net/9506911/1609938328780/ Frame 1AB1 4 KB
4 KB 21ms
18ms Image
image/png 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/9506911/1609938328780/Coop-Icon.png

Requested by

Host: a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com
URL: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

75519df306ca3d5504dc66f8e3398dc30f976a5859725309b90a0f2a3fdea6ec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/9506911/1609938328780/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 03 Sep 2021 12:38:55 GMT
x-content-type-options: nosniff
last-modified: Wed, 06 Jan 2021 13:05:28 GMT
server: sffe
age: 57391
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3753
x-xss-protection: 0
expires: Sat, 04 Sep 2021 12:38:55 GMT

GET
H2 200 video-loader2.1-cr.js Show response
cdn.avantisvideo.com/js/ 132 KB
39 KB 23ms
6ms Script
application/javascript 2600:9000:2240:fa00:1c:38a0:8a40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.avantisvideo.com/js/video-loader2.1-cr.js?id=1c35f5e5-f7c0-4c97-8283-6c9f94ba8c53&tagId=1
Requested by: Host: cdn.avantisvideo.com
URL: https://cdn.avantisvideo.com/js/video-loader2.1-cr.js?id=1c35f5e5-f7c0-4c97-8283-6c9f94ba8c53&tagId=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2240:fa00:1c:38a0:8a40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 11a05afbf5502a5ee1f76168de53e9f2b18e5dccfce9f8488b040cbe6ff016c4

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 03 Sep 2021 08:09:56 GMT
content-encoding: gzip
last-modified: Mon, 30 Aug 2021 08:09:52 GMT
server: AmazonS3
age: 73531
etag: W/"afe56ce02ecafca022a24ddb31c9c756"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 d7433132a7c6595c9aab2dc2272e7061.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P1
x-amz-version-id: jeI0yvEpalr_BHIWvTTvKdCqKuIBs5Hx
x-amz-cf-id: 7xtnjQkMnFV5J44BaIhZwpxXwPRBbl8HfJuBsUm74IRrcPUDy1MjkA==

GET
H3-29 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame F306 17 KB
6 KB 45ms
35ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_246.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:35:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1624308425655142"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6467
x-xss-protection: 0
expires: Sat, 04 Sep 2021 04:35:26 GMT

GET
H3-29 200 4M_hU0z2aGWsE6Fh5g73T3aOvXi4a4lK__VWYOQ1wYI.js Show response
pagead2.googlesyndication.com/bg/ Frame 7BCA 35 KB
13 KB 9ms
7ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/4M_hU0z2aGWsE6Fh5g73T3aOvXi4a4lK__VWYOQ1wYI.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e0cfe1534cf66865ac13a161e60ef74f768ebd78b86b894afff55660e435c182

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 03 Sep 2021 05:01:25 GMT
content-encoding: br
x-content-type-options: nosniff
age: 84841
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13264
x-xss-protection: 0
last-modified: Mon, 30 Aug 2021 12:58:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 03 Sep 2022 05:01:25 GMT

GET
H3-29 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 58B1 17 KB
6 KB 44ms
43ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_246.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:35:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1624308425655142"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6467
x-xss-protection: 0
expires: Sat, 04 Sep 2021 04:35:26 GMT

GET
H3-29 200 300x250_generic.jpg_1629975750171_300x250_generic.jpg
s0.2mdn.net/dynamic/2/10638481/dynamicad.ch/swiss_complete/composite/ch/zrh/pro/images/ Frame F306 4 KB
4 KB 6ms
6ms Image
image/jpeg 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/dynamic/2/10638481/dynamicad.ch/swiss_complete/composite/ch/zrh/pro/images/300x250_generic.jpg_1629975750171_300x250_generic.jpg

Requested by

Host: a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com
URL: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1a0c61c7d7e9ae831d6d40993fc3751a958fd6bf107f270919e6a8ab1b840542

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61380784/20210806085505080/index.html?e=69&leftOffset=0&topOffset=0&c=32X825vgkC&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Thu, 02 Sep 2021 13:08:50 GMT
x-content-type-options: nosniff
last-modified: Thu, 26 Aug 2021 11:03:07 GMT
server: sffe
age: 141996
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-programmable
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4464
x-xss-protection: 0
expires: Fri, 02 Sep 2022 13:08:50 GMT

GET
H3-29 200 300x250_generic.jpg_1629975750171_300x250_generic.jpg
s0.2mdn.net/dynamic/2/10638481/dynamicad.ch/swiss_complete/composite/ch/zrh/pro/images/ Frame 58B1 4 KB
4 KB 6ms
6ms Image
image/jpeg 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/dynamic/2/10638481/dynamicad.ch/swiss_complete/composite/ch/zrh/pro/images/300x250_generic.jpg_1629975750171_300x250_generic.jpg

Requested by

Host: www.123greetings.com
URL: https://www.123greetings.com/events/dance_day/?utm_source=Email&utm_medium=Special_NL&utm_campaign=SNL_june20_events

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1a0c61c7d7e9ae831d6d40993fc3751a958fd6bf107f270919e6a8ab1b840542

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61380784/20210806085505080/index.html?e=69&leftOffset=0&topOffset=0&c=gAFXV1gCGD&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Thu, 02 Sep 2021 13:08:50 GMT
x-content-type-options: nosniff
last-modified: Thu, 26 Aug 2021 11:03:07 GMT
server: sffe
age: 141996
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-programmable
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4464
x-xss-protection: 0
expires: Fri, 02 Sep 2022 13:08:50 GMT

GET
H3-29 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 0179 42 B
64 B 22ms
22ms Fetch
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssX_412AerJpeOTNRE8CgdKCuB1mXkHTBjmZIZFXK2mvHys3mr0iqYueN67mVO9wvcLuWnFdURbBaHXRethbl197y31gmQYua58fQQ9uvUKaA5gPrD_muIZSLs&sai=AMfl-YQsqCP-0R6jiSuJP96AjX0a2oZyPwnnQUHOqPN8XXQVGNtyiazmiv-vH7npMlfBxQt-y1-IHxS37tBki4ZziTtrtRTnOjoNmN5uXPZMErqYT19QP1JNSn_0AER0&sig=Cg0ArKJSzNTzLF6s8_QxEAE&cid=CAASEuRoiJwivkXL3dCJw23rC_GwjQ&id=lidar2&mcvt=1103&p=47,560,137,1288&asp=47,560,137,1288&mtos=1103,1103,1103,1103,1103&tos=1103,0,0,0,0&v=20210901&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=20&adk=3914305483&rs=4&met=mue&la=0&cr=0&osd=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ%3D%3D&vs=4&eosm=0&rst=1630730125007&rpt=577&isd=0&lsd=0&r=v

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:35:26 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
DATA 200
OK truncated
/ Frame F306 25 KB
25 KB Font
application/octet-stream

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: be8dd808b3bf7b871067ee83fe410781372c71fd677c2d07856653e11707920b

Request headers

Origin: https://s0.2mdn.net
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Content-Type: application/octet-stream

GET
H2 200 u_d.html Show response
cdn1.avantisvideo.com/connect/ Frame 1314 42 KB
15 KB 6ms
6ms Document
text/html 2600:9000:2240:7c00:1c:38a0:8a40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn1.avantisvideo.com/connect/u_d.html
Requested by: Host: cdn.avantisvideo.com
URL: https://cdn.avantisvideo.com/js/video-loader2.1-cr.js?id=1c35f5e5-f7c0-4c97-8283-6c9f94ba8c53&tagId=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2240:7c00:1c:38a0:8a40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 3fac6fcea268523d827b4512f268a9bb1df0479b8a4603d118c9e4df7489a038

Request headers

:method: GET
:authority: cdn1.avantisvideo.com
:scheme: https
:path: /connect/u_d.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.123greetings.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://www.123greetings.com/

Response headers

content-type: text/html
date: Fri, 03 Sep 2021 05:41:35 GMT
last-modified: Tue, 30 Mar 2021 10:01:49 GMT
etag: W/"f5694815436f3e426c35d9ae8274ad04"
x-amz-version-id: Ftlos22uEwPvOcBw5odXpMxKfkl_0T1Q
server: AmazonS3
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 9ef1b108656dc6d0707b168b862883dd.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P1
x-amz-cf-id: AUPVRDyl2y9QoaGX4JojgfCoxmlmNb_fniPQbqxezj08a5LVwcPeFg==
age: 82432

GET
H2 200 4M_hU0z2aGWsE6Fh5g73T3aOvXi4a4lK__VWYOQ1wYI.js Show response
pagead2.googlesyndication.com/bg/ Frame 2304 35 KB
13 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/4M_hU0z2aGWsE6Fh5g73T3aOvXi4a4lK__VWYOQ1wYI.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e0cfe1534cf66865ac13a161e60ef74f768ebd78b86b894afff55660e435c182

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 03 Sep 2021 05:01:25 GMT
content-encoding: br
x-content-type-options: nosniff
age: 84841
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13264
x-xss-protection: 0
last-modified: Mon, 30 Aug 2021 12:58:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 03 Sep 2022 05:01:25 GMT

GET
H3-29 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 2763 42 B
64 B 23ms
22ms Fetch
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssECXtdtuDGGjfZ6Yn7GZgaOM_18cedF2JWHPzUgLRGyw5AEfsoAdI8VTILjOxRlr-2ZlLa4OClBlvpK9nb_03dim-QGd6KsoSDAcC3alT0XRh5-WPiM-OMvEM&sai=AMfl-YQbD2NYV9YPIC3-bKhK99O_RUVqwgFUwC_7hO8YYRkWtm4w5Ue6W06dpqqcOJfGfg_XXMTI-W36LbNqaETySK4B_hpdvJ-if4T3O1oUVejOCKwpw5XwkQKt1L0m&sig=Cg0ArKJSzDb3YKszI6JJEAE&cid=CAASEuRoa_NUDp9SwKdqdzURLM65PQ&id=lidar2&mcvt=1134&p=236,970,486,1270&asp=236,970,486,1270&mtos=1134,1134,1134,1134,1134&tos=1134,0,0,0,0&v=20210901&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=20&adk=1127719608&rs=4&met=mue&la=0&cr=0&osd=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ%3D%3D&vs=4&eosm=0&rst=1630730125012&rpt=639&isd=0&lsd=0&r=v

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:35:26 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame A514 42 B
64 B 21ms
21ms Fetch
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvc9ZWidkc9V9OTJUWyaJ2cTxjjczi1ak9zfpi98-8KOGk8JQG2zRV_Ux0FAUybg0QplE2DVh2zSHYnedICsczvBkHBDh9YB66dgk3JNnwq2UGj9yS7X2vidfA&sai=AMfl-YQZZL5CtJGChvSMuppN4RlG9RqE970Jsfo8ra4oHeX6lXzWVfHimcVQpoRS0r-L04vPigoKfkaeBJOyEgBOljItetSvI8X_tKu9zA8vVS26iPKnOmoa4GAlMivK&sig=Cg0ArKJSzFs3qbZdaGPmEAE&cid=CAASEuRoHuin9-Uuv4RCreadAfNlOw&id=lidar2&mcvt=1136&p=518,970,768,1270&asp=518,970,768,1270&mtos=1136,1136,1136,1136,1136&tos=1136,0,0,0,0&v=20210901&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=20&adk=4293624944&rs=4&met=mue&la=0&cr=0&osd=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ%3D%3D&vs=4&eosm=0&rst=1630730125049&rpt=670&isd=0&lsd=0&r=v

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:35:26 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 4M_hU0z2aGWsE6Fh5g73T3aOvXi4a4lK__VWYOQ1wYI.js Show response
pagead2.googlesyndication.com/bg/ Frame 8D1B 35 KB
13 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/4M_hU0z2aGWsE6Fh5g73T3aOvXi4a4lK__VWYOQ1wYI.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e0cfe1534cf66865ac13a161e60ef74f768ebd78b86b894afff55660e435c182

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 03 Sep 2021 05:01:25 GMT
content-encoding: br
x-content-type-options: nosniff
age: 84841
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13264
x-xss-protection: 0
last-modified: Mon, 30 Aug 2021 12:58:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 03 Sep 2022 05:01:25 GMT

GET
H/1.1 200
OK dt
dt.adsafeprotected.com/ Frame 2763 43 B
301 B 103ms
103ms Image
image/gif 104.244.36.20
ADSAFE-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=930701&asId=f9ee2c03-693f-5721-687b-3aed9d6583ce&tv=%7Bc:ndLKjm,pingTime:-10,time:1314,type:s,mvn:ZnNjPTEyLHNkPTMsbm89OCxhc3A9MQ--,sd:MTcuNS4xMnYxMjAwfHwxNjAwfHwxfHwxfHwyNHx8MTIwMHx8MHx8MHx8MXx8bGFuZHNjYXBlLXByaW1hcnl8fDI0fHw0LzN8fDQvM3x8MHx8MTYwMA--,no:MTcuNS4xMnZNb3ppbGxhfHxOZXRzY2FwZXx8bnx8bnx8MHx8bnx8TGludXggeDg2XzY0fHxHZWNrb3x8MjAwMzAxMDd8fC0xMjB8fE1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS85Mi4wLjQ1MTUuMTU5IFNhZmFyaS81MzcuMzZ8fDF8fDF8fEdvb2dsZSBJbmMufHxu,ch:n,fsc:17.5.12v220002022000220000022002220000022220200000222200022220002022022002222202002220222022222022222000220200000022220222220222222222222202222222222222222222222222222222222222200000022022020020000002022202022022022222222000000000020222202022022222000000020000000000000000000002220002220000022200222202220022200200222022202220022202220020222202000220000222202222202222000002002002222222202220022202200022002220222202,asp:1630730126943%7C%7C3faa355ba6117cf28a5c5a2dee1cebf3%7C%7C605f01b1409979f1b4f5151f8eefb28a%7C%7C7e13bead8763fce144733e364f6193c3%7C%7Cc7df3ec4b5a5991ebcbbb69b90ee3953%7C%7C2e418f15fe2058361d2b909ef840f0f2%7C%7C7b19c56c908c2b1c83d589df60c74841%7C%7Cfc924008de3ae0aa75bf56c50e5d78d6%7C%7C1629390669%7D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.244.36.20 , United States, ASN7415 (ADSAFE-1, US),
Reverse DNS: nyidt.adsafeprotected.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 04 Sep 2021 04:35:27 GMT
X-Server-Name: dt51.303net.pvt
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Server: nginx

GET
H2 200 geoip Show response
avm.avantisvideo.com/api/v1/ Frame 1314 116 B
870 B 147ms
147ms XHR
application/json 2600:9000:223c:7c00:3:748e:7940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://avm.avantisvideo.com/api/v1/geoip

Requested by

Host: cdn1.avantisvideo.com
URL: https://cdn1.avantisvideo.com/connect/u_d.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223c:7c00:3:748e:7940:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

d81386cb76a2f803a6a7674bab45293bde918693a683a583ccd20f85619df9ef

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://cdn1.avantisvideo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: application/json

Response headers

content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
via: 1.1 0c688bb347bc402edc1209f13e04d88c.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-permitted-cross-domain-policies: none
x-amz-cf-pop: FRA56-P2
x-dns-prefetch-control: off
x-cache: Miss from cloudfront
vary: Origin
content-length: 116
x-xss-protection: 0
referrer-policy: no-referrer
x-frame-options: SAMEORIGIN
date: Sat, 04 Sep 2021 04:35:27 GMT
expect-ct: max-age=0
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
content-type: application/json; charset=utf-8
access-control-allow-origin: https://cdn1.avantisvideo.com
access-control-allow-credentials: true
x-amz-cf-id: R6abBURiFQF4Rgo7YoXm8C3X2Oxgicz-vJnNxgc73kNBu6HrJ_JOug==

OPTIONS
H2 204 geoip
avm.avantisvideo.com/api/v1/ Frame 0
0 154ms
154ms Preflight 2600:9000:223c:7c00:3:748e:7940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://avm.avantisvideo.com/api/v1/geoip

Protocol

Server

2600:9000:223c:7c00:3:748e:7940:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Origin: https://cdn1.avantisvideo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Sat, 04 Sep 2021 04:35:27 GMT
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-dns-prefetch-control: off
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
vary: Origin
access-control-allow-origin: https://cdn1.avantisvideo.com
access-control-allow-credentials: true
access-control-allow-methods: GET,HEAD,PUT,POST,DELETE,PATCH
access-control-allow-headers: content-type
x-cache: Miss from cloudfront
via: 1.1 0c688bb347bc402edc1209f13e04d88c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P2
x-amz-cf-id: F4HeqhvuUqWQ0YZwtZpy2RRuQR22R-NdNCKUb0qV68d0XMe-Z9hmrA==

GET
H/1.1 200
OK dt
dt.adsafeprotected.com/ Frame A514 43 B
301 B 104ms
103ms Image
image/gif 104.244.36.20
ADSAFE-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=930701&asId=57defb38-59ad-2db2-7936-8259127130e3&tv=%7Bc:ndLKp6,pingTime:-10,time:1608,type:s,mvn:ZnNjPTEyLHNkPTMsbm89OCxhc3A9MQ--,sd:MTcuNS4xMnYxMjAwfHwxNjAwfHwxfHwxfHwyNHx8MTIwMHx8MHx8MHx8MXx8bGFuZHNjYXBlLXByaW1hcnl8fDI0fHw0LzN8fDQvM3x8MHx8MTYwMA--,no:MTcuNS4xMnZNb3ppbGxhfHxOZXRzY2FwZXx8bnx8bnx8MHx8bnx8TGludXggeDg2XzY0fHxHZWNrb3x8MjAwMzAxMDd8fC0xMjB8fE1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS85Mi4wLjQ1MTUuMTU5IFNhZmFyaS81MzcuMzZ8fDF8fDF8fEdvb2dsZSBJbmMufHxu,ch:n,fsc:17.5.12v220002022000220000022002220000022220200000222200022220002022022002222202002220222022222022222000220200000022220222220222222222222202222222222222222222222222222222222222200000022022020020000002022202022022022222222000000000020222202022022222000000020000000000000000000002220002220000022200222202220022200200222022202220022202220020222202000220000222202222202222000002002002222222202220022202200022002220222202,asp:1630730126943%7C%7C3faa355ba6117cf28a5c5a2dee1cebf3%7C%7C605f01b1409979f1b4f5151f8eefb28a%7C%7C7e13bead8763fce144733e364f6193c3%7C%7Cc7df3ec4b5a5991ebcbbb69b90ee3953%7C%7C2e418f15fe2058361d2b909ef840f0f2%7C%7C7b19c56c908c2b1c83d589df60c74841%7C%7Cfc924008de3ae0aa75bf56c50e5d78d6%7C%7C1629390669,sca:%7Bspg:f9ee2c03-693f-5721-687b-3aed9d6583ce%7D%7D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.244.36.20 , United States, ASN7415 (ADSAFE-1, US),
Reverse DNS: nyidt.adsafeprotected.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 04 Sep 2021 04:35:27 GMT
X-Server-Name: dt51.303net.pvt
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Server: nginx

POST
H2 204 /
events1.avantisvideo.com/ 0
35 B 561ms
183ms Ping
text/plain 52.34.57.2
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://events1.avantisvideo.com/
Requested by: Host: cdn.avantisvideo.com
URL: https://cdn.avantisvideo.com/js/video-loader2.1-cr.js?id=1c35f5e5-f7c0-4c97-8283-6c9f94ba8c53&tagId=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.34.57.2 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-34-57-2.us-west-2.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Sat, 04 Sep 2021 04:35:28 GMT

GET
H2 200 t Show response
avm.avantisvideo.com/api/v1/tag/1c35f5e5-f7c0-4c97-8283-6c9f94ba8c53/1/desktop/generate/ 2 KB
2 KB 151ms
151ms XHR
text/plain 2600:9000:223c:7c00:3:748e:7940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://avm.avantisvideo.com/api/v1/tag/1c35f5e5-f7c0-4c97-8283-6c9f94ba8c53/1/desktop/generate/t?subId=Email&browser=chrome&utm=Email&os=windows&url=https%3A%2F%2Fwww.123greetings.com%2Fevents%2Fdance_day%2F%3Futm_source%3DEmail%26amp%3Butm_medium%3DSpecial_NL%26amp%3Butm_campaign%3DSNL_june20_events&eu=true&country=DE&hour=6

Requested by

Host: cdn.avantisvideo.com
URL: https://cdn.avantisvideo.com/js/video-loader2.1-cr.js?id=1c35f5e5-f7c0-4c97-8283-6c9f94ba8c53&tagId=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223c:7c00:3:748e:7940:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

5010abc38d335ee8205f1ebf7d7c29fbc266076903263054feb2a070a16a4633

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: application/json

Response headers

date: Sat, 04 Sep 2021 04:35:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-permitted-cross-domain-policies: none
x-amz-cf-pop: FRA56-P2
x-dns-prefetch-control: off
x-cache: Miss from cloudfront
vary: Accept-Encoding, Origin
x-xss-protection: 0
access-control-allow-origin: https://www.123greetings.com
referrer-policy: no-referrer
x-frame-options: SAMEORIGIN
expect-ct: max-age=0
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
content-type: text/plain; charset=utf-8
via: 1.1 0c688bb347bc402edc1209f13e04d88c.cloudfront.net (CloudFront)
access-control-allow-credentials: true
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-amz-cf-id: 9Jdh4tElV-WQdNhzGv726vbzWKTwyzEDwS49S2i_IhPohopHx5YBvw==

OPTIONS
H2 204 t
avm.avantisvideo.com/api/v1/tag/1c35f5e5-f7c0-4c97-8283-6c9f94ba8c53/1/desktop/generate/ Frame 0
0 149ms
149ms Preflight 2600:9000:223c:7c00:3:748e:7940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Server

2600:9000:223c:7c00:3:748e:7940:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Origin: https://www.123greetings.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Sat, 04 Sep 2021 04:35:27 GMT
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-dns-prefetch-control: off
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
vary: Origin
access-control-allow-origin: https://www.123greetings.com
access-control-allow-credentials: true
access-control-allow-methods: GET,HEAD,PUT,POST,DELETE,PATCH
access-control-allow-headers: content-type
x-cache: Miss from cloudfront
via: 1.1 0c688bb347bc402edc1209f13e04d88c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P2
x-amz-cf-id: brrkpvPcS8Kpk3e7ZsnRK78arfOrK4L01jpSRLPs8FlHyemq__kThA==

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 7733 0
20 B 17ms
17ms Image
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BPaQ_jfcyYf3WEIn03wOcsICIAwAAAAA4AeAEAg&bg=!QEOlQwfNAAYJpm41CaY7ACkAdvg8WlooQ50qWFz6DwITmg1aY3FRWCqqxu0TgwGvVtY4x8alAGDybgIAAAMcUgAAAHxoAQeZAs-nFtV0DI58ZSANk9BHuzqvoVUUjLJ-9oVDwZfcLn09lovHsLFxjkunSgA9LvfLZE9WSNWHK6ETa2tO1_K4uAranhsQq625sEo_BcwExERr5g-3SOs1qAxNpCk2Xsix_-3jQIySqYAOI7h7cswHXJrDCB5v9i1qpU8uPdpJCBVzGV_sbSr64j7ObTFDNu4zmqLPhP6UC1fqpOfpAYPLaUyKY7pwNG7FALdNLZNdqrMv_UIdgJOIniriZl6xPXLLOJZ-nTimRSOQ8wES1zaW-G52xq9k_IV0Ogh_wQUBhZCvUmO4ZxdG95JVijDPV3A_rICMEmUxn6OgZ5n1fy29jg1VQSk4SDiMcHAkiRy3KG8_BBSY6z262P3V5yt7x1-LQBurCh_r-qTu3nAw4lFqlmmTTbWLfEAcFb0HHF7W6y3ryO28EbZU6GBOor23rSM2URu2IYHw4ER3IUK4JQ-JqkyARfAKn0lm0QagT7SZw_9qRP3Fyki3Zy6tS7vMy6jhCw2OwbwwcLEB8sZTPk4B2FHJb4N1NaVnRFKON7voo-T9pafSOAx6LEnLWWAWUEmeJzpD7Qc5-mHsLUcMVoGIvnMFQfipMb0EATBCJQRhq1kDzHkZQjCSWHI91WsmF34TuqdkZ1gz3bKDVTUfTt2fPXdHySp75nDkOWXmWVic-izxbRjX74rK5ClEvGTXARGRolT1s14Ia60tqWVk8VhjJ0Fg914hg5QIE3LekRsrKjT19TL7l_AOfO3Z9xVay8K43526p0Ddr0RnvhDx-bKuo9f4nZfGJJrSo_N2dK-u4t4rrSqeeJ_3dfbLHe3DaAmGsJvXFoXEZnrPuTozyqHyjn9CBhlWkKUlAklLMR2Hekn6bt94SAe5E7y4LHevN1ppJ3aqvEk-23Qn_v8iQWXL-vrVxODvHMAVhah01zneNaMLwk7qZGWTrT2A2DNnFL9OBw

