w1.buysub.com Open in urlscan Pro
198.176.166.187 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://click.email.rdaenthusiast.com/?qs=5c65c7a36b7768898dd7d4184516ef28f8a914e4c11aa598d43fdc9b6059ef1fe053b967a852b5783548130cf6a6...
Effective URL:
https://w1.buysub.com/pubs/RM/RMB/FHAN-INT-BK-2201-OP1.jsp?cds_page_id=263982&cds_mag_code=RMB&id=1663074199560&lsid=2...
Submission: On September 13 via api (September 13th 2022, 1:03:27 pm UTC) from US — Scanned from DE

Summary HTTP 50 Redirects Links 8 Behaviour Indicators

Summary

This website contacted 20 IPs in 3 countries across 20 domains to perform 50 HTTP transactions. The main IP is 198.176.166.187, located in United States and belongs to CDS-GLOBAL-01, US. The main domain is w1.buysub.com. The Cisco Umbrella rank of the primary domain is 329472.
TLS certificate: Issued by DigiCert TLS RSA SHA256 2020 CA1 on June 13th 2022. Valid for: a year.

This is the only time w1.buysub.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	68.232.203.70 68.232.203.70	22606 (EXACT-7) (EXACT-7)
2 2	198.176.166.216 198.176.166.216	397973 (CDS-GLOBA...) (CDS-GLOBAL-01)
4 6	198.176.166.187 198.176.166.187	397973 (CDS-GLOBA...) (CDS-GLOBAL-01)
3	2606:4700::68... 2606:4700::6812:acf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:82b::200a	15169 (GOOGLE) (GOOGLE)
21	2606:4700:440... 2606:4700:4400::6812:220f	13335 (CLOUDFLAR...) (CLOUDFLARENET)
8 8	2606:4700:440... 2606:4700:4400::ac40:99f1	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 3	99.86.4.2 99.86.4.2	16509 (AMAZON-02) (AMAZON-02)
1	142.250.74.194 142.250.74.194	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:803::2003	15169 (GOOGLE) (GOOGLE)
1	143.204.215.91 143.204.215.91	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:811::2002	15169 (GOOGLE) (GOOGLE)
2	2a03:2880:f02... 2a03:2880:f02d:100:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
1 4	2620:1ec:c11:... 2620:1ec:c11::200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	2a00:1450:400... 2a00:1450:4001:801::2008	15169 (GOOGLE) (GOOGLE)
2	63.148.46.76 63.148.46.76	53316 (ASN-CHEET...) (ASN-CHEETA-MAIL)
1	2a00:1450:400... 2a00:1450:4001:82f::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:813::2003	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:809::200e	15169 (GOOGLE) (GOOGLE)
2	2a03:2880:f12... 2a03:2880:f12d:181:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
2	2620:1ec:27::... 2620:1ec:27::cafe:2093	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	20.120.124.64 20.120.124.64	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1 2	20.234.93.27 20.234.93.27	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
50	20

1 68.232.203.70 (United States) 1 redirects

ASN22606 (EXACT-7, US)
PTR: click.s6.exacttarget.com

click.email.rdaenthusiast.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 198.176.166.216 (United States) 2 redirects

ASN397973 (CDS-GLOBAL-01, US)

books.readersdigest.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 198.176.166.187 (United States) 4 redirects

ASN397973 (CDS-GLOBAL-01, US)
PTR: w1.buysub.com

w1.buysub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700::6812:acf (United States)

ASN13335 (CLOUDFLARENET, US)

maxcdn.bootstrapcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82b::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

21 2606:4700:4400::6812:220f (United States)

ASN13335 (CLOUDFLARENET, US)

images.tmbi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2606:4700:4400::ac40:99f1 (United States) 8 redirects

ASN13335 (CLOUDFLARENET, US)

cdn1.tmbi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 99.86.4.2 (United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: server-99-86-4-2.fra6.r.cloudfront.net

sb.scorecardresearch.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.74.194 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s02-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:803::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 143.204.215.91 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-215-91.fra53.r.cloudfront.net

js.acq.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:811::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f02d:100:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2620:1ec:c11::200 (United States) 1 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:801::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 63.148.46.76 (Des Moines, United States)

ASN53316 (ASN-CHEETA-MAIL, US)
PTR: xts.eccmp.com

sts.eccmp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82f::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:813::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:809::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f12d:181:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:1ec:27::cafe:2093 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

www.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 20.120.124.64 (Tappahannock, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

m.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 20.234.93.27 (Dublin, Ireland) 1 redirects

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

c.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
29	tmbi.com 8 redirects images.tmbi.com — Cisco Umbrella Rank: 88444 cdn1.tmbi.com — Cisco Umbrella Rank: 164622	551 KB
6	buysub.com 4 redirects w1.buysub.com — Cisco Umbrella Rank: 329472	20 KB
5	clarity.ms 1 redirects www.clarity.ms — Cisco Umbrella Rank: 787 m.clarity.ms — Cisco Umbrella Rank: 6918 c.clarity.ms — Cisco Umbrella Rank: 1178	26 KB
4	bing.com 1 redirects bat.bing.com — Cisco Umbrella Rank: 664 c.bing.com — Cisco Umbrella Rank: 408	13 KB
3	scorecardresearch.com 1 redirects sb.scorecardresearch.com — Cisco Umbrella Rank: 223	6 KB
3	bootstrapcdn.com maxcdn.bootstrapcdn.com — Cisco Umbrella Rank: 1202	103 KB
2	facebook.com www.facebook.com — Cisco Umbrella Rank: 111	388 B
2	eccmp.com sts.eccmp.com — Cisco Umbrella Rank: 23765	8 KB
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 208	111 KB
2	readersdigest.com 2 redirects books.readersdigest.com	2 KB
1	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 94	20 KB
1	google.de www.google.de — Cisco Umbrella Rank: 3469	548 B
1	google.com www.google.com — Cisco Umbrella Rank: 19	548 B
1	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 141	46 KB
1	doubleclick.net googleads.g.doubleclick.net — Cisco Umbrella Rank: 73	2 KB
1	acq.io js.acq.io — Cisco Umbrella Rank: 158020	7 KB
1	gstatic.com fonts.gstatic.com	28 KB
1	googleadservices.com www.googleadservices.com — Cisco Umbrella Rank: 159	17 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 120	1 KB
1	rdaenthusiast.com 1 redirects click.email.rdaenthusiast.com — Cisco Umbrella Rank: 292217	599 B
50	20

	Domain	Requested by
21	images.tmbi.com	w1.buysub.com
8	cdn1.tmbi.com	8 redirects
6	w1.buysub.com	4 redirects w1.buysub.com
3	bat.bing.com	w1.buysub.com bat.bing.com
3	sb.scorecardresearch.com	1 redirects w1.buysub.com
3	maxcdn.bootstrapcdn.com	w1.buysub.com maxcdn.bootstrapcdn.com
2	c.clarity.ms	1 redirects
2	www.clarity.ms	bat.bing.com www.clarity.ms
2	www.facebook.com	w1.buysub.com
2	sts.eccmp.com	w1.buysub.com sts.eccmp.com
2	connect.facebook.net	w1.buysub.com connect.facebook.net
2	books.readersdigest.com	2 redirects
1	c.bing.com	1 redirects
1	m.clarity.ms	www.clarity.ms
1	www.google-analytics.com	www.googletagmanager.com
1	www.google.de	w1.buysub.com
1	www.google.com	w1.buysub.com
1	www.googletagmanager.com	w1.buysub.com
1	googleads.g.doubleclick.net	www.googleadservices.com
1	js.acq.io	w1.buysub.com
1	fonts.gstatic.com	fonts.googleapis.com
1	www.googleadservices.com	w1.buysub.com
1	fonts.googleapis.com	w1.buysub.com
1	click.email.rdaenthusiast.com	1 redirects
50	24

This site contains links to these domains. Also see Links.

Domain
www.rd.com
www.trustedmediabrands.com
book-services.com
www.familyhandyman.com

Subject Issuer	Validity	Valid
*.buysub.com DigiCert TLS RSA SHA256 2020 CA1	`2022-06-13` - `2023-07-14`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-01-29` - `2023-01-29`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2022-08-22` - `2022-11-14`	3 months	crt.sh
tmbi.com Cloudflare Inc ECC CA-3	`2022-06-08` - `2023-06-07`	a year	crt.sh
www.googleadservices.com GTS CA 1C3	`2022-08-22` - `2022-11-14`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2022-08-22` - `2022-11-14`	3 months	crt.sh
*.scorecardresearch.com Amazon	`2022-01-29` - `2023-02-27`	a year	crt.sh
*.acq.io Amazon	`2022-02-27` - `2023-03-28`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-08-22` - `2022-11-14`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2022-06-22` - `2022-09-20`	3 months	crt.sh
www.bing.com Microsoft RSA TLS CA 02	`2022-09-03` - `2023-03-03`	6 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-08-22` - `2022-11-14`	3 months	crt.sh
*.eccmp.com DigiCert TLS RSA SHA256 2020 CA1	`2022-05-20` - `2023-06-20`	a year	crt.sh
www.google.com GTS CA 1C3	`2022-08-22` - `2022-11-14`	3 months	crt.sh
www.google.de GTS CA 1C3	`2022-08-22` - `2022-11-14`	3 months	crt.sh
www.clarity.ms DigiCert TLS RSA SHA256 2020 CA1	`2022-02-27` - `2023-02-27`	a year	crt.sh
a.clarity.ms Microsoft Azure TLS Issuing CA 02	`2022-06-07` - `2023-06-02`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://w1.buysub.com/pubs/RM/RMB/FHAN-INT-BK-2201-OP1.jsp?cds_page_id=263982&cds_mag_code=RMB&id=1663074199560&lsid=22560803195020955&vid=1&cds_response_key=FHTBJDU104
Frame ID: F1D7A4F756FF2C99D33AA4C90A6E663B
Requests: 50 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Family Handyman Best Tips & Projects 2022 | Family Handyman

Page URL History Show full URLs

http://click.email.rdaenthusiast.com/?qs=5c65c7a36b7768898dd7d4184516ef28f8a914e4c11aa598d43fdc9b6059ef1fe053b967... HTTP 302
https://books.readersdigest.com/servlet/ConvertibleGateway?cds_mag_code=RMB&cds_page_id=263982&cds_response_... HTTP 302
https://books.readersdigest.com/pubs/RM/RMB/FHAN-INT-BK-2201-OP1.jsp?cds_page_id=263982&cds_mag_code=RMB&id=... HTTP 302
https://w1.buysub.com/pubs/RM/RMB/FHAN-INT-BK-2201-OP1.jsp?cds_response_key=FHTBJDU104&_mid=529507... HTTP 302
https://w1.buysub.com/servlet/CookieDetector?redirectURL=https%3A%2F%2Fw1.buysub.com%2Fservlet%2FC... HTTP 302
https://w1.buysub.com/servlet/CookieDetector?phase=check&redirectURL=https%3A%2F%2Fw1.buysub.com%2... HTTP 302
https://w1.buysub.com/servlet/ConvertibleGateway?cds_mag_code=RMB&cds_page_id=263982&cds_response_... HTTP 302
https://w1.buysub.com/pubs/RM/RMB/FHAN-INT-BK-2201-OP1.jsp?cds_page_id=263982&cds_mag_code=RMB&id=... Page URL

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

<link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
/wp-(?:content|includes)/

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js

Page Statistics

50
Requests

80 %
HTTPS

61 %
IPv6

20
Domains

24
Subdomains

20
IPs

3
Countries

955 kB
Transfer

1620 kB
Size

24
Cookies

8 Outgoing links

These are links going to different origins than the main page.

