www.marchofdimes.org Open in urlscan Pro
2606:4700:10::6816:4345 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.marchofdimes.org/donate-now?srcCode=GCLGENEM2301CNT00130001&utm_medium=email&utm_source=mandr&utm_cam...
Submission: On January 31 via api (January 31st 2023, 3:12:41 pm UTC) from US — Scanned from DE

Summary HTTP 293 Redirects Links 10 Behaviour Indicators

Summary

This website contacted 90 IPs in 11 countries across 73 domains to perform 293 HTTP transactions. The main IP is 2606:4700:10::6816:4345, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.marchofdimes.org. The Cisco Umbrella rank of the primary domain is 456197.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on May 15th 2022. Valid for: a year.

This is the only time www.marchofdimes.org was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
40	2606:4700:10:... 2606:4700:10::6816:4345	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:80e::200a	15169 (GOOGLE) (GOOGLE)
2	2606:4700::68... 2606:4700::6810:3965	13335 (CLOUDFLAR...) (CLOUDFLARENET)
6	2606:4700::68... 2606:4700::6810:9540	13335 (CLOUDFLAR...) (CLOUDFLARENET)
11	2a00:1450:400... 2a00:1450:4001:808::2008	15169 (GOOGLE) (GOOGLE)
8	2001:4860:480... 2001:4860:4802:38::178	15169 (GOOGLE) (GOOGLE)
4	151.101.1.44 151.101.1.44	54113 (FASTLY) (FASTLY)
12	2620:1ec:c11:... 2620:1ec:c11::200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2 4	142.251.208.134 142.251.208.134	15169 (GOOGLE) (GOOGLE)
8	2620:116:800d... 2620:116:800d:21:c5a4:625:6563:a5bb	16509 (AMAZON-02) (AMAZON-02)
8	2a03:2880:f08... 2a03:2880:f083:100:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
2	104.18.13.242 104.18.13.242	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4 8	172.217.19.102 172.217.19.102	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:400d:808::200e	15169 (GOOGLE) (GOOGLE)
2	99.86.4.118 99.86.4.118	16509 (AMAZON-02) (AMAZON-02)
2	2001:4860:480... 2001:4860:4802:32::36	15169 (GOOGLE) (GOOGLE)
2	23.96.109.67 23.96.109.67	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
4	2a00:1450:400... 2a00:1450:4001:80b::2002	15169 (GOOGLE) (GOOGLE)
2	34.193.14.46 34.193.14.46	14618 (AMAZON-AES) (AMAZON-AES)
2	2a02:2638:1::d 2a02:2638:1::d	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
2 2	54.87.147.157 54.87.147.157	14618 (AMAZON-AES) (AMAZON-AES)
3	2a00:1450:400... 2a00:1450:4001:829::2002	15169 (GOOGLE) (GOOGLE)
4	2600:9000:223... 2600:9000:223c:cc00:6:44e3:f8c0:93a1	16509 (AMAZON-02) (AMAZON-02)
2	2a00:1450:400... 2a00:1450:4001:82b::2002	15169 (GOOGLE) (GOOGLE)
2	142.250.180.226 142.250.180.226	15169 (GOOGLE) (GOOGLE)
2	95.101.179.119 95.101.179.119	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2606:4700::68... 2606:4700::6812:bcf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
7	2a00:1450:400... 2a00:1450:400d:80d::2004	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:400d:808::2003	15169 (GOOGLE) (GOOGLE)
2	154.59.122.94 154.59.122.94	174 (COGENT-174) (COGENT-174)
8 10	2a02:2638:1::13 2a02:2638:1::13	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
8	2a03:2880:f17... 2a03:2880:f176:181:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
2	178.250.2.146 178.250.2.146	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
2 2	37.252.173.215 37.252.173.215	29990 (ASN-APPNEX) (ASN-APPNEX)
5	154.59.122.79 154.59.122.79	174 (COGENT-174) (COGENT-174)
1	80.77.87.166 80.77.87.166	46636 (NATCOWEB) (NATCOWEB)
1 3	185.64.189.110 185.64.189.110	62713 (AS-PUBMATIC) (AS-PUBMATIC)
1 2	185.80.39.216 185.80.39.216	27381 (CASALE-MEDIA) (CASALE-MEDIA)
2 5	3.126.56.137 3.126.56.137	16509 (AMAZON-02) (AMAZON-02)
3 5	3.67.29.124 3.67.29.124	16509 (AMAZON-02) (AMAZON-02)
1	69.166.1.12 69.166.1.12	27630 (AS-XFERNET) (AS-XFERNET)
1 1	2.17.245.187 2.17.245.187	16625 (AKAMAI-AS) (AKAMAI-AS)
2 2	2600:1901:0:8... 2600:1901:0:8eee::	15169 (GOOGLE) (GOOGLE)
1	54.230.112.81 54.230.112.81	16509 (AMAZON-02) (AMAZON-02)
2 2	35.227.248.159 35.227.248.159	15169 (GOOGLE) (GOOGLE)
2 4	52.31.164.85 52.31.164.85	16509 (AMAZON-02) (AMAZON-02)
2 2	178.250.0.163 178.250.0.163	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
2	74.119.119.150 74.119.119.150	19750 (AS-CRITEO) (AS-CRITEO)
6	2a00:1450:400... 2a00:1450:4001:82b::200a	15169 (GOOGLE) (GOOGLE)
2	65.9.66.114 65.9.66.114	16509 (AMAZON-02) (AMAZON-02)
3	54.239.28.235 54.239.28.235	16509 (AMAZON-02) (AMAZON-02)
4	2a00:1450:400... 2a00:1450:400d:805::2003	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400c:c06::9d	15169 (GOOGLE) (GOOGLE)
4	76.223.13.31 76.223.13.31	16509 (AMAZON-02) (AMAZON-02)
2	2600:9000:21c... 2600:9000:21c7:e400:14:6bfc:5740:93a1	16509 (AMAZON-02) (AMAZON-02)
1	172.67.23.169 172.67.23.169	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a04:4e42:600... 2a04:4e42:600::393	54113 (FASTLY) (FASTLY)
4	141.226.228.48 141.226.228.48	200478 (TABOOLA-AS) (TABOOLA-AS)
2 2	142.250.181.226 142.250.181.226	15169 (GOOGLE) (GOOGLE)
4	178.250.2.151 178.250.2.151	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
2 2	37.252.171.21 37.252.171.21	29990 (ASN-APPNEX) (ASN-APPNEX)
1 3	52.58.241.65 52.58.241.65	16509 (AMAZON-02) (AMAZON-02)
2	2.17.244.21 2.17.244.21	16625 (AKAMAI-AS) (AKAMAI-AS)
2	64.202.112.95 64.202.112.95	23352 (SERVERCEN...) (SERVERCENTRAL)
2	69.173.144.165 69.173.144.165	26667 (RUBICONPR...) (RUBICONPROJECT)
3	52.28.76.139 52.28.76.139	16509 (AMAZON-02) (AMAZON-02)
2	185.86.137.132 185.86.137.132	201081 (SMARTADSE...) (SMARTADSERVER)
2	23.35.209.30 23.35.209.30	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
3	13.248.245.213 13.248.245.213	16509 (AMAZON-02) (AMAZON-02)
2	37.157.2.234 37.157.2.234	198622 (ADFORM) (ADFORM)
2	185.255.84.153 185.255.84.153	200271 (IGUANE-) (IGUANE-)
2	172.64.154.237 172.64.154.237	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	162.19.138.119 162.19.138.119	16276 (OVH) (OVH)
2	34.117.157.22 34.117.157.22	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2	18.198.153.70 18.198.153.70	16509 (AMAZON-02) (AMAZON-02)
2	2600:1f18:612... 2600:1f18:612b:4280:5c4b:c2e1:7939:6359	14618 (AMAZON-AES) (AMAZON-AES)
2	85.215.5.31 85.215.5.31	6786 (CRONON-BE...) (CRONON-BERLIN-AS)
2	23.44.72.208 23.44.72.208	16625 (AKAMAI-AS) (AKAMAI-AS)
2	54.194.205.164 54.194.205.164	16509 (AMAZON-02) (AMAZON-02)
2	3.71.169.66 3.71.169.66	16509 (AMAZON-02) (AMAZON-02)
1	34.254.104.103 34.254.104.103	16509 (AMAZON-02) (AMAZON-02)
1	54.78.254.47 54.78.254.47	16509 (AMAZON-02) (AMAZON-02)
1	18.185.191.100 18.185.191.100	16509 (AMAZON-02) (AMAZON-02)
1	52.223.40.198 52.223.40.198	16509 (AMAZON-02) (AMAZON-02)
2	2a00:1450:400... 2a00:1450:4001:829::2003	15169 (GOOGLE) (GOOGLE)
2	52.218.183.64 52.218.183.64	16509 (AMAZON-02) (AMAZON-02)
2	54.195.73.77 54.195.73.77	16509 (AMAZON-02) (AMAZON-02)
2	2a00:1450:400... 2a00:1450:4001:82a::2003	15169 (GOOGLE) (GOOGLE)
2	52.46.135.222 52.46.135.222	16509 (AMAZON-02) (AMAZON-02)
2	18.116.2.22 18.116.2.22	16509 (AMAZON-02) (AMAZON-02)
12	18.195.154.142 18.195.154.142	16509 (AMAZON-02) (AMAZON-02)
5	151.101.65.35 151.101.65.35	54113 (FASTLY) (FASTLY)
1 1	13.32.110.94 13.32.110.94	16509 (AMAZON-02) (AMAZON-02)
1	54.148.115.137 54.148.115.137	16509 (AMAZON-02) (AMAZON-02)
1	44.225.161.93 44.225.161.93	16509 (AMAZON-02) (AMAZON-02)
1 2	64.4.245.84 64.4.245.84	17012 (PAYPAL) (PAYPAL)
1	2600:9000:220... 2600:9000:2204:6a00:14:4f74:f880:21	16509 (AMAZON-02) (AMAZON-02)
1	2606:2800:233... 2606:2800:233:ce53:4396:b914:64c2:638e	15133 (EDGECAST) (EDGECAST)
293	90

40 2606:4700:10::6816:4345 (United States)

ASN13335 (CLOUDFLARENET, US)

www.marchofdimes.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
give.marchofdimes.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80e::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6810:3965 (United States)

ASN13335 (CLOUDFLARENET, US)

static.cloudflareinsights.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2606:4700::6810:9540 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.cookielaw.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2a00:1450:4001:808::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2001:4860:4802:38::178 (United States)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 151.101.1.44 (United States)

ASN54113 (FASTLY, US)

cdn.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
trc.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2620:1ec:c11::200 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 142.251.208.134 (United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: bud02s42-in-f6.1e100.net

8832015.fls.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2620:116:800d:21:c5a4:625:6563:a5bb (United States)

ASN16509 (AMAZON-02, US)

secure.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixel.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a03:2880:f083:100:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.18.13.242 (None, )

ASN13335 (CLOUDFLARENET, US)

cdn.resonate.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 172.217.19.102 (United States) 4 redirects

ASN15169 (GOOGLE, US)
PTR: muc03s07-in-f102.1e100.net

ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400d:808::200e (Ireland)

ASN15169 (GOOGLE, US)

www.googleoptimize.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 99.86.4.118 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-86-4-118.fra6.r.cloudfront.net

js.braintreegateway.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2001:4860:4802:32::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.96.109.67 (Tappahannock, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

doublethedonation.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:80b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.193.14.46 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-193-14-46.compute-1.amazonaws.com

px.adentifi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:2638:1::d (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

dynamic.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.87.147.157 (Ashburn, United States) 2 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-87-147-157.compute-1.amazonaws.com

bm.adentifi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:829::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2600:9000:223c:cc00:6:44e3:f8c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

rules.quantcount.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.180.226 (United States)

ASN15169 (GOOGLE, US)
PTR: bud02s34-in-f2.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 95.101.179.119 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a95-101-179-119.deploy.static.akamaitechnologies.com

origin.acuityplatform.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:bcf (United States)

ASN13335 (CLOUDFLARENET, US)

maxcdn.bootstrapcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:400d:80d::2004 (Ireland)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:400d:808::2003 (Ireland)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 154.59.122.94 (United States)

ASN174 (COGENT-174, US)

e.acuityplatform.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a02:2638:1::13 (France) 8 redirects

ASN44788 (ASN-CRITEO-EUROPE, FR)

gum.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a03:2880:f176:181:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 178.250.2.146 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

mug.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 37.252.173.215 (Frankfurt am Main, Germany) 2 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 867.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 154.59.122.79 (United States)

ASN174 (COGENT-174, US)

ums.acuityplatform.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 80.77.87.166 (Clifton, United States)

ASN46636 (NATCOWEB, US)

cs.admanmedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 185.64.189.110 (United Kingdom) 1 redirects

ASN62713 (AS-PUBMATIC, US)

image2.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
simage2.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.80.39.216 (Canada) 1 redirects

ASN27381 (CASALE-MEDIA, CA)

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 3.126.56.137 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-126-56-137.eu-central-1.compute.amazonaws.com

pixel.advertising.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 3.67.29.124 (Frankfurt am Main, Germany) 3 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-67-29-124.eu-central-1.compute.amazonaws.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.166.1.12 (United States)

ASN27630 (AS-XFERNET, US)

sync.go.sonobi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2.17.245.187 (Vienna, Austria) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a2-17-245-187.deploy.static.akamaitechnologies.com

tags.bluekai.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:1901:0:8eee:: (Kansas City, United States) 2 redirects

ASN15169 (GOOGLE, US)

fei.pro-market.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.230.112.81 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-54-230-112-81.mrs52.r.cloudfront.net

sync.intentiq.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.227.248.159 (Kansas City, United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: 159.248.227.35.bc.googleusercontent.com

pixel.tapad.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 52.31.164.85 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-31-164-85.eu-west-1.compute.amazonaws.com

dpm.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 178.250.0.163 (France) 2 redirects

ASN44788 (ASN-CRITEO-EUROPE, FR)

sslwidget.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 74.119.119.150 (United States)

ASN19750 (AS-CRITEO, US)

widget.us.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:82b::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

maps.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 65.9.66.114 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-65-9-66-114.fra56.r.cloudfront.net

static-na.payments-amazon.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 54.239.28.235 (Ashburn, United States)

ASN16509 (AMAZON-02, US)

payments.amazon.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:400d:805::2003 (Ireland)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c06::9d (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 76.223.13.31 (United States)

ASN16509 (AMAZON-02, US)
PTR: ae1d37305401c759d.awsglobalaccelerator.com

payments.braintree-api.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:21c7:e400:14:6bfc:5740:93a1 (United States)

ASN16509 (AMAZON-02, US)

cdn.ywxi.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.67.23.169 (United States)

ASN13335 (CLOUDFLARENET, US)

widgets.guidestar.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42:600::393 (United States)

ASN54113 (FASTLY, US)

res.cloudinary.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 141.226.228.48 (Netherlands)

ASN200478 (TABOOLA-AS, IL)

trc-events.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
sync-t1.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.181.226 (United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s56-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 178.250.2.151 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

dis.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 37.252.171.21 (Frankfurt am Main, Germany) 2 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 52.58.241.65 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-58-241-65.eu-central-1.compute.amazonaws.com

ad.360yield.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2.17.244.21 (Vienna, Austria)

ASN16625 (AKAMAI-AS, US)
PTR: a2-17-244-21.deploy.static.akamaitechnologies.com

contextual.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 64.202.112.95 (United States)

ASN23352 (SERVERCENTRAL, US)
PTR: ny.outbrain.com

sync.outbrain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 69.173.144.165 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 52.28.76.139 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-28-76-139.eu-central-1.compute.amazonaws.com

match.sharethrough.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.86.137.132 (France)

ASN201081 (SMARTADSERVER, FR)

rtb-csync.smartadserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.35.209.30 (Vienna, Austria)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-35-209-30.deploy.static.akamaitechnologies.com

criteo-sync.teads.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 13.248.245.213 (United States)

ASN16509 (AMAZON-02, US)
PTR: a0f671730127a0812.awsglobalaccelerator.com

eb2.3lift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 37.157.2.234 (Denmark)

ASN198622 (ADFORM, DK)

cm.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.255.84.153 (France)

ASN200271 (IGUANE-, FR)

visitor.omnitagjs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.64.154.237 (United States)

ASN13335 (CLOUDFLARENET, US)

r.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 162.19.138.119 (France)

ASN16276 (OVH, FR)
PTR: ns31533570.ip-162-19-138.eu

id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.117.157.22 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 22.157.117.34.bc.googleusercontent.com

matching.ivitrack.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.198.153.70 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-198-153-70.eu-central-1.compute.amazonaws.com

exchange.mediavine.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:1f18:612b:4280:5c4b:c2e1:7939:6359 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

criteo-partners.tremorhub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 85.215.5.31 (Berlin, Germany)

ASN6786 (CRONON-BERLIN-AS, DE)

a.twiago.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.44.72.208 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-44-72-208.deploy.static.akamaitechnologies.com

ad.yieldlab.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.194.205.164 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-194-205-164.eu-west-1.compute.amazonaws.com

sync-criteo.ads.yieldmo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.71.169.66 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-71-169-66.eu-central-1.compute.amazonaws.com

e1.emxdgt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.254.104.103 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-254-104-103.eu-west-1.compute.amazonaws.com

sync.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.78.254.47 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-78-254-47.eu-west-1.compute.amazonaws.com

loadm.exelator.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.185.191.100 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-185-191-100.eu-central-1.compute.amazonaws.com

aa.agkn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.223.40.198 (United States)

ASN16509 (AMAZON-02, US)
PTR: a6370ebea231e0c9a.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:829::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.218.183.64 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: s3-us-west-2.amazonaws.com

s3-us-west-2.amazonaws.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.195.73.77 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-195-73-77.eu-west-1.compute.amazonaws.com

beacon.krxd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82a::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

maps.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.46.135.222 (Ashburn, United States)

ASN16509 (AMAZON-02, US)

apay-us.amazon.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.116.2.22 (Columbus, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-116-2-22.us-east-2.compute.amazonaws.com

s.thebrighttag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 18.195.154.142 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-195-154-142.eu-central-1.compute.amazonaws.com

client-analytics.braintreegateway.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 151.101.65.35 (United States)

ASN54113 (FASTLY, US)

c.paypal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.32.110.94 (United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: server-13-32-110-94.vie50.r.cloudfront.net

assets.braintreegateway.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.148.115.137 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-148-115-137.us-west-2.compute.amazonaws.com

ssl.kaptcha.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 44.225.161.93 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-44-225-161-93.us-west-2.compute.amazonaws.com

www.trustedsite.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 64.4.245.84 (United States) 1 redirects