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:35:27 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame E064 0
20 B 16ms
15ms Image
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=Bly5fjfcyYdb4DqmZrAStzIDIDAAAAAA4AeAEAg&bg=!AQKlAkbNAAYJpm41CaY7ACkAdvg8WnYrbCseT0I0D8AGf1X4KU--CDFDmjMiXUC9qZ2vWk93CFzmDgIAAAN_UgAAAGpoAQeZAsNmn2bZb_uCo4SN_OsNjf9fMXKezBo-VKJOwOhxTdhcSCKuCYWDNLWmaz_GkjV8vMAuYkQtaLxS51oNSHTvn-FBoJHV4WF3Z2XahL5wGvMS4KkSCS7hDiwcnjrk5mHRuX0hOvFIFlZwY-eoQCsywqy0y58fssfH44rd9PG7tRlCD693h53QJxhcEQ8mcE48c3nPMdT1cKGsbQO_-o-4NuPezD5hOXJlrJ-f4_nHXa5PveJyXAlWaFWya492TS1MB1x17T6BjaIjY9CP_dRiRsvYzblAj66OH4AwByiuRchuAB4mrttgiz8ALqW8Gsc3d4fATSas5Zl11a69H4-4ZITCFXcj0CsL1CeuEyO7E-cfB0lpGVBsMx4eDq_3visN5iqSfuP6ylBXH8LFjwYJ-ID7W0ve0Wfc9Hbh5G9mFTi8Lu3mi9DljEwzU1NDOh3SJ0jjA2S-TgGc0ykg6xnEEAR10BJd1m-HUbHou2SSnTdoNzypJrZOLgR4QdVzd30sjP2MRmBDAfT3sIoUa6iw4XWSL-xESp92c_vJPbpCoEicWqX5orYxm2ithGjj3U3vsN9hbn3lq6TPgILGOkxOR8pQ1Wl5QmcY1UhaNUD6jIM9A2LtDM3un5hxCMViqJyr-DS_sEY0ZIWnH9bQJb1ONmIgPCFvg0B_hlUv-tztsE-uoo7ob8hzWqj51_uYq7eOM7agf8wlL5mg62Lw3muijagLfpAQB9ACJUJnM7tw7p_CTeJFZEP76otvVyKO0zkHjkFJmjkZvLxhgLNxmSsnUYliV1M_7mUCqEbqaKluv5jGRBkuo2UCY2EoiXFZIugZlYCGwH3iTgXqIHGyxKbYpL_RKLHC7AyjcfTqRCZ3aoIN4z5g4uRu3YF6Ru06TlExEK0SC6zRnQeTvIza3NLOX6sWN1BCGbvjhbI9HtYhP6FnCthz7A

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:35:27 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 0356 0
20 B 17ms
16ms Image
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BSqOvjfcyYbzMDon03wOcsICIAwAAAAA4AeAEAg&bg=!ExClEFTNAAYJpm41CaY7ACkAdvg8WhRiEpC2VzzHnfOHbrX4lfE8zhrEckZNhRFbwE7JoM6ea-ROlQIAAANxUgAAAFloAQcKAGWNmIZgKhN8vgBlWu_xlxnjqmq7Am0gzrVPJEg7cvflRGTPvxYNoAqvrri8wZ5IQNxF1PgDc2-H3Q3605APP892zTigFF5FO8ZsfKO55l_Huk8tlObvd_BSc8xieSQIxx-r_iCpkJkC08FvaubBWPUyX5NRLQ3aHEE-uxzLj5nlgwas51rYxAE-SFW3jc_RTgxfdY0AjzKeSpNbC2bjm9A2wti3qLCrGJn8MCQ5kgLsbDRxtzF3arUtt7_mN_YoplPvijgtfpm2FYv1aOOfEmLMRmEvsYsGlfjt8ZH9EIx9q3tz6_t6Jxk5BMIhS9WfWan1AYgPIISPTg_SB_QM2WlSkLCPp6CrCD4le_RDMWvzNyWXRKU1zXBvGcNg7TVT9_HHgHNKbJPYzCa_DcJRq707kftZ5dgYVbI2RN3DzJoXM3DV59yZ0g8Qgzr47LQlvN4Hcl_ojpqsrbJPeowPZs0gEk64wkCIWU4wNyfbSeNqQAAWvReeEw5l1SelE13BcorZ-ff5bi3UbL9WUnMXoSbxWxZW_gtBv1HyAb6Br6VnwocXNvhMeoaMMg9O80lpX25NgrMiDUCESPfIFISaAVmmEoxzxRGChTbb1AADqNWQXM7yJfsXYXtl3HIJXAtUnnv54tf08DoQjXmruySkCJsqehaQbw7fGWYixnPDED_hEc_hqQwZXrb_VTCBEQcz4nLE4xbmdnC7nRGZgjlamw6cUuIm0QK2KUWrcOHG76OCsUwoLg8ow9mUKj2DjqzH8UXSl5WTtdpR3TWLAQLN-fM5sDTCdPsSKAk0cCcEvaMIfxgOXUN3FISgpN-0yMarjzO-pfAQpdRtE6vhUDPd7N5AlaK1gz09Swybv0X6B-eoNsJ61heWKNveuBUR86hNfU_2PEwBYVG61W4NXVNz5jMDzyS-pFAP2L9SHcrzkrDSw8wEmASMQisaXlbWyj1prXl4LAWiStEtWGXljIgSjb9ERP_uCguFXw7g7gORn7VQJY2qWTRII6bqnAz22QtfhAp3XbXyNgaL-tB5qdy9tUSVTUfj2RcOnVQyOu7E4NNRWe9Soo5amc8-JbMQGpecWGXKmHddR6aSp5ArOQ

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:35:27 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame E22D 0
20 B 15ms
15ms Image
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BjBYDjfcyYfy4ENzO7_UP8dGNyAwAAAAAOAHgBAI&bg=!ysmlyY3NAAYJpm41CaY7ACkAdvg8Wk-hrjC9aeUjcKE2WVubjhUbrSdNc5g2jiEMyMja7z4mspeTmQIAAANjUgAAAFNoAQcKABqMOaZCUDVWHQF0FSeuFj2LaWE-awwJWN8bXpkCzrnODKLbW-rpAEESGtvOzOmCDdbCPFHKrsEYMjQfpgVN1pM-V4PrOT0TKI-eJtpo_EfNbfrZqnvmkc-cY2W-yywWVsxzD83hKzvCSDN7BxVzmxdhJaOyXeVGqTQQtlaSxc84c_P4pCuJZg7HJ6M2_XcrUYMb5FZvSoUos2p2J23Ga8220Md6s-f224zE_dN8R2FE3zQJHaghC7BsCMZ5Qn_1axBL8vxZHnI84WAZTuXafDJUl4jbNhRb7u5TP1HpHTbG1EbYoE6q5ehmJKTIafGQbdffg6VkMVOw8wscbG1TDNG_drA8dAL90QhuBzKccQmOZfBjYo3jpn9Z2u6UCAqQ3Ec-ed7Z7MmvlvUlxjftozuNWMLOy6dNt16W7GN4xoVqq_hKi3y2WA_VXj2E728yz9_l2J0RSQQ7i2NXnXx00WHo8CQOonvWktPqY-cRb29vLOUyGnH2QjUjfSbbRxJH1VdAWntNO9p_OIi-8gUKG2Z6CwebbU38IxMuwd5rgP8-DJfmLk4B0HsqQRHNcWF4kbzUtmkCwIqwJ9BXveoOc1q51bcQ9sMCJ7gxOCqU4D2ncsArDcWhNzHBJYw37VlB2ior_Go5cmUsdUTjXIyWiKyMg04Y-mmIIgj6Ig-XzF_j2H4ZuhWehvtPjqQH1ys_GHGs4rmG6GFvvPYkpeXMr7ifgrkj1H29Wnaqqk0n5L1DMwOLC0wA0WnaIIqJd3eV8RyUDwBf58DtUfuIKTz1PI7jVfkYEL6g9RCMXSVxyKOPp8gAR1Ca_y6UEi2JXrJjYsYeciTxI-VEOi95rHAaYxe9yq3AwlA3FxLlK0VFQhqUKlopqI6rMm9cdFyxIa2sKxVKZ-5VQwLzC81NlsvNQiuP4H8K2gkrk1ERiv0ByGC9nk-x4mprJFddmK-xCAeevBQoglvIvorfIGYc14TgUCt6mJD4UT9fSKnIRYY

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:35:27 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 3BA4 0
20 B 16ms
16ms Image
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BL_y_jfcyYcj4EcH33wOO14uACQAAAAA4AeAEAg&bg=!iYqlis7NAAYJpm41CaY7ACkAdvg8Wnlo-8r43C6wRkIFVDK-rYlmFryLYE9NFgc2fPnQRQX-jOVemwIAAANgUgAAAFRoAQeZAtCB95qAwJA9qxxoat8eSTX_LmYymy6x-N4fbVlsvovVnWmDtVofyIYF-m-zlzYDBXTUqEo-kJQslMlB4etu5hdMSwwyKV2Jh2HuKwRPtr0js4MCKel8xWx50ih_rHGPEdE7MsaTNk6OmORh0c8SJjTz9KTpRqUfY_q_N7xxFatGQ9VVwHrXMPiu_HvUz3qJfoaAdbh7RAA4NbU_NzUG8mrT01kw8mwWc2xW0XvB8M-jmTbgEEQFE9AsxClyz2IMmo9-hVEERNKYSFAgM16vEQqQMQecj3bCNhjqkiNvGChFgcUKUdq7-uWgOgt1RVM332p2880OgAvdOFKziuzgmxQlsnMp2zArNbjWdOxY7Y8RFHt_KVJXxJGvCL6t5_LHXgpgyp9ZDP3Djn6rKIhbanVlOAJX5r23OTwbtxgkoUkhixhfXuyMDYz9ccj6OruEOCyWzmI-vAI7-CWKNP1tYtjaM1HXr6GWC9YMWJj3Y8BMCpNntzMrqL_jH5fzYhdvSLjvBJOIh-7sVGCm_G-n4YPC4pJ33y4GAIUlygbA18iZSrMrsW-5fmRRApHvJW3SGj2EqCT6p9Fqu-KK8O-5GsZSqrF0sR8EdxESgdD-aHToz-W4ib4TvvbpWwzgxr-yRcXxn49Fp_rHi6A7MOqYNnzccH5nWE8lQCg04Y13sJzAi_tpqPdRkUUXudPK4FLkdaRdYdNa3eGmEhMR4bgtd4AVu4W0Dhj99LDE8tNbDDzZBuUOZIkjp3otY344n85qebStljaj7SzrkWU1Px1gnU2DY9Jr_VqQUEdgwXAMeWZMA-E8aEKl_W_3IR-oH4ygwmdFk6MfTGyEgFYaYZRLaZzY-s1NO7OocGgtTROSzMLxaZeVKXlUtxmMdq8_giGtBKQXlz_iIJV31TJUw-6x3gdW0xdNe-K75hWE4CEN-N9iqYRrIymMpjTUbWTXSxUXLvk

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:35:27 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 512A 0
20 B 15ms
15ms Image
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BJI5ojfcyYbWREtWtrAS__J7oAwAAAAA4AeAEAg&bg=!0dKl0pbNAAYJpm41CaY7ACkAdvg8WlUoj7Jd_wbF1cbpZwyJeESRj7GGF1dRfbP7w4yVGQ9RnkCIRQIAAANsUgAAAEJoAQcKADIFLXnvdGQihxyas6yCd9UPgSmriZMMGmkbI0DjZ9iqPs5C-ivYCJgSJY6_B_SOuLmOwJkCzmZWFEvJU3FAzNPBgAEtkJrLbnNwIjlpiFxq7pOf2VkvNH4NVhSM8c1HnotWmHsTw0XWCDwbPWMVLVjHeshQg2uyOZ7kvtTThq1Gl_EKwWhLRiOnjW-0l6IQ3340n961F9LWqQK6STa3MGilrH31qETm-MV-WpXw2MHAL3WzwpBjyXk8wcwiCrTBCZGV3xtHGzDy9l8wOEfAlouAkSvE3QNseqknLVnujxCaVf0Bs5i5GS4D0IyrhJXZG_c43rafJ5Bqc6nPvGbP2lzhpUz0XZI8yOBpeOgP-GTdr8p_96rCG7UDLMYvE1dkiqPs9hKq-zZBstC6XthNO9xDNRDTyh1nwyMUaIKQwXvagDBiPPpfIO9kgLRmIdsrqL0gt1VZirzS2OWSDveRj6hurA2w0hATEwDkJYhDXGk8kwYRebqNgk_17d3i35NvpOK8SKWX_-_n0AV-Y6UVp86Sb8qXSEherdzeScjCz6QrTs3gjC5wiDkWBKZFI-E8e_lpB4Bj3N14fLBdTYbyqCOYfq1c0yoXkIzosYDrrhvoEqBLZDEU4qaI23qFK1FO11dPZb0OlZ6a26-ffDbSYBIMVcsNxwLYvJnVQi0zZnMwAwPFNrc2-TNGm7inETsKBK5Tbu_ArgxnVZoOS7_BXdQbFt9V_of0KDtQAwW77nQY3rV6SCj_qZqbnTtppR6uGYUvW2GXF-me6hdnCgqKyNa0MF7uVJGBL5YXEJMTt1Y82A13uUyDBeKZqeoCQXXSLQhG_RPrdVHg4XiiyaJhOirgprniMW2DGPAlniYNiI_oBVagG1cfnG-abbv-ZsLcYm_Fdbe27cDfAeCMUTsoDeBQN8wJiXr8QVg5zLeVZcalEf-5wPtyYDZDhPexph3NmPIcv0ShPdbW-o00bBnqi391uKtFgYOg6NG-Onuv2X6vBlzP-AUeJvR71p4PhXinURZDvx0

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:35:27 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 24ms
24ms Image
text/html 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=224&t=2&li=gda_r20210831&jk=2168193984601864&bg=!wsGlwYXNAAYJpm41CaY7ACkAdvg8WinqxeYy16vPvK_GN4Bgr5tUltOIRJ_r-Mu0YEFImuWc1551vgIAAAMoUgAAADFoAQeZAozuiUsBhdffA52o5plEFxKB7voMZT91xdiHg6CnjMWpu4N7g2A7Awbh2BvCYxgnbTRECxXWCGbjfxGfvHZdIUpbJNHQKdnOmiIvsd17DAHL1pef3xQwdOVuAYPLf66nqeUsX_LEXJzoHl5FL0PQJvUgAvajDS-svVE1Abcc0rD6zULEFwP87LtI53w1P8_1uFeJ6X5LdkjAAEFeyYAP0Nh5Mb8NLO49tKbBcQC3ELvw3JkWAn3FLiv1xWJSFNVf-rVg4O3X3YynjMniPhOtvq-6prA5RDrv6FJhN5dDqmtEC98Q8aJA9LVRte2ajzhKLLJOBcGHKKgQuR20g_zKBgGoJRkPu2dmLRMcuFJkn3BL4XwowqWYbbuhj7541hZlDxS7ULNvtaL4HUN6EaXDq3Uji1juCWNcJgpS05SzirfIMO3lanak4reUzPl5rZ7f9p16_7Iwwf8LXAvTk59PWuTB-uSovQ4AGZZfd4TViq9UFORH94gExeUvMGGDluO_iL5F3uOONgfQYPYpr3iDRxBxTB94Rpt_Tn9TjVI51P7A_qPdVcqrfjrumxmEJPW4bSGqjMryMe0UDNm44lE-uodvRDDZVwDJYJeBEEmK-7oAjlwHsa7_fOvJJhgJrtg6UcLXPza1ZiWvmm5VY_BrHHL7m4tXNZ6vJhuSwhDU4VyCqXEKLYbeY8o87zSLqLS6N9N8hhmFzDs6-OmSe0CGGgw_-_7hVHaZuQSG6vxf-ch59quvdSmLB3JhMD03zfhZ0T3KET8o9F_l-9lnkFmIWYx1T-w_8cZfcUGgNmdv5uaprySicvxMYejtwCdTa-UrL_kbWG-3C1M7_GSAqQTdtTQqFSoU6oAc_12a7Fnh
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

GET
H/1.1 200
OK adb.js Show response
play.aniview.com/59918a0e073ef4782e4e347f/5ebd46100b22d93ee56a465f/ 2 B
739 B 25ms
6ms Script
text/javascript 2a02:26f0:6c00:28a::2c79
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://play.aniview.com/59918a0e073ef4782e4e347f/5ebd46100b22d93ee56a465f/adb.js
Requested by: Host: cdn.avantisvideo.com
URL: https://cdn.avantisvideo.com/js/video-loader2.1-cr.js?id=1c35f5e5-f7c0-4c97-8283-6c9f94ba8c53&tagId=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2a02:26f0:6c00:28a::2c79 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: UploadServer /
Resource Hash: d8a957038679125d4840554fc43375697e662283121561afdefc2c3fbecaf729

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Sat, 04 Sep 2021 04:35:28 GMT
X-GUploader-UploadID: ABg5-UzuRsLKTUnE2j8TsFca2KTLvRt8NxnctG4I2-AHPJ54zUAh9bpPAQfezSx8RQX9PoHELvXaxJL-R91NukoaSB8
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
Connection: keep-alive
Content-Length: 2
Last-Modified: Thu, 14 May 2020 13:22:36 GMT
Server: UploadServer
ETag: "56f785241d0ed9fe51a8170b9dd50272"
x-goog-hash: crc32c=cz4mSA==
x-goog-generation: 1589462556858294
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Type
Cache-Control: public, max-age=1800
x-goog-stored-content-length: 2
Accept-Ranges: bytes
Content-Type: text/javascript
Expires: Sat, 04 Sep 2021 05:05:28 GMT

GET
H2 200 aniview.js Show response
player.aniview.com/script/6.1/ 25 KB
10 KB 25ms
6ms Script
application/javascript 2a02:26f0:6c00:2ab::2c79
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://player.aniview.com/script/6.1/aniview.js
Requested by: Host: cdn.avantisvideo.com
URL: https://cdn.avantisvideo.com/js/video-loader2.1-cr.js?id=1c35f5e5-f7c0-4c97-8283-6c9f94ba8c53&tagId=1
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2a02:26f0:6c00:2ab::2c79 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: UploadServer /
Resource Hash: ace30162bc4c525e70b147c8f9a10292d592353f78dcd0530d132156cb194e98

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:35:28 GMT
content-encoding: gzip
x-guploader-uploadid: ADPycdsE5y69JHHi7Qf35wRVtV5sGTxNryH5cRbV7LY6aITSWNVFIuyvSj6eVsvdVN21xeKrK-a0VkM32Jf62RERASIrb1qAsA
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
content-length: 9184
last-modified: Wed, 25 Aug 2021 05:53:06 GMT
server: UploadServer
etag: "96cd7da6b3d7cb2e82e24f1f71da69ae"
vary: Accept-Encoding
x-goog-hash: crc32c=Ahy0VA==, md5=ls19prPXyy6C4k8fcdpprg==
content-language: en
access-control-allow-origin: *
x-goog-generation: 1629870786787602
access-control-expose-headers: Content-Type
cache-control: no-transform, max-age=300
x-goog-stored-content-length: 9184
accept-ranges: bytes
content-type: application/javascript
expires: Sat, 04 Sep 2021 04:40:28 GMT

GET
H2 200 AVmanager.js Show response
player.aniview.com/script/6.1/ Frame 4CD9 346 KB
98 KB 6ms
6ms Script
application/javascript 2a02:26f0:6c00:2ab::2c79
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=5e5bd02728a06124e30d85c3
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/aniview.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2a02:26f0:6c00:2ab::2c79 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: UploadServer /
Resource Hash: 1459debe4ae50fd8d33bf2b2ea987bb180ddb9a66014c4bec96ca790e7d123b1

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:35:28 GMT
content-encoding: gzip
x-guploader-uploadid: ADPycdvLQxAAENPGHOr5NZjC_tyoO5WKEEW2C7BKhZG3wO4LXlPF_GxotWnFuB_1nS1Vo9jUZPAwEAPBJLtPLgXop98
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 2
x-goog-stored-content-encoding: gzip
content-length: 99995
last-modified: Wed, 25 Aug 2021 05:52:40 GMT
server: UploadServer
etag: "2272c99eaa1581a4dad17d82a7e6863a"
vary: Accept-Encoding
x-goog-hash: crc32c=0WMWDQ==, md5=InLJnqoVgaTa0X2Cp+aGOg==
content-language: en
access-control-allow-origin: *
x-goog-generation: 1629870760547112
access-control-expose-headers: Content-Type
cache-control: public, max-age=300
x-goog-stored-content-length: 99995
accept-ranges: bytes
content-type: application/javascript
expires: Sat, 04 Sep 2021 04:40:28 GMT

GET
H2 200 AVmanager.js Show response
player.aniview.com/script/6.1/ Frame E83A 346 KB
98 KB 10ms
9ms Script
application/javascript 2a02:26f0:6c00:2ab::2c79
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=5e5bd02728a06124e30d85c3
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/aniview.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2a02:26f0:6c00:2ab::2c79 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: UploadServer /
Resource Hash: 1459debe4ae50fd8d33bf2b2ea987bb180ddb9a66014c4bec96ca790e7d123b1

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:35:28 GMT
content-encoding: gzip
x-guploader-uploadid: ADPycdvLQxAAENPGHOr5NZjC_tyoO5WKEEW2C7BKhZG3wO4LXlPF_GxotWnFuB_1nS1Vo9jUZPAwEAPBJLtPLgXop98
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 2
x-goog-stored-content-encoding: gzip
content-length: 99995
last-modified: Wed, 25 Aug 2021 05:52:40 GMT
server: UploadServer
etag: "2272c99eaa1581a4dad17d82a7e6863a"
vary: Accept-Encoding
x-goog-hash: crc32c=0WMWDQ==, md5=InLJnqoVgaTa0X2Cp+aGOg==
content-language: en
access-control-allow-origin: *
x-goog-generation: 1629870760547112
access-control-expose-headers: Content-Type
cache-control: public, max-age=300
x-goog-stored-content-length: 99995
accept-ranges: bytes
content-type: application/javascript
expires: Sat, 04 Sep 2021 04:40:28 GMT

GET
H2 200 track
track1.aniview.com/ 0
71 B 396ms
125ms Image
text/plain 18.214.42.169
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track1.aniview.com/track?r=www.123greetings.com&sn=Email&ic=0&tgt=0&app=&wi=400&he=225&test=&apppkg=&fv=3&proto=https&pid=5e5bd02728a06124e30d85c3&cid=5e5bd1f528a0610dd725f7d8&stagid=&stplid=&e=inventory&vi=100&cb=1630730128185
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.214.42.169 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-214-42-169.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:35:28 GMT
cache-control: max-age=0, no-cache, no-store
content-length: 0

GET
H2 200 / Show response
go1.aniview.com/api/adserver/tag/ 11 KB
3 KB 357ms
124ms XHR
application/json 3.214.14.12
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://go1.aniview.com/api/adserver/tag/?AV_URL=https%3A%2F%2Fwww.123greetings.com%2Fevents%2Fdance_day%2F%3Futm_source&utm_medium=Special_NL&utm_campaign=SNL_june20_events&AV_SUBID=Email&AV_SECURED=1&AV_LANGUAGE=en&AV_PUBLISHERID=5e5bd02728a06124e30d85c3&AV_CHANNELID=5e5bd1f528a0610dd725f7d8&format=json&tgt=0&AV_CDIM1=&AV_CDIM2=&AV_CDIM3=&AV_ABT=&pce=1&npx=1&AV_DETDOMAIN=www.123greetings.com&AV_DADPOS=3&v=6.1.1.243&avtoken=128184&AV_WIDTH=400&AV_HEIGHT=225&AV_DNT=0&cb=1630730128224
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=5e5bd02728a06124e30d85c3
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.214.14.12 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-214-14-12.compute-1.amazonaws.com
Software: /
Resource Hash: df81b58918a650613f782708d4be9eafdad472d0ee698bd9c24e1bcba7125556

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:35:28 GMT
content-encoding: gzip
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://www.123greetings.com
cache-control: no-cache
access-control-allow-credentials: true
expires: Mon, 23 Aug 2021 14:48:48 GMT

POST
H2 204 /
events1.avantisvideo.com/ 0
34 B 183ms
183ms Ping
text/plain 52.34.57.2
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://events1.avantisvideo.com/
Requested by: Host: cdn.avantisvideo.com
URL: https://cdn.avantisvideo.com/js/video-loader2.1-cr.js?id=1c35f5e5-f7c0-4c97-8283-6c9f94ba8c53&tagId=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.34.57.2 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-34-57-2.us-west-2.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Sat, 04 Sep 2021 04:35:28 GMT