URL: https://www.rd.com/terms-of-use/
Title: terms of use

Search URL Search Domain Scan URL

URL: https://www.trustedmediabrands.com/privacy-policy/
Title: privacy policy

Search URL Search Domain Scan URL

URL: http://book-services.com/
Title: www.book-services.com

Search URL Search Domain Scan URL

URL: https://www.trustedmediabrands.com/privacy-policy
Title: Privacy Policy

Search URL Search Domain Scan URL

URL: https://www.trustedmediabrands.com/privacy-policy/#california
Title: Your CA Privacy Rights

Search URL Search Domain Scan URL

URL: https://www.familyhandyman.com/terms-of-use/
Title: Terms of Use

Search URL Search Domain Scan URL

URL: https://www.trustedmediabrands.com/ccpa-form-ca-residents/
Title: Do Not Sell My Info -CA Residents

Search URL Search Domain Scan URL

URL: https://www.trustedmediabrands.com/privacy-policy/#advertising
Title: About Ads

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://click.email.rdaenthusiast.com/?qs=5c65c7a36b7768898dd7d4184516ef28f8a914e4c11aa598d43fdc9b6059ef1fe053b967a852b5783548130cf6a6935fd9172ed51f19ff59 HTTP 302
https://books.readersdigest.com/servlet/ConvertibleGateway?cds_mag_code=RMB&cds_page_id=263982&cds_response_key=FHTBJDU104&utm_source=email&utm_medium=firstparty&utm_campaign=fhm_20220912&utm_audience=fhm_nonactive&utm_ecmp=fhm1pbok0_2022_07_18_seg1&_cmp=Book&_ebid=Book9122022&_mid=529507&ehid=f02c643febe2c1eb7f7a279103cc0deaa51e2651&_PermHash=fe0812aa51e858b610d9a363bea790aa8c994f4efbc9608f6a02cd6ba4411f79&tohMagStatus= HTTP 302
https://books.readersdigest.com/pubs/RM/RMB/FHAN-INT-BK-2201-OP1.jsp?cds_page_id=263982&cds_mag_code=RMB&id=1663074198083&lsid=22560803180020949&vid=1&_mid=529507&utm_medium=firstparty&ehid=f02c643febe2c1eb7f7a279103cc0deaa51e2651&utm_ecmp=fhm1pbok0_2022_07_18_seg1&_ebid=Book9122022&cds_response_key=FHTBJDU104&_cmp=Book&utm_source=email&_PermHash=fe0812aa51e858b610d9a363bea790aa8c994f4efbc9608f6a02cd6ba4411f79&utm_audience=fhm_nonactive&utm_campaign=fhm_20220912 HTTP 302
https://w1.buysub.com/pubs/RM/RMB/FHAN-INT-BK-2201-OP1.jsp?cds_response_key=FHTBJDU104&_mid=529507&utm_medium=firstparty&id=1663074198083&utm_source=email&cds_mag_code=RMB&ehid=f02c643febe2c1eb7f7a279103cc0deaa51e2651&utm_campaign=fhm_20220912&utm_audience=fhm_nonactive&utm_ecmp=fhm1pbok0_2022_07_18_seg1&cds_page_id=263982&vid=1&_ebid=Book9122022&_PermHash=fe0812aa51e858b610d9a363bea790aa8c994f4efbc9608f6a02cd6ba4411f79&_cmp=Book&lsid=22560803180020949 HTTP 302
https://w1.buysub.com/servlet/CookieDetector?redirectURL=https%3A%2F%2Fw1.buysub.com%2Fservlet%2FConvertibleGateway%3Fcds_mag_code%3DRMB%26cds_page_id%3D263982%26cds_response_key%3DFHTBJDU104&cds_mag_code=RMB&cds_page_id=263982 HTTP 302
https://w1.buysub.com/servlet/CookieDetector?phase=check&redirectURL=https%3A%2F%2Fw1.buysub.com%2Fservlet%2FConvertibleGateway%3Fcds_mag_code%3DRMB%26cds_page_id%3D263982%26cds_response_key%3DFHTBJDU104&cds_mag_code=RMB&cds_page_id=263982 HTTP 302
https://w1.buysub.com/servlet/ConvertibleGateway?cds_mag_code=RMB&cds_page_id=263982&cds_response_key=FHTBJDU104 HTTP 302
https://w1.buysub.com/pubs/RM/RMB/FHAN-INT-BK-2201-OP1.jsp?cds_page_id=263982&cds_mag_code=RMB&id=1663074199560&lsid=22560803195020955&vid=1&cds_response_key=FHTBJDU104 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 4

https://cdn1.tmbi.com/Digital/WebAssets/logo-headers/TFH_Logo_V_Black.png HTTP 301
https://images.tmbi.com/wp-content/uploads/wwwroot/digital/webassets/logo-headers/tfh_logo_v_black.png

Request Chain 16

https://cdn1.tmbi.com/Digital/WebAssets/form-assets/visa.svg HTTP 301
https://images.tmbi.com/wp-content/uploads/wwwroot/digital/webassets/form-assets/visa.svg

Request Chain 17

https://cdn1.tmbi.com/Digital/WebAssets/form-assets/mastercard.svg HTTP 301
https://images.tmbi.com/wp-content/uploads/wwwroot/digital/webassets/form-assets/mastercard.svg

Request Chain 18

https://cdn1.tmbi.com/Digital/WebAssets/form-assets/amex.svg HTTP 301
https://images.tmbi.com/wp-content/uploads/wwwroot/digital/webassets/form-assets/amex.svg

Request Chain 19

https://cdn1.tmbi.com/Digital/WebAssets/form-assets/discover.svg HTTP 301
https://images.tmbi.com/wp-content/uploads/wwwroot/digital/webassets/form-assets/discover.svg

Request Chain 20

https://cdn1.tmbi.com/Digital/WebAssets/form-assets/cvv-visa-master-discover.svg HTTP 301
https://images.tmbi.com/wp-content/uploads/wwwroot/digital/webassets/form-assets/cvv-visa-master-discover.svg

Request Chain 21

https://cdn1.tmbi.com/Digital/WebAssets/form-assets/cvv-amex.svg HTTP 301
https://images.tmbi.com/wp-content/uploads/wwwroot/digital/webassets/form-assets/cvv-amex.svg

Request Chain 22

https://cdn1.tmbi.com/js/analytics.js HTTP 301
https://images.tmbi.com/wp-content/uploads/wwwroot/js/analytics.js

Request Chain 23

https://sb.scorecardresearch.com/c2/16404798/cs.js HTTP 302
https://sb.scorecardresearch.com/internal-c2/16404798/cs.js

Request Chain 47

https://c.clarity.ms/c.gif HTTP 302
https://c.bing.com/c.gif?CtsSyncId=D3284AD69A744735B6E6CA5FA6D05F93&RedC=c.clarity.ms&MXFR=302F98B93E8E6E6C11598AA73A8E6043 HTTP 302
https://c.clarity.ms/c.gif?CtsSyncId=D3284AD69A744735B6E6CA5FA6D05F93&MUID=29C3A8D3A8926D6433D2BACDA9406CC5

50 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request FHAN-INT-BK-2201-OP1.jsp Show response
w1.buysub.com/pubs/RM/RMB/
Redirect Chain

http://click.email.rdaenthusiast.com/?qs=5c65c7a36b7768898dd7d4184516ef28f8a914e4c11aa598d43fdc9b6059ef1fe053b967a852b5783548130cf6a6935fd9172ed51f19ff59
https://books.readersdigest.com/servlet/ConvertibleGateway?cds_mag_code=RMB&cds_page_id=263982&cds_response_key=FHTBJDU104&utm_source=email&utm_medium=firstparty&utm_campaign=fhm_20220912&utm_audie...
https://books.readersdigest.com/pubs/RM/RMB/FHAN-INT-BK-2201-OP1.jsp?cds_page_id=263982&cds_mag_code=RMB&id=1663074198083&lsid=22560803180020949&vid=1&_mid=529507&utm_medium=firstparty&ehid=f02c643...
https://w1.buysub.com/pubs/RM/RMB/FHAN-INT-BK-2201-OP1.jsp?cds_response_key=FHTBJDU104&_mid=529507&utm_medium=firstparty&id=1663074198083&utm_source=email&cds_mag_code=RMB&ehid=f02c643febe2c1eb7f7a...
https://w1.buysub.com/servlet/CookieDetector?redirectURL=https%3A%2F%2Fw1.buysub.com%2Fservlet%2FConvertibleGateway%3Fcds_mag_code%3DRMB%26cds_page_id%3D263982%26cds_response_key%3DFHTBJDU104&cds_m...
https://w1.buysub.com/servlet/CookieDetector?phase=check&redirectURL=https%3A%2F%2Fw1.buysub.com%2Fservlet%2FConvertibleGateway%3Fcds_mag_code%3DRMB%26cds_page_id%3D263982%26cds_response_key%3DFHTB...
https://w1.buysub.com/servlet/ConvertibleGateway?cds_mag_code=RMB&cds_page_id=263982&cds_response_key=FHTBJDU104
https://w1.buysub.com/pubs/RM/RMB/FHAN-INT-BK-2201-OP1.jsp?cds_page_id=263982&cds_mag_code=RMB&id=1663074199560&lsid=22560803195020955&vid=1&cds_response_key=FHTBJDU104

28 KB
12 KB

228ms
227ms

Document
text/html

198.176.166.187
CDS-GLOBAL-01

General

Check archive.org

Show headers Download Go to

Full URL

https://w1.buysub.com/pubs/RM/RMB/FHAN-INT-BK-2201-OP1.jsp?cds_page_id=263982&cds_mag_code=RMB&id=1663074199560&lsid=22560803195020955&vid=1&cds_response_key=FHTBJDU104

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

198.176.166.187 , United States, ASN397973 (CDS-GLOBAL-01, US),

Reverse DNS

w1.buysub.com

Software

Resource Hash

9f50f55bd93d4f12f268d70de0afda919737aea3c4bd33baf4d4e675b67e7068

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'none' ;
Strict-Transport-Security	max-age=31536000 ; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode = block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-cache, no-store
Connection: Keep-Alive
Content-Encoding: gzip
Content-Language: en-US
Content-Length: 11929
Content-Security-Policy: frame-ancestors 'none' ;
Content-Type: text/html;charset=ISO-8859-1
Date: Tue, 13 Sep 2022 13:03:19 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Keep-Alive: timeout=10, max=87
Pragma: no-cache
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Vary: Accept-Encoding
X-Frame-Options: DENY
X-XSS-Protection: 1; mode = block
X-content-Type-Options: nosniff

Redirect headers

Cache-Control: no-cache, no-store
Connection: Keep-Alive
Content-Language: en-US
Content-Length: 0
Content-Security-Policy: frame-ancestors 'none' ;
Date: Tue, 13 Sep 2022 13:03:19 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Keep-Alive: timeout=10, max=98
Location: https://w1.buysub.com/pubs/RM/RMB/FHAN-INT-BK-2201-OP1.jsp?cds_page_id=263982&cds_mag_code=RMB&id=1663074199560&lsid=22560803195020955&vid=1&cds_response_key=FHTBJDU104
Pragma: no-cache
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block
X-content-Type-Options: nosniff

GET
H2 200 bootstrap.min.css
maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/ 118 KB
20 KB 52ms
20ms Stylesheet
text/css 2606:4700::6812:acf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css

Requested by

Host: w1.buysub.com
URL: https://w1.buysub.com/pubs/RM/RMB/FHAN-INT-BK-2201-OP1.jsp?cds_page_id=263982&cds_mag_code=RMB&id=1663074199560&lsid=22560803195020955&vid=1&cds_response_key=FHTBJDU104