ASN17012 (PAYPAL, US)

b.stats.paypal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
dub.stats.paypal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2204:6a00:14:4f74:f880:21 (United States)

ASN16509 (AMAZON-02, US)

d2ldlvi1yef00y.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:2800:233:ce53:4396:b914:64c2:638e (United States)

ASN15133 (EDGECAST, US)

c6.paypal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
40	marchofdimes.org www.marchofdimes.org — Cisco Umbrella Rank: 456197 give.marchofdimes.org — Cisco Umbrella Rank: 701159	1 MB
22	criteo.com 10 redirects dynamic.criteo.com — Cisco Umbrella Rank: 3800 gum.criteo.com — Cisco Umbrella Rank: 388 mug.criteo.com — Cisco Umbrella Rank: 2753 sslwidget.criteo.com — Cisco Umbrella Rank: 1763 widget.us.criteo.com — Cisco Umbrella Rank: 18451 dis.criteo.com — Cisco Umbrella Rank: 696	57 KB
21	doubleclick.net 8 redirects 8832015.fls.doubleclick.net — Cisco Umbrella Rank: 693149 ad.doubleclick.net — Cisco Umbrella Rank: 184 googleads.g.doubleclick.net — Cisco Umbrella Rank: 29 googleads4.g.doubleclick.net — Cisco Umbrella Rank: 325 stats.g.doubleclick.net — Cisco Umbrella Rank: 78 cm.g.doubleclick.net — Cisco Umbrella Rank: 211	36 KB
15	braintreegateway.com 1 redirects js.braintreegateway.com — Cisco Umbrella Rank: 7624 client-analytics.braintreegateway.com — Cisco Umbrella Rank: 8525 assets.braintreegateway.com — Cisco Umbrella Rank: 17113	18 KB
12	bing.com bat.bing.com — Cisco Umbrella Rank: 351	47 KB
11	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 40	690 KB
10	google.com adservice.google.com — Cisco Umbrella Rank: 70 www.google.com — Cisco Umbrella Rank: 2	24 KB
10	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 21 region1.google-analytics.com — Cisco Umbrella Rank: 2456	106 KB
9	acuityplatform.com origin.acuityplatform.com — Cisco Umbrella Rank: 15255 e.acuityplatform.com — Cisco Umbrella Rank: 16174 ums.acuityplatform.com — Cisco Umbrella Rank: 1170	12 KB
8	paypal.com 1 redirects c.paypal.com — Cisco Umbrella Rank: 5826 b.stats.paypal.com — Cisco Umbrella Rank: 5130 dub.stats.paypal.com — Cisco Umbrella Rank: 23307 c6.paypal.com — Cisco Umbrella Rank: 6726	44 KB
8	gstatic.com www.gstatic.com fonts.gstatic.com maps.gstatic.com	386 KB
8	facebook.com www.facebook.com — Cisco Umbrella Rank: 107	309 B
8	facebook.net connect.facebook.net — Cisco Umbrella Rank: 146	543 KB
8	quantserve.com secure.quantserve.com — Cisco Umbrella Rank: 979 pixel.quantserve.com — Cisco Umbrella Rank: 676	41 KB
8	taboola.com cdn.taboola.com — Cisco Umbrella Rank: 886 trc.taboola.com — Cisco Umbrella Rank: 639 trc-events.taboola.com — Cisco Umbrella Rank: 1293 sync-t1.taboola.com — Cisco Umbrella Rank: 1244	40 KB
7	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 34 maps.googleapis.com — Cisco Umbrella Rank: 361	235 KB
6	cookielaw.org cdn.cookielaw.org — Cisco Umbrella Rank: 385	136 KB
5	amazon.com payments.amazon.com — Cisco Umbrella Rank: 10432 apay-us.amazon.com — Cisco Umbrella Rank: 22810	3 KB
5	bidswitch.net 3 redirects x.bidswitch.net — Cisco Umbrella Rank: 281	1 KB
4	braintree-api.com payments.braintree-api.com — Cisco Umbrella Rank: 9500	2 KB
4	demdex.net 2 redirects dpm.demdex.net — Cisco Umbrella Rank: 197	4 KB
4	yahoo.com 1 redirects ups.analytics.yahoo.com — Cisco Umbrella Rank: 274	1 KB
4	casalemedia.com 1 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 524 r.casalemedia.com — Cisco Umbrella Rank: 1367	3 KB
4	adnxs.com 4 redirects secure.adnxs.com — Cisco Umbrella Rank: 409 ib.adnxs.com — Cisco Umbrella Rank: 203	4 KB
4	google.de www.google.de — Cisco Umbrella Rank: 5986	779 B
4	quantcount.com rules.quantcount.com — Cisco Umbrella Rank: 904	5 KB
4	adentifi.com 2 redirects px.adentifi.com — Cisco Umbrella Rank: 10240 bm.adentifi.com — Cisco Umbrella Rank: 25693	2 KB
3	3lift.com eb2.3lift.com — Cisco Umbrella Rank: 329	418 B
3	sharethrough.com match.sharethrough.com — Cisco Umbrella Rank: 502	103 B
3	360yield.com 1 redirects ad.360yield.com — Cisco Umbrella Rank: 650	1 KB
3	pubmatic.com 1 redirects image2.pubmatic.com — Cisco Umbrella Rank: 872 simage2.pubmatic.com — Cisco Umbrella Rank: 665	1 KB
2	thebrighttag.com s.thebrighttag.com — Cisco Umbrella Rank: 1695	535 B
2	krxd.net beacon.krxd.net — Cisco Umbrella Rank: 581	675 B
2	amazonaws.com s3-us-west-2.amazonaws.com	2 KB
2	emxdgt.com e1.emxdgt.com — Cisco Umbrella Rank: 792	77 B
2	yieldmo.com sync-criteo.ads.yieldmo.com — Cisco Umbrella Rank: 1892	257 B
2	yieldlab.net ad.yieldlab.net — Cisco Umbrella Rank: 4045	1 KB
2	twiago.com a.twiago.com — Cisco Umbrella Rank: 27063	306 B
2	tremorhub.com criteo-partners.tremorhub.com — Cisco Umbrella Rank: 2174	365 B
2	mediavine.com exchange.mediavine.com — Cisco Umbrella Rank: 1242	2 KB
2	ivitrack.com matching.ivitrack.com — Cisco Umbrella Rank: 2467	377 B
2	id5-sync.com id5-sync.com — Cisco Umbrella Rank: 389	2 KB
2	omnitagjs.com visitor.omnitagjs.com — Cisco Umbrella Rank: 756	329 B
2	adform.net cm.adform.net — Cisco Umbrella Rank: 1400	323 B
2	teads.tv criteo-sync.teads.tv — Cisco Umbrella Rank: 1844	344 B
2	smartadserver.com rtb-csync.smartadserver.com — Cisco Umbrella Rank: 560	326 B
2	rubiconproject.com pixel.rubiconproject.com — Cisco Umbrella Rank: 308	478 B
2	outbrain.com sync.outbrain.com — Cisco Umbrella Rank: 720
2	media.net contextual.media.net — Cisco Umbrella Rank: 563	2 KB
2	ywxi.net cdn.ywxi.net — Cisco Umbrella Rank: 10327	14 KB
2	payments-amazon.com static-na.payments-amazon.com — Cisco Umbrella Rank: 14390	115 KB
2	tapad.com 2 redirects pixel.tapad.com — Cisco Umbrella Rank: 412	1 KB
2	pro-market.net 2 redirects fei.pro-market.net — Cisco Umbrella Rank: 2143	818 B
2	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 104	6 KB
2	doublethedonation.com doublethedonation.com — Cisco Umbrella Rank: 65242	112 KB
2	googleoptimize.com www.googleoptimize.com — Cisco Umbrella Rank: 925	91 KB
2	resonate.com cdn.resonate.com — Cisco Umbrella Rank: 7154	151 B
2	cloudflareinsights.com static.cloudflareinsights.com — Cisco Umbrella Rank: 958	12 KB
1	cloudfront.net d2ldlvi1yef00y.cloudfront.net	4 KB
1	trustedsite.com www.trustedsite.com — Cisco Umbrella Rank: 16312	954 B
1	kaptcha.com ssl.kaptcha.com — Cisco Umbrella Rank: 8459	366 B
1	adsrvr.org match.adsrvr.org — Cisco Umbrella Rank: 304	265 B
1	agkn.com aa.agkn.com — Cisco Umbrella Rank: 457	504 B
1	exelator.com loadm.exelator.com — Cisco Umbrella Rank: 1446	324 B
1	crwdcntrl.net sync.crwdcntrl.net — Cisco Umbrella Rank: 757	266 B
1	cloudinary.com res.cloudinary.com — Cisco Umbrella Rank: 2171	29 KB
1	guidestar.org widgets.guidestar.org — Cisco Umbrella Rank: 31171	4 KB
1	intentiq.com sync.intentiq.com — Cisco Umbrella Rank: 1246
1	bluekai.com 1 redirects tags.bluekai.com — Cisco Umbrella Rank: 545	494 B
1	sonobi.com sync.go.sonobi.com — Cisco Umbrella Rank: 813	535 B
1	advertising.com 1 redirects pixel.advertising.com — Cisco Umbrella Rank: 1415	307 B
1	admanmedia.com cs.admanmedia.com — Cisco Umbrella Rank: 917	199 B
1	bootstrapcdn.com maxcdn.bootstrapcdn.com — Cisco Umbrella Rank: 742	5 KB
293	73

	Domain	Requested by
23	give.marchofdimes.org	www.marchofdimes.org give.marchofdimes.org static.cloudflareinsights.com
17	www.marchofdimes.org	www.marchofdimes.org static.cloudflareinsights.com
12	client-analytics.braintreegateway.com	give.marchofdimes.org
12	bat.bing.com	www.googletagmanager.com bat.bing.com 8832015.fls.doubleclick.net
11	www.googletagmanager.com	www.marchofdimes.org www.googletagmanager.com give.marchofdimes.org
10	gum.criteo.com	8 redirects dynamic.criteo.com
8	www.facebook.com	8832015.fls.doubleclick.net
8	ad.doubleclick.net	4 redirects www.marchofdimes.org
8	connect.facebook.net	www.marchofdimes.org connect.facebook.net 8832015.fls.doubleclick.net
8	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
7	www.google.com	give.marchofdimes.org www.gstatic.com www.google.com
6	maps.googleapis.com	www.marchofdimes.org maps.googleapis.com
6	cdn.cookielaw.org	www.marchofdimes.org cdn.cookielaw.org
5	c.paypal.com	give.marchofdimes.org c.paypal.com
5	x.bidswitch.net	3 redirects www.marchofdimes.org
5	ums.acuityplatform.com	8832015.fls.doubleclick.net
4	dis.criteo.com
4	payments.braintree-api.com	give.marchofdimes.org
4	www.gstatic.com	www.google.com www.gstatic.com
4	dpm.demdex.net	2 redirects
4	ups.analytics.yahoo.com	1 redirects 8832015.fls.doubleclick.net
4	www.google.de
4	pixel.quantserve.com	8832015.fls.doubleclick.net
4	rules.quantcount.com	secure.quantserve.com
4	googleads.g.doubleclick.net	www.googletagmanager.com
4	secure.quantserve.com	www.googletagmanager.com 8832015.fls.doubleclick.net
4	8832015.fls.doubleclick.net	2 redirects www.googletagmanager.com
3	eb2.3lift.com	8832015.fls.doubleclick.net www.marchofdimes.org
3	match.sharethrough.com	8832015.fls.doubleclick.net
3	ad.360yield.com	1 redirects www.marchofdimes.org
3	payments.amazon.com	static-na.payments-amazon.com
3	adservice.google.com	8832015.fls.doubleclick.net
2	s.thebrighttag.com
2	apay-us.amazon.com	static-na.payments-amazon.com
2	maps.gstatic.com
2	beacon.krxd.net
2	s3-us-west-2.amazonaws.com	cdn.ywxi.net
2	fonts.gstatic.com	www.google.com
2	e1.emxdgt.com
2	sync-criteo.ads.yieldmo.com	www.marchofdimes.org
2	ad.yieldlab.net	www.marchofdimes.org
2	a.twiago.com	www.marchofdimes.org
2	criteo-partners.tremorhub.com	www.marchofdimes.org
2	simage2.pubmatic.com	www.marchofdimes.org
2	exchange.mediavine.com
2	matching.ivitrack.com	www.marchofdimes.org
2	id5-sync.com	www.marchofdimes.org
2	r.casalemedia.com	www.marchofdimes.org
2	visitor.omnitagjs.com	www.marchofdimes.org
2	cm.adform.net	www.marchofdimes.org
2	criteo-sync.teads.tv	www.marchofdimes.org
2	sync-t1.taboola.com	www.marchofdimes.org
2	rtb-csync.smartadserver.com	www.marchofdimes.org
2	pixel.rubiconproject.com
2	sync.outbrain.com	www.marchofdimes.org
2	contextual.media.net	www.marchofdimes.org
2	ib.adnxs.com	2 redirects
2	cm.g.doubleclick.net	2 redirects
2	trc-events.taboola.com	cdn.taboola.com
2	cdn.ywxi.net	give.marchofdimes.org
2	static-na.payments-amazon.com	give.marchofdimes.org static-na.payments-amazon.com
2	widget.us.criteo.com	8832015.fls.doubleclick.net
2	sslwidget.criteo.com	2 redirects
2	pixel.tapad.com	2 redirects
2	fei.pro-market.net	2 redirects
2	dsum-sec.casalemedia.com	1 redirects 8832015.fls.doubleclick.net
2	secure.adnxs.com	2 redirects
2	mug.criteo.com	8832015.fls.doubleclick.net
2	e.acuityplatform.com	origin.acuityplatform.com
2	origin.acuityplatform.com	8832015.fls.doubleclick.net
2	googleads4.g.doubleclick.net	ad.doubleclick.net
2	pagead2.googlesyndication.com	ad.doubleclick.net
2	bm.adentifi.com	2 redirects
2	dynamic.criteo.com	8832015.fls.doubleclick.net
2	px.adentifi.com	8832015.fls.doubleclick.net
2	trc.taboola.com	cdn.taboola.com
2	doublethedonation.com	give.marchofdimes.org
2	region1.google-analytics.com	www.googletagmanager.com
2	js.braintreegateway.com	give.marchofdimes.org
2	www.googleoptimize.com	www.googletagmanager.com
2	cdn.resonate.com	www.marchofdimes.org
2	cdn.taboola.com	www.googletagmanager.com
2	static.cloudflareinsights.com	www.marchofdimes.org give.marchofdimes.org
1	c6.paypal.com
1	d2ldlvi1yef00y.cloudfront.net
1	dub.stats.paypal.com
1	b.stats.paypal.com	1 redirects
1	www.trustedsite.com	cdn.ywxi.net
1	ssl.kaptcha.com	give.marchofdimes.org
1	assets.braintreegateway.com	1 redirects
1	match.adsrvr.org	8832015.fls.doubleclick.net
1	aa.agkn.com	8832015.fls.doubleclick.net
1	loadm.exelator.com	8832015.fls.doubleclick.net
1	sync.crwdcntrl.net	8832015.fls.doubleclick.net
1	res.cloudinary.com
1	widgets.guidestar.org
1	stats.g.doubleclick.net	www.google-analytics.com
1	sync.intentiq.com	8832015.fls.doubleclick.net
1	tags.bluekai.com	1 redirects
1	sync.go.sonobi.com	8832015.fls.doubleclick.net
1	pixel.advertising.com	1 redirects
1	image2.pubmatic.com	1 redirects
1	cs.admanmedia.com	8832015.fls.doubleclick.net
1	maxcdn.bootstrapcdn.com	give.marchofdimes.org
1	fonts.googleapis.com	www.marchofdimes.org
293	105

This site contains links to these domains. Also see Links.