GET
H2 200 track
track1.aniview.com/ 0
70 B 347ms
125ms Image
text/plain 18.214.42.169
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track1.aniview.com/track?r=www.123greetings.com&sn=Email&ic=0&tgt=0&app=&wi=600&he=338&test=&apppkg=&fv=3&proto=https&pid=5e5bd02728a06124e30d85c3&cid=5ec3e3871f5e5c792c20f9f7&stagid=&stplid=&e=inventory&vi=100&cb=1630730128234
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.214.42.169 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-214-42-169.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:35:28 GMT
cache-control: max-age=0, no-cache, no-store
content-length: 0

GET
H2 200 / Show response
go1.aniview.com/api/adserver/tag/ 11 KB
3 KB 335ms
124ms XHR
application/json 3.214.14.12
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://go1.aniview.com/api/adserver/tag/?AV_URL=https%3A%2F%2Fwww.123greetings.com%2Fevents%2Fdance_day%2F%3Futm_source&utm_medium=Special_NL&utm_campaign=SNL_june20_events&AV_SUBID=Email&AV_SECURED=1&AV_LANGUAGE=en&AV_PUBLISHERID=5e5bd02728a06124e30d85c3&AV_CHANNELID=5ec3e3871f5e5c792c20f9f7&format=json&tgt=0&AV_CDIM1=&AV_CDIM2=&AV_CDIM3=&AV_ABT=&pce=1&npx=1&AV_DETDOMAIN=www.123greetings.com&AV_DADPOS=3&v=6.1.1.243&avtoken=128234&AV_WIDTH=600&AV_HEIGHT=338&AV_DNT=0&cb=1630730128247
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=5e5bd02728a06124e30d85c3
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.214.14.12 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-214-14-12.compute-1.amazonaws.com
Software: /
Resource Hash: 8808ace05b30198f52d030556ae7557a4ea6713743ca0d23f806bc59c1e53613

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:35:28 GMT
content-encoding: gzip
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://www.123greetings.com
cache-control: no-cache
access-control-allow-credentials: true
expires: Mon, 23 Aug 2021 14:48:48 GMT

POST
H2 204 /
events1.avantisvideo.com/ 0
34 B 183ms
183ms Ping
text/plain 52.34.57.2
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://events1.avantisvideo.com/
Requested by: Host: cdn.avantisvideo.com
URL: https://cdn.avantisvideo.com/js/video-loader2.1-cr.js?id=1c35f5e5-f7c0-4c97-8283-6c9f94ba8c53&tagId=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.34.57.2 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-34-57-2.us-west-2.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Sat, 04 Sep 2021 04:35:28 GMT

GET
H2

200

cookiesyncendpoint Show response
sync.aniview.com/ Frame C2BC
Redirect Chain

https://secure.adnxs.com/getuid?https%3A%2F%2Fsync.aniview.com%2Fcookiesyncendpoint%3Fauid%3D1630730128514-952271023603-008770-014-002257%26biddername%3D55%26key%3D%24UID
https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fsync.aniview.com%252Fcookiesyncendpoint%253Fauid%253D1630730128514-952271023603-008770-014-002257%2526biddername%253D55%2526key%253D%...
https://sync.aniview.com/cookiesyncendpoint?auid=1630730128514-952271023603-008770-014-002257&biddername=55&key=4823418735745576492

0
217 B

392ms
111ms

Document
text/plain

44.194.158.136
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://sync.aniview.com/cookiesyncendpoint?auid=1630730128514-952271023603-008770-014-002257&biddername=55&key=4823418735745576492
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=5e5bd02728a06124e30d85c3
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 44.194.158.136 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-44-194-158-136.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:method: GET
:authority: sync.aniview.com
:scheme: https
:path: /cookiesyncendpoint?auid=1630730128514-952271023603-008770-014-002257&biddername=55&key=4823418735745576492
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.123greetings.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: aniC=1630730128515-932215023603-008434-011-009939
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://www.123greetings.com/

Response headers

date: Sat, 04 Sep 2021 04:35:29 GMT
content-length: 0
set-cookie: 2_C_55=4823418735745576492; Path=/; Domain=aniview.com; Expires=Sun, 05 Sep 2021 04:35:29 GMT; Secure; SameSite=None 2_C_55=4823418735745576492; Path=/; Expires=Sun, 05 Sep 2021 04:35:29 GMT; Secure; SameSite=None

Redirect headers

Server: nginx/1.17.9
Date: Sat, 04 Sep 2021 04:35:28 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Location: https://sync.aniview.com/cookiesyncendpoint?auid=1630730128514-952271023603-008770-014-002257&biddername=55&key=4823418735745576492
AN-X-Request-Uuid: 584e7788-bdc8-4320-ae56-c8825814e107
Set-Cookie: uuid2=4823418735745576492; SameSite=None; Path=/; Max-Age=7776000; Expires=Fri, 03-Dec-2021 04:35:28 GMT; Domain=.adnxs.com; Secure; HttpOnly
X-Proxy-Origin: 185.236.201.227; 185.236.201.227; 719.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com

GET
H/1.1 200
OK ptv Show response
ib.adnxs.com/ 85 B
771 B 36ms
35ms XHR
application/xml 185.33.220.243
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ptv?id=19012622&referrer=https%3A%2F%2Fwww.123greetings.com%2Fevents%2Fdance_day%2F%3Futm_source&us_privacy=1---&cbb=730128605&imp_id=b96388bd-1ad1-4731-9d60-19d8207da3ec

Requested by

Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=5e5bd02728a06124e30d85c3

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.220.243 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

722.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

b2effcb18f514a7896e737bdda537f2ef3b5bb989eb247f4ab2aa3facf1148ea

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 04 Sep 2021 04:35:28 GMT
X-Proxy-Origin: 185.236.201.227; 185.236.201.227; 722.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 134562bc-b776-475c-add8-be4ee319879c
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.123greetings.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/xml; charset=utf-8
Content-Length: 85
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 200 s2s Show response
s2s.aniview.com/api/adserver/ 1 B
235 B 353ms
128ms XHR
text/plain 52.2.252.150
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://s2s.aniview.com/api/adserver/s2s?auc_id=50f5b838f5c4b67b337d098ff66db892_172315319&wpm=&ssrtb=&pbjs=&AV_C_USER_ID=1630730128514-952271023603-008770-014-002257&AV_URL=https%3A%2F%2Fwww.123greetings.com%2Fevents%2Fdance_day%2F%3Futm_source&utm_medium=Special_NL&utm_campaign=SNL_june20_events&AV_SUBID=Email&AV_SECURED=1&AV_LANGUAGE=en&AV_PUBLISHERID=5e5bd02728a06124e30d85c3&AV_CHANNELID=5e5bd1f528a0610dd725f7d8&format=json&tgt=0&AV_CDIM1=&AV_CDIM2=&AV_CDIM3=&AV_ABT=&pce=1&npx=1&AV_DETDOMAIN=www.123greetings.com&AV_DADPOS=3&v=6.1.1.243&avtoken=128184&AV_WIDTH=400&AV_HEIGHT=225&AV_DNT=0&cb=730128607&tgt=0&&AV_VI=0&AV_VID=0
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=5e5bd02728a06124e30d85c3
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.2.252.150 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-2-252-150.compute-1.amazonaws.com
Software: /
Resource Hash: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:35:28 GMT
content-encoding: gzip
vary: Accept-Encoding
content-type: text/plain
access-control-allow-origin: https://www.123greetings.com
cache-control: no-cache
access-control-allow-credentials: true
expires: Mon, 23 Aug 2021 14:48:48 GMT

GET
H2 200 avpb3.js Show response
player.aniview.com/script/6.1/ Frame 4CD9 282 KB
89 KB 7ms
6ms Script
application/javascript 2a02:26f0:6c00:2ab::2c79
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://player.aniview.com/script/6.1/avpb3.js
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=5e5bd02728a06124e30d85c3
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2a02:26f0:6c00:2ab::2c79 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: UploadServer /
Resource Hash: 8cd4b8b06d59ef4dd52b1d2b22c9dd0a2c2f0d42f0bccbf918a07dbaf3e531f6

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:35:28 GMT
content-encoding: gzip
x-guploader-uploadid: ADPycdvyfBlPTagPdb5aEhqfrh7qC0FMszxeDTkgCIiXTfzjq1N5aTNO8qVH94vquRWJjaxeNkqDbErFjfqKM7etMpc
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 2
x-goog-stored-content-encoding: gzip
content-length: 90379
last-modified: Wed, 25 Aug 2021 05:51:56 GMT
server: UploadServer
etag: "cbc43a94682697a04cd9e52edf034719"
vary: Accept-Encoding
x-goog-hash: crc32c=GDSkGQ==, md5=y8Q6lGgml6BM2eUu3wNHGQ==
content-language: en
access-control-allow-origin: *
x-goog-generation: 1629870716641505
access-control-expose-headers: Content-Type
cache-control: public, max-age=300
x-goog-stored-content-length: 90379
accept-ranges: bytes
content-type: application/javascript
expires: Sat, 04 Sep 2021 04:40:28 GMT

GET
H2 200 track
track1.aniview.com/ 0
70 B 124ms
124ms Image
text/plain 18.214.42.169
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track1.aniview.com/track?d=Chrome&cou=CH&cos=Windows&r=www.123greetings.com&rs=www.123greetings.com&sid=87891&t=1630730128&cip=185.236.201.227&sn=Email&tgt=0&osv=10&bv=92.0&brn=Chrome&wi=400&he=225&app=&AV_PUBLISHERID=5e5bd02728a06124e30d85c3&test=&aafaid=&proto=https&uid=1630730128514-952271023603-008770-014-002257&cha=0.7&stagid=&stplid=&cb=22889367010&d9=0000&AV_WIDTH=400&AV_HEIGHT=225&&ppid=5e5bd02728a06124e30d85c3&nid=59918a0e073ef4782e4e347f&pcid=5e5bd1f528a0610dd725f7d8&ncid=5e8b3e740cd6ad6132403f66&pasid=5e8b42ae145a8138e61d4a85&e=request&cb=1630730128610&asid=60e594d3cc338a41335e9e75%2C60e594da4123720f2e250d24%2C5e9030afdc817965520eb855%2C6114f48c04b3691b08691b7c%2C608e90cf34acc10fb7767e4a%2C6114f476dd0eb2621e735342&ofpr=%2C%2C%2C0.29%2C0.26%2C0.2&fpo=%2C%2C%2C%2C%2C
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.214.42.169 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-214-42-169.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:35:28 GMT
cache-control: max-age=0, no-cache, no-store
content-length: 0

GET
H2

200

cookiesyncendpoint Show response
sync.aniview.com/ Frame 6027
Redirect Chain

https://secure.adnxs.com/getuid?https%3A%2F%2Fsync.aniview.com%2Fcookiesyncendpoint%3Fauid%3D1630730128515-932215023603-008434-011-009939%26biddername%3D55%26key%3D%24UID
https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fsync.aniview.com%252Fcookiesyncendpoint%253Fauid%253D1630730128515-932215023603-008434-011-009939%2526biddername%253D55%2526key%253D%...
https://sync.aniview.com/cookiesyncendpoint?auid=1630730128515-932215023603-008434-011-009939&biddername=55&key=5975205377461622294

0
215 B

376ms
111ms

Document
text/plain

44.194.158.136
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://sync.aniview.com/cookiesyncendpoint?auid=1630730128515-932215023603-008434-011-009939&biddername=55&key=5975205377461622294
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=5e5bd02728a06124e30d85c3
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 44.194.158.136 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-44-194-158-136.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:method: GET
:authority: sync.aniview.com
:scheme: https
:path: /cookiesyncendpoint?auid=1630730128515-932215023603-008434-011-009939&biddername=55&key=5975205377461622294
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.123greetings.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: aniC=1630730128515-932215023603-008434-011-009939
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://www.123greetings.com/

Response headers

date: Sat, 04 Sep 2021 04:35:29 GMT
content-length: 0
set-cookie: 2_C_55=5975205377461622294; Path=/; Domain=aniview.com; Expires=Sun, 05 Sep 2021 04:35:29 GMT; Secure; SameSite=None 2_C_55=5975205377461622294; Path=/; Expires=Sun, 05 Sep 2021 04:35:29 GMT; Secure; SameSite=None

Redirect headers

Server: nginx/1.17.9
Date: Sat, 04 Sep 2021 04:35:28 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Location: https://sync.aniview.com/cookiesyncendpoint?auid=1630730128515-932215023603-008434-011-009939&biddername=55&key=5975205377461622294
AN-X-Request-Uuid: 3203af61-225b-4f59-9eee-45f24b45260e
Set-Cookie: uuid2=5975205377461622294; SameSite=None; Path=/; Max-Age=7776000; Expires=Fri, 03-Dec-2021 04:35:28 GMT; Domain=.adnxs.com; Secure; HttpOnly
X-Proxy-Origin: 185.236.201.227; 185.236.201.227; 719.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com

GET
H/1.1 200
OK ptv Show response
ib.adnxs.com/ 85 B
771 B 36ms
36ms XHR
application/xml 185.33.220.243
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ptv?id=19012622&referrer=https%3A%2F%2Fwww.123greetings.com%2Fevents%2Fdance_day%2F%3Futm_source&us_privacy=1---&cbb=730128618&imp_id=a8699239-003a-41e5-b648-9de512c6d16f

Requested by

Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=5e5bd02728a06124e30d85c3

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.220.243 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

722.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

b2effcb18f514a7896e737bdda537f2ef3b5bb989eb247f4ab2aa3facf1148ea

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 04 Sep 2021 04:35:28 GMT
X-Proxy-Origin: 185.236.201.227; 185.236.201.227; 722.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 867bbeff-52b7-4efc-9b32-777a7e3c5067
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.123greetings.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/xml; charset=utf-8
Content-Length: 85
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 200 s2s Show response
s2s.aniview.com/api/adserver/ 1 B
236 B 336ms
123ms XHR
text/plain 52.2.252.150
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://s2s.aniview.com/api/adserver/s2s?auc_id=db54353d9b02fe80bcf9a674d213f16a_1723161161&wpm=&ssrtb=&pbjs=&AV_C_USER_ID=1630730128515-932215023603-008434-011-009939&AV_URL=https%3A%2F%2Fwww.123greetings.com%2Fevents%2Fdance_day%2F%3Futm_source&utm_medium=Special_NL&utm_campaign=SNL_june20_events&AV_SUBID=Email&AV_SECURED=1&AV_LANGUAGE=en&AV_PUBLISHERID=5e5bd02728a06124e30d85c3&AV_CHANNELID=5ec3e3871f5e5c792c20f9f7&format=json&tgt=0&AV_CDIM1=&AV_CDIM2=&AV_CDIM3=&AV_ABT=&pce=1&npx=1&AV_DETDOMAIN=www.123greetings.com&AV_DADPOS=3&v=6.1.1.243&avtoken=128234&AV_WIDTH=600&AV_HEIGHT=338&AV_DNT=0&cb=730128619&tgt=0&&AV_VI=12&AV_VID=0
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=5e5bd02728a06124e30d85c3
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.2.252.150 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-2-252-150.compute-1.amazonaws.com
Software: /
Resource Hash: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:35:28 GMT
content-encoding: gzip
vary: Accept-Encoding
content-type: text/plain
access-control-allow-origin: https://www.123greetings.com
cache-control: no-cache
access-control-allow-credentials: true
expires: Mon, 23 Aug 2021 14:48:48 GMT

GET
H2 200 avpb3.js Show response
player.aniview.com/script/6.1/ Frame E83A 282 KB
89 KB 6ms
6ms Script
application/javascript 2a02:26f0:6c00:2ab::2c79
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://player.aniview.com/script/6.1/avpb3.js
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=5e5bd02728a06124e30d85c3
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2a02:26f0:6c00:2ab::2c79 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: UploadServer /
Resource Hash: 8cd4b8b06d59ef4dd52b1d2b22c9dd0a2c2f0d42f0bccbf918a07dbaf3e531f6

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:35:28 GMT
content-encoding: gzip
x-guploader-uploadid: ADPycdvyfBlPTagPdb5aEhqfrh7qC0FMszxeDTkgCIiXTfzjq1N5aTNO8qVH94vquRWJjaxeNkqDbErFjfqKM7etMpc
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 2
x-goog-stored-content-encoding: gzip
content-length: 90379
last-modified: Wed, 25 Aug 2021 05:51:56 GMT
server: UploadServer
etag: "cbc43a94682697a04cd9e52edf034719"
vary: Accept-Encoding
x-goog-hash: crc32c=GDSkGQ==, md5=y8Q6lGgml6BM2eUu3wNHGQ==
content-language: en
access-control-allow-origin: *
x-goog-generation: 1629870716641505
access-control-expose-headers: Content-Type
cache-control: public, max-age=300
x-goog-stored-content-length: 90379
accept-ranges: bytes
content-type: application/javascript
expires: Sat, 04 Sep 2021 04:40:28 GMT

GET
H2 200 track
track1.aniview.com/ 0
70 B 126ms
126ms Image
text/plain 18.214.42.169
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track1.aniview.com/track?d=Chrome&cou=CH&cos=Windows&r=www.123greetings.com&rs=www.123greetings.com&sid=28679&t=1630730128&cip=185.236.201.227&sn=Email&tgt=0&osv=10&bv=92.0&brn=Chrome&wi=600&he=338&app=&AV_PUBLISHERID=5e5bd02728a06124e30d85c3&test=&aafaid=&proto=https&uid=1630730128515-932215023603-008434-011-009939&cha=0.05&stagid=&stplid=&cb=29407597944&d9=0000&AV_WIDTH=600&AV_HEIGHT=338&&ppid=5e5bd02728a06124e30d85c3&nid=59918a0e073ef4782e4e347f&pcid=5ec3e3871f5e5c792c20f9f7&ncid=5e8b3e740cd6ad6132403f66&pasid=5e8b42ae145a8138e61d4a85&e=request&cb=1630730128621&asid=60e594d3cc338a41335e9e75%2C60e594da4123720f2e250d24%2C5e9030afdc817965520eb855%2C6114f48c04b3691b08691b7c%2C608e90cf34acc10fb7767e4a%2C6114f476dd0eb2621e735342&ofpr=%2C%2C%2C0.29%2C0.26%2C0.2&fpo=%2C%2C%2C%2C%2C
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.214.42.169 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-214-42-169.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:35:28 GMT
cache-control: max-age=0, no-cache, no-store
content-length: 0

POST
H/1.1 204
No Content openrtb Show response
ads.adaptv.advertising.com/rtb/ 0
221 B 114ms
32ms XHR
application/json 18.195.102.77
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.adaptv.advertising.com/rtb/openrtb?ext_id=Avantis
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/avpb3.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.195.102.77 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-102-77.eu-central-1.compute.amazonaws.com
Software: adaptv/1.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://www.123greetings.com
access-control-allow-credentials: true
server: adaptv/1.0
Connection: keep-alive
content-length: 0
content-type: application/json

POST
H/1.1 204
No Content 287573 Show response
search.spotxchange.com/openrtb/2.3/dados/ 0
989 B 1136ms
1039ms XHR
application/json 185.94.180.124
SPOTX-AMS

General

Check archive.org

Show headers Download Go to

Full URL: https://search.spotxchange.com/openrtb/2.3/dados/287573?src_sys=prebid
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/avpb3.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 185.94.180.124 Amsterdam, Netherlands, ASN35220 (SPOTX-AMS, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain

Response headers

Date: Sat, 04 Sep 2021 04:35:28 GMT
X-SpotX-Timing-Transform: 0.001338
X-SpotX-Timing-SpotMarket: 0.002784
X-SpotX-Timing-Page-Mux: 0.000833
X-SpotX-Timing-Page-Require: 0.000302
X-fe: 089
Connection: keep-alive
X-SpotX-Timing-Page-Cookie: 0.000002
X-SpotX-Timing-Page: 0.006891
Pragma: no-cache
X-SpotX-Timing-Page-Context: 0.000252
Last-Modified: Sat, 04 Sep 2021 04:35:28 GMT
Server: nginx
Cache-Control: no-cache, must-revalidate, post-check=0, pre-check=0
X-SpotX-Timing-SpotMarket-Primary: 0.002784
Access-Control-Allow-Methods: POST, GET, PATCH, DELETE, OPTIONS
Content-Type: application/json
Access-Control-Allow-Origin: https://www.123greetings.com
X-SpotX-Timing-Page-Misc: 0.001369
X-SpotX-Timing-Page-Exception: 0.000000
X-SpotX-Timing-SpotMarket-Secondary: 0.000000
X-SpotX-Timing-Page-URI: 0.000011
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 cygnus Show response
htlb.casalemedia.com/ 24 B
527 B 98ms
28ms XHR
application/json 23.37.38.181
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://htlb.casalemedia.com/cygnus?s=512884&v=8.1&ac=j&sd=1&nf=1&r=%7B%22id%22%3A%22516e552d714662%22%2C%22site%22%3A%7B%22page%22%3A%22https%3A%2F%2Fwww.123greetings.com%2Fevents%2Fdance_day%2F%3Futm_source%3DEmail%26amp%3Butm_medium%3DSpecial_NL%26amp%3Butm_campaign%3DSNL_june20_events%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%2C%22ixdiag%22%3A%7B%22mfu%22%3A0%2C%22bu%22%3A0%2C%22iu%22%3A0%2C%22nu%22%3A0%2C%22ou%22%3A1%2C%22allu%22%3A1%2C%22ren%22%3Atrue%2C%22version%22%3A%224.42.1%22%2C%22userIds%22%3A%5B%5D%2C%22msd%22%3A0%2C%22msi%22%3A0%7D%7D%2C%22source%22%3A%7B%22ext%22%3A%7B%22schain%22%3A%7B%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22avantisvideo.com%22%2C%22sid%22%3A%228079%22%2C%22rid%22%3A%2250f5b838f5c4b67b337d098ff66db892_172315319%22%2C%22name%22%3A%22123Greetings%22%2C%22domain%22%3A%22123greetings.com%22%2C%22hp%22%3A1%7D%5D%2C%22ver%22%3A%221.0%22%7D%7D%7D%2C%22imp%22%3A%5B%7B%22id%22%3A%226b2a2cef380665%22%2C%22ext%22%3A%7B%22siteID%22%3A%22512884%22%2C%22sid%22%3A%22400x225%22%2C%22fl%22%3A%22x%22%7D%2C%22video%22%3A%7B%22mimes%22%3A%5B%22video%2Fmp4%22%2C%22video%2Fwebm%22%2C%22application%2Fjavascript%22%5D%2C%22minduration%22%3A1%2C%22maxduration%22%3A60%2C%22api%22%3A%5B2%5D%2C%22protocols%22%3A%5B2%2C3%2C5%2C6%5D%2C%22w%22%3A400%2C%22h%22%3A225%2C%22placement%22%3A4%7D%2C%22bidfloor%22%3A0.2%2C%22bidfloorcur%22%3A%22USD%22%7D%5D%7D
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/avpb3.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.37.38.181 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-37-38-181.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 0d1bd1b38d8dc20e4b071c36c4afb9db32689929713f67d40dc327a138f56060

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:35:28 GMT
content-encoding: gzip
x-ak-initial-geo: CC:[CH], RC:[ZH], CN:[EU], CIP:[185.236.201.227], XFF:[]
server: Apache
vary: Is-Traffic-Invalid,Accept-Encoding
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
access-control-allow-origin: https://www.123greetings.com
x-cs-client-geo: 12
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: true
content-type: application/json
content-length: 44
x-ak-client-geo: 12
expires: Sat, 04 Sep 2021 04:35:28 GMT

POST
H/1.1 204
No Content 287573 Show response
search.spotxchange.com/openrtb/2.3/dados/ 0
989 B 383ms
69ms XHR
application/json 185.94.180.124
SPOTX-AMS

General

Check archive.org

Show headers Download Go to

Full URL: https://search.spotxchange.com/openrtb/2.3/dados/287573?src_sys=prebid
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/avpb3.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 185.94.180.124 Amsterdam, Netherlands, ASN35220 (SPOTX-AMS, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain

