says.com Open in urlscan Pro
2606:4700::6812:13ee Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://says.com/
Effective URL:
https://says.com/my
Submission: On January 24 via manual (January 24th 2022, 4:42:24 pm UTC) from US — Scanned from DE

Summary HTTP 227 Redirects Links 12 Behaviour Indicators

Summary

This website contacted 71 IPs in 8 countries across 51 domains to perform 227 HTTP transactions. The main IP is 2606:4700::6812:13ee, located in United States and belongs to CLOUDFLARENET, US. The main domain is says.com. The Cisco Umbrella rank of the primary domain is 224755.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on September 5th 2021. Valid for: a year.

This is the only time says.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
2 18	2606:4700::68... 2606:4700::6812:13ee	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2606:4700:303... 2606:4700:3035::ac43:a9b3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	2a02:26f0:6c0... 2a02:26f0:6c00::210:ba0b	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
6	2606:4700::68... 2606:4700::6812:10e0	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6810:5e41	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a02:26f0:710... 2a02:26f0:7100:2a8::19fd	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
3	2606:4700::68... 2606:4700::6810:5814	13335 (CLOUDFLAR...) (CLOUDFLARENET)
6	142.250.186.162 142.250.186.162	15169 (GOOGLE) (GOOGLE)
3	13.225.80.107 13.225.80.107	16509 (AMAZON-02) (AMAZON-02)
12	2a00:1450:400... 2a00:1450:4001:813::2002	15169 (GOOGLE) (GOOGLE)
1	92.122.252.114 92.122.252.114	16625 (AKAMAI-AS) (AKAMAI-AS)
6	2a03:2880:f02... 2a03:2880:f02d:12:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
1	2606:4700::68... 2606:4700::6810:125e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 2	2a02:2638::1c 2a02:2638::1c	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
2	178.250.0.157 178.250.0.157	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	2a00:1450:400... 2a00:1450:4001:82f::2008	15169 (GOOGLE) (GOOGLE)
1 5	13.225.80.38 13.225.80.38	16509 (AMAZON-02) (AMAZON-02)
4	52.17.84.146 52.17.84.146	16509 (AMAZON-02) (AMAZON-02)
5	185.86.139.58 185.86.139.58	201081 (SMARTADSE...) (SMARTADSERVER)
1	23.37.38.181 23.37.38.181	16625 (AKAMAI-AS) (AKAMAI-AS)
1 4	37.252.172.250 37.252.172.250	29990 (ASN-APPNEX) (ASN-APPNEX)
2	34.98.64.218 34.98.64.218	15169 (GOOGLE) (GOOGLE)
1	34.107.148.139 34.107.148.139	15169 (GOOGLE) (GOOGLE)
6	2a00:1450:400... 2a00:1450:4001:830::200e	15169 (GOOGLE) (GOOGLE)
1	142.250.185.130 142.250.185.130	15169 (GOOGLE) (GOOGLE)
2	2600:9000:20e... 2600:9000:20eb:4000:18:1fcd:34f:cdc1	16509 (AMAZON-02) (AMAZON-02)
5	2606:4700::68... 2606:4700::6811:aa72	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	151.101.12.157 151.101.12.157	54113 (FASTLY) (FASTLY)
1	2600:1f16:d83... 2600:1f16:d83:1202::6e:5	16509 (AMAZON-02) (AMAZON-02)
1	2620:1ec:27::... 2620:1ec:27::cafe:1668	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	2606:4700::68... 2606:4700::6812:1c1b	13335 (CLOUDFLAR...) (CLOUDFLARENET)
6	2a03:2880:f12... 2a03:2880:f12d:83:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
2 4	142.250.74.194 142.250.74.194	15169 (GOOGLE) (GOOGLE)
1	34.247.104.176 34.247.104.176	16509 (AMAZON-02) (AMAZON-02)
1	35.244.174.68 35.244.174.68	15169 (GOOGLE) (GOOGLE)
1	104.111.215.191 104.111.215.191	16625 (AKAMAI-AS) (AKAMAI-AS)
5	2606:4700:20:... 2606:4700:20::681a:d52	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	104.244.42.195 104.244.42.195	13414 (TWITTER) (TWITTER)
1	104.244.42.69 104.244.42.69	13414 (TWITTER) (TWITTER)
1	2a00:1450:400... 2a00:1450:4001:82a::200e	15169 (GOOGLE) (GOOGLE)
1 8	2a00:1450:400... 2a00:1450:4001:82f::2004	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:80e::2003	15169 (GOOGLE) (GOOGLE)
4	52.182.214.99 52.182.214.99	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1 2	52.142.114.2 52.142.114.2	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1 1	2620:1ec:c11:... 2620:1ec:c11::200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	2a00:1450:400... 2a00:1450:4001:80e::200e	15169 (GOOGLE) (GOOGLE)
1	2a04:4e42:200... 2a04:4e42:200::714	54113 (FASTLY) (FASTLY)
2	52.207.202.199 52.207.202.199	14618 (AMAZON-AES) (AMAZON-AES)
1	23.21.122.84 23.21.122.84	14618 (AMAZON-AES) (AMAZON-AES)
2	2a00:1450:400... 2a00:1450:400c:c1b::9d	15169 (GOOGLE) (GOOGLE)
1	51.89.21.21 51.89.21.21	16276 (OVH) (OVH)
1	34.120.133.55 34.120.133.55	15169 (GOOGLE) (GOOGLE)
2	52.223.40.198 52.223.40.198	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:80f::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:829::2002	15169 (GOOGLE) (GOOGLE)
16	2a00:1450:400... 2a00:1450:4001:82a::2002	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:828::2001	15169 (GOOGLE) (GOOGLE)
1	151.101.65.108 151.101.65.108	54113 (FASTLY) (FASTLY)
1	104.84.232.23 104.84.232.23	16625 (AKAMAI-AS) (AKAMAI-AS)
2 8	92.122.254.129 92.122.254.129	16625 (AKAMAI-AS) (AKAMAI-AS)
19	2a00:1450:400... 2a00:1450:4001:831::2001	15169 (GOOGLE) (GOOGLE)
4	2606:4700::68... 2606:4700::6811:a772	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 2	209.54.180.144 209.54.180.144	16509 (AMAZON-02) (AMAZON-02)
1	37.157.4.24 37.157.4.24	198622 (ADFORM) (ADFORM)
1	37.252.172.36 37.252.172.36	29990 (ASN-APPNEX) (ASN-APPNEX)
1 1	50.16.141.46 50.16.141.46	14618 (AMAZON-AES) (AMAZON-AES)
1 1	66.155.71.25 66.155.71.25	13768 (COGECO-PEER1) (COGECO-PEER1)
5	2a00:1450:400... 2a00:1450:4001:808::2001	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:811::200a	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:803::2003	15169 (GOOGLE) (GOOGLE)
4	216.58.212.130 216.58.212.130	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:803::2006	15169 (GOOGLE) (GOOGLE)
1	185.64.189.226 185.64.189.226	62713 (AS-PUBMATIC) (AS-PUBMATIC)
227	71

18 2606:4700::6812:13ee (United States) 2 redirects

ASN13335 (CLOUDFLARENET, US)

says.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
images.says.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:3035::ac43:a9b3 (United States)

ASN13335 (CLOUDFLARENET, US)

policy.revasia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a02:26f0:6c00::210:ba0b (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

use.typekit.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2606:4700::6812:10e0 (United States)

ASN13335 (CLOUDFLARENET, US)

pcto.revmedia.my	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:5e41 (United States)

ASN13335 (CLOUDFLARENET, US)

static.cloudflareinsights.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:7100:2a8::19fd (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

p.typekit.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700::6810:5814 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 142.250.186.162 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s08-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 13.225.80.107 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-225-80-107.fra2.r.cloudfront.net

tags.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2a00:1450:4001:813::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 92.122.252.114 (Schiphol, Netherlands)

ASN16625 (AKAMAI-AS, US)
PTR: a92-122-252-114.deploy.static.akamaitechnologies.com

ads.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a03:2880:f02d:12:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:125e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:2638::1c (France) 1 redirects

ASN44788 (ASN-CRITEO-EUROPE, FR)

gum.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 178.250.0.157 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

mug.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82f::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 13.225.80.38 (United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: server-13-225-80-38.fra2.r.cloudfront.net

sb.scorecardresearch.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 52.17.84.146 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-17-84-146.eu-west-1.compute.amazonaws.com

bcp.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
id.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 185.86.139.58 (France)

ASN201081 (SMARTADSERVER, FR)

prg.smartadserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.37.38.181 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-37-38-181.deploy.static.akamaitechnologies.com

htlb.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 37.252.172.250 (Frankfurt am Main, Germany) 1 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 538.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.98.64.218 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 218.64.98.34.bc.googleusercontent.com

mediaprima-d.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.107.148.139 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 139.148.107.34.bc.googleusercontent.com

prebid.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:830::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.185.130 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s50-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:20eb:4000:18:1fcd:34f:cdc1 (United States)

ASN16509 (AMAZON-02, US)

static.chartbeat.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2606:4700::6811:aa72 (United States)

ASN13335 (CLOUDFLARENET, US)

says.api.useinsider.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
log.api.useinsider.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.12.157 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

static.ads-twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:1f16:d83:1202::6e:5 (Columbus, United States)

ASN16509 (AMAZON-02, US)

c16d-35-240-187-111.ngrok.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:27::cafe:1668 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

www.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:1c1b (United States)

ASN13335 (CLOUDFLARENET, US)

heartbeat.mediaprimaplus.com.my	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a03:2880:f12d:83:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 142.250.74.194 (United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s02-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.247.104.176 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-247-104-176.eu-west-1.compute.amazonaws.com

ml314.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.244.174.68 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 68.174.244.35.bc.googleusercontent.com

idsync.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.111.215.191 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-215-191.deploy.static.akamaitechnologies.com

tags.bluekai.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2606:4700:20::681a:d52 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.skypack.dev	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.195 (United States)

ASN13414 (TWITTER, US)

analytics.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.69 (United States)

ASN13414 (TWITTER, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82a::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ampcid.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:82f::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:80e::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 52.182.214.99 (Des Moines, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

g.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.142.114.2 (Dublin, Ireland) 1 redirects

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

c.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:c11::200 (United States) 1 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

c.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80e::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ampcid.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42:200::714 (United States)

ASN54113 (FASTLY, US)

mab.chartbeat.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.207.202.199 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-207-202-199.compute-1.amazonaws.com

mabping.chartbeat.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.21.122.84 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-23-21-122-84.compute-1.amazonaws.com

ping.chartbeat.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400c:c1b::9d (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 51.89.21.21 (London, United Kingdom)

ASN16276 (OVH, FR)
PTR: p13.id5-sync.com

id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.120.133.55 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 55.133.120.34.bc.googleusercontent.com

api.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.223.40.198 (United States)

ASN16509 (AMAZON-02, US)
PTR: a6370ebea231e0c9a.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:829::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 2a00:1450:4001:82a::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:828::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

cd39953b3f13420a8f7dd021c757ad13.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.65.108 (United States)

ASN54113 (FASTLY, US)

acdn.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.84.232.23 (Schiphol, Netherlands)

ASN16625 (AKAMAI-AS, US)
PTR: a104-84-232-23.deploy.static.akamaitechnologies.com

contextual.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 92.122.254.129 (Schiphol, Netherlands) 2 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a92-122-254-129.deploy.static.akamaitechnologies.com

js-sec.indexww.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ssum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

19 2a00:1450:4001:831::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700::6811:a772 (United States)

ASN13335 (CLOUDFLARENET, US)

segment.api.useinsider.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
location.api.useinsider.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
hit.api.useinsider.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 209.54.180.144 (Ashburn, United States) 1 redirects

ASN16509 (AMAZON-02, US)

s.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 37.157.4.24 (Denmark)

ASN198622 (ADFORM, DK)

c1.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 37.252.172.36 (Frankfurt am Main, Germany)

ASN29990 (ASN-APPNEX, US)
PTR: 692.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 50.16.141.46 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-50-16-141-46.compute-1.amazonaws.com

nep.advangelists.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 66.155.71.25 (Portsmouth, United Kingdom) 1 redirects

ASN13768 (COGECO-PEER1, CA)

pixel-sync.sitescout.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:808::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

cdn.ampproject.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:811::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:803::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 216.58.212.130 (United States)

ASN15169 (GOOGLE, US)
PTR: ams15s21-in-f130.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:803::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.64.189.226 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)

t.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
39	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 100 cd39953b3f13420a8f7dd021c757ad13.safeframe.googlesyndication.com tpc.googlesyndication.com — Cisco Umbrella Rank: 124	206 KB
23	doubleclick.net 2 redirects securepubads.g.doubleclick.net — Cisco Umbrella Rank: 184 cm.g.doubleclick.net — Cisco Umbrella Rank: 197 googleads.g.doubleclick.net — Cisco Umbrella Rank: 46 stats.g.doubleclick.net — Cisco Umbrella Rank: 96 googleads4.g.doubleclick.net — Cisco Umbrella Rank: 274	268 KB
18	says.com 2 redirects says.com — Cisco Umbrella Rank: 224755 images.says.com — Cisco Umbrella Rank: 338647	789 KB
10	google.com 1 redirects ampcid.google.com — Cisco Umbrella Rank: 1722 www.google.com — Cisco Umbrella Rank: 13 adservice.google.com — Cisco Umbrella Rank: 80	2 KB
9	useinsider.com says.api.useinsider.com — Cisco Umbrella Rank: 765359 segment.api.useinsider.com — Cisco Umbrella Rank: 15735 location.api.useinsider.com — Cisco Umbrella Rank: 16021 log.api.useinsider.com — Cisco Umbrella Rank: 9644 hit.api.useinsider.com — Cisco Umbrella Rank: 13563	98 KB
7	clarity.ms 1 redirects www.clarity.ms — Cisco Umbrella Rank: 1498 g.clarity.ms — Cisco Umbrella Rank: 5145 c.clarity.ms — Cisco Umbrella Rank: 917	25 KB
7	casalemedia.com 2 redirects htlb.casalemedia.com — Cisco Umbrella Rank: 461 ssum-sec.casalemedia.com — Cisco Umbrella Rank: 520 dsum-sec.casalemedia.com — Cisco Umbrella Rank: 590	8 KB
7	crwdcntrl.net tags.crwdcntrl.net — Cisco Umbrella Rank: 2221 bcp.crwdcntrl.net — Cisco Umbrella Rank: 673 id.crwdcntrl.net — Cisco Umbrella Rank: 1894	20 KB
6	facebook.com www.facebook.com — Cisco Umbrella Rank: 98	738 B
6	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 42	20 KB
6	adnxs.com 1 redirects ib.adnxs.com — Cisco Umbrella Rank: 241 acdn.adnxs.com — Cisco Umbrella Rank: 565 secure.adnxs.com — Cisco Umbrella Rank: 404	20 KB
6	facebook.net connect.facebook.net — Cisco Umbrella Rank: 146	309 KB
6	revmedia.my pcto.revmedia.my	158 KB
6	typekit.net use.typekit.net — Cisco Umbrella Rank: 509 p.typekit.net — Cisco Umbrella Rank: 656	80 KB
5	ampproject.org cdn.ampproject.org — Cisco Umbrella Rank: 324	103 KB
5	google.de www.google.de — Cisco Umbrella Rank: 5557 ampcid.google.de — Cisco Umbrella Rank: 44635 adservice.google.de — Cisco Umbrella Rank: 8028	2 KB
5	skypack.dev cdn.skypack.dev — Cisco Umbrella Rank: 91979	42 KB
5	smartadserver.com prg.smartadserver.com — Cisco Umbrella Rank: 1505	2 KB
5	scorecardresearch.com 1 redirects sb.scorecardresearch.com — Cisco Umbrella Rank: 138	4 KB
5	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 165	165 KB
4	gstatic.com fonts.gstatic.com www.gstatic.com	41 KB
4	criteo.com 1 redirects gum.criteo.com — Cisco Umbrella Rank: 369 mug.criteo.com — Cisco Umbrella Rank: 2864	1 KB
3	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 47	3 KB
3	chartbeat.net mabping.chartbeat.net — Cisco Umbrella Rank: 5890 ping.chartbeat.net — Cisco Umbrella Rank: 1120	602 B
3	chartbeat.com static.chartbeat.com — Cisco Umbrella Rank: 1277 mab.chartbeat.com — Cisco Umbrella Rank: 2247	34 KB
3	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 440	58 KB
2	2mdn.net s0.2mdn.net — Cisco Umbrella Rank: 255	101 KB
2	amazon-adsystem.com 1 redirects s.amazon-adsystem.com — Cisco Umbrella Rank: 284	1 KB
2	indexww.com js-sec.indexww.com — Cisco Umbrella Rank: 636	2 KB
2	adsrvr.org match.adsrvr.org — Cisco Umbrella Rank: 329	802 B
2	rlcdn.com idsync.rlcdn.com — Cisco Umbrella Rank: 316 api.rlcdn.com — Cisco Umbrella Rank: 812	740 B
2	media.net prebid.media.net — Cisco Umbrella Rank: 1360 contextual.media.net — Cisco Umbrella Rank: 516	8 KB
2	openx.net mediaprima-d.openx.net — Cisco Umbrella Rank: 256765 u.openx.net — Cisco Umbrella Rank: 710	464 B
2	pubmatic.com ads.pubmatic.com — Cisco Umbrella Rank: 473 hbopenbid.pubmatic.com Failed t.pubmatic.com — Cisco Umbrella Rank: 4653	115 KB
2	revasia.com policy.revasia.com — Cisco Umbrella Rank: 407209	3 KB
1	sitescout.com 1 redirects pixel-sync.sitescout.com — Cisco Umbrella Rank: 626	299 B
1	advangelists.com 1 redirects nep.advangelists.com — Cisco Umbrella Rank: 2192	232 B
1	adform.net c1.adform.net — Cisco Umbrella Rank: 608	331 B
1	id5-sync.com id5-sync.com — Cisco Umbrella Rank: 596	526 B
1	bing.com 1 redirects c.bing.com — Cisco Umbrella Rank: 273	555 B
1	t.co t.co — Cisco Umbrella Rank: 487	336 B
1	twitter.com analytics.twitter.com — Cisco Umbrella Rank: 537	459 B
1	bluekai.com tags.bluekai.com — Cisco Umbrella Rank: 466	304 B
1	ml314.com ml314.com — Cisco Umbrella Rank: 1557	422 B
1	mediaprimaplus.com.my heartbeat.mediaprimaplus.com.my — Cisco Umbrella Rank: 300606	38 KB
1	ngrok.io c16d-35-240-187-111.ngrok.io
1	ads-twitter.com static.ads-twitter.com — Cisco Umbrella Rank: 630	6 KB
1	googleadservices.com www.googleadservices.com — Cisco Umbrella Rank: 106	15 KB
1	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 78	61 KB
1	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 227	7 KB
1	cloudflareinsights.com static.cloudflareinsights.com — Cisco Umbrella Rank: 1366	5 KB
227	51

	Domain	Requested by
19	tpc.googlesyndication.com	securepubads.g.doubleclick.net tpc.googlesyndication.com says.com cd39953b3f13420a8f7dd021c757ad13.safeframe.googlesyndication.com googleads.g.doubleclick.net
16	pagead2.googlesyndication.com	securepubads.g.doubleclick.net tpc.googlesyndication.com cd39953b3f13420a8f7dd021c757ad13.safeframe.googlesyndication.com googleads.g.doubleclick.net www.googletagservices.com
13	says.com	2 redirects says.com static.cloudflareinsights.com
8	www.google.com	1 redirects tpc.googlesyndication.com says.com cd39953b3f13420a8f7dd021c757ad13.safeframe.googlesyndication.com
7	googleads.g.doubleclick.net	www.googleadservices.com cd39953b3f13420a8f7dd021c757ad13.safeframe.googlesyndication.com says.com
6	www.facebook.com	bcp.crwdcntrl.net
6	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
6	connect.facebook.net	says.com connect.facebook.net bcp.crwdcntrl.net
6	securepubads.g.doubleclick.net	says.com www.googletagservices.com securepubads.g.doubleclick.net
6	pcto.revmedia.my	says.com
5	cdn.ampproject.org	securepubads.g.doubleclick.net
5	images.says.com
5	cdn.skypack.dev	says.com
5	prg.smartadserver.com	ads.pubmatic.com
5	sb.scorecardresearch.com	1 redirects says.com
5	www.googletagservices.com	says.com cd39953b3f13420a8f7dd021c757ad13.safeframe.googlesyndication.com
5	use.typekit.net	says.com use.typekit.net
4	googleads4.g.doubleclick.net	googleads.g.doubleclick.net
4	dsum-sec.casalemedia.com	1 redirects ssum-sec.casalemedia.com
4	cd39953b3f13420a8f7dd021c757ad13.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
4	g.clarity.ms	www.clarity.ms g.clarity.ms
4	cm.g.doubleclick.net	2 redirects bcp.crwdcntrl.net ssum-sec.casalemedia.com
4	ib.adnxs.com	1 redirects ads.pubmatic.com acdn.adnxs.com
3	www.gstatic.com	cd39953b3f13420a8f7dd021c757ad13.safeframe.googlesyndication.com
3	fonts.googleapis.com	securepubads.g.doubleclick.net cd39953b3f13420a8f7dd021c757ad13.safeframe.googlesyndication.com
3	log.api.useinsider.com
3	www.google.de
3	bcp.crwdcntrl.net	tags.crwdcntrl.net
3	tags.crwdcntrl.net	says.com tags.crwdcntrl.net
3	cdn.jsdelivr.net	says.com
2	s0.2mdn.net	cd39953b3f13420a8f7dd021c757ad13.safeframe.googlesyndication.com
2	hit.api.useinsider.com	says.api.useinsider.com
2	s.amazon-adsystem.com	1 redirects ssum-sec.casalemedia.com
2	ssum-sec.casalemedia.com	1 redirects js-sec.indexww.com
2	js-sec.indexww.com	ads.pubmatic.com ssum-sec.casalemedia.com
2	match.adsrvr.org	ads.pubmatic.com ssum-sec.casalemedia.com
2	stats.g.doubleclick.net	www.google-analytics.com
2	mabping.chartbeat.net
2	c.clarity.ms	1 redirects
2	says.api.useinsider.com	www.googletagmanager.com says.api.useinsider.com
2	static.chartbeat.com	www.googletagmanager.com says.com
2	mug.criteo.com
2	gum.criteo.com	1 redirects
2	policy.revasia.com	says.com
1	t.pubmatic.com	ads.pubmatic.com
1	fonts.gstatic.com	fonts.googleapis.com
1	pixel-sync.sitescout.com	1 redirects
1	nep.advangelists.com	1 redirects
1	secure.adnxs.com	ssum-sec.casalemedia.com
1	c1.adform.net	ssum-sec.casalemedia.com
1	location.api.useinsider.com	says.api.useinsider.com
1	segment.api.useinsider.com	says.api.useinsider.com
1	u.openx.net	ads.pubmatic.com
1	contextual.media.net	ads.pubmatic.com
1	acdn.adnxs.com	ads.pubmatic.com
1	adservice.google.com	securepubads.g.doubleclick.net
1	adservice.google.de	securepubads.g.doubleclick.net
1	id.crwdcntrl.net	ads.pubmatic.com
1	api.rlcdn.com	ads.pubmatic.com
1	id5-sync.com	ads.pubmatic.com
1	ping.chartbeat.net
1	mab.chartbeat.com	static.chartbeat.com
1	ampcid.google.de	www.google-analytics.com
1	c.bing.com	1 redirects
1	ampcid.google.com	www.google-analytics.com
1	t.co
1	analytics.twitter.com	static.ads-twitter.com
1	tags.bluekai.com	bcp.crwdcntrl.net
1	idsync.rlcdn.com	bcp.crwdcntrl.net
1	ml314.com	bcp.crwdcntrl.net
1	heartbeat.mediaprimaplus.com.my	www.googletagmanager.com
1	www.clarity.ms	says.com
1	c16d-35-240-187-111.ngrok.io	www.googletagmanager.com
1	static.ads-twitter.com	says.com
1	www.googleadservices.com	www.googletagmanager.com
1	prebid.media.net	ads.pubmatic.com
1	mediaprima-d.openx.net	ads.pubmatic.com
1	htlb.casalemedia.com	ads.pubmatic.com
1	www.googletagmanager.com	says.com
1	cdnjs.cloudflare.com	says.com
1	ads.pubmatic.com	says.com
1	p.typekit.net	use.typekit.net
1	static.cloudflareinsights.com	says.com
0	hbopenbid.pubmatic.com Failed	ads.pubmatic.com
227	84

This site contains links to these domains. Also see Links.

Domain
klips.says.com
facebook.com
twitter.com
instagram.com
www.youtube.com
bit.ly
www.facebook.com
www.instagram.com
careers.revasia.com
revmedia.my
www.mediaprima.com.my

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-09-05` - `2022-09-04`	a year	crt.sh
use.typekit.net DigiCert TLS RSA SHA256 2020 CA1	`2021-08-16` - `2022-08-16`	a year	crt.sh
*.typekit.net DigiCert TLS RSA SHA256 2020 CA1	`2021-12-05` - `2022-12-06`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-12-27` - `2022-03-21`	3 months	crt.sh
*.crwdcntrl.net Go Daddy Secure Certificate Authority - G2	`2021-04-29` - `2022-05-31`	a year	crt.sh
*.pubmatic.com DigiCert SHA2 Secure Server CA	`2021-03-30` - `2022-04-04`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2021-11-02` - `2022-01-31`	3 months	crt.sh
*.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2021-12-01` - `2022-02-26`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-12-27` - `2022-03-21`	3 months	crt.sh
*.scorecardresearch.com Amazon	`2021-02-28` - `2022-03-29`	a year	crt.sh
*.smartadserver.com DigiCert ECC Secure Server CA	`2020-01-30` - `2022-02-03`	2 years	crt.sh
san.casalemedia.com GeoTrust RSA CA 2018	`2021-12-12` - `2022-12-13`	a year	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2021-03-05` - `2022-02-19`	a year	crt.sh
*.openx.net GeoTrust RSA CA 2018	`2021-07-08` - `2022-08-08`	a year	crt.sh
*.media.net Sectigo RSA Domain Validation Secure Server CA	`2021-04-12` - `2022-05-05`	a year	crt.sh
www.googleadservices.com GTS CA 1C3	`2021-12-27` - `2022-03-21`	3 months	crt.sh
*.chartbeat.com Thawte RSA CA 2018	`2021-05-20` - `2022-06-03`	a year	crt.sh
useinsider.com Cloudflare Inc ECC CA-3	`2021-09-20` - `2022-09-19`	a year	crt.sh
ads-twitter.com DigiCert TLS RSA SHA256 2020 CA1	`2021-07-21` - `2022-07-26`	a year	crt.sh
*.ngrok.io R3	`2022-01-02` - `2022-04-02`	3 months	crt.sh
www.clarity.ms DigiCert TLS RSA SHA256 2020 CA1	`2021-06-01` - `2022-06-01`	a year	crt.sh
mediaprimaplus.com.my Cloudflare Inc ECC CA-3	`2021-08-30` - `2022-08-29`	a year	crt.sh
*.ml314.com Amazon	`2021-12-17` - `2023-01-14`	a year	crt.sh
*.rlcdn.com Sectigo RSA Domain Validation Secure Server CA	`2021-02-25` - `2022-03-28`	a year	crt.sh
odc-pixel-prod-01.oracle.com DigiCert SHA2 Secure Server CA	`2021-11-24` - `2022-04-26`	5 months	crt.sh
*.twitter.com DigiCert TLS RSA SHA256 2020 CA1	`2022-01-06` - `2023-01-05`	a year	crt.sh
t.co DigiCert TLS RSA SHA256 2020 CA1	`2022-01-06` - `2023-01-05`	a year	crt.sh
*.google.com GTS CA 1C3	`2021-12-27` - `2022-03-21`	3 months	crt.sh
www.google.com GTS CA 1C3	`2021-12-27` - `2022-03-21`	3 months	crt.sh
www.google.de GTS CA 1C3	`2021-12-27` - `2022-03-21`	3 months	crt.sh
a.clarity.ms Microsoft RSA TLS CA 01	`2021-07-27` - `2022-07-27`	a year	crt.sh
*.google.de GTS CA 1C3	`2021-12-27` - `2022-03-21`	3 months	crt.sh
*.chartbeat.net Thawte RSA CA 2018	`2021-12-01` - `2022-12-30`	a year	crt.sh
*.id5-sync.com R3	`2021-12-20` - `2022-03-20`	3 months	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2021-03-18` - `2022-04-19`	a year	crt.sh
cdn.adnxs.com GlobalSign Organization Validated CA - SHA256 - G4	`2021-05-10` - `2022-06-11`	a year	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2021-12-27` - `2022-03-21`	3 months	crt.sh
track.adform.net DigiCert TLS RSA SHA256 2020 CA1	`2021-09-06` - `2022-10-07`	a year	crt.sh
misc-sni.google.com GTS CA 1C3	`2021-12-27` - `2022-03-21`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2021-12-27` - `2022-03-21`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2021-12-27` - `2022-03-21`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2021-12-27` - `2022-03-21`	3 months	crt.sh

This page contains 22 frames:

Primary Page: https://says.com/my
Frame ID: 894D0234F5216150E992155B3C6BEA49
Requests: 129 HTTP requests in this frame

Frame: https://tags.crwdcntrl.net/lt/shared/2/lt.iframe.html?c=11139
Frame ID: ECFF13DBAA9EF799BD51C9A40D94086B
Requests: 1 HTTP requests in this frame

Frame: https://bcp.crwdcntrl.net/pixels?s=22%2C61%2C14%2C12&b=797747%2C1769168&c=11139
Frame ID: 7613DC96621C6F7CD7BB62D9C92D4799
Requests: 10 HTTP requests in this frame

Frame: https://says.api.useinsider.com/worker-new.html
Frame ID: 46B9A021C114147B1C68722FD3E22610
Requests: 1 HTTP requests in this frame

Frame: https://cd39953b3f13420a8f7dd021c757ad13.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: AA6E1D0E995CC7CE9AA6913FE8F2F5B9
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: 0CAEC5C1446EB98871757E332529DC62
Requests: 3 HTTP requests in this frame

Frame: https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUKXW7J4&prvid=77&purpose1=1&gdprconsent=0&gdpr=1&usp_status=0&usp_consent=1&itype=PREBID
Frame ID: 46B6F27EB34638C854B2669A977C7CEB
Requests: 1 HTTP requests in this frame

Frame: https://u.openx.net/w/1.0/pd
Frame ID: 4921DA2CD62D99EFDC9E0B93EF02FF95
Requests: 1 HTTP requests in this frame

Frame: https://js-sec.indexww.com/um/ixmatch.html
Frame ID: A73B0E2CB0B7630B0910105EC8073224
Requests: 1 HTTP requests in this frame

Frame: https://ssum-sec.casalemedia.com/usermatch?d=https://says.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Frame ID: 7C0A7798ECDCAB89C822C08A342B594C
Requests: 10 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: A030F5F59E31B80C361FCBC3A96603E1
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 1623E6490D48FCDF19897AE549AC202A
Requests: 2 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012111152338000/amp4ads-v0.mjs
Frame ID: 539C1F58650A0CBCB69972B38618B012
Requests: 16 HTTP requests in this frame

Frame: https://cd39953b3f13420a8f7dd021c757ad13.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 402E24E1FCDCF57A7102BEA89973E6BD
Requests: 15 HTTP requests in this frame

Frame: https://cd39953b3f13420a8f7dd021c757ad13.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 62BB0BB230AE14F2606287AB281A6082
Requests: 13 HTTP requests in this frame

Frame: https://cd39953b3f13420a8f7dd021c757ad13.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: CDAEA2935AECAD699D1962C1D020C094
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJb4yM4CEO6Mm4oDGLaV-b0BMAE&v=APEucNXV02piRj0N1JrnDdhElQzU3KiDXpshjmBs_wQ6Lt4KP-2tNpdKdOCIztG7lSycx2ImBavI8l88s7TrehBoxKNzZig-Nw
Frame ID: C9ED3760BD1FF5108B34CD5DB9906851
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CIKSIxC9tCMYjfySCzAB&v=APEucNWLvRB7ktkg0HpUJ2Z1uJRDTcu8zFMjBYx-qqB1uVHh0J8UBVGBmy862rgT4IyOfQAESBS9pi-UOaUPbSSjJOnkApHUYg
Frame ID: 77E58D6AE84334C1FDBAC17FE8C58D34
Requests: 1 HTTP requests in this frame

Frame: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
Frame ID: 15A83F4D4CE301973AF78763DFCEA446
Requests: 8 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 208F2EF104FB03F91DE8300E60C12E00
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: B3AE5D15675CBA68AF310C95B884A610
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: F08638A6303FE1024B07722BCDA53F7A
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

SAYS - Creating content for Malaysia’s social media generation

Page URL History Show full URLs

http://says.com/ HTTP 301
https://says.com/ HTTP 301
https://says.com/my Page URL

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

AMP (JavaScript frameworks) Expand

Overall confidence: 100%
Detected patterns

<link rel="amphtml"

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

Cloudflare Browser Insights (Analytics) Expand

Overall confidence: 100%
Detected patterns

static\.cloudflareinsights\.com/beacon(?:\.min)?\.js

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

DoubleClick for Publishers (DFP) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googletagservices\.com/tag/js/gpt(?:_mobile)?\.js

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js

Insider (Marketing automation) Expand

Overall confidence: 100%
Detected patterns

api\.useinsider\.\w+/

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

Popper (Miscellaneous) Expand

Overall confidence: 100%
Detected patterns

<script [^>]*src="[^"]*/popper\.js/([0-9.]+)
/popper\.js/([0-9.]+)

Prebid (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.com/[^"]*(?:prebid|/pb\.js)

PubMatic (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.pubmatic\.com

Twitter typeahead.js (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

(?:typeahead|bloodhound)\.(?:jquery|bundle)?(?:\.min)?\.js

Typekit (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link [^>]*href="[^"]+use\.typekit\.(?:net|com)

comScore (Analytics) Expand

Overall confidence: 100%
Detected patterns

<iframe[^>]* (?:id="comscore"|scr=[^>]+comscore)|\.scorecardresearch\.com/beacon\.js|COMSCORE\.beacon
\.scorecardresearch\.com/beacon\.js|COMSCORE\.beacon

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

//cdn\.jsdelivr\.net/

Page Statistics

227
Requests

95 %
HTTPS

51 %
IPv6

51
Domains

84
Subdomains

71
IPs

8
Countries

2819 kB
Transfer

7072 kB
Size

51
Cookies

12 Outgoing links

These are links going to different origins than the main page.