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:acf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f75e846cc83bd11432f4b1e21a45f31bc85283d11d372f7b19accd1bf6a2635c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://w1.buysub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Tue, 13 Sep 2022 13:03:20 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
cdn-edgestorageid: 632, 617, 617, 617
age: 17990236
cdn-cachedat: 2021-06-08 21:21:23
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
timing-allow-origin: *
access-control-allow-origin: *
last-modified: Mon, 25 Jan 2021 22:03:59 GMT
server: cloudflare
cdn-requestpullcode: 200
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
cdn-cache: HIT
vary: Accept-Encoding
cache-control: public, max-age=31919000
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestid: f3a3007506374a305b1a96efe5ee1490
cf-ray: 74a11516d9ff68f8-FRA
cdn-requestcountrycode: DE
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 font-awesome.min.css
maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/ 30 KB
7 KB 47ms
16ms Stylesheet
text/css 2606:4700::6812:acf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:acf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://w1.buysub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Tue, 13 Sep 2022 13:03:20 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
cdn-edgestorageid: 723
age: 20299873
cdn-cachedat: 11/15/2021 21:49:00
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cdn-proxyver: 1.0
timing-allow-origin: *
access-control-allow-origin: *
last-modified: Mon, 25 Jan 2021 22:04:55 GMT
server: cloudflare
cdn-requestpullcode: 200
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
cdn-cache: HIT
vary: Accept-Encoding
cache-control: public, max-age=31919000
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestid: 8b677d48aa464c28c0815c97adbbe174
cf-ray: 74a11516da0168f8-FRA
cdn-requestcountrycode: DE
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 css
fonts.googleapis.com/ 4 KB
1 KB 73ms
24ms Stylesheet
text/css 2a00:1450:4001:82b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Montserrat:400,700|Domine:400,700

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

cbed2d00f366c6c3853a08f4fd121be70fc1800ce80cf65c41235060bcd04ebe

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://w1.buysub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Tue, 13 Sep 2022 13:03:20 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Tue, 13 Sep 2022 13:03:20 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 13 Sep 2022 13:03:20 GMT

GET
H2 200 bm_template_1.1_min.css
images.tmbi.com/wp-content/uploads/cm/cmassets/op-templates/ 10 KB
3 KB 120ms
46ms Stylesheet
text/css 2606:4700:4400::6812:220f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://images.tmbi.com/wp-content/uploads/cm/cmassets/op-templates/bm_template_1.1_min.css
Requested by: Host: w1.buysub.com
URL: https://w1.buysub.com/pubs/RM/RMB/FHAN-INT-BK-2201-OP1.jsp?cds_page_id=263982&cds_mag_code=RMB&id=1663074199560&lsid=22560803195020955&vid=1&cds_response_key=FHTBJDU104
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:220f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e051d6a5d14e4297d875ccc104646c83cd369ef40dbc5a482044e6e11b9ad5df

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://w1.buysub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Tue, 13 Sep 2022 13:03:20 GMT
content-encoding: br
cf-cache-status: HIT
age: 24111
cf-polished: origSize=11253
x-vc-enabled: true
x-vc-ttl: 5256000
cf-bgj: minify
last-modified: Thu, 28 Apr 2022 15:04:18 GMT
server: cloudflare
etag: W/"626aacf2-2bf5"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=315360000
cf-ray: 74a115172d38693a-FRA
expires: Fri, 10 Sep 2032 13:03:20 GMT

GET
H2

200

tfh_logo_v_black.png
images.tmbi.com/wp-content/uploads/wwwroot/digital/webassets/logo-headers/
Redirect Chain

https://cdn1.tmbi.com/Digital/WebAssets/logo-headers/TFH_Logo_V_Black.png
https://images.tmbi.com/wp-content/uploads/wwwroot/digital/webassets/logo-headers/tfh_logo_v_black.png

4 KB
4 KB

40ms
39ms

Image
image/webp

2606:4700:4400::6812:220f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.tmbi.com/wp-content/uploads/wwwroot/digital/webassets/logo-headers/tfh_logo_v_black.png
Requested by: Host: w1.buysub.com
URL: https://w1.buysub.com/pubs/RM/RMB/FHAN-INT-BK-2201-OP1.jsp?cds_page_id=263982&cds_mag_code=RMB&id=1663074199560&lsid=22560803195020955&vid=1&cds_response_key=FHTBJDU104
Protocol: H2
Server: 2606:4700:4400::6812:220f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: 0f3f0bc8b29892e2dc3fc9bc3ff82979f7b885562d55f3f86bb54f92418a6dd1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://w1.buysub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Tue, 13 Sep 2022 13:03:20 GMT
cf-cache-status: HIT
age: 8567
x-powered-by: Express
x-vc-enabled: true
x-vc-ttl: 5256000
content-disposition: inline; filename="tfh_logo_v_black.webp"
content-length: 4350
cf-bgj: imgq:85,h2pri
server: cloudflare
etag: W/"1bf6-DE6+2E9fUJQnTwWwWxNPSbjZNQc"
vary: Accept
content-type: image/webp
x-cloud-trace-context: f71546140c32b8dfd74b2a4993a8ce50
cache-control: public, max-age=315360000
cf-polished: origFmt=png, origSize=7158
accept-ranges: bytes
cf-ray: 74a115187f49693a-FRA
expires: Fri, 10 Sep 2032 13:03:20 GMT

Redirect headers

date: Tue, 13 Sep 2022 13:03:20 GMT
cf-cache-status: EXPIRED
server: cloudflare
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: text/html; charset=utf-8
location: https://images.tmbi.com/wp-content/uploads/wwwroot/digital/webassets/logo-headers/tfh_logo_v_black.png
cache-control: public, max-age=3600
cf-ray: 74a11516fc4b908e-FRA
expires: Tue, 13 Sep 2022 14:03:20 GMT

GET
H2 200 cover.png
images.tmbi.com/wp-content/uploads/cm/2022/fhan-int-bk-2201-ops/ 62 KB
62 KB 1162ms
1092ms Image
image/png 2606:4700:4400::6812:220f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.tmbi.com/wp-content/uploads/cm/2022/fhan-int-bk-2201-ops/cover.png
Requested by: Host: w1.buysub.com
URL: https://w1.buysub.com/pubs/RM/RMB/FHAN-INT-BK-2201-OP1.jsp?cds_page_id=263982&cds_mag_code=RMB&id=1663074199560&lsid=22560803195020955&vid=1&cds_response_key=FHTBJDU104
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:220f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: 15b82f40638ea60b286644f0c0f8c7a6c3a7db9e453acaaff1ba18982af7cc47

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://w1.buysub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Tue, 13 Sep 2022 13:03:21 GMT
etag: W/"f745-0qwPGnIZGulVVfz4SXa60OLUJG4"
cf-cache-status: EXPIRED
server: cloudflare
x-powered-by: Express
vary: Accept-Encoding
content-type: image/png
x-cloud-trace-context: b2755e23960698bf1238fa50b00611a0
cache-control: public, max-age=315360000
x-vc-ttl: 5256000
x-vc-enabled: true
accept-ranges: bytes
cf-ray: 74a115172d3a693a-FRA
content-length: 63301
expires: Fri, 10 Sep 2032 13:03:20 GMT

GET
H2 200 burst-10freeshipping.png
images.tmbi.com/wp-content/uploads/cm/2022/fhan-int-bk-2201-ops/ 7 KB
7 KB 501ms
431ms Image
image/png 2606:4700:4400::6812:220f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.tmbi.com/wp-content/uploads/cm/2022/fhan-int-bk-2201-ops/burst-10freeshipping.png
Requested by: Host: w1.buysub.com
URL: https://w1.buysub.com/pubs/RM/RMB/FHAN-INT-BK-2201-OP1.jsp?cds_page_id=263982&cds_mag_code=RMB&id=1663074199560&lsid=22560803195020955&vid=1&cds_response_key=FHTBJDU104
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:220f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: 76d7b655bdf8cc74892be189f8ae65f36b4c335f4abc1337bb1d63b1da769b9c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://w1.buysub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Tue, 13 Sep 2022 13:03:20 GMT
etag: W/"1ae1-IQkFVisnIXpWHmraL/kc6hwK4tQ"
cf-cache-status: EXPIRED
server: cloudflare
x-powered-by: Express
vary: Accept-Encoding
content-type: image/png
x-cloud-trace-context: 7a0535b40a040bc52f70728392662a2f
cache-control: public, max-age=315360000
x-vc-ttl: 5256000
x-vc-enabled: true
accept-ranges: bytes
cf-ray: 74a115172d3d693a-FRA
content-length: 6881
expires: Fri, 10 Sep 2032 13:03:20 GMT

GET
H2 200 cardimage-1.jpg
images.tmbi.com/wp-content/uploads/cm/2022/fhan-int-bk-2201-ops/ 57 KB
57 KB 906ms
835ms Image
image/png 2606:4700:4400::6812:220f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.tmbi.com/wp-content/uploads/cm/2022/fhan-int-bk-2201-ops/cardimage-1.jpg
Requested by: Host: w1.buysub.com
URL: https://w1.buysub.com/pubs/RM/RMB/FHAN-INT-BK-2201-OP1.jsp?cds_page_id=263982&cds_mag_code=RMB&id=1663074199560&lsid=22560803195020955&vid=1&cds_response_key=FHTBJDU104
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:220f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: 3543167c2b7f233c11f30ca3a8509981ba611a5d6507e5316cc08bd7d0d20eb5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://w1.buysub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Tue, 13 Sep 2022 13:03:21 GMT
etag: W/"e41a-h8NZxGtBYYI3Saq14Eivwfmdgto"
cf-cache-status: EXPIRED
server: cloudflare
x-powered-by: Express
vary: Accept-Encoding
content-type: image/png
x-cloud-trace-context: 3ae258182a9f5f7615a242cbe7726051
cache-control: public, max-age=315360000
x-vc-ttl: 5256000
x-vc-enabled: true
accept-ranges: bytes
cf-ray: 74a115172d40693a-FRA
content-length: 58394
expires: Fri, 10 Sep 2032 13:03:20 GMT

GET
H2 200 cardimage-2.jpg
images.tmbi.com/wp-content/uploads/cm/2022/fhan-int-bk-2201-ops/ 60 KB
61 KB 1256ms
1186ms Image
image/png 2606:4700:4400::6812:220f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.tmbi.com/wp-content/uploads/cm/2022/fhan-int-bk-2201-ops/cardimage-2.jpg
Requested by: Host: w1.buysub.com
URL: https://w1.buysub.com/pubs/RM/RMB/FHAN-INT-BK-2201-OP1.jsp?cds_page_id=263982&cds_mag_code=RMB&id=1663074199560&lsid=22560803195020955&vid=1&cds_response_key=FHTBJDU104
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:220f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: 65a7b23b611e0fbb47d693237d4131850609b8727dbfe4d2c5facee4d34c99d7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://w1.buysub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Tue, 13 Sep 2022 13:03:21 GMT
etag: W/"f16b-BlPx3yw3DTM6lx38hVjAjgH3/lI"
cf-cache-status: EXPIRED
server: cloudflare
x-powered-by: Express
vary: Accept-Encoding
content-type: image/png
x-cloud-trace-context: 90044faa231f9624cab56a14acb1ec5d
cache-control: public, max-age=315360000
x-vc-ttl: 5256000
x-vc-enabled: true
accept-ranges: bytes
cf-ray: 74a115172d42693a-FRA
content-length: 61803
expires: Fri, 10 Sep 2032 13:03:21 GMT

GET
H2 200 cardimage-3b.jpg
images.tmbi.com/wp-content/uploads/cm/2022/fhan-int-bk-2201-ops/ 23 KB
23 KB 603ms
533ms Image
image/jpeg 2606:4700:4400::6812:220f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.tmbi.com/wp-content/uploads/cm/2022/fhan-int-bk-2201-ops/cardimage-3b.jpg
Requested by: Host: w1.buysub.com
URL: https://w1.buysub.com/pubs/RM/RMB/FHAN-INT-BK-2201-OP1.jsp?cds_page_id=263982&cds_mag_code=RMB&id=1663074199560&lsid=22560803195020955&vid=1&cds_response_key=FHTBJDU104
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:220f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: 36f7f4f2a363e86aa55262d9fc028256c2d516a544c8e246588daf9a79edbd1c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://w1.buysub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Tue, 13 Sep 2022 13:03:20 GMT
etag: W/"5aad-cJDc6IE/kTR9BxrWZ48ZWl0AsVg"
cf-cache-status: EXPIRED
server: cloudflare
x-powered-by: Express
vary: Accept-Encoding
content-type: image/jpeg
x-cloud-trace-context: 251658128b812e1cad77e4d696eb2486
cache-control: public, max-age=315360000
x-vc-ttl: 5256000
x-vc-enabled: true
accept-ranges: bytes
cf-ray: 74a115172d43693a-FRA
content-length: 23213
expires: Fri, 10 Sep 2032 13:03:20 GMT