Response headers

Date: Sat, 04 Sep 2021 04:35:29 GMT
X-SpotX-Timing-Transform: 0.000309
X-SpotX-Timing-SpotMarket: 0.003762
X-SpotX-Timing-Page-Mux: 0.000954
X-SpotX-Timing-Page-Require: 0.000360
X-fe: 006
Connection: keep-alive
X-SpotX-Timing-Page-Cookie: 0.000002
X-SpotX-Timing-Page: 0.007426
Pragma: no-cache
X-SpotX-Timing-Page-Context: 0.000352
Last-Modified: Sat, 04 Sep 2021 04:35:29 GMT
Server: nginx
Cache-Control: no-cache, must-revalidate, post-check=0, pre-check=0
X-SpotX-Timing-SpotMarket-Primary: 0.003762
Access-Control-Allow-Methods: POST, GET, PATCH, DELETE, OPTIONS
Content-Type: application/json
Access-Control-Allow-Origin: https://www.123greetings.com
X-SpotX-Timing-Page-Misc: 0.001669
X-SpotX-Timing-Page-Exception: 0.000001
X-SpotX-Timing-SpotMarket-Secondary: 0.000000
X-SpotX-Timing-Page-URI: 0.000017
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 cygnus Show response
htlb.casalemedia.com/ 24 B
527 B 87ms
29ms XHR
application/json 23.37.38.181
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://htlb.casalemedia.com/cygnus?s=512884&v=8.1&ac=j&sd=1&nf=1&r=%7B%22id%22%3A%2231cb60aaf4ec96%22%2C%22site%22%3A%7B%22page%22%3A%22https%3A%2F%2Fwww.123greetings.com%2Fevents%2Fdance_day%2F%3Futm_source%3DEmail%26amp%3Butm_medium%3DSpecial_NL%26amp%3Butm_campaign%3DSNL_june20_events%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%2C%22ixdiag%22%3A%7B%22mfu%22%3A0%2C%22bu%22%3A0%2C%22iu%22%3A0%2C%22nu%22%3A0%2C%22ou%22%3A1%2C%22allu%22%3A1%2C%22ren%22%3Atrue%2C%22version%22%3A%224.42.1%22%2C%22userIds%22%3A%5B%5D%2C%22msd%22%3A0%2C%22msi%22%3A0%7D%7D%2C%22source%22%3A%7B%22ext%22%3A%7B%22schain%22%3A%7B%22nodes%22%3A%5B%7B%22asi%22%3A%22avantisvideo.com%22%2C%22sid%22%3A%228079%22%2C%22rid%22%3A%22db54353d9b02fe80bcf9a674d213f16a_1723161161%22%2C%22domain%22%3A%22123greetings.com%22%2C%22hp%22%3A1%2C%22name%22%3A%22123Greetings%22%7D%5D%2C%22ver%22%3A%221.0%22%2C%22complete%22%3A1%7D%7D%7D%2C%22imp%22%3A%5B%7B%22id%22%3A%22416010bd9796c%22%2C%22ext%22%3A%7B%22siteID%22%3A%22512884%22%2C%22sid%22%3A%22600x338%22%2C%22fl%22%3A%22x%22%7D%2C%22video%22%3A%7B%22mimes%22%3A%5B%22video%2Fmp4%22%2C%22video%2Fwebm%22%2C%22application%2Fjavascript%22%5D%2C%22minduration%22%3A1%2C%22maxduration%22%3A60%2C%22api%22%3A%5B2%5D%2C%22protocols%22%3A%5B2%2C3%2C5%2C6%5D%2C%22w%22%3A600%2C%22h%22%3A338%2C%22placement%22%3A4%7D%2C%22bidfloor%22%3A0.2%2C%22bidfloorcur%22%3A%22USD%22%7D%5D%7D
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/avpb3.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.37.38.181 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-37-38-181.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: d142a1fe9a36ccbe8248ef01df51c9d6f2181c45426b2376bd38bc50c79858cf

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:35:28 GMT
content-encoding: gzip
x-ak-initial-geo: CC:[CH], RC:[ZH], CN:[EU], CIP:[185.236.201.227], XFF:[]
server: Apache
vary: Is-Traffic-Invalid,Accept-Encoding
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
access-control-allow-origin: https://www.123greetings.com
x-cs-client-geo: 12
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: true
content-type: application/json
content-length: 44
x-ak-client-geo: 12
expires: Sat, 04 Sep 2021 04:35:28 GMT

POST
H/1.1 204
No Content openrtb Show response
ads.adaptv.advertising.com/rtb/ 0
221 B 129ms
30ms XHR
application/json 18.195.102.77
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.adaptv.advertising.com/rtb/openrtb?ext_id=Avantis
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/avpb3.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.195.102.77 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-102-77.eu-central-1.compute.amazonaws.com
Software: adaptv/1.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://www.123greetings.com
access-control-allow-credentials: true
server: adaptv/1.0
Connection: keep-alive
content-length: 0
content-type: application/json

GET
H2 200 track
track1.aniview.com/ 0
70 B 173ms
172ms Image
text/plain 18.214.42.169
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track1.aniview.com/track?d=Chrome&cou=CH&cos=Windows&r=www.123greetings.com&rs=www.123greetings.com&sid=28679&t=1630730128&cip=185.236.201.227&sn=Email&tgt=0&osv=10&bv=92.0&brn=Chrome&wi=600&he=338&app=&AV_PUBLISHERID=5e5bd02728a06124e30d85c3&test=&aafaid=&proto=https&uid=1630730128515-932215023603-008434-011-009939&cha=0.05&stagid=&stplid=&cb=29407597944&d9=0000&AV_WIDTH=600&AV_HEIGHT=338&&ppid=5e5bd02728a06124e30d85c3&nid=59918a0e073ef4782e4e347f&pcid=5ec3e3871f5e5c792c20f9f7&ncid=5e8b3e740cd6ad6132403f66&pasid=5e8b42ae145a8138e61d4a85&e=bid&cb=1630730129116&asid=60e594d3cc338a41335e9e75%2C60e594da4123720f2e250d24&ofpr=%2C&fpo=%2C
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.214.42.169 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-214-42-169.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:35:29 GMT
cache-control: max-age=0, no-cache, no-store
content-length: 0

GET
H2 200 ima3.js Show response
imasdk.googleapis.com/js/sdkloader/ Frame AB37 346 KB
119 KB 41ms
18ms Script
text/javascript 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/sdkloader/ima3.js

Requested by

Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=5e5bd02728a06124e30d85c3

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9a876f6cbd09c5f245491f6877db2a6bb7faa356893ae8a5f8881b2ad6c64212

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:35:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 121776
x-xss-protection: 0
expires: Sat, 04 Sep 2021 04:35:29 GMT

GET
H2 200 ima3.js Show response
imasdk.googleapis.com/js/sdkloader/ Frame 2722 346 KB
119 KB 87ms
65ms Script
text/javascript 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/sdkloader/ima3.js

Requested by

Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=5e5bd02728a06124e30d85c3

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9a876f6cbd09c5f245491f6877db2a6bb7faa356893ae8a5f8881b2ad6c64212

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:35:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 121776
x-xss-protection: 0
expires: Sat, 04 Sep 2021 04:35:29 GMT

GET
H3-29 200 bridge3.478.2_en.html Show response
imasdk.googleapis.com/js/core/ Frame B02A 574 KB
188 KB 36ms
23ms Document
text/html 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/core/bridge3.478.2_en.html

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6ba74b0b7223564fe5de95a05498160da36162274673a6c4583a757d233c41b1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: imasdk.googleapis.com
:scheme: https
:path: /js/core/bridge3.478.2_en.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.123greetings.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://www.123greetings.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 192508
date: Fri, 03 Sep 2021 19:55:47 GMT
expires: Sat, 03 Sep 2022 19:55:47 GMT
last-modified: Fri, 03 Sep 2021 19:50:18 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 31182
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 client.js Show response
s0.2mdn.net/instream/video/ Frame AB37 44 KB
17 KB 45ms
16ms Script
text/javascript 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/instream/video/client.js

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d0bffc7261df1454c5e05475cda7d9e6647318dc6c3936767e1252bfe8849c54

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:35:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16746
x-xss-protection: 0
expires: Sat, 04 Sep 2021 04:35:29 GMT

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ Frame AB37 107 B
165 B 21ms
20ms Script
application/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.123greetings.com

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 04 Sep 2021 04:35:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 bridge3.478.2_en.html Show response
imasdk.googleapis.com/js/core/ Frame 9F67 574 KB
188 KB 6ms
6ms Document
text/html 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/core/bridge3.478.2_en.html

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6ba74b0b7223564fe5de95a05498160da36162274673a6c4583a757d233c41b1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: imasdk.googleapis.com
:scheme: https
:path: /js/core/bridge3.478.2_en.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.123greetings.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://www.123greetings.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 192508
date: Fri, 03 Sep 2021 19:55:47 GMT
expires: Sat, 03 Sep 2022 19:55:47 GMT
last-modified: Fri, 03 Sep 2021 19:50:18 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 31182
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 client.js Show response
s0.2mdn.net/instream/video/ Frame 2722 44 KB
16 KB 17ms
16ms Script
text/javascript 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/instream/video/client.js

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d0bffc7261df1454c5e05475cda7d9e6647318dc6c3936767e1252bfe8849c54

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:35:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16746
x-xss-protection: 0
expires: Sat, 04 Sep 2021 04:35:29 GMT

GET
H3-29 200 integrator.js Show response
adservice.google.com/adsid/ Frame 2722 107 B
122 B 16ms
16ms Script
application/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.123greetings.com

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 04 Sep 2021 04:35:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 omweb-v1.js Show response
pagead2.googlesyndication.com/omsdk/releases/live/ Frame 6174 36 KB
13 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js

Requested by

Host: srcdoc
URL: about:srcdoc

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a11f37584d425c821f06a42bb6a20546c9ceaf34bbf5d4d776afbaef40148e6e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 03:41:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3245
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12603
x-xss-protection: 0
last-modified: Mon, 14 Dec 2020 16:45:56 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Sat, 04 Sep 2021 04:41:24 GMT

GET
H3-29 200 omweb-v1.js Show response
pagead2.googlesyndication.com/omsdk/releases/live/ Frame F5D3 36 KB
12 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js

Requested by

Host: srcdoc
URL: about:srcdoc

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a11f37584d425c821f06a42bb6a20546c9ceaf34bbf5d4d776afbaef40148e6e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 03:41:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3245
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12603
x-xss-protection: 0
last-modified: Mon, 14 Dec 2020 16:45:56 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Sat, 04 Sep 2021 04:41:24 GMT

GET
H/1.1 200
OK ixmatch.html Show response
js-sec.indexww.com/um/ Frame A117 2 KB
1 KB 150ms
51ms Document
text/html 2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://js-sec.indexww.com/um/ixmatch.html
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/avpb3.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 7eca7977c6ade416c20775a7fd7cfa2291c5752cd1225d5c4342b057c37a000c

Request headers

Host: js-sec.indexww.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://www.123greetings.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://www.123greetings.com/

Response headers

Server: Apache
Last-Modified: Thu, 11 Feb 2021 16:12:45 GMT
ETag: "e20015-90b-5bb11ca420f07"
Accept-Ranges: bytes
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1151
Date: Sat, 04 Sep 2021 04:35:29 GMT
Connection: keep-alive

GET
H/1.1

204
No Content

sync
ups.analytics.yahoo.com/ups/55953/
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=adaptv&ttd_tpi=1
https://match.adsrvr.org/track/cmb/generic?ttd_pid=adaptv&ttd_tpi=1
https://ups.analytics.yahoo.com/ups/55953/sync?uid=3fbf10f0-5e71-4598-8dcd-adf7fd341aab&_origin=1&gdpr=1&gdpr_consent=

0
234 B

109ms
27ms

Image
text/plain

3.126.56.137
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ups.analytics.yahoo.com/ups/55953/sync?uid=3fbf10f0-5e71-4598-8dcd-adf7fd341aab&_origin=1&gdpr=1&gdpr_consent=

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

3.126.56.137 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-126-56-137.eu-central-1.compute.amazonaws.com

Software

ATS/7.1.2.138 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Sat, 04 Sep 2021 04:35:29 GMT
Server: ATS/7.1.2.138
Connection: keep-alive
Age: 0
Strict-Transport-Security: max-age=31536000
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

Redirect headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:35:29 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://ups.analytics.yahoo.com/ups/55953/sync?uid=3fbf10f0-5e71-4598-8dcd-adf7fd341aab&_origin=1&gdpr=1&gdpr_consent=
cache-control: private,no-cache, must-revalidate
content-type: text/html
content-length: 267

GET
H/1.1

204
No Content

sync
ups.analytics.yahoo.com/ups/57304/
Redirect Chain

https://pixel.advertising.com/ups/57304/sync?gdpr=&gdpr_consent=&_origin=0&redir=true
https://pixel.advertising.com/ups/57304/sync?gdpr=&gdpr_consent=&_origin=0&redir=true&verify=true
https://ups.analytics.yahoo.com/ups/57304/sync?gdpr=&gdpr_consent=&_origin=0&redir=true&apid=UP8899cba9-0d39-11ec-8f0b-06a17173c662
https://ups.analytics.yahoo.com/ups/57304/sync?gdpr=&gdpr_consent=&_origin=0&redir=true&apid=UP8899cba9-0d39-11ec-8f0b-06a17173c662&verify=true
https://cm.g.doubleclick.net/pixel?google_nid=adaptv_dbm&google_cm&google_hm=VVA4ODk5Y2JhOS0wZDM5LTExZWMtOGYwYi0wNmExNzE3M2M2NjI%3D
https://pixel.advertising.com/ups/57304/sync?uid=CAESEOd3vx-wKdB6Kk_XAT19x6M&google_cver=1
https://ups.analytics.yahoo.com/ups/57304/sync?uid=CAESEOd3vx-wKdB6Kk_XAT19x6M&google_cver=1&apid=UP8899cba9-0d39-11ec-8f0b-06a17173c662

0
1 KB

29ms
29ms

Image
text/plain

3.126.56.137
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ups.analytics.yahoo.com/ups/57304/sync?uid=CAESEOd3vx-wKdB6Kk_XAT19x6M&google_cver=1&apid=UP8899cba9-0d39-11ec-8f0b-06a17173c662

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

3.126.56.137 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-126-56-137.eu-central-1.compute.amazonaws.com

Software

ATS/7.1.2.138 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Sat, 04 Sep 2021 04:35:30 GMT
Server: ATS/7.1.2.138
Connection: keep-alive
Age: 0
Strict-Transport-Security: max-age=31536000
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

Redirect headers

location: https://ups.analytics.yahoo.com/ups/57304/sync?uid=CAESEOd3vx-wKdB6Kk_XAT19x6M&google_cver=1&apid=UP8899cba9-0d39-11ec-8f0b-06a17173c662
date: Sat, 04 Sep 2021 04:35:30 GMT
content-length: 0
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H/1.1

204
No Content

sync
ups.analytics.yahoo.com/ups/55986/
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/m7y5t93k?gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fpixel.advertising.com%2Fups%2F55986%2Fsync%3Fuid%3D%24%7BUSER_ID%7D%26_origin%3D0&gdpr=0&gdpr_consent=
https://sync-tm.everesttech.net/ct/upi/pid/m7y5t93k?gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fpixel.advertising.com%2Fups%2F55986%2Fsync%3Fuid%3D%24%7BUSER_ID%7D%26_origin%3D0&gdpr=0&gdpr_consent=&_...
https://pixel.advertising.com/ups/55986/sync?uid=YTL3kQAERRxnbwBg&_origin=0&gdpr=0&gdpr_consent=&_test=YTL3kQAERRxnbwBg
https://ups.analytics.yahoo.com/ups/55986/sync?uid=YTL3kQAERRxnbwBg&_origin=0&gdpr=0&gdpr_consent=&_test=YTL3kQAERRxnbwBg&apid=UP8899cba9-0d39-11ec-8f0b-06a17173c662
https://ups.analytics.yahoo.com/ups/55986/sync?uid=YTL3kQAERRxnbwBg&_origin=0&gdpr=0&gdpr_consent=&_test=YTL3kQAERRxnbwBg&apid=UP8899cba9-0d39-11ec-8f0b-06a17173c662&verify=true

0
1 KB

29ms
29ms

Image
text/plain

3.126.56.137
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ups.analytics.yahoo.com/ups/55986/sync?uid=YTL3kQAERRxnbwBg&_origin=0&gdpr=0&gdpr_consent=&_test=YTL3kQAERRxnbwBg&apid=UP8899cba9-0d39-11ec-8f0b-06a17173c662&verify=true

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

3.126.56.137 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-126-56-137.eu-central-1.compute.amazonaws.com

Software

ATS/7.1.2.138 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Sat, 04 Sep 2021 04:35:30 GMT
Server: ATS/7.1.2.138
Connection: keep-alive
Age: 0
Strict-Transport-Security: max-age=31536000
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

Redirect headers

Date: Sat, 04 Sep 2021 04:35:29 GMT
Server: ATS/7.1.2.138
Age: 0
Strict-Transport-Security: max-age=31536000
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Location: https://ups.analytics.yahoo.com/ups/55986/sync?uid=YTL3kQAERRxnbwBg&_origin=0&gdpr=0&gdpr_consent=&_test=YTL3kQAERRxnbwBg&apid=UP8899cba9-0d39-11ec-8f0b-06a17173c662&verify=true
Connection: keep-alive
Content-Length: 0

GET
DATA 200
OK truncated
/ Frame 9F67 43 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Content-Type: image/gif

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 9F67 0
20 B 15ms
14ms Image
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?blob=nullPromise&lid=155&sdkv=h.3.478.2&id=ima_html5&c=1535868007124799&domain=www.123greetings.com

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:35:29 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 9F67 0
20 B 15ms
14ms Image
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?mode=2&lid=41&sdkv=h.3.478.2&id=ima_html5&c=1535868007124799&domain=www.123greetings.com

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:35:29 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 9F67 0
20 B 15ms
15ms Image
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?delay=0&vpaidadapter=f&request_type=xfp&ctv=0&lid=6&sdkv=h.3.478.2&e=44730896&id=ima_html5&c=1535868007124799&domain=www.123greetings.com

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:35:29 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 9F67 0
20 B 16ms
15ms Image
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?step=sendingMessage&logid=0.5269068414559035&time=1630730129817&lid=43&sdkv=h.3.478.2&e=44730896&id=ima_html5&c=1535868007124799&domain=www.123greetings.com

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:35:29 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ads Show response
pubads.g.doubleclick.net/gampad/ Frame B02A 156 B
523 B 388ms
387ms XHR
text/xml 216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pubads.g.doubleclick.net/gampad/ads?iu=%2F7103%2FSMG_AirNow%2Fpreroll%2Fsyndication_2&description_url=https%3A%2F%2Fwww.123greetings.com%2Fevents%2Fdance_day%2F%3Futm_source&tfcd=0&npa=0&sz=640x480&gdfp_req=1&output=xml_vast4&unviewed_position_start=1&env=vp&correlator=4203708038798183&sdkv=h.3.478.2&osd=2&frm=0&vis=1&sdr=1&hl=en&afvsz=200x200%2C250x250%2C300x250%2C450x50%2C468x60%2C480x70&is_amp=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&u_so=l&ctv=0&sdki=44d&adk=40307868&sdk_apis=2%2C8&sid=081A63D1-2D24-49C6-8DA4-AF048482C200&url=https%3A%2F%2Fwww.123greetings.com%2Fevents%2Fdance_day%2F%3Futm_source%3DEmail%26amp%3Butm_medium%3DSpecial_NL%26amp%3Butm_campaign%3DSNL_june20_events&dt=1630730129855&cookie_enabled=1&scor=3502189527639998&ged=ve4_td1_tt0_pd1_la1000_er1157.320.1309.620_vi0.0.1200.1600_vp28_eb23147

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.478.2_en.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.212.130 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s46-in-f2.1e100.net

Software

cafe /

Resource Hash

8cd629187427fdb93787d7156be7a32c391bb2a8da471bbaa274e806e48b36e7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:35:30 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 113
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/xml; charset=UTF-8
access-control-allow-origin: https://imasdk.googleapis.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 track
track1.aniview.com/ 0
70 B 136ms
136ms Image
text/plain 18.214.42.169
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track1.aniview.com/track?d=Chrome&cou=CH&cos=Windows&r=www.123greetings.com&rs=www.123greetings.com&sid=87891&t=1630730128&cip=185.236.201.227&sn=Email&tgt=0&osv=10&bv=92.0&brn=Chrome&wi=400&he=225&app=&AV_PUBLISHERID=5e5bd02728a06124e30d85c3&test=&aafaid=&proto=https&uid=1630730128514-952271023603-008770-014-002257&cha=0.7&stagid=&stplid=&cb=22889367010&d9=0000&AV_WIDTH=400&AV_HEIGHT=225&&ppid=5e5bd02728a06124e30d85c3&nid=59918a0e073ef4782e4e347f&pcid=5e5bd1f528a0610dd725f7d8&ncid=5e8b3e740cd6ad6132403f66&pasid=5e8b42ae145a8138e61d4a85&e=bid&cb=1630730129917&asid=60e594d3cc338a41335e9e75%2C60e594da4123720f2e250d24&ofpr=%2C&fpo=%2C
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.214.42.169 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-214-42-169.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:35:30 GMT
cache-control: max-age=0, no-cache, no-store
content-length: 0

GET
H2 200 ads Show response
pubads.g.doubleclick.net/gampad/ Frame 9F67 156 B
185 B 378ms
376ms XHR
text/xml 216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pubads.g.doubleclick.net/gampad/ads?iu=%2F7103%2FSMG_AirNow%2Fpreroll%2Fsyndication_4&description_url=https%3A%2F%2Fwww.123greetings.com%2Fevents%2Fdance_day%2F%3Futm_source&tfcd=0&npa=0&sz=640x480&gdfp_req=1&output=xml_vast4&unviewed_position_start=1&env=vp&correlator=556514244222319&sdkv=h.3.478.2&osd=2&frm=0&vis=1&sdr=1&hl=en&afvsz=200x200%2C250x250%2C300x250%2C450x50%2C468x60%2C480x70&is_amp=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&u_so=l&ctv=0&sdki=44d&adk=3937429871&sdk_apis=2%2C8&sid=6FA91421-B79F-43E1-BE79-19C7679B959A&eid=44730896&url=https%3A%2F%2Fwww.123greetings.com%2Fevents%2Fdance_day%2F%3Futm_source%3DEmail%26amp%3Butm_medium%3DSpecial_NL%26amp%3Butm_campaign%3DSNL_june20_events&dt=1630730129929&cookie_enabled=1&scor=815695072519056&ged=ve4_td1_tt0_pd1_la1000_er1157.320.1309.620_vi0.0.1200.1600_vp28_eb23147

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.478.2_en.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.212.130 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s46-in-f2.1e100.net

Software

cafe /

Resource Hash

8cd629187427fdb93787d7156be7a32c391bb2a8da471bbaa274e806e48b36e7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:35:30 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 113
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/xml; charset=UTF-8
access-control-allow-origin: https://imasdk.googleapis.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 9F67 0
20 B 15ms
14ms Image
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?step=receivedResponse&time=1630730129928&timeout=f&logid=0.5269068414559035&timediff=111&lid=43&sdkv=h.3.478.2&e=44730896&id=ima_html5&c=1535868007124799&domain=www.123greetings.com

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:35:29 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 9F67 0
20 B 16ms
15ms Image
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?rt=xfp&lid=17&sdkv=h.3.478.2&e=44730896&id=ima_html5&c=1535868007124799&domain=www.123greetings.com

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:35:29 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 ima3.js Show response
imasdk.googleapis.com/js/sdkloader/ Frame 93C2 346 KB
119 KB 14ms
13ms Script
text/javascript 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/sdkloader/ima3.js

Requested by

Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=5e5bd02728a06124e30d85c3

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9a876f6cbd09c5f245491f6877db2a6bb7faa356893ae8a5f8881b2ad6c64212

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:35:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 121776
x-xss-protection: 0
expires: Sat, 04 Sep 2021 04:35:30 GMT

GET
H3-29 200 ima3.js Show response
imasdk.googleapis.com/js/sdkloader/ Frame 30EC 346 KB
119 KB 21ms
21ms Script
text/javascript 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/sdkloader/ima3.js

Requested by

Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=5e5bd02728a06124e30d85c3

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9a876f6cbd09c5f245491f6877db2a6bb7faa356893ae8a5f8881b2ad6c64212

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:35:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 121776
x-xss-protection: 0
expires: Sat, 04 Sep 2021 04:35:30 GMT

GET
H/1.1 200
OK Cookie set usermatch Show response
ssum-sec.casalemedia.com/ Frame 2839 2 KB
3 KB 40ms
40ms Document
text/html 2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ssum-sec.casalemedia.com/usermatch?d=https://www.123greetings.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Requested by: Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/um/ixmatch.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: f2ad7bf70a12e07097b2613d91c72ab78c3dced5bf127c3a1c6d4e37251118a6

Request headers

Host: ssum-sec.casalemedia.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://js-sec.indexww.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: CMID=YTL3kKYyndRmi8RveD-PFAAA
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://js-sec.indexww.com/

Response headers

Server: Apache
Content-Type: text/html
Dropped-Udsids: 39|45|230|241|4|156|196|88
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Vary: Is-Traffic-Usersync
Content-Length: 1616
Expires: Sat, 04 Sep 2021 04:35:30 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 04 Sep 2021 04:35:30 GMT
Connection: keep-alive
Set-Cookie: CMID=YTL3kKYyndRmi8RveD-PFAAA;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Sun, 04 Sep 2022 04:35:30 GMT CMPS=5222;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Fri, 03 Dec 2021 04:35:30 GMT CMPRO=1118;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Fri, 03 Dec 2021 04:35:30 GMT CMST=YTL3kmEy95IA;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Sun, 05 Sep 2021 04:35:30 GMT CMRUM3=276132f7920b40&c46132f79205a0&f16132f79205a0&046132f79205a0&9c6132f79205a00&e66132f7922760&2d6132f79205a0&586132f79205a0;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Sun, 04 Sep 2022 04:35:30 GMT