URL: https://klips.says.com/
Title: KLIPS

Search URL Search Domain Scan URL

URL: http://facebook.com/saysdotcom

Search URL Search Domain Scan URL

URL: http://twitter.com/saysdotcom

Search URL Search Domain Scan URL

URL: http://instagram.com/saysdotcom

Search URL Search Domain Scan URL

URL: https://www.youtube.com/SAYSvideos

Search URL Search Domain Scan URL

URL: https://bit.ly/33WqNYJ

Search URL Search Domain Scan URL

URL: https://www.facebook.com/saysdotcom

Search URL Search Domain Scan URL

URL: https://twitter.com/saysdotcom

Search URL Search Domain Scan URL

URL: https://www.instagram.com/saysdotcom/

Search URL Search Domain Scan URL

URL: https://careers.revasia.com/
Title: Job Openings

Search URL Search Domain Scan URL

URL: https://revmedia.my/
Title: REV Media Group

Search URL Search Domain Scan URL

URL: https://www.mediaprima.com.my/
Title: Media Prima Group

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://says.com/ HTTP 301
https://says.com/ HTTP 301
https://says.com/my Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 32

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fsays.com%2F&domain=says.com&cw=1&lsw=1 HTTP 302
https://mug.criteo.com/sid?cpp=ZNvtP3xsTElTMVFBSEZsSHRrbUt0RXo4NTVseDhreUNWMU1KM3RFOTFmNnpHOFpXbXYwU3c2ZFpucHExWHpoeUdtQ3hOdG1zZk9IWk1JWW9ETUtYRWhpSFEzMHZFM1hqNnlDeWNzS2ZmRWNGRFRCVThxZGpwY0Exd1JsY1dqSUF1eFlmOVVXbWxiaVRLSm1EWmhHb3BVK3ZYYmFQN1hicENFVmxrM0hvR3JrWmZLMkNnK0x6bk5QdWV2WEZ4eE03OXhvaGd0RG5kUGNRL3F3bHRrSWVWMDJqR1YzcHZBN0VtWFd4VTZyY0JiN3drOTBvPXw&cppv=2

Request Chain 49

https://sb.scorecardresearch.com/b?c1=2&c2=6034955&ns__t=1643042538192&ns_c=UTF-8&cv=3.5&c8=SAYS%20-%20Creating%20content%20for%20Malaysia%E2%80%99s%20social%20media%20generation&c7=https%3A%2F%2Fsays.com%2Fmy&c9= HTTP 302
https://sb.scorecardresearch.com/b2?c1=2&c2=6034955&ns__t=1643042538192&ns_c=UTF-8&cv=3.5&c8=SAYS%20-%20Creating%20content%20for%20Malaysia%E2%80%99s%20social%20media%20generation&c7=https%3A%2F%2Fsays.com%2Fmy&c9=

Request Chain 62

https://cm.g.doubleclick.net/pixel?google_nid=lotame_dmp&google_hm=${base64_profileid} HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=lotame_dmp&google_hm=${base64_profileid}&google_tc=

Request Chain 82

https://c.clarity.ms/c.gif HTTP 302
https://c.bing.com/c.gif?CtsSyncId=F9ECD03AE3E64BC2AD30E89812B76A4D&RedC=c.clarity.ms&MXFR=27D9A148B9DF6E7404F2B07EBDDF607E HTTP 302
https://c.clarity.ms/c.gif?CtsSyncId=F9ECD03AE3E64BC2AD30E89812B76A4D&MUID=277CE7B91C6D6FE41347F68F1D066EA6

Request Chain 128

https://ib.adnxs.com/async_usersync?cbfn=queuePixels HTTP 307
https://ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels

Request Chain 129

https://ssum-sec.casalemedia.com/usermatch?d=https://says.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F HTTP 302
https://ssum-sec.casalemedia.com/usermatch?d=https://says.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1

Request Chain 141

https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D&gdpr=1 HTTP 302
https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=Ye7W7UcX9kp-wlAvhtqwpQAA HTTP 302
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEOIMSVdo9spZO6lJ2f3YNU4&google_cver=1&gdpr=1

Request Chain 143

https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=Ye7W7UcX9kp_wlAvhtqwpQAABFcAAAAB HTTP 302
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=Ye7W7UcX9kp_wlAvhtqwpQAABFcAAAAB&dcc=t

Request Chain 146

https://nep.advangelists.com/xp/user-sync?acctid=405&redirect=https%3A%2F%2Fdsum-sec.casalemedia.com%2Fcrum%3Fcm_dsp_id%3D195%26external_user_id%3D%7BPARTNER_VISITOR_ID%7D%0A HTTP 302
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=195&external_user_id=av-b477ca70-a7e5-401a-913b-f1a2fa1b9d16

Request Chain 147

https://pixel-sync.sitescout.com/dmp/pixelSync?nid=48&gdpr=1 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=64&external_user_id=no-consent&expiration=1645634541

Request Chain 220

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

227 HTTP transactions
5 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request my Show response
says.com/
Redirect Chain

http://says.com/
https://says.com/
https://says.com/my

53 KB
13 KB

158ms
157ms

Document
text/html

2606:4700::6812:13ee
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://says.com/my

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:13ee , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Phusion Passenger 6.0.4

Resource Hash

91efbc46c7c1fc2c8261ca7258a059bddfcc2497f0ebdb5d7da70cbfb647f8b1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

date: Mon, 24 Jan 2022 16:42:18 GMT
content-type: text/html; charset=utf-8
status: 200 OK
cache-control: private, max-age=1800, must-revalidate
referrer-policy: strict-origin-when-cross-origin
x-permitted-cross-domain-policies: none
x-xss-protection: 1; mode=block
x-request-id: 0d683d8a-ac7d-4017-b240-c1057ea7121f
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-runtime: 1.066865
x-content-type-options: nosniff
x-powered-by: Phusion Passenger 6.0.4
via: 1.1 google
cf-cache-status: HIT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
server: cloudflare
cf-ray: 6d2ab6d7c9455b9e-FRA
content-encoding: br

Redirect headers

date: Mon, 24 Jan 2022 16:42:18 GMT
content-type: text/html
location: https://says.com/my
status: 301 Moved Permanently
cache-control: max-age=1800
x-request-id: 133fc6a6-45ed-4cf3-8f6a-b11c4c56d444
x-runtime: 0.002347
x-powered-by: Phusion Passenger 6.0.4
via: 1.1 google
cf-cache-status: HIT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
server: cloudflare
cf-ray: 6d2ab6d69e915b9e-FRA

GET
H2 200 bootstrap-9020e29a8803a9cc10a82a813d4090471b2c58c07af89d70d4362fb71e073ea4.css
says.com/assets/ 154 KB
24 KB 33ms
32ms Stylesheet
text/css 2606:4700::6812:13ee
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://says.com/assets/bootstrap-9020e29a8803a9cc10a82a813d4090471b2c58c07af89d70d4362fb71e073ea4.css
Requested by: Host: says.com
URL: https://says.com/my
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:13ee , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9020e29a8803a9cc10a82a813d4090471b2c58c07af89d70d4362fb71e073ea4

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://says.com/my
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

cf-ray: 6d2ab6d8fbaf5b9e-FRA
date: Mon, 24 Jan 2022 16:42:18 GMT
via: 1.1 google
cf-cache-status: HIT
last-modified: Thu, 28 Nov 2019 09:14:40 GMT
server: cloudflare
age: 8439
etag: W/"5ddf9000-26643"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=30
content-encoding: br
expires: Mon, 24 Jan 2022 16:42:48 GMT

GET
H2 200 application-d85f64a95b459d98354f0b827a69c81136ab35fc199c28df6201ed23083723e7.css
says.com/assets/ 338 KB
66 KB 34ms
33ms Stylesheet
text/css 2606:4700::6812:13ee
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://says.com/assets/application-d85f64a95b459d98354f0b827a69c81136ab35fc199c28df6201ed23083723e7.css
Requested by: Host: says.com
URL: https://says.com/my
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:13ee , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d85f64a95b459d98354f0b827a69c81136ab35fc199c28df6201ed23083723e7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://says.com/my
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

cf-ray: 6d2ab6d8fbb65b9e-FRA
date: Mon, 24 Jan 2022 16:42:18 GMT
via: 1.1 google
cf-cache-status: HIT
last-modified: Fri, 14 Jan 2022 03:19:21 GMT
server: cloudflare
age: 8438
etag: W/"61e0ebb9-54797"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=30
content-encoding: br
expires: Mon, 24 Jan 2022 16:42:48 GMT

GET
H2 200 cookie.consent.css
policy.revasia.com/ 1 KB
1 KB 165ms
63ms Stylesheet
text/css 2606:4700:3035::ac43:a9b3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://policy.revasia.com/cookie.consent.css
Requested by: Host: says.com
URL: https://says.com/my
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::ac43:a9b3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cfe8e5168d661e94ef9fc3ae9d3f2a5b7a02093231694e1ae0573b5be6c4215a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://says.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-goog-hash: crc32c=yFoefQ==, md5=/Co07jaJviW5aoG5Zrx82A==
date: Mon, 24 Jan 2022 16:42:18 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 804
x-guploader-uploadid: ADPycduGL42m7jci2jK4hA3sD7OxnB7B7_KbLVy58Zq0guG24IP63XRuKquNyWIwtAAg3n0VBy-yHkhLjo43lEgCRVw
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Fri, 27 Sep 2019 04:27:42 GMT
server: cloudflare
etag: W/"fc2a34ee3689be25b96a81b966bc7cd8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=53mAc%2FroW7xM1QUaYWei%2BLulrlxMV89EE%2FM4dLtpe0duykbmQL3dw%2FuC%2BIZi%2FjD%2BrsqzAusAwHfhFx%2FIqAcVRtinLi7YMEuK45rzl7NiihrevN%2BwxHM9WGS5hBSL6nUwtwltSIVxPkaEKDIvy7669Wo%3D"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1569558462623355
access-control-allow-origin: *
content-type: text/css
access-control-expose-headers: Content-Type, Authorization, Content-Length, User-Agent, x-goog-resumable, x-goog-acl, Access-Control-Allow-Origin, X-Requested-With
cache-control: public, max-age=14400
x-goog-stored-content-length: 1132
cf-ray: 6d2ab6d9bd5d69d8-MAD
expires: Mon, 24 Jan 2022 17:22:53 GMT

GET
H2 200 ner5wjl.css
use.typekit.net/ 7 KB
1 KB 52ms
17ms Stylesheet
text/css 2a02:26f0:6c00::210:ba0b
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://use.typekit.net/ner5wjl.css

Requested by

Host: says.com
URL: https://says.com/my

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:6c00::210:ba0b Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

nginx /

Resource Hash

7784d9de90799f3ea6b6bbc68abab20e386dbed3ec2f3c6ff1d6e23e4316d9b0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://says.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains;
content-encoding: gzip
server: nginx
date: Mon, 24 Jan 2022 16:42:18 GMT
vary: Accept-Encoding
content-type: text/css;charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=600, stale-while-revalidate=604800
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 1080

GET
H2 200 sto.css
pcto.revmedia.my/2022/01/uemsunrise/ 7 KB
3 KB 252ms
197ms Stylesheet
text/css 2606:4700::6812:10e0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://pcto.revmedia.my/2022/01/uemsunrise/sto.css
Requested by: Host: says.com
URL: https://says.com/my
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:10e0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 825fa6f794c4fc5b6b8c7c7ad6ed35ab11de6ab42b9e01293437899c71df3448

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://says.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 24 Jan 2022 16:42:18 GMT
content-encoding: gzip
cf-cache-status: HIT
x-guploader-uploadid: ADPycdusjxTo3QEC_OrerSFCs1VBmFftQVy7FjhyqmUMfJwjnhLuRBg4UUtQpPpjqdqekq89SMz6I7SmUZJuwOELj4U
x-goog-storage-class: STANDARD
x-goog-custom-time: 1970-01-01T00:00:00Z
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
content-type: text/css
x-goog-meta-
last-modified: Mon, 24 Jan 2022 15:51:09 GMT
server: cloudflare
etag: W/"4a59441fbfd64fb0bef4264694ddfb2e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin, Accept-Encoding
x-goog-hash: crc32c=H5AcLA==, md5=SllEH7/WT7C+9CZGlN37Lg==
x-goog-generation: 1643039469942958
cache-control: public, max-age=120
x-goog-stored-content-length: 7605
cf-ray: 6d2ab6d94c865c1a-FRA
expires: Mon, 24 Jan 2022 16:44:18 GMT

GET
H2 200 says-logo-white-7aef5e5dce9fc35f98a00aa174b9206cbb23460ee62c0bd446e3175dab4aece9.svg
says.com/assets/ 2 KB
1 KB 37ms
37ms Image
image/svg+xml 2606:4700::6812:13ee
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://says.com/assets/says-logo-white-7aef5e5dce9fc35f98a00aa174b9206cbb23460ee62c0bd446e3175dab4aece9.svg
Requested by: Host: says.com
URL: https://says.com/my
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:13ee , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7aef5e5dce9fc35f98a00aa174b9206cbb23460ee62c0bd446e3175dab4aece9

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://says.com/my
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

cf-ray: 6d2ab6d8fbc25b9e-FRA
date: Mon, 24 Jan 2022 16:42:18 GMT
via: 1.1 google
cf-cache-status: HIT
last-modified: Thu, 28 Nov 2019 09:14:40 GMT
server: cloudflare
age: 8438
etag: W/"5ddf9000-86a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=60
content-encoding: br

GET
H2 200 rocket-loader.min.js Show response
says.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/ 12 KB
4 KB 10ms
10ms Script
application/javascript 2606:4700::6812:13ee
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://says.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Requested by

Host: says.com
URL: https://says.com/my

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:13ee , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://says.com/my
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 24 Jan 2022 16:42:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 19 Jan 2022 15:52:06 GMT
server: cloudflare
etag: W/"61e833a6-302c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options: DENY
content-type: application/javascript
cache-control: max-age=172800, public
cf-ray: 6d2ab6d8fbc45b9e-FRA
vary: Accept-Encoding
expires: Wed, 26 Jan 2022 16:42:18 GMT

GET
H2 200 v652eace1692a40cfa3763df669d7439c1639079717194 Show response
static.cloudflareinsights.com/beacon.min.js/ 14 KB
5 KB 79ms
51ms Script
text/javascript 2606:4700::6810:5e41
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static.cloudflareinsights.com/beacon.min.js/v652eace1692a40cfa3763df669d7439c1639079717194
Requested by: Host: says.com
URL: https://says.com/my
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:5e41 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: fd0a1ac929c11b08e819fe4b0a18c5574012c44f09de8987c6be99a0f055a505

Request headers

Referer: https://says.com/
Origin: https://says.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 24 Jan 2022 16:42:18 GMT
content-encoding: gzip
last-modified: Thu, 09 Dec 2021 19:55:17 GMT
server: cloudflare
etag: W/2021.12.0
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
cf-ray: 6d2ab6d92921693a-FRA

GET
H2 200 p.css
p.typekit.net/ 5 B
181 B 34ms
7ms Stylesheet
text/css 2a02:26f0:7100:2a8::19fd
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://p.typekit.net/p.css?s=1&k=ner5wjl&ht=tk&f=139.140.173.174.175.176.10444.10739.10741.17001.17005&a=526275&app=typekit&e=css
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/ner5wjl.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:7100:2a8::19fd Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: 1c0ff118a4290c99f39c90abb38703a866e47251b23cca20266c69c812ccafeb

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://use.typekit.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 24 Jan 2022 16:42:18 GMT
last-modified: Fri, 06 Nov 2020 01:41:46 GMT
server: nginx
etag: "5fa4a9da-5"
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=604800
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
content-length: 5

GET sto.js
pcto.revmedia.my/2022/01/uemsunrise/ 0
0

GET
H2 200 typeahead.jquery.min.js Show response
cdn.jsdelivr.net/typeahead.js/0.10.5/ 20 KB
7 KB 42ms
25ms Script
application/javascript 2606:4700::6810:5814
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/typeahead.js/0.10.5/typeahead.jquery.min.js

Requested by

Host: says.com
URL: https://says.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5814 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3dad81ae9e89995623b89e9c6f7c5c926a098f0882f66dfeb6a7bf99926c1f2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://says.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 24 Jan 2022 16:42:18 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1510077
x-cache: HIT
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by: cache-fra19183-FRA
timing-allow-origin: *
server: cloudflare
etag: W/"510c-S3JXs07We2e7+mK0ogQDjPiLH0c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cf-ray: 6d2ab6d9ac365b32-FRA

GET
H2 200 algoliasearch.helper.min.js Show response
cdn.jsdelivr.net/algoliasearch.helper/2/ 125 KB
34 KB 51ms
34ms Script
application/javascript 2606:4700::6810:5814
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/algoliasearch.helper/2/algoliasearch.helper.min.js

Requested by

Host: says.com
URL: https://says.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5814 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

45a44547bc03bf28eef08b155e355f497ca18ee852614d0dc602b91e20c64512

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://says.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 24 Jan 2022 16:42:18 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 25964
x-jsd-version: 2.28.1
x-cache: HIT
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by: cache-fra19121-FRA
timing-allow-origin: *
x-jsd-version-type: version
server: cloudflare
etag: W/"1f4ce-yhw0k44Hf5WfhCJOdgej62yDo+U"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
cf-ray: 6d2ab6d9ac375b32-FRA

GET
H2 200 algoliasearch.min.js Show response
cdn.jsdelivr.net/algoliasearch/3.9/ 55 KB
17 KB 43ms
26ms Script
application/javascript 2606:4700::6810:5814
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/algoliasearch/3.9/algoliasearch.min.js

Requested by

Host: says.com
URL: https://says.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5814 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4d03ca7f3ce7f1698643944490152dd091759abaae48a654dcb8c0e1fff69094

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://says.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 24 Jan 2022 16:42:18 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 7847680
x-cache: HIT
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by: cache-fra19140-FRA
timing-allow-origin: *
server: cloudflare
etag: W/"dca7-7EOIzEqVciton1p8sULUNdzPZIc"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cf-ray: 6d2ab6d9ac385b32-FRA

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 79 KB
27 KB 231ms
146ms Script
text/javascript 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: says.com
URL: https://says.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

sffe /

Resource Hash

990396d6d5c529c2fa1e43dde960cba3a2464de39cddf210d7622e69e3cbee45

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://says.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 24 Jan 2022 16:42:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27064
x-xss-protection: 0
server: sffe
etag: "1111 / 745 of 1000 / last-modified: 1643025851"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Mon, 24 Jan 2022 16:42:18 GMT

GET
H2 200 lt.min.js Show response
tags.crwdcntrl.net/lt/c/11139/ 44 KB
14 KB 36ms
7ms Script
text/javascript 13.225.80.107
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.crwdcntrl.net/lt/c/11139/lt.min.js
Requested by: Host: says.com
URL: https://says.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.80.107 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-80-107.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 614746b52a14c73782d6bebd9bf0c4ff0466d1a1a652882ee2c7b75eb680bfc9

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://says.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sun, 23 Jan 2022 21:54:43 GMT
content-encoding: gzip
etag: W/"f97499c030a325003e49d5770c741f8d"
last-modified: Thu, 13 Jan 2022 05:51:01 GMT
server: AmazonS3
age: 67656
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript
via: 1.1 56fad5a50ef67bd961b9722ed0931838.cloudfront.net (CloudFront)
cache-control: max-age: 86400
x-amz-cf-pop: FRA2-C2
x-amz-cf-id: 5QVO_1DtcU9CR-caQRKuHowu-1YPXBwmxAYoZmfObyaygACZ4FyKUQ==

GET
H2 200 bootstrap-70ea4d281899906164d43782c7ef2212a415bed7753013e3777caecc303470b8.js Show response
says.com/assets/ 60 KB
17 KB 30ms
29ms Script
application/javascript 2606:4700::6812:13ee
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://says.com/assets/bootstrap-70ea4d281899906164d43782c7ef2212a415bed7753013e3777caecc303470b8.js
Requested by: Host: says.com
URL: https://says.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:13ee , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 70ea4d281899906164d43782c7ef2212a415bed7753013e3777caecc303470b8

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://says.com/my
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

cf-ray: 6d2ab6d99ce75b9e-FRA
date: Mon, 24 Jan 2022 16:42:18 GMT
via: 1.1 google
cf-cache-status: HIT
last-modified: Thu, 28 Nov 2019 09:14:40 GMT
server: cloudflare
age: 8434
etag: W/"5ddf9000-ef1b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=30
content-encoding: br
expires: Mon, 24 Jan 2022 16:42:48 GMT

GET
H2 200 application-cbccbe0e6a648c7f70bbb904016388798338882e7a4966047a5a15832b27173d.js Show response
says.com/assets/ 492 KB
146 KB 42ms
41ms Script
application/javascript 2606:4700::6812:13ee
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://says.com/assets/application-cbccbe0e6a648c7f70bbb904016388798338882e7a4966047a5a15832b27173d.js
Requested by: Host: says.com
URL: https://says.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:13ee , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cbccbe0e6a648c7f70bbb904016388798338882e7a4966047a5a15832b27173d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://says.com/my
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

cf-ray: 6d2ab6d99cea5b9e-FRA
date: Mon, 24 Jan 2022 16:42:18 GMT
via: 1.1 google
cf-cache-status: HIT
last-modified: Tue, 02 Mar 2021 15:22:36 GMT
server: cloudflare
age: 8433
etag: W/"603e583c-7b1ab"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=30
content-encoding: br
expires: Mon, 24 Jan 2022 16:42:48 GMT

GET
H2 200 cookie.consent.js Show response
policy.revasia.com/ 3 KB
2 KB 63ms
63ms Script
text/javascript 2606:4700:3035::ac43:a9b3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://policy.revasia.com/cookie.consent.js
Requested by: Host: says.com
URL: https://says.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::ac43:a9b3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1bea71d07ca30415d598ea3dfbe6641f5aa63fe0414d3c27ed6bd0e89c603439

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://says.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-goog-hash: crc32c=9GWciA==, md5=u1V6Wme8uXWjBAwtr2LbJw==
date: Mon, 24 Jan 2022 16:42:18 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 861
x-guploader-uploadid: ADPycdtMl0NyOJowNODcWCXrTeZQYUBOK2Nq1LnQ5ryKo_MmcMYlxOW_aQwhN-Aw3tbIdpXq7oLZvKMkvlZp6k6EX7giFPmgMw
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Tue, 29 Oct 2019 04:03:50 GMT
server: cloudflare
etag: W/"bb557a5a67bcb975a3040c2daf62db27"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Kh5I%2FJxT1BT15sGrV1NTKl%2BlhHVKVLqvfF83fdTxs9x1LbrC7r60IyujHPvtr99yw%2FYmv%2FfYWO9PJMcHXgfjY1F10WGRAe7D%2FnXVbFNOOos1Mgtf43MwXMDhMjHO7Uwz9PwdiIFlak5r4cdkbI16lBk%3D"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1572321830602698
access-control-allow-origin: *
content-type: text/javascript
access-control-expose-headers: Content-Type, Authorization, Content-Length, User-Agent, x-goog-resumable, x-goog-acl, Access-Control-Allow-Origin, X-Requested-With
cache-control: public, max-age=14400
x-goog-stored-content-length: 3234
cf-ray: 6d2ab6d9bd6069d8-MAD
expires: Mon, 24 Jan 2022 17:27:57 GMT

GET
H2 200 gpt.js Show response
www.googletagservices.com/tag/js/ 79 KB
27 KB 135ms
46ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: says.com
URL: https://says.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

990396d6d5c529c2fa1e43dde960cba3a2464de39cddf210d7622e69e3cbee45

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://says.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 24 Jan 2022 16:42:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27064
x-xss-protection: 0
server: sffe
etag: "1111 / 583 of 1000 / last-modified: 1643025851"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Mon, 24 Jan 2022 16:42:18 GMT

GET
H2 200 pwt.js Show response
ads.pubmatic.com/AdServer/js/pwt/121793/1376/ 377 KB
115 KB 62ms
16ms Script
text/javascript 92.122.252.114
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/pwt/121793/1376/pwt.js
Requested by: Host: says.com
URL: https://says.com/my
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 92.122.252.114 Schiphol, Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a92-122-252-114.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 16adf8c0cf6ed747ee0358358062223296e7285af48e189f7de282698528ea07

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://says.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 24 Jan 2022 16:42:18 GMT
content-encoding: gzip
last-modified: Wed, 05 Jan 2022 09:01:19 GMT
server: Apache/2.2.15 (CentOS)
etag: "1701087-5e424-5d4d1ff471919"
vary: Accept-Encoding
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control: public, max-age=75017
accept-ranges: bytes
content-type: text/javascript
content-length: 116820
expires: Tue, 25 Jan 2022 13:32:35 GMT

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 99 KB
27 KB 29ms
8ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: says.com
URL: https://says.com/my

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

16c13044cedc5c7482ad7db51913c164ffabc787ec5b6b0246acfec84cd6d01b

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://says.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length: 26187
x-xss-protection: 0
pragma: public
x-fb-debug: avkGFr1iLvKqE8U7XnjMApdAw2wcvoI+yix8+HwUZE49ihmYhw5J4nYQ0pW4LDaHw5wnduV6AVW/rBHyJXGjzg==
x-fb-trip-id: 917726464
x-frame-options: DENY
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
date: Mon, 24 Jan 2022 16:42:18 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 popper.min.js Show response
cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.7/umd/ 21 KB
7 KB 63ms
35ms Script
application/javascript 2606:4700::6810:125e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.7/umd/popper.min.js

Requested by

Host: says.com
URL: https://says.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:125e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

66f3a07e1fa9b64a686b66381e4458dbc8abf3dbbff954720c4eec07b84411c2

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer: https://says.com/
Origin: https://says.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 24 Jan 2022 16:42:18 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 7866
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 6646
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:15:37 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03fa9-520c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CgJrJBMNtN3dyH2WtrIaJaJ5LEvJSTZLng4xIqejp9RxYiMV1LCK4no179PboDUcGH4dlvl1pbgoQVKXx86a6WpALr4hGm5ZkscyL54bJ3mWnIVdpbEq%2F4v5H1FQi9Cv9tRgwNUjMOnHNwil2ytedkRo"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 6d2ab6dac8826964-FRA
expires: Sat, 14 Jan 2023 16:42:18 GMT

GET
H2 200 fa-solid-900.woff2
says.com/fonts/ 74 KB
74 KB 475ms
475ms Font
application/octet-stream 2606:4700::6812:13ee
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://says.com/fonts/fa-solid-900.woff2
Requested by: Host: says.com
URL: https://says.com/assets/application-d85f64a95b459d98354f0b827a69c81136ab35fc199c28df6201ed23083723e7.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:13ee , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 80fe90cb559538158bc235f4e539d9bcae203e19fab7c6970aad37b0154348ff

Request headers

Referer: https://says.com/assets/application-d85f64a95b459d98354f0b827a69c81136ab35fc199c28df6201ed23083723e7.css
Origin: https://says.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 24 Jan 2022 16:42:19 GMT
via: 1.1 google
cf-cache-status: HIT
last-modified: Thu, 13 Jan 2022 05:20:31 GMT
server: cloudflare
etag: "61dfb69f-12690"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/octet-stream
cache-control: max-age=1800
accept-ranges: bytes
cf-ray: 6d2ab6da9ed85b9e-FRA
content-length: 75408

GET
H2 200 l
use.typekit.net/af/27776b/00000000000000003b9b0939/27/ 19 KB
19 KB 56ms
37ms Font
application/font-woff2 2a02:26f0:6c00::210:ba0b
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/27776b/00000000000000003b9b0939/27/l?subset_id=2&fvd=n6&v=3
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/ner5wjl.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00::210:ba0b Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: 0382a06b8e3ec31595098573a3dbfd2d17b458498c1aa3b485741b0413777a9c

Request headers

Referer: https://use.typekit.net/ner5wjl.css
Origin: https://says.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 24 Jan 2022 16:42:18 GMT
server: nginx
etag: "e1ccbb4a993cd81acf325a5b5760f522404cc494"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 19664

GET
H2 200 fa-brands-400.woff2
says.com/fonts/ 73 KB
73 KB 158ms
158ms Font
application/octet-stream 2606:4700::6812:13ee
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://says.com/fonts/fa-brands-400.woff2
Requested by: Host: says.com
URL: https://says.com/assets/application-d85f64a95b459d98354f0b827a69c81136ab35fc199c28df6201ed23083723e7.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:13ee , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 975714c6cb70ba105bfa87d2415df2fddde4a46c1d3ab9d0cf45465e56cba97d

Request headers

Referer: https://says.com/assets/application-d85f64a95b459d98354f0b827a69c81136ab35fc199c28df6201ed23083723e7.css
Origin: https://says.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 24 Jan 2022 16:42:18 GMT
via: 1.1 google
cf-cache-status: HIT
last-modified: Thu, 13 Jan 2022 05:20:31 GMT
server: cloudflare
etag: "61dfb69f-1231c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/octet-stream
cache-control: max-age=1800
accept-ranges: bytes
cf-ray: 6d2ab6da9ee35b9e-FRA
content-length: 74524

GET
H2 200 l
use.typekit.net/af/86b539/00000000000000003b9b093a/27/ 20 KB
20 KB 111ms
96ms Font
application/font-woff2 2a02:26f0:6c00::210:ba0b
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/86b539/00000000000000003b9b093a/27/l?subset_id=2&fvd=i7&v=3
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/ner5wjl.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00::210:ba0b Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: a2f6fec90f9b0079aad59d497fa75796162208996aa12a56b65ad4dc2cb07053

Request headers

Referer: https://use.typekit.net/ner5wjl.css
Origin: https://says.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 24 Jan 2022 16:42:18 GMT
server: nginx
etag: "7a571531ba8746780d4709c32909a81a6b90fc36"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 20572

GET
H2 200 l
use.typekit.net/af/4838bd/00000000000000003b9b0934/27/ 19 KB
19 KB 43ms
38ms Font
application/font-woff2 2a02:26f0:6c00::210:ba0b
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/4838bd/00000000000000003b9b0934/27/l?subset_id=2&fvd=n4&v=3
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/ner5wjl.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00::210:ba0b Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: f496b4544f491ae23fe1b2d7ce5aa997627e0bc8c10e778c159591e1c5482b54

Request headers

Referer: https://use.typekit.net/ner5wjl.css
Origin: https://says.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 24 Jan 2022 16:42:18 GMT
server: nginx
etag: "2c0b6e23328e638bb18899aafbc85ad950333c16"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 19364

GET
H2 200 l
use.typekit.net/af/71f83c/00000000000000003b9b093b/27/ 19 KB
20 KB 23ms
23ms Font
application/font-woff2 2a02:26f0:6c00::210:ba0b
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/71f83c/00000000000000003b9b093b/27/l?subset_id=2&fvd=n7&v=3
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/ner5wjl.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00::210:ba0b Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: 57a4bb5c5fad1da04cf1d43c824c9117e6ae12d5fca469fd4e525e216fb37761

Request headers

Referer: https://use.typekit.net/ner5wjl.css
Origin: https://says.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 24 Jan 2022 16:42:18 GMT
server: nginx
etag: "642d9266d1f9c63e0e36cec5fe51c6a1134c359a"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 19916

GET
H2 200 pubads_impl_2022011408.js Show response
securepubads.g.doubleclick.net/gpt/ 351 KB
118 KB 44ms
43ms Script
text/javascript 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011408.js

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

sffe /

Resource Hash

0530384d8115b9411cd4fac3bad2e6565ab2ddf9c866c86b1422a65dfccb3980

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://says.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 24 Jan 2022 16:24:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1094
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 120805
x-xss-protection: 0
last-modified: Sat, 15 Jan 2022 00:18:29 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Tue, 24 Jan 2023 16:24:04 GMT

GET
H2 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 175 B
748 B 129ms
50ms XHR
application/json 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=says.com

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

55c4447ef4df513c0f5bc6dff8232177b177b1655ec4e9023ed0d0e4f2fe22da

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://says.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 24 Jan 2022 16:42:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 112
x-xss-protection: 0
expires: Mon, 24 Jan 2022 16:42:18 GMT

GET
H2 200 169284420317900 Show response
connect.facebook.net/signals/config/ 306 KB
88 KB 840ms
839ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/169284420317900?v=2.9.49&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

ef9bb99505294aa46ae914d07d673fa33f593bd6e5db59ac18e13b955fa4d9bb

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://says.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding: gzip
x-content-type-options: nosniff
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600,h3-29=":443"; ma=3600
x-xss-protection: 0
pragma: public
x-fb-debug: WTgA3DZnQqV3sU5j2ha9Ty3Bx8cnSzvLipjkh9FHyeIxuk5DEx2RQuB2fmAQIsUNiFPKAb89Yw2GtaKs/JreFA==
x-fb-trip-id: 917726464
x-frame-options: DENY
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
date: Mon, 24 Jan 2022 16:42:19 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

OPTIONS
H2 200 json
gum.criteo.com/sid/ Frame 0
0 49ms
16ms Preflight
application/json 2a02:2638::1c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fsays.com%2F&domain=says.com&cw=1&lsw=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::1c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Origin: https://says.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
content-type: application/json; charset=utf-8
expires: 0
access-control-allow-origin: https://says.com
access-control-allow-headers: content-type
access-control-allow-credentials: true
access-control-allow-methods: GET
server-processing-duration-in-ticks: 1631
date: Mon, 24 Jan 2022 16:42:18 GMT
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding

GET
H2

200

sid Show response
mug.criteo.com/
Redirect Chain

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fsays.com%2F&domain=says.com&cw=1&lsw=1
https://mug.criteo.com/sid?cpp=ZNvtP3xsTElTMVFBSEZsSHRrbUt0RXo4NTVseDhreUNWMU1KM3RFOTFmNnpHOFpXbXYwU3c2ZFpucHExWHpoeUdtQ3hOdG1zZk9IWk1JWW9ETUtYRWhpSFEzMHZFM1hqNnlDeWNzS2ZmRWNGRFRCVThxZGpwY0Exd1JsY1...