Domain
gifts.marchofdimes.org
nacersano.marchofdimes.org
bit.ly
www.tiktok.com
youtube.com
cookiepedia.co.uk
onetrust.com

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-05-15` - `2023-05-15`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2023-01-09` - `2023-04-03`	3 months	crt.sh
cookielaw.org Cloudflare Inc ECC CA-3	`2022-05-01` - `2023-05-01`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-01-09` - `2023-04-03`	3 months	crt.sh
*.taboola.com DigiCert TLS RSA SHA256 2020 CA1	`2022-12-08` - `2023-12-31`	a year	crt.sh
www.bing.com Microsoft RSA TLS CA 02	`2022-11-25` - `2023-05-25`	6 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2023-01-09` - `2023-04-03`	3 months	crt.sh
*.quantserve.com DigiCert TLS RSA SHA256 2020 CA1	`2022-08-09` - `2023-09-09`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2022-11-09` - `2023-02-07`	3 months	crt.sh
checkout.paypal.com DigiCert SHA2 Extended Validation Server CA	`2022-07-28` - `2023-08-28`	a year	crt.sh
doublethedonation.com Sectigo ECC Domain Validation Secure Server CA	`2022-06-03` - `2023-07-04`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-01-09` - `2023-04-03`	3 months	crt.sh
adentifi.com Amazon	`2022-08-05` - `2023-09-03`	a year	crt.sh
*.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2023-01-04` - `2023-03-31`	3 months	crt.sh
*.google.com GTS CA 1C3	`2023-01-09` - `2023-04-03`	3 months	crt.sh
quantserve.com R3	`2023-01-10` - `2023-04-10`	3 months	crt.sh
*.acuityplatform.com DigiCert TLS RSA SHA256 2020 CA1	`2023-01-30` - `2024-02-01`	a year	crt.sh
www.google.com GTS CA 1C3	`2023-01-09` - `2023-04-03`	3 months	crt.sh
www.google.de GTS CA 1C3	`2023-01-09` - `2023-04-03`	3 months	crt.sh
*.admanmedia.com Go Daddy Secure Certificate Authority - G2	`2022-04-21` - `2023-05-23`	a year	crt.sh
static-na.payments-amazon.com Amazon	`2022-06-22` - `2023-07-21`	a year	crt.sh
payments.amazon.com Amazon	`2022-07-12` - `2023-06-13`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2023-01-09` - `2023-04-03`	3 months	crt.sh
payments.braintree-api.com DigiCert SHA2 Extended Validation Server CA	`2022-09-15` - `2023-10-16`	a year	crt.sh
*.ywxi.net Amazon	`2022-07-05` - `2023-08-03`	a year	crt.sh
*.cloudinary.com Go Daddy Secure Certificate Authority - G2	`2022-05-30` - `2023-07-01`	a year	crt.sh
*.bidswitch.net Sectigo RSA Domain Validation Secure Server CA	`2022-04-05` - `2023-05-04`	a year	crt.sh
*.media.net DigiCert SHA2 Secure Server CA	`2022-02-20` - `2023-02-22`	a year	crt.sh
*.outbrain.com Thawte RSA CA 2018	`2022-11-06` - `2023-11-28`	a year	crt.sh
*.rubiconproject.com DigiCert TLS RSA SHA256 2020 CA1	`2022-03-08` - `2023-04-04`	a year	crt.sh
*.sharethrough.com Amazon	`2022-07-14` - `2023-08-12`	a year	crt.sh
*.smartadserver.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2023-01-21` - `2024-01-23`	a year	crt.sh
teads.tv R3	`2023-01-20` - `2023-04-20`	3 months	crt.sh
*.3lift.com Amazon	`2022-05-13` - `2023-06-11`	a year	crt.sh
ups.analytics.yahoo.com DigiCert SHA2 High Assurance Server CA	`2022-09-27` - `2023-03-22`	6 months	crt.sh
*.adform.net DigiCert TLS RSA SHA256 2020 CA1	`2022-05-18` - `2023-06-16`	a year	crt.sh
omnitagjs.com Sectigo RSA Domain Validation Secure Server CA	`2022-06-21` - `2023-07-21`	a year	crt.sh
*.id5-sync.com R3	`2023-01-25` - `2023-04-25`	3 months	crt.sh
itm.ivitrack.com R3	`2022-12-05` - `2023-03-05`	3 months	crt.sh
exchange.mediavine.com Amazon	`2022-07-06` - `2023-08-04`	a year	crt.sh
*.pubmatic.com DigiCert Baltimore TLS RSA SHA256 2020 CA1	`2022-06-13` - `2023-07-14`	a year	crt.sh
*.tremorhub.com Amazon	`2022-03-24` - `2023-04-22`	a year	crt.sh
*.twiago.com Sectigo RSA Domain Validation Secure Server CA	`2022-11-28` - `2023-12-29`	a year	crt.sh
*.yieldlab.net DigiCert TLS RSA SHA256 2020 CA1	`2022-11-16` - `2023-11-15`	a year	crt.sh
*.ads.yieldmo.com Amazon	`2022-06-02` - `2023-07-01`	a year	crt.sh
*.emxdgt.com Go Daddy Secure Certificate Authority - G2	`2022-05-18` - `2023-06-19`	a year	crt.sh
*.crwdcntrl.net Go Daddy Secure Certificate Authority - G2	`2022-05-01` - `2023-06-02`	a year	crt.sh
*.exelator.com DigiCert TLS RSA SHA256 2020 CA1	`2022-06-08` - `2023-06-10`	a year	crt.sh
*.agkn.com RapidSSL Global TLS RSA4096 SHA256 2022 CA1	`2022-09-06` - `2023-09-21`	a year	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2022-03-31` - `2023-05-02`	a year	crt.sh
*.s3-us-west-2.amazonaws.com Amazon	`2022-09-21` - `2023-08-24`	a year	crt.sh
*.360yield.com Amazon	`2022-06-29` - `2023-07-28`	a year	crt.sh
apay-us.amazon.com Amazon	`2022-10-12` - `2023-09-12`	a year	crt.sh
client-analytics.braintreegateway.com DigiCert SHA2 High Assurance Server CA	`2022-03-16` - `2023-04-16`	a year	crt.sh
www.paypal.com DigiCert SHA2 Extended Validation Server CA	`2022-11-10` - `2023-11-10`	a year	crt.sh
ssl.kaptcha.com Sectigo RSA Organization Validation Secure Server CA	`2022-10-18` - `2023-10-18`	a year	crt.sh
*.trustedsite.com Amazon	`2023-01-11` - `2024-02-09`	a year	crt.sh
*.cloudfront.net Amazon RSA 2048 M01	`2022-12-08` - `2023-12-07`	a year	crt.sh

This page contains 12 frames:

Primary Page: https://www.marchofdimes.org/donate-now?srcCode=GCLGENEM2301CNT00130001&utm_medium=email&utm_source=mandr&utm_campaign=2023cultivation&utm_content=em-nat-mandr-2023cultivation-2023-01-30-email-1&mkto=em-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001
Frame ID: 0E942EBD8294DCA6E6804419EEFA707B
Requests: 82 HTTP requests in this frame

Frame: https://give.marchofdimes.org/?srcCode=GCLGENEM2301CNT00130001&utm_medium=email&utm_source=mandr&utm_campaign=2023cultivation&utm_content=em-nat-mandr-2023cultivation-2023-01-30-email-1&mkto=em-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001&DonationFormId=262&urlReferer=https%3A%2F%2Fwww.marchofdimes.org%2Fdonate-now%3FsrcCode%3DGCLGENEM2301CNT00130001%26amp%3Butm_medium%3Demail%26amp%3Butm_source%3Dmandr%26amp%3Butm_campaign%3D2023cultivation%26amp%3Butm_content%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1%26amp%3Bmkto%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001
Frame ID: 3680269FD5E0D750E19E930261B24074
Requests: 95 HTTP requests in this frame

Frame: https://8832015.fls.doubleclick.net/activityi;dc_pre=CLzH_paM8vwCFVEMogMdvu4FDA;src=8832015;type=rt;cat=donforms;ord=2334208738352;gtm=2wg1p0;auiddc=1629772784.1675177954;~oref=https%3A%2F%2Fwww.marchofdimes.org%2Fdonate-now%3FsrcCode%3DGCLGENEM2301CNT00130001%26amp%3Butm_medium%3Demail%26amp%3Butm_source%3Dmandr%26amp%3Butm_campaign%3D2023cultivation%26amp%3Butm_content%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1%26amp%3Bmkto%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001
Frame ID: 449482F4853B0D7910F2CB10BE8C0A61
Requests: 28 HTTP requests in this frame

Frame: https://gum.criteo.com/syncframe?topUrl=www.marchofdimes.org&origin=onetag
Frame ID: 4AD2E037D156675BCE8A0D3B9A745B49
Requests: 2 HTTP requests in this frame

Frame: https://8832015.fls.doubleclick.net/activityi;dc_pre=CIPXx5eM8vwCFZVDGAod_M4FjQ;src=8832015;type=rt;cat=gen;ord=7764937972392;gtm=2wg1p0;auiddc=1629772784.1675177954;~oref=https%3A%2F%2Fgive.marchofdimes.org%2F%3FsrcCode%3DGCLGENEM2301CNT00130001%26utm_medium%3Demail%26utm_source%3Dmandr%26utm_campaign%3D2023cultivation%26utm_content%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1%26mkto%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001%26DonationFormId%3D262%26urlReferer%3Dhttps%253A%252F%252Fwww.marchofdimes.org%252Fdonate-now%253FsrcCode%253DGCLGENEM2301CNT00130001%2526amp%253Butm_medium%253Demail%2526amp%253Butm_source%253Dmandr%2526amp%253Butm_campaign%253D2023cultivation%2526amp%253Butm_content%253Dem-nat-mandr-2023cultivation-2023-01-30-email-1%2526amp%253Bmkto%253Dem-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001
Frame ID: 200F5B7956BA3BBC2E40A64D949E71D2
Requests: 23 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lf_Xq4UAAAAAHd1hKHMAy-iydWdiqmt5E-IKeak&co=aHR0cHM6Ly9naXZlLm1hcmNob2ZkaW1lcy5vcmc6NDQz&hl=de&v=RGRQD9tdxHtnt-Bxkx9pM75S&size=invisible&cb=68pfm5jeaesh
Frame ID: 604DFD40CC5D88CAF5B982343D86DAA5
Requests: 7 HTTP requests in this frame

Frame: https://gum.criteo.com/syncframe?topUrl=www.marchofdimes.org&origin=onetag
Frame ID: 1C493A9EF7202936FD246FAB148830F9
Requests: 2 HTTP requests in this frame

Frame: https://x.bidswitch.net/sync?dsp_id=46&user_id=k-PnO50D65yWbedHfw1ZgpecuiuwXb6ZpZmtUBFA&expires=30
Frame ID: 1D95070625A803BA7CD93AD067FFA5D8
Requests: 28 HTTP requests in this frame

Frame: https://x.bidswitch.net/sync?dsp_id=46&user_id=k-PnO50D65yWbedHfw1ZgpecuiuwXb6ZpZmtUBFA&expires=30
Frame ID: 48DC3D1B1837C18CF00BB6423BD72340
Requests: 28 HTTP requests in this frame

Frame: https://ssl.kaptcha.com/logo.htm?m=null&s=57034ecf89433df29b0060edc983414e
Frame ID: AA8D36B8938F12A159F3AA130147F0E9
Requests: 1 HTTP requests in this frame

Frame: https://c.paypal.com/v1/r/d/i?js_src=https://c.paypal.com/da/r/fb.js
Frame ID: B2236E0633CFD99031E8D6DE47A5DB7C
Requests: 5 HTTP requests in this frame

Frame: https://dub.stats.paypal.com/counter2.cgi?i=127.0.0.1&p=98f8231b68c738ea0f7763f906a41da0&t=1675177956.371&a=14
Frame ID: 9D623E6C88D25802792CDABE2FDAAAFD
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Donate Now | March of DimesBack ButtonSearch IconFilter IconArrow

Detected technologies

Google Maps (Maps) Expand

Overall confidence: 100%
Detected patterns

//maps\.google(?:apis)?\.com/maps/api/js

Braintree (Payment Processors) Expand

Overall confidence: 100%
Detected patterns

js\.braintreegateway\.com

Cloudflare Browser Insights (Analytics) Expand

Overall confidence: 100%
Detected patterns

static\.cloudflareinsights\.com/beacon(?:\.min)?\.js

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Optimize (A/B Testing) Expand

Overall confidence: 100%
Detected patterns

googleoptimize\.com/optimize\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

OneTrust (Cookie compliance) Expand

Overall confidence: 100%
Detected patterns

cdn\.cookielaw\.org
otSDKStub\.js

PubMatic (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.pubmatic\.com

Quantcast Measure (Analytics) Expand

Overall confidence: 100%
Detected patterns

\.quantserve\.com/quant\.js

Rubicon Project (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.rubiconproject\.com

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery UI (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery-ui.*\.js

reCAPTCHA (Captchas) Expand

Overall confidence: 100%
Detected patterns

/recaptcha/api\.js

Page Statistics

293
Requests

90 %
HTTPS

33 %
IPv6

73
Domains

105
Subdomains

90
IPs

11
Countries

4023 kB
Transfer

11836 kB
Size

76
Cookies

10 Outgoing links

These are links going to different origins than the main page.

URL: https://gifts.marchofdimes.org/
Title: Gift Guide

Search URL Search Domain Scan URL

URL: https://nacersano.marchofdimes.org/
Title: Nacersano

Search URL Search Domain Scan URL

URL: http://bit.ly/FBMarchofDimes
Title: March of Dimes Facebook

Search URL Search Domain Scan URL

URL: http://bit.ly/MODInsta
Title: March of Dimes Instagram

Search URL Search Domain Scan URL

URL: http://bit.ly/MarchofDimesLI
Title: March of Dimes LinkedIn

Search URL Search Domain Scan URL

URL: https://www.tiktok.com/@marchofdimes
Title: March of Dimes TikTok

Search URL Search Domain Scan URL

URL: http://bit.ly/MODTwitter
Title: March of Dimes Twitter

Search URL Search Domain Scan URL

URL: http://youtube.com/marchofdimes
Title: March of Dimes YouTube Channel

Search URL Search Domain Scan URL

URL: https://cookiepedia.co.uk/giving-consent-to-cookies
Title: More information

Search URL Search Domain Scan URL

URL: https://onetrust.com/poweredbyonetrust

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 51

https://8832015.fls.doubleclick.net/activityi;src=8832015;type=rt;cat=donforms;ord=2334208738352;gtm=2wg1p0;auiddc=1629772784.1675177954;~oref=https%3A%2F%2Fwww.marchofdimes.org%2Fdonate-now%3FsrcCode%3DGCLGENEM2301CNT00130001%26amp%3Butm_medium%3Demail%26amp%3Butm_source%3Dmandr%26amp%3Butm_campaign%3D2023cultivation%26amp%3Butm_content%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1%26amp%3Bmkto%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001 HTTP 302
https://8832015.fls.doubleclick.net/activityi;dc_pre=CLzH_paM8vwCFVEMogMdvu4FDA;src=8832015;type=rt;cat=donforms;ord=2334208738352;gtm=2wg1p0;auiddc=1629772784.1675177954;~oref=https%3A%2F%2Fwww.marchofdimes.org%2Fdonate-now%3FsrcCode%3DGCLGENEM2301CNT00130001%26amp%3Butm_medium%3Demail%26amp%3Butm_source%3Dmandr%26amp%3Butm_campaign%3D2023cultivation%26amp%3Butm_content%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1%26amp%3Bmkto%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001

Request Chain 58

https://ad.doubleclick.net/ddm/trackimp/N9539.3391082MARCHOFDIMES/B21581475.265419780;dc_trk_aid=424965911;dc_trk_cid=104722561;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua= HTTP 302
https://ad.doubleclick.net/ddm/trackimp/N9539.3391082MARCHOFDIMES/B21581475.265419780;dc_pre=CPqL_JaM8vwCFRRE5QodTscKIw;dc_trk_aid=424965911;dc_trk_cid=104722561;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=

Request Chain 79

https://bm.adentifi.com/pixel/conv/ppt=8653;g=mod_donate_page;gid=28709;ord=2334208738352;gtm=2wg1p0;auiddc=*;~oref=https%3A%2F%2Fwww.marchofdimes.org%2Fdonate-now%3FsrcCode%3DGCLGENEM2301CNT00130001%26amp%3Butm_medium%3Demail%26amp%3Butm_source%3Dmandr%26amp%3Butm_campaign%3D2023cultivation%26amp%3Butm_content%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1%26amp%3Bmkto%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001%20height= HTTP 302
https://bm.adentifi.com/pixel/conv/ppt=8653;g=mod_donate_page;gid=28709;ord=2334208738352;gtm=2wg1p0;auiddc=*;~oref=https%3A%2F%2Fwww.marchofdimes.org%2Fdonate-now%3FsrcCode%3DGCLGENEM2301CNT00130001%26amp%3Butm_medium%3Demail%26amp%3Butm_source%3Dmandr%26amp%3Butm_campaign%3D2023cultivation%26amp%3Butm_content%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1%26amp%3Bmkto%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001%20height=;ip=217.64.151.69;cuidchk=1 HTTP 302
https://ad.doubleclick.net/ddm/activity/src=10620626;type=invmedia;cat=8653_00;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord=1 HTTP 302
https://ad.doubleclick.net/ddm/activity/src=10620626;dc_pre=CLGf1ZeM8vwCFVCJsgodnyoBAA;type=invmedia;cat=8653_00;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord=1 HTTP 302
https://adservice.google.com/ddm/fls/z/src=10620626;dc_pre=CLGf1ZeM8vwCFVCJsgodnyoBAA;type=invmedia;cat=8653_00;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord=1

Request Chain 104

https://gum.criteo.com/sid/json?origin=onetag&domain=8832015.fls.doubleclick.net&sn=ChromeSyncframe&so=0&topUrl=www.marchofdimes.org&lsw=1&topicsavail=0&fledgeavail=0 HTTP 302
https://mug.criteo.com/sid?cpp=3HXW63x1VzJ5SEFQb3ozR0F2OUFzVDZLcGJhY1lRWlA1ejdmQVZRRzdXQndmMVE4QUtDeG96a1dRVmJMbjV0SitMaXUxcWV2NjdML1JDQVlJdmJ0NURaQ003cUx1N3hSZ3dLaTEyMjNad01xQXNGTTRVQmdydmlKMnRTMlNqUDBubGlkTlR4UXZZMEdXQWYxaXBiSjNmSVZCMXFkakNnb1hNd3AzVTJlYkg5TXZ5V2JNTDN6OWxnUFpzUUNoT2FyejZLLzZ1dml3MHExOUtSaU8zTFdOUkhNMnk4cmhNOGZTZTkrcE9EbEVvNFRNazJ4em9YNUNjZk84cEwyeVZjRkgvWnNmZ2FHTVh3Ty8vTDZodmh1SkMxN2diY0FwOHpuVnJDakk3WGRFVllsU3dMRC82VXdKSlN1U09kb0Q0eEIwNG8zbXw&cppv=2

Request Chain 105

https://secure.adnxs.com/getuid?https%3A%2F%2Fums.acuityplatform.com%2Fsum%3Fumid%3D10%26auid%3D737826230612%26uid%3D%24UID HTTP 307
https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fums.acuityplatform.com%252Fsum%253Fumid%253D10%2526auid%253D737826230612%2526uid%253D%2524UID HTTP 302
https://ums.acuityplatform.com/sum?umid=10&auid=737826230612&uid=2018361787894374834

Request Chain 107

https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NyZ0bD0xMjk2MDA=&piggybackCookie=uid:737826230612&r=https%3A%2F%2Fums.acuityplatform.com%2Fsum%3Fumid%3D6%26auid%3D737826230612%26uid%3D%24%7BPUBMATIC_UID%7D HTTP 302
https://ums.acuityplatform.com/sum?umid=6&auid=737826230612&uid=${PUBMATIC_UID}

Request Chain 108

https://dsum-sec.casalemedia.com/rum?cm_dsp_id=10&external_user_id=737826230612 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=10&external_user_id=737826230612&C=1

Request Chain 109

https://pixel.advertising.com/ups/55950/sync?uid=737826230612&_origin=1 HTTP 301
https://ups.analytics.yahoo.com/ups/55950/sync?uid=737826230612&_origin=1 HTTP 302
https://ups.analytics.yahoo.com/ups/55950/sync?uid=737826230612&_origin=1&verify=true

Request Chain 110

https://x.bidswitch.net/sync?dsp_id=236&user_id=737826230612&expires=30&user_group=1 HTTP 302
https://x.bidswitch.net/ul_cb/sync?dsp_id=236&user_id=737826230612&expires=30&user_group=1 HTTP 302
https://sync.go.sonobi.com/us.gif?nw=bidswitch&nuid=116aedf9-b3a2-4361-b943-075021b33efd