GET
H3-29 200 bridge3.478.2_en.html Show response
imasdk.googleapis.com/js/core/ Frame 316B 574 KB
188 KB 6ms
6ms Document
text/html 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/core/bridge3.478.2_en.html

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6ba74b0b7223564fe5de95a05498160da36162274673a6c4583a757d233c41b1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: imasdk.googleapis.com
:scheme: https
:path: /js/core/bridge3.478.2_en.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.123greetings.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://www.123greetings.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 192508
date: Fri, 03 Sep 2021 19:55:47 GMT
expires: Sat, 03 Sep 2022 19:55:47 GMT
last-modified: Fri, 03 Sep 2021 19:50:18 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 31183
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 client.js Show response
s0.2mdn.net/instream/video/ Frame 93C2 44 KB
16 KB 14ms
14ms Script
text/javascript 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/instream/video/client.js

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d0bffc7261df1454c5e05475cda7d9e6647318dc6c3936767e1252bfe8849c54

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:35:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16746
x-xss-protection: 0
expires: Sat, 04 Sep 2021 04:35:30 GMT

GET
H3-29 200 integrator.js Show response
adservice.google.com/adsid/ Frame 93C2 107 B
122 B 15ms
14ms Script
application/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.123greetings.com

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 04 Sep 2021 04:35:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 bridge3.478.2_en.html Show response
imasdk.googleapis.com/js/core/ Frame 6C85 574 KB
188 KB 6ms
6ms Document
text/html 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/core/bridge3.478.2_en.html

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6ba74b0b7223564fe5de95a05498160da36162274673a6c4583a757d233c41b1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: imasdk.googleapis.com
:scheme: https
:path: /js/core/bridge3.478.2_en.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.123greetings.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://www.123greetings.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 192508
date: Fri, 03 Sep 2021 19:55:47 GMT
expires: Sat, 03 Sep 2022 19:55:47 GMT
last-modified: Fri, 03 Sep 2021 19:50:18 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 31183
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 client.js Show response
s0.2mdn.net/instream/video/ Frame 30EC 44 KB
16 KB 14ms
14ms Script
text/javascript 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/instream/video/client.js

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d0bffc7261df1454c5e05475cda7d9e6647318dc6c3936767e1252bfe8849c54

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:35:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16746
x-xss-protection: 0
expires: Sat, 04 Sep 2021 04:35:30 GMT

GET
H3-29 200 integrator.js Show response
adservice.google.com/adsid/ Frame 30EC 107 B
122 B 15ms
15ms Script
application/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.123greetings.com

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 04 Sep 2021 04:35:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 casale
match.adsrvr.org/track/cmf/ Frame 2839 70 B
264 B 79ms
77ms Image
image/gif 76.223.111.131
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/casale
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https://www.123greetings.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 76.223.111.131 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a97adde81b00f2ca4.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:35:30 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H/1.1

200
OK

crum
dsum-sec.casalemedia.com/ Frame 2839
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=YTL3kKYyndRmi8RveD-PFAAA
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEIcNXPYvixVNObvsrlcFjzE&google_cver=1

43 B
1016 B

38ms
38ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEIcNXPYvixVNObvsrlcFjzE&google_cver=1
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https://www.123greetings.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 04 Sep 2021 04:35:30 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Sat, 04 Sep 2021 04:35:30 GMT

Redirect headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:35:30 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEIcNXPYvixVNObvsrlcFjzE&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 314
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

usermatchredir
ssum-sec.casalemedia.com/ Frame 2839
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=YTL3kKYyndRmi8RveD_PFAAABF4AAAIB&gdpr_consent=&us_privacy=&gdpr=
https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=&google_gid=CAESEBpbz0P1C3bHrjyOE8ge9qU&google_cver=1

43 B
315 B

32ms
31ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=&google_gid=CAESEBpbz0P1C3bHrjyOE8ge9qU&google_cver=1
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https://www.123greetings.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 04 Sep 2021 04:35:30 GMT
Server: Apache
Vary: Is-Traffic-Usersync
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 43
Expires: Sat, 04 Sep 2021 04:35:30 GMT

Redirect headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:35:30 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=&google_gid=CAESEBpbz0P1C3bHrjyOE8ge9qU&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 342
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

dcm
s.amazon-adsystem.com/ Frame 2839
Redirect Chain

https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=YTL3kKYyndRmi8RveD_PFAAABF4AAAIB
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=YTL3kKYyndRmi8RveD_PFAAABF4AAAIB&dcc=t

43 B
932 B

137ms
136ms

Image
image/gif

52.46.154.242
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=YTL3kKYyndRmi8RveD_PFAAABF4AAAIB&dcc=t

Requested by

Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https://www.123greetings.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.46.154.242 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 04 Sep 2021 04:35:30 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: GHV89S0RE2ZFKWMC6GA6
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Sat, 04 Sep 2021 04:35:30 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: 2NZXR4V23ET4D18AE2A8
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location: https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=YTL3kKYyndRmi8RveD_PFAAABF4AAAIB&dcc=t
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 2839
Redirect Chain

https://ad.turn.com/r/cs?pid=21
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=4&external_user_id=8162451057914217269

43 B
992 B

37ms
36ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=4&external_user_id=8162451057914217269
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https://www.123greetings.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 04 Sep 2021 04:35:30 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Sat, 04 Sep 2021 04:35:30 GMT

Redirect headers

location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=4&external_user_id=8162451057914217269
pragma: no-cache
date: Sat, 04 Sep 2021 04:35:29 GMT
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length: 0
p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

GET
H/1.1 200
OK cookiesync
bttrack.com/pixel/ Frame 2839 35 B
380 B 470ms
118ms Image
image/gif 192.132.33.46
BIDTELLECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bttrack.com/pixel/cookiesync?source=67e94f23-25d6-4008-8236-375d1743c2e0&secure=1
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https://www.123greetings.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 192.132.33.46 , United States, ASN18568 (BIDTELLECT, US),
Reverse DNS: 46.bidtellect.com
Software: Microsoft-IIS/8.5 /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

X-ServerName: Track004-dc3
Pragma: no-cache
Date: Sat, 04 Sep 2021 04:34:54 GMT
X-AspNetMvc-Version: 5.2
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319
P3P: CP="CAO DSP COR ADMo DEVo PSAo PSDo HISo IVAo IVDo OUR IND OTC"
Cache-Control: private,no-cache
Content-Type: image/gif
Content-Length: 35
Expires: -1

GET
H/1.1

200
OK

crum
dsum-sec.casalemedia.com/ Frame 2839
Redirect Chain

https://gu.dyntrk.com/adx/ie/us.php?dynk=1nd3xx6ch1
https://gu.dyntrk.com/adx/ie/us.php?dynk=1nd3xx6ch1&prevuid=03030002_6132f792456d1&knw=0
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=196&external_user_id=03030002_6132f792456d1

43 B
1 KB

38ms
38ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=196&external_user_id=03030002_6132f792456d1
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https://www.123greetings.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 04 Sep 2021 04:35:30 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Sat, 04 Sep 2021 04:35:30 GMT

Redirect headers

date: Sat, 04 Sep 2021 04:35:30 GMT
server: nginx
access-control-allow-origin: *
transfer-encoding: chunked
access-control-allow-methods: POST, GET, OPTIONS
p3p: CP="NOI DEV OUR BUS UNI"
location: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=196&external_user_id=03030002_6132f792456d1
cache-control: no-cache
content-type: text/html; charset=UTF-8
access-control-allow-headers: Origin
keep-alive: timeout=10

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 2839
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/ZMAwryCI?redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Frum%3Fcm_dsp_id%3D88%26external_user_id%3D%24%7BTM_USER_ID%7D
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=88&external_user_id=YTL3kQAERRxnbwBg

43 B
989 B

38ms
38ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=88&external_user_id=YTL3kQAERRxnbwBg
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https://www.123greetings.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 04 Sep 2021 04:35:30 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Sat, 04 Sep 2021 04:35:30 GMT

Redirect headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:35:30 GMT
via: 1.1 varnish
server: Varnish
x-timer: S1630730130.203952,VS0,VE0
x-served-by: cache-fra19167-FRA
x-cache: HIT
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=88&external_user_id=YTL3kQAERRxnbwBg
cache-control: no-cache
accept-ranges: bytes
content-length: 0
retry-after: 0
x-cache-hits: 0

GET
H/1.1 200
OK htw-pixel.gif
js-sec.indexww.com/ht/ Frame 2839 43 B
425 B 34ms
32ms Image
image/gif 2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://js-sec.indexww.com/ht/htw-pixel.gif?YTL3kKYyndRmi8RveD-PFAAA%261118
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https://www.123greetings.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Sat, 04 Sep 2021 04:35:30 GMT
Last-Modified: Tue, 24 Jan 2017 19:36:04 GMT
Server: Apache
ETag: "da1f1d-2b-546dc3a097100"
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=2284
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: image/gif
Content-Length: 43
Expires: Sat, 04 Sep 2021 05:13:34 GMT

GET
H3-29 200 omweb-v1.js Show response
pagead2.googlesyndication.com/omsdk/releases/live/ Frame 8709 36 KB
12 KB 8ms
6ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js

Requested by

Host: srcdoc
URL: about:srcdoc

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a11f37584d425c821f06a42bb6a20546c9ceaf34bbf5d4d776afbaef40148e6e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 03:41:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3246
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12603
x-xss-protection: 0
last-modified: Mon, 14 Dec 2020 16:45:56 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Sat, 04 Sep 2021 04:41:24 GMT

GET
H3-29 200 omweb-v1.js Show response
pagead2.googlesyndication.com/omsdk/releases/live/ Frame 3CEB 36 KB
12 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js

Requested by

Host: srcdoc
URL: about:srcdoc

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a11f37584d425c821f06a42bb6a20546c9ceaf34bbf5d4d776afbaef40148e6e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 03:41:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3246
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12603
x-xss-protection: 0
last-modified: Mon, 14 Dec 2020 16:45:56 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Sat, 04 Sep 2021 04:41:24 GMT

POST
H2 204 /
events1.avantisvideo.com/ 0
34 B 183ms
183ms Ping
text/plain 52.34.57.2
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://events1.avantisvideo.com/
Requested by: Host: cdn.avantisvideo.com
URL: https://cdn.avantisvideo.com/js/video-loader2.1-cr.js?id=1c35f5e5-f7c0-4c97-8283-6c9f94ba8c53&tagId=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.34.57.2 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-34-57-2.us-west-2.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Sat, 04 Sep 2021 04:35:30 GMT

GET
H3-29 200 ads Show response
pubads.g.doubleclick.net/gampad/ Frame 316B 156 B
142 B 343ms
343ms XHR
text/xml 216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pubads.g.doubleclick.net/gampad/ads?iu=%2F7103%2FSMG_AirNow%2Fpreroll%2Fsyndication_2&description_url=https%3A%2F%2Fwww.123greetings.com%2Fevents%2Fdance_day%2F%3Futm_source&tfcd=0&npa=0&sz=640x480&gdfp_req=1&output=xml_vast4&unviewed_position_start=1&env=vp&correlator=2735208857314169&sdkv=h.3.478.2&osd=2&frm=0&vis=1&sdr=1&hl=en&is_amp=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&u_so=l&ctv=0&sdki=44d&adk=978844781&sdk_apis=2%2C8&sid=034DB0FA-C78C-4071-85AE-2F130EEE609B&eid=420706097%2C44737473&url=https%3A%2F%2Fwww.123greetings.com%2Fevents%2Fdance_day%2F%3Futm_source%3DEmail%26amp%3Butm_medium%3DSpecial_NL%26amp%3Butm_campaign%3DSNL_june20_events&dt=1630730130389&cookie_enabled=1&scor=1404994146828894&ged=ve4_td0_tt0_pd0_la0_er1199.1200.1351.1500_vi0.0.1200.1600_vp1_eb23147

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.478.2_en.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

216.58.212.130 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s46-in-f2.1e100.net

Software

cafe /

Resource Hash

8cd629187427fdb93787d7156be7a32c391bb2a8da471bbaa274e806e48b36e7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:35:30 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 113
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/xml; charset=UTF-8
access-control-allow-origin: https://imasdk.googleapis.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 ads Show response
pubads.g.doubleclick.net/gampad/ Frame 6C85 156 B
142 B 338ms
338ms XHR
text/xml 216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pubads.g.doubleclick.net/gampad/ads?iu=%2F7103%2FSMG_AirNow%2Fpreroll%2Fsyndication_4&description_url=https%3A%2F%2Fwww.123greetings.com%2Fevents%2Fdance_day%2F%3Futm_source&tfcd=0&npa=0&sz=640x480&gdfp_req=1&output=xml_vast4&unviewed_position_start=1&env=vp&correlator=1341022319326912&sdkv=h.3.478.2&osd=2&frm=0&vis=1&sdr=1&hl=en&is_amp=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&u_so=l&ctv=0&sdki=44d&adk=2539213421&sdk_apis=2%2C8&sid=A4C07D06-3E7E-4DDD-BFAF-47BFCB73BCCC&eid=44730896&url=https%3A%2F%2Fwww.123greetings.com%2Fevents%2Fdance_day%2F%3Futm_source%3DEmail%26amp%3Butm_medium%3DSpecial_NL%26amp%3Butm_campaign%3DSNL_june20_events&dt=1630730130392&cookie_enabled=1&scor=3227124151501141&ged=ve4_td0_tt0_pd0_la0_er1199.1200.1351.1500_vi0.0.1200.1600_vp1_eb23147

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.478.2_en.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

216.58.212.130 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s46-in-f2.1e100.net

Software

cafe /

Resource Hash

8cd629187427fdb93787d7156be7a32c391bb2a8da471bbaa274e806e48b36e7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:35:30 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 113
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/xml; charset=UTF-8
access-control-allow-origin: https://imasdk.googleapis.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK ptv Show response
ib.adnxs.com/ 85 B
926 B 36ms
36ms XHR
application/xml 185.33.220.243
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ptv?id=19012622&referrer=https%3A%2F%2Fwww.123greetings.com%2Fevents%2Fdance_day%2F%3Futm_source&us_privacy=1---&cbb=730130402&imp_id=7dc9ea89-efd5-4dfd-9899-f035added577

Requested by

Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=5e5bd02728a06124e30d85c3

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.220.243 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

722.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

b2effcb18f514a7896e737bdda537f2ef3b5bb989eb247f4ab2aa3facf1148ea

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 04 Sep 2021 04:35:30 GMT
X-Proxy-Origin: 185.236.201.227; 185.236.201.227; 722.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 8c4fa6ee-6026-4ca0-822d-d8fae543b86a
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.123greetings.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/xml; charset=utf-8
Content-Length: 85
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 200 s2s Show response
s2s.aniview.com/api/adserver/ 1 B
235 B 129ms
128ms XHR
text/plain 52.2.252.150
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://s2s.aniview.com/api/adserver/s2s?auc_id=db54353d9b02fe80bcf9a674d213f16a_1723161161&wpm=&ssrtb=&pbjs=&AV_C_USER_ID=1630730128515-932215023603-008434-011-009939&AV_URL=https%3A%2F%2Fwww.123greetings.com%2Fevents%2Fdance_day%2F%3Futm_source&utm_medium=Special_NL&utm_campaign=SNL_june20_events&AV_SUBID=Email&AV_SECURED=1&AV_LANGUAGE=en&AV_PUBLISHERID=5e5bd02728a06124e30d85c3&AV_CHANNELID=5ec3e3871f5e5c792c20f9f7&format=json&tgt=0&AV_CDIM1=&AV_CDIM2=&AV_CDIM3=&AV_ABT=&pce=1&npx=1&AV_DETDOMAIN=www.123greetings.com&AV_DADPOS=3&v=6.1.1.243&avtoken=128234&AV_WIDTH=600&AV_HEIGHT=338&AV_DNT=0&cb=730130403&tgt=0&&AV_VI=12&AV_VID=0
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=5e5bd02728a06124e30d85c3
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.2.252.150 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-2-252-150.compute-1.amazonaws.com
Software: /
Resource Hash: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:35:30 GMT
content-encoding: gzip
vary: Accept-Encoding
content-type: text/plain
access-control-allow-origin: https://www.123greetings.com
cache-control: no-cache
access-control-allow-credentials: true
expires: Mon, 23 Aug 2021 14:48:50 GMT

GET
H2 200 track
track1.aniview.com/ 0
70 B 124ms
123ms Image
text/plain 18.214.42.169
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track1.aniview.com/track?d=Chrome&cou=CH&cos=Windows&r=www.123greetings.com&rs=www.123greetings.com&sid=28679&t=1630730128&cip=185.236.201.227&sn=Email&tgt=0&osv=10&bv=92.0&brn=Chrome&wi=600&he=338&app=&AV_PUBLISHERID=5e5bd02728a06124e30d85c3&test=&aafaid=&proto=https&uid=1630730128515-932215023603-008434-011-009939&cha=0.05&stagid=&stplid=&cb=29407597944&d9=0000&AV_WIDTH=600&AV_HEIGHT=338&&ppid=5e5bd02728a06124e30d85c3&nid=59918a0e073ef4782e4e347f&pcid=5ec3e3871f5e5c792c20f9f7&ncid=5e8b3e740cd6ad6132403f66&pasid=5e8b42ae145a8138e61d4a85&e=request&cb=1630730130403&asid=60e594d3cc338a41335e9e75%2C60e594da4123720f2e250d24%2C5e9030afdc817965520eb855%2C6114f48c04b3691b08691b7c%2C608e90cf34acc10fb7767e4a%2C6114f476dd0eb2621e735342&ofpr=%2C%2C%2C0.29%2C0.26%2C0.2&fpo=%2C%2C%2C%2C%2C
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.214.42.169 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-214-42-169.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:35:30 GMT
cache-control: max-age=0, no-cache, no-store
content-length: 0

POST
H/1.1 204
No Content 287573 Show response
search.spotxchange.com/openrtb/2.3/dados/ 0
989 B 39ms
39ms XHR
application/json 185.94.180.124
SPOTX-AMS

General

Check archive.org

Show headers Download Go to

Full URL: https://search.spotxchange.com/openrtb/2.3/dados/287573?src_sys=prebid
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/avpb3.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 185.94.180.124 Amsterdam, Netherlands, ASN35220 (SPOTX-AMS, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain

Response headers

Date: Sat, 04 Sep 2021 04:35:30 GMT
X-SpotX-Timing-Transform: 0.000276
X-SpotX-Timing-SpotMarket: 0.002849
X-SpotX-Timing-Page-Mux: 0.000922
X-SpotX-Timing-Page-Require: 0.000364
X-fe: 101
Connection: keep-alive
X-SpotX-Timing-Page-Cookie: 0.000002
X-SpotX-Timing-Page: 0.006810
Pragma: no-cache
X-SpotX-Timing-Page-Context: 0.000331
Last-Modified: Sat, 04 Sep 2021 04:35:30 GMT
Server: nginx
Cache-Control: no-cache, must-revalidate, post-check=0, pre-check=0
X-SpotX-Timing-SpotMarket-Primary: 0.002849
Access-Control-Allow-Methods: POST, GET, PATCH, DELETE, OPTIONS
Content-Type: application/json
Access-Control-Allow-Origin: https://www.123greetings.com
X-SpotX-Timing-Page-Misc: 0.002053
X-SpotX-Timing-Page-Exception: 0.000001
X-SpotX-Timing-SpotMarket-Secondary: 0.000000
X-SpotX-Timing-Page-URI: 0.000011
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers
Expires: Thu, 01 Jan 1970 00:00:00 GMT

POST
H/1.1 204
No Content openrtb Show response
ads.adaptv.advertising.com/rtb/ 0
221 B 33ms
32ms XHR
application/json 18.195.102.77
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.adaptv.advertising.com/rtb/openrtb?ext_id=Avantis
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/avpb3.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.195.102.77 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-102-77.eu-central-1.compute.amazonaws.com
Software: adaptv/1.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://www.123greetings.com
access-control-allow-credentials: true
server: adaptv/1.0
Connection: keep-alive
content-length: 0
content-type: application/json

GET
H2 200 cygnus Show response
htlb.casalemedia.com/ 25 B
528 B 30ms
30ms XHR
application/json 23.37.38.181
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://htlb.casalemedia.com/cygnus?s=512884&v=8.1&ac=j&sd=1&nf=1&r=%7B%22id%22%3A%2212538222329db17%22%2C%22site%22%3A%7B%22page%22%3A%22https%3A%2F%2Fwww.123greetings.com%2Fevents%2Fdance_day%2F%3Futm_source%3DEmail%26amp%3Butm_medium%3DSpecial_NL%26amp%3Butm_campaign%3DSNL_june20_events%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%2C%22ixdiag%22%3A%7B%22mfu%22%3A0%2C%22bu%22%3A0%2C%22iu%22%3A0%2C%22nu%22%3A0%2C%22ou%22%3A1%2C%22allu%22%3A1%2C%22ren%22%3Atrue%2C%22version%22%3A%224.42.1%22%2C%22userIds%22%3A%5B%5D%2C%22msd%22%3A0%2C%22msi%22%3A0%7D%7D%2C%22source%22%3A%7B%22ext%22%3A%7B%22schain%22%3A%7B%22nodes%22%3A%5B%7B%22asi%22%3A%22avantisvideo.com%22%2C%22sid%22%3A%228079%22%2C%22rid%22%3A%22db54353d9b02fe80bcf9a674d213f16a_1723161161%22%2C%22domain%22%3A%22123greetings.com%22%2C%22hp%22%3A1%2C%22name%22%3A%22123Greetings%22%7D%5D%2C%22ver%22%3A%221.0%22%2C%22complete%22%3A1%7D%7D%7D%2C%22imp%22%3A%5B%7B%22id%22%3A%22138102de64de03a%22%2C%22ext%22%3A%7B%22siteID%22%3A%22512884%22%2C%22sid%22%3A%22600x338%22%2C%22fl%22%3A%22x%22%7D%2C%22video%22%3A%7B%22mimes%22%3A%5B%22video%2Fmp4%22%2C%22video%2Fwebm%22%2C%22application%2Fjavascript%22%5D%2C%22minduration%22%3A1%2C%22maxduration%22%3A60%2C%22api%22%3A%5B2%5D%2C%22protocols%22%3A%5B2%2C3%2C5%2C6%5D%2C%22w%22%3A600%2C%22h%22%3A338%2C%22placement%22%3A4%7D%2C%22bidfloor%22%3A0.2%2C%22bidfloorcur%22%3A%22USD%22%7D%5D%7D
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/avpb3.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.37.38.181 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-37-38-181.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 03fee590e2ae6933ab1b5fea01ae1d48e62739af12c7c4ed852d069b1433cd88

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:35:30 GMT
content-encoding: gzip
x-ak-initial-geo: CC:[CH], RC:[ZH], CN:[EU], CIP:[185.236.201.227], XFF:[]
server: Apache
vary: Is-Traffic-Invalid,Accept-Encoding
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
access-control-allow-origin: https://www.123greetings.com
x-cs-client-geo: 12
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: true
content-type: application/json
content-length: 45
x-ak-client-geo: 12
expires: Sat, 04 Sep 2021 04:35:30 GMT

GET
H/1.1 200
OK ixmatch.html Show response
js-sec.indexww.com/um/ Frame BF2C 2 KB
1 KB 38ms
37ms Document
text/html 2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://js-sec.indexww.com/um/ixmatch.html
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/avpb3.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 7eca7977c6ade416c20775a7fd7cfa2291c5752cd1225d5c4342b057c37a000c

Request headers

Host: js-sec.indexww.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://www.123greetings.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://www.123greetings.com/

Response headers

Server: Apache
Last-Modified: Thu, 11 Feb 2021 16:12:45 GMT
ETag: "e20015-90b-5bb11ca420f07"
Accept-Ranges: bytes
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1151
Date: Sat, 04 Sep 2021 04:35:30 GMT
Connection: keep-alive

GET
H/1.1

204
No Content

sync
ups.analytics.yahoo.com/ups/55953/
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=adaptv&ttd_tpi=1
https://ups.analytics.yahoo.com/ups/55953/sync?uid=3fbf10f0-5e71-4598-8dcd-adf7fd341aab&_origin=1&gdpr=1&gdpr_consent=

0
234 B

28ms
28ms

Image
text/plain

3.126.56.137
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ups.analytics.yahoo.com/ups/55953/sync?uid=3fbf10f0-5e71-4598-8dcd-adf7fd341aab&_origin=1&gdpr=1&gdpr_consent=

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

3.126.56.137 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-126-56-137.eu-central-1.compute.amazonaws.com

Software

ATS/7.1.2.138 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Sat, 04 Sep 2021 04:35:30 GMT
Server: ATS/7.1.2.138
Connection: keep-alive
Age: 0
Strict-Transport-Security: max-age=31536000
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

Redirect headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:35:30 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://ups.analytics.yahoo.com/ups/55953/sync?uid=3fbf10f0-5e71-4598-8dcd-adf7fd341aab&_origin=1&gdpr=1&gdpr_consent=
cache-control: private,no-cache, must-revalidate
content-type: text/html
content-length: 267