339 B
611 B

46ms
16ms

XHR
application/json

178.250.0.157
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://mug.criteo.com/sid?cpp=ZNvtP3xsTElTMVFBSEZsSHRrbUt0RXo4NTVseDhreUNWMU1KM3RFOTFmNnpHOFpXbXYwU3c2ZFpucHExWHpoeUdtQ3hOdG1zZk9IWk1JWW9ETUtYRWhpSFEzMHZFM1hqNnlDeWNzS2ZmRWNGRFRCVThxZGpwY0Exd1JsY1dqSUF1eFlmOVVXbWxiaVRLSm1EWmhHb3BVK3ZYYmFQN1hicENFVmxrM0hvR3JrWmZLMkNnK0x6bk5QdWV2WEZ4eE03OXhvaGd0RG5kUGNRL3F3bHRrSWVWMDJqR1YzcHZBN0VtWFd4VTZyY0JiN3drOTBvPXw&cppv=2

Protocol

Server

178.250.0.157 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

eb6397dd21c80c5d6661c07e48703a6ff70e9dfeed0c8677948fcf333b51c9d8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://says.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 24 Jan 2022 16:42:18 GMT
content-encoding: gzip
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: null
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 2307
strict-transport-security: max-age=31536000; preload;
expires: 0

Redirect headers

pragma: no-cache
date: Mon, 24 Jan 2022 16:42:18 GMT
location: https://mug.criteo.com/sid?cpp=ZNvtP3xsTElTMVFBSEZsSHRrbUt0RXo4NTVseDhreUNWMU1KM3RFOTFmNnpHOFpXbXYwU3c2ZFpucHExWHpoeUdtQ3hOdG1zZk9IWk1JWW9ETUtYRWhpSFEzMHZFM1hqNnlDeWNzS2ZmRWNGRFRCVThxZGpwY0Exd1JsY1dqSUF1eFlmOVVXbWxiaVRLSm1EWmhHb3BVK3ZYYmFQN1hicENFVmxrM0hvR3JrWmZLMkNnK0x6bk5QdWV2WEZ4eE03OXhvaGd0RG5kUGNRL3F3bHRrSWVWMDJqR1YzcHZBN0VtWFd4VTZyY0JiN3drOTBvPXw&cppv=2
strict-transport-security: max-age=31536000; preload;
access-control-allow-methods: GET
content-type: text/html; charset=utf-8
access-control-allow-origin: https://says.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 2548
content-length: 482
expires: 0

GET
H3 200 gpt.js Show response
www.googletagservices.com/tag/js/ 79 KB
26 KB 94ms
47ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: says.com
URL: https://says.com/my

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

990396d6d5c529c2fa1e43dde960cba3a2464de39cddf210d7622e69e3cbee45

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://says.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 24 Jan 2022 16:42:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27064
x-xss-protection: 0
server: sffe
etag: "1111 / 669 of 1000 / last-modified: 1643025851"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Mon, 24 Jan 2022 16:42:18 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 233 KB
61 KB 147ms
63ms Script
application/javascript 2a00:1450:4001:82f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-5WNLRMX

Requested by

Host: says.com
URL: https://says.com/my

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

088d4e5ca0efcf8c54e8136b1089db8ccd6ffcadfcf69cc1a3332a97efcb01e0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://says.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 24 Jan 2022 16:42:18 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 61547
x-xss-protection: 0
last-modified: Mon, 24 Jan 2022 15:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 24 Jan 2022 16:42:18 GMT

GET
H2 200 beacon.js Show response
sb.scorecardresearch.com/ 1 KB
1 KB 27ms
9ms Script
application/javascript 13.225.80.38
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://sb.scorecardresearch.com/beacon.js
Requested by: Host: says.com
URL: https://says.com/my
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.80.38 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-80-38.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: a256529bd5b1b8846f8d2536ce7581fb6cea4479992f222d01535903dff48d79

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://says.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 24 Jan 2022 04:30:17 GMT
content-encoding: gzip
etag: W/"1827f116c73f319409b97f10b8a58ade"
last-modified: Fri, 26 Feb 2021 14:35:05 GMT
server: AmazonS3
age: 43946
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 03d509e8374e9f42668961b5e0201348.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C2
x-amz-cf-id: 1AaIeLxDqJM0w-OagqQ5S2CeOSgbqcEIr7ur9eie8v-rtaL1Cgp_Qw==

GET
H2 200 sto.js Show response
pcto.revmedia.my/2022/01/uemsunrise/ 8 KB
4 KB 216ms
197ms Script
text/javascript 2606:4700::6812:10e0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://pcto.revmedia.my/2022/01/uemsunrise/sto.js
Requested by: Host: says.com
URL: https://says.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:10e0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a607b7a1985061e3bec3971f602833915890f7b1bae9f946023a280252c2d878

Request headers

Referer: https://says.com/
Origin: https://says.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 24 Jan 2022 16:42:19 GMT
content-encoding: gzip
cf-cache-status: HIT
x-guploader-uploadid: ADPycdttwCVVrv9bD_7i0iBVRdp3CeFo1tuF5xVBQsGfT9epIKsZ0zMQ_qUzXEuW65_CjwFgjtcQaXdM1YeP81_1ehs
x-goog-storage-class: STANDARD
x-goog-custom-time: 1970-01-01T00:00:00Z
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
content-type: text/javascript
x-goog-meta-
last-modified: Mon, 24 Jan 2022 13:38:44 GMT
server: cloudflare
etag: W/"06dd762c6cd570b9306916f400bb97d6"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin, Accept-Encoding
x-goog-hash: crc32c=x0yGiA==, md5=Bt12LGzVcLkwaRb0ALuX1g==
x-goog-generation: 1643031524420173
access-control-allow-origin: https://says.com
access-control-expose-headers: Content-Length, Content-Type, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control: public, max-age=120
x-goog-stored-content-length: 8667
cf-ray: 6d2ab6dbc9365b50-FRA
expires: Mon, 24 Jan 2022 16:44:19 GMT

POST
H2 200 data Show response
bcp.crwdcntrl.net/6/ 549 B
1 KB 138ms
60ms XHR
application/json 52.17.84.146
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://bcp.crwdcntrl.net/6/data
Requested by: Host: tags.crwdcntrl.net
URL: https://tags.crwdcntrl.net/lt/c/11139/lt.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.17.84.146 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-17-84-146.eu-west-1.compute.amazonaws.com
Software: Jetty(9.4.38.v20210224) /
Resource Hash: c3c43acc11891cb5c1ff861c140ec0e55ee3f84b81fe6c4435c2506c4e348d23

Request headers

Referer: https://says.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Mon, 24 Jan 2022 16:42:18 GMT
server: Jetty(9.4.38.v20210224)
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin: https://says.com
cache-control: no-cache
x-server: 10.45.31.51
access-control-allow-credentials: true
content-type: application/json;charset=utf-8
content-length: 549
expires: 0

POST
H/1.1 200
OK v1 Show response
prg.smartadserver.com/prebid/ 171 B
572 B 153ms
92ms XHR
application/json 185.86.139.58
SMARTADSERVER

General

Check archive.org

Show headers Download Go to

Full URL: https://prg.smartadserver.com/prebid/v1
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/pwt/121793/1376/pwt.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.139.58 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: 966ae054fb01b6518dd949476622ad377803b83ff8f0bc5bfd6fecfb91930068

Request headers

Referer: https://says.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 24 Jan 2022 16:42:18 GMT
content-encoding: br
x-smrt-d: 6%3b5%3b78
vary: Accept-Encoding, Origin
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
access-control-allow-origin: https://says.com
cache-control: no-cache,no-store
transfer-encoding: chunked
access-control-allow-credentials: true
content-type: application/json; charset=UTF-8

POST
H/1.1 200
OK v1 Show response
prg.smartadserver.com/prebid/ 171 B
572 B 151ms
90ms XHR
application/json 185.86.139.58
SMARTADSERVER

General

Check archive.org

Show headers Download Go to

Full URL: https://prg.smartadserver.com/prebid/v1
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/pwt/121793/1376/pwt.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.139.58 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: 966ae054fb01b6518dd949476622ad377803b83ff8f0bc5bfd6fecfb91930068

Request headers

Referer: https://says.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 24 Jan 2022 16:42:18 GMT
content-encoding: br
x-smrt-d: 6%3b7%3b71
vary: Accept-Encoding, Origin
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
access-control-allow-origin: https://says.com
cache-control: no-cache,no-store
transfer-encoding: chunked
access-control-allow-credentials: true
content-type: application/json; charset=UTF-8

POST
H/1.1 200
OK v1 Show response
prg.smartadserver.com/prebid/ 171 B
573 B 275ms
214ms XHR
application/json 185.86.139.58
SMARTADSERVER

General

Check archive.org

Show headers Download Go to

Full URL: https://prg.smartadserver.com/prebid/v1
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/pwt/121793/1376/pwt.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.139.58 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: 966ae054fb01b6518dd949476622ad377803b83ff8f0bc5bfd6fecfb91930068

Request headers

Referer: https://says.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 24 Jan 2022 16:42:18 GMT
content-encoding: br
x-smrt-d: 6%3b17%3b98
vary: Accept-Encoding, Origin
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
access-control-allow-origin: https://says.com
cache-control: no-cache,no-store
transfer-encoding: chunked
access-control-allow-credentials: true
content-type: application/json; charset=UTF-8

POST
H/1.1 200
OK v1 Show response
prg.smartadserver.com/prebid/ 0
330 B 80ms
19ms XHR
application/json 185.86.139.58
SMARTADSERVER

General

Check archive.org

Show headers Download Go to

Full URL: https://prg.smartadserver.com/prebid/v1
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/pwt/121793/1376/pwt.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.139.58 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://says.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 24 Jan 2022 16:42:18 GMT
vary: Origin
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
access-control-allow-origin: https://says.com
cache-control: no-cache,no-store
access-control-allow-credentials: true
content-type: application/json; charset=UTF-8
content-length: 0

POST
H/1.1 200
OK v1 Show response
prg.smartadserver.com/prebid/ 0
330 B 77ms
17ms XHR
application/json 185.86.139.58
SMARTADSERVER

General

Check archive.org

Show headers Download Go to

Full URL: https://prg.smartadserver.com/prebid/v1
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/pwt/121793/1376/pwt.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.139.58 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://says.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 24 Jan 2022 16:42:18 GMT
vary: Origin
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
access-control-allow-origin: https://says.com
cache-control: no-cache,no-store
access-control-allow-credentials: true
content-type: application/json; charset=UTF-8
content-length: 0

POST translator
hbopenbid.pubmatic.com/ 0
0

GET
H2 200 cygnus Show response
htlb.casalemedia.com/ 37 B
328 B 114ms
87ms XHR
application/json 23.37.38.181
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://htlb.casalemedia.com/cygnus?s=503606&v=7.2&ac=j&sd=1&r=%7B%22id%22%3A%2218d15b4ddf8d256%22%2C%22site%22%3A%7B%22page%22%3A%22https%3A%2F%2Fsays.com%2Fmy%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%2C%22ixdiag%22%3A%7B%22mfu%22%3A0%2C%22bu%22%3A5%2C%22iu%22%3A0%2C%22nu%22%3A0%2C%22ou%22%3A0%2C%22allu%22%3A5%2C%22ren%22%3Afalse%2C%22version%22%3A%224.33.0%22%2C%22msd%22%3A0%2C%22msi%22%3A0%7D%7D%2C%22imp%22%3A%5B%7B%22id%22%3A%221995459aa7b0f81%22%2C%22ext%22%3A%7B%22siteID%22%3A%22503606%22%2C%22sid%22%3A%224%22%7D%2C%22banner%22%3A%7B%22w%22%3A970%2C%22h%22%3A250%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%22205809fc382e12d%22%2C%22ext%22%3A%7B%22siteID%22%3A%22503559%22%2C%22sid%22%3A%221%22%7D%2C%22banner%22%3A%7B%22w%22%3A728%2C%22h%22%3A90%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%22215bc5c12d1382%22%2C%22ext%22%3A%7B%22siteID%22%3A%22503607%22%2C%22sid%22%3A%225%22%7D%2C%22banner%22%3A%7B%22w%22%3A300%2C%22h%22%3A600%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%2222edfdb5dc63127%22%2C%22ext%22%3A%7B%22siteID%22%3A%22503604%22%2C%22sid%22%3A%222%22%7D%2C%22banner%22%3A%7B%22w%22%3A300%2C%22h%22%3A250%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%2223de6fa4d0af16%22%2C%22ext%22%3A%7B%22siteID%22%3A%22503605%22%2C%22sid%22%3A%223%22%7D%2C%22banner%22%3A%7B%22w%22%3A300%2C%22h%22%3A250%2C%22topframe%22%3A1%7D%7D%5D%7D
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/pwt/121793/1376/pwt.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.37.38.181 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-37-38-181.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: d941974b9c1117cb29c3035bed5bba80907594ed49cbe211f184421ac338543f

Request headers

Referer: https://says.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 24 Jan 2022 16:42:19 GMT
x-ak-initial-geo: CC:[DE], RC:[HE], CN:[EU], CIP:[185.213.155.165], XFF:[]
server: Apache
content-type: application/json
access-control-allow-origin: https://says.com
x-cs-client-geo: 12
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: true
content-length: 37
x-ak-client-geo: 12
expires: Mon, 24 Jan 2022 16:42:19 GMT

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 53 B
728 B 33ms
13ms XHR
application/json 37.252.172.250
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/pwt/121793/1376/pwt.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.172.250 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

538.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

a68a70f7be9281f3f7148b38d7f5971f1dc946d3034a40e55021d0fb6fb78d73

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://says.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Mon, 24 Jan 2022 16:42:18 GMT
X-Proxy-Origin: 185.213.155.165; 185.213.155.165; 538.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid: f0a61d8c-6f07-44ee-bd68-2574fcd0dc18
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://says.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 53
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 arj Show response
mediaprima-d.openx.net/w/1.0/ 72 B
373 B 68ms
24ms XHR
application/json 34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://mediaprima-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fsays.com%2Fmy&ch=UTF-8&res=1600x1200x24&ifr=false&tz=0&tws=1600x1200&be=1&bc=hb_pb_3.0.3&dddid=af119153-9e45-4667-80b5-0d276d9a2a4c%2C2075b709-f2fb-4d36-a9bb-2c7cf3dae59c%2C8815b368-fda2-43f2-a5eb-d04fee1d29e6%2Cddd767e4-747c-4b5b-ab0d-c88a7ed081d0%2Ca58cb97f-ea84-4c40-b00e-1df738179268&nocache=1643042538180&pubcid=06b3caf1-6510-46d8-8a12-1012d7042606&aus=970x250%7C728x90%7C300x600%7C300x250%7C300x250&divIds=div-gpt-ad-1550463351823-0%2Cdiv-gpt-ad-1495594311787-0%2Cdiv-gpt-ad-1552298128681-0%2Cdiv-gpt-ad-1503052042673-1%2Cdiv-gpt-ad-1552294211989-0&auid=543531595%2C543531583%2C543531598%2C543531587%2C543531591
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/pwt/121793/1376/pwt.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/17.1.0 /
Resource Hash: 4be1e7d75eca0f5a394ad34a4f48cf13fba40eee6cae64760a764a504214feb2

Request headers

Referer: https://says.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 24 Jan 2022 16:42:18 GMT
content-encoding: gzip
server: OXGW/17.1.0
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: https://says.com
cache-control: private, max-age=0, no-cache
access-control-allow-credentials: true
content-type: application/json
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 78
via: 1.1 google
expires: Mon, 26 Jul 1997 05:00:00 GMT

POST
H2 200 prebid Show response
prebid.media.net/rtb/ 330 B
481 B 58ms
23ms XHR
application/json 34.107.148.139
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.media.net/rtb/prebid?cid=8CUKXW7J4
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/pwt/121793/1376/pwt.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.107.148.139 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 139.148.107.34.bc.googleusercontent.com
Software: nginx /
Resource Hash: c76f51108d64e474940257352740f8862a631a50dc55ee6d4643568e81d3e932

Request headers

Referer: https://says.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 24 Jan 2022 16:42:18 GMT
content-encoding: gzip
server: nginx
content-type: application/json;charset=UTF-8
access-control-allow-origin: https://says.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
via: 1.1 google

OPTIONS
H2 200 sid
mug.criteo.com/ Frame 0
0 58ms
15ms Preflight
application/json 178.250.0.157
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.157 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Origin: null
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
content-type: application/json; charset=utf-8
expires: 0
access-control-allow-origin: null
access-control-allow-headers: content-type
access-control-allow-credentials: true
access-control-allow-methods: GET
server-processing-duration-in-ticks: 1272
date: Mon, 24 Jan 2022 16:42:18 GMT
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding

GET
H2

204

b2
sb.scorecardresearch.com/
Redirect Chain

https://sb.scorecardresearch.com/b?c1=2&c2=6034955&ns__t=1643042538192&ns_c=UTF-8&cv=3.5&c8=SAYS%20-%20Creating%20content%20for%20Malaysia%E2%80%99s%20social%20media%20generation&c7=https%3A%2F%2Fs...
https://sb.scorecardresearch.com/b2?c1=2&c2=6034955&ns__t=1643042538192&ns_c=UTF-8&cv=3.5&c8=SAYS%20-%20Creating%20content%20for%20Malaysia%E2%80%99s%20social%20media%20generation&c7=https%3A%2F%2F...

0
223 B

9ms
8ms

Image
text/plain

13.225.80.38
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sb.scorecardresearch.com/b2?c1=2&c2=6034955&ns__t=1643042538192&ns_c=UTF-8&cv=3.5&c8=SAYS%20-%20Creating%20content%20for%20Malaysia%E2%80%99s%20social%20media%20generation&c7=https%3A%2F%2Fsays.com%2Fmy&c9=
Protocol: H2
Server: 13.225.80.38 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-80-38.fra2.r.cloudfront.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://says.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 24 Jan 2022 16:42:18 GMT
via: 1.1 03d509e8374e9f42668961b5e0201348.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C2
etag: W/"0-2jmj7l5rSw0yVb/vlWAYkK/YBwk"
x-amz-cf-id: 2-kxH_RyVFj4SiCFQI4cfM7YZRNR62_r2uMK2sg4p-foSKjN7jTsUQ==
x-cache: Miss from cloudfront

Redirect headers

date: Mon, 24 Jan 2022 16:42:18 GMT
via: 1.1 03d509e8374e9f42668961b5e0201348.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C2
vary: Accept
x-cache: Miss from cloudfront
content-type: text/plain; charset=utf-8
location: https://sb.scorecardresearch.com/b2?c1=2&c2=6034955&ns__t=1643042538192&ns_c=UTF-8&cv=3.5&c8=SAYS%20-%20Creating%20content%20for%20Malaysia%E2%80%99s%20social%20media%20generation&c7=https%3A%2F%2Fsays.com%2Fmy&c9=
content-length: 236
x-amz-cf-id: p9snvj3rJrPZkVlykA14blvNUPfC_yF6R8PIT_xtae-lyS5vNjVrBw==

GET
H2 200 lt.iframe.html Show response
tags.crwdcntrl.net/lt/shared/2/ Frame ECFF 2 KB
1 KB 9ms
9ms Document
text/html 13.225.80.107
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.crwdcntrl.net/lt/shared/2/lt.iframe.html?c=11139
Requested by: Host: tags.crwdcntrl.net
URL: https://tags.crwdcntrl.net/lt/c/11139/lt.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.80.107 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-80-107.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 63cf7a38baaaaebc012cfc355797544949b60c040b5da57560f26d88502d1372

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://says.com/

Response headers

content-type: text/html
last-modified: Mon, 01 Feb 2021 20:35:17 GMT
x-amz-server-side-encryption: AES256
server: AmazonS3
content-encoding: gzip
date: Mon, 24 Jan 2022 09:32:50 GMT
cache-control: max-age: 86400
etag: W/"6fcf4f5197ab24c92d090f6ac8d87e01"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 56fad5a50ef67bd961b9722ed0931838.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C2
x-amz-cf-id: xTce4Wrhmz_qrHMXmnzV5rNLqS5lDXf1IMbKq61u0csGPl3262YoYw==
age: 25769

GET
H2 200 pixels Show response
bcp.crwdcntrl.net/ Frame 7613 1 KB
2 KB 30ms
30ms Document
text/html 52.17.84.146
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://bcp.crwdcntrl.net/pixels?s=22%2C61%2C14%2C12&b=797747%2C1769168&c=11139
Requested by: Host: tags.crwdcntrl.net
URL: https://tags.crwdcntrl.net/lt/shared/2/lt.iframe.html?c=11139
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.17.84.146 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-17-84-146.eu-west-1.compute.amazonaws.com
Software: Jetty(9.4.38.v20210224) /
Resource Hash: c2e746a72d136c3a8a932d007b975a53c9876c8a1aef248ab00d90c3cecdc313

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://tags.crwdcntrl.net/

Response headers

date: Mon, 24 Jan 2022 16:42:19 GMT
content-type: text/html
content-length: 1364
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
cache-control: no-cache
pragma: no-cache
expires: 0
x-server: 10.45.14.177
server: Jetty(9.4.38.v20210224)

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 282ms
39ms Script
text/javascript 2a00:1450:4001:830::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5WNLRMX

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://says.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 02 Nov 2021 17:39:06 GMT
server: Golfe2
age: 2247
date: Mon, 24 Jan 2022 16:04:52 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Mon, 24 Jan 2022 18:04:52 GMT

GET
H2 200 conversion_async.js Show response
www.googleadservices.com/pagead/ 38 KB
15 KB 301ms
59ms Script
text/javascript 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion_async.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5WNLRMX

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

0ce5d039d3e58fc10808f0695156d2bd99daae7791d26cc5dfc569154b5e0b22

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://says.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 24 Jan 2022 16:42:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14846
x-xss-protection: 0
server: cafe
etag: 1633785920527017951
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Mon, 24 Jan 2022 16:42:19 GMT

GET
H2 200 chartbeat_mab_image.js Show response
static.chartbeat.com/js/ 22 KB
9 KB 237ms
6ms Script
application/x-javascript 2600:9000:20eb:4000:18:1fcd:34f:cdc1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.chartbeat.com/js/chartbeat_mab_image.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5WNLRMX
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20eb:4000:18:1fcd:34f:cdc1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: bdbb3b88367e0dc7f2af34b3bb701fe2523c8653a48cdfd8aaf67c2d1e18b76d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://says.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 24 Jan 2022 15:30:48 GMT
content-encoding: gzip
last-modified: Thu, 21 Jan 2021 20:17:30 GMT
server: nginx
age: 4291
etag: W/"6009e15a-5976"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/x-javascript
via: 1.1 cdcb559c2f25d8ad2ccf0419bee33b02.cloudfront.net (CloudFront)
cache-control: max-age=7200
cross-origin-resource-policy: cross-origin
x-amz-cf-pop: FRA2-C1
x-amz-cf-id: CFTjACxhM_v3UsViXWKkmZe5vRecYHvZbmOrS-BPdmV6NORmqG-MmQ==
expires: Mon, 24 Jan 2022 17:30:48 GMT

GET
H2 200 ins.js Show response
says.api.useinsider.com/ 366 KB
94 KB 86ms
62ms Script
application/javascript 2606:4700::6811:aa72
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://says.api.useinsider.com/ins.js?id=10002153
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5WNLRMX
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:aa72 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cfbe822c4b2e285594709c5acb35cc7f9a4980a3023f1065f9ef6add9d2dd455

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://says.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 24 Jan 2022 16:42:19 GMT
content-encoding: br
cf-cache-status: HIT
age: 484
x-amz-request-id: 4FF7E33AY6YR2HM9
x-amz-id-2: W6EBcJX3IPj2ELS/fx3Jp1JVxEYrvSRHEgBt20nKovdwpTgsIWJ6XBozJJjZaOcGMDhBuWvG3EI=
last-modified: Fri, 21 Jan 2022 11:53:06 GMT
server: cloudflare
etag: W/"125a8cf74a5d205d41a0c0c02ae3fa20"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=300
x-amz-version-id: .yQY7Z1uPKgRNfDTsb9k7MdTIUlUN3DY
cf-ray: 6d2ab6dd6d3242ee-FRA
expires: Mon, 24 Jan 2022 16:47:19 GMT

GET
H2 200 beacon.js Show response
sb.scorecardresearch.com/ 1 KB
1 KB 8ms
8ms Script
application/javascript 13.225.80.38
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://sb.scorecardresearch.com/beacon.js
Requested by: Host: says.com
URL: https://says.com/my
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.80.38 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-80-38.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: a256529bd5b1b8846f8d2536ce7581fb6cea4479992f222d01535903dff48d79

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://says.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 24 Jan 2022 04:30:17 GMT
content-encoding: gzip
etag: W/"1827f116c73f319409b97f10b8a58ade"
last-modified: Fri, 26 Feb 2021 14:35:05 GMT
server: AmazonS3
age: 43947
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 03d509e8374e9f42668961b5e0201348.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C2
x-amz-cf-id: fNnHbHffa-HVlQc5NLHnrVLanj-xC7cBShLWYO6fSFo1pWCbRSW1xw==

GET
H2 200 uwt.js Show response
static.ads-twitter.com/ 14 KB
6 KB 36ms
6ms Script
application/javascript 151.101.12.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/uwt.js
Requested by: Host: says.com
URL: https://says.com/my
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.12.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 4da3e3aa30b5b06390d7e7e3fcfb16d648909eb429d161c2748bd6d79a7ec5fb

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://says.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 24 Jan 2022 16:42:19 GMT
content-encoding: gzip
last-modified: Mon, 20 Sep 2021 23:58:10 GMT
etag: "8dc11b7ca1d5ed9ec3b1ab1beb621c75+gzip+gzip"
vary: Accept-Encoding,Host
x-tw-cdn: FT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
cache-control: no-cache
x-cache: HIT, HIT
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
content-length: 5410
x-served-by: cache-iad-kcgs7200034-IAD, cache-fra19125-FRA

GET
H/1.1 404
Not Found pcto.js
c16d-35-240-187-111.ngrok.io/ 0
0 341ms
106ms Script
text/plain 2600:1f16:d83:1202::6e:5
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c16d-35-240-187-111.ngrok.io/pcto.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5WNLRMX
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2600:1f16:d83:1202::6e:5 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://says.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Mon, 24 Jan 2022 16:42:19 GMT
Connection: close
Content-Length: 65
Content-Type: text/plain

GET
H2 200 9zgdxuyjho Show response
www.clarity.ms/tag/ 570 B
951 B 408ms
172ms Script
application/x-javascript 2620:1ec:27::cafe:1668
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.clarity.ms/tag/9zgdxuyjho
Requested by: Host: says.com
URL: https://says.com/my
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:27::cafe:1668 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: / ASP.NET
Resource Hash: 43ab3e06d749fb095cd10d584d9b52136a50932cf4a9399ca427d5e14b22997a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://says.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 24 Jan 2022 16:42:18 GMT
x-powered-by: ASP.NET
x-azure-ref: 069buYQAAAADYsLKb7JHaTYIgnbvUle8eTUFEMzBFREdFMDYwNwA2Y2ZiZWVlMC01MDI3LTQ4NGItODk2Ny00YTI5YWY3N2YxZTE=
x-cache: CONFIG_NOCACHE
content-type: application/x-javascript
cache-control: no-cache, no-store
request-context: appId=cid-v1:7f62cbe7-9d8b-4a41-a628-fbaa3aa5c695
content-length: 570
expires: -1

GET
H2 200 heartbeat.min.js Show response
heartbeat.mediaprimaplus.com.my/ 110 KB
38 KB 260ms
25ms Script
application/javascript 2606:4700::6812:1c1b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://heartbeat.mediaprimaplus.com.my/heartbeat.min.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5WNLRMX
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1c1b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0811644ab2a291bdf22175453d30c3ce848579a18d043fa7d2e386beb5147024

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://says.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 24 Jan 2022 16:42:19 GMT
content-encoding: gzip
cf-cache-status: HIT
age: 57
x-guploader-uploadid: ADPycds1R8YNqas2Zd8PcpQa6DLSoRuOilEFjZrbKOdTB9CAMJKQ2wg-YLi_7u5c9m-c9sgRwv9-XDTPrsIYjMpjCgg
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-type: application/javascript
last-modified: Fri, 07 Jan 2022 02:59:15 GMT
server: cloudflare
etag: W/"497a1933fba5348998ab329e6fae52a7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-goog-hash: crc32c=UqfSLQ==, md5=SXoZM/ulNImYqzKeb65Spw==
x-goog-generation: 1641524355354943
cache-control: public, max-age=3600
x-goog-stored-content-length: 112820
cf-ray: 6d2ab6deba475bf5-FRA
expires: Mon, 24 Jan 2022 17:42:19 GMT

GET
H2 200 tr
www.facebook.com/ Frame 7613 44 B
295 B 24ms
8ms Image
image/gif 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr?id=169284420317900&ev=LotameAudienceID_830320&noscript=1

Requested by

Host: bcp.crwdcntrl.net
URL: https://bcp.crwdcntrl.net/pixels?s=22%2C61%2C14%2C12&b=797747%2C1769168&c=11139

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://bcp.crwdcntrl.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 24 Jan 2022 16:42:19 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 44
expires: Mon, 24 Jan 2022 16:42:19 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 7613
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=lotame_dmp&google_hm=${base64_profileid}
https://cm.g.doubleclick.net/pixel?google_nid=lotame_dmp&google_hm=${base64_profileid}&google_tc=

170 B
188 B

100ms
56ms

Image
image/png

142.250.74.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=lotame_dmp&google_hm=${base64_profileid}&google_tc=

Requested by

Host: bcp.crwdcntrl.net
URL: https://bcp.crwdcntrl.net/pixels?s=22%2C61%2C14%2C12&b=797747%2C1769168&c=11139

Protocol

Server

142.250.74.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s02-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://bcp.crwdcntrl.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 24 Jan 2022 16:42:19 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 24 Jan 2022 16:42:19 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://cm.g.doubleclick.net/pixel?google_nid=lotame_dmp&google_hm=${base64_profileid}&google_tc=
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 302
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK utsync.ashx
ml314.com/ Frame 7613 43 B
422 B 289ms
38ms Image
image/gif 34.247.104.176
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ml314.com/utsync.ashx?eid=50146&et=0&fp=b0fb43794677895a609165bbe63a8f05&gdpr=1
Requested by: Host: bcp.crwdcntrl.net
URL: https://bcp.crwdcntrl.net/pixels?s=22%2C61%2C14%2C12&b=797747%2C1769168&c=11139
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.247.104.176 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-247-104-176.eu-west-1.compute.amazonaws.com
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://bcp.crwdcntrl.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 24 Jan 2022 16:42:18 GMT
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
p3P: CP="NON DSP COR ADMo PSAo DEVo BUS COM UNI NAV DEM STA"
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: 0,Tue, 25 Jan 2022 11:42:19 GMT

GET
H2 200 382416.gif
idsync.rlcdn.com/ Frame 7613 42 B
417 B 64ms
22ms Image
image/gif 35.244.174.68
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://idsync.rlcdn.com/382416.gif?partner_uid=b0fb43794677895a609165bbe63a8f05&gdpr=1
Requested by: Host: bcp.crwdcntrl.net
URL: https://bcp.crwdcntrl.net/pixels?s=22%2C61%2C14%2C12&b=797747%2C1769168&c=11139
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.174.68 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 68.174.244.35.bc.googleusercontent.com
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://bcp.crwdcntrl.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 24 Jan 2022 16:42:19 GMT
via: 1.1 google
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
cache-control: no-cache, no-store
content-type: image/gif
alt-svc: clear
content-length: 42

GET
H/1.1 200
OK 5907
tags.bluekai.com/site/ Frame 7613 62 B
304 B 186ms
145ms Image
image/gif 104.111.215.191
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tags.bluekai.com/site/5907?limit=0&id=f9852cbd9c20a32996651e8e6cfd1515
Requested by: Host: bcp.crwdcntrl.net
URL: https://bcp.crwdcntrl.net/pixels?s=22%2C61%2C14%2C12&b=797747%2C1769168&c=11139
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.111.215.191 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-215-191.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 0af3aae90b7de9fdceee2ab421378ea2f54c74be81ef43fc6c1790a032755d80

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://bcp.crwdcntrl.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Mon, 24 Jan 2022 16:42:19 GMT
Connection: keep-alive
P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
Content-Length: 62
Content-Type: image/gif

GET
H2 200 Draggable.js Show response
cdn.skypack.dev/pin/gsap@v3.7.1-oqmeGbnx72naX9MRGwFV/mode=imports,min/unoptimized/ 465 B
574 B 342ms
121ms Script
application/javascript 2606:4700:20::681a:d52
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.skypack.dev/pin/gsap@v3.7.1-oqmeGbnx72naX9MRGwFV/mode=imports,min/unoptimized/Draggable.js
Requested by: Host: says.com
URL: https://says.com/my
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:d52 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 256de1accbccc4ffee65cf0ae6ddda99d1a056e669ddb390c959b942df9a5358

Request headers

Referer: https://pcto.revmedia.my/
Origin: https://says.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 24 Jan 2022 16:42:19 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Il%2FnyODYQZZQRJCq6kVce2lk2OctOAZm3aRKuFKVF8LsFefjeZ49APkveJkgJcsqNzlPO0NZtGMRJdHP106CP8KhX5rwHwljMcZXishNW21YgH3gcbpkQiSJAaqoQ27LIVtxnfbpqAuTppGZ%2Fg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=31536000
x-import-url: /-/gsap@v3.7.1-oqmeGbnx72naX9MRGwFV/dist=es2020,mode=imports,min/unoptimized/Draggable.js
cf-ray: 6d2ab6deacb17443-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 gsap.js Show response
cdn.skypack.dev/pin/gsap@v3.7.1-oqmeGbnx72naX9MRGwFV/mode=imports,min/optimized/ 305 B
804 B 327ms
106ms Script
application/javascript 2606:4700:20::681a:d52
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.skypack.dev/pin/gsap@v3.7.1-oqmeGbnx72naX9MRGwFV/mode=imports,min/optimized/gsap.js
Requested by: Host: says.com
URL: https://says.com/my
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:d52 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9b9233c0c01ce219c102432f8da76d92d40bee603d575e238540da05da0ad17c

Request headers

Referer: https://pcto.revmedia.my/
Origin: https://says.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 24 Jan 2022 16:42:19 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ia%2BpfCn1N7PdvmK6a7BfUv%2BO03bbkfXtyaBzWT3AFlMu0KNOD22nEKIbF52YvmWWS0uzp8cHw%2FHoM7hPnHGFKVikMGFyXOvfCTkcYDwPBskmwO%2FBimOhQkY3G7lDJ6BnsTVFazhRIU15M2tC2Q%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=31536000
x-import-url: /-/gsap@v3.7.1-oqmeGbnx72naX9MRGwFV/dist=es2020,mode=imports,min/optimized/gsap.js
cf-ray: 6d2ab6deacb77443-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 fbevents.js Show response
connect.facebook.net/en_US/ Frame 7613 99 KB
26 KB 8ms
8ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: bcp.crwdcntrl.net
URL: https://bcp.crwdcntrl.net/pixels?s=22%2C61%2C14%2C12&b=797747%2C1769168&c=11139

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

16c13044cedc5c7482ad7db51913c164ffabc787ec5b6b0246acfec84cd6d01b

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://bcp.crwdcntrl.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length: 26187
x-xss-protection: 0
pragma: public
x-fb-debug: avkGFr1iLvKqE8U7XnjMApdAw2wcvoI+yix8+HwUZE49ihmYhw5J4nYQ0pW4LDaHw5wnduV6AVW/rBHyJXGjzg==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Mon, 24 Jan 2022 16:42:19 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 204 b
sb.scorecardresearch.com/ 0
334 B 12ms
12ms Image
text/plain 13.225.80.38
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sb.scorecardresearch.com/b?c1=2&c2=6034955&comscorekw=fbia&ns__t=1643042538365&ns_c=UTF-8&cv=3.5&c8=SAYS%20-%20Creating%20content%20for%20Malaysia%E2%80%99s%20social%20media%20generation&c7=https%3A%2F%2Fsays.com%2Fmy&c9=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.80.38 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-80-38.fra2.r.cloudfront.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://says.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 24 Jan 2022 16:42:19 GMT
via: 1.1 03d509e8374e9f42668961b5e0201348.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C2
etag: W/"0-2jmj7l5rSw0yVb/vlWAYkK/YBwk"
x-amz-cf-id: tVMJaaDuUwON-dTIW1zymw3nco91rK8QZXFYE8czs0vTEuI78W25cw==
x-cache: Miss from cloudfront

GET
H3 200 1394602727253794 Show response
connect.facebook.net/signals/config/ Frame 7613 305 KB
87 KB 10ms
8ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/1394602727253794?v=2.9.49&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

dd09255aab872d3845483358d5821bc15905f8a299f557be77da911a44dc955e

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://bcp.crwdcntrl.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding: gzip
x-content-type-options: nosniff
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length: 88862
x-xss-protection: 0
pragma: public
x-fb-debug: WBoSyr37tMen1w81/S5LXsfK7osKwbb0icE/WelUIAYaHCxz5QjzcHCHgDzgFib8AII4DOX3kk8vkG9EFDdQZg==
x-frame-options: DENY
date: Mon, 24 Jan 2022 16:42:19 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 adsct Show response
analytics.twitter.com/i/ 31 B
459 B 307ms
123ms Script
application/javascript 104.244.42.195
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://analytics.twitter.com/i/adsct?type=javascript&version=2.0.4&p_id=Twitter&p_user_id=0&txn_id=o1blg&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&event_id=f222b990-bcc3-40b8-8641-6b651ad33962&tw_document_href=https%3A%2F%2Fsays.com%2Fmy&tpx_cb=twttr.conversion.loadPixels

Requested by

Host: static.ads-twitter.com
URL: https://static.ads-twitter.com/uwt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.195 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://says.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-response-time: 116
date: Mon, 24 Jan 2022 16:42:19 GMT
content-encoding: gzip
server: tsa_o
strict-transport-security: max-age=631138519
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
cache-control: no-cache, no-store, max-age=0
x-connection-hash: 62e7f61c4492699e1ab6fa2f0e4cb9ff24fd599b98db193c5e530827b0f446e7
content-type: application/javascript;charset=utf-8
content-length: 57

GET
H2 200 adsct
t.co/i/ 43 B
336 B 302ms
117ms Image
image/gif 104.244.42.69
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?type=javascript&version=2.0.4&p_id=Twitter&p_user_id=0&txn_id=o1blg&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&event_id=f222b990-bcc3-40b8-8641-6b651ad33962&tw_document_href=https%3A%2F%2Fsays.com%2Fmy

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.69 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://says.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-response-time: 110
date: Mon, 24 Jan 2022 16:42:18 GMT
server: tsa_o
strict-transport-security: max-age=0
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, max-age=0
x-connection-hash: cae8481ba06b8fc41e8e01b26cd612e110e7b8d66d5f387db265821ceecd121c
content-length: 43

GET
H3 200 /
www.facebook.com/tr/ Frame 7613 44 B
91 B 18ms
7ms Image
image/gif 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1394602727253794&ev=PageView&dl=https%3A%2F%2Fbcp.crwdcntrl.net%2Fpixels%3Fs%3D22%252C61%252C14%252C12%26b%3D797747%252C1769168%26c%3D11139&rl=https%3A%2F%2Ftags.crwdcntrl.net%2F&if=true&ts=1643042538579&sw=1600&sh=1200&v=2.9.49&r=stable&ec=0&o=30&it=1643042538384&coo=false&rqm=GET

Requested by

Host: bcp.crwdcntrl.net
URL: https://bcp.crwdcntrl.net/pixels?s=22%2C61%2C14%2C12&b=797747%2C1769168&c=11139

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://bcp.crwdcntrl.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 24 Jan 2022 16:42:19 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
content-length: 44
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
priority: u=3,i
expires: Mon, 24 Jan 2022 16:42:19 GMT

POST
H2 200 publisher:getClientId Show response
ampcid.google.com/v1/ 74 B
527 B 147ms
47ms XHR
application/json 2a00:1450:4001:82a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ampcid.google.com/v1/publisher:getClientId?key=AIzaSyA65lEHUEizIsNtlbNo-l2K18dT680nsaM

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

991bfe84fec788f2b7d432b99a60c1e2aa2e799bc0137da8cf478299d0fc9a10

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://says.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 24 Jan 2022 16:42:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
server: ESF
x-frame-options: SAMEORIGIN
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://says.com
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
cache-control: private
access-control-allow-credentials: true
vary: Origin, X-Origin, Referer
content-length: 94
x-xss-protection: 0

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/830366072/ 2 KB
2 KB 58ms
57ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/830366072/?random=1643042538664&cv=9&fst=1643042538664&num=1&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wg1j0&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fsays.com%2Fmy&tiba=SAYS%20-%20Creating%20content%20for%20Malaysia%E2%80%99s%20social%20media%20generation&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d1a57b8e2d47852f0cb286076ffe369a17342aac92673330561b20a7c773cdbc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://says.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 24 Jan 2022 16:42:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1041
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 gsap.js Show response
cdn.skypack.dev/-/gsap@v3.7.1-oqmeGbnx72naX9MRGwFV/dist=es2020,mode=imports,min/optimized/ 60 KB
25 KB 88ms
54ms Script
application/javascript 2606:4700:20::681a:d52
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.skypack.dev/-/gsap@v3.7.1-oqmeGbnx72naX9MRGwFV/dist=es2020,mode=imports,min/optimized/gsap.js