Request Chain 111

https://tags.bluekai.com/site/37592?id=123456&limit=0&redir=https%3A%2F%2Fums.acuityplatform.com%2Fsum%3Fumid%3D49%26auid%3D737826230612%26uid%3D%24_BK_UUID HTTP 302
https://ums.acuityplatform.com/sum?umid=49&auid=737826230612&uid=$_BK_UUID

Request Chain 112

https://fei.pro-market.net/engine?mimetype=img&du=9&csync=737826230612 HTTP 302
https://fei.pro-market.net/engine?mimetype=img&du=9&csync=737826230612&sr HTTP 302
https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&dpi=3&pcid=-3878396796125230071

Request Chain 113

https://pixel.tapad.com/idsync/ex/receive?partner_id=3150&partner_device_id=737826230612&partner_url=https%3A%2F%2Fums.acuityplatform.com%2Fsum%3Fumid%3D64%26auid%3D737826230612%26uid%3D%24%7BTA_DEVICE_ID%7D HTTP 302
https://pixel.tapad.com/idsync/ex/receive/check?partner_id=3150&partner_device_id=737826230612&partner_url=https%3A%2F%2Fums.acuityplatform.com%2Fsum%3Fumid%3D64%26auid%3D737826230612%26uid%3D%24%7BTA_DEVICE_ID%7D HTTP 302
https://ums.acuityplatform.com/sum?umid=64&auid=737826230612&uid=801f4340-2f30-42cf-846d-b411cc3efd2e

Request Chain 114

https://dpm.demdex.net/ibs:dpid=12105&dpuuid=737826230612&redir=https%3A%2F%2Fums.acuityplatform.com%2Fsum%3Fumid%3D41%26auid%3D737826230612%26uid%3D%24%7BDD_UUID%7D HTTP 302
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=12105&dpuuid=737826230612&redir=https%3A%2F%2Fums.acuityplatform.com%2Fsum%3Fumid%3D41%26auid%3D737826230612%26uid%3D%24%7BDD_UUID%7D HTTP 302
https://ums.acuityplatform.com/sum?umid=41&auid=737826230612&uid=11377128738871908940671891590044596718

Request Chain 122

https://sslwidget.criteo.com/event?a=81237&v=5.13.0&p0=e%3Dexd%26site_type%3Dd%26ref%3Dhttps%253A%252F%252Fwww.marchofdimes.org&p1=e%3Dvp%26p%3D1&p2=e%3Dvb%26p%3D%255Bi%25253D1%252526pr%25253D0%252526q%25253D1%255D&p3=e%3Ddis&bundle=Q-LkJl9LdFpScmlhSWNPTFVFSGxGaEFmMmhBVXQ3bUlVUlY3ZTB3b0ZGS09DbDBHNVZtZjNveHRZd1lueXklMkJwU3NXVUQ5djNoc2VhJTJCZnR5d3llJTJGNGUxSWklMkJtNHglMkI4Rng3bSUyRjlTd0hmdXlnVXF1Z0tpaXd4JTJGU0YzJTJCTktTR3pnRVRUQ1dpQjNJZjlvbVd0ZjJNMUk3U2lOaHFnblBhY3l0bk5SNUlGVTJzY2NaR3BJJTNE&tld=8832015.fls.doubleclick.net&dy=1&fu=https%253A%252F%252Fwww.marchofdimes.org&pu=https%253A%252F%252Fwww.marchofdimes.org&dtycbr=76126 HTTP 302
https://widget.us.criteo.com/event?a=81237&v=5.13.0&p0=e%3Dexd%26site_type%3Dd%26ref%3Dhttps%253A%252F%252Fwww.marchofdimes.org&p1=e%3Dvp%26p%3D1&p2=e%3Dvb%26p%3D%255Bi%25253D1%252526pr%25253D0%252526q%25253D1%255D&p3=e%3Ddis&bundle=Q-LkJl9LdFpScmlhSWNPTFVFSGxGaEFmMmhBVXQ3bUlVUlY3ZTB3b0ZGS09DbDBHNVZtZjNveHRZd1lueXklMkJwU3NXVUQ5djNoc2VhJTJCZnR5d3llJTJGNGUxSWklMkJtNHglMkI4Rng3bSUyRjlTd0hmdXlnVXF1Z0tpaXd4JTJGU0YzJTJCTktTR3pnRVRUQ1dpQjNJZjlvbVd0ZjJNMUk3U2lOaHFnblBhY3l0bk5SNUlGVTJzY2NaR3BJJTNE&tld=8832015.fls.doubleclick.net&dy=1&fu=https%253A%252F%252Fwww.marchofdimes.org&pu=https%253A%252F%252Fwww.marchofdimes.org&dtycbr=76126

Request Chain 138

https://8832015.fls.doubleclick.net/activityi;src=8832015;type=rt;cat=gen;ord=7764937972392;gtm=2wg1p0;auiddc=1629772784.1675177954;~oref=https%3A%2F%2Fgive.marchofdimes.org%2F%3FsrcCode%3DGCLGENEM2301CNT00130001%26utm_medium%3Demail%26utm_source%3Dmandr%26utm_campaign%3D2023cultivation%26utm_content%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1%26mkto%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001%26DonationFormId%3D262%26urlReferer%3Dhttps%253A%252F%252Fwww.marchofdimes.org%252Fdonate-now%253FsrcCode%253DGCLGENEM2301CNT00130001%2526amp%253Butm_medium%253Demail%2526amp%253Butm_source%253Dmandr%2526amp%253Butm_campaign%253D2023cultivation%2526amp%253Butm_content%253Dem-nat-mandr-2023cultivation-2023-01-30-email-1%2526amp%253Bmkto%253Dem-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001 HTTP 302
https://8832015.fls.doubleclick.net/activityi;dc_pre=CIPXx5eM8vwCFZVDGAod_M4FjQ;src=8832015;type=rt;cat=gen;ord=7764937972392;gtm=2wg1p0;auiddc=1629772784.1675177954;~oref=https%3A%2F%2Fgive.marchofdimes.org%2F%3FsrcCode%3DGCLGENEM2301CNT00130001%26utm_medium%3Demail%26utm_source%3Dmandr%26utm_campaign%3D2023cultivation%26utm_content%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1%26mkto%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001%26DonationFormId%3D262%26urlReferer%3Dhttps%253A%252F%252Fwww.marchofdimes.org%252Fdonate-now%253FsrcCode%253DGCLGENEM2301CNT00130001%2526amp%253Butm_medium%253Demail%2526amp%253Butm_source%253Dmandr%2526amp%253Butm_campaign%253D2023cultivation%2526amp%253Butm_content%253Dem-nat-mandr-2023cultivation-2023-01-30-email-1%2526amp%253Bmkto%253Dem-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001

Request Chain 144

https://ad.doubleclick.net/ddm/trackimp/N9539.3391082MARCHOFDIMES/B21581475.265419780;dc_trk_aid=424965911;dc_trk_cid=104722561;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua= HTTP 302
https://ad.doubleclick.net/ddm/trackimp/N9539.3391082MARCHOFDIMES/B21581475.265419780;dc_pre=CKqFyJeM8vwCFYfzEQgdZhYAng;dc_trk_aid=424965911;dc_trk_cid=104722561;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=

Request Chain 185

https://sslwidget.criteo.com/event?a=81237&v=5.13.0&p0=e%3Dexd%26site_type%3Dd%26ref%3Dhttps%253A%252F%252Fgive.marchofdimes.org&p1=e%3Dvh&p2=e%3Ddis&bundle=Q-LkJl9LdFpScmlhSWNPTFVFSGxGaEFmMmhBVXQ3bUlVUlY3ZTB3b0ZGS09DbDBHNVZtZjNveHRZd1lueXklMkJwU3NXVUQ5djNoc2VhJTJCZnR5d3llJTJGNGUxSWklMkJtNHglMkI4Rng3bSUyRjlTd0hmdXlnVXF1Z0tpaXd4JTJGU0YzJTJCTktTR3pnRVRUQ1dpQjNJZjlvbVd0ZjJNMUk3U2lOaHFnblBhY3l0bk5SNUlGVTJzY2NaR3BJJTNE&tld=8832015.fls.doubleclick.net&dy=1&fu=https%253A%252F%252Fwww.marchofdimes.org&pu=https%253A%252F%252Fwww.marchofdimes.org&dtycbr=70165 HTTP 302
https://widget.us.criteo.com/event?a=81237&v=5.13.0&p0=e%3Dexd%26site_type%3Dd%26ref%3Dhttps%253A%252F%252Fgive.marchofdimes.org&p1=e%3Dvh&p2=e%3Ddis&bundle=Q-LkJl9LdFpScmlhSWNPTFVFSGxGaEFmMmhBVXQ3bUlVUlY3ZTB3b0ZGS09DbDBHNVZtZjNveHRZd1lueXklMkJwU3NXVUQ5djNoc2VhJTJCZnR5d3llJTJGNGUxSWklMkJtNHglMkI4Rng3bSUyRjlTd0hmdXlnVXF1Z0tpaXd4JTJGU0YzJTJCTktTR3pnRVRUQ1dpQjNJZjlvbVd0ZjJNMUk3U2lOaHFnblBhY3l0bk5SNUlGVTJzY2NaR3BJJTNE&tld=8832015.fls.doubleclick.net&dy=1&fu=https%253A%252F%252Fwww.marchofdimes.org&pu=https%253A%252F%252Fwww.marchofdimes.org&dtycbr=70165

Request Chain 200

https://cm.g.doubleclick.net/pixel?google_nid=cjp&google_sc&google_ula=913071&CriteoUserId=k-fk5Zzz65yWbedHfw1ZgpecuiuwXp3CRG44TjXg&google_cm&google_hm=ay1mazVaeno2NXlXYmVkSGZ3MVpncGVjdWl1d1hwM0NSRzQ0VGpYZw HTTP 302
https://dis.criteo.com/dis/rtb/google/cookiematch.aspx?id=&CriteoUserId=k-fk5Zzz65yWbedHfw1ZgpecuiuwXp3CRG44TjXg&google_gid=CAESELTsdrJWq5yBdwv_pIdmKbs&google_cver=1&google_ula=913071,0

Request Chain 201

https://ib.adnxs.com/getuid?https://dis.criteo.com/dis/rtb/appnexus/cookiematch.aspx?appnxsid=$UID HTTP 302
https://dis.criteo.com/dis/rtb/appnexus/cookiematch.aspx?appnxsid=2018361787894374834

Request Chain 202

https://ad.360yield.com/match?publisher_dsp_id=38&external_user_id=k-cFQVTz65yWbedHfw1ZgpecuiuwUCNsV0axxXIg HTTP 302
https://ad.360yield.com/ul_cb/match?publisher_dsp_id=38&external_user_id=k-cFQVTz65yWbedHfw1ZgpecuiuwUCNsV0axxXIg

Request Chain 215

https://gum.criteo.com/sync?c=8&r=1&a=1&u=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D28645%26dpuuid%3D%40USERID%40 HTTP 302
https://dpm.demdex.net/ibs:dpid=28645&dpuuid=tWCLbun8pjq7JiZi5E_uitbjScD3_QKp

Request Chain 225

https://x.bidswitch.net/sync?dsp_id=236&user_id=737842794692&expires=30&user_group=1 HTTP 302
https://match.sharethrough.com/sync/v1?source_id=bf2b131f1f7eff9d8892972c&source_user_id=116aedf9-b3a2-4361-b943-075021b33efd&seat_user_id=&seat_key=&gdpr=&gdpr_consent=&gdpr_pd=&usprivacy=

Request Chain 233

https://gum.criteo.com/sid/json?origin=onetag&domain=8832015.fls.doubleclick.net&sn=ChromeSyncframe&so=2&topUrl=www.marchofdimes.org&bundle=Q-LkJl9LdFpScmlhSWNPTFVFSGxGaEFmMmhBVXQ3bUlVUlY3ZTB3b0ZGS09DbDBHNVZtZjNveHRZd1lueXklMkJwU3NXVUQ5djNoc2VhJTJCZnR5d3llJTJGNGUxSWklMkJtNHglMkI4Rng3bSUyRjlTd0hmdXlnVXF1Z0tpaXd4JTJGU0YzJTJCTktTR3pnRVRUQ1dpQjNJZjlvbVd0ZjJNMUk3U2lOaHFnblBhY3l0bk5SNUlGVTJzY2NaR3BJJTNE&lsw=1&topicsavail=0&fledgeavail=0 HTTP 302
https://mug.criteo.com/sid?cpp=Ak6bC3xHZVNSVnh4SW45ZVJuUlZDcHhJVE1SWlNMSm1PUm9hbVBkNEJCMjAvMWltWG8ybGM3QUdUTlNCeEhCZTEyVlVvRWI2d3lIRTB0dDFyMitVajl0UlJ3TXNOakNvaHp4blE4cEZSdDFxc0RxNDdmYjJOV3JSSXN6ZWl6ZU9hMTlSaUhpdTM1Sk5FWTJxcHhXRjFPemg3T1RIVXUxeXN3UUxjQTI3UTBMUXpRYU9waGoySVN6TVlDb2dhc2V5MkY2TVd6YlBoRytFOFhVdi95aVlFMDZrUGhkdHp1RUpZYXRpQnE1RTdnYW5HOWVDb29iWTFPQUNucHZzeHgrZm9sVE1nR2cvZWY5M0JkeWJRRHJJM0RsYVlWR3lWU3FVSDZwaXlSWEJPYmM1elpzLzNGOVltbG9LWlhBRSsrSmdGbDdUWnlyejlINVloYWpwb29rc3VPanVCQUE9PXw&cppv=2

Request Chain 241

https://gum.criteo.com/sync?c=83&r=1&a=1&u=https%3A%2F%2Fbeacon.krxd.net%2Fusermatch.gif%3Fpartner%3Dcriteo%26partner_uid%3D%40USERID%40 HTTP 302
https://beacon.krxd.net/usermatch.gif?partner=criteo&partner_uid=c7uCNeFB4y8XjBUTUa1xo6Z4_XXtv-Mv

Request Chain 247

https://cm.g.doubleclick.net/pixel?google_nid=cjp&google_sc&google_ula=913071&CriteoUserId=k-fk5Zzz65yWbedHfw1ZgpecuiuwXp3CRG44TjXg&google_cm&google_hm=ay1mazVaeno2NXlXYmVkSGZ3MVpncGVjdWl1d1hwM0NSRzQ0VGpYZw HTTP 302
https://dis.criteo.com/dis/rtb/google/cookiematch.aspx?id=&CriteoUserId=k-fk5Zzz65yWbedHfw1ZgpecuiuwXp3CRG44TjXg&google_gid=CAESELTsdrJWq5yBdwv_pIdmKbs&google_cver=1&google_ula=913071,0

Request Chain 248

https://ib.adnxs.com/getuid?https://dis.criteo.com/dis/rtb/appnexus/cookiematch.aspx?appnxsid=$UID HTTP 302
https://dis.criteo.com/dis/rtb/appnexus/cookiematch.aspx?appnxsid=2018361787894374834

Request Chain 259

https://gum.criteo.com/sync?c=8&r=1&a=1&u=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D28645%26dpuuid%3D%40USERID%40 HTTP 302
https://dpm.demdex.net/ibs:dpid=28645&dpuuid=SVp7CgKCDlr3pLc93fq_jFA65MXyL95p

Request Chain 276

https://gum.criteo.com/sync?c=10&r=1&u=https%3A%2F%2Fs.thebrighttag.com%2Fcs%3Fbtt%3D0%26tp%3Dcr%26uid%3D%40USERID%40 HTTP 302
https://s.thebrighttag.com/cs?btt=0&tp=cr&uid=u6SUh51uApLV9m29l50CTLmI8P5n0ZF1

Request Chain 277

https://gum.criteo.com/sync?c=83&r=1&a=1&u=https%3A%2F%2Fbeacon.krxd.net%2Fusermatch.gif%3Fpartner%3Dcriteo%26partner_uid%3D%40USERID%40 HTTP 302
https://beacon.krxd.net/usermatch.gif?partner=criteo&partner_uid=UMgEH7e76kQvTlInv8ZBBtZDom_NidC-

Request Chain 291

https://assets.braintreegateway.com/data/logo.htm?m=null&s=57034ecf89433df29b0060edc983414e HTTP 302
https://ssl.kaptcha.com/logo.htm?m=null&s=57034ecf89433df29b0060edc983414e

Request Chain 292

https://gum.criteo.com/sync?c=10&r=1&u=https%3A%2F%2Fs.thebrighttag.com%2Fcs%3Fbtt%3D0%26tp%3Dcr%26uid%3D%40USERID%40 HTTP 302
https://s.thebrighttag.com/cs?btt=0&tp=cr&uid=fG5yCoh35slyczgZVzHEKk_NzpoWikLr

Request Chain 296

https://b.stats.paypal.com/counter.cgi?i=127.0.0.1&p=98f8231b68c738ea0f7763f906a41da0&t=1675177956.371&a=14 HTTP 302
https://dub.stats.paypal.com/counter2.cgi?i=127.0.0.1&p=98f8231b68c738ea0f7763f906a41da0&t=1675177956.371&a=14

293 HTTP transactions
17 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request donate-now Show response
www.marchofdimes.org/ 34 KB
7 KB 4668ms
4614ms Document
text/html 2606:4700:10::6816:4345
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.marchofdimes.org/donate-now?srcCode=GCLGENEM2301CNT00130001&utm_medium=email&utm_source=mandr&utm_campaign=2023cultivation&utm_content=em-nat-mandr-2023cultivation-2023-01-30-email-1&mkto=em-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:4345 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / PHP/8.1.14

Resource Hash

8719782486aec06c1298c155d4d7326bc83db3e7b31fa1964787aaf9dfd5b011

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: must-revalidate, no-cache, private
cf-cache-status: DYNAMIC
cf-ray: 792362c00968915e-FRA
content-encoding: br
content-language: en
content-type: text/html; charset=UTF-8
date: Tue, 31 Jan 2023 15:12:32 GMT
expires: Sun, 19 Nov 1978 05:00:00 GMT
permissions-policy: interest-cohort=()
server: cloudflare
vary: Accept-Encoding
x-content-type-options: nosniff
x-drupal-cache: MISS
x-drupal-dynamic-cache: UNCACHEABLE
x-frame-options: SAMEORIGIN
x-generator: Drupal 9 (https://www.drupal.org)
x-powered-by: PHP/8.1.14
x-ua-compatible: IE=edge