GET
H/1.1

204
No Content

sync
ups.analytics.yahoo.com/ups/55986/
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/m7y5t93k?gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fpixel.advertising.com%2Fups%2F55986%2Fsync%3Fuid%3D%24%7BUSER_ID%7D%26_origin%3D0&gdpr=0&gdpr_consent=
https://pixel.advertising.com/ups/55986/sync?uid=YTL3kQAERRxnbwBg&_origin=0&gdpr=0&gdpr_consent=
https://ups.analytics.yahoo.com/ups/55986/sync?uid=YTL3kQAERRxnbwBg&_origin=0&gdpr=0&gdpr_consent=&apid=UP8899cba9-0d39-11ec-8f0b-06a17173c662

0
1 KB

28ms
28ms

Image
text/plain

3.126.56.137
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ups.analytics.yahoo.com/ups/55986/sync?uid=YTL3kQAERRxnbwBg&_origin=0&gdpr=0&gdpr_consent=&apid=UP8899cba9-0d39-11ec-8f0b-06a17173c662

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

3.126.56.137 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-126-56-137.eu-central-1.compute.amazonaws.com

Software

ATS/7.1.2.138 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Sat, 04 Sep 2021 04:35:30 GMT
Server: ATS/7.1.2.138
Connection: keep-alive
Age: 0
Strict-Transport-Security: max-age=31536000
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

Redirect headers

location: https://ups.analytics.yahoo.com/ups/55986/sync?uid=YTL3kQAERRxnbwBg&_origin=0&gdpr=0&gdpr_consent=&apid=UP8899cba9-0d39-11ec-8f0b-06a17173c662
date: Sat, 04 Sep 2021 04:35:30 GMT
content-length: 0
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H/1.1

204
No Content

sync
ups.analytics.yahoo.com/ups/57304/
Redirect Chain

https://pixel.advertising.com/ups/57304/sync?gdpr=&gdpr_consent=&_origin=0&redir=true
https://ups.analytics.yahoo.com/ups/57304/sync?gdpr=&gdpr_consent=&_origin=0&redir=true&apid=UP8899cba9-0d39-11ec-8f0b-06a17173c662
https://cm.g.doubleclick.net/pixel?google_nid=adaptv_dbm&google_cm&google_hm=VVA4ODk5Y2JhOS0wZDM5LTExZWMtOGYwYi0wNmExNzE3M2M2NjI%3D
https://pixel.advertising.com/ups/57304/sync?uid=CAESEOd3vx-wKdB6Kk_XAT19x6M&google_cver=1
https://ups.analytics.yahoo.com/ups/57304/sync?uid=CAESEOd3vx-wKdB6Kk_XAT19x6M&google_cver=1&apid=UP8899cba9-0d39-11ec-8f0b-06a17173c662

0
1 KB

29ms
28ms

Image
text/plain

3.126.56.137
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ups.analytics.yahoo.com/ups/57304/sync?uid=CAESEOd3vx-wKdB6Kk_XAT19x6M&google_cver=1&apid=UP8899cba9-0d39-11ec-8f0b-06a17173c662

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

3.126.56.137 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-126-56-137.eu-central-1.compute.amazonaws.com

Software

ATS/7.1.2.138 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Sat, 04 Sep 2021 04:35:30 GMT
Server: ATS/7.1.2.138
Connection: keep-alive
Age: 0
Strict-Transport-Security: max-age=31536000
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

Redirect headers

location: https://ups.analytics.yahoo.com/ups/57304/sync?uid=CAESEOd3vx-wKdB6Kk_XAT19x6M&google_cver=1&apid=UP8899cba9-0d39-11ec-8f0b-06a17173c662
date: Sat, 04 Sep 2021 04:35:30 GMT
content-length: 0
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H/1.1 200
OK Cookie set usermatch Show response
ssum-sec.casalemedia.com/ Frame C3B3 1 KB
3 KB 37ms
37ms Document
text/html 2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ssum-sec.casalemedia.com/usermatch?d=https://www.123greetings.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Requested by: Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/um/ixmatch.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 949bd9252c39c62032f6bf5a52af142fbd4db3a6ddf8a394a0af2c7bb8763847

Request headers

Host: ssum-sec.casalemedia.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://js-sec.indexww.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: CMID=YTL3kKYyndRmi8RveD-PFAAA; CMPS=5222; CMPRO=1118; CMST=YTL3kmEy95IA; CMRUM3=586132f7922760YTL3kQAERRxnbwBg&9c6132f79205a00&2d6132f7922760CAESEIcNXPYvixVNObvsrlcFjzE&e66132f7922760&f16132f79205a0&046132f79205a0&c46132f792276003030002_6132f792456d1&276132f7920b40
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://js-sec.indexww.com/

Response headers

Server: Apache
Content-Type: text/html
Dropped-Udsids: 46|73|3|206|4|176|5|221
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Vary: Is-Traffic-Usersync
Content-Length: 1497
Expires: Sat, 04 Sep 2021 04:35:30 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 04 Sep 2021 04:35:30 GMT
Connection: keep-alive
Set-Cookie: CMID=YTL3kKYyndRmi8RveD-PFAAA;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Sun, 04 Sep 2022 04:35:30 GMT CMPS=5222;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Fri, 03 Dec 2021 04:35:30 GMT CMPRO=1118;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Fri, 03 Dec 2021 04:35:30 GMT CMRUM3=2e6132f79205a0&586132f7922760YTL3kQAERRxnbwBg&ce6132f79205a0&036132f79205a0&b06132f79205a00&e66132f7922760&2d6132f7922760CAESEIcNXPYvixVNObvsrlcFjzE&9c6132f79205a00&056132f79205a0&046132f79205a0&f16132f79205a0&496132f79205a0&dd6132f7922760&c46132f792276003030002_6132f792456d1&276132f7920b40;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Sun, 04 Sep 2022 04:35:30 GMT

GET
H2 200 track
track1.aniview.com/ 0
70 B 125ms
125ms Image
text/plain 18.214.42.169
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track1.aniview.com/track?d=Chrome&cou=CH&cos=Windows&r=www.123greetings.com&rs=www.123greetings.com&sid=28679&t=1630730128&cip=185.236.201.227&sn=Email&tgt=0&osv=10&bv=92.0&brn=Chrome&wi=600&he=338&app=&AV_PUBLISHERID=5e5bd02728a06124e30d85c3&test=&aafaid=&proto=https&uid=1630730128515-932215023603-008434-011-009939&cha=0.05&stagid=&stplid=&cb=29407597944&d9=0000&AV_WIDTH=600&AV_HEIGHT=338&&ppid=5e5bd02728a06124e30d85c3&nid=59918a0e073ef4782e4e347f&pcid=5ec3e3871f5e5c792c20f9f7&ncid=5e8b3e740cd6ad6132403f66&pasid=5e8b42ae145a8138e61d4a85&e=bid&cb=1630730130551&asid=60e594d3cc338a41335e9e75%2C60e594da4123720f2e250d24&ofpr=%2C&fpo=%2C
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.214.42.169 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-214-42-169.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:35:30 GMT
cache-control: max-age=0, no-cache, no-store
content-length: 0

GET
H3-29 200 ima3.js Show response
imasdk.googleapis.com/js/sdkloader/ Frame A222 346 KB
119 KB 13ms
13ms Script
text/javascript 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/sdkloader/ima3.js

Requested by

Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=5e5bd02728a06124e30d85c3

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9a876f6cbd09c5f245491f6877db2a6bb7faa356893ae8a5f8881b2ad6c64212

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:35:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 121776
x-xss-protection: 0
expires: Sat, 04 Sep 2021 04:35:30 GMT

GET
H3-29 200 ima3.js Show response
imasdk.googleapis.com/js/sdkloader/ Frame 5B65 346 KB
119 KB 21ms
21ms Script
text/javascript 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/sdkloader/ima3.js

Requested by

Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=5e5bd02728a06124e30d85c3

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9a876f6cbd09c5f245491f6877db2a6bb7faa356893ae8a5f8881b2ad6c64212

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:35:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 121776
x-xss-protection: 0
expires: Sat, 04 Sep 2021 04:35:30 GMT

GET
H/1.1

200
OK

crum
dsum-sec.casalemedia.com/ Frame C3B3
Redirect Chain

https://secure.adnxs.com/getuid?https://dsum-sec.casalemedia.com/crum?cm_dsp_id=46&external_user_id=$UID
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=46&external_user_id=5975205377461622294

43 B
1 KB

37ms
36ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=46&external_user_id=5975205377461622294
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https://www.123greetings.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 04 Sep 2021 04:35:30 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Sat, 04 Sep 2021 04:35:30 GMT

Redirect headers

Pragma: no-cache
Date: Sat, 04 Sep 2021 04:35:30 GMT
X-Proxy-Origin: 185.236.201.227; 185.236.201.227; 719.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 57661474-abee-4a24-b3ac-7f6f707aea31
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=46&external_user_id=5975205377461622294
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 YTL3kKYyndRmi8RveD_PFAAABF4AAAIB
pr-bh.ybp.yahoo.com/sync/casale/ Frame C3B3 43 B
926 B 104ms
35ms Image
image/gif 2a00:1288:110:c305::8000
YAHOO-IRD

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pr-bh.ybp.yahoo.com/sync/casale/YTL3kKYyndRmi8RveD_PFAAABF4AAAIB?gdpr_consent=&us_privacy=&gdpr=

Requested by

Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https://www.123greetings.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1288:110:c305::8000 Dublin, Ireland, ASN34010 (YAHOO-IRD, GB),

Reverse DNS

Software

ATS /

Resource Hash

48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:35:30 GMT
referrer-policy: strict-origin-when-cross-origin
server: ATS
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=31536000
content-type: image/gif
x-xss-protection: 1; mode=block
content-length: 43
x-content-type-options: nosniff
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1

200
OK

crum
dsum-sec.casalemedia.com/ Frame C3B3
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=15&redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Fcrum%3Fcm_dsp_id%3D3%26external_user_id%3D%5BMM_UUID%5D
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=3&external_user_id=1d436132-f792-4e00-b01f-d8c654a3be28

43 B
1 KB

40ms
38ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=3&external_user_id=1d436132-f792-4e00-b01f-d8c654a3be28
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https://www.123greetings.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 04 Sep 2021 04:35:30 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Sat, 04 Sep 2021 04:35:30 GMT

Redirect headers

Date: Sat, 04 Sep 2021 04:35:30 GMT
Server: MT3 3905 f19d76c master cdg-pixel-x30
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=3&external_user_id=1d436132-f792-4e00-b01f-d8c654a3be28
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Sat, 04 Sep 2021 04:35:29 GMT

GET
H2

200

YTL3kKYyndRmi8RveD_PFAAABF4AAAIB
pr-bh.ybp.yahoo.com/sync/casale/ Frame C3B3
Redirect Chain

https://ups.analytics.yahoo.com/ups/55940/sync?_origin=1&redir2=true&uid=YTL3kKYyndRmi8RveD_PFAAABF4AAAIB&gdpr_consent=&us_privacy=&gdpr=
https://pr-bh.ybp.yahoo.com/sync/casale/YTL3kKYyndRmi8RveD_PFAAABF4AAAIB

43 B
88 B

53ms
36ms

Image
image/gif

2a00:1288:110:c305::8000
YAHOO-IRD

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pr-bh.ybp.yahoo.com/sync/casale/YTL3kKYyndRmi8RveD_PFAAABF4AAAIB

Requested by

Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https://www.123greetings.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1288:110:c305::8000 Dublin, Ireland, ASN34010 (YAHOO-IRD, GB),

Reverse DNS

Software

ATS /

Resource Hash

48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:35:30 GMT
referrer-policy: strict-origin-when-cross-origin
server: ATS
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=31536000
content-type: image/gif
x-xss-protection: 1; mode=block
content-length: 43
x-content-type-options: nosniff
expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Date: Sat, 04 Sep 2021 04:35:30 GMT
Server: ATS/7.1.2.138
Age: 0
Strict-Transport-Security: max-age=31536000
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Location: https://pr-bh.ybp.yahoo.com/sync/casale/YTL3kKYyndRmi8RveD_PFAAABF4AAAIB
Connection: keep-alive
Content-Length: 0

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame C3B3
Redirect Chain

https://ad.turn.com/r/cs?pid=21
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=4&external_user_id=8162451057914217269

43 B
1 KB

40ms
39ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=4&external_user_id=8162451057914217269
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https://www.123greetings.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 04 Sep 2021 04:35:30 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Sat, 04 Sep 2021 04:35:30 GMT

Redirect headers

location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=4&external_user_id=8162451057914217269
pragma: no-cache
date: Sat, 04 Sep 2021 04:35:30 GMT
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length: 0
p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

GET
H2 200 113
match.deepintent.com/usersync/ Frame C3B3 0
44 B 342ms
114ms Image
text/plain 169.197.150.8
DEEPINTENT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.deepintent.com/usersync/113
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https://www.123greetings.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 169.197.150.8 , United States, ASN398989 (DEEPINTENT, US),
Reverse DNS: g.deepintent.com
Software: a /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:35:30 GMT
content-length: 0
server: a

GET
H2 200 ix
ad4m.at/ad/sim/ Frame C3B3 0
0 36ms
20ms Image
text/html 2606:4700:20::681a:ad1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ad4m.at/ad/sim/ix
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https://www.123greetings.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:ad1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

GET
H2

200

tpid=YTL3kKYyndRmi8RveD-PFAAA%261118
bcp.crwdcntrl.net/map/ct=y/c=6725/tp=INDX/ Frame C3B3
Redirect Chain

https://bcp.crwdcntrl.net/map/c=6725/tp=INDX/tpid=YTL3kKYyndRmi8RveD-PFAAA%261118?gdpr_consent=&us_privacy=&gdpr=
https://bcp.crwdcntrl.net/map/ct=y/c=6725/tp=INDX/tpid=YTL3kKYyndRmi8RveD-PFAAA%261118?gdpr_consent=&us_privacy=&gdpr=

49 B
738 B

53ms
53ms

Image
image/gif

52.30.14.23
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bcp.crwdcntrl.net/map/ct=y/c=6725/tp=INDX/tpid=YTL3kKYyndRmi8RveD-PFAAA%261118?gdpr_consent=&us_privacy=&gdpr=
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https://www.123greetings.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.30.14.23 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-30-14-23.eu-west-1.compute.amazonaws.com
Software: Jetty(9.4.38.v20210224) /
Resource Hash: 2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

Request headers

Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:35:30 GMT
server: Jetty(9.4.38.v20210224)
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin: *
cache-control: no-cache
x-server: 10.45.26.20
content-type: image/gif
content-length: 49
expires: 0

Redirect headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:35:30 GMT
server: Jetty(9.4.38.v20210224)
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
location: https://bcp.crwdcntrl.net/map/ct=y/c=6725/tp=INDX/tpid=YTL3kKYyndRmi8RveD-PFAAA%261118?gdpr_consent=&us_privacy=&gdpr=
cache-control: no-cache
x-server: 10.45.26.21
content-length: 0
expires: 0

GET
H/1.1 200
OK htw-pixel.gif
js-sec.indexww.com/ht/ Frame C3B3 43 B
425 B 33ms
32ms Image
image/gif 2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://js-sec.indexww.com/ht/htw-pixel.gif?YTL3kKYyndRmi8RveD-PFAAA%261118
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https://www.123greetings.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Sat, 04 Sep 2021 04:35:30 GMT
Last-Modified: Tue, 24 Jan 2017 19:36:04 GMT
Server: Apache
ETag: "da1f1d-2b-546dc3a097100"
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=2284
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: image/gif
Content-Length: 43
Expires: Sat, 04 Sep 2021 05:13:34 GMT

GET
H3-29 200 bridge3.478.2_en.html Show response
imasdk.googleapis.com/js/core/ Frame FE22 574 KB
188 KB 6ms
6ms Document
text/html 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/core/bridge3.478.2_en.html

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6ba74b0b7223564fe5de95a05498160da36162274673a6c4583a757d233c41b1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: imasdk.googleapis.com
:scheme: https
:path: /js/core/bridge3.478.2_en.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.123greetings.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://www.123greetings.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 192508
date: Fri, 03 Sep 2021 19:55:47 GMT
expires: Sat, 03 Sep 2022 19:55:47 GMT
last-modified: Fri, 03 Sep 2021 19:50:18 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 31183
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 client.js Show response
s0.2mdn.net/instream/video/ Frame A222 44 KB
16 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/instream/video/client.js

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d0bffc7261df1454c5e05475cda7d9e6647318dc6c3936767e1252bfe8849c54

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:35:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16746
x-xss-protection: 0
expires: Sat, 04 Sep 2021 04:35:30 GMT

GET
H3-29 200 integrator.js Show response
adservice.google.com/adsid/ Frame A222 107 B
122 B 15ms
14ms Script
application/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.123greetings.com

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 04 Sep 2021 04:35:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 bridge3.478.2_en.html Show response
imasdk.googleapis.com/js/core/ Frame C7BD 574 KB
188 KB 6ms
6ms Document
text/html 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/core/bridge3.478.2_en.html

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6ba74b0b7223564fe5de95a05498160da36162274673a6c4583a757d233c41b1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: imasdk.googleapis.com
:scheme: https
:path: /js/core/bridge3.478.2_en.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.123greetings.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://www.123greetings.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 192508
date: Fri, 03 Sep 2021 19:55:47 GMT
expires: Sat, 03 Sep 2022 19:55:47 GMT
last-modified: Fri, 03 Sep 2021 19:50:18 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 31183
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 client.js Show response
s0.2mdn.net/instream/video/ Frame 5B65 44 KB
16 KB 22ms
22ms Script
text/javascript 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/instream/video/client.js

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d0bffc7261df1454c5e05475cda7d9e6647318dc6c3936767e1252bfe8849c54

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:35:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16746
x-xss-protection: 0
expires: Sat, 04 Sep 2021 04:35:30 GMT

GET
H3-29 200 integrator.js Show response
adservice.google.com/adsid/ Frame 5B65 107 B
122 B 15ms
14ms Script
application/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.123greetings.com

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 04 Sep 2021 04:35:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 omweb-v1.js Show response
pagead2.googlesyndication.com/omsdk/releases/live/ Frame 4BA2 36 KB
12 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js

Requested by

Host: srcdoc
URL: about:srcdoc

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a11f37584d425c821f06a42bb6a20546c9ceaf34bbf5d4d776afbaef40148e6e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 03:41:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3246
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12603
x-xss-protection: 0
last-modified: Mon, 14 Dec 2020 16:45:56 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Sat, 04 Sep 2021 04:41:24 GMT

GET
H3-29 200 omweb-v1.js Show response
pagead2.googlesyndication.com/omsdk/releases/live/ Frame 8948 36 KB
12 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js

Requested by

Host: srcdoc
URL: about:srcdoc

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a11f37584d425c821f06a42bb6a20546c9ceaf34bbf5d4d776afbaef40148e6e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 03:41:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3246
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12603
x-xss-protection: 0
last-modified: Mon, 14 Dec 2020 16:45:56 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Sat, 04 Sep 2021 04:41:24 GMT

POST
H2 204 /
events1.avantisvideo.com/ 0
34 B 183ms
183ms Ping
text/plain 52.34.57.2
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://events1.avantisvideo.com/
Requested by: Host: cdn.avantisvideo.com
URL: https://cdn.avantisvideo.com/js/video-loader2.1-cr.js?id=1c35f5e5-f7c0-4c97-8283-6c9f94ba8c53&tagId=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.34.57.2 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-34-57-2.us-west-2.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Sat, 04 Sep 2021 04:35:30 GMT

GET
H/1.1 200
OK ptv Show response
ib.adnxs.com/ 85 B
926 B 36ms
35ms XHR
application/xml 185.33.220.243
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ptv?id=19012622&referrer=https%3A%2F%2Fwww.123greetings.com%2Fevents%2Fdance_day%2F%3Futm_source&us_privacy=1---&cbb=730130809&imp_id=c7690786-08b4-465e-aba4-afb00f2920b9

Requested by

Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=5e5bd02728a06124e30d85c3

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.220.243 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

722.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

b2effcb18f514a7896e737bdda537f2ef3b5bb989eb247f4ab2aa3facf1148ea

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 04 Sep 2021 04:35:30 GMT
X-Proxy-Origin: 185.236.201.227; 185.236.201.227; 722.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: b00237df-f530-41a4-bdb0-92ea0d0485ed
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.123greetings.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/xml; charset=utf-8
Content-Length: 85
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 200 s2s Show response
s2s.aniview.com/api/adserver/ 1 B
235 B 133ms
133ms XHR
text/plain 52.2.252.150
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://s2s.aniview.com/api/adserver/s2s?auc_id=50f5b838f5c4b67b337d098ff66db892_172315319&wpm=&ssrtb=&pbjs=&AV_C_USER_ID=1630730128514-952271023603-008770-014-002257&AV_URL=https%3A%2F%2Fwww.123greetings.com%2Fevents%2Fdance_day%2F%3Futm_source&utm_medium=Special_NL&utm_campaign=SNL_june20_events&AV_SUBID=Email&AV_SECURED=1&AV_LANGUAGE=en&AV_PUBLISHERID=5e5bd02728a06124e30d85c3&AV_CHANNELID=5e5bd1f528a0610dd725f7d8&format=json&tgt=0&AV_CDIM1=&AV_CDIM2=&AV_CDIM3=&AV_ABT=&pce=1&npx=1&AV_DETDOMAIN=www.123greetings.com&AV_DADPOS=3&v=6.1.1.243&avtoken=128184&AV_WIDTH=400&AV_HEIGHT=225&AV_DNT=0&cb=730130809&tgt=0&&AV_VI=0&AV_VID=0
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=5e5bd02728a06124e30d85c3
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.2.252.150 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-2-252-150.compute-1.amazonaws.com
Software: /
Resource Hash: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:35:30 GMT
content-encoding: gzip
vary: Accept-Encoding
content-type: text/plain
access-control-allow-origin: https://www.123greetings.com
cache-control: no-cache
access-control-allow-credentials: true
expires: Mon, 23 Aug 2021 14:48:50 GMT

GET
H2 200 track
track1.aniview.com/ 0
70 B 124ms
124ms Image
text/plain 18.214.42.169
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track1.aniview.com/track?d=Chrome&cou=CH&cos=Windows&r=www.123greetings.com&rs=www.123greetings.com&sid=87891&t=1630730128&cip=185.236.201.227&sn=Email&tgt=0&osv=10&bv=92.0&brn=Chrome&wi=400&he=225&app=&AV_PUBLISHERID=5e5bd02728a06124e30d85c3&test=&aafaid=&proto=https&uid=1630730128514-952271023603-008770-014-002257&cha=0.7&stagid=&stplid=&cb=22889367010&d9=0000&AV_WIDTH=400&AV_HEIGHT=225&&ppid=5e5bd02728a06124e30d85c3&nid=59918a0e073ef4782e4e347f&pcid=5e5bd1f528a0610dd725f7d8&ncid=5e8b3e740cd6ad6132403f66&pasid=5e8b42ae145a8138e61d4a85&e=request&cb=1630730130810&asid=60e594d3cc338a41335e9e75%2C60e594da4123720f2e250d24%2C5e9030afdc817965520eb855%2C6114f48c04b3691b08691b7c%2C608e90cf34acc10fb7767e4a%2C6114f476dd0eb2621e735342&ofpr=%2C%2C%2C0.29%2C0.26%2C0.2&fpo=%2C%2C%2C%2C%2C
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.214.42.169 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-214-42-169.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:35:30 GMT
cache-control: max-age=0, no-cache, no-store
content-length: 0

GET
H2 200 cygnus Show response
htlb.casalemedia.com/ 24 B
527 B 29ms
29ms XHR
application/json 23.37.38.181
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://htlb.casalemedia.com/cygnus?s=512884&v=8.1&ac=j&sd=1&nf=1&r=%7B%22id%22%3A%2289c94df9198daa%22%2C%22site%22%3A%7B%22page%22%3A%22https%3A%2F%2Fwww.123greetings.com%2Fevents%2Fdance_day%2F%3Futm_source%3DEmail%26amp%3Butm_medium%3DSpecial_NL%26amp%3Butm_campaign%3DSNL_june20_events%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%2C%22ixdiag%22%3A%7B%22mfu%22%3A0%2C%22bu%22%3A0%2C%22iu%22%3A0%2C%22nu%22%3A0%2C%22ou%22%3A1%2C%22allu%22%3A1%2C%22ren%22%3Atrue%2C%22version%22%3A%224.42.1%22%2C%22userIds%22%3A%5B%5D%2C%22msd%22%3A0%2C%22msi%22%3A0%7D%7D%2C%22source%22%3A%7B%22ext%22%3A%7B%22schain%22%3A%7B%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22avantisvideo.com%22%2C%22sid%22%3A%228079%22%2C%22rid%22%3A%2250f5b838f5c4b67b337d098ff66db892_172315319%22%2C%22name%22%3A%22123Greetings%22%2C%22domain%22%3A%22123greetings.com%22%2C%22hp%22%3A1%7D%5D%2C%22ver%22%3A%221.0%22%7D%7D%7D%2C%22imp%22%3A%5B%7B%22id%22%3A%229ec735ca01116d%22%2C%22ext%22%3A%7B%22siteID%22%3A%22512884%22%2C%22sid%22%3A%22400x225%22%2C%22fl%22%3A%22x%22%7D%2C%22video%22%3A%7B%22mimes%22%3A%5B%22video%2Fmp4%22%2C%22video%2Fwebm%22%2C%22application%2Fjavascript%22%5D%2C%22minduration%22%3A1%2C%22maxduration%22%3A60%2C%22api%22%3A%5B2%5D%2C%22protocols%22%3A%5B2%2C3%2C5%2C6%5D%2C%22w%22%3A400%2C%22h%22%3A225%2C%22placement%22%3A4%7D%2C%22bidfloor%22%3A0.2%2C%22bidfloorcur%22%3A%22USD%22%7D%5D%7D
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/avpb3.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.37.38.181 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-37-38-181.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 01ed635300b0ddf50b39ed364bafdb468f97b9022076a3f7e90a5e1b73ba15dd