GET
H2 200 cardimage-4.jpg
images.tmbi.com/wp-content/uploads/cm/2022/fhan-int-bk-2201-ops/ 20 KB
20 KB 402ms
400ms Image
image/jpeg 2606:4700:4400::6812:220f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.tmbi.com/wp-content/uploads/cm/2022/fhan-int-bk-2201-ops/cardimage-4.jpg
Requested by: Host: w1.buysub.com
URL: https://w1.buysub.com/pubs/RM/RMB/FHAN-INT-BK-2201-OP1.jsp?cds_page_id=263982&cds_mag_code=RMB&id=1663074199560&lsid=22560803195020955&vid=1&cds_response_key=FHTBJDU104
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:220f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: ac578c7acd8ddfd77f4787777fe164bf631f5e24d4fc5b9c80513349f3dc1f41

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://w1.buysub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Tue, 13 Sep 2022 13:03:20 GMT
etag: W/"5069-216pwxqverQmixagC8YdTpaOx5I"
cf-cache-status: EXPIRED
server: cloudflare
x-powered-by: Express
vary: Accept-Encoding
content-type: image/jpeg
x-cloud-trace-context: 33cbc554bdcf5fb47f2af7f4c41c3e13
cache-control: public, max-age=315360000
x-vc-ttl: 5256000
x-vc-enabled: true
accept-ranges: bytes
cf-ray: 74a115172d46693a-FRA
content-length: 20585
expires: Fri, 10 Sep 2032 13:03:20 GMT

GET
H2 200 spread-1.png
images.tmbi.com/wp-content/uploads/cm/2022/fhan-int-bk-2201-ops/ 71 KB
71 KB 934ms
932ms Image
image/png 2606:4700:4400::6812:220f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.tmbi.com/wp-content/uploads/cm/2022/fhan-int-bk-2201-ops/spread-1.png
Requested by: Host: w1.buysub.com
URL: https://w1.buysub.com/pubs/RM/RMB/FHAN-INT-BK-2201-OP1.jsp?cds_page_id=263982&cds_mag_code=RMB&id=1663074199560&lsid=22560803195020955&vid=1&cds_response_key=FHTBJDU104
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:220f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: aeacdc8495ead75ebff3d67a2afad327fc5e6da5c1f9ad1ff4ce269903dd1731

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://w1.buysub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Tue, 13 Sep 2022 13:03:21 GMT
etag: W/"11cf8-f7AXdCfTXa5k1sHsbJ/wOogPU1c"
cf-cache-status: EXPIRED
server: cloudflare
x-powered-by: Express
vary: Accept-Encoding
content-type: image/png
x-cloud-trace-context: 9edc1290276d6cc2b86f5aaec2d75b70
cache-control: public, max-age=315360000
x-vc-ttl: 5256000
x-vc-enabled: true
accept-ranges: bytes
cf-ray: 74a115172d48693a-FRA
content-length: 72952
expires: Fri, 10 Sep 2032 13:03:20 GMT

GET
H2 200 spread-2.jpg
images.tmbi.com/wp-content/uploads/cm/2022/fhan-int-bk-2201-ops/ 73 KB
73 KB 1133ms
1132ms Image
image/png 2606:4700:4400::6812:220f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.tmbi.com/wp-content/uploads/cm/2022/fhan-int-bk-2201-ops/spread-2.jpg
Requested by: Host: w1.buysub.com
URL: https://w1.buysub.com/pubs/RM/RMB/FHAN-INT-BK-2201-OP1.jsp?cds_page_id=263982&cds_mag_code=RMB&id=1663074199560&lsid=22560803195020955&vid=1&cds_response_key=FHTBJDU104
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:220f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: 2c3f053a0757db2fd37f6e0818ac6bd1c77d7a5dbc654cea0536f131ab956d6a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://w1.buysub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Tue, 13 Sep 2022 13:03:21 GMT
etag: W/"124a8-NwYmjNxM1LUgIOQyEciHrM3btQw"
cf-cache-status: EXPIRED
server: cloudflare
x-powered-by: Express
vary: Accept-Encoding
content-type: image/png
x-cloud-trace-context: 73acf4cdcf3101251fdfdb9baba5d4a8
cache-control: public, max-age=315360000
x-vc-ttl: 5256000
x-vc-enabled: true
accept-ranges: bytes
cf-ray: 74a115172d49693a-FRA
content-length: 74920
expires: Fri, 10 Sep 2032 13:03:21 GMT

GET
H2 200 glenn_hansen.jpg
images.tmbi.com/wp-content/uploads/cm/2022/fhan-int-bk-2201-ops/ 135 KB
135 KB 1535ms
1533ms Image
image/png 2606:4700:4400::6812:220f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.tmbi.com/wp-content/uploads/cm/2022/fhan-int-bk-2201-ops/glenn_hansen.jpg
Requested by: Host: w1.buysub.com
URL: https://w1.buysub.com/pubs/RM/RMB/FHAN-INT-BK-2201-OP1.jsp?cds_page_id=263982&cds_mag_code=RMB&id=1663074199560&lsid=22560803195020955&vid=1&cds_response_key=FHTBJDU104
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:220f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: e73c1bca8181696ace362f181c9339ae935aec670efbf7bbbee3d1dbaf7bee10

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://w1.buysub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Tue, 13 Sep 2022 13:03:21 GMT
etag: W/"21b04-LXfWGPuoLohFmnL2eRVDEKUWpsg"
cf-cache-status: EXPIRED
server: cloudflare
x-powered-by: Express
vary: Accept-Encoding
content-type: image/png
x-cloud-trace-context: 5f439a66a3420459a591a062cddc17e1
cache-control: public, max-age=315360000
x-vc-ttl: 5256000
x-vc-enabled: true
accept-ranges: bytes
cf-ray: 74a115172d4b693a-FRA
content-length: 137988
expires: Fri, 10 Sep 2032 13:03:21 GMT

GET
H2 200 satisfaction-badge.png
images.tmbi.com/wp-content/uploads/cm/2022/fhan-int-bk-2201-ops/ 8 KB
8 KB 421ms
420ms Image
image/png 2606:4700:4400::6812:220f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.tmbi.com/wp-content/uploads/cm/2022/fhan-int-bk-2201-ops/satisfaction-badge.png
Requested by: Host: w1.buysub.com
URL: https://w1.buysub.com/pubs/RM/RMB/FHAN-INT-BK-2201-OP1.jsp?cds_page_id=263982&cds_mag_code=RMB&id=1663074199560&lsid=22560803195020955&vid=1&cds_response_key=FHTBJDU104
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:220f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: e61d390f099975f216fb9ede2e92b686059866d28ee58cb317ce59542c1ba1e5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://w1.buysub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Tue, 13 Sep 2022 13:03:20 GMT
etag: W/"1fef-yKjSaAkUp5nbe9FpGOG2dYzSdZI"
cf-cache-status: EXPIRED
server: cloudflare
x-powered-by: Express
vary: Accept-Encoding
content-type: image/png
x-cloud-trace-context: 9c56e7c9a15c0589b95ce8b7e6718819
cache-control: public, max-age=315360000
x-vc-ttl: 5256000
x-vc-enabled: true
accept-ranges: bytes
cf-ray: 74a115172d4d693a-FRA
content-length: 8175
expires: Fri, 10 Sep 2032 13:03:20 GMT

GET
H/1.1 200
OK landing-2.js Show response
w1.buysub.com/pubs/RM/RMB/images/2014/templates/ 3 KB
4 KB 127ms
126ms Script
application/javascript 198.176.166.187
CDS-GLOBAL-01

General

Check archive.org

Show headers Download Go to

Full URL

https://w1.buysub.com/pubs/RM/RMB/images/2014/templates/landing-2.js

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

198.176.166.187 , United States, ASN397973 (CDS-GLOBAL-01, US),

Reverse DNS

w1.buysub.com

Software

Resource Hash

e470c0237e8f58ec800a6ac891bbe37a66b9979f894caf1a9526ec7691cb82fd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://w1.buysub.com/pubs/RM/RMB/FHAN-INT-BK-2201-OP1.jsp?cds_page_id=263982&cds_mag_code=RMB&id=1663074199560&lsid=22560803195020955&vid=1&cds_response_key=FHTBJDU104
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-content-Type-Options: nosniff
Last-Modified: Tue, 02 Sep 2014 12:15:38 GMT
Age: 3487
Date: Tue, 13 Sep 2022 13:03:20 GMT
X-Frame-Options: SAMEORIGIN
Content-Language: en-US
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Type: application/javascript
Keep-Alive: timeout=10, max=97
Content-Length: 3147
X-XSS-Protection: 1; mode=block

GET
H2

200

visa.svg
images.tmbi.com/wp-content/uploads/wwwroot/digital/webassets/form-assets/
Redirect Chain

https://cdn1.tmbi.com/Digital/WebAssets/form-assets/visa.svg
https://images.tmbi.com/wp-content/uploads/wwwroot/digital/webassets/form-assets/visa.svg

2 KB
951 B

32ms
30ms

Image
image/svg+xml

2606:4700:4400::6812:220f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.tmbi.com/wp-content/uploads/wwwroot/digital/webassets/form-assets/visa.svg
Requested by: Host: w1.buysub.com
URL: https://w1.buysub.com/pubs/RM/RMB/FHAN-INT-BK-2201-OP1.jsp?cds_page_id=263982&cds_mag_code=RMB&id=1663074199560&lsid=22560803195020955&vid=1&cds_response_key=FHTBJDU104
Protocol: H2
Server: 2606:4700:4400::6812:220f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ce11dfd8058f3b15799c87709a3dea0c9ed5e61f69dbcfedb453c91bc1cdf662

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://w1.buysub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Tue, 13 Sep 2022 13:03:20 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 30 Jun 2021 21:50:51 GMT
server: cloudflare
age: 16358
etag: W/"60dce73b-606"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: public, max-age=315360000
x-vc-ttl: 5256000
x-vc-enabled: true
cf-ray: 74a115187f47693a-FRA
expires: Fri, 10 Sep 2032 13:03:20 GMT

Redirect headers

date: Tue, 13 Sep 2022 13:03:20 GMT
cf-cache-status: EXPIRED
server: cloudflare
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: text/html; charset=utf-8
location: https://images.tmbi.com/wp-content/uploads/wwwroot/digital/webassets/form-assets/visa.svg
cache-control: public, max-age=3600
cf-ray: 74a11516fc4e908e-FRA
expires: Tue, 13 Sep 2022 14:03:20 GMT

GET
H2

200

mastercard.svg
images.tmbi.com/wp-content/uploads/wwwroot/digital/webassets/form-assets/
Redirect Chain

https://cdn1.tmbi.com/Digital/WebAssets/form-assets/mastercard.svg
https://images.tmbi.com/wp-content/uploads/wwwroot/digital/webassets/form-assets/mastercard.svg

10 KB
4 KB

37ms
37ms

Image
image/svg+xml

2606:4700:4400::6812:220f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.tmbi.com/wp-content/uploads/wwwroot/digital/webassets/form-assets/mastercard.svg
Requested by: Host: w1.buysub.com
URL: https://w1.buysub.com/pubs/RM/RMB/FHAN-INT-BK-2201-OP1.jsp?cds_page_id=263982&cds_mag_code=RMB&id=1663074199560&lsid=22560803195020955&vid=1&cds_response_key=FHTBJDU104
Protocol: H2
Server: 2606:4700:4400::6812:220f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7b3575882921b9234e47fb4d04e99cb05c4aab67a4f4f32cf06241d78b756dc4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://w1.buysub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Tue, 13 Sep 2022 13:03:20 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 30 Jun 2021 21:50:52 GMT
server: cloudflare
age: 24111
etag: W/"60dce73c-26eb"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: public, max-age=315360000
x-vc-ttl: 5256000
x-vc-enabled: true
cf-ray: 74a115172d4f693a-FRA
expires: Fri, 10 Sep 2032 13:03:20 GMT