Requested by

Host: says.com
URL: https://says.com/my

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:d52 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b947a3efe23b4827fa6e4f7c6c0364baa2f66d27d0eb8074d5ab36380876e952

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://cdn.skypack.dev/pin/gsap@v3.7.1-oqmeGbnx72naX9MRGwFV/mode=imports,min/optimized/gsap.js
Origin: https://says.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 24 Jan 2022 16:42:19 GMT
content-encoding: br
etag: W/"f114-9BlmNMloJV8XaPp0tvFxaV9bubg"
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 36504
strict-transport-security: max-age=63072000
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
server: cloudflare
x-vercel-id: lhr1::sfo1::827b5-1643006034686-1b6c0ea0f344
x-vercel-cache: MISS
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2y%2FQkkut%2Ba4kGdQpcrD8y2f2QJ%2BNrQfZ5XT2SwtyTsVTwH4MYOb7ZCNak439pukC8RBgDzE9qmpWy0EbrpJIuNyjCmGUl4ON5aUCcE89FP26M0O8aoIfpGBHvIQv2DNobDBqAjoUp71%2FM89cUQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: Content-Length, X-Imports
cache-control: public, max-age=31536000, immutable
cf-ray: 6d2ab6df9a9575db-LHR

GET
H3 200 Draggable.js Show response
cdn.skypack.dev/-/gsap@v3.7.1-oqmeGbnx72naX9MRGwFV/dist=es2020,mode=imports,min/unoptimized/ 29 KB
12 KB 58ms
38ms Script
application/javascript 2606:4700:20::681a:d52
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.skypack.dev/-/gsap@v3.7.1-oqmeGbnx72naX9MRGwFV/dist=es2020,mode=imports,min/unoptimized/Draggable.js

Requested by

Host: says.com
URL: https://says.com/my

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:d52 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ddf85037fd1f04c4684ed0357cf80a71a3c4aa19049bfccdaec678b4b18dc8e2

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://cdn.skypack.dev/pin/gsap@v3.7.1-oqmeGbnx72naX9MRGwFV/mode=imports,min/unoptimized/Draggable.js
Origin: https://says.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 24 Jan 2022 16:42:19 GMT
content-encoding: br
etag: W/"7553-dYWEgV2hNUKDhK4RO4C1kpAmsIU"
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 36504
strict-transport-security: max-age=63072000
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
server: cloudflare
x-imports: ../unoptimized/utils/matrix.js
x-vercel-id: lhr1::sfo1::m5x9g-1643006034664-953f33bcfd62
x-vercel-cache: MISS
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cGbmM0r0hy35%2BQyAS60CVeRxMZBPLk4LLZJx19FxC56FawzPkv%2B6bCNR4XiNtw%2Bq%2F3ml0eeucAAUPd7lxIpnscaVDcbUL1b921SNwiWmIKqYgs0pj40INO5RvYbag8GsXTcBwS%2BADTOH9E%2FK9A%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: Content-Length, X-Imports
cache-control: public, max-age=31536000, immutable
cf-ray: 6d2ab6df9a9975db-LHR

GET
H3 200 matrix.js Show response
cdn.skypack.dev/-/gsap@v3.7.1-oqmeGbnx72naX9MRGwFV/dist=es2020,mode=imports,min/unoptimized/utils/ 5 KB
3 KB 56ms
36ms Script
application/javascript 2606:4700:20::681a:d52
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.skypack.dev/-/gsap@v3.7.1-oqmeGbnx72naX9MRGwFV/dist=es2020,mode=imports,min/unoptimized/utils/matrix.js

Requested by

Host: says.com
URL: https://says.com/my

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:d52 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dcc156f774f770c9969f60f278f977ce3a561b5927bf0acb682f4834e1729c3c

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://cdn.skypack.dev/pin/gsap@v3.7.1-oqmeGbnx72naX9MRGwFV/mode=imports,min/unoptimized/Draggable.js
Origin: https://says.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 24 Jan 2022 16:42:19 GMT
content-encoding: br
etag: W/"1376-T/OrTzcg3vkKhdJZmnBcCh1Vf3g"
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 36505
strict-transport-security: max-age=63072000
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
server: cloudflare
x-vercel-id: lhr1::sfo1::bkt9r-1643006034947-43f9532f03b8
x-vercel-cache: HIT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3bmQhcoMwmaYa4uhNL7xFxpH3rRkJRMtR6ysxyeHxhYFdSANQXL0KIe3zJgB81a6tR2iQDsKvt%2FAiDLBuRjCHaINSssZ9vkN1WVj9a0GQaX7ycQyvk4O8THBTfc4O1FxhLTtL4aJ1HYxjRbOXQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: Content-Length, X-Imports
cache-control: public, max-age=31536000, immutable
cf-ray: 6d2ab6df9a9375db-LHR

GET
H2 200 /
www.google.com/pagead/1p-user-list/830366072/ 42 B
548 B 137ms
56ms Image
image/gif 2a00:1450:4001:82f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/830366072/?random=1643042538664&cv=9&fst=1643040000000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wg1j0&sendb=1&frm=0&url=https%3A%2F%2Fsays.com%2Fmy&tiba=SAYS%20-%20Creating%20content%20for%20Malaysia%E2%80%99s%20social%20media%20generation&async=1&fmt=3&is_vtc=1&random=3007398047&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://says.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 24 Jan 2022 16:42:19 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/830366072/ 42 B
548 B 135ms
50ms Image
image/gif 2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/830366072/?random=1643042538664&cv=9&fst=1643040000000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wg1j0&sendb=1&frm=0&url=https%3A%2F%2Fsays.com%2Fmy&tiba=SAYS%20-%20Creating%20content%20for%20Malaysia%E2%80%99s%20social%20media%20generation&async=1&fmt=3&is_vtc=1&random=3007398047&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://says.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 24 Jan 2022 16:42:19 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 clarity.js Show response
g.clarity.ms/s/0.6.31/ 52 KB
23 KB 578ms
296ms Script
application/javascript 52.182.214.99
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://g.clarity.ms/s/0.6.31/clarity.js
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/tag/9zgdxuyjho
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.182.214.99 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: b2d2f11eb78159e31bce4355ffd5e696717de4270a77ba1d2038e066462008ad

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://says.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 24 Jan 2022 16:42:19 GMT
content-encoding: br
etag: "1d80efbbe51fb00"
last-modified: Fri, 21 Jan 2022 19:19:00 GMT
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
cache-control: public,max-age=86400
accept-ranges: bytes
content-length: 22925
request-context: appId=cid-v1:7f62cbe7-9d8b-4a41-a628-fbaa3aa5c695

GET
H2

200

c.gif
c.clarity.ms/
Redirect Chain

https://c.clarity.ms/c.gif
https://c.bing.com/c.gif?CtsSyncId=F9ECD03AE3E64BC2AD30E89812B76A4D&RedC=c.clarity.ms&MXFR=27D9A148B9DF6E7404F2B07EBDDF607E
https://c.clarity.ms/c.gif?CtsSyncId=F9ECD03AE3E64BC2AD30E89812B76A4D&MUID=277CE7B91C6D6FE41347F68F1D066EA6

42 B
367 B

27ms
27ms

Image
image/gif

52.142.114.2
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.clarity.ms/c.gif?CtsSyncId=F9ECD03AE3E64BC2AD30E89812B76A4D&MUID=277CE7B91C6D6FE41347F68F1D066EA6
Protocol: H2
Server: 52.142.114.2 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://says.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 24 Jan 2022 16:42:19 GMT
last-modified: Wed, 12 Jan 2022 02:05:35 GMT
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
etag: "9ea1ae3587d81:0"
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control: private, no-cache, proxy-revalidate, no-store
accept-ranges: bytes
content-type: image/gif
content-length: 42

Redirect headers

pragma: no-cache
date: Mon, 24 Jan 2022 16:42:18 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: C48A11F2A4194D17ACBA0B7CA5A0C17D Ref B: FRAEDGE1507 Ref C: 2022-01-24T16:42:19Z
x-powered-by: ASP.NET
x-cache: CONFIG_NOCACHE
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
location: https://c.clarity.ms/c.gif?CtsSyncId=F9ECD03AE3E64BC2AD30E89812B76A4D&MUID=277CE7B91C6D6FE41347F68F1D066EA6
cache-control: private, no-cache, proxy-revalidate, no-store
content-length: 0

GET
H2 404 says-logo-white.svg
says.com/assets/ 2 KB
2 KB 30ms
30ms Image
text/html 2606:4700::6812:13ee
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://says.com/assets/says-logo-white.svg
Requested by: Host: says.com
URL: https://says.com/assets/application-d85f64a95b459d98354f0b827a69c81136ab35fc199c28df6201ed23083723e7.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:13ee , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Phusion Passenger 6.0.4
Resource Hash: 49743b54303390327d080f2aa2d525b5e6cb381307e10e2d77a2a049018c9960

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://says.com/assets/application-d85f64a95b459d98354f0b827a69c81136ab35fc199c28df6201ed23083723e7.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

cf-ray: 6d2ab6e009fb5b9e-FRA
x-runtime: 0.002511
date: Mon, 24 Jan 2022 16:42:19 GMT
via: 1.1 google
cf-cache-status: HIT
server: cloudflare
age: 8425
x-powered-by: Phusion Passenger 6.0.4
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/html; charset=UTF-8
status: 404 Not Found
cache-control: max-age=60
content-encoding: br
x-request-id: 0d94c4f8-ff32-47c0-b04e-e36ca4357746

GET
H2 200 uemsunrise_logo_v2.png
pcto.revmedia.my/2022/01/uemsunrise/assets/ 2 KB
2 KB 190ms
189ms Image
image/png 2606:4700::6812:10e0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pcto.revmedia.my/2022/01/uemsunrise/assets/uemsunrise_logo_v2.png
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:10e0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aa05a288f4d49a839edb7c58c6bf4d3cfe514c4f13f640e8a4fb967207dd476a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://says.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 24 Jan 2022 16:42:19 GMT
cf-cache-status: HIT
x-guploader-uploadid: ADPycdvUJGzaOxKC5gVHvidACui86-NL-mBJ2FB3q7Hl2HyaCqctltLs2rS80944vzVn5H2hvwdih8KSy1TFHgAtUVo
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-type: image/png
content-length: 2038
last-modified: Mon, 24 Jan 2022 11:36:11 GMT
server: cloudflare
etag: "2b109bd5f2bf4b71c83f3e8acd501f58"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin, Accept-Encoding
x-goog-hash: crc32c=WshGNQ==, md5=KxCb1fK/S3HIPz6KzVAfWA==
x-goog-generation: 1643024171135732
cache-control: public, max-age=3600
x-goog-stored-content-length: 2038
accept-ranges: bytes
cf-ray: 6d2ab6e01e165c1a-FRA
expires: Mon, 24 Jan 2022 17:42:19 GMT

GET
H2 404 says-logo-blue.svg
pcto.revmedia.my/2022/01/uemsunrise/assets/ 0
0 217ms
217ms Image
application/xml 2606:4700::6812:10e0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pcto.revmedia.my/2022/01/uemsunrise/assets/says-logo-blue.svg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:10e0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://says.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

GET
H2 200 uemsunrise_big_banner_v2.png
pcto.revmedia.my/2022/01/uemsunrise/assets/ 53 KB
54 KB 178ms
177ms Image
image/png 2606:4700::6812:10e0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pcto.revmedia.my/2022/01/uemsunrise/assets/uemsunrise_big_banner_v2.png
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:10e0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 554866abaa64c405aaeb59a27a5097f09bb84ed1712e58afd41e6681b80d4995

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://says.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 24 Jan 2022 16:42:19 GMT
cf-cache-status: HIT
x-guploader-uploadid: ADPycduor8zaB1GoDjNLSVY_ctdJDAP-kw9M_BRICDViDJ4tGM4DbSKdjNt2NRxEEBuZ82A3nPfpGp1FdcgB0y358tA
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-type: image/png
content-length: 54546
last-modified: Mon, 24 Jan 2022 08:47:37 GMT
server: cloudflare
etag: "38f80afd1de7d4d13cfb6cd1f55d89e5"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin, Accept-Encoding
x-goog-hash: crc32c=wIzm7Q==, md5=OPgK/R3n1NE8+2zR9V2J5Q==
x-goog-generation: 1643014057744227
cache-control: public, max-age=3600
x-goog-stored-content-length: 54546
accept-ranges: bytes
cf-ray: 6d2ab6e01e1b5c1a-FRA
expires: Mon, 24 Jan 2022 17:42:19 GMT

GET
H2 200 uemsunrise_animated_v2.gif
pcto.revmedia.my/2022/01/uemsunrise/assets/ 95 KB
95 KB 208ms
208ms Image
image/gif 2606:4700::6812:10e0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pcto.revmedia.my/2022/01/uemsunrise/assets/uemsunrise_animated_v2.gif
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:10e0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ed1f5b54e05b6d525932e268a37f607ff460785150ae949890215217d0770139

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://says.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 24 Jan 2022 16:42:19 GMT
cf-cache-status: HIT
x-guploader-uploadid: ADPycdubCqxWpcKweWdLyP1HlJuuUBo1m9tnD0I21FmumQhbJ-GyWaCL_gRqRfXnQRvv3Y_YLiUDv7v7zQeJwN0Js60
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-type: image/gif
content-length: 97087
last-modified: Mon, 24 Jan 2022 10:15:26 GMT
server: cloudflare
etag: "c7bebf1eb23cde7b77204b903a8cc91d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin, Accept-Encoding
x-goog-hash: crc32c=WOTu6Q==, md5=x76/HrI83nt3IEuQOozJHQ==
x-goog-generation: 1643019326222418
cache-control: public, max-age=3600
x-goog-stored-content-length: 97087
accept-ranges: bytes
cf-ray: 6d2ab6e01e1c5c1a-FRA
expires: Mon, 24 Jan 2022 17:42:19 GMT

GET
H2 200 mobile_7302.png
images.says.com/uploads/story/cover_image/53218/ 124 KB
125 KB 51ms
39ms Image
image/webp 2606:4700::6812:13ee
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.says.com/uploads/story/cover_image/53218/mobile_7302.png
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:13ee , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7f126f2b44f72384da123e29b5ef67c9ea0a0f1158eb2d857609f17c6fd99f5a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://says.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 24 Jan 2022 16:42:19 GMT
cf-cache-status: HIT
age: 5305
cf-polished: origFmt=png, origSize=212204
x-guploader-uploadid: ADPycdtbH5cB2fJqBkeDAw-Gy2fViM9OvyhtIrryBwyigUaOnPGWGZEXhODzMy1FbNf_eWWiShSJCBWPhKUOUb_VgRItvxR00w
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-disposition: inline; filename="mobile_7302.webp"
content-type: image/webp
content-length: 127486
last-modified: Mon, 24 Jan 2022 02:35:55 GMT
server: cloudflare
etag: "da0b245cf0dfc38b50d24775cbe11052"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
x-goog-hash: crc32c=N8mZCA==, md5=2gskXPDfw4tQ0kd1y+EQUg==
x-goog-generation: 1642991755045116
expires: Sun, 25 Jan 2032 04:42:19 GMT
cache-control: public, max-age=315576000
x-goog-stored-content-length: 212204
accept-ranges: bytes
cf-ray: 6d2ab6e03a3c5b9e-FRA
cf-bgj: imgq:100,h2pri

GET
H2 200 mobile_02dc.jpg
images.says.com/uploads/story/cover_image/53215/ 61 KB
61 KB 44ms
32ms Image
image/webp 2606:4700::6812:13ee
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.says.com/uploads/story/cover_image/53215/mobile_02dc.jpg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:13ee , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 92bd1ead1acf81c62d0994471e914ee030abfc85c689435388c023a4d7209ec1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://says.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 24 Jan 2022 16:42:19 GMT
cf-cache-status: HIT
age: 5305
cf-polished: origFmt=jpeg, origSize=142807
x-guploader-uploadid: ADPycdsT0DUgfkzWfatf4RsvaZWwDqdlrJlmIEXsjBunLfVNFyKlMPqMQ1HJaPSS0hADZVHVLQzDpNgvnXDYnintQv1q2Qq-EQ
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-disposition: inline; filename="mobile_02dc.webp"
content-type: image/webp
content-length: 62298
last-modified: Mon, 24 Jan 2022 02:05:35 GMT
server: cloudflare
etag: "70a168740cf742f3a4b5a162dc63da46"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
x-goog-hash: crc32c=BuEUVQ==, md5=cKFodAz3QvOktaFi3GPaRg==
x-goog-generation: 1642989935479899
expires: Sun, 25 Jan 2032 04:42:19 GMT
cache-control: public, max-age=315576000
x-goog-stored-content-length: 142807
accept-ranges: bytes
cf-ray: 6d2ab6e03a3e5b9e-FRA
cf-bgj: imgq:100,h2pri

GET
H2 200 mobile_add5.jpg
images.says.com/uploads/story/cover_image/53217/ 59 KB
60 KB 67ms
55ms Image
image/webp 2606:4700::6812:13ee
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.says.com/uploads/story/cover_image/53217/mobile_add5.jpg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:13ee , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cec8db5285e14759db60ec5e7ad1cd5c422c3d1d1939899f18fffd870a52c631

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://says.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 24 Jan 2022 16:42:19 GMT
cf-cache-status: HIT
age: 5305
cf-polished: origFmt=jpeg, origSize=150564
x-guploader-uploadid: ADPycdtzPO76BetUwcLODMu6122pWjhn2oYraFjtRBATw_72Ks6SgmmbyAO-iY7xMm04kDmWLwvgbFDGHR6_gIroZB6p36W4mw
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-disposition: inline; filename="mobile_add5.webp"
content-type: image/webp
content-length: 60922
last-modified: Mon, 24 Jan 2022 02:44:46 GMT
server: cloudflare
etag: "e6de220fabc667c196310d3740b90bfc"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
x-goog-hash: crc32c=Ad9JVw==, md5=5t4iD6vGZ8GWMQ03QLkL/A==
x-goog-generation: 1642992286547828
expires: Sun, 25 Jan 2032 04:42:19 GMT
cache-control: public, max-age=315576000
x-goog-stored-content-length: 150564
accept-ranges: bytes
cf-ray: 6d2ab6e03a3d5b9e-FRA
cf-bgj: imgq:100,h2pri

GET
H2 200 mobile_9e97.jpg
images.says.com/uploads/story/cover_image/53232/ 45 KB
46 KB 40ms
28ms Image
image/jpeg 2606:4700::6812:13ee
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.says.com/uploads/story/cover_image/53232/mobile_9e97.jpg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:13ee , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 837fa5a10c36220ff1fa957f86fb509de965b616c432bbd1ac71b79f9274391b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://says.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 24 Jan 2022 16:42:19 GMT
cf-cache-status: HIT
age: 5414
cf-polished: origSize=48339, status=webp_bigger
x-guploader-uploadid: ADPycduPKkKk_8f-SRlDI4W7u3NvbJGifZAvyupt6TrZYhDPUAbj5Zonp5cJXWC1eD2uzxvC16HkfK-DJNuOu9KkPZj7Xt9_tg
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-type: image/jpeg
content-length: 45940
last-modified: Mon, 24 Jan 2022 10:14:27 GMT
server: cloudflare
etag: "6131bc44952f2dd89712105a36341c96"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-goog-hash: crc32c=u/gbhQ==, md5=YTG8RJUvLdiXEhBaNjQclg==
x-goog-generation: 1643019267792928
expires: Sun, 25 Jan 2032 04:42:19 GMT
cache-control: public, max-age=315576000
x-goog-stored-content-length: 48339
accept-ranges: bytes
cf-ray: 6d2ab6e03a415b9e-FRA
cf-bgj: imgq:100,h2pri

GET
H2 200 mobile_9416.jpg
images.says.com/uploads/story/cover_image/53225/ 76 KB
76 KB 42ms
31ms Image
image/webp 2606:4700::6812:13ee
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.says.com/uploads/story/cover_image/53225/mobile_9416.jpg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:13ee , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4d52c5b61b59acbd900c0c69706a5fec569d8f73dee744e3382d9bf6c00c9053

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://says.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 24 Jan 2022 16:42:19 GMT
cf-cache-status: HIT
age: 5414
cf-polished: origFmt=jpeg, origSize=165291
x-guploader-uploadid: ADPycdtH5-pzwXsYj1_GdoR_5RcM3uWb_cvZr7lJcPBWYUDEdv7fMzfMTsHWprsztOZ3VROLDVf1x_d70TSvyfeoo5HIQZu6eQ
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-disposition: inline; filename="mobile_9416.webp"
content-type: image/webp
content-length: 77800
last-modified: Mon, 24 Jan 2022 09:04:12 GMT
server: cloudflare
etag: "2e22cb0968a3660464b0cf0b4eede393"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
x-goog-hash: crc32c=75OVEA==, md5=LiLLCWijZgRksM8LTu3jkw==
x-goog-generation: 1643015052788983
expires: Sun, 25 Jan 2032 04:42:19 GMT
cache-control: public, max-age=315576000
x-goog-stored-content-length: 165291
accept-ranges: bytes
cf-ray: 6d2ab6e03a455b9e-FRA
cf-bgj: imgq:100,h2pri

GET
H3 200 sdk.js Show response
connect.facebook.net/en_US/ 3 KB
2 KB 7ms
7ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/sdk.js

Requested by

Host: says.com
URL: https://says.com/my

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

8c086dedaab8b25f94d6279c36166b435e1ac563aa6ad5448d833480ac5bdc4a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://says.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: woPbSWyNh/pWq+zTeLXkYw==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
expires: Mon, 24 Jan 2022 16:42:56 GMT
alt-svc: h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length: 1687
x-fb-rlafr: 0
x-fb-debug: Qu8tN9v2Owzwav6mhGer4Lbg+9MDlKZ/Q4aMCZPQZ02YzIxicVRAKBBH4lgAuKDig80V1H1/59UBDnik7d4GXQ==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
x-fb-content-md5: b7eb0398af2681b6d6a824148f542ca9
cross-origin-opener-policy: same-origin-allow-popups
date: Mon, 24 Jan 2022 16:42:19 GMT
x-frame-options: DENY
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public,max-age=1200,stale-while-revalidate=3600
etag: "f900f8a0b9bc3af7ccc1ae1a840996c5"
timing-allow-origin: *
priority: u=3,i
access-control-expose-headers: X-FB-Content-MD5

GET
H2 200 optimus_rules.json Show response
tags.crwdcntrl.net/lt/c/11139/ 1 KB
921 B 25ms
9ms XHR
application/json 13.225.80.107
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.crwdcntrl.net/lt/c/11139/optimus_rules.json
Requested by: Host: tags.crwdcntrl.net
URL: https://tags.crwdcntrl.net/lt/c/11139/lt.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.80.107 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-80-107.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 8e22cb4e66e648370b980132b699183bd83db43648b6a901394b428c8cede89a

Request headers

Referer: https://says.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Mon, 24 Jan 2022 03:29:32 GMT
content-encoding: gzip
age: 47568
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
access-control-allow-origin: *
last-modified: Thu, 13 Jan 2022 05:51:02 GMT
server: AmazonS3
etag: W/"d090cfae6309c3d6f61faede5c8a04fb"
vary: Origin,Access-Control-Request-Headers,Access-Control-Request-Method
access-control-allow-methods: GET
content-type: application/json
via: 1.1 03d509e8374e9f42668961b5e0201348.cloudfront.net (CloudFront)
cache-control: max-age: 86400
x-amz-cf-pop: FRA2-C2
x-amz-cf-id: Rs7BwjaLwOJdaQzForTmRtik-5o5vOSsL-o5JMIJAhRAs0JiqZfhPw==

GET
H2 200 chartbeat_video.js Show response
static.chartbeat.com/js/ 69 KB
23 KB 8ms
8ms Script
application/x-javascript 2600:9000:20eb:4000:18:1fcd:34f:cdc1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.chartbeat.com/js/chartbeat_video.js
Requested by: Host: says.com
URL: https://says.com/my
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20eb:4000:18:1fcd:34f:cdc1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: e916d6f3c9c316368f99463951a426d09d4ddd223e961652728b519efb11e772

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://says.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 24 Jan 2022 16:40:59 GMT
content-encoding: gzip
last-modified: Fri, 14 Jan 2022 02:25:30 GMT
server: nginx
age: 80
etag: W/"61e0df1a-11377"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/x-javascript
via: 1.1 cdcb559c2f25d8ad2ccf0419bee33b02.cloudfront.net (CloudFront)
cache-control: max-age=7200
cross-origin-resource-policy: cross-origin
x-amz-cf-pop: FRA2-C1
x-amz-cf-id: LUswYOdK9gYVesr-FYNLKkSGC1qOVAGcKPm63UMU0n3fMBT1-ceLVw==
expires: Mon, 24 Jan 2022 18:40:59 GMT

POST
H2 200 publisher:getClientId Show response
ampcid.google.de/v1/ 3 B
456 B 144ms
47ms XHR
application/json 2a00:1450:4001:80e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ampcid.google.de/v1/publisher:getClientId?key=AIzaSyA65lEHUEizIsNtlbNo-l2K18dT680nsaM

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://says.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 24 Jan 2022 16:42:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
server: ESF
x-frame-options: SAMEORIGIN
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://says.com
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
cache-control: private
access-control-allow-credentials: true
vary: Origin, X-Origin, Referer
content-length: 23
x-xss-protection: 0

POST
H2 200 rum Show response
says.com/cdn-cgi/ 0
252 B 15ms
14ms XHR
text/plain 2606:4700::6812:13ee
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://says.com/cdn-cgi/rum?

Requested by

Host: static.cloudflareinsights.com
URL: https://static.cloudflareinsights.com/beacon.min.js/v652eace1692a40cfa3763df669d7439c1639079717194

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:13ee , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://says.com/my
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
content-type: application/json

Response headers

date: Mon, 24 Jan 2022 16:42:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cloudflare
x-frame-options: DENY
access-control-allow-methods: POST,OPTIONS
content-type: text/plain
access-control-allow-origin: https://says.com
access-control-max-age: 86400
access-control-allow-credentials: true
cf-ray: 6d2ab6e06aae5b9e-FRA
vary: Origin

GET
H2 200 / Show response
mab.chartbeat.com/mab_strategy/headline_testing/get_strategy/ 2 KB
1 KB 35ms
7ms XHR
application/json 2a04:4e42:200::714
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://mab.chartbeat.com/mab_strategy/headline_testing/get_strategy/?host=says.com&domain=says.com&path=%2Fmy
Requested by: Host: static.chartbeat.com
URL: https://static.chartbeat.com/js/chartbeat_mab_image.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a04:4e42:200::714 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: f625ccc4e3adb5ccf9ba331e7baf5bc5131da2f9c814d6071ebc160c72b466a6

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://says.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 24 Jan 2022 16:42:19 GMT
content-encoding: gzip
x-cache-hits: 1
age: 1003
x-cache: HIT
cross-origin-resource-policy: cross-origin
content-length: 688
x-served-by: cache-hhn4081-HHN
access-control-allow-origin: *
x-timer: S1643042540.621874,VS0,VE0
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
content-type: application/json
via: 1.1 varnish (Varnish/6.0), 1.1 varnish
cache-control: no-store, no-cache, must-revalidate, max-age=0, s-maxage=0
accept-ranges: bytes
expires: Sat, 22 Jan 2022 16:25:36 GMT

GET
H2 200 worker-new.html Show response
says.api.useinsider.com/ Frame 46B9 8 KB
3 KB 24ms
24ms Document
text/html 2606:4700::6811:aa72
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://says.api.useinsider.com/worker-new.html
Requested by: Host: says.api.useinsider.com
URL: https://says.api.useinsider.com/ins.js?id=10002153
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:aa72 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7e58212a834825aaa684963bfbb592ac5e3d698c44a0778bbbd101ae40f214db

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://says.com/

Response headers

date: Mon, 24 Jan 2022 16:42:19 GMT
content-type: text/html
access-control-allow-origin: *
last-modified: Thu, 20 Jan 2022 04:02:38 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 7129
expires: Wed, 09 Feb 2022 16:42:19 GMT
cache-control: public, max-age=1382400
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 6d2ab6e09c7442ee-FRA
content-encoding: br

GET
H3 200 sdk.js Show response
connect.facebook.net/en_US/ 285 KB
80 KB 18ms
9ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/sdk.js?hash=4e3cf3654401798cac9df7be4501bab5

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

a641dc1970173990e05bb15c9a46ae19760af87fe773a6f26db066f7b23b1f18

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://says.com/
Origin: https://says.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: 0OnH3UIREW06x4nd0NAgLA==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
expires: Tue, 24 Jan 2023 15:04:39 GMT
alt-svc: h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length: 82061
x-fb-rlafr: 0
x-fb-debug: 0MqvGDeY+Gtn9Yv3SUjWW7dkJBONShvZAvlmZ0DxtqJMdo6ptfa6A+iXiDliSShvTL1dvYXtRWzDaUvzHcyvsw==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
x-fb-content-md5: 0d95ae471e6034ea5376ee11c08f7504
cross-origin-opener-policy: same-origin-allow-popups
date: Mon, 24 Jan 2022 16:42:19 GMT
x-frame-options: DENY
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
etag: "42f25822d6f5881c8c48c77638400fbf"
timing-allow-origin: *
priority: u=3,i
access-control-expose-headers: X-FB-Content-MD5

GET
H3 200 /
www.facebook.com/tr/ 44 B
88 B 7ms
7ms Image
image/gif 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=169284420317900&ev=PageView&dl=https%3A%2F%2Fsays.com%2Fmy&rl=&if=false&ts=1643042538933&sw=1600&sh=1200&v=2.9.49&r=stable&ec=0&o=30&fbp=fb.1.1643042538932.295984686&it=1643042538020&coo=false&exp=p0&rqm=GET

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://says.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 24 Jan 2022 16:42:19 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
content-length: 44
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
priority: u=3,i
expires: Mon, 24 Jan 2022 16:42:19 GMT

GET
H2 200 mab
mabping.chartbeat.net/ping/ 43 B
201 B 315ms
99ms Image
image/gif 52.207.202.199
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mabping.chartbeat.net/ping/mab?h=says.com&p=%2Fmy&d=says.com&u=D4dzUsCyA91ZDJ9SPP&c=0&x=vONALkv8YTOHC&v=A&ml=m&sl=qOa41&e=-1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.207.202.199 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-207-202-199.compute-1.amazonaws.com
Software: /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://says.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 24 Jan 2022 16:42:19 GMT
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
content-length: 43
expires: 0

GET
H2 200 mab
mabping.chartbeat.net/ping/ 43 B
200 B 316ms
101ms Image
image/gif 52.207.202.199
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mabping.chartbeat.net/ping/mab?h=says.com&p=%2Fmy&d=says.com&u=D4dzUsCyA91ZDJ9SPP&c=0&x=m0xHDxslpYCmY&v=C&ml=m&sl=8SxMl&e=-1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.207.202.199 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-207-202-199.compute-1.amazonaws.com
Software: /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://says.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 24 Jan 2022 16:42:19 GMT
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
content-length: 43
expires: 0

GET
H2 200 ping
ping.chartbeat.net/ 43 B
201 B 317ms
102ms Image
image/gif 23.21.122.84
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ping.chartbeat.net/ping?h=says.com&p=%2Fmy&u=D4dzUsCyA91ZDJ9SPP&d=says.com&g=65124&g0=n%2Fa&g1=n%2Fa&n=1&f=00001&c=0&x=0&m=0&y=4470&o=1600&w=1200&j=45&R=1&W=0&I=0&E=0&e=0&r=&b=714&_s=%7B%22ga%22%3Anull%7D&t=DmxA-bCPnwyZB04h0uBojtg3S2W7R&V=129&i=SAYS%20-%20Creating%20content%20for%20Malaysia%E2%80%99s%20social%20media%20generation&tz=0&sn=1&sv=6KLAWBYD1hUnH55dCaTh1lBcFbLG&sd=1&im=067b2ff3&_
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 23.21.122.84 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-23-21-122-84.compute-1.amazonaws.com
Software: /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://says.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 24 Jan 2022 16:42:19 GMT
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
content-length: 43
expires: 0

GET
H3 200 /
www.facebook.com/tr/ 44 B
88 B 7ms
7ms Image
image/gif 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=204299389728697&ev=fb_page_view&dl=https%3A%2F%2Fsays.com%2Fmy&rl=&if=false&ts=1643042538984&sw=1600&sh=1200&at=

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://says.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 24 Jan 2022 16:42:19 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
content-length: 44
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
priority: u=3,i
expires: Mon, 24 Jan 2022 16:42:19 GMT

POST
H3 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 96ms
48ms XHR
text/plain 2a00:1450:4001:830::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j96&a=1951406695&t=pageview&_s=1&dl=https%3A%2F%2Fsays.com%2Fmy&ul=en-us&de=UTF-8&dt=SAYS%20-%20Creating%20content%20for%20Malaysia%E2%80%99s%20social%20media%20generation&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aHBACAABBAQCAC~&jid=679272003&gjid=614899185&cid=1053354340.1643042539&tid=UA-27970811-1&_gid=2032936465.1643042539&_r=1&gtm=2wg1j05WNLRMX&cd3=n%2Fa&z=764069145

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://says.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 24 Jan 2022 16:42:19 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://says.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 82ms
40ms Image
image/gif 2a00:1450:4001:830::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j96&a=1951406695&t=event&ni=1&_s=1&dl=https%3A%2F%2Fsays.com%2Fmy&ul=en-us&de=UTF-8&dt=SAYS%20-%20Creating%20content%20for%20Malaysia%E2%80%99s%20social%20media%20generation&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=Scroll%20Depth&ea=%2Fmy&el=25%25&_u=aHDACAABBAQCAC~&jid=&gjid=&cid=1053354340.1643042539&tid=UA-27970811-1&_gid=2032936465.1643042539&gtm=2wg1j05WNLRMX&z=456247877

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://says.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 24 Jan 2022 16:25:42 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 997
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
437 B 64ms
20ms XHR
text/plain 2a00:1450:400c:c1b::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-27970811-1&cid=1053354340.1643042539&jid=679272003&gjid=614899185&_gid=2032936465.1643042539&_u=aHBACAAABAQCAC~&z=1631346907

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c1b::9d Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://says.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Mon, 24 Jan 2022 16:42:19 GMT
content-type: text/plain
access-control-allow-origin: https://says.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ga-audiences
www.google.com/ads/ 42 B
63 B 168ms
111ms Image
image/gif 2a00:1450:4001:82f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-27970811-1&cid=1053354340.1643042539&jid=679272003&_u=aHBACAAABAQCAC~&z=716185310

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://says.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 24 Jan 2022 16:42:20 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ga-audiences
www.google.de/ads/ 42 B
63 B 136ms
80ms Image
image/gif 2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-27970811-1&cid=1053354340.1643042539&jid=679272003&_u=aHBACAAABAQCAC~&z=716185310

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://says.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 24 Jan 2022 16:42:20 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.facebook.com/tr/ 44 B
88 B 8ms
7ms Image
image/gif 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=169284420317900&ev=Microdata&dl=https%3A%2F%2Fsays.com%2Fmy&rl=&if=false&ts=1643042539440&cd[DataLayer]=%5B%5D&cd[Meta]=%7B%22title%22%3A%22SAYS%20-%20Creating%20content%20for%20Malaysia%E2%80%99s%20social%20media%20generation%22%2C%22meta%3Adescription%22%3A%22SAYS%20curates%20Malaysia%E2%80%99s%20biggest%20stories%2C%20simplifying%20the%20latest%20news%20on%20politics%2C%20entertainment%2C%20fun%2C%20trending%20topics%2C%20and%20more.%22%7D&cd[OpenGraph]=%7B%22og%3Atype%22%3A%22website%22%2C%22og%3Atitle%22%3A%22SAYS%20-%20Creating%20content%20for%20Malaysia%E2%80%99s%20social%20media%20generation%22%2C%22og%3Adescription%22%3A%22SAYS%20curates%20Malaysia%E2%80%99s%20biggest%20stories%2C%20simplifying%20the%20latest%20news%20on%20politics%2C%20entertainment%2C%20fun%2C%20trending%20topics%2C%20and%20more.%22%2C%22og%3Aurl%22%3A%22https%3A%2F%2Fsays.com%2Fmy%22%2C%22og%3Aimage%22%3A%22https%3A%2F%2Fsays.com%2Fassets%2Fsays-logo-light-blue-large-1446b8864e68d1df9c140b185def00464a332bdd187644a2689d3b20f52c8c5a.png%22%2C%22og%3Asite_name%22%3A%22SAYS%22%7D&cd[Schema.org]=%5B%5D&cd[JSON-LD]=%5B%5D&sw=1600&sh=1200&v=2.9.49&r=stable&ec=1&o=30&fbp=fb.1.1643042538932.295984686&it=1643042538020&coo=false&es=automatic&tm=3&exp=p0&rqm=GET