GET
H2 200 css_wPRirnkCCeLBInmdzlhDhSaTgXxnt0aIRmg5cfX58KM.css
www.marchofdimes.org/sites/default/files/css/ 8 KB
2 KB 139ms
138ms Stylesheet
text/css 2606:4700:10::6816:4345
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.marchofdimes.org/sites/default/files/css/css_wPRirnkCCeLBInmdzlhDhSaTgXxnt0aIRmg5cfX58KM.css
Requested by: Host: www.marchofdimes.org
URL: https://www.marchofdimes.org/donate-now?srcCode=GCLGENEM2301CNT00130001&utm_medium=email&utm_source=mandr&utm_campaign=2023cultivation&utm_content=em-nat-mandr-2023cultivation-2023-01-30-email-1&mkto=em-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:4345 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cb4009a87c060e8cd986760bc62821454c55ff6539a78887df48a43cd0b5d0bb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.marchofdimes.org/donate-now?srcCode=GCLGENEM2301CNT00130001&utm_medium=email&utm_source=mandr&utm_campaign=2023cultivation&utm_content=em-nat-mandr-2023cultivation-2023-01-30-email-1&mkto=em-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Tue, 31 Jan 2023 15:12:33 GMT
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Fri, 02 Dec 2022 20:53:58 GMT
server: cloudflare
cf-polished: origSize=8217
etag: W/"2019-5eede895eb508-gzip"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=14400
cf-ray: 792362de4bf6915e-FRA

GET
H2 200 css2
fonts.googleapis.com/ 19 KB
1 KB 40ms
18ms Stylesheet
text/css 2a00:1450:4001:80e::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Source+Sans+Pro:ital,wght@0,300;0,400;0,600;0,700;1,300;1,400;1,600;1,700&display=swap

Requested by

Host: www.marchofdimes.org
URL: https://www.marchofdimes.org/donate-now?srcCode=GCLGENEM2301CNT00130001&utm_medium=email&utm_source=mandr&utm_campaign=2023cultivation&utm_content=em-nat-mandr-2023cultivation-2023-01-30-email-1&mkto=em-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e4eaadc2def43bb3f805070c6b7bf4361c6501b710c71188469666c12a8ae37c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Tue, 31 Jan 2023 15:12:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Tue, 31 Jan 2023 15:00:59 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 31 Jan 2023 15:12:33 GMT

GET
H2 200 css_9mrtX8M_97AJvYuNFf7PRkfETtBEnNemWle96b5tUzc.css
www.marchofdimes.org/sites/default/files/css/ 169 KB
30 KB 133ms
133ms Stylesheet
text/css 2606:4700:10::6816:4345
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.marchofdimes.org/sites/default/files/css/css_9mrtX8M_97AJvYuNFf7PRkfETtBEnNemWle96b5tUzc.css
Requested by: Host: www.marchofdimes.org
URL: https://www.marchofdimes.org/donate-now?srcCode=GCLGENEM2301CNT00130001&utm_medium=email&utm_source=mandr&utm_campaign=2023cultivation&utm_content=em-nat-mandr-2023cultivation-2023-01-30-email-1&mkto=em-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:4345 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0c19c0adeab0b61fb69a6cf3e0357c8eb0f230d489ed2f4ed0cd97e1fde0b256

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.marchofdimes.org/donate-now?srcCode=GCLGENEM2301CNT00130001&utm_medium=email&utm_source=mandr&utm_campaign=2023cultivation&utm_content=em-nat-mandr-2023cultivation-2023-01-30-email-1&mkto=em-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Tue, 31 Jan 2023 15:12:33 GMT
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Fri, 16 Dec 2022 20:43:11 GMT
server: cloudflare
cf-polished: origSize=174244
etag: W/"2a8a4-5eff8049dc690-gzip"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=14400
cf-ray: 792362de4bf8915e-FRA

GET
H2 200 rocket-loader.min.js Show response
www.marchofdimes.org/cdn-cgi/scripts/7d0fa10a/cloudflare-static/ 12 KB
4 KB 12ms
11ms Script
application/javascript 2606:4700:10::6816:4345
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.marchofdimes.org/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:4345 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.marchofdimes.org/donate-now?srcCode=GCLGENEM2301CNT00130001&utm_medium=email&utm_source=mandr&utm_campaign=2023cultivation&utm_content=em-nat-mandr-2023cultivation-2023-01-30-email-1&mkto=em-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Tue, 31 Jan 2023 15:12:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 23 Jan 2023 11:05:52 GMT
server: cloudflare
etag: W/"63ce6a10-302c"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/javascript
cache-control: max-age=172800, public
cf-ray: 792362de8c8d915e-FRA
expires: Thu, 02 Feb 2023 15:12:33 GMT

GET
H2 200 vaafb692b2aea4879b33c060e79fe94621666317369993 Show response
static.cloudflareinsights.com/beacon.min.js/ 17 KB
6 KB 96ms
55ms Script
text/javascript 2606:4700::6810:3965
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static.cloudflareinsights.com/beacon.min.js/vaafb692b2aea4879b33c060e79fe94621666317369993
Requested by: Host: www.marchofdimes.org
URL: https://www.marchofdimes.org/donate-now?srcCode=GCLGENEM2301CNT00130001&utm_medium=email&utm_source=mandr&utm_campaign=2023cultivation&utm_content=em-nat-mandr-2023cultivation-2023-01-30-email-1&mkto=em-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:3965 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0f48c5678ce459a596423b0e55344e7ad8eb3d3b1b27c54cd76a9d4cee7dd6c3

Request headers

Referer: https://www.marchofdimes.org/
Origin: https://www.marchofdimes.org
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Tue, 31 Jan 2023 15:12:33 GMT
content-encoding: gzip
last-modified: Fri, 21 Oct 2022 01:56:09 GMT
server: cloudflare
etag: W/2022.10.1
vary: Accept-Encoding
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
cf-ray: 792362dec83ebc04-FRA

GET
H2 200 sprite.artifact.svg
www.marchofdimes.org/themes/gesso/dist/images/ 6 KB
2 KB 131ms
131ms Other
image/svg+xml 2606:4700:10::6816:4345
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.marchofdimes.org/themes/gesso/dist/images/sprite.artifact.svg
Requested by: Host: www.marchofdimes.org
URL: https://www.marchofdimes.org/donate-now?srcCode=GCLGENEM2301CNT00130001&utm_medium=email&utm_source=mandr&utm_campaign=2023cultivation&utm_content=em-nat-mandr-2023cultivation-2023-01-30-email-1&mkto=em-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:4345 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a03c785037ad1b5e421dd7d4335f1f697c0ab24f71aa14e49e632679b4112299

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.marchofdimes.org/donate-now?srcCode=GCLGENEM2301CNT00130001&utm_medium=email&utm_source=mandr&utm_campaign=2023cultivation&utm_content=em-nat-mandr-2023cultivation-2023-01-30-email-1&mkto=em-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Tue, 31 Jan 2023 15:12:33 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 24 Jan 2023 18:45:27 GMT
server: cloudflare
etag: W/"19d4-5f306eb5d019d"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=14400
cf-ray: 792362de8c9a915e-FRA

GET
H2 200 js_8jjjAo68G36IWlbzmOefSpvEwYrk2lgaL2Zh51_bD_0.js Show response
www.marchofdimes.org/sites/default/files/js/ 12 KB
3 KB 136ms
134ms Script
application/javascript 2606:4700:10::6816:4345
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.marchofdimes.org/sites/default/files/js/js_8jjjAo68G36IWlbzmOefSpvEwYrk2lgaL2Zh51_bD_0.js
Requested by: Host: www.marchofdimes.org
URL: https://www.marchofdimes.org/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:4345 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2eee0761bf0536e5f4bc229317ca5f9969a78fbfee526ede845fb663a7ea9a16

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.marchofdimes.org/donate-now?srcCode=GCLGENEM2301CNT00130001&utm_medium=email&utm_source=mandr&utm_campaign=2023cultivation&utm_content=em-nat-mandr-2023cultivation-2023-01-30-email-1&mkto=em-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Tue, 31 Jan 2023 15:12:33 GMT
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Fri, 02 Dec 2022 20:54:39 GMT
server: cloudflare
cf-polished: origSize=12366
etag: W/"304e-5eede8bd32bc0-gzip"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 792362df3e58915e-FRA

GET
H2 200 reminder.js Show response
give.marchofdimes.org/ 4 KB
1 KB 183ms
26ms Script
application/javascript 2606:4700:10::6816:4345
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://give.marchofdimes.org/reminder.js
Requested by: Host: www.marchofdimes.org
URL: https://www.marchofdimes.org/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:4345 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: f6cfb0d3d7be77e19468d1f315e892963adf4975af43084e66d25d5b6a7edce1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Tue, 31 Jan 2023 15:12:33 GMT
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Mon, 19 Dec 2022 20:55:47 GMT
server: cloudflare
age: 3161
cf-polished: origSize=6167
etag: W/"821a745ec13d91:0"
vary: Accept-Encoding
x-powered-by: ASP.NET
content-type: application/javascript
cache-control: max-age=14400
permissions-policy: interest-cohort=()
cf-ray: 792362e03824915e-FRA

GET
H2 200 js_CAFeMkWwa5iyzj8ZJCyC7sGBiOlHQwlLUJSBaFwxvU4.js Show response
www.marchofdimes.org/sites/default/files/js/ 160 KB
62 KB 233ms
232ms Script
application/javascript 2606:4700:10::6816:4345
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.marchofdimes.org/sites/default/files/js/js_CAFeMkWwa5iyzj8ZJCyC7sGBiOlHQwlLUJSBaFwxvU4.js
Requested by: Host: www.marchofdimes.org
URL: https://www.marchofdimes.org/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:4345 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8baad8c872e6151f0eebedff088050aa8570d12e30c5ba3e28c4b2cf0a104ebd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.marchofdimes.org/donate-now?srcCode=GCLGENEM2301CNT00130001&utm_medium=email&utm_source=mandr&utm_campaign=2023cultivation&utm_content=em-nat-mandr-2023cultivation-2023-01-30-email-1&mkto=em-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Tue, 31 Jan 2023 15:12:33 GMT
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Fri, 02 Dec 2022 21:03:31 GMT
server: cloudflare
cf-polished: origSize=165626
etag: W/"286fa-5eedeab83bc28-gzip"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 792362df3e5c915e-FRA

GET
H2 200 form.js Show response
give.marchofdimes.org/ 3 KB
1 KB 269ms
113ms Script
application/javascript 2606:4700:10::6816:4345
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://give.marchofdimes.org/form.js
Requested by: Host: www.marchofdimes.org
URL: https://www.marchofdimes.org/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:4345 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 95468a4e3708532534a0ff8bd5270ee2bb35dcbc83a2837e561865ad9bfc2eb1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Tue, 31 Jan 2023 15:12:33 GMT
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Thu, 22 Dec 2022 19:46:01 GMT
server: cloudflare
cf-polished: origSize=6012
etag: W/"50324153e16d91:0"
vary: Accept-Encoding
x-powered-by: ASP.NET
content-type: application/javascript
cache-control: max-age=14400
permissions-policy: interest-cohort=()
cf-ray: 792362e03822915e-FRA

GET
H2 200 google_tag.script.js Show response
www.marchofdimes.org/sites/default/files/google_tag/march_of_dimes/ 348 B
322 B 112ms
111ms Script
application/javascript 2606:4700:10::6816:4345
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.marchofdimes.org/sites/default/files/google_tag/march_of_dimes/google_tag.script.js?rpcv7o
Requested by: Host: www.marchofdimes.org
URL: https://www.marchofdimes.org/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:4345 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e2717d806962fe1e4c9810ca869fb82c8bbd86638ca6787d01ff8c947c20df3c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.marchofdimes.org/donate-now?srcCode=GCLGENEM2301CNT00130001&utm_medium=email&utm_source=mandr&utm_campaign=2023cultivation&utm_content=em-nat-mandr-2023cultivation-2023-01-30-email-1&mkto=em-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Tue, 31 Jan 2023 15:12:33 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 31 Jan 2023 15:04:43 GMT
server: cloudflare
etag: W/"15c-5f390a6dc9b48-gzip"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 792362df3e5e915e-FRA

GET
H2 200 otSDKStub.js Show response
cdn.cookielaw.org/scripttemplates/ 25 KB
9 KB 40ms
20ms Script
application/javascript 2606:4700::6810:9540
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Requested by

Host: www.marchofdimes.org
URL: https://www.marchofdimes.org/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9540 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

83f8393c6593831a76ea84324c946029082b5c72507176c13387468d21c651ff

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Tue, 31 Jan 2023 15:12:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: 4ki7PtkHDuSPC1vGdOaknQ==
age: 47578
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 8384
x-ms-lease-status: unlocked
last-modified: Mon, 30 Jan 2023 20:36:09 GMT
server: cloudflare
etag: 0x8DB03019EC57C05
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: 8bd5a73a-801e-0125-0408-350600000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 792362df594591ea-FRA

GET
H2 200 Throwback_Fundraiser_Donation_Page_V2.jpg
www.marchofdimes.org/sites/default/files/2023-01/ 71 KB
72 KB 119ms
118ms Image
image/webp 2606:4700:10::6816:4345
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.marchofdimes.org/sites/default/files/2023-01/Throwback_Fundraiser_Donation_Page_V2.jpg
Requested by: Host: www.marchofdimes.org
URL: https://www.marchofdimes.org/donate-now?srcCode=GCLGENEM2301CNT00130001&utm_medium=email&utm_source=mandr&utm_campaign=2023cultivation&utm_content=em-nat-mandr-2023cultivation-2023-01-30-email-1&mkto=em-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:4345 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d6b03c0ce04b39e345143e08b559dac92951ed2db93a2aa699430d56e746c605

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.marchofdimes.org/donate-now?srcCode=GCLGENEM2301CNT00130001&utm_medium=email&utm_source=mandr&utm_campaign=2023cultivation&utm_content=em-nat-mandr-2023cultivation-2023-01-30-email-1&mkto=em-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Tue, 31 Jan 2023 15:12:33 GMT
cf-cache-status: HIT
cf-bgj: imgq:100,h2pri
last-modified: Fri, 20 Jan 2023 16:14:35 GMT
server: cloudflare
cf-polished: origFmt=jpeg, origSize=144621
etag: "234ed-5f2b4587a0cb0"
vary: Accept
content-type: image/webp
cache-control: max-age=14400
content-disposition: inline; filename="Throwback_Fundraiser_Donation_Page_V2.webp"
accept-ranges: bytes
cf-ray: 792362df4e71915e-FRA
content-length: 73102

GET
H2 200 fcdafeaf549fc682810d.svg
www.marchofdimes.org/themes/gesso/dist/images/ 8 KB
3 KB 121ms
120ms Image
image/svg+xml 2606:4700:10::6816:4345
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.marchofdimes.org/themes/gesso/dist/images/fcdafeaf549fc682810d.svg
Requested by: Host: www.marchofdimes.org
URL: https://www.marchofdimes.org/sites/default/files/css/css_9mrtX8M_97AJvYuNFf7PRkfETtBEnNemWle96b5tUzc.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:4345 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4c73ae3eda72c7eef8b13c75031180df1d81626dec2a68a846094d697fec3546

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.marchofdimes.org/sites/default/files/css/css_9mrtX8M_97AJvYuNFf7PRkfETtBEnNemWle96b5tUzc.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Tue, 31 Jan 2023 15:12:33 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 24 Jan 2023 18:45:27 GMT
server: cloudflare
etag: W/"1fb9-5f306eb5cf1fd"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=14400
cf-ray: 792362df4e75915e-FRA

GET
DATA 200
OK truncated
/ 200 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5fbdec47eb761902c4f7d14ccd5a3b97bbaca6a18d485482157fff7f97684d3d

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 224 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 35f91a61fb778a5507d8527904d3bb532d0c8655e7a6c77af344df8015adc2c1

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 743 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5cc76e7f5b027b2566d97e2701af7b605a376c4a0487302d2634bbceb67eb349

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 538 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4471ccb98d7627f19e1fd997e5562b4be936baf86b6597eb63330c6843fc59c1

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 3 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 019696b175f8558a9f629b596b30b4715bf1219fbee3e3588dbacfb1582df84c

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 328 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e944de09b6e048d89b1dff57baf718b2ac1dc0d273e55560decb4c82cc828c8f

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 325 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 52142e0671ba7294da28434e2a92636b8848c1fe284fe09543c4e8f7e4716d11

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 1 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 116448ff3191f74560d6d91c76cebc18ec741564aa62d5c6f8bdf8f611e8a2b7

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 1 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 218b91569ad8f0a5cf1aba89f3957966ecffb7b5852ca25b709bd8f887a00c90

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 521 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7176a2935514018f4c12a99dccc108407f9f4bdd7c1be1a097cbec7a90fb7542

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 518 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4aa2fdddfcb25552a1713673a954bc864de1a7b22dc0ebe664fe8ddb6bcb21ee

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 392 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 420a436e0e9e1c48a2f9ce50b59fdb2b805d0274cc20fa569fd1726c4dbf90e9

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 389 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b73c2239b5b0ae6e051cb135734dc2101aeaf9032dd6b2c29ce9679330fc0bd0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 583 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b81f50d6d819dd6d6aaf0cb6402329f0479c734ad2f0918eb9f8366b66f78c83

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 580 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2a79623b8606d1583bada494ecdaac61b10440ba7a0da23185892f9d86f172dc

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 535 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 24049fb41335d87d82a9faea10cf9aa2a0ef868037667b029d2953a940cdf67b

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 532 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b410913850321efd333e39ddf1a5d49a433b29721126ec6d785f8f039e98bc32

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 329746577f94a4f1785e.otf
www.marchofdimes.org/themes/gesso/dist/fonts/ 123 KB
49 KB 21ms
18ms Font
font/otf 2606:4700:10::6816:4345
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.marchofdimes.org/themes/gesso/dist/fonts/329746577f94a4f1785e.otf
Requested by: Host: www.marchofdimes.org
URL: https://www.marchofdimes.org/sites/default/files/css/css_9mrtX8M_97AJvYuNFf7PRkfETtBEnNemWle96b5tUzc.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:4345 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8e758310065d56c81731fadefacd48f77fe962456070bcd42b4fab78e044a69d

Request headers

Referer: https://www.marchofdimes.org/sites/default/files/css/css_9mrtX8M_97AJvYuNFf7PRkfETtBEnNemWle96b5tUzc.css
Origin: https://www.marchofdimes.org
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Tue, 31 Jan 2023 15:12:33 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 24 Jan 2023 18:45:27 GMT
server: cloudflare
age: 3161
etag: W/"1eb4c-5f306eb5cb37d"
vary: Accept-Encoding
content-type: font/otf
cache-control: max-age=14400
cf-ray: 792362df7eda915e-FRA