Redirect headers

date: Tue, 13 Sep 2022 13:03:20 GMT
cf-cache-status: HIT
server: cloudflare
age: 53364
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: text/html; charset=utf-8
location: https://images.tmbi.com/wp-content/uploads/wwwroot/digital/webassets/form-assets/mastercard.svg
cache-control: public, max-age=3600
cf-ray: 74a11516fc50908e-FRA
expires: Tue, 13 Sep 2022 14:03:20 GMT

GET
H2

200

amex.svg
images.tmbi.com/wp-content/uploads/wwwroot/digital/webassets/form-assets/
Redirect Chain

https://cdn1.tmbi.com/Digital/WebAssets/form-assets/amex.svg
https://images.tmbi.com/wp-content/uploads/wwwroot/digital/webassets/form-assets/amex.svg

5 KB
2 KB

42ms
41ms

Image
image/svg+xml

2606:4700:4400::6812:220f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.tmbi.com/wp-content/uploads/wwwroot/digital/webassets/form-assets/amex.svg
Requested by: Host: w1.buysub.com
URL: https://w1.buysub.com/pubs/RM/RMB/FHAN-INT-BK-2201-OP1.jsp?cds_page_id=263982&cds_mag_code=RMB&id=1663074199560&lsid=22560803195020955&vid=1&cds_response_key=FHTBJDU104
Protocol: H2
Server: 2606:4700:4400::6812:220f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c8a783d6122d80aa409cc048535113cb4d7e7d7533d4b093f8d932e5d1cc7b76

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://w1.buysub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Tue, 13 Sep 2022 13:03:20 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 30 Jun 2021 21:50:52 GMT
server: cloudflare
age: 16357
etag: W/"60dce73c-13a9"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: public, max-age=315360000
x-vc-ttl: 5256000
x-vc-enabled: true
cf-ray: 74a115188f72693a-FRA
expires: Fri, 10 Sep 2032 13:03:20 GMT

Redirect headers

date: Tue, 13 Sep 2022 13:03:20 GMT
cf-cache-status: EXPIRED
server: cloudflare
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: text/html; charset=utf-8
location: https://images.tmbi.com/wp-content/uploads/wwwroot/digital/webassets/form-assets/amex.svg
cache-control: public, max-age=3600
cf-ray: 74a115172c78908e-FRA
expires: Tue, 13 Sep 2022 14:03:20 GMT

GET
H2

200

discover.svg
images.tmbi.com/wp-content/uploads/wwwroot/digital/webassets/form-assets/
Redirect Chain

https://cdn1.tmbi.com/Digital/WebAssets/form-assets/discover.svg
https://images.tmbi.com/wp-content/uploads/wwwroot/digital/webassets/form-assets/discover.svg

2 KB
1 KB

51ms
50ms

Image
image/svg+xml

2606:4700:4400::6812:220f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.tmbi.com/wp-content/uploads/wwwroot/digital/webassets/form-assets/discover.svg
Requested by: Host: w1.buysub.com
URL: https://w1.buysub.com/pubs/RM/RMB/FHAN-INT-BK-2201-OP1.jsp?cds_page_id=263982&cds_mag_code=RMB&id=1663074199560&lsid=22560803195020955&vid=1&cds_response_key=FHTBJDU104
Protocol: H2
Server: 2606:4700:4400::6812:220f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7c51c2b93b35766af6d426d2045cd059880f5655821845a7a839be43a0eb7ce6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://w1.buysub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Tue, 13 Sep 2022 13:03:20 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 30 Jun 2021 21:50:52 GMT
server: cloudflare
age: 16356
etag: W/"60dce73c-8fa"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: public, max-age=315360000
x-vc-ttl: 5256000
x-vc-enabled: true
cf-ray: 74a115176d96693a-FRA
expires: Fri, 10 Sep 2032 13:03:20 GMT

Redirect headers

date: Tue, 13 Sep 2022 13:03:20 GMT
cf-cache-status: HIT
server: cloudflare
age: 49286
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: text/html; charset=utf-8
location: https://images.tmbi.com/wp-content/uploads/wwwroot/digital/webassets/form-assets/discover.svg
cache-control: public, max-age=3600
cf-ray: 74a115172c7a908e-FRA
expires: Tue, 13 Sep 2022 14:03:20 GMT

GET
H2

200

cvv-visa-master-discover.svg
images.tmbi.com/wp-content/uploads/wwwroot/digital/webassets/form-assets/
Redirect Chain

https://cdn1.tmbi.com/Digital/WebAssets/form-assets/cvv-visa-master-discover.svg
https://images.tmbi.com/wp-content/uploads/wwwroot/digital/webassets/form-assets/cvv-visa-master-discover.svg

1 KB
621 B

43ms
43ms

Image
image/svg+xml

2606:4700:4400::6812:220f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.tmbi.com/wp-content/uploads/wwwroot/digital/webassets/form-assets/cvv-visa-master-discover.svg
Requested by: Host: w1.buysub.com
URL: https://w1.buysub.com/pubs/RM/RMB/FHAN-INT-BK-2201-OP1.jsp?cds_page_id=263982&cds_mag_code=RMB&id=1663074199560&lsid=22560803195020955&vid=1&cds_response_key=FHTBJDU104
Protocol: H2
Server: 2606:4700:4400::6812:220f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ae305c49d2cb8e8132a41adecb1aa159ef31a364eac1041f4dc95ecc4e6ed7a7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://w1.buysub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Tue, 13 Sep 2022 13:03:20 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 30 Jun 2021 21:50:52 GMT
server: cloudflare
age: 16355
etag: W/"60dce73c-4ca"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: public, max-age=315360000
x-vc-ttl: 5256000
x-vc-enabled: true
cf-ray: 74a115188f73693a-FRA
expires: Fri, 10 Sep 2032 13:03:20 GMT

Redirect headers

date: Tue, 13 Sep 2022 13:03:20 GMT
cf-cache-status: EXPIRED
server: cloudflare
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: text/html; charset=utf-8
location: https://images.tmbi.com/wp-content/uploads/wwwroot/digital/webassets/form-assets/cvv-visa-master-discover.svg
cache-control: public, max-age=3600
cf-ray: 74a115172c7b908e-FRA
expires: Tue, 13 Sep 2022 14:03:20 GMT

GET
H2

200

cvv-amex.svg
images.tmbi.com/wp-content/uploads/wwwroot/digital/webassets/form-assets/
Redirect Chain

https://cdn1.tmbi.com/Digital/WebAssets/form-assets/cvv-amex.svg
https://images.tmbi.com/wp-content/uploads/wwwroot/digital/webassets/form-assets/cvv-amex.svg

1 KB
636 B

162ms
162ms

Image
image/svg+xml

2606:4700:4400::6812:220f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.tmbi.com/wp-content/uploads/wwwroot/digital/webassets/form-assets/cvv-amex.svg
Requested by: Host: w1.buysub.com
URL: https://w1.buysub.com/pubs/RM/RMB/FHAN-INT-BK-2201-OP1.jsp?cds_page_id=263982&cds_mag_code=RMB&id=1663074199560&lsid=22560803195020955&vid=1&cds_response_key=FHTBJDU104
Protocol: H2
Server: 2606:4700:4400::6812:220f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 50419356dd4cc1db9bf337d11627ea7e07d55f021b8e8c9a04ddc76663e3eacd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://w1.buysub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Tue, 13 Sep 2022 13:03:20 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 30 Jun 2021 21:50:52 GMT
server: cloudflare
age: 16354
etag: W/"60dce73c-58a"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: public, max-age=315360000
x-vc-ttl: 5256000
x-vc-enabled: true
cf-ray: 74a115188f76693a-FRA
expires: Fri, 10 Sep 2032 13:03:20 GMT

Redirect headers

date: Tue, 13 Sep 2022 13:03:20 GMT
cf-cache-status: EXPIRED
server: cloudflare
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: text/html; charset=utf-8
location: https://images.tmbi.com/wp-content/uploads/wwwroot/digital/webassets/form-assets/cvv-amex.svg
cache-control: public, max-age=3600
cf-ray: 74a115172c7c908e-FRA
expires: Tue, 13 Sep 2022 14:03:20 GMT

GET
H2

200

analytics.js Show response
images.tmbi.com/wp-content/uploads/wwwroot/js/
Redirect Chain

https://cdn1.tmbi.com/js/analytics.js
https://images.tmbi.com/wp-content/uploads/wwwroot/js/analytics.js

9 KB
3 KB

36ms
33ms

Script
application/javascript

2606:4700:4400::6812:220f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://images.tmbi.com/wp-content/uploads/wwwroot/js/analytics.js
Requested by: Host: w1.buysub.com
URL: https://w1.buysub.com/pubs/RM/RMB/FHAN-INT-BK-2201-OP1.jsp?cds_page_id=263982&cds_mag_code=RMB&id=1663074199560&lsid=22560803195020955&vid=1&cds_response_key=FHTBJDU104
Protocol: H2
Server: 2606:4700:4400::6812:220f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f23d6ccedc83846199f4fe8dda63224374ac30145b10bd44b5fd9140a1871ab0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://w1.buysub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Tue, 13 Sep 2022 13:03:20 GMT
content-encoding: br
cf-cache-status: HIT
age: 49287
cf-polished: origSize=11088
x-vc-enabled: true
x-vc-ttl: 5256000
cf-bgj: minify
last-modified: Mon, 28 Jun 2021 13:40:01 GMT
server: cloudflare
etag: W/"60d9d131-2b50"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=315360000
cf-ray: 74a115172d45693a-FRA
expires: Fri, 10 Sep 2032 13:03:20 GMT

Redirect headers

date: Tue, 13 Sep 2022 13:03:20 GMT
cf-cache-status: HIT
server: cloudflare
age: 41321
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: text/html; charset=utf-8
location: https://images.tmbi.com/wp-content/uploads/wwwroot/js/analytics.js
cache-control: public, max-age=3600
cf-ray: 74a11516fc4a908e-FRA
expires: Tue, 13 Sep 2022 14:03:20 GMT

GET
H2

200

cs.js Show response
sb.scorecardresearch.com/internal-c2/16404798/
Redirect Chain

https://sb.scorecardresearch.com/c2/16404798/cs.js
https://sb.scorecardresearch.com/internal-c2/16404798/cs.js

15 KB
6 KB

10ms
10ms

Script
application/javascript

99.86.4.2
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://sb.scorecardresearch.com/internal-c2/16404798/cs.js
Requested by: Host: w1.buysub.com
URL: https://w1.buysub.com/pubs/RM/RMB/FHAN-INT-BK-2201-OP1.jsp?cds_page_id=263982&cds_mag_code=RMB&id=1663074199560&lsid=22560803195020955&vid=1&cds_response_key=FHTBJDU104
Protocol: H2
Server: 99.86.4.2 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-4-2.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 3488e64ce2ef1b34a20fb0dada520a32a172db9328c9732065316656a4badb8d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://w1.buysub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Tue, 13 Sep 2022 13:02:59 GMT
content-encoding: gzip
etag: W/"98915e4f63a37ee50e41bac80ee9105d"
last-modified: Mon, 01 Mar 2021 20:41:06 GMT
server: AmazonS3
age: 21
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 a56d6b55603697d6c44b19d4f907baaa.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA6-C1
x-amz-cf-id: HxmhFOK0uAmvMBPSZL9gAfT7IWLFWCV4kohNz3KqyGG5vVve9xRgNg==