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://says.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 24 Jan 2022 16:42:20 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
content-length: 44
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
priority: u=3,i
expires: Mon, 24 Jan 2022 16:42:20 GMT

POST
H2 204 collect Show response
g.clarity.ms/ 0
88 B 301ms
301ms XHR
text/plain 52.182.214.99
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://g.clarity.ms/collect
Requested by: Host: g.clarity.ms
URL: https://g.clarity.ms/s/0.6.31/clarity.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.182.214.99 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://says.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

access-control-allow-origin: https://says.com
date: Mon, 24 Jan 2022 16:42:20 GMT
access-control-allow-credentials: true
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
request-context: appId=cid-v1:7f62cbe7-9d8b-4a41-a628-fbaa3aa5c695

POST
H/1.1 200 622.json Show response
id5-sync.com/g/v2/ 213 B
526 B 46ms
18ms XHR
application/json 51.89.21.21
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://id5-sync.com/g/v2/622.json

Requested by

Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/pwt/121793/1376/pwt.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

51.89.21.21 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

p13.id5-sync.com

Software

Resource Hash

7e10d56ad8379b4a02f8955a4c8331139d1c6eb2a5b92b1e4d0655d2c1a33c3b

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://says.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: https://says.com
Date: Mon, 24 Jan 2022 16:42:20 GMT
Access-Control-Allow-Credentials: true
Vary: Origin
Transfer-Encoding: chunked
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
Content-Type: application/json;charset=UTF-8

GET
H2 451 envelope Show response
api.rlcdn.com/api/identity/ 44 B
323 B 60ms
21ms XHR
text/plain 34.120.133.55
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://api.rlcdn.com/api/identity/envelope?pid=1258

Requested by

Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/pwt/121793/1376/pwt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.120.133.55 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

55.133.120.34.bc.googleusercontent.com

Software

Resource Hash

da45962a1fb4a049c9367ebe9b1b628f071d7a4c9997ee807c01d23f4866e19c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://says.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 24 Jan 2022 16:42:20 GMT
via: 1.1 google
x-content-type-options: nosniff
access-control-allow-headers: Accept, Authorization, Content-Type, Cookie, Origin, X-Requested-With
access-control-allow-methods: GET, OPTIONS
content-type: text/plain; charset=utf-8
access-control-allow-origin: https://says.com
access-control-allow-credentials: true
alt-svc: clear
content-length: 44

GET
H2 200 id Show response
id.crwdcntrl.net/ 63 B
331 B 47ms
38ms XHR
application/json 52.17.84.146
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://id.crwdcntrl.net/id
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/pwt/121793/1376/pwt.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.17.84.146 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-17-84-146.eu-west-1.compute.amazonaws.com
Software: Jetty(9.4.38.v20210224) /
Resource Hash: 298d3539cf1bbc871319f94a3eb3deafb60b98306576f75c1b7f9aed425304c0

Request headers

Referer: https://says.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 24 Jan 2022 16:42:20 GMT
server: Jetty(9.4.38.v20210224)
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin: https://says.com
cache-control: no-cache
x-server: 10.45.5.99
access-control-allow-credentials: true
content-type: application/json;charset=utf-8
content-length: 63
expires: 0

GET
H2 200 rid Show response
match.adsrvr.org/track/ 109 B
538 B 101ms
32ms XHR
application/json 52.223.40.198
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://match.adsrvr.org/track/rid?ttd_pid=pubmatic&fmt=json
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/pwt/121793/1376/pwt.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.223.40.198 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: /
Resource Hash: 25944d2ba65925123567f2efe9b4c143b3ef042fac11c333108b87d26b6df841

Request headers

Referer: https://says.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 24 Jan 2022 16:42:20 GMT
x-aspnet-version: 4.0.30319
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://says.com
cache-control: private
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Content-Length, Content-Encoding, Vary, Cache-Control, Accept
content-length: 109
expires: Wed, 23 Feb 2022 16:42:20 GMT

GET
H3 200 /
www.facebook.com/tr/ Frame 7613 44 B
88 B 7ms
7ms Image
image/gif 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1394602727253794&ev=Microdata&dl=https%3A%2F%2Fbcp.crwdcntrl.net%2Fpixels%3Fs%3D22%252C61%252C14%252C12%26b%3D797747%252C1769168%26c%3D11139&rl=https%3A%2F%2Ftags.crwdcntrl.net%2F&if=true&ts=1643042540082&cd[DataLayer]=%5B%5D&cd[Meta]=%7B%22title%22%3A%22%22%7D&cd[OpenGraph]=%7B%7D&cd[Schema.org]=%5B%5D&cd[JSON-LD]=%5B%5D&sw=1600&sh=1200&v=2.9.49&r=stable&ec=1&o=30&it=1643042538384&coo=false&es=automatic&tm=3&rqm=GET

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://bcp.crwdcntrl.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 24 Jan 2022 16:42:20 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
content-length: 44
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
priority: u=3,i
expires: Mon, 24 Jan 2022 16:42:20 GMT

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
792 B 143ms
45ms Script
application/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=says.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011408.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://says.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 24 Jan 2022 16:42:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
549 B 138ms
48ms Script
application/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=says.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011408.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://says.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 24 Jan 2022 16:42:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 206 KB
51 KB 758ms
713ms XHR
text/plain 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=4158271735019086&correlator=3966971740881109&output=ldjh&impl=fifs&eid=44756432&vrg=2022011408&ptt=17&sc=1&sfv=1-0-38&ecs=20220124&iu_parts=1009103%2CSAYS_STO%2CSAYS_desktop_outofpage%2CSAYS_desktop_billboard%2CSAYS_desktop_leaderboard%2CSAYS_halfpage%2CSAYS_desktop_mrec%2CSAYS_desktop_mrec_2%2Csays_inskin%2CSays_Web_Interstitial%2CSays_Andbeyond_Pixel&enc_prev_ius=%2F0%2F1%2C%2F0%2F2%2C%2F0%2F3%2C%2F0%2F4%2C%2F0%2F5%2C%2F0%2F6%2C%2F0%2F7%2C%2F0%2F8%2C%2F0%2F9%2C%2F0%2F10&prev_iu_szs=1x1%2C1x1%2C970x250%2C728x90%2C300x600%2C300x250%2C300x250%2C1x1%2C1x1%2C1x1&ists=258&fas=0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C8%2C0&cust_params=section%3Dhomepage%26pos%3Dlisting%26environment%3Dproduction%26Brands%3D%26tagsSays%3D%26lotauds%3DDS_1327%252Cca_149%252Call%252Cca_494&cookie_enabled=1&bc=31&abxe=1&dt=1643042540146&lmt=1643042540&dlt=1643042537645&idt=501&frm=20&biw=1600&bih=1200&oid=2&adxs=0%2C1015%2C315%2C236%2C1015%2C1015%2C1015%2C0%2C-9%2C1015&adys=4577%2C4575%2C201%2C1013%2C4193%2C4193%2C4193%2C4576%2C-9%2C4193&adks=1476963904%2C1585380070%2C3455604261%2C126976903%2C205075962%2C2214189924%2C2187976013%2C1044105006%2C765343895%2C468646908&ucis=1%7C2%7C3%7C4%7C5%7C6%7C7%7C8%7C9%7Ca&ifi=1&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&dmc=8&url=https%3A%2F%2Fsays.com%2Fmy&vis=1&scr_x=0&scr_y=0&psz=1600x4577%7C400x3605%7C1600x452%7C770x90%7C400x3605%7C400x3605%7C400x3605%7C1600x4577%7C0x-1%7C400x3605&msz=1600x0%7C370x0%7C970x-1%7C728x-1%7C370x0%7C370x0%7C370x0%7C1x-1%7C0x-1%7C1x-1&ga_vid=1053354340.1643042539&ga_sid=1643042540&ga_hid=1951406695&ga_fc=true&fws=0%2C4%2C4%2C4%2C4%2C4%2C4%2C0%2C2%2C4&ohw=0%2C1600%2C1600%2C1600%2C1600%2C1600%2C1600%2C0%2C0%2C1600&btvi=1%7C2%7C0%7C0%7C3%7C4%7C5%7C6%7C-1%7C7&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011408.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

9a5742d29ad73d8a05637c2e5ce2343477f3b0ddf4714ba52eacc3e3ac6c1d42

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://says.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 24 Jan 2022 16:42:21 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2,-2,-2,-2,-2,-2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 52354
x-xss-protection: 0
google-lineitem-id: -2,-2,-1,-1,-1,-2,-2,-2,-1,-2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2,-2,-1,-1,-1,-2,-2,-2,-1,-2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://says.com
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 12 KB
9 KB 141ms
54ms XHR
application/json 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022011408&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011408.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

10a5b09e055ee3d93e2b00173304fd9efe33b940508f1f2ba64e615e565cfc6c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://says.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 24 Jan 2022 16:42:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9211
x-xss-protection: 0

GET
H2 200 container.html Show response
cd39953b3f13420a8f7dd021c757ad13.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame AA6E 6 KB
4 KB 199ms
73ms Document
text/html 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cd39953b3f13420a8f7dd021c757ad13.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011408.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://says.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Mon, 24 Jan 2022 16:42:21 GMT
expires: Tue, 24 Jan 2023 16:42:21 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 pubads_impl_page_level_ads_2022011408.js Show response
securepubads.g.doubleclick.net/gpt/ 34 KB
13 KB 76ms
38ms Script
text/javascript 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_page_level_ads_2022011408.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011408.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

sffe /

Resource Hash

eded73b494faf1cea930993a467caefe53ddd3ed81f4b2b6e038af3d7e6d5a9d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://says.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 18 Jan 2022 20:44:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 503849
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12966
x-xss-protection: 0
last-modified: Sat, 15 Jan 2022 00:18:29 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Wed, 18 Jan 2023 20:44:51 GMT

GET
H/1.1 200
OK async_usersync.html Show response
acdn.adnxs.com/dmp/ Frame 0CAE 52 KB
17 KB 34ms
7ms Document
text/html 151.101.65.108
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/pwt/121793/1376/pwt.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.65.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://says.com/

Response headers

Connection: keep-alive
Content-Length: 17053
Server: nginx/1.18.0 (Ubuntu)
Content-Type: text/html
Last-Modified: Wed, 02 Dec 2020 20:56:47 GMT
ETag: W/"5fc7ff8f-cf34"
Expires: Sat, 22 Jan 2022 02:32:58 GMT
Cache-Control: max-age=86402
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Via: 1.1 varnish, 1.1 varnish
Accept-Ranges: bytes
Date: Mon, 24 Jan 2022 16:42:20 GMT
Age: 50959
X-Served-By: cache-lga21935-LGA, cache-hhn4077-HHN
X-Cache: HIT, HIT
X-Cache-Hits: 1, 936435
X-Timer: S1643042541.922144,VS0,VE0
Vary: Accept-Encoding

GET
H2 200 checksync.php Show response
contextual.media.net/ Frame 46B6 21 KB
8 KB 65ms
25ms Document
text/html 104.84.232.23
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUKXW7J4&prvid=77&purpose1=1&gdprconsent=0&gdpr=1&usp_status=0&usp_consent=1&itype=PREBID

Requested by

Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/pwt/121793/1376/pwt.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.84.232.23 Schiphol, Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-84-232-23.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

1d4cd6f7c08a3c44073c4fffc074df6f594f3ac0f4c0885a8459a58c020f53f9

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://says.com/

Response headers

server: Apache
content-type: text/html; charset=UTF-8
x-mnet-hl2: E
strict-transport-security: max-age=604800
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=172800
expires: Wed, 26 Jan 2022 16:42:20 GMT
date: Mon, 24 Jan 2022 16:42:20 GMT
content-length: 7782

GET
H2 200 pd Show response
u.openx.net/w/1.0/ Frame 4921 0
91 B 292ms
285ms Document
text/html 34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://u.openx.net/w/1.0/pd
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/pwt/121793/1376/pwt.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/17.1.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://says.com/

Response headers

vary: Accept, Accept-Encoding
server: OXGW/17.1.0
date: Mon, 24 Jan 2022 16:42:21 GMT
content-type: text/html
content-length: 20
content-encoding: gzip
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET
H/1.1 200
OK ixmatch.html Show response
js-sec.indexww.com/um/ Frame A73B 2 KB
1 KB 69ms
17ms Document
text/html 92.122.254.129
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://js-sec.indexww.com/um/ixmatch.html
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/pwt/121793/1376/pwt.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 92.122.254.129 Schiphol, Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a92-122-254-129.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 7eca7977c6ade416c20775a7fd7cfa2291c5752cd1225d5c4342b057c37a000c

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://says.com/

Response headers

Server: Apache
Last-Modified: Thu, 11 Feb 2021 16:12:45 GMT
ETag: "e20015-90b-5bb11ca420f07"
Accept-Ranges: bytes
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1151
Date: Mon, 24 Jan 2022 16:42:20 GMT
Connection: keep-alive

GET
H/1.1

200
OK

bounce Show response
ib.adnxs.com/ Frame 0CAE
Redirect Chain

https://ib.adnxs.com/async_usersync?cbfn=queuePixels
https://ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels

0
807 B

6ms
6ms

Script
text/html

37.252.172.250
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

HTTP/1.1

Server

37.252.172.250 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

538.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 24 Jan 2022 16:42:20 GMT
X-Proxy-Origin: 185.213.155.165; 185.213.155.165; 538.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid: 5f10ffe1-83d3-4fbb-9387-746cb0ae02fb
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Mon, 24 Jan 2022 16:42:20 GMT
X-Proxy-Origin: 185.213.155.165; 185.213.155.165; 538.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid: fbfdf8ee-adfa-45fd-b47e-69f4d5341380
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1

200
OK

usermatch Show response
ssum-sec.casalemedia.com/ Frame 7C0A
Redirect Chain

https://ssum-sec.casalemedia.com/usermatch?d=https://says.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
https://ssum-sec.casalemedia.com/usermatch?d=https://says.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1

2 KB
3 KB

45ms
44ms

Document
text/html

92.122.254.129
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ssum-sec.casalemedia.com/usermatch?d=https://says.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Requested by: Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/um/ixmatch.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 92.122.254.129 Schiphol, Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a92-122-254-129.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 475ea0d93d64ea925be5bbefb08371bb06421b7d695cbbb7f2b34870531a253d

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://js-sec.indexww.com/

Response headers

Server: Apache
Content-Type: text/html
Dropped-Udsids: 39|45|230|241|111|46|195|64
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Vary: Is-Traffic-Usersync
Expires: Mon, 24 Jan 2022 16:42:21 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 24 Jan 2022 16:42:21 GMT
Content-Length: 1707
Connection: keep-alive

Redirect headers

Server: Apache
Content-Length: 331
Content-Type: text/html; charset=iso-8859-1
Location: https://ssum-sec.casalemedia.com/usermatch?d=https://says.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Expires: Mon, 24 Jan 2022 16:42:21 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 24 Jan 2022 16:42:21 GMT
Connection: keep-alive

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
7 KB 196ms
109ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011408.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://says.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 24 Jan 2022 16:42:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 24 Jan 2022 16:42:21 GMT

GET
H2 200 1643042540435d3d07dd76e.100b3461 Show response
segment.api.useinsider.com/v4/segments/ 927 B
663 B 127ms
96ms XHR
application/json 2606:4700::6811:a772
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://segment.api.useinsider.com/v4/segments/1643042540435d3d07dd76e.100b3461?partnerid=10002153&fields=e0e252a5d8c8cdc04eacbd926868cffc,1a3e01539f4264ca05f749a0c0b39d41&
Requested by: Host: says.api.useinsider.com
URL: https://says.api.useinsider.com/ins.js?id=10002153
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:a772 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7ca79b17283dd424f6e491d2effc14b0a4861b5c8ea6580950551ba8e49b948a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://says.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 24 Jan 2022 16:42:21 GMT
content-encoding: br
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-allow-methods: GET
content-type: application/json
access-control-allow-origin: *
cf-ray: 6d2ab6ea4fa22bc6-FRA

GET
H2 200 / Show response
location.api.useinsider.com/ 269 B
332 B 106ms
92ms XHR
application/json 2606:4700::6811:a772
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://location.api.useinsider.com/?v=2&pId=10002153&
Requested by: Host: says.api.useinsider.com
URL: https://says.api.useinsider.com/ins.js?id=10002153
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:a772 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0fb65d86c632c6e688fae75401da7da6565234c016eb988e8459df085ee7e182

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://says.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 24 Jan 2022 16:42:21 GMT
content-encoding: br
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
cache-control: no-cache, private
cf-ray: 6d2ab6ea5fbb2bc6-FRA
content-type: application/json

POST
H3 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
25 B 39ms
19ms XHR
text/plain 2a00:1450:400c:c1b::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-27970811-1&cid=1053354340.1643042539&jid=2112098560&gjid=2336552&_gid=2032936465.1643042539&_u=aHDAiAABBAQCAG~&z=1856544806

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400c:c1b::9d Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://says.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Mon, 24 Jan 2022 16:42:21 GMT
content-type: text/plain
access-control-allow-origin: https://says.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 collect
log.api.useinsider.com/v2/ 42 B
163 B 60ms
46ms Image
image/gif 2606:4700::6811:aa72
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://log.api.useinsider.com/v2/collect?p=eyJyZWYiOiJodHRwczovL3NheXMuY29tL215IiwicmVmZXJlciI6Imh0dHBzOi8vc2F5cy5jb20vbXkiLCJ1c2VySWQiOiIxNjQzMDQyNTQwNDM1ZDNkMDdkZDc2ZS4xMDBiMzQ2MSIsInBsYXRmb3JtIjoid2ViIiwib3JpZ2luYWxQcmljZSI6MCwib3JpZ2luYWxDdXJyZW5jeSI6Ik1ZUiIsImNvbnZlcnRlZEN1cnJlbmN5IjoiTVlSIiwiY29udmVydGVkUHJpY2UiOjAsInNlc3Npb25JZCI6IlpUSnZOMjUxYzNJdGNtMXBiUzF2WjJnM0xXMTJaalV0WldJd05uZDZlWGMwTVhCdFh6RTJORE13TkRJMU5EQT0iLCJzYWxlc1Nlc0lkIjoiIiwic2FsZXNTZXNUaW1lIjoidW5kZWZpbmVkLTE2NDMwNDI1NDAiLCJvcmRlcklkIjoiIiwicGFpZFByb2R1Y3RzIjoiW10iLCJjYW1wSWQiOiJjNjMiLCJ0eXBlIjoiaW1wcmVzc2lvbiIsIm90aGVyIjoiIiwiY3VzdG9tU3ViSWQiOiJOL0EiLCJwcm9kdWN0VHlwZSI6ImN1c3RvbSJ9&t=cu&pn=says
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:aa72 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://says.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 24 Jan 2022 16:42:21 GMT
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate
cf-ray: 6d2ab6ea8c4742ee-FRA
content-length: 42

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 39ms
39ms Image
image/gif 2a00:1450:4001:830::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j96&a=1951406695&t=event&ni=1&_s=1&dl=https%3A%2F%2Fsays.com%2Fmy&ul=en-us&de=UTF-8&dt=SAYS%20-%20Creating%20content%20for%20Malaysia%E2%80%99s%20social%20media%20generation&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=INSIDER&ea=Tab%20Talk%20v2%20%7C%20Homepage-impressions-custom&el=(builder%20ID%3A%20317)%20-%20Variation%20Ratio%3A%2090%25&_u=aHDAiAABBAQCAC~&jid=2112098560&gjid=2336552&cid=1053354340.1643042539&tid=UA-27970811-1&_gid=2032936465.1643042539&gtm=2wg1j05WNLRMX&z=1395875569

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://says.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 24 Jan 2022 16:25:42 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 999
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 collect
log.api.useinsider.com/v2/ 42 B
95 B 56ms
52ms Image
image/gif 2606:4700::6811:aa72
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://log.api.useinsider.com/v2/collect?p=eyJyZWYiOiJodHRwczovL3NheXMuY29tL215IiwicmVmZXJlciI6Imh0dHBzOi8vc2F5cy5jb20vbXkiLCJ1c2VySWQiOiIxNjQzMDQyNTQwNDM1ZDNkMDdkZDc2ZS4xMDBiMzQ2MSIsInBsYXRmb3JtIjoid2ViIiwib3JpZ2luYWxQcmljZSI6MCwib3JpZ2luYWxDdXJyZW5jeSI6Ik1ZUiIsImNvbnZlcnRlZEN1cnJlbmN5IjoiTVlSIiwiY29udmVydGVkUHJpY2UiOjAsInNlc3Npb25JZCI6IlpUSnZOMjUxYzNJdGNtMXBiUzF2WjJnM0xXMTJaalV0WldJd05uZDZlWGMwTVhCdFh6RTJORE13TkRJMU5EQT0iLCJzYWxlc1Nlc0lkIjoiIiwic2FsZXNTZXNUaW1lIjoidW5kZWZpbmVkLTE2NDMwNDI1NDAiLCJvcmRlcklkIjoiIiwicGFpZFByb2R1Y3RzIjoiW10iLCJjYW1wSWQiOiJjODEiLCJ0eXBlIjoiaW1wcmVzc2lvbiIsIm90aGVyIjoiIiwiY3VzdG9tU3ViSWQiOiJOL0EiLCJwcm9kdWN0VHlwZSI6ImN1c3RvbSJ9&t=cu&pn=says
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:aa72 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://says.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 24 Jan 2022 16:42:21 GMT
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate
cf-ray: 6d2ab6ea8c4a42ee-FRA
content-length: 42

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 39ms
39ms Image
image/gif 2a00:1450:4001:830::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j96&a=1951406695&t=event&ni=1&_s=1&dl=https%3A%2F%2Fsays.com%2Fmy&ul=en-us&de=UTF-8&dt=SAYS%20-%20Creating%20content%20for%20Malaysia%E2%80%99s%20social%20media%20generation&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=INSIDER&ea=Cookie%20Consent%20Button%20Clicks-impressions-custom&el=(builder%20ID%3A%20382)%20-%20Variation%20Ratio%3A%2095%25&_u=aHDAiAABBAQCAG~&jid=&gjid=&cid=1053354340.1643042539&tid=UA-27970811-1&_gid=2032936465.1643042539&gtm=2wg1j05WNLRMX&z=931598087

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://says.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 24 Jan 2022 16:25:42 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 999
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 collect
log.api.useinsider.com/v2/ 42 B
95 B 43ms
42ms Image
image/gif 2606:4700::6811:aa72
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://log.api.useinsider.com/v2/collect?p=eyJyZWYiOiJodHRwczovL3NheXMuY29tL215IiwicmVmZXJlciI6Imh0dHBzOi8vc2F5cy5jb20vbXkiLCJ1c2VySWQiOiIxNjQzMDQyNTQwNDM1ZDNkMDdkZDc2ZS4xMDBiMzQ2MSIsInBsYXRmb3JtIjoid2ViIiwib3JpZ2luYWxQcmljZSI6MCwib3JpZ2luYWxDdXJyZW5jeSI6Ik1ZUiIsImNvbnZlcnRlZEN1cnJlbmN5IjoiTVlSIiwiY29udmVydGVkUHJpY2UiOjAsInNlc3Npb25JZCI6IlpUSnZOMjUxYzNJdGNtMXBiUzF2WjJnM0xXMTJaalV0WldJd05uZDZlWGMwTVhCdFh6RTJORE13TkRJMU5EQT0iLCJzYWxlc1Nlc0lkIjoiIiwic2FsZXNTZXNUaW1lIjoidW5kZWZpbmVkLTE2NDMwNDI1NDAiLCJvcmRlcklkIjoiIiwicGFpZFByb2R1Y3RzIjoiW10iLCJjYW1wSWQiOiJjODciLCJ0eXBlIjoiaW1wcmVzc2lvbiIsIm90aGVyIjoiIiwiY3VzdG9tU3ViSWQiOiJOL0EiLCJwcm9kdWN0VHlwZSI6ImN1c3RvbSJ9&t=cu&pn=says
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:aa72 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://says.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 24 Jan 2022 16:42:21 GMT
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate
cf-ray: 6d2ab6ea9c6942ee-FRA
content-length: 42

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 40ms
39ms Image
image/gif 2a00:1450:4001:830::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j96&a=1951406695&t=event&ni=1&_s=1&dl=https%3A%2F%2Fsays.com%2Fmy&ul=en-us&de=UTF-8&dt=SAYS%20-%20Creating%20content%20for%20Malaysia%E2%80%99s%20social%20media%20generation&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=INSIDER&ea=NST%20Suggested%20Articles%20Track-impressions-custom&el=(builder%20ID%3A%20438)%20-%20Variation%20Ratio%3A%2095%25&_u=aHDAiAABBAQCAG~&jid=&gjid=&cid=1053354340.1643042539&tid=UA-27970811-1&_gid=2032936465.1643042539&gtm=2wg1j05WNLRMX&z=1243673210

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://says.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 24 Jan 2022 16:25:42 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 999
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 casale
match.adsrvr.org/track/cmf/ Frame 7C0A 70 B
264 B 31ms
31ms Image
image/gif 52.223.40.198
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/casale?gdpr=1
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https://says.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.223.40.198 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 24 Jan 2022 16:42:21 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H/1.1

200
OK

crum
dsum-sec.casalemedia.com/ Frame 7C0A
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D&gdpr=1
https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=Ye7W7UcX9kp-wlAvhtqwpQAA
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEOIMSVdo9spZO6lJ2f3YNU4&google_cver=1&gdpr=1

43 B
1010 B

35ms
34ms

Image
image/gif

92.122.254.129
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEOIMSVdo9spZO6lJ2f3YNU4&google_cver=1&gdpr=1
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https://says.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol: HTTP/1.1
Server: 92.122.254.129 Schiphol, Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a92-122-254-129.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 24 Jan 2022 16:42:21 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Mon, 24 Jan 2022 16:42:21 GMT

Redirect headers

pragma: no-cache
date: Mon, 24 Jan 2022 16:42:21 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEOIMSVdo9spZO6lJ2f3YNU4&google_cver=1&gdpr=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 325
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 pixel
cm.g.doubleclick.net/ Frame 7C0A 170 B
188 B 57ms
56ms Image
image/png 142.250.74.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=Ye7W7UcX9kp_wlAvhtqwpQAABFcAAAAB&gdpr_consent=&us_privacy=&gdpr=1

Requested by

Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https://says.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.74.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s02-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 24 Jan 2022 16:42:21 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

dcm
s.amazon-adsystem.com/ Frame 7C0A
Redirect Chain

https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=Ye7W7UcX9kp_wlAvhtqwpQAABFcAAAAB
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=Ye7W7UcX9kp_wlAvhtqwpQAABFcAAAAB&dcc=t

43 B
645 B

100ms
100ms

Image
image/gif

209.54.180.144
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=Ye7W7UcX9kp_wlAvhtqwpQAABFcAAAAB&dcc=t

Requested by

Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https://says.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1

Protocol

HTTP/1.1

Server

209.54.180.144 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 24 Jan 2022 16:42:21 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: PTQBHSZZPTTRW107VMRA
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Mon, 24 Jan 2022 16:42:21 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: 0JR44V9YM7NFXZP2EWCV
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location: https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=Ye7W7UcX9kp_wlAvhtqwpQAABFcAAAAB&dcc=t
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 403 match
c1.adform.net/serving/cookie/ Frame 7C0A 0
331 B 83ms
29ms Image
text/plain 37.157.4.24
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c1.adform.net/serving/cookie/match?party=29&gdpr=1

Requested by

Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https://says.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.4.24 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 24 Jan 2022 16:42:21 GMT
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H/1.1 400
Request failed due to privacy signals getuid
secure.adnxs.com/ Frame 7C0A 0
0 25ms
7ms Image
text/html 37.252.172.36
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure.adnxs.com/getuid?https://dsum-sec.casalemedia.com/crum?cm_dsp_id=46&external_user_id=$UID&gdpr=1
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https://says.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 37.252.172.36 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS: 692.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

GET
H/1.1

200
OK

crum
dsum-sec.casalemedia.com/ Frame 7C0A
Redirect Chain

https://nep.advangelists.com/xp/user-sync?acctid=405&redirect=https%3A%2F%2Fdsum-sec.casalemedia.com%2Fcrum%3Fcm_dsp_id%3D195%26external_user_id%3D%7BPARTNER_VISITOR_ID%7D%0A
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=195&external_user_id=av-b477ca70-a7e5-401a-913b-f1a2fa1b9d16

43 B
1 KB

45ms
45ms

Image
image/gif

92.122.254.129
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=195&external_user_id=av-b477ca70-a7e5-401a-913b-f1a2fa1b9d16
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https://says.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol: HTTP/1.1
Server: 92.122.254.129 Schiphol, Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a92-122-254-129.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 24 Jan 2022 16:42:21 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Mon, 24 Jan 2022 16:42:21 GMT

Redirect headers

location: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=195&external_user_id=av-b477ca70-a7e5-401a-913b-f1a2fa1b9d16
date: Mon, 24 Jan 2022 16:42:21 GMT
server: Apache-Coyote/1.1
content-length: 0

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 7C0A
Redirect Chain

https://pixel-sync.sitescout.com/dmp/pixelSync?nid=48&gdpr=1
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=64&external_user_id=no-consent&expiration=1645634541

43 B
983 B

42ms
32ms

Image
image/gif

92.122.254.129
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=64&external_user_id=no-consent&expiration=1645634541
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https://says.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol: HTTP/1.1
Server: 92.122.254.129 Schiphol, Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a92-122-254-129.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 24 Jan 2022 16:42:21 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Mon, 24 Jan 2022 16:42:21 GMT

Redirect headers

pragma: no-cache
date: Mon, 24 Jan 2022 16:42:21 GMT
server: AC1.1
p3p: CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=64&external_user_id=no-consent&expiration=1645634541
cache-control: max-age=0,no-cache,no-store
content-length: 0
expires: Tue, 11 Oct 1977 12:34:56 GMT

GET
H/1.1 200
OK htw-pixel.gif
js-sec.indexww.com/ht/ Frame 7C0A 43 B
425 B 16ms
15ms Image
image/gif 92.122.254.129
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://js-sec.indexww.com/ht/htw-pixel.gif?Ye7W7UcX9kp-wlAvhtqwpQAA%261111
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https://says.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 92.122.254.129 Schiphol, Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a92-122-254-129.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Mon, 24 Jan 2022 16:42:21 GMT
Last-Modified: Tue, 24 Jan 2017 19:36:04 GMT
Server: Apache
ETag: "761e21-2b-546dc3a097100"
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=1750
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: image/gif
Content-Length: 43
Expires: Mon, 24 Jan 2022 17:11:31 GMT

GET
H3 200 ga-audiences
www.google.com/ads/ 42 B
63 B 78ms
77ms Image
image/gif 2a00:1450:4001:82f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-27970811-1&cid=1053354340.1643042539&jid=2112098560&_u=aHDAiAABBAQCAG~&z=105294546

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://says.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 24 Jan 2022 16:42:21 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ga-audiences
www.google.de/ads/ 42 B
63 B 75ms
75ms Image
image/gif 2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-27970811-1&cid=1053354340.1643042539&jid=2112098560&_u=aHDAiAABBAQCAG~&z=105294546

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://says.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 24 Jan 2022 16:42:21 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame A030 13 KB
5 KB 89ms
40ms Document
text/html 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://says.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5046
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 24 Jan 2022 15:46:50 GMT
expires: Tue, 24 Jan 2023 15:46:50 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
content-type: text/html
age: 3331
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 1623 783 B
535 B 49ms
49ms Document
text/html 2a00:1450:4001:82f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

be7e0103b3622667991b3702ad70eae1fff6c894cca1840c97dec2c3c7984b60

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-4S2wh4KId0IybbVkTEIHzg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://says.com/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Mon, 24 Jan 2022 16:42:21 GMT
date: Mon, 24 Jan 2022 16:42:21 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-4S2wh4KId0IybbVkTEIHzg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 513
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H2 200 hit Show response
hit.api.useinsider.com/ 16 B
129 B 75ms
64ms XHR
text/plain 2606:4700::6811:a772
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://hit.api.useinsider.com/hit
Requested by: Host: says.api.useinsider.com
URL: https://says.api.useinsider.com/ins.js?id=10002153
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:a772 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97

Request headers

Referer: https://says.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Mon, 24 Jan 2022 16:42:21 GMT
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-allow-methods: GET
content-type: text/plain; charset=UTF-8
access-control-allow-origin: *
request-id: 97328652-f583-4587-9f0b-c804a01c5ca5
cf-ray: 6d2ab6eaf8c92bc6-FRA
content-length: 16

POST
H2 200 hit Show response
hit.api.useinsider.com/ 16 B
99 B 113ms
113ms XHR
text/plain 2606:4700::6811:a772
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://hit.api.useinsider.com/hit
Requested by: Host: says.api.useinsider.com
URL: https://says.api.useinsider.com/ins.js?id=10002153
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:a772 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97

Request headers

Referer: https://says.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Mon, 24 Jan 2022 16:42:21 GMT
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-allow-methods: GET
content-type: text/plain; charset=UTF-8
access-control-allow-origin: *
request-id: 57fc1cb3-d19a-4dc2-b39f-6e031e0257fd
cf-ray: 6d2ab6eb08d42bc6-FRA
content-length: 16

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 1623 0
0 131ms
80ms Image
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2022011408&jk=4158271735019086&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

GET
H3 200 VYSAmqkCqqI2p1vG7N0EZhME2mSBj47Ds8I6nIhDmP4.js Show response
pagead2.googlesyndication.com/bg/ Frame A030 35 KB
13 KB 40ms
40ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/VYSAmqkCqqI2p1vG7N0EZhME2mSBj47Ds8I6nIhDmP4.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5584809aa902aaa236a75bc6ecdd04661304da64818f8ec3b3c23a9c884398fe

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 24 Jan 2022 15:15:44 GMT
content-encoding: br
x-content-type-options: nosniff
age: 5197
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13526
x-xss-protection: 0
last-modified: Wed, 12 Jan 2022 16:08:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 24 Jan 2023 15:15:44 GMT

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame A030 0
9 B 39ms
39ms Image
text/plain 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?RNZUfQ
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 24 Jan 2022 16:42:21 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H2 200 amp4ads-v0.mjs Show response
cdn.ampproject.org/rtv/012111152338000/ Frame 539C 190 KB
55 KB 216ms
41ms Script
text/javascript 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012111152338000/amp4ads-v0.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011408.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

14b52d5e44212b22f6de0be5caeeb5bba561a29fd91bf6076bf1ad6d45ecae6f

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://says.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 278174
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 55581
x-xss-protection: 0
server: sffe
date: Fri, 21 Jan 2022 11:26:07 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "8559bae154d80579"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Sat, 21 Jan 2023 11:26:07 GMT

GET
H2 200 amp-ad-exit-0.1.mjs Show response
cdn.ampproject.org/rtv/012111152338000/v0/ Frame 539C 13 KB
5 KB 277ms
102ms Script
text/javascript 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012111152338000/v0/amp-ad-exit-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011408.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4e46e56dce46d21c527e164d6749fb5ff0101f400aede06a8711196da9e5c619

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://says.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 278174
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4994
x-xss-protection: 0
server: sffe
date: Fri, 21 Jan 2022 11:26:07 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "b314c3eb801664ba"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Sat, 21 Jan 2023 11:26:07 GMT

GET
H2 200 amp-analytics-0.1.mjs Show response
cdn.ampproject.org/rtv/012111152338000/v0/ Frame 539C 89 KB
28 KB 281ms
106ms Script
text/javascript 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012111152338000/v0/amp-analytics-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011408.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

279249ed963fcd87e6321b024c0194248dd1b44af5353e134071cdfff953967b

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://says.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 278174
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28443
x-xss-protection: 0
server: sffe
date: Fri, 21 Jan 2022 11:26:07 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "976e6f5df80f4e35"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Sat, 21 Jan 2023 11:26:07 GMT

GET
H2 200 amp-fit-text-0.1.mjs Show response
cdn.ampproject.org/rtv/012111152338000/v0/ Frame 539C 5 KB
2 KB 301ms
126ms Script
text/javascript 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012111152338000/v0/amp-fit-text-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011408.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

63697d88ab7b6e34e76e5990b867c706cb4346c27ec1c5a034c4d91dfb136778

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://says.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 278174
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1727
x-xss-protection: 0
server: sffe
date: Fri, 21 Jan 2022 11:26:07 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "423ab13fb6ff63c9"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Sat, 21 Jan 2023 11:26:07 GMT