GET
H2 200 7ef1e78abcb43e957eec.otf
www.marchofdimes.org/themes/gesso/dist/fonts/ 130 KB
54 KB 38ms
34ms Font
font/otf 2606:4700:10::6816:4345
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.marchofdimes.org/themes/gesso/dist/fonts/7ef1e78abcb43e957eec.otf
Requested by: Host: www.marchofdimes.org
URL: https://www.marchofdimes.org/sites/default/files/css/css_9mrtX8M_97AJvYuNFf7PRkfETtBEnNemWle96b5tUzc.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:4345 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4d663da5e7f6fe773fda5fe642d04a71cd988f1132b343edb5be914d44a1f534

Request headers

Referer: https://www.marchofdimes.org/sites/default/files/css/css_9mrtX8M_97AJvYuNFf7PRkfETtBEnNemWle96b5tUzc.css
Origin: https://www.marchofdimes.org
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Tue, 31 Jan 2023 15:12:33 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 24 Jan 2023 18:45:27 GMT
server: cloudflare
age: 3161
etag: W/"206b0-5f306eb5cc31d"
vary: Accept-Encoding
content-type: font/otf
cache-control: max-age=14400
cf-ray: 792362df7edf915e-FRA

GET
H2 200 09a9e3080c1a5236f325.otf
www.marchofdimes.org/themes/gesso/dist/fonts/ 131 KB
56 KB 32ms
29ms Font
font/otf 2606:4700:10::6816:4345
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.marchofdimes.org/themes/gesso/dist/fonts/09a9e3080c1a5236f325.otf
Requested by: Host: www.marchofdimes.org
URL: https://www.marchofdimes.org/sites/default/files/css/css_9mrtX8M_97AJvYuNFf7PRkfETtBEnNemWle96b5tUzc.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:4345 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d1802297dea21b3e6a860ccb64dac092312598f1743b8b6b9dd6c30adb4bfe45

Request headers

Referer: https://www.marchofdimes.org/sites/default/files/css/css_9mrtX8M_97AJvYuNFf7PRkfETtBEnNemWle96b5tUzc.css
Origin: https://www.marchofdimes.org
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Tue, 31 Jan 2023 15:12:33 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 24 Jan 2023 18:45:27 GMT
server: cloudflare
age: 3161
etag: W/"20b6c-5f306eb5cb37d"
vary: Accept-Encoding
content-type: font/otf
cache-control: max-age=14400
cf-ray: 792362df7ee1915e-FRA

GET
H2 200 f58d53eb72d7239d4ca8.otf
www.marchofdimes.org/themes/gesso/dist/fonts/ 129 KB
54 KB 30ms
28ms Font
font/otf 2606:4700:10::6816:4345
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.marchofdimes.org/themes/gesso/dist/fonts/f58d53eb72d7239d4ca8.otf
Requested by: Host: www.marchofdimes.org
URL: https://www.marchofdimes.org/sites/default/files/css/css_9mrtX8M_97AJvYuNFf7PRkfETtBEnNemWle96b5tUzc.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:4345 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ebd6d32400095fb406e63e748a6a8451eb6cdefc0f57d5f3217de10fdc57b416

Request headers

Referer: https://www.marchofdimes.org/sites/default/files/css/css_9mrtX8M_97AJvYuNFf7PRkfETtBEnNemWle96b5tUzc.css
Origin: https://www.marchofdimes.org
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Tue, 31 Jan 2023 15:12:33 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 24 Jan 2023 18:45:27 GMT
server: cloudflare
age: 3161
etag: W/"20448-5f306eb5ce25d"
vary: Accept-Encoding
content-type: font/otf
cache-control: max-age=14400
cf-ray: 792362df7ee3915e-FRA

GET
H2 200 e78d3d4f87bc060c0a1a.otf
www.marchofdimes.org/themes/gesso/dist/fonts/ 131 KB
55 KB 23ms
21ms Font
font/otf 2606:4700:10::6816:4345
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.marchofdimes.org/themes/gesso/dist/fonts/e78d3d4f87bc060c0a1a.otf
Requested by: Host: www.marchofdimes.org
URL: https://www.marchofdimes.org/sites/default/files/css/css_9mrtX8M_97AJvYuNFf7PRkfETtBEnNemWle96b5tUzc.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:4345 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 75c911d121bdba9548b91e8a057bfae7edbebe988a7423821fc7d4c090c64b92

Request headers

Referer: https://www.marchofdimes.org/sites/default/files/css/css_9mrtX8M_97AJvYuNFf7PRkfETtBEnNemWle96b5tUzc.css
Origin: https://www.marchofdimes.org
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Tue, 31 Jan 2023 15:12:33 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 24 Jan 2023 18:45:27 GMT
server: cloudflare
age: 3161
etag: W/"20a90-5f306eb5cd2bd"
vary: Accept-Encoding
content-type: font/otf
cache-control: max-age=14400
cf-ray: 792362df7ee5915e-FRA

GET
H2 200 ce58b1c5-3fe5-4b89-ba5c-ca7c2558eb4c.json Show response
cdn.cookielaw.org/consent/ce58b1c5-3fe5-4b89-ba5c-ca7c2558eb4c/ 3 KB
2 KB 55ms
34ms XHR
application/x-javascript 2606:4700::6810:9540
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/ce58b1c5-3fe5-4b89-ba5c-ca7c2558eb4c/ce58b1c5-3fe5-4b89-ba5c-ca7c2558eb4c.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9540 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f312af48d9dcc5d90470fab6410aabb3b5dcb4c8aaf6e5bc4cdef61f614b9dcb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Tue, 31 Jan 2023 15:12:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: cfxJGfZoqchvCQVD1/fksw==
age: 48344
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 1802
x-ms-lease-status: unlocked
last-modified: Wed, 04 Mar 2020 14:33:04 GMT
server: cloudflare
etag: 0x8D7C048F3180C98
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 6f663bdb-d01e-013d-77d0-112b95000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 792362e08ed430d0-FRA
expires: Wed, 01 Feb 2023 15:12:33 GMT

GET
H2 200 otBannerSdk.js Show response
cdn.cookielaw.org/scripttemplates/5.13.0/ 389 KB
94 KB 20ms
20ms Script
application/javascript 2606:4700::6810:9540
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/5.13.0/otBannerSdk.js

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9540 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

759cbd9881e14214af52dfb585ccf70ea59037598b67cc9cf6df7d3fea7abfd0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Tue, 31 Jan 2023 15:12:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: av5EYi/+VJcKyIBzruXtUw==
age: 26307
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 95775
x-ms-lease-status: unlocked
last-modified: Tue, 25 Feb 2020 19:24:49 GMT
server: cloudflare
etag: 0x8D7BA2861DF0E68
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: b6052368-a01e-011b-2342-cab021000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 792362e0cbf091ea-FRA

GET
H2 200 / Show response
give.marchofdimes.org/ Frame 3680 4 KB
2 KB 414ms
413ms Document
text/html 2606:4700:10::6816:4345
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://give.marchofdimes.org/?srcCode=GCLGENEM2301CNT00130001&utm_medium=email&utm_source=mandr&utm_campaign=2023cultivation&utm_content=em-nat-mandr-2023cultivation-2023-01-30-email-1&mkto=em-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001&DonationFormId=262&urlReferer=https%3A%2F%2Fwww.marchofdimes.org%2Fdonate-now%3FsrcCode%3DGCLGENEM2301CNT00130001%26amp%3Butm_medium%3Demail%26amp%3Butm_source%3Dmandr%26amp%3Butm_campaign%3D2023cultivation%26amp%3Butm_content%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1%26amp%3Bmkto%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001
Requested by: Host: give.marchofdimes.org
URL: https://give.marchofdimes.org/form.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:4345 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 6bdbf570e965ff84c49856d2c9b66fbae9b8ddecc20431a77f1a0588907607e2

Request headers

Referer: https://www.marchofdimes.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cf-cache-status: DYNAMIC
cf-ray: 792362e0fa12915e-FRA
content-encoding: br
content-type: text/html
date: Tue, 31 Jan 2023 15:12:33 GMT
last-modified: Mon, 23 Jan 2023 18:57:00 GMT
permissions-policy: interest-cohort=()
server: cloudflare
vary: Accept-Encoding
x-powered-by: ASP.NET

GET
H2 200 applepay.js Show response
give.marchofdimes.org/js/ 4 KB
2 KB 122ms
122ms Script
application/javascript 2606:4700:10::6816:4345
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://give.marchofdimes.org/js/applepay.js
Requested by: Host: give.marchofdimes.org
URL: https://give.marchofdimes.org/form.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:4345 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: f20618a9611f101433a64fbcc4524da7827f460c048ac9c383cc2eea9bb1bb2d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Tue, 31 Jan 2023 15:12:33 GMT
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Mon, 23 Jan 2023 18:57:00 GMT
server: cloudflare
cf-polished: origSize=7978
etag: W/"11c48795c2fd91:0"
vary: Accept-Encoding
x-powered-by: ASP.NET
content-type: application/javascript
cache-control: max-age=14400
permissions-policy: interest-cohort=()
cf-ray: 792362e0fa19915e-FRA

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 271 KB
88 KB 65ms
40ms Script
application/javascript 2a00:1450:4001:808::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-WNJ3K3P

Requested by

Host: www.marchofdimes.org
URL: https://www.marchofdimes.org/sites/default/files/google_tag/march_of_dimes/google_tag.script.js?rpcv7o

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

6cd794b69baaca85a6bd556df2713a3e6c07ca5cc159ff28aec8674b65347106

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Tue, 31 Jan 2023 15:12:33 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 90145
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Tue, 31 Jan 2023 15:12:33 GMT

GET
H2 200 sprite.artifact.svg
www.marchofdimes.org/themes/gesso/dist/images/ 6 KB
2 KB 17ms
17ms Other
image/svg+xml 2606:4700:10::6816:4345
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.marchofdimes.org/themes/gesso/dist/images/sprite.artifact.svg
Requested by: Host: www.marchofdimes.org
URL: https://www.marchofdimes.org/sites/default/files/js/js_CAFeMkWwa5iyzj8ZJCyC7sGBiOlHQwlLUJSBaFwxvU4.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:4345 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a03c785037ad1b5e421dd7d4335f1f697c0ab24f71aa14e49e632679b4112299

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.marchofdimes.org/donate-now?srcCode=GCLGENEM2301CNT00130001&utm_medium=email&utm_source=mandr&utm_campaign=2023cultivation&utm_content=em-nat-mandr-2023cultivation-2023-01-30-email-1&mkto=em-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Tue, 31 Jan 2023 15:12:33 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 24 Jan 2023 18:45:27 GMT
server: cloudflare
age: 0
etag: W/"19d4-5f306eb5d019d"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=14400
cf-ray: 792362e12a6f915e-FRA

GET
H2 200 reminder.css
give.marchofdimes.org/css/ 2 KB
700 B 17ms
16ms Stylesheet
text/css 2606:4700:10::6816:4345
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://give.marchofdimes.org/css/reminder.css?5435
Requested by: Host: give.marchofdimes.org
URL: https://give.marchofdimes.org/reminder.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:4345 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: a2925ebc9df04ccd6394511af90bc09bf370d19e6797a2434459574d89a6797e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Tue, 31 Jan 2023 15:12:33 GMT
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Mon, 23 Jan 2023 18:57:00 GMT
server: cloudflare
age: 3160
cf-polished: origSize=3711
etag: W/"f67345795c2fd91:0"
vary: Accept-Encoding
x-powered-by: ASP.NET
content-type: text/css
cache-control: max-age=14400
permissions-policy: interest-cohort=()
cf-ray: 792362e12a7c915e-FRA

GET
H2 200 en.json Show response
cdn.cookielaw.org/consent/ce58b1c5-3fe5-4b89-ba5c-ca7c2558eb4c/03dae8d3-1490-4973-98ef-e49e49eac3e6/ 59 KB
11 KB 24ms
24ms Fetch
application/x-javascript 2606:4700::6810:9540
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/ce58b1c5-3fe5-4b89-ba5c-ca7c2558eb4c/03dae8d3-1490-4973-98ef-e49e49eac3e6/en.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/5.13.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9540 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

21f7167ab74ead6a6e3489d9b9fba5d85d81ccab4acc32c6903f46be4e0595df

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Tue, 31 Jan 2023 15:12:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: Mm7MKhwPDTwiFeSK2bbVLw==
age: 48344
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 11098
x-ms-lease-status: unlocked
last-modified: Wed, 04 Mar 2020 14:33:05 GMT
server: cloudflare
etag: 0x8D7C048F393E3C4
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 9a954dab-401e-017c-47d0-110386000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 792362e1380430d0-FRA
expires: Wed, 01 Feb 2023 15:12:33 GMT

POST
H2 204 rum Show response
www.marchofdimes.org/cdn-cgi/ 0
186 B 25ms
25ms XHR
text/plain 2606:4700:10::6816:4345
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.marchofdimes.org/cdn-cgi/rum?

Requested by

Host: static.cloudflareinsights.com
URL: https://static.cloudflareinsights.com/beacon.min.js/vaafb692b2aea4879b33c060e79fe94621666317369993

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:4345 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.marchofdimes.org/donate-now?srcCode=GCLGENEM2301CNT00130001&utm_medium=email&utm_source=mandr&utm_campaign=2023cultivation&utm_content=em-nat-mandr-2023cultivation-2023-01-30-email-1&mkto=em-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
content-type: application/json

Response headers

date: Tue, 31 Jan 2023 15:12:33 GMT
x-content-type-options: nosniff
server: cloudflare
vary: Origin
access-control-max-age: 86400
access-control-allow-methods: POST,OPTIONS
access-control-allow-origin: https://www.marchofdimes.org
x-frame-options: DENY
access-control-allow-credentials: true
cf-ray: 792362e15adc915e-FRA

GET
H2 200 otFlat.json Show response
cdn.cookielaw.org/scripttemplates/5.13.0/assets/ 15 KB
3 KB 21ms
21ms Fetch
application/json 2606:4700::6810:9540
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/5.13.0/assets/otFlat.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/5.13.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9540 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f52e4e999a441c151183d77efd6dad3915e650409ea65b94b7e0fc067dcd0abd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Tue, 31 Jan 2023 15:12:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: idLIfkDq/eva4EuRGVQzZQ==
age: 48344
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 2839
x-ms-lease-status: unlocked
last-modified: Tue, 25 Feb 2020 19:24:47 GMT
server: cloudflare
etag: 0x8D7BA28607C070E
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: 6261c034-a01e-0132-03d0-11c663000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 792362e1787930d0-FRA

GET
H2 200 otPcCenter.json Show response
cdn.cookielaw.org/scripttemplates/5.13.0/assets/ 84 KB
17 KB 34ms
33ms Fetch
application/json 2606:4700::6810:9540
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/5.13.0/assets/otPcCenter.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/5.13.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9540 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2bd6c30a523ce8b33d96dc79b1d759b5d5634740ae76aa6557e2d3741082e067

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Tue, 31 Jan 2023 15:12:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: Bbq+cqhXBxu2QqVrgDpPqg==
age: 35212
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 17012
x-ms-lease-status: unlocked
last-modified: Tue, 25 Feb 2020 19:24:47 GMT
server: cloudflare
etag: 0x8D7BA28609F260F
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: 59a9ec77-301e-0099-326c-c45724000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 792362e1787f30d0-FRA

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 111 KB
43 KB 26ms
25ms Script
application/javascript 2a00:1450:4001:808::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=DC-8832015

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WNJ3K3P

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

b30aaa29aead0ced901f49560b6f13f09ff52fc3494e6bc0baddce97f80f928f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Tue, 31 Jan 2023 15:12:33 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 44294
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Tue, 31 Jan 2023 15:12:33 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 31ms
5ms Script
text/javascript 2001:4860:4802:38::178
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WNJ3K3P

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2001:4860:4802:38::178 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

5971b095cff574a66d35ada016d4c077c86e2dea62e9c0f14cf7c94b258619de

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Tue, 31 Jan 2023 14:13:15 GMT
last-modified: Tue, 10 Jan 2023 21:29:14 GMT
server: Golfe2
age: 3558
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20085
expires: Tue, 31 Jan 2023 16:13:15 GMT

GET
H2 200 tfa.js Show response
cdn.taboola.com/libtrc/unip/1335104/ 58 KB
18 KB 126ms
31ms Script
application/javascript 151.101.1.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/libtrc/unip/1335104/tfa.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WNJ3K3P
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 74ccbc93851c337e3f764c712dac726bb612522e583432b1ffffb1d61dfe9c8b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

x-amz-version-id: H42nGUwn4yjBQH148Ck7FaRlJMoBMiLu
content-encoding: gzip
via: 1.1 varnish
date: Tue, 31 Jan 2023 15:12:33 GMT
x-amz-request-id: WAX57F1KMWY3W6XZ
age: 43
x-cache: HIT
x-amz-replication-status: COMPLETED
content-length: 18347
x-amz-id-2: bwifaG4QpxpQlXEVgVe/YPNEHx5GuGC1QME1F2VsiV7zkuQ738jHOtZhpXOA8lsCoUkG+C7wp4I=
x-served-by: cache-hhn-etou8220063-HHN
last-modified: Sun, 29 Jan 2023 11:10:09 GMT
server: AmazonS3
x-timer: S1675177954.751816,VS0,VE2
etag: "9fddc35e14fd429cf99c2e1766022d1f"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
abp: 80
cache-control: private,max-age=14401
accept-ranges: bytes
x-cache-hits: 1

GET
H2 200 bat.js Show response
bat.bing.com/ 38 KB
12 KB 86ms
35ms Script
application/javascript 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/bat.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WNJ3K3P

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

1d26490f083b209ef29e08d092649725edf15ac2b33ad62fdeaafd37f7d79d6f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
date: Tue, 31 Jan 2023 15:12:33 GMT
last-modified: Mon, 23 Jan 2023 19:59:24 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: E8EFB3A835234260B54B633B561013B4 Ref B: FRAEDGE1521 Ref C: 2023-01-31T15:12:33Z
etag: "076bc30652fd91:0"
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript
cache-control: private,max-age=1800
accept-ranges: bytes
content-length: 11552

GET
H2

200

activityi;dc_pre=CLzH_paM8vwCFVEMogMdvu4FDA;src=8832015;type=rt;cat=donforms;ord=2334208738352;gtm=2wg1p0;auiddc=1629772784.1675177954;~oref=https%3A%2F%2Fwww.marchofdimes.org%2Fdonate-now%3FsrcCod... Show response
8832015.fls.doubleclick.net/ Frame 4494
Redirect Chain

https://8832015.fls.doubleclick.net/activityi;src=8832015;type=rt;cat=donforms;ord=2334208738352;gtm=2wg1p0;auiddc=1629772784.1675177954;~oref=https%3A%2F%2Fwww.marchofdimes.org%2Fdonate-now%3FsrcC...
https://8832015.fls.doubleclick.net/activityi;dc_pre=CLzH_paM8vwCFVEMogMdvu4FDA;src=8832015;type=rt;cat=donforms;ord=2334208738352;gtm=2wg1p0;auiddc=1629772784.1675177954;~oref=https%3A%2F%2Fwww.ma...