Redirect headers

location: /internal-c2/16404798/cs.js
date: Tue, 13 Sep 2022 13:03:20 GMT
via: 1.1 a56d6b55603697d6c44b19d4f907baaa.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA6-C1
content-length: 0
x-amz-cf-id: anIcPoPp-ydxGT18yd7TnP3vd2OpzItKXlh6H5h4_zfJyZU3fTzpFw==
x-cache: Miss from cloudfront

GET
H2 200 conversion.js Show response
www.googleadservices.com/pagead/ 45 KB
17 KB 130ms
78ms Script
text/javascript 142.250.74.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.74.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s02-in-f2.1e100.net

Software

cafe /

Resource Hash

54f3a516d9c95e0d4155c18c7555b6ab5d8b521c4a363fec0f31c900535a4bf1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://w1.buysub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Tue, 13 Sep 2022 13:03:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17396
x-xss-protection: 0
server: cafe
etag: 16286937264090633215
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Tue, 13 Sep 2022 13:03:20 GMT

GET
H2 200 bg.jpg
images.tmbi.com/wp-content/uploads/cm/2022/fhan-int-bk-2201-ops/ 12 KB
12 KB 580ms
580ms Image
image/jpeg 2606:4700:4400::6812:220f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.tmbi.com/wp-content/uploads/cm/2022/fhan-int-bk-2201-ops/bg.jpg
Requested by: Host: w1.buysub.com
URL: https://w1.buysub.com/pubs/RM/RMB/FHAN-INT-BK-2201-OP1.jsp?cds_page_id=263982&cds_mag_code=RMB&id=1663074199560&lsid=22560803195020955&vid=1&cds_response_key=FHTBJDU104
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:220f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: a123558bd21e390aae081f5f76d1dfd10fdb479d3941f3fc8114ea6a6e889955

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://w1.buysub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Tue, 13 Sep 2022 13:03:20 GMT
etag: W/"2ffe-1K+J35F7KNouKQnkQl7Fh4KfolE"
cf-cache-status: EXPIRED
server: cloudflare
x-powered-by: Express
vary: Accept-Encoding
content-type: image/jpeg
x-cloud-trace-context: eb6732e4656860538f89a40660feed0b
cache-control: public, max-age=315360000
x-vc-ttl: 5256000
x-vc-enabled: true
accept-ranges: bytes
cf-ray: 74a115177db8693a-FRA
content-length: 12286
expires: Fri, 10 Sep 2032 13:03:20 GMT

GET
H2 200 icon-bullet.png
images.tmbi.com/wp-content/uploads/cm/2022/fhan-int-bk-2201-ops/ 380 B
503 B 395ms
395ms Image
image/png 2606:4700:4400::6812:220f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.tmbi.com/wp-content/uploads/cm/2022/fhan-int-bk-2201-ops/icon-bullet.png
Requested by: Host: w1.buysub.com
URL: https://w1.buysub.com/pubs/RM/RMB/FHAN-INT-BK-2201-OP1.jsp?cds_page_id=263982&cds_mag_code=RMB&id=1663074199560&lsid=22560803195020955&vid=1&cds_response_key=FHTBJDU104
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:220f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: 428f940f4963da055a0afee7c1456b24c33cb854d3bcbf7ad7ba75ffe1a6a7c2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://w1.buysub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Tue, 13 Sep 2022 13:03:20 GMT
etag: W/"17c-xg54NmVzqzWUDuFFWmOm/OXO9+M"
cf-cache-status: EXPIRED
server: cloudflare
x-powered-by: Express
vary: Accept-Encoding
content-type: image/png
x-cloud-trace-context: 301e4968c5333d922f8bfc3953672553
cache-control: public, max-age=315360000
x-vc-ttl: 5256000
x-vc-enabled: true
accept-ranges: bytes
cf-ray: 74a115177dbb693a-FRA
content-length: 380
expires: Fri, 10 Sep 2032 13:03:20 GMT

GET
H2 200 L0x8DFMnlVwD4h3hu_qn.woff2
fonts.gstatic.com/s/domine/v19/ 27 KB
28 KB 58ms
14ms Font
font/woff2 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/domine/v19/L0x8DFMnlVwD4h3hu_qn.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Montserrat:400,700|Domine:400,700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

02fbcf6cd136ae3bfc98aecbbc0f0b1f348c05d96390d63a89cdc323a6dda70c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://w1.buysub.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Mon, 12 Sep 2022 04:24:02 GMT
x-content-type-options: nosniff
age: 117558
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27624
x-xss-protection: 0
last-modified: Mon, 11 Jul 2022 19:06:59 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 12 Sep 2023 04:24:02 GMT

GET
H3 200 fontawesome-webfont.woff2
maxcdn.bootstrapcdn.com/font-awesome/4.7.0/fonts/ 75 KB
76 KB 32ms
18ms Font
font/woff2 2606:4700::6812:acf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/fonts/fontawesome-webfont.woff2?v=4.7.0

Requested by

Host: maxcdn.bootstrapcdn.com
URL: https://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6812:acf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css
Origin: https://w1.buysub.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Tue, 13 Sep 2022 13:03:20 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
cdn-edgestorageid: 752
age: 190475
cdn-proxyver: 1.02
cdn-cachedat: 08/17/2022 18:20:14
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 77160
timing-allow-origin: *
access-control-allow-origin: *
last-modified: Mon, 25 Jan 2021 22:04:55 GMT
server: cloudflare
cdn-requestpullcode: 200
etag: "af7ae505a9eed503f8b8e6982036873e"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: font/woff2
cdn-cache: HIT
vary: Accept-Encoding
cache-control: public, max-age=31919000
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestid: 3c94b90a82ac44fa97b379388f2073f3
accept-ranges: bytes
cf-ray: 74a115179b49996e-FRA
cdn-requestcountrycode: DE
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 204 b
sb.scorecardresearch.com/ 0
190 B 14ms
12ms Image
text/plain 99.86.4.2
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sb.scorecardresearch.com/b?c1=2&c2=16404798&ns_site=rdna&_site=bhe&name=BHE%3A%20%20Family%20Handyman%20Best%20Tips%20%26%20Projects%202022%20%7C%20Family%20Handyman%20(%2Fpubs%2Frm%2Frmb%2Ffhan-int-bk-2201-op1.jsp)&ns_campaign=&campaign=&internal_tracking_id=FHTBJDU104&category=Orders&subcat=Magazines&subsubcat=CDS&server_name=CDS&prod_id=RMB&prod_view=true&ns__t=1663074200402&ns_c=windows-1252&c8=Family%20Handyman%20Best%20Tips%20%26%20Projects%202022%20%7C%20Family%20Handyman&c7=https%3A%2F%2Fw1.buysub.com%2Fpubs%2FRM%2FRMB%2FFHAN-INT-BK-2201-OP1.jsp%3Fcds_page_id%3D263982%26cds_mag_code%3DRMB%26id%3D1663074199560%26lsid%3D22560803195020955%26vid%3D1%26cds_response_key%3DFHTBJDU104&c9=
Requested by: Host: w1.buysub.com
URL: https://w1.buysub.com/pubs/RM/RMB/FHAN-INT-BK-2201-OP1.jsp?cds_page_id=263982&cds_mag_code=RMB&id=1663074199560&lsid=22560803195020955&vid=1&cds_response_key=FHTBJDU104
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.4.2 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-4-2.fra6.r.cloudfront.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://w1.buysub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Tue, 13 Sep 2022 13:03:20 GMT
via: 1.1 a56d6b55603697d6c44b19d4f907baaa.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA6-C1
x-amz-cf-id: ayNdItdav7KxwC-xAX03cz33ICZvpnM7jM_DtALWw6E8qRhV--AQqw==
x-cache: Miss from cloudfront

GET
H2 200 ATRK_2DF0B21A_min.js Show response
js.acq.io/ 23 KB
7 KB 83ms
15ms Script
application/x-javascript 143.204.215.91
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://js.acq.io/ATRK_2DF0B21A_min.js
Requested by: Host: w1.buysub.com
URL: https://w1.buysub.com/pubs/RM/RMB/FHAN-INT-BK-2201-OP1.jsp?cds_page_id=263982&cds_mag_code=RMB&id=1663074199560&lsid=22560803195020955&vid=1&cds_response_key=FHTBJDU104
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.215.91 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-215-91.fra53.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 52ff3933ee68fa840a657f335f173539d5b8ed92bd1db2d9d9919e931dd8340c

Request headers

Referer: https://w1.buysub.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date: Tue, 13 Sep 2022 13:03:20 GMT
content-encoding: gzip
last-modified: Thu, 28 Jan 2021 18:59:33 GMT
server: AmazonS3
age: 21
etag: W/"bcfefda39bbff5fc3c396a7d195aef63"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/x-javascript
via: 1.1 110641d379117242a91443ac729d6dee.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA53-C1
x-amz-cf-id: o4860Hzi7syEyVqerEnRLz7MZHmFE5HoxXxRQSlXUJxIIvMRV7DXZg==

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/1016027490/ 3 KB
2 KB 122ms
55ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1016027490/?random=1663074200623&cv=9&fst=1663074200623&num=1&guid=ON&resp=GooglemKTybQhCsO&eid=375603260&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fw1.buysub.com%2Fpubs%2FRM%2FRMB%2FFHAN-INT-BK-2201-OP1.jsp%3Fcds_page_id%3D263982%26cds_mag_code%3DRMB%26id%3D1663074199560%26lsid%3D22560803195020955%26vid%3D1%26cds_response_key%3DFHTBJDU104&tiba=Family%20Handyman%20Best%20Tips%20%26%20Projects%202022%20%7C%20Family%20Handyman&hn=www.googleadservices.com&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

84440692afe812d872ea96075efd5b9b758746fca2cc1fc1fe6d2c64ec2728b4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://w1.buysub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 13 Sep 2022 13:03:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1141
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 100 KB
27 KB 50ms
11ms Script
application/x-javascript 2a03:2880:f02d:100:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

5ae95e748ad12444cd760e245c02264cea3e8deb41fabd95f1e0784b81f72783

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://w1.buysub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length: 26737
x-xss-protection: 0
pragma: public
x-fb-debug: Ly4t9maFcuDotMO490olGDNW8ZnlRx7fPbFEN1mQOviLh+enCA156A6YRrthLaEM38kZZJ0OhAhxPWDLR8Z1Mg==
x-fb-trip-id: 917726464
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Tue, 13 Sep 2022 13:03:20 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 bat.js Show response
bat.bing.com/ 38 KB
12 KB 75ms
34ms Script
application/javascript 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/bat.js

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

12dd3e968ced8f01649560da4cf975edff617d25ba4585dda428377529220da0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://w1.buysub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
last-modified: Thu, 28 Jul 2022 17:32:37 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 3AE0B1B00E774F17BC6EB015E3520558 Ref B: FRAEDGE1315 Ref C: 2022-09-13T13:03:20Z
etag: "80a8697a8a2d81:0"
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript
access-control-allow-origin: *
cache-control: private,max-age=1800
date: Tue, 13 Sep 2022 13:03:19 GMT
accept-ranges: bytes
content-length: 11367

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 124 KB
46 KB 100ms
35ms Script
application/javascript 2a00:1450:4001:801::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-KNHD368

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

42a0a80760dc7c9261894e89ea8205cb1fe47427c1af3b17eadfa55860cc635b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://w1.buysub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Tue, 13 Sep 2022 13:03:20 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 46646
x-xss-protection: 0
last-modified: Tue, 13 Sep 2022 12:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 13 Sep 2022 13:03:20 GMT

GET
H/1.1 200
OK conversen-SDK.js Show response
sts.eccmp.com/sts/scripts/ 15 KB
8 KB 602ms
185ms Script
application/javascript 63.148.46.76
ASN-CHEETA-MAIL