GET
H2 200 amp-form-0.1.mjs Show response
cdn.ampproject.org/rtv/012111152338000/v0/ Frame 539C 40 KB
13 KB 302ms
127ms Script
text/javascript 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012111152338000/v0/amp-form-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011408.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ffd015b1bb0125d07c39cbfcdee6a8e2b604b55ea1936cf550fe1f9fbdbf2ae4

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://says.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 278174
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12843
x-xss-protection: 0
server: sffe
date: Fri, 21 Jan 2022 11:26:07 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "08cf721d9e54e414"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Sat, 21 Jan 2023 11:26:07 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 539C 8 KB
1 KB 220ms
48ms Stylesheet
text/css 2a00:1450:4001:811::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011408.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

f93d0298dd39f7dff18566a5b2754067e26c0182b469fd6b24e5d63429fef88b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://says.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 24 Jan 2022 16:32:46 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Mon, 24 Jan 2022 16:42:21 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 24 Jan 2022 16:42:21 GMT

GET
H3 200 ms.png
tpc.googlesyndication.com/pagead/images/abg/ Frame 539C 3 KB
3 KB 40ms
40ms Image
image/png 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/abg/ms.png

Requested by

Host: says.com
URL: https://says.com/my

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e21f4e7e88783b14a82c666b81649a49dace8b1fd9a1ec27a8e17b2ae26bbc94

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://says.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 24 Jan 2022 13:54:39 GMT
x-content-type-options: nosniff
server: cafe
age: 10062
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
etag: 12948112503563494795
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3020
x-xss-protection: 0
expires: Tue, 25 Jan 2022 13:54:39 GMT

GET
H3 200 icon.png
tpc.googlesyndication.com/pagead/images/abg/ Frame 539C 344 B
368 B 39ms
39ms Image
image/png 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/abg/icon.png

Requested by

Host: says.com
URL: https://says.com/my

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

53b99e4bde7498900885e58f9d6c383258f8a59b04389d6b54d3d4b89537b6f2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://says.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sun, 23 Jan 2022 16:59:05 GMT
x-content-type-options: nosniff
server: cafe
age: 85396
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
etag: 6766994032117382215
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 344
x-xss-protection: 0
expires: Mon, 24 Jan 2022 16:59:05 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 539C 0
0 47ms
46ms Image
text/html 2a00:1450:4001:82f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQHdHUywi88BKloKZELnuWGph3xlxdUcA2kpZw4jHR3QZ_CsgtUslDTUZKgOXQRNfc8QT9n
Requested by: Host: says.com
URL: https://says.com/my
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://says.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 539C 0
0 124ms
123ms Image
text/html 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CeMM27dbuYZoB7JD27w_xpYjwA5D5rO1nyInoosMPFBABIIeWryBgleKQgqAHoAGhqJ-6AcgBCakCwli4Ndz9sj7gAgCoAwHIAwqqBPUBT9DbqChe-Y7WxLoQBsfkL_rFzsZh8AZEnA_kW8NJfAHAMsmZCkPoFwr8XlFIWrpZ1rT9M97Slpi5rO8TJ2f4ddzdfmihaKxqfjinvUMp3LfnGgQJxpRDMNZsQZ0yLUPfjfEc7WNecRFM5MwI6QlcEmUyY-_6lt5Ft49l7hhKdd_YbxoX_bylPTFCm4D86FeIxBEDe_p10g2sz_fUmPotHZQbEAHQf1XI7OeuuPq0r12K6DQouWEHz37Y07t6F-AytQfW8-n4VA4gYEmtbdCom07rQoXs6Cw-DVC95rtudNVKjS_rI9QhYR6GrMbg0-ANJrm_613ABOqHuOHtA-AEAZIFBAgEGAGSBQQIBRgEkgUECAUYGJIFBQgFGKgBoAYugAfH1-DFAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4b2AcA8gcEEJncCdIICQiA4YBwEAEYHYAKA8gLAbgTiCfYEw3QFQGYFgGAFwGyFx4KHAgAEhRwdWItMzI5MTY4ODQyMDY4MDczNhifhgY&sigh=Uqio7osyLjQ&uach_m=[UACH]&template_id=5000&uap=UACH(platform)&uapv=UACH(platformVersion)&uaa=UACH(architecture)&uam=UACH(model)&uafv=UACH(uaFullVersion)&uab=UACH(bitness)
Requested by: Host: says.com
URL: https://says.com/my
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.186.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra24s08-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://says.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

GET
H3 200 container.html Show response
cd39953b3f13420a8f7dd021c757ad13.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 402E 6 KB
3 KB 86ms
41ms Document
text/html 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cd39953b3f13420a8f7dd021c757ad13.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011408.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://says.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 24 Jan 2022 16:42:21 GMT
expires: Tue, 24 Jan 2023 16:42:21 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
content-type: text/html
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 container.html Show response
cd39953b3f13420a8f7dd021c757ad13.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 62BB 6 KB
3 KB 88ms
44ms Document
text/html 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cd39953b3f13420a8f7dd021c757ad13.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011408.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://says.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 24 Jan 2022 16:42:21 GMT
expires: Tue, 24 Jan 2023 16:42:21 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
content-type: text/html
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 container.html Show response
cd39953b3f13420a8f7dd021c757ad13.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame CDAE 6 KB
3 KB 81ms
37ms Document
text/html 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cd39953b3f13420a8f7dd021c757ad13.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011408.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://says.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 24 Jan 2022 16:42:21 GMT
expires: Tue, 24 Jan 2023 16:42:21 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
content-type: text/html
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 77ms
77ms Image
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=225&t=2&li=gpt_2022011408&jk=4158271735019086&bg=!a2ilaCzNAAZ_DxPPfw87ACkAdvg8WiOUyQTRI62Ih-UV0lgpxDBYqv2bI-nArwpCcbwRYHd7S-2XjAIAAACyUgAAAANoAQcKACmiOVX4HH5WzAkdD8YRF6q5uYwVM1t6cLmFvAj20OjbLvdAEydc9ZMkcJkCwVyWynTiI4E_KAndI9hJnMG-BTzqricLR-5lfLwq7q1xMdCw5ApbAJiMt6GewA4Sd2L2eqNtXTBMmJUIuwZXWA4yawExR5zWJUFhejQO3n2uuwG6mMgBfgYmpbGla6bGOWexCansLGmA9qozRc07tiTyFuCr2H1V2eJLfNPa3ZaEDybuz8hyPPB-7XxtSUZu7uyJ9EyBH1Sf89XZFyS1sQ3PRRXJHcR7CqHbz6j_prUHGaA9uAPYNHzhzY8iKLojCGETTCW8GLjoypDBwd0zwf_6WS4-Lpbx5ZntUstEQXpFm1RKHTIeWdiDOudZDfktb2S8dsB1GVieewKf4KwA4e9DNgjMNRwNAmE4AWZatcj75xj_6yE-3WSTwf1Ym3f2_h9_6MQEkBU4Izn2WM7_5xgdc0VMks9afp1iBki4Zdyb02NJpqHwVB60Lhp19Lv2VACrTfeQoH5d-4nsuTl1CBen0jT9k5Fsod07u1BJtAT7jxRfVV70CGNVNMocAUJZcNuLhwPOZewPVAMAfNx5g6zPPRlj8dDAtJEvSlEhgLvrLPUmoaa5kvJnv8bMPjaFzJF8rXpjCmZv12OWQJjauUqsczN2QOgm1WKFlrsexSK8slQnCV91P6Gi4p2biOchgnuAPCy92ut60MKfhoMBlXoGegRCNs_FO6zVLrScwvkBjDBoC_aRLqRoH_6u5jqvte1MszZWuelNSB8xewfv1qn64JODgrfP3konyVezaYS_2uUXhBN8r0uxHzqXSI03ksji39YJmDeM4YMBtUA7RqliNjn1gJRmzd5DjHvtRUQm08kcRzdKt7dlhvp8sbTdrCWuouYIOwkVmrfP01KdLVLdvAfNNRu47yvo_zr53uxyZN3REoNazMn2GeECyQ786x1iWjtTBPevngxbU6OjUD-YOSn7d3XKHtyZDCZS8aMyhQ

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://says.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 24 Jan 2022 16:42:21 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect Show response
g.clarity.ms/ 0
48 B 1731ms
867ms XHR
text/plain 52.182.214.99
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://g.clarity.ms/collect
Requested by: Host: g.clarity.ms
URL: https://g.clarity.ms/s/0.6.31/clarity.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.182.214.99 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://says.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

access-control-allow-origin: https://says.com
date: Mon, 24 Jan 2022 16:42:23 GMT
access-control-allow-credentials: true
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
request-context: appId=cid-v1:7f62cbe7-9d8b-4a41-a628-fbaa3aa5c695

GET
H3 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/4642755143931307982/ Frame 539C 19 KB
19 KB 40ms
40ms Image
image/jpeg 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/4642755143931307982/downsize_200k_v1?w=600&h=314

Requested by

Host: says.com
URL: https://says.com/my

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2cdfa2c21bbfe841c179c4be7f355aeaea6acf1630318ee6dd32b99bc447bd56

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://says.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 22 Jan 2022 01:58:11 GMT
x-content-type-options: nosniff
age: 225850
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19300
x-xss-protection: 0
last-modified: Wed, 15 Dec 2021 10:09:41 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sun, 22 Jan 2023 01:58:11 GMT

GET
DATA 200
OK truncated
/ Frame 539C 206 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 44eefef34507164f4234b958d8f6906488a2521071379498041568bae9499b2e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame 539C 209 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d7779d95203bed5280ee3281f856607f95ac5df680547356656c7109d7d0a6a6

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame 539C 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 39e9ab60f6c54fed8ede3d4477ae38b99b3b7c3f029cbb18019644e76ae62ac2

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2
fonts.gstatic.com/s/googlesans/v41/ Frame 539C 28 KB
28 KB 136ms
39ms Font
font/woff2 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v41/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

05e2888e835d97fe6e4cfb256f62f47d5dccf6d9ac202ea9d82a6bc2b1716c1d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://says.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 18 Jan 2022 18:14:29 GMT
x-content-type-options: nosniff
age: 512873
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28196
x-xss-protection: 0
last-modified: Tue, 18 Jan 2022 17:53:50 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Wed, 18 Jan 2023 18:14:29 GMT

GET
H3 200 css2
fonts.googleapis.com/ Frame CDAE 4 KB
634 B 94ms
47ms Stylesheet
text/css 2a00:1450:4001:811::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap

Requested by

Host: cd39953b3f13420a8f7dd021c757ad13.safeframe.googlesyndication.com
URL: https://cd39953b3f13420a8f7dd021c757ad13.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

ab7475d461d9f613ef90faa375ec3387987dd7536af23c13cacd6be9c0c0e370

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://cd39953b3f13420a8f7dd021c757ad13.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 24 Jan 2022 15:15:54 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Mon, 24 Jan 2022 16:42:22 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 24 Jan 2022 16:42:22 GMT

GET
H2 200 feedback_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame CDAE 205 B
743 B 140ms
41ms Image
image/png 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/feedback_grey600_24dp.png

Requested by

Host: cd39953b3f13420a8f7dd021c757ad13.safeframe.googlesyndication.com
URL: https://cd39953b3f13420a8f7dd021c757ad13.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://cd39953b3f13420a8f7dd021c757ad13.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 24 Jan 2022 10:37:09 GMT
x-content-type-options: nosniff
age: 21913
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 205
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Tue, 24 Jan 2023 10:37:09 GMT

GET
H2 200 settings_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame CDAE 604 B
695 B 141ms
41ms Image
image/png 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/settings_grey600_24dp.png

Requested by

Host: cd39953b3f13420a8f7dd021c757ad13.safeframe.googlesyndication.com
URL: https://cd39953b3f13420a8f7dd021c757ad13.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://cd39953b3f13420a8f7dd021c757ad13.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 24 Jan 2022 09:45:08 GMT
x-content-type-options: nosniff
age: 25034
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 604
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Tue, 24 Jan 2023 09:45:08 GMT

GET
H3 200 interstitial_ad_frame_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220119/r20110914/elements/html/ Frame CDAE 18 KB
8 KB 39ms
39ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220119/r20110914/elements/html/interstitial_ad_frame_fy2019.js

Requested by

Host: cd39953b3f13420a8f7dd021c757ad13.safeframe.googlesyndication.com
URL: https://cd39953b3f13420a8f7dd021c757ad13.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b277171297bfc840b62b9f160060bf8fc630389b0dee3aadcbb0e855ac7ecbc8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://cd39953b3f13420a8f7dd021c757ad13.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 24 Jan 2022 16:17:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1472
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8104
x-xss-protection: 0
server: cafe
etag: 11153116566150069083
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 07 Feb 2022 16:17:49 GMT

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame 0CAE 0
735 B 19ms
18ms Script
text/html 37.252.172.250
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.172.250 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

538.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 24 Jan 2022 16:42:21 GMT
X-Proxy-Origin: 185.213.155.165; 185.213.155.165; 538.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid: 46f82045-ade0-466a-862c-36b7c66274b5
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame C9ED 0
16 B 53ms
51ms Document
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CJb4yM4CEO6Mm4oDGLaV-b0BMAE&v=APEucNXV02piRj0N1JrnDdhElQzU3KiDXpshjmBs_wQ6Lt4KP-2tNpdKdOCIztG7lSycx2ImBavI8l88s7TrehBoxKNzZig-Nw

Requested by

Host: cd39953b3f13420a8f7dd021c757ad13.safeframe.googlesyndication.com
URL: https://cd39953b3f13420a8f7dd021c757ad13.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://cd39953b3f13420a8f7dd021c757ad13.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Mon, 24 Jan 2022 16:42:22 GMT
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 402E 55 KB
27 KB 84ms
82ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AR0s9bBCdos5GNE_8VXspLnur2QohjOuZBuZpbCHWMAomq-QErs1KDXA_chApdOosvf7nmP-cBHwbnT9QnVx2jkloFC3ztO0-d0kfqwo4WFSaAVMCv8F2J4wxcRyY2aKUCLxqXRGICry6UHEcPeZTU6KkXVA&dbm_d=AKAmf-DVeOgiGMIodl-9btVsWfiWk2wjwk3KIU3aOKHpARTdApkZapwMcQDBUAnozb_kdzrD39w5D3vvrdlfvjP0dlb1ZdISLZMOQRv1wXm8WW3zrPRedJCHbG5uBxDjoTMLW09Z2NYEmLqkT8D2SYLPIQ-mW7lv4xBcy33TnI3MdSz_SB2ipOUAboFLAPu0aHXwekL6hNx4YlQ9YSVCLGzJTYEg6zxImxMvp1suk66ebIICBMPnQ0umjHPK-0ultDGHNJAzN79geHp0FzTKYVWUyAQ5VUaP0aJN-LtTbIMRwtZJ8xpuUH5RsEp7wJzI-vO4B90cR5XKt3JELOrN9a1lD1v1sIc7vjJJfUDHEby99iQXEZX6KJPm0kI-iHtVBJYhqF3WHfVrBdCKNyXyt1lL8Jg3IL-AVbxSFuGV7ahz_eDJkEMsiwpOQuLQcQKplRRb5CozmP3mcAu4OZKItl6fHzUUKsYDfHdG6tlNg5KqG093FBE2WdifAkNQlEyArt8LYT2JWaTxFI6WeAgeI0STpFtrv-0FOlXvAU3S3g1YOatPtum_hfKmZVEqWkaYl6O0ptGU5hXDmWNgDtifqP8QnycdXkLrK9bFrzOHyEAZqyBl8IyaDkyO4jLZDP6BU_SUVOcOQxIkczfrJtsb6tFEVZI5eeD0KR7rMqbZMiML_oaBMiw80BMIxXQuv_HopSm5In3nWF9GfWULyslQkh4MXSkn0CbNNJc0dujS-XQLNbo7KGGtkPZR_D_WvgtxaerLdh-GnoQYC7PgNW9qukIcDMPPROJeg9qEpb8ADtmX11FbNFzWPXYbZHJfdfzIhRPI8nzawwxBLYooUsQ1PB5uF6VE6GP4oIjrQhfW7OBOEeUhbHzLFDqMoUp6P7hrLVPl1rZwsJ-PMKzfrMuWfIjYAwYPTrnpqNgthII1hGzGicPih1aXFZSiOsi57ZbO0S--VE7_OcseFMPAw-1a8DtSi4QMB-lniu-TajG6Uk1yqlaPGHQKKMuhrsdykjoQMany9tTZRjph2MiVf5NnGHgynD5untStfZ5Es_7Blal0dWjg4XqWbKWT9L5V5AomvYPhDUgb3CaRPrrBDl2B_yMjYnJ64PLt37x0_3ynMbHgVR7d-TRqIHCXzYrQJtEAg_MsTCdA_dB3ZO0w9DhWcsxhX5Fx_hM2U_po9l_jwkmWAT3QrcOyl4TCST2Zg3JCADb8RLrTRnznDumWrpMZn4oRSa-6FGXACwhRYw2ZQ4Jqd5gL_tr9JHpM8fPPrWqsz0-00crr8w9_EF4-6M6Va1Sc07KHK4rCjvnXxGmgryj376BoZdFJoWIN54W4e3N3SRoM8h1hY_OMUkPO1UEmX1qixUfgvhUJ_9nTPZv43_QB1ZB5b7xKw161y8sT268pQlcEFKTeaapv-MpAdnm4bYnsGRtVyxAgsbrOIOWjE_BhGdAOjqdfMjdh4IPFBsSDVRQm9niIuVGDdbKGi_8aICtbNih2NgYk-gsCqq-o-xduEQQIV1yb05ZWFJPv3jOZr-pcPiiuqZRKTAOds7meUu0t49EZi4OZMk-Bai0C8SuzH-baitkuxP2LIJKlsRq-1srviXBX2LN3pfuVJQ1bCHUdIIeuDQ8TFJhm2PJYYC69kcpb-J366W8Xt2tMh78s7fGg7gIrC6BKxr3yuDeQbndhMCfOYSI_euk2zCu6qRL9j1adW-bvfu2SGfyE0xFsFHZTc2d67msjcVBr4pkhE3UwiB2Qn94KzTnD7zEIZqbTuVj5vu2BmWirIAyF4toO3sdvl6SOtLa_MMB3vMkRVCZJTqFHrkuAOAFceYhxUPTPZtgz7Wrwefis6d0voOFNfE7JAJuWe_NjM60b-ZirOUSuhcMu91KM5n5m9ChE1fvgT8APTPUXXazcqypjXMAzzjpjNEBk8Q4gV5zYNCzzCYp-ei18SDkzWT8K9S2Sqr9W1D7FG6YuUqWAR1tw2gySDqzh6m9RvvnpLCHRUN4ufXiqkqyixxg6qY3NC83zOdpmSxg9_ms1mOga76XrqiDjxV3owikVe9HETYZ2MJP6rENEwg9rQMV-WVNY-8l6q2FaFy6kvRZAcpgknxtNghZQEwaYR893HTYlSacy5XJ6dD3SJYhbHB5Ahy8S-GQUZmSZEl-44-s6LodGwXBI2F9n4dDRPDAKTS5dtNW5eqFNxWqTiXczSNb32es8eifxbBMtpfyjEsCsyXg4xbI9ThYZIeRBqdiwpcU60k7JdP0hB2ttrxPj7sSJ3Tz7dNXBzMFfnpJx1A6tom053_nt96ny2Z0L8OQrzbL9GXynldc4JcNn560uZ-ja6jBrcLp6ZJ28VDwNoXiJghIXxZVGKEeyWTdhFOZQppvo2CbPigumuImwKGEacff8rQdfFevCE3R2K85OTf9FsFkP9xuybHeYJaPhNPJcbYYZc5y-ouO8UTwUNUw-rXWQD0LNeRl-iVeNJN3XJpdhwJ6dg_YNwX_8YPKFwoFp2WRdkwMOS92Dnrm7dId8Ggao0qwO89YFZIz0lYBwPgaoFj5xwgoAOVF6cn06UcsMi46zTurHponT2pmJ3MHN2GtC7yTxIKZr3SBBQ-3od-iZK5kkq0bn44BBx2c775ZG5brUjFrhq6On9Q6baN9tACjfItJL4rLRjvOg__mzBp2lyv4IlkawESUKPo_89KxPR1KtNd3W-gUuyWCfAnHkTXeQMXjXRgO5Wz1z_O5Oir1z7WDb9hVSrbMK2HE107dfb3Kd0PRC9O9O1fIUql291OMCmSAMaAygKXX44-1jAHvGTQm9fzdfbAmFXq4ZWfhJfjWY4b2Fa7FdTNq1nhbhRiaYdQ4Zzobh4iqiVDciUr6RFBQ2v4T7fC1PzPvufIl4CPoDhDd-JiCdJ6OFg7ZDplOrh3PzQ7uA_35Txdey6dtVK4CVsXiDigwWBO7T3GC9HPlRtm-dZP4T2b8sjuA5a17dVO2wxJ-aCQpni0YqQbOCXJR4zlp4VQYZ7L8uoLKfSdX8g139uXhYZji1tV9D1OmmvRxDq-0xf2BHpSoiU872iQvwNDR3gwsa0CMGTS1P1Umk-sFaaVw3C9TRQluV_jUR7_dXGS6I2KRcG6vxXmR-Xvo9cKOqVekl0RL6lXgOEF7bPCNEKZg1uxjX9q9T95x0OYWjT3hIBb7sEXfV_VOJ-X0&cid=CAASPeRofeP76j321oI6BxQu8ZetrZGbLIINPQS0tlskF0GOxFFkBMxZ52cR4MtSxBpa5vw_JcDXVwY_ywe7GmM&rfl=1%2Chttps%253A%252F%252Fsays.com%252F%240

Requested by

Host: says.com
URL: https://says.com/my

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8466c7362ecc7f988151f1c29b1a23439addd51acf8428d86b15bd284841d574

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://cd39953b3f13420a8f7dd021c757ad13.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 24 Jan 2022 16:42:22 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27802
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 402E 42 B
63 B 74ms
72ms Image
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-B_FdVqz1ALHxdRzJLzl0OAhFMwmJirBjmo7tZsUH4ov96-5LatsD6eifCUtyOpFLGnBerB7UZYYm5JP76xYInri1ZtSiMpsLX82q_YcMsyl8K2G4Y

Requested by

Host: cd39953b3f13420a8f7dd021c757ad13.safeframe.googlesyndication.com
URL: https://cd39953b3f13420a8f7dd021c757ad13.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://cd39953b3f13420a8f7dd021c757ad13.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 24 Jan 2022 16:42:22 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220119/r20110914/client/ Frame 402E 2 KB
1 KB 40ms
39ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220119/r20110914/client/window_focus_fy2019.js

Requested by

Host: cd39953b3f13420a8f7dd021c757ad13.safeframe.googlesyndication.com
URL: https://cd39953b3f13420a8f7dd021c757ad13.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

144822a1b5316a4e9a06ffbf5802b8c1cbbc0a3f230d81b98f362f7fe4c128c8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://cd39953b3f13420a8f7dd021c757ad13.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 24 Jan 2022 16:34:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 482
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1205
x-xss-protection: 0
server: cafe
etag: 18074202747124231361
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 07 Feb 2022 16:34:20 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220119/r20110914/client/ Frame 402E 15 KB
6 KB 41ms
40ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220119/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: cd39953b3f13420a8f7dd021c757ad13.safeframe.googlesyndication.com
URL: https://cd39953b3f13420a8f7dd021c757ad13.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

043cafc63f50b2ba976044bc7dfba6ccb1a1878d527f883cb81984c5585cd9da

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://cd39953b3f13420a8f7dd021c757ad13.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 24 Jan 2022 16:40:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 107
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6473
x-xss-protection: 0
server: cafe
etag: 5124071950003790117
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 07 Feb 2022 16:40:35 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 402E 0
0 48ms
47ms Image
text/html 2a00:1450:4001:82f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSU91LIKhvkHDINjjWHd_vDytAEEMM5ybc9LwjfCtE340QDoqBynUyPBa2u7PT6llQknYii
Requested by: Host: cd39953b3f13420a8f7dd021c757ad13.safeframe.googlesyndication.com
URL: https://cd39953b3f13420a8f7dd021c757ad13.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://cd39953b3f13420a8f7dd021c757ad13.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 402E 122 KB
37 KB 53ms
52ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: cd39953b3f13420a8f7dd021c757ad13.safeframe.googlesyndication.com
URL: https://cd39953b3f13420a8f7dd021c757ad13.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

425f48a06ab0e9a4a4d792a6677189720f377ec09a073ecdae6232a89cc221f2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://cd39953b3f13420a8f7dd021c757ad13.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 24 Jan 2022 16:42:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38060
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1642595990432946"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 24 Jan 2022 16:42:22 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 77E5 0
16 B 57ms
57ms Document
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CIKSIxC9tCMYjfySCzAB&v=APEucNWLvRB7ktkg0HpUJ2Z1uJRDTcu8zFMjBYx-qqB1uVHh0J8UBVGBmy862rgT4IyOfQAESBS9pi-UOaUPbSSjJOnkApHUYg

Requested by

Host: cd39953b3f13420a8f7dd021c757ad13.safeframe.googlesyndication.com
URL: https://cd39953b3f13420a8f7dd021c757ad13.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://cd39953b3f13420a8f7dd021c757ad13.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Mon, 24 Jan 2022 16:42:22 GMT
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 62BB 55 KB
27 KB 107ms
105ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AH06RkXZcloJUOp_4cvXIh24KSjKN9qk3ofRzM5X30WI4Gj-42IsflDNqrspaxhtgnu8bXZHX0P3rI9xTUVD8bnhTsw7L3HmEt5l1Wv51bKBx30Gt8rwhxK6v4NAbDi1OG4sWgIXciO0Lh7HL04R19-j8m2g&dbm_d=AKAmf-DgoHA-9gJdbpip4iHZaacKGZXChBkzl9m-VZmgKJlF7BTQAOYNlS5lO-XCzQPmGp1jbmJi4CxKM_j9OtTQbKe_P3LjIXPqFQimI3rV2TZv_ELbIo-rAeC1K1x1K6JpcwB_MurzyYl-DXqyVjeJvNwhBuPm2D405szM07VO80kD_WYaR7ghjcdy-hzvsVZffC_YhauNMhvg2Et3PliRU-g6-K7kv2IN_67NtbWKBZc4Ypt5PwZsciO8sGABXU9F4GWi7vPdaVKv2t2pMtZtlAXIbWB4w4tD7bEWwHdQy70zpwrhf12ipBSKqYC-ssL8GH7ZIZd9LMj1MSvMQpIda7I6Y7vIEq-Ie4nLMCGWNMobUCcXqjWTZ9xarJmSTwfpIkaWxrzlh0QMmcF_7srPWRrwo6viTZSzxJ9FPlboZdsDMSJjr6y8Q6KzLOBPxeTGrmUjWIUkoezHi4ULqLNto_hFM3mngBcsUtlMHik_Ps9uxK-wnIkYDV6dY1KcdRrUvs7aXiskt3sEbzJOJvuj0La-21U9Fz5mipLTJLrT6z3yRZ1v9vM1_9amTGKQRzyR3Kmy8sErg_sgcarKaGhTxA_Z_NB_N67qLS95ZKb5j1iKlPJvMMs5lp-muItpUePEyWX0InLqa4_jk3QkouKZzC1Mx5F0L85qVkgByLHerF-qnP7EGoXEhuXw63f8dn33BL3o1M7wxOchR_tZq6pOU8c8gmmWtghtNCYFbwWwGPg3fnKv1DXyfKGBzeD2YZivnV0TFFyaKvboCQT-tc7Qk96twPKOuOGmmx68nCtLeQcqcv8ArWRUUu8fXT2khRcE_HYKU_u9NjcJ4zK5bwph8jTJHQxARSoA-BKJOIAtD0IPTBwpZD8fU29i8Au9XjbKpcQ_ZQWgWkhuJNw_QwE91VZnKeKrVxBhCM4D9hr0xI6Ez7tmAr5PvuRmCzvahv49QuhiVnSG2qlRrpUpiHbVNhlTOWo662Xli5MaEh-aC5ChNCwLZ61yjJM9HHWkQYkm_L7s_hcsd6Ijfhu1MaiXFdf0UGTxMNojKMfMepEJOajLZMocuJztD3jpkkY4Uuc2SndWm4mNQH7xRjlwk89T15w0dh8LJFRVJo7mCQgfWhJOX71Xg7tPeRgRfQkbnBJ2MLOV7I-T_S7gsIoZf6MbpYyRbqMe-qPX4t6_tGOUYLFXY7Jl6DpXBChLeSIO4t-3UuTHMwi2DfKayflP5eHJUyYiby3tuHmgZ3MzSvO00LV6So-5Y6I4TTUZrDLyGbKNXihuR52_XkDV4Aqi-1jSMFPhL14vwnMotEgX9qXyOnxgdJ-lC5uxLNGXHXv0d95vfGl6dy4DsB0wHBNRnZ6wgpw73TB0oIFoGdNppfg1iP1LfvvjFfHXkWhcB4mOn2IcR8muO3hLD8EDfGmU_LkxeP_O6H7QWGCP_pqTYSj5ypm3ugniV4x9WyC9sXTt38OhydKdMjjM28Q0jalP7FOPhKQztTPox29InazIWeXVA88vW563Lini5Y_LkVOOHQT2UuBs68AuzZzJuTQLL37U-JfeQR8Mn3nj21Sj874kO1PD7uUXa3OjeNcze5LDfZ3m3ELItygDYeK03MbMziu3Afuttn0pdmn800RYQ9vSVWMr6XpEfxb2z1Dt_gpaOJtXhBLqpYFQhPcQ4AP4JtgzMfjhhwSjEbfFwoaYUHo4zdyA1y05kl7c97hZk7QtHavMoEKI8_kvxXxDO-uepxk7YJWmMnA9pxcJAzjX7smmlN7-mWSNgKSoPQ8Rozpfvp0KJMg9a2Nx1gKYU5cKYBjnt9Wm4qmRZhu22hlYRA9o-olcHMgotNb8Rg6ljQUWCuvbHa7AsuG54UK6FPvcV0d1w4AC911Z3_9y-oVwg8c6pcL-bd6BQ_n7ZSh1_QWMWNYXzk_o4oNZ2U8OSitKZUmQhFV04c7AipIWCYWskB8w2mu2G4GMg9DnAvXnoZa1dMH6CPFzUadl2EFNmuLIQ8OD1Rx2QLwncVJcU9Z97nDPVM_hxZabvaH5HM87r_kz8U3Kmr7pNUYXeZhIf9R8mb6yfcaJ9q6JSYhBDEXls0dW_xxiF9QTskb3ju4GqpylxQ-baxsRRJHwOskXcYGi9yKjC8jlDwBa9IZeZ3OAr2Fl_EzLnONHcR3vyP_l4RO1tANS6wS7vFb6k1zNH4QrvRQnkmQooBVTNfx8Phnx-1R6qAnnFT_vMCZH3W2TAaCbOfIQ24gewBed_OyC1xvQwlIerMmSfnGv-N2kliToJN9ytZcWzjamfOLADGEU9RK8slboFpDKqxLbxy5h-wkMtC0bgsiuC41B3OooACQyQOKHqSbtwrPF_gHhrKU_shOP0o5JrUSox7ucEeGAE4QHJx78PNA7ouLPzzxd9x7TnXbLpEr36mEuQL2B1TNPMSQgRGYetwdcjymbWt81NDs20ATh7DwL3K3jgYLYEt15xoH9TFa38uvLjdYEhuG4TnynDxfuvl0dv-41moN8JBPoKluIPS3uP5vvI0f8RCx2ve_ovEdDkToB_vpuptrTrWoCFuOP95JahkP9YveMH1JZp2HrjzanFNkAJUM3dLEgJJA33ibkEUvdKKIketDyQo6KRafbomv6c8SYQMkNIKHZCNfIOdV_StWc7BPMnGQ99PadHTO-bOpFYnADD11TXEuEt_sKSsfHjn_0kNNfUrqOGlyaUjjNqSDnMUKQU-R5MsOdt7Vy7OAg-qyuGb6Xq-kEJGB4FBK1zIEkXg-Fa_A9NrYyOPP9K3n8abYB9k0Ezd6MGlMLrH-abZDSNmXZlz6TYuLWv_QjttsWQRmRjd-SRtVBJ0kk9HzDA0WV0KoS9nsKhqCODuR2CBZv9AHJhL1jt0Rp5QtZ6yzcI8toSuWntEetp_4ZvY2fCtRW3Bxu8V5-S5OeES4kXw3JMGXOlFqhrrvZvD8NEwMNF_VSkM6Biu_hE_ZA6cRT1s7w-kX-qwZniJCafjyL3VlLKpkq4o5Zxs5iWs22SE2c&cid=CAASPeRohC2T4zajo_Xy9sNQtzf7uc7ANwFaNUywCQGlFALHkY5ViRsjxwvmRD0PwImjzGQhFEMrt7vhVG_bYkw&rfl=1%2Chttps%253A%252F%252Fsays.com%252F%240

Requested by

Host: says.com
URL: https://says.com/my

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3e1d042e9ea9932543627468c209257ba503166056f3dfcf6eb60e701b03adb7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://cd39953b3f13420a8f7dd021c757ad13.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 24 Jan 2022 16:42:22 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28073
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 62BB 42 B
63 B 73ms
72ms Image
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-CY4GHmWNxYIhz2uBBm8zDGHDjBJFouQpJIy-cWjhAnqCzJ52_nBKBzkvHpcPzZztYNZt186f1aP6610dBnzKqIJz8VOSPiivVJVvLBH4mhWzmHIXc

Requested by

Host: cd39953b3f13420a8f7dd021c757ad13.safeframe.googlesyndication.com
URL: https://cd39953b3f13420a8f7dd021c757ad13.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://cd39953b3f13420a8f7dd021c757ad13.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 24 Jan 2022 16:42:22 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220119/r20110914/client/ Frame 62BB 2 KB
1 KB 40ms
39ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220119/r20110914/client/window_focus_fy2019.js

Requested by

Host: cd39953b3f13420a8f7dd021c757ad13.safeframe.googlesyndication.com
URL: https://cd39953b3f13420a8f7dd021c757ad13.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

144822a1b5316a4e9a06ffbf5802b8c1cbbc0a3f230d81b98f362f7fe4c128c8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://cd39953b3f13420a8f7dd021c757ad13.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 24 Jan 2022 16:34:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 482
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1205
x-xss-protection: 0
server: cafe
etag: 18074202747124231361
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 07 Feb 2022 16:34:20 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220119/r20110914/client/ Frame 62BB 15 KB
6 KB 41ms
40ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220119/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: cd39953b3f13420a8f7dd021c757ad13.safeframe.googlesyndication.com
URL: https://cd39953b3f13420a8f7dd021c757ad13.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

043cafc63f50b2ba976044bc7dfba6ccb1a1878d527f883cb81984c5585cd9da

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://cd39953b3f13420a8f7dd021c757ad13.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 24 Jan 2022 16:40:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 107
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6473
x-xss-protection: 0
server: cafe
etag: 5124071950003790117
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 07 Feb 2022 16:40:35 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 62BB 122 KB
37 KB 89ms
88ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: cd39953b3f13420a8f7dd021c757ad13.safeframe.googlesyndication.com
URL: https://cd39953b3f13420a8f7dd021c757ad13.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

425f48a06ab0e9a4a4d792a6677189720f377ec09a073ecdae6232a89cc221f2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://cd39953b3f13420a8f7dd021c757ad13.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 24 Jan 2022 16:42:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38060
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1642595990432946"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 24 Jan 2022 16:42:22 GMT

POST
H2 200 data Show response
bcp.crwdcntrl.net/6/ 172 B
959 B 77ms
77ms XHR
application/json 52.17.84.146
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://bcp.crwdcntrl.net/6/data
Requested by: Host: tags.crwdcntrl.net
URL: https://tags.crwdcntrl.net/lt/c/11139/lt.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.17.84.146 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-17-84-146.eu-west-1.compute.amazonaws.com
Software: Jetty(9.4.38.v20210224) /
Resource Hash: 57389d8f2d3a18f9064c047d02704f4eb8933b3e4ed2da559ac76b5ec823a17d

Request headers

Referer: https://says.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Mon, 24 Jan 2022 16:42:22 GMT
server: Jetty(9.4.38.v20210224)
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin: https://says.com
cache-control: no-cache
x-server: 10.45.14.177
access-control-allow-credentials: true
content-type: application/json;charset=utf-8
content-length: 172
expires: 0