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:35:30 GMT
content-encoding: gzip
x-ak-initial-geo: CC:[CH], RC:[ZH], CN:[EU], CIP:[185.236.201.227], XFF:[]
server: Apache
vary: Is-Traffic-Invalid,Accept-Encoding
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
access-control-allow-origin: https://www.123greetings.com
x-cs-client-geo: 12
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: true
content-type: application/json
content-length: 44
x-ak-client-geo: 12
expires: Sat, 04 Sep 2021 04:35:30 GMT

POST
H/1.1 204
No Content openrtb Show response
ads.adaptv.advertising.com/rtb/ 0
221 B 33ms
33ms XHR
application/json 18.195.102.77
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.adaptv.advertising.com/rtb/openrtb?ext_id=Avantis
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/avpb3.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.195.102.77 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-102-77.eu-central-1.compute.amazonaws.com
Software: adaptv/1.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://www.123greetings.com
access-control-allow-credentials: true
server: adaptv/1.0
Connection: keep-alive
content-length: 0
content-type: application/json

POST
H/1.1 204
No Content 287573 Show response
search.spotxchange.com/openrtb/2.3/dados/ 0
989 B 47ms
47ms XHR
application/json 185.94.180.124
SPOTX-AMS

General

Check archive.org

Show headers Download Go to

Full URL: https://search.spotxchange.com/openrtb/2.3/dados/287573?src_sys=prebid
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/avpb3.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 185.94.180.124 Amsterdam, Netherlands, ASN35220 (SPOTX-AMS, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain

Response headers

Date: Sat, 04 Sep 2021 04:35:30 GMT
X-SpotX-Timing-Transform: 0.000868
X-SpotX-Timing-SpotMarket: 0.003433
X-SpotX-Timing-Page-Mux: 0.000868
X-SpotX-Timing-Page-Require: 0.000364
X-fe: 128
Connection: keep-alive
X-SpotX-Timing-Page-Cookie: 0.000001
X-SpotX-Timing-Page: 0.014400
Pragma: no-cache
X-SpotX-Timing-Page-Context: 0.000301
Last-Modified: Sat, 04 Sep 2021 04:35:30 GMT
Server: nginx
Cache-Control: no-cache, must-revalidate, post-check=0, pre-check=0
X-SpotX-Timing-SpotMarket-Primary: 0.003433
Access-Control-Allow-Methods: POST, GET, PATCH, DELETE, OPTIONS
Content-Type: application/json
Access-Control-Allow-Origin: https://www.123greetings.com
X-SpotX-Timing-Page-Misc: 0.008551
X-SpotX-Timing-Page-Exception: 0.000001
X-SpotX-Timing-SpotMarket-Secondary: 0.000000
X-SpotX-Timing-Page-URI: 0.000013
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3-29 200 ads Show response
pubads.g.doubleclick.net/gampad/ Frame FE22 156 B
142 B 365ms
365ms XHR
text/xml 216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pubads.g.doubleclick.net/gampad/ads?iu=%2F7103%2FSMG_AirNow%2Fpreroll%2Fsyndication_2&description_url=https%3A%2F%2Fwww.123greetings.com%2Fevents%2Fdance_day%2F%3Futm_source&tfcd=0&npa=0&sz=640x480&gdfp_req=1&output=xml_vast4&unviewed_position_start=1&env=vp&correlator=2502769109169792&sdkv=h.3.478.2&osd=2&frm=0&vis=1&sdr=1&hl=en&afvsz=200x200%2C250x250%2C300x250%2C450x50%2C468x60%2C480x70&is_amp=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&u_so=l&ctv=0&sdki=44d&adk=3107659055&sdk_apis=2%2C8&sid=9988F9D4-DC8E-4A70-8E47-BDB031D19F9C&eid=44725355%2C44726393%2C44737473&url=https%3A%2F%2Fwww.123greetings.com%2Fevents%2Fdance_day%2F%3Futm_source%3DEmail%26amp%3Butm_medium%3DSpecial_NL%26amp%3Butm_campaign%3DSNL_june20_events&dt=1630730130922&cookie_enabled=1&scor=3131217034531589&ged=ve4_td0_tt0_pd0_la0_er1157.320.1309.620_vi0.0.1200.1600_vp28_eb23147

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.478.2_en.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

216.58.212.130 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s46-in-f2.1e100.net

Software

cafe /

Resource Hash

8cd629187427fdb93787d7156be7a32c391bb2a8da471bbaa274e806e48b36e7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:35:31 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 113
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/xml; charset=UTF-8
access-control-allow-origin: https://imasdk.googleapis.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 ads Show response
pubads.g.doubleclick.net/gampad/ Frame C7BD 156 B
142 B 363ms
362ms XHR
text/xml 216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pubads.g.doubleclick.net/gampad/ads?iu=%2F7103%2FSMG_AirNow%2Fpreroll%2Fsyndication_4&description_url=https%3A%2F%2Fwww.123greetings.com%2Fevents%2Fdance_day%2F%3Futm_source&tfcd=0&npa=0&sz=640x480&gdfp_req=1&output=xml_vast4&unviewed_position_start=1&env=vp&correlator=4384672608363233&sdkv=h.3.478.2&osd=2&frm=0&vis=1&sdr=1&hl=en&afvsz=200x200%2C250x250%2C300x250%2C450x50%2C468x60%2C480x70&is_amp=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&u_so=l&ctv=0&sdki=44d&adk=1805009808&sdk_apis=2%2C8&sid=5E2540AB-B0C6-4092-9B46-E5D054B18E44&url=https%3A%2F%2Fwww.123greetings.com%2Fevents%2Fdance_day%2F%3Futm_source%3DEmail%26amp%3Butm_medium%3DSpecial_NL%26amp%3Butm_campaign%3DSNL_june20_events&dt=1630730130929&cookie_enabled=1&scor=2584001805592532&ged=ve4_td0_tt0_pd0_la0_er1157.320.1309.620_vi0.0.1200.1600_vp28_eb23147

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.478.2_en.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

216.58.212.130 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s46-in-f2.1e100.net

Software

cafe /

Resource Hash

8cd629187427fdb93787d7156be7a32c391bb2a8da471bbaa274e806e48b36e7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:35:31 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 113
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/xml; charset=UTF-8
access-control-allow-origin: https://imasdk.googleapis.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 track
track1.aniview.com/ 0
70 B 126ms
125ms Image
text/plain 18.214.42.169
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track1.aniview.com/track?d=Chrome&cou=CH&cos=Windows&r=www.123greetings.com&rs=www.123greetings.com&sid=87891&t=1630730128&cip=185.236.201.227&sn=Email&tgt=0&osv=10&bv=92.0&brn=Chrome&wi=400&he=225&app=&AV_PUBLISHERID=5e5bd02728a06124e30d85c3&test=&aafaid=&proto=https&uid=1630730128514-952271023603-008770-014-002257&cha=0.7&stagid=&stplid=&cb=22889367010&d9=0000&AV_WIDTH=400&AV_HEIGHT=225&&ppid=5e5bd02728a06124e30d85c3&nid=59918a0e073ef4782e4e347f&pcid=5e5bd1f528a0610dd725f7d8&ncid=5e8b3e740cd6ad6132403f66&pasid=5e8b42ae145a8138e61d4a85&e=bid&cb=1630730130947&asid=60e594d3cc338a41335e9e75%2C60e594da4123720f2e250d24&ofpr=%2C&fpo=%2C
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.214.42.169 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-214-42-169.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:35:31 GMT
cache-control: max-age=0, no-cache, no-store
content-length: 0

GET
H3-29 200 ima3.js Show response
imasdk.googleapis.com/js/sdkloader/ Frame 2F72 346 KB
119 KB 15ms
15ms Script
text/javascript 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/sdkloader/ima3.js

Requested by

Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=5e5bd02728a06124e30d85c3

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9a876f6cbd09c5f245491f6877db2a6bb7faa356893ae8a5f8881b2ad6c64212

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:35:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 121776
x-xss-protection: 0
expires: Sat, 04 Sep 2021 04:35:30 GMT

GET
H3-29 200 ima3.js Show response
imasdk.googleapis.com/js/sdkloader/ Frame 64D1 346 KB
119 KB 23ms
23ms Script
text/javascript 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/sdkloader/ima3.js

Requested by

Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=5e5bd02728a06124e30d85c3

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9a876f6cbd09c5f245491f6877db2a6bb7faa356893ae8a5f8881b2ad6c64212

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:35:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 121776
x-xss-protection: 0
expires: Sat, 04 Sep 2021 04:35:30 GMT

GET
H3-29 200 bridge3.478.2_en.html Show response
imasdk.googleapis.com/js/core/ Frame 6D70 574 KB
188 KB 6ms
6ms Document
text/html 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/core/bridge3.478.2_en.html

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6ba74b0b7223564fe5de95a05498160da36162274673a6c4583a757d233c41b1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: imasdk.googleapis.com
:scheme: https
:path: /js/core/bridge3.478.2_en.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.123greetings.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://www.123greetings.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 192508
date: Fri, 03 Sep 2021 19:55:47 GMT
expires: Sat, 03 Sep 2022 19:55:47 GMT
last-modified: Fri, 03 Sep 2021 19:50:18 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 31184
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 client.js Show response
s0.2mdn.net/instream/video/ Frame 64D1 44 KB
16 KB 22ms
21ms Script
text/javascript 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/instream/video/client.js

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d0bffc7261df1454c5e05475cda7d9e6647318dc6c3936767e1252bfe8849c54

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:35:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16746
x-xss-protection: 0
expires: Sat, 04 Sep 2021 04:35:31 GMT

GET
H3-29 200 integrator.js Show response
adservice.google.com/adsid/ Frame 64D1 107 B
122 B 17ms
17ms Script
application/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.123greetings.com

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 04 Sep 2021 04:35:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 bridge3.478.2_en.html Show response
imasdk.googleapis.com/js/core/ Frame 8FC5 574 KB
188 KB 6ms
6ms Document
text/html 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/core/bridge3.478.2_en.html

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6ba74b0b7223564fe5de95a05498160da36162274673a6c4583a757d233c41b1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: imasdk.googleapis.com
:scheme: https
:path: /js/core/bridge3.478.2_en.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.123greetings.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://www.123greetings.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 192508
date: Fri, 03 Sep 2021 19:55:47 GMT
expires: Sat, 03 Sep 2022 19:55:47 GMT
last-modified: Fri, 03 Sep 2021 19:50:18 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 31184
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 client.js Show response
s0.2mdn.net/instream/video/ Frame 2F72 44 KB
16 KB 17ms
17ms Script
text/javascript 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/instream/video/client.js

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d0bffc7261df1454c5e05475cda7d9e6647318dc6c3936767e1252bfe8849c54

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:35:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16746
x-xss-protection: 0
expires: Sat, 04 Sep 2021 04:35:31 GMT

GET
H3-29 200 integrator.js Show response
adservice.google.com/adsid/ Frame 2F72 107 B
122 B 17ms
17ms Script
application/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.123greetings.com

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 04 Sep 2021 04:35:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 omweb-v1.js Show response
pagead2.googlesyndication.com/omsdk/releases/live/ Frame DB2A 36 KB
12 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js

Requested by

Host: srcdoc
URL: about:srcdoc

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a11f37584d425c821f06a42bb6a20546c9ceaf34bbf5d4d776afbaef40148e6e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 03:41:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3247
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12603
x-xss-protection: 0
last-modified: Mon, 14 Dec 2020 16:45:56 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Sat, 04 Sep 2021 04:41:24 GMT

GET
H3-29 200 omweb-v1.js Show response
pagead2.googlesyndication.com/omsdk/releases/live/ Frame 4173 36 KB
12 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js

Requested by

Host: srcdoc
URL: about:srcdoc

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a11f37584d425c821f06a42bb6a20546c9ceaf34bbf5d4d776afbaef40148e6e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 03:41:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3247
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12603
x-xss-protection: 0
last-modified: Mon, 14 Dec 2020 16:45:56 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Sat, 04 Sep 2021 04:41:24 GMT

POST
H2 204 /
events1.avantisvideo.com/ 0
34 B 183ms
183ms Ping
text/plain 52.34.57.2
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://events1.avantisvideo.com/
Requested by: Host: cdn.avantisvideo.com
URL: https://cdn.avantisvideo.com/js/video-loader2.1-cr.js?id=1c35f5e5-f7c0-4c97-8283-6c9f94ba8c53&tagId=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.34.57.2 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-34-57-2.us-west-2.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Sat, 04 Sep 2021 04:35:31 GMT

GET
H3-29 200 ads Show response
pubads.g.doubleclick.net/gampad/ Frame 6D70 156 B
142 B 355ms
355ms XHR
text/xml 216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pubads.g.doubleclick.net/gampad/ads?iu=%2F7103%2FSMG_AirNow%2Fpreroll%2Fsyndication_4&description_url=https%3A%2F%2Fwww.123greetings.com%2Fevents%2Fdance_day%2F%3Futm_source&tfcd=0&npa=0&sz=640x480&gdfp_req=1&output=xml_vast4&unviewed_position_start=1&env=vp&correlator=1504837350178232&sdkv=h.3.478.2&osd=2&frm=0&vis=1&sdr=1&hl=en&is_amp=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&u_so=l&ctv=0&sdki=44d&adk=3313420221&sdk_apis=2%2C8&sid=6DE1AE05-633C-4AAB-8A5E-73C3E43717A8&eid=44730896&url=https%3A%2F%2Fwww.123greetings.com%2Fevents%2Fdance_day%2F%3Futm_source%3DEmail%26amp%3Butm_medium%3DSpecial_NL%26amp%3Butm_campaign%3DSNL_june20_events&dt=1630730131391&cookie_enabled=1&scor=3006546493914382&ged=ve4_td0_tt0_pd0_la0_er1199.1200.1351.1500_vi0.0.1200.1600_vp1_eb23147

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.478.2_en.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

216.58.212.130 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s46-in-f2.1e100.net

Software

cafe /

Resource Hash

8cd629187427fdb93787d7156be7a32c391bb2a8da471bbaa274e806e48b36e7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:35:31 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 113
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/xml; charset=UTF-8
access-control-allow-origin: https://imasdk.googleapis.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 ads Show response
pubads.g.doubleclick.net/gampad/ Frame 8FC5 156 B
142 B 332ms
332ms XHR
text/xml 216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pubads.g.doubleclick.net/gampad/ads?iu=%2F7103%2FSMG_AirNow%2Fpreroll%2Fsyndication_2&description_url=https%3A%2F%2Fwww.123greetings.com%2Fevents%2Fdance_day%2F%3Futm_source&tfcd=0&npa=0&sz=640x480&gdfp_req=1&output=xml_vast4&unviewed_position_start=1&env=vp&correlator=1369312764841436&sdkv=h.3.478.2&osd=2&frm=0&vis=1&sdr=1&hl=en&is_amp=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&u_so=l&ctv=0&sdki=44d&adk=1546143035&sdk_apis=2%2C8&sid=B8A3EECE-05D5-4C24-8AA8-F03AF160B291&eid=44731964%2C44737473%2C44745940&url=https%3A%2F%2Fwww.123greetings.com%2Fevents%2Fdance_day%2F%3Futm_source%3DEmail%26amp%3Butm_medium%3DSpecial_NL%26amp%3Butm_campaign%3DSNL_june20_events&dt=1630730131393&cookie_enabled=1&scor=2736385770665713&ged=ve4_td0_tt0_pd0_la0_er1199.1200.1351.1500_vi0.0.1200.1600_vp1_eb23147

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.478.2_en.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

216.58.212.130 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s46-in-f2.1e100.net

Software

cafe /

Resource Hash

8cd629187427fdb93787d7156be7a32c391bb2a8da471bbaa274e806e48b36e7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 04:35:31 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 113
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/xml; charset=UTF-8
access-control-allow-origin: https://imasdk.googleapis.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 /
events1.avantisvideo.com/ 0
34 B 186ms
186ms Ping
text/plain 52.34.57.2
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://events1.avantisvideo.com/
Requested by: Host: cdn.avantisvideo.com
URL: https://cdn.avantisvideo.com/js/video-loader2.1-cr.js?id=1c35f5e5-f7c0-4c97-8283-6c9f94ba8c53&tagId=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.34.57.2 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-34-57-2.us-west-2.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Sat, 04 Sep 2021 04:35:31 GMT

POST
H2 200 track Show response
track1.aniview.com/ 0
94 B 339ms
114ms XHR
text/plain 18.214.42.169
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://track1.aniview.com/track?d=Chrome&cou=CH&cos=Windows&r=www.123greetings.com&rs=www.123greetings.com&sid=87891&t=1630730128&cip=185.236.201.227&sn=Email&tgt=0&osv=10&bv=92.0&brn=Chrome&wi=400&he=225&app=&AV_PUBLISHERID=5e5bd02728a06124e30d85c3&test=&aafaid=&proto=https&uid=1630730128514-952271023603-008770-014-002257&cha=0.7&stagid=&stplid=&cb=22889367010&d9=0000&AV_WIDTH=400&AV_HEIGHT=225
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=5e5bd02728a06124e30d85c3
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.214.42.169 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-214-42-169.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Sat, 04 Sep 2021 04:35:33 GMT
cache-control: max-age=0, no-cache, no-store
content-length: 0

POST
H2 200 track Show response
track1.aniview.com/ 0
93 B 311ms
115ms XHR
text/plain 18.214.42.169
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://track1.aniview.com/track?d=Chrome&cou=CH&cos=Windows&r=www.123greetings.com&rs=www.123greetings.com&sid=28679&t=1630730128&cip=185.236.201.227&sn=Email&tgt=0&osv=10&bv=92.0&brn=Chrome&wi=600&he=338&app=&AV_PUBLISHERID=5e5bd02728a06124e30d85c3&test=&aafaid=&proto=https&uid=1630730128515-932215023603-008434-011-009939&cha=0.05&stagid=&stplid=&cb=29407597944&d9=0000&AV_WIDTH=600&AV_HEIGHT=338
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=5e5bd02728a06124e30d85c3
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.214.42.169 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-214-42-169.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.123greetings.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Sat, 04 Sep 2021 04:35:33 GMT
cache-control: max-age=0, no-cache, no-store
content-length: 0

GET
H2 200 dc_oe=ChMIlvPbjr_k8gIVqQyLCh0tJgDJEAAYACD92YNDQhMIp4Sfjr_k8gIV0pd3Ch1gQQ1x;met=1;&timestamp=1630730136491;eid1=871060;ecn1=1;etm1=0;eid2=2;ecn2=1;etm2=10;
ade.googlesyndication.com/ddm/activity/ Frame 0179 42 B
107 B 102ms
37ms Image
image/gif 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ade.googlesyndication.com/ddm/activity/dc_oe=ChMIlvPbjr_k8gIVqQyLCh0tJgDJEAAYACD92YNDQhMIp4Sfjr_k8gIV0pd3Ch1gQQ1x;met=1;&timestamp=1630730136491;eid1=871060;ecn1=1;etm1=0;eid2=2;ecn2=1;etm2=10;

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:35:36 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dc_oe=ChMIvdHdjr_k8gIVCfp3Ch0cGAAxEAAYACD95uFEQhMIkYefjr_k8gIV0pd3Ch1gQQ1x;met=1;&timestamp=1630730136507;eid1=871060;ecn1=1;etm1=0;eid2=2;ecn2=1;etm2=10;
ade.googlesyndication.com/ddm/activity/ Frame 3061 42 B
107 B 86ms
37ms Image
image/gif 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ade.googlesyndication.com/ddm/activity/dc_oe=ChMIvdHdjr_k8gIVCfp3Ch0cGAAxEAAYACD95uFEQhMIkYefjr_k8gIV0pd3Ch1gQQ1x;met=1;&timestamp=1630730136507;eid1=871060;ecn1=1;etm1=0;eid2=2;ecn2=1;etm2=10;

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:35:36 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dc_oe=ChMIiPPejr_k8gIVwft3Ch2O6wKQEAAYACD95uFEQhMIioifjr_k8gIV0pd3Ch1gQQ1x;met=1;&timestamp=1630730136512;eid1=871060;ecn1=1;etm1=0;eid2=2;ecn2=1;etm2=10;
ade.googlesyndication.com/ddm/activity/ Frame A9A0 42 B
107 B 81ms
37ms Image
image/gif 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ade.googlesyndication.com/ddm/activity/dc_oe=ChMIiPPejr_k8gIVwft3Ch2O6wKQEAAYACD95uFEQhMIioifjr_k8gIV0pd3Ch1gQQ1x;met=1;&timestamp=1630730136512;eid1=871060;ecn1=1;etm1=0;eid2=2;ecn2=1;etm2=10;

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:35:36 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dc_oe=ChMI_Mbbjr_k8gIVCfp3Ch0cGAAxEAAYACCX7qU9QhMIpIWfjr_k8gIV0pd3Ch1gQQ1x;met=1;&timestamp=1630730136545;eid1=871060;ecn1=1;etm1=0;eid2=2;ecn2=1;etm2=10;
ade.googlesyndication.com/ddm/activity/ Frame 2763 42 B
515 B 47ms
36ms Image
image/gif 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ade.googlesyndication.com/ddm/activity/dc_oe=ChMI_Mbbjr_k8gIVCfp3Ch0cGAAxEAAYACCX7qU9QhMIpIWfjr_k8gIV0pd3Ch1gQQ1x;met=1;&timestamp=1630730136545;eid1=871060;ecn1=1;etm1=0;eid2=2;ecn2=1;etm2=10;

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:35:36 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dc_oe=ChMIvLPdjr_k8gIVXOe7CB3xaAPJEAAYACCX7qU9QhMImYafjr_k8gIV0pd3Ch1gQQ1x;met=1;&timestamp=1630730136557;eid1=871060;ecn1=1;etm1=0;eid2=2;ecn2=1;etm2=10;
ade.googlesyndication.com/ddm/activity/ Frame A514 42 B
107 B 36ms
36ms Image
image/gif 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ade.googlesyndication.com/ddm/activity/dc_oe=ChMIvLPdjr_k8gIVXOe7CB3xaAPJEAAYACCX7qU9QhMImYafjr_k8gIV0pd3Ch1gQQ1x;met=1;&timestamp=1630730136557;eid1=871060;ecn1=1;etm1=0;eid2=2;ecn2=1;etm2=10;

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Sep 2021 04:35:36 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: cm.g.doubleclick.net
URL: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTL3jXnrA8PqVqdAMk99hwAABKwAAAIB&google_push=AYg5qPIQs3pxPjc1qfQIDEo5wmznE6BkgWELA0BnkIfm6KARTAmRXjhbmAkMymHZKS7aEaguq0wsav6q89YT001J5cpqx2IceNc&google_gid=CAESEFNRz_XN4LLLZ9_jwYoIiSE&google_cver=1&google_tc=

Domain: cm.g.doubleclick.net
URL: https://cm.g.doubleclick.net/pixel?google_nid=antvoice&google_hm=ZmE1MDQ2OGYtNTY5YS00MzdlLTk0MjgtOGM3YmY1ZmMyZDM3&google_push=AYg5qPJjPxTUN9wC8YMohh_vc-tb14adxDJKR6YkrKi0tBwbjftWZnkQswac8AeQb1ltbo-De_KW9UOs0GCW_aFzEklYZeq0AF8Z&google_tc=

Domain: um.wbtrk.net
URL: https://um.wbtrk.net/doubleclick/user/match?google_gid=CAESEIQqwSSuESA53T2uYtc1Yv8&google_cver=1&google_push=AYg5qPIOdB_95SyXU0Xpsk6GmPOy4bpw1i0DukgTmr_PTDpKW-qQb77oWS63YxJov9m1Y3mjsz8IQWQWab181nKXTauQ9HZaaHY