General

Check archive.org

Show headers Download Go to

Full URL: https://sts.eccmp.com/sts/scripts/conversen-SDK.js
Requested by: Host: w1.buysub.com
URL: https://w1.buysub.com/pubs/RM/RMB/FHAN-INT-BK-2201-OP1.jsp?cds_page_id=263982&cds_mag_code=RMB&id=1663074199560&lsid=22560803195020955&vid=1&cds_response_key=FHTBJDU104
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 63.148.46.76 Des Moines, United States, ASN53316 (ASN-CHEETA-MAIL, US),
Reverse DNS: xts.eccmp.com
Software: /
Resource Hash: 735ace838c4f02a810a79d750fa248e3f70fa9483a4ede6f8f123bf6a314a4f3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://w1.buysub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date: Tue, 13 Sep 2022 13:03:21 GMT
Content-Encoding: gzip
Last-Modified: Fri, 09 Sep 2022 18:56:58 GMT
Server
Age: 4005
X-Powered-By
ETag: "039c4ef7dc4d81:0"
Vary: Accept-Encoding
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 7528

GET
H3 200 275149521201947 Show response
connect.facebook.net/signals/config/ 293 KB
84 KB 95ms
83ms Script
application/x-javascript 2a03:2880:f02d:100:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/275149521201947?v=2.9.79&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f02d:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

2a734a58cb9447a5b38f5a7d2532eb6b22d9d195b9a43734b1afa2ffcf4c996e

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://w1.buysub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
x-xss-protection: 0
pragma: public
x-fb-debug: YUGwGk/FWHPLrFHkboURojJpik2Ds2t/X7WjzGsy/zQ4TPOeNWVOl8RmNXo3VQ1DQVQKDIV2lB9nPfeTXJermA==
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Tue, 13 Sep 2022 13:03:20 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 5221199.js Show response
bat.bing.com/p/action/ 1 KB
841 B 166ms
166ms Script
application/javascript 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/p/action/5221199.js

Requested by

Host: bat.bing.com
URL: https://bat.bing.com/bat.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

77a35607386444baab56d6cb7c2896f1abb5deb86c1a10feb661517b23a6a6e4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://w1.buysub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 4C26123C8D884FC8925303801055AEC6 Ref B: FRAEDGE1315 Ref C: 2022-09-13T13:03:20Z
date: Tue, 13 Sep 2022 13:03:20 GMT
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: private,max-age=60
content-length: 666

GET
H2 204 0
bat.bing.com/action/ 0
175 B 32ms
31ms Image
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bat.bing.com/action/0?ti=5221199&Ver=2&mid=e5a4767a-adfe-42bf-9ff3-6baea2767ef9&sid=7131c950336411ed8b0399e5bab0cf1b&vid=7131d6c0336411ed842f8feea5ee2d2d&vids=1&msclkid=N&pi=1200101525&lg=en-US&sw=1600&sh=1200&sc=24&tl=Family%20Handyman%20Best%20Tips%20%26%20Projects%202022%20%7C%20Family%20Handyman&p=https%3A%2F%2Fw1.buysub.com%2Fpubs%2FRM%2FRMB%2FFHAN-INT-BK-2201-OP1.jsp%3Fcds_page_id%3D263982%26cds_mag_code%3DRMB%26id%3D1663074199560%26lsid%3D22560803195020955%26vid%3D1%26cds_response_key%3DFHTBJDU104&r=&lt=3607&evt=pageLoad&sv=1&rn=94907

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://w1.buysub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains; preload
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 4F38B7628CD3476BABD8F1C12A81F69B Ref B: FRAEDGE1315 Ref C: 2022-09-13T13:03:20Z
date: Tue, 13 Sep 2022 13:03:19 GMT
x-cache: CONFIG_NOCACHE
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/1016027490/ 42 B
548 B 71ms
33ms Image
image/gif 2a00:1450:4001:82f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/1016027490/?random=1663074200623&cv=9&fst=1663074000000&num=1&guid=ON&eid=375603260&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&sendb=1&frm=0&url=https%3A%2F%2Fw1.buysub.com%2Fpubs%2FRM%2FRMB%2FFHAN-INT-BK-2201-OP1.jsp%3Fcds_page_id%3D263982%26cds_mag_code%3DRMB%26id%3D1663074199560%26lsid%3D22560803195020955%26vid%3D1%26cds_response_key%3DFHTBJDU104&tiba=Family%20Handyman%20Best%20Tips%20%26%20Projects%202022%20%7C%20Family%20Handyman&fmt=3&is_vtc=1&random=1333865948&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://w1.buysub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 13 Sep 2022 13:03:20 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/1016027490/ 42 B
548 B 82ms
33ms Image
image/gif 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/1016027490/?random=1663074200623&cv=9&fst=1663074000000&num=1&guid=ON&eid=375603260&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&sendb=1&frm=0&url=https%3A%2F%2Fw1.buysub.com%2Fpubs%2FRM%2FRMB%2FFHAN-INT-BK-2201-OP1.jsp%3Fcds_page_id%3D263982%26cds_mag_code%3DRMB%26id%3D1663074199560%26lsid%3D22560803195020955%26vid%3D1%26cds_response_key%3DFHTBJDU104&tiba=Family%20Handyman%20Best%20Tips%20%26%20Projects%202022%20%7C%20Family%20Handyman&fmt=3&is_vtc=1&random=1333865948&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://w1.buysub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 13 Sep 2022 13:03:20 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 81ms
25ms Script
text/javascript 2a00:1450:4001:809::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KNHD368

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://w1.buysub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 13 Apr 2022 21:02:38 GMT
server: Golfe2
age: 80
date: Tue, 13 Sep 2022 13:02:00 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Tue, 13 Sep 2022 15:02:00 GMT

GET
H2 200 /
www.facebook.com/tr/ 44 B
297 B 38ms
10ms Image
image/gif 2a03:2880:f12d:181:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=275149521201947&ev=PageView&dl=https%3A%2F%2Fw1.buysub.com%2Fpubs%2FRM%2FRMB%2FFHAN-INT-BK-2201-OP1.jsp%3Fcds_page_id%3D263982%26cds_mag_code%3DRMB%26id%3D1663074199560%26lsid%3D22560803195020955%26vid%3D1%26cds_response_key%3DFHTBJDU104&rl=&if=false&ts=1663074200843&sw=1600&sh=1200&v=2.9.79&r=stable&ec=0&o=30&fbp=fb.1.1663074200841.1716415061&it=1663074200703&coo=false&rqm=GET

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://w1.buysub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Tue, 13 Sep 2022 13:03:20 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 44
expires: Tue, 13 Sep 2022 13:03:20 GMT

GET
H2 200 5221199 Show response
www.clarity.ms/tag/uet/ 2 KB
2 KB 160ms
121ms Script
application/x-javascript 2620:1ec:27::cafe:2093
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.clarity.ms/tag/uet/5221199
Requested by: Host: bat.bing.com
URL: https://bat.bing.com/p/action/5221199.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:27::cafe:2093 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: / ASP.NET
Resource Hash: ddb1bc03f195979f005f6ff535d8b9258623350511fa33c4d394e7dd07dacf3d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://w1.buysub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Tue, 13 Sep 2022 13:03:20 GMT
x-powered-by: ASP.NET
x-azure-ref: 0mH8gYwAAAABgOhu9889aR6qYdba+Cgh5TVVDMzBFREdFMDYxNwA2Y2ZiZWVlMC01MDI3LTQ4NGItODk2Ny00YTI5YWY3N2YxZTE=
x-cache: CONFIG_NOCACHE
content-type: application/x-javascript
expires: -1
cache-control: no-cache, no-store
request-context: appId=cid-v1:dfa4d45a-f309-4181-9ede-77e6e6c0ecf0

GET
H2 200 clarity.js Show response
www.clarity.ms/eus-f/s/0.6.40/ 54 KB
23 KB 111ms
110ms Script
application/javascript 2620:1ec:27::cafe:2093
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.clarity.ms/eus-f/s/0.6.40/clarity.js
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/tag/uet/5221199
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:27::cafe:2093 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: / ASP.NET
Resource Hash: bbffae0d03e6d48b808856596e595ab718c08bbc4476e7323bfcff4a6f833260

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://w1.buysub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Tue, 13 Sep 2022 13:03:20 GMT
content-encoding: br
etag: "1d8bd4806fdad30"
last-modified: Wed, 01 Jun 2022 12:22:22 GMT
x-powered-by: ASP.NET
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript;charset=utf-8
cache-control: public,max-age=86400
x-azure-ref: 0mX8gYwAAAACjk7lKUq4zSo/i2pkaKK4aTVVDMzBFREdFMDYxNwA2Y2ZiZWVlMC01MDI3LTQ4NGItODk2Ny00YTI5YWY3N2YxZTE=
accept-ranges: bytes
request-context: appId=cid-v1:dfa4d45a-f309-4181-9ede-77e6e6c0ecf0

GET
H/1.1 200
OK 795 Show response
sts.eccmp.com/wts/WebEvent/GetCookieExpiry/ 35 B
427 B 457ms
94ms XHR
text/xml 63.148.46.76
ASN-CHEETA-MAIL

General

Check archive.org

Show headers Download Go to

Full URL: https://sts.eccmp.com/wts/WebEvent/GetCookieExpiry/795
Requested by: Host: sts.eccmp.com
URL: https://sts.eccmp.com/sts/scripts/conversen-SDK.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 63.148.46.76 Des Moines, United States, ASN53316 (ASN-CHEETA-MAIL, US),
Reverse DNS: xts.eccmp.com
Software: /
Resource Hash: 61339a21fa71d17d0dfebceba08dc76ce605e73f65a88438397483478d953aae

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://w1.buysub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date: Tue, 13 Sep 2022 13:03:21 GMT
X-AspNetMvc-Version: 3.0
Server
X-Powered-By
Content-Type: text/xml; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: private
Connection: keep-alive
Content-Length: 35

POST
H2 204 collect Show response
m.clarity.ms/ 0
174 B 499ms
280ms XHR
text/plain 20.120.124.64
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://m.clarity.ms/collect
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/eus-f/s/0.6.40/clarity.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.120.124.64 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://w1.buysub.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

access-control-allow-origin: https://w1.buysub.com
date: Tue, 13 Sep 2022 13:03:21 GMT
access-control-allow-credentials: true
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
request-context: appId=cid-v1:dfa4d45a-f309-4181-9ede-77e6e6c0ecf0

GET
H2

200

c.gif
c.clarity.ms/
Redirect Chain

https://c.clarity.ms/c.gif
https://c.bing.com/c.gif?CtsSyncId=D3284AD69A744735B6E6CA5FA6D05F93&RedC=c.clarity.ms&MXFR=302F98B93E8E6E6C11598AA73A8E6043
https://c.clarity.ms/c.gif?CtsSyncId=D3284AD69A744735B6E6CA5FA6D05F93&MUID=29C3A8D3A8926D6433D2BACDA9406CC5

42 B
368 B

28ms
28ms

Image
image/gif

20.234.93.27
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.clarity.ms/c.gif?CtsSyncId=D3284AD69A744735B6E6CA5FA6D05F93&MUID=29C3A8D3A8926D6433D2BACDA9406CC5
Protocol: H2
Server: 20.234.93.27 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://w1.buysub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 13 Sep 2022 13:03:21 GMT
last-modified: Wed, 17 Aug 2022 23:56:46 GMT
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
etag: "de363c295b2d81:0"
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control: private, no-cache, proxy-revalidate, no-store
accept-ranges: bytes
content-type: image/gif
content-length: 42

Redirect headers

pragma: no-cache
date: Tue, 13 Sep 2022 13:03:21 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 38F6DB94B076455BB759F1CAB5F1BE0C Ref B: FRAEDGE1315 Ref C: 2022-09-13T13:03:21Z
x-powered-by: ASP.NET
x-cache: CONFIG_NOCACHE
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
location: https://c.clarity.ms/c.gif?CtsSyncId=D3284AD69A744735B6E6CA5FA6D05F93&MUID=29C3A8D3A8926D6433D2BACDA9406CC5
cache-control: private, no-cache, proxy-revalidate, no-store
content-length: 0