4 KB
2 KB

67ms
65ms

Document
text/html

142.251.208.134
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://8832015.fls.doubleclick.net/activityi;dc_pre=CLzH_paM8vwCFVEMogMdvu4FDA;src=8832015;type=rt;cat=donforms;ord=2334208738352;gtm=2wg1p0;auiddc=1629772784.1675177954;~oref=https%3A%2F%2Fwww.marchofdimes.org%2Fdonate-now%3FsrcCode%3DGCLGENEM2301CNT00130001%26amp%3Butm_medium%3Demail%26amp%3Butm_source%3Dmandr%26amp%3Butm_campaign%3D2023cultivation%26amp%3Butm_content%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1%26amp%3Bmkto%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001?

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WNJ3K3P

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.208.134 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bud02s42-in-f6.1e100.net

Software

cafe /

Resource Hash

4bd75f4bceeae5b02e7596a72ce227c51a7f6bf8bce25e96de044caeb6e64976

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.marchofdimes.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=0
content-encoding: br
content-length: 1628
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 31 Jan 2023 15:12:33 GMT
expires: Tue, 31 Jan 2023 15:12:33 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 31 Jan 2023 15:12:33 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown: 1
location: https://8832015.fls.doubleclick.net/activityi;dc_pre=CLzH_paM8vwCFVEMogMdvu4FDA;src=8832015;type=rt;cat=donforms;ord=2334208738352;gtm=2wg1p0;auiddc=1629772784.1675177954;~oref=https%3A%2F%2Fwww.marchofdimes.org%2Fdonate-now%3FsrcCode%3DGCLGENEM2301CNT00130001%26amp%3Butm_medium%3Demail%26amp%3Butm_source%3Dmandr%26amp%3Butm_campaign%3D2023cultivation%26amp%3Butm_content%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1%26amp%3Bmkto%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001?
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 quant.js Show response
secure.quantserve.com/ 26 KB
10 KB 115ms
7ms Script
application/javascript 2620:116:800d:21:c5a4:625:6563:a5bb
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.quantserve.com/quant.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WNJ3K3P
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2620:116:800d:21:c5a4:625:6563:a5bb , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 8c979ed3785f184174cba3c38dd0ebbd5b244add676982d9aeafb57b3e53b1a4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Tue, 31 Jan 2023 15:12:33 GMT
content-encoding: gzip
etag: "j4o3/UzQJzEULY/aoGayAw=="
vary: Accept-Encoding
content-type: application/javascript
cache-control: private, max-age=604800
accept-ranges: bytes
expires: Tue, 07 Feb 2023 15:12:33 GMT

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 106 KB
28 KB 40ms
9ms Script
application/x-javascript 2a03:2880:f083:100:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f083:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

c1e56ad863615fc191d80d7807852db95e57579f6535186d83d04ecdebef5236

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Tue, 31 Jan 2023 15:12:33 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 27843
x-fb-rlafr: 0
x-xss-protection: 0
pragma: public
x-fb-debug: NnNjYZKs5BC+Xw8TgqBqyAdtm1ztFhCxcIAtrb5BndEOyEJP+/0TDoyPTJ2dCrACobb+4QgYvUvNXVWADVbNYg==
x-fb-trip-id: 1679558926
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
origin-agent-cluster: ?0
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 204 analytics.min.js Show response
cdn.resonate.com/analytics.js/v1/101125894/ 0
96 B 69ms
18ms Script
text/plain 104.18.13.242
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.resonate.com/analytics.js/v1/101125894/analytics.min.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.13.242 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Tue, 31 Jan 2023 15:12:33 GMT
strict-transport-security: max-age=15552000
server: cloudflare
cf-ray: 792362e2bc2f9bbc-FRA
vary: Accept-Encoding

GET
H2 200 B21591273.227039140;sz=1x2;ord=969060591217 Show response
ad.doubleclick.net/ddm/adj/N9539.197812NSO.CODESRV/ 34 KB
13 KB 174ms
71ms Script
text/javascript 172.217.19.102
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.doubleclick.net/ddm/adj/N9539.197812NSO.CODESRV/B21591273.227039140;sz=1x2;ord=969060591217?

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.19.102 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

muc03s07-in-f102.1e100.net

Software

cafe /

Resource Hash

38ca4da17412c46f91661cf0307473b854dfc94e4e41eb1da7b1ec703a42332a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 31 Jan 2023 15:12:33 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12860
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 optimize.js Show response
www.googleoptimize.com/ 120 KB
45 KB 127ms
41ms Script
application/javascript 2a00:1450:400d:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleoptimize.com/optimize.js?id=GTM-W2ZD7L3

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WNJ3K3P

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:808::200e , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

ce9f52a2c98f5b57b7591379ad3d95bc7ccd7ebe18e06699fb4a0aa1f2c2026a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Tue, 31 Jan 2023 15:12:33 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 46168
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Tue, 31 Jan 2023 15:12:33 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 218 KB
76 KB 36ms
35ms Script
application/javascript 2a00:1450:4001:808::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-0DRBVSJJB1&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WNJ3K3P

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

d588c2dead8a2ebb078dbcc9612bf32b58351998fa5e7889e63b41e761d44103

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Tue, 31 Jan 2023 15:12:33 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 77791
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Tue, 31 Jan 2023 15:12:33 GMT

GET
H2

200

B21581475.265419780;dc_pre=CPqL_JaM8vwCFRRE5QodTscKIw;dc_trk_aid=424965911;dc_trk_cid=104722561;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=
ad.doubleclick.net/ddm/trackimp/N9539.3391082MARCHOFDIMES/
Redirect Chain

https://ad.doubleclick.net/ddm/trackimp/N9539.3391082MARCHOFDIMES/B21581475.265419780;dc_trk_aid=424965911;dc_trk_cid=104722561;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tf...
https://ad.doubleclick.net/ddm/trackimp/N9539.3391082MARCHOFDIMES/B21581475.265419780;dc_pre=CPqL_JaM8vwCFRRE5QodTscKIw;dc_trk_aid=424965911;dc_trk_cid=104722561;ord=[timestamp];dc_lat=;dc_rdid=;ta...

42 B
347 B

59ms
57ms

Image
image/gif

172.217.19.102
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ad.doubleclick.net/ddm/trackimp/N9539.3391082MARCHOFDIMES/B21581475.265419780;dc_pre=CPqL_JaM8vwCFRRE5QodTscKIw;dc_trk_aid=424965911;dc_trk_cid=104722561;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?

Protocol

Server

172.217.19.102 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

muc03s07-in-f102.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 31 Jan 2023 15:12:33 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 31 Jan 2023 15:12:33 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ad.doubleclick.net/ddm/trackimp/N9539.3391082MARCHOFDIMES/B21581475.265419780;dc_pre=CPqL_JaM8vwCFRRE5QodTscKIw;dc_trk_aid=424965911;dc_trk_cid=104722561;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?
content-type: text/html; charset=UTF-8
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
follow-only-when-prerender-shown: 1
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 client.min.js Show response
js.braintreegateway.com/web/3.34.0/js/ 35 KB
11 KB 92ms
8ms Script
application/javascript 99.86.4.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.braintreegateway.com/web/3.34.0/js/client.min.js

Requested by

Host: give.marchofdimes.org
URL: https://give.marchofdimes.org/js/applepay.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.86.4.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-86-4-118.fra6.r.cloudfront.net

Software

nginx /

Resource Hash

f05b1bfe0ba17ee79b6d32a84f86c53d597d19052d77d9d4209099ebe3caf332

Security Headers

Name	Value
Content-Security-Policy	style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' .braintreegateway.com .braintree-api.com;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Tue, 31 Jan 2023 11:18:11 GMT
content-security-policy: style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' *.braintreegateway.com *.braintree-api.com;
content-encoding: gzip
via: 1.1 92ab13182d4b89ed20b3b5c10adc4f22.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA6-C1
age: 14062
x-cache: Hit from cloudfront
last-modified: Fri, 20 Jan 2023 21:56:57 GMT
server: nginx
etag: W/"63cb0e29-8c2c"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=86400
x-amz-cf-id: tuU3Klx3icuptXdAbhUDP4pJKz6eWLIW1Z8AvAGgOI4yXDYn9YyGdA==
expires: Wed, 01 Feb 2023 11:18:11 GMT

GET
H2 200 apple-pay.min.js Show response
js.braintreegateway.com/web/3.34.0/js/ 15 KB
5 KB 92ms
9ms Script
application/javascript 99.86.4.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.braintreegateway.com/web/3.34.0/js/apple-pay.min.js

Requested by

Host: give.marchofdimes.org
URL: https://give.marchofdimes.org/js/applepay.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.86.4.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-86-4-118.fra6.r.cloudfront.net

Software

nginx /

Resource Hash

06324d4849d5639cda90634913fa2132841fb1d8ca37323b3b683f7ff5c2ea96

Security Headers

Name	Value
Content-Security-Policy	style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' .braintreegateway.com .braintree-api.com;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Tue, 31 Jan 2023 10:45:08 GMT
content-security-policy: style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' *.braintreegateway.com *.braintree-api.com;
content-encoding: gzip
via: 1.1 92ab13182d4b89ed20b3b5c10adc4f22.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA6-C1
age: 16045
x-cache: Hit from cloudfront
last-modified: Fri, 20 Jan 2023 21:56:57 GMT
server: nginx
etag: W/"63cb0e29-3b0a"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=86400
x-amz-cf-id: -FFaJiRRmn9z8h49o5OPnpKY5QXwXRRkUWGp3qpQn5oq9lUucIgryw==
expires: Wed, 01 Feb 2023 10:45:08 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 184 KB
66 KB 33ms
28ms Script
application/javascript 2a00:1450:4001:808::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-794610601&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WNJ3K3P

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

8041b5e79eead5d0e7367e24dc5ee90295698a6d838682658081b100a094ea44

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Tue, 31 Jan 2023 15:12:33 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 67723
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Tue, 31 Jan 2023 15:12:33 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 128 KB
50 KB 28ms
23ms Script
application/javascript 2a00:1450:4001:808::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-1071894384&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WNJ3K3P

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

4557bc3ac83c0fcf4ac09c82fcccddb57cc926e3c75d1d95e56fc19b80adb79d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Tue, 31 Jan 2023 15:12:33 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 50852
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Tue, 31 Jan 2023 15:12:33 GMT

POST
H2 200 collect Show response
www.google-analytics.com/j/ 2 B
211 B 25ms
13ms XHR
text/plain 2001:4860:4802:38::178
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j99&a=654726820&t=pageview&_s=1&dl=https%3A%2F%2Fwww.marchofdimes.org%2Fdonate-now%3FsrcCode%3DGCLGENEM2301CNT00130001%26amp%3Butm_medium%3Demail%26amp%3Butm_source%3Dmandr%26amp%3Butm_campaign%3D2023cultivation%26amp%3Butm_content%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1%26amp%3Bmkto%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001&ul=en-us&de=UTF-8&dt=Donate%20Now%20%7C%20March%20of%20Dimes&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAEABAAAAACAAI~&jid=306117265&gjid=1992252294&cid=35072588.1675177954&tid=UA-219864-60&_gid=2002133705.1675177954&_r=1&_slc=1&gtm=2wg1p0WNJ3K3P&z=2129981110

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2001:4860:4802:38::178 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.marchofdimes.org/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 31 Jan 2023 15:12:33 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.marchofdimes.org
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 1621384747882069 Show response
connect.facebook.net/signals/config/ 379 KB
109 KB 477ms
470ms Script
application/x-javascript 2a03:2880:f083:100:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/1621384747882069?v=2.9.95&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f083:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

84768aef16e00db6fcaa24a5b82328cf4d7d747707f28b9a04d0d91a6b671d09

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Tue, 31 Jan 2023 15:12:34 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-fb-rlafr: 0
x-xss-protection: 0
pragma: public
x-fb-debug: h85qo5ClgUXs8VPSnDIJ5vHv4flh5HgTHNjglTaQhDbiZVoXoJXox0ojsyvWFV84xmmX/rp41X0ZxLyF/ZIJSg==
x-fb-trip-id: 1679558926
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
origin-agent-cluster: ?0
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT

POST
H2 204 collect
region1.google-analytics.com/g/ 0
258 B 61ms
15ms Ping
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-0DRBVSJJB1&gtm=2oe1p0&_p=654726820&cid=35072588.1675177954&ul=en-us&sr=1600x1200&uaW=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1675177953&sct=1&seg=0&dl=https%3A%2F%2Fwww.marchofdimes.org%2Fdonate-now%3FsrcCode%3DGCLGENEM2301CNT00130001%26amp%3Butm_medium%3Demail%26amp%3Butm_source%3Dmandr%26amp%3Butm_campaign%3D2023cultivation%26amp%3Butm_content%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1%26amp%3Bmkto%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001&dt=Donate%20Now%20%7C%20March%20of%20Dimes&en=page_view&_fv=1&_ss=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-0DRBVSJJB1&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 31 Jan 2023 15:12:33 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.marchofdimes.org
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 jquery-ui.css
give.marchofdimes.org/js/ Frame 3680 28 KB
7 KB 127ms
125ms Stylesheet
text/css 2606:4700:10::6816:4345
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://give.marchofdimes.org/js/jquery-ui.css
Requested by: Host: give.marchofdimes.org
URL: https://give.marchofdimes.org/?srcCode=GCLGENEM2301CNT00130001&utm_medium=email&utm_source=mandr&utm_campaign=2023cultivation&utm_content=em-nat-mandr-2023cultivation-2023-01-30-email-1&mkto=em-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001&DonationFormId=262&urlReferer=https%3A%2F%2Fwww.marchofdimes.org%2Fdonate-now%3FsrcCode%3DGCLGENEM2301CNT00130001%26amp%3Butm_medium%3Demail%26amp%3Butm_source%3Dmandr%26amp%3Butm_campaign%3D2023cultivation%26amp%3Butm_content%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1%26amp%3Bmkto%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:4345 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 25a26a31ffe8b00b9f7b84305ebb06c50376ad33265161f71ccf908604988a92

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.marchofdimes.org/?srcCode=GCLGENEM2301CNT00130001&utm_medium=email&utm_source=mandr&utm_campaign=2023cultivation&utm_content=em-nat-mandr-2023cultivation-2023-01-30-email-1&mkto=em-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001&DonationFormId=262&urlReferer=https%3A%2F%2Fwww.marchofdimes.org%2Fdonate-now%3FsrcCode%3DGCLGENEM2301CNT00130001%26amp%3Butm_medium%3Demail%26amp%3Butm_source%3Dmandr%26amp%3Butm_campaign%3D2023cultivation%26amp%3Butm_content%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1%26amp%3Bmkto%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Tue, 31 Jan 2023 15:12:34 GMT
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Mon, 23 Jan 2023 18:57:00 GMT
server: cloudflare
cf-polished: origSize=29588
etag: W/"11c48795c2fd91:0"
vary: Accept-Encoding
x-powered-by: ASP.NET
content-type: text/css
cache-control: max-age=14400
permissions-policy: interest-cohort=()
cf-ray: 792362e3f886915e-FRA

GET
H2 200 ddplugin.css
doublethedonation.com/api/css/ Frame 3680 145 KB
20 KB 553ms
183ms Stylesheet
text/css 23.96.109.67
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://doublethedonation.com/api/css/ddplugin.css
Requested by: Host: give.marchofdimes.org
URL: https://give.marchofdimes.org/?srcCode=GCLGENEM2301CNT00130001&utm_medium=email&utm_source=mandr&utm_campaign=2023cultivation&utm_content=em-nat-mandr-2023cultivation-2023-01-30-email-1&mkto=em-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001&DonationFormId=262&urlReferer=https%3A%2F%2Fwww.marchofdimes.org%2Fdonate-now%3FsrcCode%3DGCLGENEM2301CNT00130001%26amp%3Butm_medium%3Demail%26amp%3Butm_source%3Dmandr%26amp%3Butm_campaign%3D2023cultivation%26amp%3Butm_content%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1%26amp%3Bmkto%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 23.96.109.67 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: nginx /
Resource Hash: 5b4cb861c0a96921bd708714737d480605c5328b0be8f182c8865ca12e8b694d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Tue, 31 Jan 2023 15:12:34 GMT
content-encoding: br
last-modified: Fri, 27 Jan 2023 14:44:14 GMT
server: nginx
etag: "63d3e33e-4ffe"
vary: Accept-Encoding
content-type: text/css; charset=utf-8
cache-control: public, max-age=600;
content-length: 20478

GET
H2 200 app.6076a70b.css
give.marchofdimes.org/css/ Frame 3680 238 KB
36 KB 124ms
122ms Stylesheet
text/css 2606:4700:10::6816:4345
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://give.marchofdimes.org/css/app.6076a70b.css
Requested by: Host: give.marchofdimes.org
URL: https://give.marchofdimes.org/?srcCode=GCLGENEM2301CNT00130001&utm_medium=email&utm_source=mandr&utm_campaign=2023cultivation&utm_content=em-nat-mandr-2023cultivation-2023-01-30-email-1&mkto=em-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001&DonationFormId=262&urlReferer=https%3A%2F%2Fwww.marchofdimes.org%2Fdonate-now%3FsrcCode%3DGCLGENEM2301CNT00130001%26amp%3Butm_medium%3Demail%26amp%3Butm_source%3Dmandr%26amp%3Butm_campaign%3D2023cultivation%26amp%3Butm_content%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1%26amp%3Bmkto%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:4345 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: f50259e9dde42350eb3f2478687da5a714cd2dc1542ec2386bd718d61c20e100