GET
H3 200 css
fonts.googleapis.com/ Frame 15A8 8 KB
888 B 48ms
48ms Stylesheet
text/css 2a00:1450:4001:811::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: cd39953b3f13420a8f7dd021c757ad13.safeframe.googlesyndication.com
URL: https://cd39953b3f13420a8f7dd021c757ad13.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

f93d0298dd39f7dff18566a5b2754067e26c0182b469fd6b24e5d63429fef88b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://cd39953b3f13420a8f7dd021c757ad13.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 24 Jan 2022 16:31:43 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Mon, 24 Jan 2022 16:42:22 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 24 Jan 2022 16:42:22 GMT

GET
H3 200 load_preloaded_resource_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220119/r20110914/client/ Frame 15A8 1 KB
875 B 41ms
41ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220119/r20110914/client/load_preloaded_resource_fy2019.js

Requested by

Host: cd39953b3f13420a8f7dd021c757ad13.safeframe.googlesyndication.com
URL: https://cd39953b3f13420a8f7dd021c757ad13.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

fd11fa353cc6a8560f4c35e67c6fb8a3a4061ed3de4309cdf83fca65f8319bb4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://cd39953b3f13420a8f7dd021c757ad13.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 24 Jan 2022 16:39:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 148
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 848
x-xss-protection: 0
server: cafe
etag: 2277666839114365613
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 07 Feb 2022 16:39:54 GMT

GET
H3 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220119/r20110914/ Frame 15A8 19 KB
8 KB 40ms
40ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220119/r20110914/abg_lite_fy2019.js

Requested by

Host: cd39953b3f13420a8f7dd021c757ad13.safeframe.googlesyndication.com
URL: https://cd39953b3f13420a8f7dd021c757ad13.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2039446f8956518da2c2d70116d18c92fac3b04110942de074748aa4041067fb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://cd39953b3f13420a8f7dd021c757ad13.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 24 Jan 2022 16:37:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 274
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7881
x-xss-protection: 0
server: cafe
etag: 7605774008668088057
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 07 Feb 2022 16:37:48 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220119/r20110914/client/ Frame 15A8 2 KB
1 KB 40ms
40ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220119/r20110914/client/window_focus_fy2019.js

Requested by

Host: cd39953b3f13420a8f7dd021c757ad13.safeframe.googlesyndication.com
URL: https://cd39953b3f13420a8f7dd021c757ad13.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

144822a1b5316a4e9a06ffbf5802b8c1cbbc0a3f230d81b98f362f7fe4c128c8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://cd39953b3f13420a8f7dd021c757ad13.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 24 Jan 2022 16:34:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 482
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1205
x-xss-protection: 0
server: cafe
etag: 18074202747124231361
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 07 Feb 2022 16:34:20 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220119/r20110914/client/ Frame 15A8 15 KB
6 KB 42ms
41ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220119/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: cd39953b3f13420a8f7dd021c757ad13.safeframe.googlesyndication.com
URL: https://cd39953b3f13420a8f7dd021c757ad13.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

043cafc63f50b2ba976044bc7dfba6ccb1a1878d527f883cb81984c5585cd9da

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://cd39953b3f13420a8f7dd021c757ad13.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 24 Jan 2022 16:40:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 107
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6473
x-xss-protection: 0
server: cafe
etag: 5124071950003790117
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 07 Feb 2022 16:40:35 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 15A8 0
0 47ms
46ms Image
text/html 2a00:1450:4001:82f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaTK2QuXGzKfHtNJqJE6e1vh5F4a3h_pOW6Zjv0KBtmr3j3xoL9HkR2nIv9KVxRVf2iaF8D1
Requested by: Host: cd39953b3f13420a8f7dd021c757ad13.safeframe.googlesyndication.com
URL: https://cd39953b3f13420a8f7dd021c757ad13.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://cd39953b3f13420a8f7dd021c757ad13.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 15A8 122 KB
37 KB 49ms
48ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: cd39953b3f13420a8f7dd021c757ad13.safeframe.googlesyndication.com
URL: https://cd39953b3f13420a8f7dd021c757ad13.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

425f48a06ab0e9a4a4d792a6677189720f377ec09a073ecdae6232a89cc221f2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://cd39953b3f13420a8f7dd021c757ad13.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 24 Jan 2022 16:42:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38060
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1642595990432946"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 24 Jan 2022 16:42:22 GMT

GET
H2 200 fccbdb50d0e11463e1edb3d8fcf7c364.js Show response
www.gstatic.com/mysidia/ Frame 15A8 27 KB
12 KB 40ms
39ms Script
text/javascript 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/fccbdb50d0e11463e1edb3d8fcf7c364.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: cd39953b3f13420a8f7dd021c757ad13.safeframe.googlesyndication.com
URL: https://cd39953b3f13420a8f7dd021c757ad13.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f1b3a51250ea5d2b293615f08241269ed8277b95654cddafbc0f5df8d61e6cc1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://cd39953b3f13420a8f7dd021c757ad13.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 19:13:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 336510
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11411
x-xss-protection: 0
last-modified: Thu, 20 Jan 2022 13:53:58 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Wed, 20 Apr 2022 19:13:52 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20220119/r20110914/ Frame 402E 24 KB
9 KB 39ms
39ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220119/r20110914/abg_lite.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AR0s9bBCdos5GNE_8VXspLnur2QohjOuZBuZpbCHWMAomq-QErs1KDXA_chApdOosvf7nmP-cBHwbnT9QnVx2jkloFC3ztO0-d0kfqwo4WFSaAVMCv8F2J4wxcRyY2aKUCLxqXRGICry6UHEcPeZTU6KkXVA&dbm_d=AKAmf-DVeOgiGMIodl-9btVsWfiWk2wjwk3KIU3aOKHpARTdApkZapwMcQDBUAnozb_kdzrD39w5D3vvrdlfvjP0dlb1ZdISLZMOQRv1wXm8WW3zrPRedJCHbG5uBxDjoTMLW09Z2NYEmLqkT8D2SYLPIQ-mW7lv4xBcy33TnI3MdSz_SB2ipOUAboFLAPu0aHXwekL6hNx4YlQ9YSVCLGzJTYEg6zxImxMvp1suk66ebIICBMPnQ0umjHPK-0ultDGHNJAzN79geHp0FzTKYVWUyAQ5VUaP0aJN-LtTbIMRwtZJ8xpuUH5RsEp7wJzI-vO4B90cR5XKt3JELOrN9a1lD1v1sIc7vjJJfUDHEby99iQXEZX6KJPm0kI-iHtVBJYhqF3WHfVrBdCKNyXyt1lL8Jg3IL-AVbxSFuGV7ahz_eDJkEMsiwpOQuLQcQKplRRb5CozmP3mcAu4OZKItl6fHzUUKsYDfHdG6tlNg5KqG093FBE2WdifAkNQlEyArt8LYT2JWaTxFI6WeAgeI0STpFtrv-0FOlXvAU3S3g1YOatPtum_hfKmZVEqWkaYl6O0ptGU5hXDmWNgDtifqP8QnycdXkLrK9bFrzOHyEAZqyBl8IyaDkyO4jLZDP6BU_SUVOcOQxIkczfrJtsb6tFEVZI5eeD0KR7rMqbZMiML_oaBMiw80BMIxXQuv_HopSm5In3nWF9GfWULyslQkh4MXSkn0CbNNJc0dujS-XQLNbo7KGGtkPZR_D_WvgtxaerLdh-GnoQYC7PgNW9qukIcDMPPROJeg9qEpb8ADtmX11FbNFzWPXYbZHJfdfzIhRPI8nzawwxBLYooUsQ1PB5uF6VE6GP4oIjrQhfW7OBOEeUhbHzLFDqMoUp6P7hrLVPl1rZwsJ-PMKzfrMuWfIjYAwYPTrnpqNgthII1hGzGicPih1aXFZSiOsi57ZbO0S--VE7_OcseFMPAw-1a8DtSi4QMB-lniu-TajG6Uk1yqlaPGHQKKMuhrsdykjoQMany9tTZRjph2MiVf5NnGHgynD5untStfZ5Es_7Blal0dWjg4XqWbKWT9L5V5AomvYPhDUgb3CaRPrrBDl2B_yMjYnJ64PLt37x0_3ynMbHgVR7d-TRqIHCXzYrQJtEAg_MsTCdA_dB3ZO0w9DhWcsxhX5Fx_hM2U_po9l_jwkmWAT3QrcOyl4TCST2Zg3JCADb8RLrTRnznDumWrpMZn4oRSa-6FGXACwhRYw2ZQ4Jqd5gL_tr9JHpM8fPPrWqsz0-00crr8w9_EF4-6M6Va1Sc07KHK4rCjvnXxGmgryj376BoZdFJoWIN54W4e3N3SRoM8h1hY_OMUkPO1UEmX1qixUfgvhUJ_9nTPZv43_QB1ZB5b7xKw161y8sT268pQlcEFKTeaapv-MpAdnm4bYnsGRtVyxAgsbrOIOWjE_BhGdAOjqdfMjdh4IPFBsSDVRQm9niIuVGDdbKGi_8aICtbNih2NgYk-gsCqq-o-xduEQQIV1yb05ZWFJPv3jOZr-pcPiiuqZRKTAOds7meUu0t49EZi4OZMk-Bai0C8SuzH-baitkuxP2LIJKlsRq-1srviXBX2LN3pfuVJQ1bCHUdIIeuDQ8TFJhm2PJYYC69kcpb-J366W8Xt2tMh78s7fGg7gIrC6BKxr3yuDeQbndhMCfOYSI_euk2zCu6qRL9j1adW-bvfu2SGfyE0xFsFHZTc2d67msjcVBr4pkhE3UwiB2Qn94KzTnD7zEIZqbTuVj5vu2BmWirIAyF4toO3sdvl6SOtLa_MMB3vMkRVCZJTqFHrkuAOAFceYhxUPTPZtgz7Wrwefis6d0voOFNfE7JAJuWe_NjM60b-ZirOUSuhcMu91KM5n5m9ChE1fvgT8APTPUXXazcqypjXMAzzjpjNEBk8Q4gV5zYNCzzCYp-ei18SDkzWT8K9S2Sqr9W1D7FG6YuUqWAR1tw2gySDqzh6m9RvvnpLCHRUN4ufXiqkqyixxg6qY3NC83zOdpmSxg9_ms1mOga76XrqiDjxV3owikVe9HETYZ2MJP6rENEwg9rQMV-WVNY-8l6q2FaFy6kvRZAcpgknxtNghZQEwaYR893HTYlSacy5XJ6dD3SJYhbHB5Ahy8S-GQUZmSZEl-44-s6LodGwXBI2F9n4dDRPDAKTS5dtNW5eqFNxWqTiXczSNb32es8eifxbBMtpfyjEsCsyXg4xbI9ThYZIeRBqdiwpcU60k7JdP0hB2ttrxPj7sSJ3Tz7dNXBzMFfnpJx1A6tom053_nt96ny2Z0L8OQrzbL9GXynldc4JcNn560uZ-ja6jBrcLp6ZJ28VDwNoXiJghIXxZVGKEeyWTdhFOZQppvo2CbPigumuImwKGEacff8rQdfFevCE3R2K85OTf9FsFkP9xuybHeYJaPhNPJcbYYZc5y-ouO8UTwUNUw-rXWQD0LNeRl-iVeNJN3XJpdhwJ6dg_YNwX_8YPKFwoFp2WRdkwMOS92Dnrm7dId8Ggao0qwO89YFZIz0lYBwPgaoFj5xwgoAOVF6cn06UcsMi46zTurHponT2pmJ3MHN2GtC7yTxIKZr3SBBQ-3od-iZK5kkq0bn44BBx2c775ZG5brUjFrhq6On9Q6baN9tACjfItJL4rLRjvOg__mzBp2lyv4IlkawESUKPo_89KxPR1KtNd3W-gUuyWCfAnHkTXeQMXjXRgO5Wz1z_O5Oir1z7WDb9hVSrbMK2HE107dfb3Kd0PRC9O9O1fIUql291OMCmSAMaAygKXX44-1jAHvGTQm9fzdfbAmFXq4ZWfhJfjWY4b2Fa7FdTNq1nhbhRiaYdQ4Zzobh4iqiVDciUr6RFBQ2v4T7fC1PzPvufIl4CPoDhDd-JiCdJ6OFg7ZDplOrh3PzQ7uA_35Txdey6dtVK4CVsXiDigwWBO7T3GC9HPlRtm-dZP4T2b8sjuA5a17dVO2wxJ-aCQpni0YqQbOCXJR4zlp4VQYZ7L8uoLKfSdX8g139uXhYZji1tV9D1OmmvRxDq-0xf2BHpSoiU872iQvwNDR3gwsa0CMGTS1P1Umk-sFaaVw3C9TRQluV_jUR7_dXGS6I2KRcG6vxXmR-Xvo9cKOqVekl0RL6lXgOEF7bPCNEKZg1uxjX9q9T95x0OYWjT3hIBb7sEXfV_VOJ-X0&cid=CAASPeRofeP76j321oI6BxQu8ZetrZGbLIINPQS0tlskF0GOxFFkBMxZ52cR4MtSxBpa5vw_JcDXVwY_ywe7GmM&rfl=1%2Chttps%253A%252F%252Fsays.com%252F%240

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b7c55617f84818daf4c70cc10ada26ddd5b582b1d1c2c2829b3220487a6db477

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://cd39953b3f13420a8f7dd021c757ad13.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 24 Jan 2022 16:39:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 196
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9544
x-xss-protection: 0
server: cafe
etag: 6261108306223674270
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 07 Feb 2022 16:39:06 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20220119/r20110914/elements/html/ Frame 402E 8 KB
3 KB 45ms
44ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220119/r20110914/elements/html/omrhp.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

28f18d39406a4b70dfa6cd479fe03f7ed918ca5c05cee26b87d9e1626cea1ed9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://cd39953b3f13420a8f7dd021c757ad13.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 24 Jan 2022 16:38:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 236
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3159
x-xss-protection: 0
server: cafe
etag: 1394524276809619753
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 07 Feb 2022 16:38:26 GMT

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 402E 0
571 B 217ms
116ms Ping
image/gif 216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstGH5zVK6smV5GEj4WzC7DpksZn9XimuO8OsJ_tWVf-C33w2JvcW3PAUcL6rQuQGWpfv84GLZ6QfSwadFNKGwdXFsgVCj7NBAYF29LcTSvraOIXQE8rUxz6qM44bs8Uud17bP5zaMMgY-3SEmAHZ8b55FWzdlHYdpgm316jtSEI1B82Z7QmmePeC4WUOfImyJ_8qR7eQ6JLbAf6qXQXLvUI8iRsVhZotrzA272oSLj2r7fWgF77gqsufIsmCBY-VOlJ1ZZ4OzlDyX-I0Ls2eUczgf6HalCrOrLfMchp-LLjYohjvD2ZpF0q89c7NBe-YbohXhSNo9klwPzMOpO-DbbPi12F6x2kHxVddcGz73PHhk-VsrZpRO7fxWT5BOcEdqgoO9de_dTQzZx3fV6yuwEFLC4mg56XdJkEWAnZdYnhsF4tlcUw8TNEUIDxDIJuMar1O_6LeGZkeMRwbxacvCIScnGqHIjW8oWx23QlP8qRcGKAn2TKaRxnSqqde0cWfo8wAkYj09cxNlFKIjJTy4ht0XWDYBvp8ruFDr6kko4NZLxYTo-_tbzDazggF9RgZaMfrWY7bn6v8OssmWRRGNSDld905BOFriZO7NF6Wh0OVJRA09HBS-X5Fj-7mOz4xv-MTmXUfSYNbNopydKP6_4xt1xMmCyrKL0iwS4TTLBlqK6Ch-vIMdSBRGooUJXzFD5YH4xR9TnqKGZYyJmS8oGa5UhZl7im8s5JlXrsdj_pP3EuoRpoAPHXpfcYaL5HvSU_Qv-SHCAPnah_r3MQo1YgssVLTwtoE9Si8Cvd6jyDSbWV__s7D2vpRxfXxY4vx53_6XGhihALzu09-RK5XljZnW1ft2GwLvRCYepQm_Ngqeu_H2JNl1b0zdVA-LdWMkD-zXDaRCml2-vnjOjbs3g4--QL_6xz0Iolm0oU5vdIKV7erJjYh0Ox1rXSVHQbramBJfByT3O13T3ug_oQVVMMdxZTwf1NfKSx1J9lTkPEIup_x2WJ6lUXsRDudGzMlxIIhv-ucxSTEi3DPWKexoYd8OR2EEBYWVnmiPdZiEaUU6sNd5r0mYNzBktR54CEk1eIezg3MxdzF1WtKM3Ky0mU924E4r-m16famGyvJijVCvFrSBx7otVzq-dxXZz2KsIE6irGhCE0cNijXTPKVgKcTw7UH8zp7ZGqmT7GCcka8poyCKmY&sai=AMfl-YTOes47AFvUD9438KWU_q9Ag_Xc6S6ua_XuW6384Au665lTBC0Il54Vmwbi_xdJKcsumdz-e00vUTlW4j5sgfY4jKVicA0iCrJniOLmCwwYSGpf-MkderytBOQAJZkRkkJ_W40kodPz4s-FLBpo753FeeAK96RLXXU8ENe1NdEQx-olWC7S5NbmkEL_Au32rfgQdSI_uWDfv2ALqaT6G-8JJHsRz2sWO9HF07qohw&sig=Cg0ArKJSzMFIS4IwjpvHEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1&cbvp=1&cstd=0&cisv=r20220119.41857&adurl=

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f130.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cd39953b3f13420a8f7dd021c757ad13.safeframe.googlesyndication.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
date: Mon, 24 Jan 2022 16:42:22 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 402E 41 KB
15 KB 44ms
44ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://cd39953b3f13420a8f7dd021c757ad13.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 19 Jan 2022 15:54:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 434900
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 19 Jan 2023 15:54:02 GMT

GET
H2 200 9729837070338329855
s0.2mdn.net/simgad/ Frame 402E 51 KB
51 KB 187ms
80ms Image
image/png 2a00:1450:4001:803::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/9729837070338329855

Requested by

Host: cd39953b3f13420a8f7dd021c757ad13.safeframe.googlesyndication.com
URL: https://cd39953b3f13420a8f7dd021c757ad13.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4fda4b6bfba1bc307be2f6832c07091a5506fc95c43eb3863acd340a30e8b1ec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://cd39953b3f13420a8f7dd021c757ad13.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 21 Jan 2022 12:50:21 GMT
x-content-type-options: nosniff
age: 273121
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 52474
x-xss-protection: 0
last-modified: Thu, 16 Dec 2021 12:44:12 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 21 Jan 2023 12:50:21 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20220119/r20110914/ Frame 62BB 24 KB
9 KB 40ms
39ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220119/r20110914/abg_lite.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AH06RkXZcloJUOp_4cvXIh24KSjKN9qk3ofRzM5X30WI4Gj-42IsflDNqrspaxhtgnu8bXZHX0P3rI9xTUVD8bnhTsw7L3HmEt5l1Wv51bKBx30Gt8rwhxK6v4NAbDi1OG4sWgIXciO0Lh7HL04R19-j8m2g&dbm_d=AKAmf-DgoHA-9gJdbpip4iHZaacKGZXChBkzl9m-VZmgKJlF7BTQAOYNlS5lO-XCzQPmGp1jbmJi4CxKM_j9OtTQbKe_P3LjIXPqFQimI3rV2TZv_ELbIo-rAeC1K1x1K6JpcwB_MurzyYl-DXqyVjeJvNwhBuPm2D405szM07VO80kD_WYaR7ghjcdy-hzvsVZffC_YhauNMhvg2Et3PliRU-g6-K7kv2IN_67NtbWKBZc4Ypt5PwZsciO8sGABXU9F4GWi7vPdaVKv2t2pMtZtlAXIbWB4w4tD7bEWwHdQy70zpwrhf12ipBSKqYC-ssL8GH7ZIZd9LMj1MSvMQpIda7I6Y7vIEq-Ie4nLMCGWNMobUCcXqjWTZ9xarJmSTwfpIkaWxrzlh0QMmcF_7srPWRrwo6viTZSzxJ9FPlboZdsDMSJjr6y8Q6KzLOBPxeTGrmUjWIUkoezHi4ULqLNto_hFM3mngBcsUtlMHik_Ps9uxK-wnIkYDV6dY1KcdRrUvs7aXiskt3sEbzJOJvuj0La-21U9Fz5mipLTJLrT6z3yRZ1v9vM1_9amTGKQRzyR3Kmy8sErg_sgcarKaGhTxA_Z_NB_N67qLS95ZKb5j1iKlPJvMMs5lp-muItpUePEyWX0InLqa4_jk3QkouKZzC1Mx5F0L85qVkgByLHerF-qnP7EGoXEhuXw63f8dn33BL3o1M7wxOchR_tZq6pOU8c8gmmWtghtNCYFbwWwGPg3fnKv1DXyfKGBzeD2YZivnV0TFFyaKvboCQT-tc7Qk96twPKOuOGmmx68nCtLeQcqcv8ArWRUUu8fXT2khRcE_HYKU_u9NjcJ4zK5bwph8jTJHQxARSoA-BKJOIAtD0IPTBwpZD8fU29i8Au9XjbKpcQ_ZQWgWkhuJNw_QwE91VZnKeKrVxBhCM4D9hr0xI6Ez7tmAr5PvuRmCzvahv49QuhiVnSG2qlRrpUpiHbVNhlTOWo662Xli5MaEh-aC5ChNCwLZ61yjJM9HHWkQYkm_L7s_hcsd6Ijfhu1MaiXFdf0UGTxMNojKMfMepEJOajLZMocuJztD3jpkkY4Uuc2SndWm4mNQH7xRjlwk89T15w0dh8LJFRVJo7mCQgfWhJOX71Xg7tPeRgRfQkbnBJ2MLOV7I-T_S7gsIoZf6MbpYyRbqMe-qPX4t6_tGOUYLFXY7Jl6DpXBChLeSIO4t-3UuTHMwi2DfKayflP5eHJUyYiby3tuHmgZ3MzSvO00LV6So-5Y6I4TTUZrDLyGbKNXihuR52_XkDV4Aqi-1jSMFPhL14vwnMotEgX9qXyOnxgdJ-lC5uxLNGXHXv0d95vfGl6dy4DsB0wHBNRnZ6wgpw73TB0oIFoGdNppfg1iP1LfvvjFfHXkWhcB4mOn2IcR8muO3hLD8EDfGmU_LkxeP_O6H7QWGCP_pqTYSj5ypm3ugniV4x9WyC9sXTt38OhydKdMjjM28Q0jalP7FOPhKQztTPox29InazIWeXVA88vW563Lini5Y_LkVOOHQT2UuBs68AuzZzJuTQLL37U-JfeQR8Mn3nj21Sj874kO1PD7uUXa3OjeNcze5LDfZ3m3ELItygDYeK03MbMziu3Afuttn0pdmn800RYQ9vSVWMr6XpEfxb2z1Dt_gpaOJtXhBLqpYFQhPcQ4AP4JtgzMfjhhwSjEbfFwoaYUHo4zdyA1y05kl7c97hZk7QtHavMoEKI8_kvxXxDO-uepxk7YJWmMnA9pxcJAzjX7smmlN7-mWSNgKSoPQ8Rozpfvp0KJMg9a2Nx1gKYU5cKYBjnt9Wm4qmRZhu22hlYRA9o-olcHMgotNb8Rg6ljQUWCuvbHa7AsuG54UK6FPvcV0d1w4AC911Z3_9y-oVwg8c6pcL-bd6BQ_n7ZSh1_QWMWNYXzk_o4oNZ2U8OSitKZUmQhFV04c7AipIWCYWskB8w2mu2G4GMg9DnAvXnoZa1dMH6CPFzUadl2EFNmuLIQ8OD1Rx2QLwncVJcU9Z97nDPVM_hxZabvaH5HM87r_kz8U3Kmr7pNUYXeZhIf9R8mb6yfcaJ9q6JSYhBDEXls0dW_xxiF9QTskb3ju4GqpylxQ-baxsRRJHwOskXcYGi9yKjC8jlDwBa9IZeZ3OAr2Fl_EzLnONHcR3vyP_l4RO1tANS6wS7vFb6k1zNH4QrvRQnkmQooBVTNfx8Phnx-1R6qAnnFT_vMCZH3W2TAaCbOfIQ24gewBed_OyC1xvQwlIerMmSfnGv-N2kliToJN9ytZcWzjamfOLADGEU9RK8slboFpDKqxLbxy5h-wkMtC0bgsiuC41B3OooACQyQOKHqSbtwrPF_gHhrKU_shOP0o5JrUSox7ucEeGAE4QHJx78PNA7ouLPzzxd9x7TnXbLpEr36mEuQL2B1TNPMSQgRGYetwdcjymbWt81NDs20ATh7DwL3K3jgYLYEt15xoH9TFa38uvLjdYEhuG4TnynDxfuvl0dv-41moN8JBPoKluIPS3uP5vvI0f8RCx2ve_ovEdDkToB_vpuptrTrWoCFuOP95JahkP9YveMH1JZp2HrjzanFNkAJUM3dLEgJJA33ibkEUvdKKIketDyQo6KRafbomv6c8SYQMkNIKHZCNfIOdV_StWc7BPMnGQ99PadHTO-bOpFYnADD11TXEuEt_sKSsfHjn_0kNNfUrqOGlyaUjjNqSDnMUKQU-R5MsOdt7Vy7OAg-qyuGb6Xq-kEJGB4FBK1zIEkXg-Fa_A9NrYyOPP9K3n8abYB9k0Ezd6MGlMLrH-abZDSNmXZlz6TYuLWv_QjttsWQRmRjd-SRtVBJ0kk9HzDA0WV0KoS9nsKhqCODuR2CBZv9AHJhL1jt0Rp5QtZ6yzcI8toSuWntEetp_4ZvY2fCtRW3Bxu8V5-S5OeES4kXw3JMGXOlFqhrrvZvD8NEwMNF_VSkM6Biu_hE_ZA6cRT1s7w-kX-qwZniJCafjyL3VlLKpkq4o5Zxs5iWs22SE2c&cid=CAASPeRohC2T4zajo_Xy9sNQtzf7uc7ANwFaNUywCQGlFALHkY5ViRsjxwvmRD0PwImjzGQhFEMrt7vhVG_bYkw&rfl=1%2Chttps%253A%252F%252Fsays.com%252F%240

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b7c55617f84818daf4c70cc10ada26ddd5b582b1d1c2c2829b3220487a6db477

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://cd39953b3f13420a8f7dd021c757ad13.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 24 Jan 2022 16:39:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 196
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9544
x-xss-protection: 0
server: cafe
etag: 6261108306223674270
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 07 Feb 2022 16:39:06 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20220119/r20110914/elements/html/ Frame 62BB 8 KB
3 KB 47ms
47ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220119/r20110914/elements/html/omrhp.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

28f18d39406a4b70dfa6cd479fe03f7ed918ca5c05cee26b87d9e1626cea1ed9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://cd39953b3f13420a8f7dd021c757ad13.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 24 Jan 2022 16:38:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 236
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3159
x-xss-protection: 0
server: cafe
etag: 1394524276809619753
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 07 Feb 2022 16:38:26 GMT

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 62BB 0
61 B 199ms
124ms Ping
image/gif 216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsucAXO-qidzfhHWCdcNquuuZMtrrNaHsi_Oz2xm-D0NkZO4MdXCr8cHxDpI9twvZts2WBImwo8_SXXScIel4F7NLs8yyInPshjk-WWGxCDjnsNi2QWLK1fY4tpeOhj4eaIMkcAD8-3rty6j5Y73XHfBKOww6TUgwABfKtBPRpoomnqLIwgBUdXrqzLgRXhi5vwZ_EF5Vw8ga-dd1ArThX0IS5-B1CrZASLSR4qy3JoqDDlMiAyEQRgsWOn3tV1y3MFcN6UJI1nzoO0hYLo78nYJSeSFDA9xgQ-9GK3AYEoI0O6gTbGSEKffVDTmajHEES5tvqq6Gn9Xl6fBdWBSBP1Q2Iqe_-7T_sjIsKZ13cip0wuQ35q9qGe0A7Ppjtl2EcQZz1LVtZ_wCd7qRXYX3HOXtxJbG2uMG1OehJL1ggwyT_WN-EBgIqChCkg8dqSGqsr2Rv5NCCbZJ6SnsP9JJw28A-3Mwwby3177Iltn9IDP4X8RMQoyhTa_GAf3wPBIOGu7TTUDJ-cuGI_fky4K1kHlc3ddM0xpOzkyBhPtrnF8MDO4aql0zmslBluqLUK358elEtH28A-yCOC5hH3wwD5DW-WFq-F0iXWFNcpdXwPSNeDyEqYDXOrsAeXD7zPYdHCVrLLFN3KraVk7ekSerlbqk98oFy_v-fiZNoMV5rxaM-J_BmJo97dZomCro0bChxcIdxY9BoC8HBZaTos4QBiq-fJUA4W28E2zZoctjwqW1VRuu-AL0YsCA3F7_sD5oxZrJifXOlEk36n6b5KMoTQqMyFMfPjBQP_CUU8q0Gv_bvDY1wy7W1uxO876KWq5-Js9hy2rlJQCBH3W2NcrAOKdcuaoL9NIJkx6xr9v09EzX28-6hlkT525d60lIID6vurPaClIHJykSJXSXdQVbDvFlyxxTNqyXrTClsxlWRPGqdgyUZnFgXDwWVsVqArvsmThOJmXb_71x0ljbdl4y7Ng436HLDa4QZmDMldXEmCrPfZ8wo1xOxUBmv0zo35Ojg3J4lAfJagOUbAJ02XafZWL7ZkeEBugHLuZHcfNc5xEF-_ZpWa1DvpkyhoecWAbUeAAH1hnbMOCKn7dpxE0aRYqm06XUxIL4443-887SeHGz9rPYBENegoxVS5jvoQ-gCVHmS-GLTQumcLEiuCwinq8KPdB7Out98mRfG4dYMpXIEH5IJhYxoBwJy6fhdh-dwvxKiHh0L-jdicNPx8cuYjuGXT8JB5I3i3s9tgHilWmMMJjQa5PVLAxbYvjk4rCTr6h50V2d49axT61k6W-DiRB2iBQ-z75bQ&sai=AMfl-YRY_10h1zosLbFe5lw5JRNpUjf-TLofNWzV9gQwd411u3LcYZdFCJEMhw_xfOl40okbI53VrkkUYoy8L2EJsa2CAAQSyMsw9Yl9JVJT8YTZvHk-G5dIChYf8zRWvR61eCugL3Xi76D2TEJo3w7a1SQUHKNYNncQkWaY0rvvg_D3O62jhuopJzyPYJiQBrsU8IoRHpLF8OAhfOfCpXRpp2yRnvGMyVAXDNpJOSt15ot7uhxbLvyQETXAPLoqug&sig=Cg0ArKJSzNnjDxe8jwXoEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1&cbvp=1&cstd=0&cisv=r20220119.23272&adurl=

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f130.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cd39953b3f13420a8f7dd021c757ad13.safeframe.googlesyndication.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
date: Mon, 24 Jan 2022 16:42:22 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 62BB 41 KB
15 KB 40ms
39ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://cd39953b3f13420a8f7dd021c757ad13.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 19 Jan 2022 15:54:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 434900
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 19 Jan 2023 15:54:02 GMT

GET
H2 200 6511366859606938480
s0.2mdn.net/simgad/ Frame 62BB 49 KB
49 KB 119ms
37ms Image
image/jpeg 2a00:1450:4001:803::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/6511366859606938480

Requested by

Host: cd39953b3f13420a8f7dd021c757ad13.safeframe.googlesyndication.com
URL: https://cd39953b3f13420a8f7dd021c757ad13.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

20c206e567dfcf859bf67dd502f8329b155d3c047843ee0ea775b1aef3e2c70c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://cd39953b3f13420a8f7dd021c757ad13.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 18 Jan 2022 07:40:23 GMT
x-content-type-options: nosniff
age: 550919
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 49809
x-xss-protection: 0
last-modified: Fri, 21 May 2021 21:58:00 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 18 Jan 2023 07:40:23 GMT

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 208F 143 B
163 B 40ms
38ms Document
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: cd39953b3f13420a8f7dd021c757ad13.safeframe.googlesyndication.com
URL: https://cd39953b3f13420a8f7dd021c757ad13.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://cd39953b3f13420a8f7dd021c757ad13.safeframe.googlesyndication.com/

Response headers

x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 145
x-xss-protection: 0
date: Mon, 24 Jan 2022 16:03:01 GMT
cache-control: public, max-age=3600
content-type: text/html; charset=UTF-8
age: 2361
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame 402E 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a3249016de41d3c1ab774244c20318f40adf8e21395fbd5c756981bd00ea006d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame B3AE 22 KB
8 KB 39ms
39ms Document
text/html 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://cd39953b3f13420a8f7dd021c757ad13.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
timing-allow-origin: *
content-length: 8395
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 19 Jan 2022 10:49:42 GMT
expires: Thu, 19 Jan 2023 10:49:42 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
content-type: text/html
age: 453160
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame F086 22 KB
8 KB 39ms
39ms Document
text/html 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://cd39953b3f13420a8f7dd021c757ad13.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
timing-allow-origin: *
content-length: 8395
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 19 Jan 2022 10:49:42 GMT
expires: Thu, 19 Jan 2023 10:49:42 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
content-type: text/html
age: 453160
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame 62BB 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 780d2812e157ff9e9c788d569733c1600fc8fbb80050a757359d567333483441

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Type: image/png

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 208F
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
16 B

86ms
86ms

Document
text/html

2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Host: cd39953b3f13420a8f7dd021c757ad13.safeframe.googlesyndication.com
URL: https://cd39953b3f13420a8f7dd021c757ad13.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Mon, 24 Jan 2022 16:42:22 GMT
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Mon, 24 Jan 2022 16:42:22 GMT
cache-control: private

Redirect headers

location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
cache-control: private
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Mon, 24 Jan 2022 16:42:22 GMT
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 VYSAmqkCqqI2p1vG7N0EZhME2mSBj47Ds8I6nIhDmP4.js Show response
pagead2.googlesyndication.com/bg/ Frame B3AE 35 KB
13 KB 40ms
39ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/VYSAmqkCqqI2p1vG7N0EZhME2mSBj47Ds8I6nIhDmP4.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5584809aa902aaa236a75bc6ecdd04661304da64818f8ec3b3c23a9c884398fe

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 24 Jan 2022 15:15:44 GMT
content-encoding: br
x-content-type-options: nosniff
age: 5198
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13526
x-xss-protection: 0
last-modified: Wed, 12 Jan 2022 16:08:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 24 Jan 2023 15:15:44 GMT

GET
H3 200 VYSAmqkCqqI2p1vG7N0EZhME2mSBj47Ds8I6nIhDmP4.js Show response
pagead2.googlesyndication.com/bg/ Frame F086 35 KB
13 KB 42ms
42ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/VYSAmqkCqqI2p1vG7N0EZhME2mSBj47Ds8I6nIhDmP4.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5584809aa902aaa236a75bc6ecdd04661304da64818f8ec3b3c23a9c884398fe

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 24 Jan 2022 15:15:44 GMT
content-encoding: br
x-content-type-options: nosniff
age: 5198
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13526
x-xss-protection: 0
last-modified: Wed, 12 Jan 2022 16:08:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 24 Jan 2023 15:15:44 GMT