GET
H3 200 /
www.facebook.com/tr/ 44 B
91 B 18ms
8ms Image
image/gif 2a03:2880:f12d:181:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=275149521201947&ev=Microdata&dl=https%3A%2F%2Fw1.buysub.com%2Fpubs%2FRM%2FRMB%2FFHAN-INT-BK-2201-OP1.jsp%3Fcds_page_id%3D263982%26cds_mag_code%3DRMB%26id%3D1663074199560%26lsid%3D22560803195020955%26vid%3D1%26cds_response_key%3DFHTBJDU104&rl=&if=false&ts=1663074202346&cd[DataLayer]=%5B%5D&cd[Meta]=%7B%22title%22%3A%22Family%20Handyman%20Best%20Tips%20%26%20Projects%202022%20%7C%20Family%20Handyman%22%7D&cd[OpenGraph]=%7B%7D&cd[Schema.org]=%5B%5D&cd[JSON-LD]=%5B%5D&sw=1600&sh=1200&v=2.9.79&r=stable&ec=1&o=30&fbp=fb.1.1663074200841.1716415061&it=1663074200703&coo=false&es=automatic&tm=3&rqm=GET

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f12d:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://w1.buysub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Tue, 13 Sep 2022 13:03:22 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
content-length: 44
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
priority: u=3,i
expires: Tue, 13 Sep 2022 13:03:22 GMT

Verdicts & Comments Add Verdict or Comment

111 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

24 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
w1.buysub.com/servlet	1969-12-31 23:59:59	Name: CookieDetector.txt Value: https://w1.buysub.com/servlet/ConvertibleGateway?cds_mag_code=RMB&cds_page_id=263982&cds_response_key=FHTBJDU104
books.readersdigest.com/	1969-12-31 23:59:59	Name: JSESSIONID Value: 0000M-ctdzKH5d7dCKXtHr39LoJ:1dgnqdhdr
.books.readersdigest.com/	1969-12-31 23:59:59	Name: TS017badfe Value: 01c449994b9615ea533ab3a5d806a8c9af7ce38ba8ed141c6a90a85ad8161682c86f86ab881599e08a96138c096050e021eb6389c45657fa2803022865a81376cb99c8c626
w1.buysub.com/	1969-12-31 23:59:59	Name: JSESSIONID Value: 0000jIDGns2QGpsamPDWWfbpdPg:1dgnqdhdr
.w1.buysub.com/	1969-12-31 23:59:59	Name: TS011e85fb Value: 01c449994bb9ed898c76bf2169fc742521231ca76b344b7e2a1a58f534ed57d26cb8dcf87a1007fe6f6470a25d17203f89bb77518fa9436100c61a2a965bd3a0bee7b00ad4a323065a155976a97310edcb8eebdbe3
.buysub.com/	1969-12-31 23:59:59	Name: AnalyticsState Value:
.buysub.com/	1970-01-20 15:33:54	Name: ATRK_a Value: 37d1c41e873b40788fdd93b78402c00f.1
.buysub.com/	1969-12-31 23:59:59	Name: ATRK_t Value: 1
.buysub.com/	1970-01-20 05:57:56	Name: ATRK_y Value: 1
.bing.com/	1970-01-20 15:19:30	Name: MUID Value: 29C3A8D3A8926D6433D2BACDA9406CC5
.buysub.com/	1970-01-20 05:59:20	Name: _uetsid Value: 7131c950336411ed8b0399e5bab0cf1b
.buysub.com/	1970-01-20 15:19:30	Name: _uetvid Value: 7131d6c0336411ed842f8feea5ee2d2d
.doubleclick.net/	1970-01-20 05:57:55	Name: test_cookie Value: CheckForPermission
.buysub.com/	1970-01-20 08:07:30	Name: _fbp Value: fb.1.1663074200841.1716415061
.buysub.com/	1970-01-20 15:33:54	Name: _ga Value: GA1.2.1616260533.1663074201
.buysub.com/	1970-01-20 05:59:20	Name: _gid Value: GA1.2.1868382171.1663074201
www.clarity.ms/	1970-01-20 14:43:30	Name: CLID Value: e78577bf5e6549c391210199fc1acaf5.20220913.20230913
.buysub.com/	1970-01-20 14:43:30	Name: _clck Value: lwcg8o\|1\|f4u\|0
.buysub.com/	1970-01-20 06:07:59	Name: xyz_cr_795_et_100 Value: =&cr=795&et=100
.buysub.com/	1970-01-20 05:59:20	Name: _clsk Value: 1na05vd\|1663074201773\|1\|1\|m.clarity.ms/collect
.c.bing.com/	1970-01-20 15:19:30	Name: SRM_B Value: 29C3A8D3A8926D6433D2BACDA9406CC5
.c.clarity.ms/	1969-12-31 23:59:59	Name: SM Value: C
.clarity.ms/	1970-01-20 15:19:30	Name: MUID Value: 29C3A8D3A8926D6433D2BACDA9406CC5
.c.clarity.ms/	1970-01-20 05:57:54	Name: ANONCHK Value: 0

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	warning	URL: https://w1.buysub.com/pubs/RM/RMB/FHAN-INT-BK-2201-OP1.jsp?cds_page_id=263982&cds_mag_code=RMB&id=1663074199560&lsid=22560803195020955&vid=1&cds_response_key=FHTBJDU104(Line 380) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://js.acq.io/ATRK_2DF0B21A_min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://w1.buysub.com/pubs/RM/RMB/FHAN-INT-BK-2201-OP1.jsp?cds_page_id=263982&cds_mag_code=RMB&id=1663074199560&lsid=22560803195020955&vid=1&cds_response_key=FHTBJDU104(Line 380) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://js.acq.io/ATRK_2DF0B21A_min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	frame-ancestors 'none' ;
Strict-Transport-Security	max-age=31536000 ; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode = block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

bat.bing.com
books.readersdigest.com
c.bing.com
c.clarity.ms
cdn1.tmbi.com
click.email.rdaenthusiast.com
connect.facebook.net
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
images.tmbi.com
js.acq.io
m.clarity.ms
maxcdn.bootstrapcdn.com
sb.scorecardresearch.com
sts.eccmp.com
w1.buysub.com
www.clarity.ms
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
142.250.74.194
143.204.215.91
198.176.166.187
198.176.166.216
20.120.124.64
20.234.93.27
2606:4700:4400::6812:220f
2606:4700:4400::ac40:99f1
2606:4700::6812:acf
2620:1ec:27::cafe:2093
2620:1ec:c11::200
2a00:1450:4001:801::2008
2a00:1450:4001:803::2003
2a00:1450:4001:809::200e
2a00:1450:4001:811::2002
2a00:1450:4001:813::2003
2a00:1450:4001:82b::200a
2a00:1450:4001:82f::2004
2a03:2880:f02d:100:face:b00c:0:3
2a03:2880:f12d:181:face:b00c:0:25de
63.148.46.76
68.232.203.70
99.86.4.2
02fbcf6cd136ae3bfc98aecbbc0f0b1f348c05d96390d63a89cdc323a6dda70c
0f3f0bc8b29892e2dc3fc9bc3ff82979f7b885562d55f3f86bb54f92418a6dd1
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
12dd3e968ced8f01649560da4cf975edff617d25ba4585dda428377529220da0
15b82f40638ea60b286644f0c0f8c7a6c3a7db9e453acaaff1ba18982af7cc47
2a734a58cb9447a5b38f5a7d2532eb6b22d9d195b9a43734b1afa2ffcf4c996e
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
2c3f053a0757db2fd37f6e0818ac6bd1c77d7a5dbc654cea0536f131ab956d6a
3488e64ce2ef1b34a20fb0dada520a32a172db9328c9732065316656a4badb8d
3543167c2b7f233c11f30ca3a8509981ba611a5d6507e5316cc08bd7d0d20eb5
36f7f4f2a363e86aa55262d9fc028256c2d516a544c8e246588daf9a79edbd1c
428f940f4963da055a0afee7c1456b24c33cb854d3bcbf7ad7ba75ffe1a6a7c2
42a0a80760dc7c9261894e89ea8205cb1fe47427c1af3b17eadfa55860cc635b
50419356dd4cc1db9bf337d11627ea7e07d55f021b8e8c9a04ddc76663e3eacd
52ff3933ee68fa840a657f335f173539d5b8ed92bd1db2d9d9919e931dd8340c
54f3a516d9c95e0d4155c18c7555b6ab5d8b521c4a363fec0f31c900535a4bf1
5ae95e748ad12444cd760e245c02264cea3e8deb41fabd95f1e0784b81f72783
61339a21fa71d17d0dfebceba08dc76ce605e73f65a88438397483478d953aae
65a7b23b611e0fbb47d693237d4131850609b8727dbfe4d2c5facee4d34c99d7
735ace838c4f02a810a79d750fa248e3f70fa9483a4ede6f8f123bf6a314a4f3
76d7b655bdf8cc74892be189f8ae65f36b4c335f4abc1337bb1d63b1da769b9c
77a35607386444baab56d6cb7c2896f1abb5deb86c1a10feb661517b23a6a6e4
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
7b3575882921b9234e47fb4d04e99cb05c4aab67a4f4f32cf06241d78b756dc4
7c51c2b93b35766af6d426d2045cd059880f5655821845a7a839be43a0eb7ce6
84440692afe812d872ea96075efd5b9b758746fca2cc1fc1fe6d2c64ec2728b4
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
9f50f55bd93d4f12f268d70de0afda919737aea3c4bd33baf4d4e675b67e7068
a123558bd21e390aae081f5f76d1dfd10fdb479d3941f3fc8114ea6a6e889955
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
ac578c7acd8ddfd77f4787777fe164bf631f5e24d4fc5b9c80513349f3dc1f41
ae305c49d2cb8e8132a41adecb1aa159ef31a364eac1041f4dc95ecc4e6ed7a7
aeacdc8495ead75ebff3d67a2afad327fc5e6da5c1f9ad1ff4ce269903dd1731
bbffae0d03e6d48b808856596e595ab718c08bbc4476e7323bfcff4a6f833260
c8a783d6122d80aa409cc048535113cb4d7e7d7533d4b093f8d932e5d1cc7b76
cbed2d00f366c6c3853a08f4fd121be70fc1800ce80cf65c41235060bcd04ebe
ce11dfd8058f3b15799c87709a3dea0c9ed5e61f69dbcfedb453c91bc1cdf662
ddb1bc03f195979f005f6ff535d8b9258623350511fa33c4d394e7dd07dacf3d
e051d6a5d14e4297d875ccc104646c83cd369ef40dbc5a482044e6e11b9ad5df
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e470c0237e8f58ec800a6ac891bbe37a66b9979f894caf1a9526ec7691cb82fd
e61d390f099975f216fb9ede2e92b686059866d28ee58cb317ce59542c1ba1e5
e73c1bca8181696ace362f181c9339ae935aec670efbf7bbbee3d1dbaf7bee10
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f23d6ccedc83846199f4fe8dda63224374ac30145b10bd44b5fd9140a1871ab0
f75e846cc83bd11432f4b1e21a45f31bc85283d11d372f7b19accd1bf6a2635c

w1.buysub.com Open in urlscan Pro 198.176.166.187 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

50 Requests

80 %HTTPS

61 %IPv6

20 Domains

24 Subdomains

20 IPs

3 Countries

955 kBTransfer

1620 kBSize

24 Cookies

8 Outgoing links

Page URL History

Redirected requests

50 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

w1.buysub.com Open in urlscan Pro
198.176.166.187 Public Scan

Screenshot
Live screenshot

Full Image

50
Requests

80 %
HTTPS

61 %
IPv6

20
Domains

24
Subdomains

20
IPs

3
Countries

955 kB
Transfer

1620 kB
Size

24
Cookies

50 HTTP transactions
0 data transactions