Verdicts & Comments Add Verdict or Comment

468 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

7 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.123greetings.com/	1970-01-20 06:20:26	Name: __gads Value: ID=ce8f539ebdc05cc5-223843bdecc80030:T=1630730124:RT=1630730124:S=ALNI_Mbp_rU8kniLnsTtIiXw0qw__N_ZDQ
.doubleclick.net/	1970-01-19 20:58:51	Name: test_cookie Value: CheckForPermission
.123greetings.com/	1969-12-31 23:59:59	Name: utm_source Value: Email
.123greetings.com/	1970-01-19 20:58:50	Name: _gat_gtag_UA_5085183_1 Value: 1
www.123greetings.com/	1970-01-19 20:58:50	Name: config_data Value: CADB=1\|CLG=1\|CBR=1\|CUB=1\|CCC=1\|CFLC=1\|CPFR=1\|CBRR=1\|TCP=1\|TAP=1\|TCAP=1\|TRE=1\|QkDshLgd=0\|FBCon=1
.123greetings.com/	1970-01-19 21:00:16	Name: _gid Value: GA1.2.159468701.1630730124
.123greetings.com/	1970-01-20 14:30:02	Name: _ga Value: GA1.2.220270117.1630730124

4 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	info	URL: https://cdn.ampproject.org/rtv/012108170213000/amp4ads-v0.mjs(Line 6) Message: Powered by AMP ⚡ HTML – Version 2108170213000 https://www.123greetings.com/events/dance_day/?utm_source=Email&utm_medium=Special_NL&utm_campaign=SNL_june20_events
console-api	warning	URL: https://s0.2mdn.net/ads/studio/cached_libs/createjs_2019.11.15_min.js(Line 12) Message: Deprecated property or method 'Ticker.setFPS'. See docs for info.
console-api	warning	URL: https://s0.2mdn.net/ads/studio/cached_libs/createjs_2019.11.15_min.js(Line 12) Message: Deprecated property or method 'Ticker.setFPS'. See docs for info.
console-api	debug	URL: https://static.adsafeprotected.com/sca.17.5.12.js(Line 32) Message: a: 0.001220703125 ms

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

1f2e7.v.fwmrm.net
a.rfihub.com
a.tribalfusion.com
a20adea0630179ca2cf404f5e3215e18.safeframe.googlesyndication.com
ad.turn.com
ad4m.at
ade.googlesyndication.com
ads.adaptv.advertising.com
ads.stickyadstv.com
ads.travelaudience.com
ads.yahoo.com
ads.yieldmo.com
adservice.google.com
adservice.google.de
avm.avantisvideo.com
bcp.crwdcntrl.net
bttrack.com
c.123g.us
c.eu1.dyntrk.com
cdn.ampproject.org
cdn.avantisvideo.com
cdn1.avantisvideo.com
cm.g.doubleclick.net
cms.quantserve.com
connect.facebook.net
cs.media.net
dsp.adfarm1.adition.com
dsum-sec.casalemedia.com
dt.adsafeprotected.com
events1.avantisvideo.com
fksnk.com
fonts.googleapis.com
fonts.gstatic.com
go1.aniview.com
google-sync.rutarget.ru
google.ops.beeline.ru
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
gu.dyntrk.com
htlb.casalemedia.com
i.123g.us
i.ytimg.com
ib.adnxs.com
image6.pubmatic.com
imasdk.googleapis.com
js-sec.indexww.com
match.360yield.com
match.adsby.bidtheatre.com
match.adsrvr.org
match.deepintent.com
p.rfihub.com
pagead2.googlesyndication.com
partner.googleadservices.com
partners.tremorhub.com
pixel.adsafeprotected.com
pixel.advertising.com
pixel.everesttech.net
pixel.rubiconproject.com
play.aniview.com
player.aniview.com
pm.w55c.net
pr-bh.ybp.yahoo.com
pubads.g.doubleclick.net
r.turn.com
rtb.openx.net
s.ad.smaato.net
s.amazon-adsystem.com
s.tribalfusion.com
s0.2mdn.net
s2s.aniview.com
search.spotxchange.com
secure.adnxs.com
securepubads.g.doubleclick.net
sm.rtb.mts.ru
ssbsync.smartadserver.com
ssum-sec.casalemedia.com
static.adsafeprotected.com
static.avantisvideo.com
stats.g.doubleclick.net
sync-tm.everesttech.net
sync.1rx.io
sync.aniview.com
sync.bumlam.com
sync.go.sonobi.com
sync.mathtag.com
sync.search.spotxchange.com
sync.srv.stackadapt.com
sync.targeting.unrulymedia.com
sync.teads.tv
sync3.sniperlog.ru
tech.rtb.mts.ru
tpc.googlesyndication.com
tr.blismedia.com
track1.aniview.com
tracking.m6r.eu
trkn.us
um.wbtrk.net
ups.analytics.yahoo.com
us-u.openx.net
www.123greetings.com
www.facebook.com
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.googletagservices.com
www.maqors.com
x.bidswitch.net
cm.g.doubleclick.net
um.wbtrk.net
104.111.242.245
104.244.36.20
13.32.121.100
135.125.160.160
142.250.184.226
142.250.185.194
151.101.14.49
154.57.158.48
169.197.150.8
172.217.16.130
178.162.133.149
178.62.202.251
18.156.147.57
18.195.102.77
18.214.42.169
184.72.245.68
184.73.249.63
185.29.134.248
185.33.220.243
185.33.221.89
185.64.190.78
185.86.137.121
185.94.180.124
185.94.180.126
192.132.33.46
193.0.160.128
2.18.234.21
2.18.234.233
2.18.235.93
2001:678:cb4:bbbb::11
213.19.147.45
213.87.44.187
216.58.212.130
217.66.147.169
23.37.38.181
2600:1f18:612b:4216:faf1:9619:7fb0:de49
2600:9000:223c:7c00:3:748e:7940:93a1
2600:9000:223f:1c00:8:9ed9:9c40:93a1
2600:9000:2240:7c00:1c:38a0:8a40:93a1
2600:9000:2240:fa00:1c:38a0:8a40:93a1
2606:4700:20::681a:ad1
2606:4700::6812:d05
2620:116:800d:21:f916:5049:f87f:108e
2a00:1288:110:c305::8000
2a00:1288:80:800::7000
2a00:1450:4001:802::2003
2a00:1450:4001:80f::2002
2a00:1450:4001:810::2001
2a00:1450:4001:810::2008
2a00:1450:4001:811::2001
2a00:1450:4001:812::2016
2a00:1450:4001:813::2002
2a00:1450:4001:813::2006
2a00:1450:4001:827::2001
2a00:1450:4001:828::2002
2a00:1450:4001:829::2002
2a00:1450:4001:829::200e
2a00:1450:4001:82a::2002
2a00:1450:4001:82a::200a
2a00:1450:4001:82f::200a
2a00:1450:4001:830::2002
2a00:1450:4001:831::2004
2a00:1450:400c:c08::9c
2a02:26f0:6c00:28a::2c79
2a02:26f0:6c00:2ab::2c79
2a03:2880:f02d:12:face:b00c:0:3
2a03:2880:f12d:181:face:b00c:0:25de
3.125.99.7
3.126.56.137
3.210.105.251
3.214.14.12
3.222.63.32
3.64.144.49
31.172.81.158
31.172.81.159
34.96.105.8
34.98.64.218
35.190.0.66
35.227.252.103
37.9.245.57
44.194.158.136
51.178.20.140
52.2.252.150
52.209.62.127
52.30.14.23
52.34.57.2
52.46.154.242
52.48.144.237
52.58.206.142
54.154.149.33
54.87.192.123
63.32.201.39
67.27.233.252
69.173.144.165
72.251.244.142
76.223.111.131
80.64.106.148
85.114.159.118
00d2454ee3db7d2a389c0e7cefd7a4b84c26a983af51e38fa9a7621c9be5f66c
01b31cc1e091a30210647b07199c520f8c787dd884b6435100142a979911ee40
01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b
01ed635300b0ddf50b39ed364bafdb468f97b9022076a3f7e90a5e1b73ba15dd
0299ce766df424b69a25530d8afe7c2352cb6240c7510fe7be67d8cd53bd3467
03fee590e2ae6933ab1b5fea01ae1d48e62739af12c7c4ed852d069b1433cd88
0414d0221112224b4c926de91a6e316f9d9aba685aa8b05fd0654848d8fcdf55
0596974ea0a4aa88cce0d0683b3af837fb80d633788395a98723d319f39c8de4
0677a3e17670aa44ed3ec4f010d6dfdc869b02f79aec76a79f7de6fcc7679833
079f180cafeebed9a4762f3b2d1df57ed5745d4baee54466b6f683ed15c7c4cf
08d00ff2cce487220599803e146a8e6ec56c64c9e44111d6e4cd259fedb779f3
0ab0bbfff8ab1ac6fa3cbd6ba8824dd545c0cc6bae45d11438a44c60ef758457
0ae44c10c0da89d0ba862a31ff258905d28015b7996b9e3feb30f72a7fa7a400
0ae485367eb0862700624f4b18563586fe0fd2ecd7abd1efb8a4896ead71fdd3
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0d1bd1b38d8dc20e4b071c36c4afb9db32689929713f67d40dc327a138f56060
0ddb0ff3f5c66e0bc36eae6a5f08292865a21847d18771c25de12f827152cc61
0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9
0fbe8ac90edf1af5508d89417ab916da0892806ca5259c435ef897160dca6daa
11439fb0f78d913c4d859b82ddb2d4c44fdd7255fafa706302285e3bc38e8201
114dabe187311ee2e303549831223ef80d06385cb854e2aa1647ec1e0ca148f5
11a05afbf5502a5ee1f76168de53e9f2b18e5dccfce9f8488b040cbe6ff016c4
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
12ba93c7b0114439929f7ac0efcdc60e6eee9da57a2fe6ce68bb969f00f4a54e
1459debe4ae50fd8d33bf2b2ea987bb180ddb9a66014c4bec96ca790e7d123b1
14c9fbe3c72b37dee6b92294dd299a1a5ef9e6473921d1077bb6cb81019a353e
16567a7c25c8f64c0861b7eae3892722920bd09e5a77dd293799eb034194b551
18c864956bf2492c5c86e79b0fec65f0ecbb4b02bfdcfe854b2c5501857fecdb
1a0c61c7d7e9ae831d6d40993fc3751a958fd6bf107f270919e6a8ab1b840542
1afb484fcec98354ab3b6c1735fc7b25214457a4072dc45c5d1e519d9707f8f5
1cbb58dea630e6854e6c5912004d1ec97ad9829d50725234801b850bc811d3a1
1e66c06ab180f7bf3da83626313d8c1b45efa2ddd191b430ffec9993a3f9675f
1f9d973a500b918626b8470a7ab1a5df98ee84994dab44f77aff973d90abac5b
21026407398ed753d48cd817a1f47881738ab30f449b90aa3f83d179ff3ed267
233bc983d773cb9a38ca251753bd43f9a2288279fab44598b49c433b32f6d285
2405bd02584cae91a0a4c434fec3e72f392d07e1bedc993c3b16baa7800bbdfd
2468d8defc10a0ab4f1c4cdfdb085d486de1d1190998cc1b0ef86f0540da2d34
24e1088d0aba3881894dbd9bde07a9752e068cbba705c520aad91000182375a5
25e03362f174b3808a73c0cc86e56fb7a13d88b4490709fe7370587651f50b92
2bc98b5956d216197013af35c909aa49d3aa7c26b48de9e9930eb4bd6b846391
2cff7ab03cb4e476b49ea05511c6cfcc71af6d5ed20d40e9b40ee31062149e77
2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef
30302ebb7094c997809ca671e593375ba4e34efe494a86bc3003692ddd27099e
328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7
33530b007071281a97e79baab13ddf7cc4b9de942ebd3e212224857335f7cb97
36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1
3644c7d20e5506c54c5b0a56ee92f2346f93263115b1ca259c6138cffeabc6bb
3948b89c1dbd03a0c6db7e6a4197ff149d266cd15a55ac81a3a811cfd7cb2489
3b5fe37e49b185f4b68d8472dd4ec4601758b24f9e747b976cdd20056593e6ff
3fac6fcea268523d827b4512f268a9bb1df0479b8a4603d118c9e4df7489a038
412101374b58ededac3ccc3646403bafbdb2873076a590c7e270aaa59b4a86e1
4330d4072d013510b91ca5648f210b614c2e4e8ecbea94a1f8a8373aa6068532
47043e4823a6c21a8881de789b4185355330b5804629d23f6b43dd93f5265292
4859383f77274f674ef678cde3203242dc5fd669c701466e7efc77832cd12ee4
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
48a989caa0e4be8c09df7aae34ca650aa4b0973825d092f3b500252f9df01ad8
48bb89434a42b4fb519f27e9272e018e8151383b4b7f46f26260f5fd29e5f05e
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4b9519f364a48b95aade2628c86c0c1f408abf40ceefab0f31b68bd53f70655d
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3
5010abc38d335ee8205f1ebf7d7c29fbc266076903263054feb2a070a16a4633
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
5336fb757df91e343cca414c112da532ff47f3d40b0d6e1b3c39ea00c8e24ab6
539aeffc528b97c89410e67270a20b66a3588aa09af5343cfbafd2603d6ef0c9
55b198b5ed1bd02e77f84c6971a69d5c2160c0c32fd770ce33405e194750f5fd
5738c733f2f7b04e67edebebb67f01a2022d611ce73cbbf9ac15aa8186c6613e
583eda12fed77c078f7391866e53eedd80aec5b9b178a3537a3c4c3b09575485
5d64b7235acc0c2316fc199c7d90707105d389eeac3dbc3d49470faa5b2d2dc7
5d6b864869c19ea1f500174a8dc3f327fd5fdc7e8f92f569788a6744341e4f27
5e9dc26b28d8f13a4129556d996723b6478e4c42120ac19d60f7fc7b4357750e
63b176462a62d19e5a2af4cc0a845119d0389aae23ef15decd83efd182c91c40
660dafdc78011b6e915b39cbfd9546c82a36aa6c20bfc6a75e144bc700a290a8
66778518af6c869dad0db96d8a4bc2c6b0bb946bc220cdc279d1715bdc8612ec
69303f97bf43e5d9fd7a0c8e6b5f4b49de4466684c7e2b8e2108de98e5c98483
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6ba74b0b7223564fe5de95a05498160da36162274673a6c4583a757d233c41b1
70e65f2870cf252f728376c7525ae4a6badc6144c7fb438e933ede030b3bc56a
72a2c640fe4786ceaf2c6908e281b7c1c58f49f1c70077b1afe4fff782524857
736ce08649fd5f84932faff044c359b163e396d4316c7bd4174bbc36ff5aca73
75519df306ca3d5504dc66f8e3398dc30f976a5859725309b90a0f2a3fdea6ec
764a170851cb6e2d00a02685b39a0c28a3378a19c82a568c4cfbc5df52af8031
78a69854cfec0c81eb2984ec5479bdcd88f9502879e78e34518113eda582856a
796afc03a1870c7dc1e15d01e2f28a1859e33ba50219bbeb93a5ce93a96bd870
7c064bb7845bad5366d5e5948aaa8941f38f7b0293716e4cae2c135006119514
7c2c47543c18e87d331bec491e57add9968eb4c8fa2003f9a79ab23d667550b3
7eca7977c6ade416c20775a7fd7cfa2291c5752cd1225d5c4342b057c37a000c
7f9eaf0875d3f17d744a2c5cf0e00ae9cdc95168e29074282ed6f44f95f17f7e
7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b
81404aacb0d84988d864c671b075ca74f1baa4cebbb9f2b4c646233117d2d73e
821bdc4f69b0d71c8ee65e9e97c232e0a127004991b92133da9019dbe8f90047
82bd02cee2c77b75a28a94f51c1163035315c09ef8eafe6fa5f79f35b97424e5
845b258ca2c1dd104a71d86e500496ab3759a6c644dd807b1c318583a9fc299b
8643f415648398a15ed3270adff5d0d66d95a1b80c4b2a343717c689b394138d
8808ace05b30198f52d030556ae7557a4ea6713743ca0d23f806bc59c1e53613
89b03d4a2f2ca3d04df1fda63a5247ef31cea689a0ca553e353122ab3d22b646
89e92951df35fe298a4b3fac2b9286a7af4e6c1bf3dad9e3c390bf38d73d9bff
8a4a4dfac1d187a4eeaf1f9d90fae93ab7d76f1ff885b43ef1edab642f4a5c9a
8cd4b8b06d59ef4dd52b1d2b22c9dd0a2c2f0d42f0bccbf918a07dbaf3e531f6
8cd629187427fdb93787d7156be7a32c391bb2a8da471bbaa274e806e48b36e7
8d4f23855fd97ff345c97212b90df4992525f54579f5cdb816ce820b4aa93322
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8e21db5f5131558eb01e4241849ed66cf6ce8f0832773fff68d3f80f3c908d18
8ff93a61ffca62bd50b92cd3d9988832e62634f89a7cbb6fb56625b6a556cd12
91222f96f34735ebc88df208017e54d4329b9202e3e52367fb8b149698a1a5ef
9158e53d7052a6df65c12e3a59a8c77a8be353425523e4eff057fa5578e654ad
93c5f78f90ea98ed7d89c9bd1c46c5c91970b3fc443e91e177e31a0380466ec6
940bdc70144188b863d137858d188c5bc8f06fb824ce9f8a6a146bae52e7b56f
949bd9252c39c62032f6bf5a52af142fbd4db3a6ddf8a394a0af2c7bb8763847
966ee1486939f4b7c9815a6ce8dd42420c5859a42efdbbd5b91aff45e0b1cc38
969cfdee4bd0977fdc16895cc9f97e342e7f722518333f2145a0ea47f8662944
96b0532b6de53d06fc84412562cb873286050276f594e9a86a855dc0c9245216
96e96292bf35ab4cfa60cf8f26578f55bacf27297ed4d97f7110a70e29229e0a
9775d6c214a05f699701974c19e12cb9d1ac1b6ef9eb815335b22f7276133c1c
9822ecfb3c91c2ac91b40bae8674875ca2e35d29892fc100ccc6d34fe3d6c961
987a85ec33287307910313fc7b22a8ab6cd0dc24e9fe5945f8a42af4223c1550
990a229ef6644371c33a0c1ad8818c43361bd7bdced543645a14a21493cd9784
9a876f6cbd09c5f245491f6877db2a6bb7faa356893ae8a5f8881b2ad6c64212
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a11f37584d425c821f06a42bb6a20546c9ceaf34bbf5d4d776afbaef40148e6e
a36d6c6c03c7ba4db1d35c8e00d933fc1ce336cc52bfdf50652134be67d4d759
a4803c0d08f7b3c253ae073fe3676b984e2b01be010724ae57b9666120af058c
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
aa4d27239f61f3f12e511f7774931c0d59c456971f9f6ef1d7a13a2408420d37
abfaa28e509b104c2edc0bd048809340d5e006ec872e1966baff8383ff8a0e22
ace30162bc4c525e70b147c8f9a10292d592353f78dcd0530d132156cb194e98
aea7b1303319ccfd89bc9a9770e30917bbe180a40b7db8587e633ac0a065147b
b0528499b441e38c1df530e872b6674aba3c4c55abcd811d1292bccb4c0bae5a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b2c78c910f5ea29e3a9d223dabc203c055c8708b1fe7d83788b490638126db4d
b2effcb18f514a7896e737bdda537f2ef3b5bb989eb247f4ab2aa3facf1148ea
b4a7a5af4f593de120b7a26e2411b94d8f86980b32fd4d254f57b099edae04c0
b4cf88dbc8de3e3865f52fe3c47bf906368e000907056002aa56962db3190e7d
b61eed4e105e7f6be5632474cc5df5fd3cafa3c75c602657e480de2ad370a2da
b64291fc91dc77833930ffcead244193c5cfd9e882af312ecc89b580160c22a1
b658a8b132845145dbc692bf1d77e8597ef503daae1d1bd918ef590819c9d674
b6f6d0902ff385f68ec17c4c059d4fe89a0a08f1c022ab70580ea8552dfc0a11
bc12347103da4da2ac30f8b4defd567679284e0bad691a54fad78ad804fc9c27
bc88881c267493814ada96b0cb57897aa9ff44610d2da1a67656c3cbcc0a874a
bd3a2482b7b952b621e16a05c3bb1847829d057fb1384f4c32d1362b8153e967
bd842cf720db8dd91f5445eb93ca810e2d6fbce902fe76aa648097daebcbf070
be8dd808b3bf7b871067ee83fe410781372c71fd677c2d07856653e11707920b
bf051f3ee7aa85b70fbdb5a9c4dbe61dc57372814f700b1b23ecb4f7dfb9ce63
bf5230ffb8745d28c11ae8b743868364f9be8379300bd59d235f402a53ea96ee
c078a68f137c41e3ddfa65ed2d97200dd1d6693883b233042e0ab35b536651d2
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
c35ffac173a56fd6ff32e34be11581eb7a3c290269df68f7ae624f9d7c47b2d9
c40c9c0117af4abd3ab87c81eb1725c442ec682095d29cc8bc2206e3e5ac1c23
c76cc68adbbc958993e23bf9ad18979f7aeaab6274b1f2322afb581d22eb855f
c7a3df314feb82249ea4f314f22fa4e077c696f2520b103ad7572d7066c89f51
c8aba5a821df184d25014d3dda38619d690d340b154bb2d7725187e074c3c542
cafd612ebd6bc497a7a05d3dfef133a0b793f1e04e277b31c424d6d8892a1d48
cb658d8af264091d320d32e952cb1756ea0145c2f6497b182a39e7ce4e466653
cd431da656c29b405e1940717dd99087868cd47330c71e6c667214f8a9e32595
ce04f68d2b035b6adfab2de7758c64c455c8c2a1db70d0df2f2725ae7c41426d
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d0bffc7261df1454c5e05475cda7d9e6647318dc6c3936767e1252bfe8849c54
d142a1fe9a36ccbe8248ef01df51c9d6f2181c45426b2376bd38bc50c79858cf
d42551b36f344c14cbab00492d682f78ff716f25436e56f2ec19605017f49071
d81386cb76a2f803a6a7674bab45293bde918693a683a583ccd20f85619df9ef
d8a957038679125d4840554fc43375697e662283121561afdefc2c3fbecaf729
db20203d2e3d3c689bae6647f1977fb9bb644c2b07408b0aedcad5005b428586
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
df81b58918a650613f782708d4be9eafdad472d0ee698bd9c24e1bcba7125556
e0cfe1534cf66865ac13a161e60ef74f768ebd78b86b894afff55660e435c182
e144286a6fd7250ec2c718987fbfa8f6fab94042a1b182af938dd2aac3bd1c4f
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e
e69fb5fa59f6a8a2981469b5096619e5bb08fe20cfee9eca5a378099b40c9d59
e6de2bd9b5cb6e9ebfbf874940becb16016151d713ee19049eab99dfe0965ebc
e91e7d4b434bf577e8f9f0fef4a45ab94c41fd0493ff9e760bcd398732f6fdc4
eed762f0ad9462ad6ad3c8e18195bf64a88e19513024eacc3058411706ddcaef
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f1e39db75b34ff4da77fbb5d728ae7278c79ab84cd41553cbe757463d8a38796
f2a7414e16730826045fb64c49cb3ba6f22e90f1058737c65e4930e386aa75de
f2ad7bf70a12e07097b2613d91c72ab78c3dced5bf127c3a1c6d4e37251118a6
f38499b189feda475cc32afb82c7fc784f4f4b685b95be9cb10ace6812e48b0c
f48f1b088976f2de3bb46a5c5bc609160ef0a6f919109e08f784596b0a93b7d8
f4a74fe2cef1d4e3ca293944e20763b350954439d0966a662691d304d9e1aac3
f6d11d75780091a50f5ff6f06a98e7deec983dd51413d915368dc4460c41268e
f80be9c43b010e56c1020c10ec14420938958db1df4c2312eb8ff8448df1b499
f8640cd475f8af1924516f1a2fc4b5b220b6ba1540ddad4de8f82e355611a746
fae2773cd95cb857866b4b3a54777c88f6c03e0167bf323c2a1f431985887b61
fbe1583d8642d89d0c349b00c0125e485dd55976282165a6b5f2d29ea9d44549
fd222137f245c06ddb4c4d44db41f12138dad6cf8ef5d4d4a5e500f38f0c8c62
ff79cc485d95ad5cbea8dce16801d6fe848d6741a6a8c76d361f6770b7bf0d40

www.123greetings.com Open in urlscan Pro 184.72.245.68 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

523 Requests

97 %HTTPS

34 %IPv6

71 Domains

107 Subdomains

66 IPs

8 Countries

7336 kBTransfer

19516 kBSize

7 Cookies

12 Outgoing links

Page URL History

Redirected requests

523 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.123greetings.com Open in urlscan Pro
184.72.245.68 Public Scan

Screenshot
Live screenshot

Full Image

523
Requests

97 %
HTTPS

34 %
IPv6

71
Domains

107
Subdomains

66
IPs

8
Countries

7336 kB
Transfer

19516 kB
Size

7
Cookies

523 HTTP transactions
0 data transactions