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 62BB 0
23 B 123ms
76ms Ping
image/gif 216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f130.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cd39953b3f13420a8f7dd021c757ad13.safeframe.googlesyndication.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Mon, 24 Jan 2022 16:42:22 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 402E 0
23 B 115ms
77ms Ping
image/gif 216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f130.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cd39953b3f13420a8f7dd021c757ad13.safeframe.googlesyndication.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Mon, 24 Jan 2022 16:42:22 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame F086 0
20 B 75ms
74ms Image
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BPXtj7tbuYemwAanN7_UPsOu-2AsAAAAAOAHgBAI&bg=!AwClAETNAAZ_DxPPfw87ACkAdvg8WiLZUL5gBFCsVcqGt-Tbr-Wl-uaqQCvomj8C9XZAXMsKwRNfYgIAAADQUgAAAAVoAQeZAwpIjpz9dvwXynGgg7wv5qUSVfDXO4J4nzCazyCljH5FyP9ExU8QK6bgCU5P7WaeZKekCA8pz4qbtJR-5KC9fNuQjVNS7-qfdgyddayzjFEzl5gc671_Wz6XHELKV_szw5Dj-nejRuYH1tTIfilgnF7EKEpay4c1WaJo-TzYGYIjs1_L5F-2m1CE6zOLJ4FPWTCqGRatUK10j8F9VCrnHsGC35WNxTR-UgX5CMm_OC7087Pnv02XG2-DE4UgMpauU1owIHuFvB0h0rHXxdrM_LHZlnUowfy_xz8iFO_70ZevREtrpdGgu7P4GrqJHhtndaYnlfXbcjKDwjVz2mwVWCcgQ-_kPoPsWCTej1h3eXDqKU5MuUs2Mkgo4DHLDvkiVaWFd2P9mxm4JOpOwH6_uI3f58XPKbJQg_IsEYMfAQaff7QwAwbXy2rHnz-lpcdLaEX0wFzWMCTPkjcUW2iE1ySkyfabuHbRm8ak-kEX1eWgT8nnXo0Q9j-LNEP-ywROvIy9IRJd7tcq3N_B87jRvZVgTf1thSaurKzh4H7lsep2phpK4qsE2hw3lQB5hrR60byrJLOoSwCw_uVtgRfEF8mhu1Y2bku_8CEBqaiKXYRfFH6vfth3iIsSE-dSZJkLxaqyH318J6bWBRtGRZ65wVNCfC5WX1qIm9V3cyme9l-RBUWT8hAwNmWwdkDHsO3j8Jza1tB7n8c06emqNLRgWzzpoRVZs0-ClayaWIKSZfmU3pDqzNq13rtCrY_HG9KSaDYwYJbzNBJPFmEVSPpwailDb0u5yrWD11ANNzl8-cQw-KRQ2Eb13jYce5znw69hcWlYvoi10IsL947yIPjmV_D1NNrXXL5hSYmoB0OECxfaGX6uGKZO6ZzYrHWJQCX7jZOgan0VBC8JYTvRTR8oWAgKTMstnrIPioCvc_EDm6dyl1nWnAJJyKzBVDR-frk4sYXnPUYfTNXuur00y0jYavcd2Ct2oLZgmuvUqPMnGH_xSCabgT2w9VNSZatHRJAnyGDlubsS50IHmFvb

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 24 Jan 2022 16:42:22 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame B3AE 0
20 B 76ms
76ms Image
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BT6kW7tbuYb9g8rTv9Q_Ghaq4CwAAAAA4AeAEAg&bg=!ycqlyo7NAAZ_DxPPfw87ACkAdvg8WsGZSQVOMXwUyXp-Y1vJOT8yM8FlY4-SH-AE2lkVIXoAOIM-_wIAAAD9UgAAAANoAQcKAEbA0GAAK-c-6kLSLCi5Z17i20b6QCyKTWjbNn6Dt7c-FEciFFTKuXpVkBIX_lPFBQvv8FLn3y9j30n-XG8bt2Fc28DpSpgAmQMH7V2Qun3PnhH8Y67fgT9C1gu5AKzophUGoVuhkHAeN_4BE9Alz04r4IwMuxaPA2CqW65d3jjr81Di4KdgRwy41zI0T2TcA4yQcE30hucHeK5BVY55w-lNYVBdIsSFL0hUsxBamEnQv3D5VvWSMDVu2Of-w6FKQtYaLYcii7Q4fY7AmSZu4n04c7VWpCsjf52HihzaUX-NA651Dyqlk8h1uiVT4q7YjQqc78TD_-8Zlw5KU8KDwveQV9p1SIXAyJ_vDX1Au7KVb5bzrGS5a3OsOyykDbIhZOOBXtlZqpfqSVAmZdiaPNxq543fT_9kK2UoIotruGyXsR--BPl8mmQNsLkwMs1JXBIn4P0NBsMZy1vtsSvDnQh5HF6-Lv1wC6qV-IRRQVUDUXSeR0sDlJA4P7jouCsZnXtN-Qeeyc1No-H-ta2S7050tY9jPQhNb-h9Pu44okoyunSwIudn374dzKjxO_KN_-zvjtbGlzFxJeIGV_1AZVv4swikU-GQn6JoxeZnIjLERNrrDDqn87kYfGIpm9jfwB443DHynHm8fMMhq7zwPcdXbsr5yJsQZZ1OMn9eB3q0Wi11XjNvC1eA8bm6oWZv4cnTRjkCEqvpoDGqkiWnyMSmgnXM4fisDksXQAs62yFNodRKjHRkqXNYQNhiS9ULHlNMjh_-dGMEn5icCE7sFZ29T-vTKUQ5ZqDGco7oUmaIG1QGpnrZPgXy15tzSjy71uUgybOlng-i_WH7VJoPA9ie-k2BF-dTzEDznxqaQRr1gVWFDZz4CHJNoRw4iJPST4D34YKaSuxAj7Rq_IJXuoOCE9fUWhAfCkn7ypDVq9o-vgMOKcAXSaVqsbvLCOXsxpUW3ERrBOijnTxoVgXMJyk6h_0gKNLxXqtLtfgxuCxUHnAY9fsHHlmEZKSgbniVnD1xPZdOBlx7iMi3ujtm4ZEgK6qxDpZ9wshxym1LNS4nC3d_UW-fRmYYDR2WoujiiNX65wbm-37MozSJZq1GwCc7ABkfQGlu1I3nIdIlGQAUwA

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 24 Jan 2022 16:42:22 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 wl Show response
t.pubmatic.com/ 17 B
177 B 79ms
27ms XHR
text/plain 185.64.189.226
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://t.pubmatic.com/wl?pubid=121793
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/pwt/121793/1376/pwt.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.226 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: 0d111d61901004eafd87c672f12f6cd54b3c376513aa672bf58100506dfe76f5

Request headers

Referer: https://says.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

pragma: no-cache
date: Mon, 24 Jan 2022 16:42:22 GMT
content-type: text/plain; charset=utf-8
access-control-allow-origin: https://says.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-length: 17
expires: 0

GET
H3 200 activeview
pagead2.googlesyndication.com/pcs/ Frame 539C 42 B
64 B 76ms
74ms Image
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstiRi9P2qh2KgOCL3UAQkujw4Nt8ZSHLhnG-jGCqpbRHOpyi39SWxpT41U1gu8FukFwye22Eo1wIEEgmQDZlLt1sybSKLfRjFIocN0BY59M3J3ulaqzbQ&sai=AMfl-YTswViS3UHIV8AZ1QPknbcd5Oq266lp7b-oMbv8EZBIYkk8o1M6loE0ilo7rULVKqaScgwhq8CDH-qTH09nbRFNITCPumMQSe-WsdzbS5vWN-hQJa3K-gS1QV8&sig=Cg0ArKJSzDFw7Ng3JQl-EAE&cid=CAASPeRo61xOsraRgc_0vrurh-bEvQkBvSoWXNxVklkD4ESxj9aOLdnliRA_KKkuKmoLCT0PnH6Aiss-VLeIEbU&id=ampim&o=315,201&d=970,250&ss=1600,1200&bs=1600,1200&mcvt=1003&mtos=0,0,0,1003,1003&tos=0,0,0,1003,0&tfs=439&tls=1442&g=100&h=100&tt=1442&r=v&avms=ampa&uap=&uapv=&uaa=&uam=&uafv=&uab=&adk=0

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://says.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 24 Jan 2022 16:42:23 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 402E 42 B
64 B 116ms
72ms Fetch
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstOyy6Sujv8EtUowh7DGTGGovQKmdioofZm96oRp8zyOO6irhWH6IEwkFfrBtEY-dH_hguQI3Rx2u8PNV1PJN377j9Q2V34tDl4Xlseiyrrh7wL8PB1WQ&sai=AMfl-YR1eHwM1NiqOkrw_YX7ms-JciPYmQZy3YTXtt5AKm4uWm88cxXt04uk_Cz49Kj286dLsBar4GfnjD243_uuL84wRoG66Ya6SmdaWEv5-LAM6VK4gbqDRZnXZl0&sig=Cg0ArKJSzH-EODD4OZ0gEAE&cid=CAASPeRofeP76j321oI6BxQu8ZetrZGbLIINPQS0tlskF0GOxFFkBMxZ52cR4MtSxBpa5vw_JcDXVwY_ywe7GmM&id=lidar2&mcvt=1000&p=1013,236,1107,964&mtos=0,1000,1000,1000,1000&tos=0,1000,0,0,0&v=20220119&bin=7&avms=nio&bs=0,0&mc=0.96&if=1&app=0&itpl=20&adk=126976903&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0%3D&vs=4&r=v&rst=1643042540982&rpt=701&isd=0&lsd=0&met=mue&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://cd39953b3f13420a8f7dd021c757ad13.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 24 Jan 2022 16:42:23 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect Show response
g.clarity.ms/ 0
48 B 1120ms
1119ms XHR
text/plain 52.182.214.99
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://g.clarity.ms/collect
Requested by: Host: g.clarity.ms
URL: https://g.clarity.ms/s/0.6.31/clarity.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.182.214.99 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://says.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

access-control-allow-origin: https://says.com
date: Mon, 24 Jan 2022 16:42:24 GMT
access-control-allow-credentials: true
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
request-context: appId=cid-v1:7f62cbe7-9d8b-4a41-a628-fbaa3aa5c695

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: pcto.revmedia.my
URL: https://pcto.revmedia.my/2022/01/uemsunrise/sto.js

Domain: hbopenbid.pubmatic.com
URL: https://hbopenbid.pubmatic.com/translator?source=ow-client

Verdicts & Comments Add Verdict or Comment

315 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

51 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
says.com/	1970-01-20 01:07:14	Name: _pbjs_userid_consent_data Value: 3524755945110770
.says.com/	1970-01-20 01:07:14	Name: pbjs-pubCommonId Value: 06b3caf1-6510-46d8-8a12-1012d7042606
.scorecardresearch.com/	1970-01-20 17:40:50	Name: UID Value: 179079e1b659f720a8f9a471643042538
.crwdcntrl.net/	1970-01-20 06:52:48	Name: _cc_dc Value: 1
.crwdcntrl.net/	1970-01-20 06:52:48	Name: _cc_domain Value: .cc.says.com
.crwdcntrl.net/	1970-01-20 06:52:48	Name: _cc_id Value: b0fb43794677895a609165bbe63a8f05
.says.com/	1970-01-20 06:52:50	Name: _cc_id Value: b0fb43794677895a609165bbe63a8f05
.says.com/	1970-01-20 06:52:50	Name: _cc_cc Value: ACZ4XmNQSDJISzIxNrc0MTM3t7A0TTQzsDQ0M01KSjUzTrRIMzBlAILEd9degWgI4F357LI2Y3M4w39GRoYjr7eIMD6xALNvzmrVhbGPb5rCAlPz8bMljPls8Ry48PGjh5hh4rv3XRaAsQ8jqZl%2BQh0m%2FG4JQuuaDU%2B5YeIzrl3SgbEBAIVA0Q%3D%3D
.says.com/	1970-01-20 06:52:50	Name: _cc_aud Value: ABR4XmNgYGBIfHftFZCCACYGxhtLQUyWo5xAEgBl4wVi
says.com/	1970-01-20 09:45:38	Name: cto_bidid Value: 4Wc-Z19KaEp6ZDdHMnZ1RCUyRm1FSDdJTGF0MVhwTmwwMTRack9BUVdUaU9SaFBvMnNEdXhHUm5Eem9nVHhHWk9SUXFtM0xyODNwZVQwTkRHSEVVTU9TVjltUkd3JTNEJTNE
says.com/	1970-01-20 09:45:38	Name: cto_bundle Value: Zh3nIl9hdUVoZndYWTRjcmxtTlpIVEtRUEs4dko2cVgwZk1EY2c2TGg0RE95dTVDdjVWWENxYllnUE41QmNZWTNLRkdFVGFMbkRKQklLV3FyMGFHT2hDJTJCOVJJZkNqYjEwQ3ppRXYxQkVHYSUyRklCZ2M3VUE2ZDZDYUMwclBUMzdPSXhaakU
.rlcdn.com/	1970-01-20 09:09:38	Name: rlas3 Value: czympFRRtGMO3mbNLn+aaUwadF4BHB9zUYHpWiw4Apo=
.rlcdn.com/	1970-01-20 01:50:26	Name: pxrc Value: CAA=
.t.co/	1970-01-20 17:55:14	Name: muc_ads Value: 7b1517cd-4e1d-4741-9308-c7b38f69e3d9
.twitter.com/	1970-01-20 17:55:14	Name: personalization_id Value: "v1_tEwm8lG1Vf+lG8mfxdEPnA=="
.doubleclick.net/	1970-01-20 09:45:38	Name: IDE Value: AHWqTUnVFN_C6CosXPUiTyDh1TI38HoNktLP8zPBwg1OjvvNpLxwoGbo20p7e9JS
www.clarity.ms/	1970-01-20 09:09:38	Name: CLID Value: 2c19f7bb12214635ba327d7792b5c06a.20220124.20230124
says.com/	1970-01-20 09:52:50	Name: _cb_ls Value: 1
says.com/	1970-01-20 00:24:06	Name: _t_tests Value: eyJ2T05BTGt2OFlUT0hDIjp7ImNob3NlblZhcmlhbnQiOiJBIiwic3BlY2lmaWNMb2NhdGlvbiI6WyJxT2E0MSJdfSwibTB4SER4c2xwWUNtWSI6eyJjaG9zZW5WYXJpYW50IjoiQyIsInNwZWNpZmljTG9jYXRpb24iOlsiOFN4TWwiXX0sImxpZnRfZXhwIjoibSJ9
.says.com/	1970-01-20 02:33:38	Name: _fbp Value: fb.1.1643042538932.295984686
says.com/	1970-01-20 09:52:50	Name: _cb Value: D4dzUsCyA91ZDJ9SPP
says.com/	1970-01-20 09:52:50	Name: _chartbeat2 Value: .1643042538943.1643042538943.1.6KLAWBYD1hUnH55dCaTh1lBcFbLG.1
says.com/	1970-01-20 00:24:04	Name: _cb_svref Value: null
.c.bing.com/	1970-01-20 09:45:38	Name: SRM_B Value: 277CE7B91C6D6FE41347F68F1D066EA6
.c.clarity.ms/	1969-12-31 23:59:59	Name: SM Value: C
.clarity.ms/	1970-01-20 09:45:38	Name: MUID Value: 277CE7B91C6D6FE41347F68F1D066EA6
.c.clarity.ms/	1970-01-20 00:24:03	Name: ANONCHK Value: 0
.says.com/	1970-01-20 00:24:06	Name: AMP_TOKEN Value: %24NOT_FOUND
.says.com/	1970-01-20 17:55:14	Name: _ga Value: GA1.2.1053354340.1643042539
.says.com/	1970-01-20 00:25:28	Name: _gid Value: GA1.2.2032936465.1643042539
.says.com/	1970-01-20 00:24:02	Name: _gat_UA-27970811-1 Value: 1
.says.com/	1970-01-20 09:09:38	Name: _clck Value: 1f0asmk\|1\|eye\|0
.says.com/	1970-01-20 00:25:28	Name: _clsk Value: 6vaxwf\|1643042539886\|1\|1\|g.clarity.ms/collect
says.com/	1970-01-20 00:24:06	Name: _lr_retry_request Value: true
says.com/	1970-01-20 01:07:14	Name: _lr_env_src_ats Value: false
says.com/	1970-01-20 01:07:14	Name: id5_storage Value: %7B%22created_at%22%3A%222022-01-24T16%3A42%3A20.824359Z%22%2C%22id5_consent%22%3Afalse%2C%22original_uid%22%3A%220%22%2C%22universal_uid%22%3A%220%22%2C%22link_type%22%3A0%2C%22cascade_needed%22%3Afalse%2C%22privacy%22%3A%7B%22jurisdiction%22%3A%22gdpr%22%2C%22id5_consent%22%3Afalse%7D%7D
.says.com/	1969-12-31 23:59:59	Name: panoramaId_expiry Value: 1643128940818
.adsrvr.org/	1970-01-20 09:09:38	Name: TDID Value: 3e6bc8b5-8c1c-406d-97af-f01f1d20afda
says.com/	1970-01-20 01:50:26	Name: pubmatic-unifiedid Value: %7B%22TDID%22%3A%223e6bc8b5-8c1c-406d-97af-f01f1d20afda%22%2C%22TDID_LOOKUP%22%3A%22FALSE%22%2C%22TDID_CREATED_AT%22%3A%222022-01-24T16%3A42%3A20%22%7D
.adnxs.com/	1970-01-20 02:33:38	Name: uuid2 Value: 5897287305157076926
.casalemedia.com/	1970-01-20 09:09:38	Name: CMID Value: Ye7W7UcX9kp-wlAvhtqwpQAA
.casalemedia.com/	1970-01-20 02:33:38	Name: CMPS Value: 3270
.casalemedia.com/	1970-01-20 02:33:38	Name: CMPRO Value: 1111
.casalemedia.com/	1970-01-20 00:25:28	Name: CMST Value: Ye7W7WHu1u0A
.says.api.useinsider.com/	1970-01-20 00:25:28	Name: insdrPushCookieStatus Value: true
.says.com/	1970-01-20 00:24:02	Name: _dc_gtm_UA-27970811-1 Value: 1
.casalemedia.com/	1970-01-20 09:09:38	Name: CMRUM3 Value: 2e61eed6ed05a0&e661eed6ed2760&c361eed6ed2760av-b477ca70-a7e5-401a-913b-f1a2fa1b9d16&2d61eed6ed2760CAESEOIMSVdo9spZO6lJ2f3YNU4&f161eed6ed05a0&4061eed6ed2760no-consent&6f61eed6ed05a0&2761eed6ed0b40
.says.com/	1970-01-20 09:45:38	Name: __gads Value: ID=1b456cb16505eecc:T=1643042540:S=ALNI_MYAtgmkR8gsk8XFqqWupBgI1r5s7g
.crwdcntrl.net/	1970-01-20 06:52:50	Name: _cc_cc Value: "ACZ4XmNQSDJISzIxNrc0MTM3t7A0TTQzsDQ0M01KSjUzTrRIMzBlAILEd9fe%2Ffn%2F%2Fz8%2FiAMGvCufXdZmbA5n%2BM%2FIyHDk9RYRxicWYPbNWa26MPbxTVNYYGo%2BfraEMZ8tngMXPn70EDNMfPe%2BywIw9mEkNdNPqMOE3y1BaF2z4Sk3THzGtUs6MDYA1CFE3Q%3D%3D"
.crwdcntrl.net/	1970-01-20 06:52:50	Name: _cc_aud Value: "ABR4XmNgYGBIfHftHZCCACYGxhtLQUyWo5xAEgBmRwVm"
.doubleclick.net/	1970-01-20 00:24:06	Name: DSID Value: NO_DATA

8 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	warning	URL: https://says.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js Message: A preload for 'https://pcto.revmedia.my/2022/01/uemsunrise/sto.js' is found, but is not used because the request credentials mode does not match. Consider taking a look at crossorigin attribute.
network	error	URL: https://c16d-35-240-187-111.ngrok.io/pcto.js Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://says.com/assets/says-logo-white.svg Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://pcto.revmedia.my/2022/01/uemsunrise/assets/says-logo-blue.svg Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://api.rlcdn.com/api/identity/envelope?pid=1258 Message: Failed to load resource: the server responded with a status of 451 ()
network	error	URL: https://secure.adnxs.com/getuid?https://dsum-sec.casalemedia.com/crum?cm_dsp_id=46&external_user_id=$UID&gdpr=1 Message: Failed to load resource: the server responded with a status of 400 (Request failed due to privacy signals)
network	error	URL: https://c1.adform.net/serving/cookie/match?party=29&gdpr=1 Message: Failed to load resource: the server responded with a status of 403 ()
other	warning	URL: https://cdn.ampproject.org/rtv/012111152338000/v0/amp-ad-exit-0.1.mjs(Line 2) Message: Unrecognized feature: 'attribution-reporting'.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

acdn.adnxs.com
ads.pubmatic.com
adservice.google.com
adservice.google.de
ampcid.google.com
ampcid.google.de
analytics.twitter.com
api.rlcdn.com
bcp.crwdcntrl.net
c.bing.com
c.clarity.ms
c1.adform.net
c16d-35-240-187-111.ngrok.io
cd39953b3f13420a8f7dd021c757ad13.safeframe.googlesyndication.com
cdn.ampproject.org
cdn.jsdelivr.net
cdn.skypack.dev
cdnjs.cloudflare.com
cm.g.doubleclick.net
connect.facebook.net
contextual.media.net
dsum-sec.casalemedia.com
fonts.googleapis.com
fonts.gstatic.com
g.clarity.ms
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
gum.criteo.com
hbopenbid.pubmatic.com
heartbeat.mediaprimaplus.com.my
hit.api.useinsider.com
htlb.casalemedia.com
ib.adnxs.com
id.crwdcntrl.net
id5-sync.com
idsync.rlcdn.com
images.says.com
js-sec.indexww.com
location.api.useinsider.com
log.api.useinsider.com
mab.chartbeat.com
mabping.chartbeat.net
match.adsrvr.org
mediaprima-d.openx.net
ml314.com
mug.criteo.com
nep.advangelists.com
p.typekit.net
pagead2.googlesyndication.com
pcto.revmedia.my
ping.chartbeat.net
pixel-sync.sitescout.com
policy.revasia.com
prebid.media.net
prg.smartadserver.com
s.amazon-adsystem.com
s0.2mdn.net
says.api.useinsider.com
says.com
sb.scorecardresearch.com
secure.adnxs.com
securepubads.g.doubleclick.net
segment.api.useinsider.com
ssum-sec.casalemedia.com
static.ads-twitter.com
static.chartbeat.com
static.cloudflareinsights.com
stats.g.doubleclick.net
t.co
t.pubmatic.com
tags.bluekai.com
tags.crwdcntrl.net
tpc.googlesyndication.com
u.openx.net
use.typekit.net
www.clarity.ms
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
hbopenbid.pubmatic.com
pcto.revmedia.my
104.111.215.191
104.244.42.195
104.244.42.69
104.84.232.23
13.225.80.107
13.225.80.38
142.250.185.130
142.250.186.162
142.250.74.194
151.101.12.157
151.101.65.108
178.250.0.157
185.64.189.226
185.86.139.58
209.54.180.144
216.58.212.130
23.21.122.84
23.37.38.181
2600:1f16:d83:1202::6e:5
2600:9000:20eb:4000:18:1fcd:34f:cdc1
2606:4700:20::681a:d52
2606:4700:3035::ac43:a9b3
2606:4700::6810:125e
2606:4700::6810:5814
2606:4700::6810:5e41
2606:4700::6811:a772
2606:4700::6811:aa72
2606:4700::6812:10e0
2606:4700::6812:13ee
2606:4700::6812:1c1b
2620:1ec:27::cafe:1668
2620:1ec:c11::200
2a00:1450:4001:803::2003
2a00:1450:4001:803::2006
2a00:1450:4001:808::2001
2a00:1450:4001:80e::2003
2a00:1450:4001:80e::200e
2a00:1450:4001:80f::2002
2a00:1450:4001:811::200a
2a00:1450:4001:813::2002
2a00:1450:4001:828::2001
2a00:1450:4001:829::2002
2a00:1450:4001:82a::2002
2a00:1450:4001:82a::200e
2a00:1450:4001:82f::2004
2a00:1450:4001:82f::2008
2a00:1450:4001:830::200e
2a00:1450:4001:831::2001
2a00:1450:400c:c1b::9d
2a02:2638::1c
2a02:26f0:6c00::210:ba0b
2a02:26f0:7100:2a8::19fd
2a03:2880:f02d:12:face:b00c:0:3
2a03:2880:f12d:83:face:b00c:0:25de
2a04:4e42:200::714
34.107.148.139
34.120.133.55
34.247.104.176
34.98.64.218
35.244.174.68
37.157.4.24
37.252.172.250
37.252.172.36
50.16.141.46
51.89.21.21
52.142.114.2
52.17.84.146
52.182.214.99
52.207.202.199
52.223.40.198
66.155.71.25
92.122.252.114
92.122.254.129
0382a06b8e3ec31595098573a3dbfd2d17b458498c1aa3b485741b0413777a9c
043cafc63f50b2ba976044bc7dfba6ccb1a1878d527f883cb81984c5585cd9da
0530384d8115b9411cd4fac3bad2e6565ab2ddf9c866c86b1422a65dfccb3980
05e2888e835d97fe6e4cfb256f62f47d5dccf6d9ac202ea9d82a6bc2b1716c1d
0811644ab2a291bdf22175453d30c3ce848579a18d043fa7d2e386beb5147024
088d4e5ca0efcf8c54e8136b1089db8ccd6ffcadfcf69cc1a3332a97efcb01e0
0af3aae90b7de9fdceee2ab421378ea2f54c74be81ef43fc6c1790a032755d80
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0ce5d039d3e58fc10808f0695156d2bd99daae7791d26cc5dfc569154b5e0b22
0d111d61901004eafd87c672f12f6cd54b3c376513aa672bf58100506dfe76f5
0fb65d86c632c6e688fae75401da7da6565234c016eb988e8459df085ee7e182
10a5b09e055ee3d93e2b00173304fd9efe33b940508f1f2ba64e615e565cfc6c
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
144822a1b5316a4e9a06ffbf5802b8c1cbbc0a3f230d81b98f362f7fe4c128c8
14b52d5e44212b22f6de0be5caeeb5bba561a29fd91bf6076bf1ad6d45ecae6f
16adf8c0cf6ed747ee0358358062223296e7285af48e189f7de282698528ea07
16c13044cedc5c7482ad7db51913c164ffabc787ec5b6b0246acfec84cd6d01b
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
1bea71d07ca30415d598ea3dfbe6641f5aa63fe0414d3c27ed6bd0e89c603439
1c0ff118a4290c99f39c90abb38703a866e47251b23cca20266c69c812ccafeb
1d4cd6f7c08a3c44073c4fffc074df6f594f3ac0f4c0885a8459a58c020f53f9
2039446f8956518da2c2d70116d18c92fac3b04110942de074748aa4041067fb
20c206e567dfcf859bf67dd502f8329b155d3c047843ee0ea775b1aef3e2c70c
256de1accbccc4ffee65cf0ae6ddda99d1a056e669ddb390c959b942df9a5358
25944d2ba65925123567f2efe9b4c143b3ef042fac11c333108b87d26b6df841
279249ed963fcd87e6321b024c0194248dd1b44af5353e134071cdfff953967b
28f18d39406a4b70dfa6cd479fe03f7ed918ca5c05cee26b87d9e1626cea1ed9
298d3539cf1bbc871319f94a3eb3deafb60b98306576f75c1b7f9aed425304c0
2cdfa2c21bbfe841c179c4be7f355aeaea6acf1630318ee6dd32b99bc447bd56
39e9ab60f6c54fed8ede3d4477ae38b99b3b7c3f029cbb18019644e76ae62ac2
3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd
3e1d042e9ea9932543627468c209257ba503166056f3dfcf6eb60e701b03adb7
425f48a06ab0e9a4a4d792a6677189720f377ec09a073ecdae6232a89cc221f2
43ab3e06d749fb095cd10d584d9b52136a50932cf4a9399ca427d5e14b22997a
44eefef34507164f4234b958d8f6906488a2521071379498041568bae9499b2e
45a44547bc03bf28eef08b155e355f497ca18ee852614d0dc602b91e20c64512
475ea0d93d64ea925be5bbefb08371bb06421b7d695cbbb7f2b34870531a253d
49743b54303390327d080f2aa2d525b5e6cb381307e10e2d77a2a049018c9960
4be1e7d75eca0f5a394ad34a4f48cf13fba40eee6cae64760a764a504214feb2
4d03ca7f3ce7f1698643944490152dd091759abaae48a654dcb8c0e1fff69094
4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840
4d52c5b61b59acbd900c0c69706a5fec569d8f73dee744e3382d9bf6c00c9053
4da3e3aa30b5b06390d7e7e3fcfb16d648909eb429d161c2748bd6d79a7ec5fb
4e46e56dce46d21c527e164d6749fb5ff0101f400aede06a8711196da9e5c619
4fda4b6bfba1bc307be2f6832c07091a5506fc95c43eb3863acd340a30e8b1ec
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
53b99e4bde7498900885e58f9d6c383258f8a59b04389d6b54d3d4b89537b6f2
554866abaa64c405aaeb59a27a5097f09bb84ed1712e58afd41e6681b80d4995
5584809aa902aaa236a75bc6ecdd04661304da64818f8ec3b3c23a9c884398fe
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
55c4447ef4df513c0f5bc6dff8232177b177b1655ec4e9023ed0d0e4f2fe22da
57389d8f2d3a18f9064c047d02704f4eb8933b3e4ed2da559ac76b5ec823a17d
57a4bb5c5fad1da04cf1d43c824c9117e6ae12d5fca469fd4e525e216fb37761
5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b
614746b52a14c73782d6bebd9bf0c4ff0466d1a1a652882ee2c7b75eb680bfc9
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
63697d88ab7b6e34e76e5990b867c706cb4346c27ec1c5a034c4d91dfb136778
63cf7a38baaaaebc012cfc355797544949b60c040b5da57560f26d88502d1372
66f3a07e1fa9b64a686b66381e4458dbc8abf3dbbff954720c4eec07b84411c2
70ea4d281899906164d43782c7ef2212a415bed7753013e3777caecc303470b8
7784d9de90799f3ea6b6bbc68abab20e386dbed3ec2f3c6ff1d6e23e4316d9b0
780d2812e157ff9e9c788d569733c1600fc8fbb80050a757359d567333483441
7aef5e5dce9fc35f98a00aa174b9206cbb23460ee62c0bd446e3175dab4aece9
7ca79b17283dd424f6e491d2effc14b0a4861b5c8ea6580950551ba8e49b948a
7e10d56ad8379b4a02f8955a4c8331139d1c6eb2a5b92b1e4d0655d2c1a33c3b
7e58212a834825aaa684963bfbb592ac5e3d698c44a0778bbbd101ae40f214db
7eca7977c6ade416c20775a7fd7cfa2291c5752cd1225d5c4342b057c37a000c
7f126f2b44f72384da123e29b5ef67c9ea0a0f1158eb2d857609f17c6fd99f5a
80fe90cb559538158bc235f4e539d9bcae203e19fab7c6970aad37b0154348ff
825fa6f794c4fc5b6b8c7c7ad6ed35ab11de6ab42b9e01293437899c71df3448
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
837fa5a10c36220ff1fa957f86fb509de965b616c432bbd1ac71b79f9274391b
8466c7362ecc7f988151f1c29b1a23439addd51acf8428d86b15bd284841d574
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
8c086dedaab8b25f94d6279c36166b435e1ac563aa6ad5448d833480ac5bdc4a
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8e22cb4e66e648370b980132b699183bd83db43648b6a901394b428c8cede89a
9020e29a8803a9cc10a82a813d4090471b2c58c07af89d70d4362fb71e073ea4
91efbc46c7c1fc2c8261ca7258a059bddfcc2497f0ebdb5d7da70cbfb647f8b1
92bd1ead1acf81c62d0994471e914ee030abfc85c689435388c023a4d7209ec1
966ae054fb01b6518dd949476622ad377803b83ff8f0bc5bfd6fecfb91930068
975714c6cb70ba105bfa87d2415df2fddde4a46c1d3ab9d0cf45465e56cba97d
990396d6d5c529c2fa1e43dde960cba3a2464de39cddf210d7622e69e3cbee45
991bfe84fec788f2b7d432b99a60c1e2aa2e799bc0137da8cf478299d0fc9a10
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
9a5742d29ad73d8a05637c2e5ce2343477f3b0ddf4714ba52eacc3e3ac6c1d42
9b9233c0c01ce219c102432f8da76d92d40bee603d575e238540da05da0ad17c
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a256529bd5b1b8846f8d2536ce7581fb6cea4479992f222d01535903dff48d79
a2f6fec90f9b0079aad59d497fa75796162208996aa12a56b65ad4dc2cb07053
a3249016de41d3c1ab774244c20318f40adf8e21395fbd5c756981bd00ea006d
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a607b7a1985061e3bec3971f602833915890f7b1bae9f946023a280252c2d878
a641dc1970173990e05bb15c9a46ae19760af87fe773a6f26db066f7b23b1f18
a68a70f7be9281f3f7148b38d7f5971f1dc946d3034a40e55021d0fb6fb78d73
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
aa05a288f4d49a839edb7c58c6bf4d3cfe514c4f13f640e8a4fb967207dd476a
ab7475d461d9f613ef90faa375ec3387987dd7536af23c13cacd6be9c0c0e370
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b277171297bfc840b62b9f160060bf8fc630389b0dee3aadcbb0e855ac7ecbc8
b2d2f11eb78159e31bce4355ffd5e696717de4270a77ba1d2038e066462008ad
b7c55617f84818daf4c70cc10ada26ddd5b582b1d1c2c2829b3220487a6db477
b947a3efe23b4827fa6e4f7c6c0364baa2f66d27d0eb8074d5ab36380876e952
bdbb3b88367e0dc7f2af34b3bb701fe2523c8653a48cdfd8aaf67c2d1e18b76d
be7e0103b3622667991b3702ad70eae1fff6c894cca1840c97dec2c3c7984b60
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
c2e746a72d136c3a8a932d007b975a53c9876c8a1aef248ab00d90c3cecdc313
c3c43acc11891cb5c1ff861c140ec0e55ee3f84b81fe6c4435c2506c4e348d23
c76f51108d64e474940257352740f8862a631a50dc55ee6d4643568e81d3e932
c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
cbccbe0e6a648c7f70bbb904016388798338882e7a4966047a5a15832b27173d
ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142
cec8db5285e14759db60ec5e7ad1cd5c422c3d1d1939899f18fffd870a52c631
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
cfbe822c4b2e285594709c5acb35cc7f9a4980a3023f1065f9ef6add9d2dd455
cfe8e5168d661e94ef9fc3ae9d3f2a5b7a02093231694e1ae0573b5be6c4215a
d1a57b8e2d47852f0cb286076ffe369a17342aac92673330561b20a7c773cdbc
d7779d95203bed5280ee3281f856607f95ac5df680547356656c7109d7d0a6a6
d85f64a95b459d98354f0b827a69c81136ab35fc199c28df6201ed23083723e7
d941974b9c1117cb29c3035bed5bba80907594ed49cbe211f184421ac338543f
da45962a1fb4a049c9367ebe9b1b628f071d7a4c9997ee807c01d23f4866e19c
dcc156f774f770c9969f60f278f977ce3a561b5927bf0acb682f4834e1729c3c
dd09255aab872d3845483358d5821bc15905f8a299f557be77da911a44dc955e
ddf85037fd1f04c4684ed0357cf80a71a3c4aa19049bfccdaec678b4b18dc8e2
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf
e21f4e7e88783b14a82c666b81649a49dace8b1fd9a1ec27a8e17b2ae26bbc94
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3dad81ae9e89995623b89e9c6f7c5c926a098f0882f66dfeb6a7bf99926c1f2
e916d6f3c9c316368f99463951a426d09d4ddd223e961652728b519efb11e772
eb6397dd21c80c5d6661c07e48703a6ff70e9dfeed0c8677948fcf333b51c9d8
ed1f5b54e05b6d525932e268a37f607ff460785150ae949890215217d0770139
eded73b494faf1cea930993a467caefe53ddd3ed81f4b2b6e038af3d7e6d5a9d
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef9bb99505294aa46ae914d07d673fa33f593bd6e5db59ac18e13b955fa4d9bb
f1b3a51250ea5d2b293615f08241269ed8277b95654cddafbc0f5df8d61e6cc1
f496b4544f491ae23fe1b2d7ce5aa997627e0bc8c10e778c159591e1c5482b54
f625ccc4e3adb5ccf9ba331e7baf5bc5131da2f9c814d6071ebc160c72b466a6
f93d0298dd39f7dff18566a5b2754067e26c0182b469fd6b24e5d63429fef88b
fd0a1ac929c11b08e819fe4b0a18c5574012c44f09de8987c6be99a0f055a505
fd11fa353cc6a8560f4c35e67c6fb8a3a4061ed3de4309cdf83fca65f8319bb4
ffd015b1bb0125d07c39cbfcdee6a8e2b604b55ea1936cf550fe1f9fbdbf2ae4

says.com Open in urlscan Pro 2606:4700::6812:13ee Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

227 Requests

95 %HTTPS

51 %IPv6

51 Domains

84 Subdomains

71 IPs

8 Countries

2819 kBTransfer

7072 kBSize

51 Cookies

12 Outgoing links

Page URL History

Redirected requests

227 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 5 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

says.com Open in urlscan Pro
2606:4700::6812:13ee Public Scan

Screenshot
Live screenshot

Full Image

227
Requests

95 %
HTTPS

51 %
IPv6

51
Domains

84
Subdomains

71
IPs

8
Countries

2819 kB
Transfer

7072 kB
Size

51
Cookies

227 HTTP transactions
5 data transactions