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.marchofdimes.org/?srcCode=GCLGENEM2301CNT00130001&utm_medium=email&utm_source=mandr&utm_campaign=2023cultivation&utm_content=em-nat-mandr-2023cultivation-2023-01-30-email-1&mkto=em-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001&DonationFormId=262&urlReferer=https%3A%2F%2Fwww.marchofdimes.org%2Fdonate-now%3FsrcCode%3DGCLGENEM2301CNT00130001%26amp%3Butm_medium%3Demail%26amp%3Butm_source%3Dmandr%26amp%3Butm_campaign%3D2023cultivation%26amp%3Butm_content%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1%26amp%3Bmkto%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Tue, 31 Jan 2023 15:12:34 GMT
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Mon, 23 Jan 2023 18:57:00 GMT
server: cloudflare
etag: W/"e14c45795c2fd91:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=14400
permissions-policy: interest-cohort=()
cf-ray: 792362e3f889915e-FRA

GET
H2 200 app.11603775.js Show response
give.marchofdimes.org/js/ Frame 3680 342 KB
57 KB 128ms
126ms Script
application/javascript 2606:4700:10::6816:4345
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://give.marchofdimes.org/js/app.11603775.js
Requested by: Host: give.marchofdimes.org
URL: https://give.marchofdimes.org/?srcCode=GCLGENEM2301CNT00130001&utm_medium=email&utm_source=mandr&utm_campaign=2023cultivation&utm_content=em-nat-mandr-2023cultivation-2023-01-30-email-1&mkto=em-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001&DonationFormId=262&urlReferer=https%3A%2F%2Fwww.marchofdimes.org%2Fdonate-now%3FsrcCode%3DGCLGENEM2301CNT00130001%26amp%3Butm_medium%3Demail%26amp%3Butm_source%3Dmandr%26amp%3Butm_campaign%3D2023cultivation%26amp%3Butm_content%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1%26amp%3Bmkto%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:4345 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 18d8b01a017352f12271be88cef2115348d1778db29ea36776307a7f76df8585

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.marchofdimes.org/?srcCode=GCLGENEM2301CNT00130001&utm_medium=email&utm_source=mandr&utm_campaign=2023cultivation&utm_content=em-nat-mandr-2023cultivation-2023-01-30-email-1&mkto=em-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001&DonationFormId=262&urlReferer=https%3A%2F%2Fwww.marchofdimes.org%2Fdonate-now%3FsrcCode%3DGCLGENEM2301CNT00130001%26amp%3Butm_medium%3Demail%26amp%3Butm_source%3Dmandr%26amp%3Butm_campaign%3D2023cultivation%26amp%3Butm_content%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1%26amp%3Bmkto%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Tue, 31 Jan 2023 15:12:34 GMT
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Mon, 23 Jan 2023 18:57:00 GMT
server: cloudflare
cf-polished: origSize=350643
etag: W/"e14c45795c2fd91:0"
vary: Accept-Encoding
x-powered-by: ASP.NET
content-type: application/javascript
cache-control: max-age=14400
permissions-policy: interest-cohort=()
cf-ray: 792362e3f88b915e-FRA

GET
H2 200 chunk-vendors.19a53d4c.js Show response
give.marchofdimes.org/js/ Frame 3680 787 KB
201 KB 142ms
141ms Script
application/javascript 2606:4700:10::6816:4345
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://give.marchofdimes.org/js/chunk-vendors.19a53d4c.js
Requested by: Host: give.marchofdimes.org
URL: https://give.marchofdimes.org/?srcCode=GCLGENEM2301CNT00130001&utm_medium=email&utm_source=mandr&utm_campaign=2023cultivation&utm_content=em-nat-mandr-2023cultivation-2023-01-30-email-1&mkto=em-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001&DonationFormId=262&urlReferer=https%3A%2F%2Fwww.marchofdimes.org%2Fdonate-now%3FsrcCode%3DGCLGENEM2301CNT00130001%26amp%3Butm_medium%3Demail%26amp%3Butm_source%3Dmandr%26amp%3Butm_campaign%3D2023cultivation%26amp%3Butm_content%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1%26amp%3Bmkto%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:4345 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 1c310c30cb2068184650f80cba1e42a2f3d6f7dbd6ba88b6e7f917291e319882

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.marchofdimes.org/?srcCode=GCLGENEM2301CNT00130001&utm_medium=email&utm_source=mandr&utm_campaign=2023cultivation&utm_content=em-nat-mandr-2023cultivation-2023-01-30-email-1&mkto=em-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001&DonationFormId=262&urlReferer=https%3A%2F%2Fwww.marchofdimes.org%2Fdonate-now%3FsrcCode%3DGCLGENEM2301CNT00130001%26amp%3Butm_medium%3Demail%26amp%3Butm_source%3Dmandr%26amp%3Butm_campaign%3D2023cultivation%26amp%3Butm_content%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1%26amp%3Bmkto%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Tue, 31 Jan 2023 15:12:34 GMT
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Mon, 23 Jan 2023 18:57:00 GMT
server: cloudflare
cf-polished: origSize=805711
etag: W/"f67345795c2fd91:0"
vary: Accept-Encoding
x-powered-by: ASP.NET
content-type: application/javascript
cache-control: max-age=14400
permissions-policy: interest-cohort=()
cf-ray: 792362e3f88c915e-FRA

GET
H2 200 rocket-loader.min.js Show response
give.marchofdimes.org/cdn-cgi/scripts/7d0fa10a/cloudflare-static/ Frame 3680 12 KB
4 KB 11ms
10ms Script
application/javascript 2606:4700:10::6816:4345
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://give.marchofdimes.org/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Requested by

Host: give.marchofdimes.org
URL: https://give.marchofdimes.org/?srcCode=GCLGENEM2301CNT00130001&utm_medium=email&utm_source=mandr&utm_campaign=2023cultivation&utm_content=em-nat-mandr-2023cultivation-2023-01-30-email-1&mkto=em-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001&DonationFormId=262&urlReferer=https%3A%2F%2Fwww.marchofdimes.org%2Fdonate-now%3FsrcCode%3DGCLGENEM2301CNT00130001%26amp%3Butm_medium%3Demail%26amp%3Butm_source%3Dmandr%26amp%3Butm_campaign%3D2023cultivation%26amp%3Butm_content%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1%26amp%3Bmkto%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:4345 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.marchofdimes.org/?srcCode=GCLGENEM2301CNT00130001&utm_medium=email&utm_source=mandr&utm_campaign=2023cultivation&utm_content=em-nat-mandr-2023cultivation-2023-01-30-email-1&mkto=em-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001&DonationFormId=262&urlReferer=https%3A%2F%2Fwww.marchofdimes.org%2Fdonate-now%3FsrcCode%3DGCLGENEM2301CNT00130001%26amp%3Butm_medium%3Demail%26amp%3Butm_source%3Dmandr%26amp%3Butm_campaign%3D2023cultivation%26amp%3Butm_content%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1%26amp%3Bmkto%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Tue, 31 Jan 2023 15:12:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 23 Jan 2023 11:05:52 GMT
server: cloudflare
etag: W/"63ce6a10-302c"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/javascript
cache-control: max-age=172800, public
cf-ray: 792362e44959915e-FRA
expires: Thu, 02 Feb 2023 15:12:33 GMT

GET
H2 200 vaafb692b2aea4879b33c060e79fe94621666317369993 Show response
static.cloudflareinsights.com/beacon.min.js/ Frame 3680 17 KB
6 KB 51ms
50ms Script
text/javascript 2606:4700::6810:3965
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static.cloudflareinsights.com/beacon.min.js/vaafb692b2aea4879b33c060e79fe94621666317369993
Requested by: Host: give.marchofdimes.org
URL: https://give.marchofdimes.org/?srcCode=GCLGENEM2301CNT00130001&utm_medium=email&utm_source=mandr&utm_campaign=2023cultivation&utm_content=em-nat-mandr-2023cultivation-2023-01-30-email-1&mkto=em-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001&DonationFormId=262&urlReferer=https%3A%2F%2Fwww.marchofdimes.org%2Fdonate-now%3FsrcCode%3DGCLGENEM2301CNT00130001%26amp%3Butm_medium%3Demail%26amp%3Butm_source%3Dmandr%26amp%3Butm_campaign%3D2023cultivation%26amp%3Butm_content%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1%26amp%3Bmkto%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:3965 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0f48c5678ce459a596423b0e55344e7ad8eb3d3b1b27c54cd76a9d4cee7dd6c3

Request headers

Referer: https://give.marchofdimes.org/
Origin: https://give.marchofdimes.org
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Tue, 31 Jan 2023 15:12:34 GMT
content-encoding: gzip
last-modified: Fri, 21 Oct 2022 01:56:09 GMT
server: cloudflare
etag: W/2022.10.1
vary: Accept-Encoding
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
cf-ray: 792362e44cfcbc04-FRA

GET
H2 204 25017097.js Show response
bat.bing.com/p/action/ 0
118 B 104ms
104ms Script
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/p/action/25017097.js

Requested by

Host: bat.bing.com
URL: https://bat.bing.com/bat.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: private,max-age=1800
date: Tue, 31 Jan 2023 15:12:33 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: BDBAE71AF7D84516B06588BECE8C96CD Ref B: FRAEDGE1521 Ref C: 2023-01-31T15:12:33Z
x-cache: CONFIG_NOCACHE

GET
H2 204 0
bat.bing.com/action/ 0
285 B 31ms
31ms Image
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bat.bing.com/action/0?ti=25017097&tm=gtm002&Ver=2&mid=11ebd9ec-8a6b-42d3-9419-660ae83076d8&sid=b04b9c30a17911edb636e395cc17cbf3&vid=b04be0c0a17911edb47f89a523e2302a&vids=1&msclkid=N&pi=1200101525&lg=en-US&sw=1600&sh=1200&sc=24&tl=Donate%20Now%20%7C%20March%20of%20Dimes&p=https%3A%2F%2Fwww.marchofdimes.org%2Fdonate-now%3FsrcCode%3DGCLGENEM2301CNT00130001%26amp%3Butm_medium%3Demail%26amp%3Butm_source%3Dmandr%26amp%3Butm_campaign%3D2023cultivation%26amp%3Butm_content%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1%26amp%3Bmkto%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001&r=&lt=5214&evt=pageLoad&sv=1&rn=650537

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Tue, 31 Jan 2023 15:12:33 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: D7078264BBDA436CAA2EF42F17DF1632 Ref B: FRAEDGE1521 Ref C: 2023-01-31T15:12:33Z
x-cache: CONFIG_NOCACHE
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/1071894384/ 2 KB
1 KB 120ms
92ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1071894384/?random=1675177953938&cv=11&fst=1675177953938&bg=ffffff&guid=ON&async=1&gtm=2oa1p0&u_w=1600&u_h=1200&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fwww.marchofdimes.org%2Fdonate-now%3FsrcCode%3DGCLGENEM2301CNT00130001%26amp%3Butm_medium%3Demail%26amp%3Butm_source%3Dmandr%26amp%3Butm_campaign%3D2023cultivation%26amp%3Butm_content%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1%26amp%3Bmkto%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001&tiba=Donate%20Now%20%7C%20March%20of%20Dimes&auid=1629772784.1675177954&uamb=0&uaw=0&data=event%3Dgtag.config&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-1071894384&l=dataLayer&cx=c

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

eaf736a6920f3db6d17d645fcd35d011c2a690f39481e22afc99f4b81a7016b4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 31 Jan 2023 15:12:33 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1027
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 json Show response
trc.taboola.com/1335104/trc/3/ 2 KB
2 KB 48ms
27ms Script
application/javascript 151.101.1.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://trc.taboola.com/1335104/trc/3/json?tim=1675177953972&data=%7B%22id%22%3A26%2C%22ii%22%3A%22%2Fdonate-now%22%2C%22it%22%3A%22video%22%2C%22sd%22%3Anull%2C%22ui%22%3Anull%2C%22vi%22%3A1675177953963%2C%22cv%22%3A%2220230129-6-RELEASE%22%2C%22uiv%22%3A%22default%22%2C%22u%22%3A%22https%3A%2F%2Fwww.marchofdimes.org%2Fdonate-now%22%2C%22e%22%3Anull%2C%22cb%22%3A%22TFASC.trkCallback%22%2C%22qs%22%3A%22%3FsrcCode%3DGCLGENEM2301CNT00130001%26amp%3Butm_medium%3Demail%26amp%3Butm_source%3Dmandr%26amp%3Butm_campaign%3D2023cultivation%26amp%3Butm_content%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1%26amp%3Bmkto%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001%22%2C%22r%22%3A%5B%7B%22li%22%3A%22rbox-tracking%22%2C%22s%22%3A0%2C%22uim%22%3A%22rbox-tracking%3Apub%3Dtruenorth-marchofdimes-sc%3Aabp%3D0%22%2C%22uip%22%3A%22rbox-tracking%22%2C%22orig_uip%22%3A%22rbox-tracking%22%7D%5D%2C%22mpv%22%3Atrue%2C%22supv%22%3Atrue%2C%22mpvd%22%3A%7B%22en%22%3A%22page_view%22%2C%22tim%22%3A1675177953971%2C%22ref%22%3Anull%2C%22item-url%22%3A%22https%3A%2F%2Fwww.marchofdimes.org%2Fdonate-now%3FsrcCode%3DGCLGENEM2301CNT00130001%26amp%3Butm_medium%3Demail%26amp%3Butm_source%3Dmandr%26amp%3Butm_campaign%3D2023cultivation%26amp%3Butm_content%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1%26amp%3Bmkto%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001%22%2C%22tos%22%3A3%2C%22ssd%22%3A1%2C%22scd%22%3A0%2C%22supv%22%3Atrue%7D%7D&pubit=i
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/unip/1335104/tfa.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 3d09998427ddfe9ad41b4f3f75c0c55020ae97e8db61ca9ce3aba5a3c516a89b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

x-vcl-time-ms: 21
date: Tue, 31 Jan 2023 15:12:34 GMT
content-encoding: gzip
via: 1.1 varnish
x-served-by: cache-hhn-etou8220063-HHN
server: nginx
x-timer: S1675177954.997488,VS0,VE21
vary: Accept-Encoding
x-cache: MISS
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin: *
content-type: application/javascript; charset=utf-8
access-control-allow-credentials: true
accept-ranges: bytes
x-cache-hits: 0

GET
H2 204 Pixels
px.adentifi.com/ Frame 4494 0
35 B 350ms
100ms Image
text/plain 34.193.14.46
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.adentifi.com/Pixels?a_id=3405;uq=858097032;
Requested by: Host: 8832015.fls.doubleclick.net
URL: https://8832015.fls.doubleclick.net/activityi;dc_pre=CLzH_paM8vwCFVEMogMdvu4FDA;src=8832015;type=rt;cat=donforms;ord=2334208738352;gtm=2wg1p0;auiddc=1629772784.1675177954;~oref=https%3A%2F%2Fwww.marchofdimes.org%2Fdonate-now%3FsrcCode%3DGCLGENEM2301CNT00130001%26amp%3Butm_medium%3Demail%26amp%3Butm_source%3Dmandr%26amp%3Butm_campaign%3D2023cultivation%26amp%3Butm_content%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1%26amp%3Bmkto%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001?
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.193.14.46 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-193-14-46.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8832015.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Tue, 31 Jan 2023 15:12:34 GMT

GET
H2 200 ld.js Show response
dynamic.criteo.com/js/ld/ Frame 4494 43 KB
15 KB 214ms
39ms Script
application/javascript 2a02:2638:1::d
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://dynamic.criteo.com/js/ld/ld.js?a=81237

Requested by

Host: 8832015.fls.doubleclick.net
URL: https://8832015.fls.doubleclick.net/activityi;dc_pre=CLzH_paM8vwCFVEMogMdvu4FDA;src=8832015;type=rt;cat=donforms;ord=2334208738352;gtm=2wg1p0;auiddc=1629772784.1675177954;~oref=https%3A%2F%2Fwww.marchofdimes.org%2Fdonate-now%3FsrcCode%3DGCLGENEM2301CNT00130001%26amp%3Butm_medium%3Demail%26amp%3Butm_source%3Dmandr%26amp%3Butm_campaign%3D2023cultivation%26amp%3Butm_content%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1%26amp%3Bmkto%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::d , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

c56564287df791f808cee17bb95d43fa8340f4295f1e591bed50d401a97c9e98

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8832015.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Tue, 31 Jan 2023 15:12:33 GMT
content-encoding: br
strict-transport-security: max-age=31536000; preload;
server: Kestrel
vary: Origin, Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: public,max-age=10800
cross-origin-resource-policy: cross-origin
timing-allow-origin: *

GET
H3

200

src=10620626;dc_pre=CLGf1ZeM8vwCFVCJsgodnyoBAA;type=invmedia;cat=8653_00;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord=1
adservice.google.com/ddm/fls/z/ Frame 4494
Redirect Chain

https://bm.adentifi.com/pixel/conv/ppt=8653;g=mod_donate_page;gid=28709;ord=2334208738352;gtm=2wg1p0;auiddc=*;~oref=https%3A%2F%2Fwww.marchofdimes.org%2Fdonate-now%3FsrcCode%3DGCLGENEM2301CNT001300...
https://bm.adentifi.com/pixel/conv/ppt=8653;g=mod_donate_page;gid=28709;ord=2334208738352;gtm=2wg1p0;auiddc=*;~oref=https%3A%2F%2Fwww.marchofdimes.org%2Fdonate-now%3FsrcCode%3DGCLGENEM2301CNT001300...
https://ad.doubleclick.net/ddm/activity/src=10620626;type=invmedia;cat=8653_00;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord=1
https://ad.doubleclick.net/ddm/activity/src=10620626;dc_pre=CLGf1ZeM8vwCFVCJsgodnyoBAA;type=invmedia;cat=8653_00;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_...
https://adservice.google.com/ddm/fls/z/src=10620626;dc_pre=CLGf1ZeM8vwCFVCJsgodnyoBAA;type=invmedia;cat=8653_00;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_c...

42 B
63 B

45ms
45ms

Image
image/gif

2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/src=10620626;dc_pre=CLGf1ZeM8vwCFVCJsgodnyoBAA;type=invmedia;cat=8653_00;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord=1

Requested by

Protocol

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8832015.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 31 Jan 2023 15:12:35 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 31 Jan 2023 15:12:35 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://adservice.google.com/ddm/fls/z/src=10620626;dc_pre=CLGf1ZeM8vwCFVCJsgodnyoBAA;type=invmedia;cat=8653_00;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord=1
content-type: text/html; charset=UTF-8
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dc_pre=CLzH_paM8vwCFVEMogMdvu4FDA;src=8832015;type=rt;cat=donforms;ord=2334208738352;gtm=2wg1p0;auiddc=*;~oref=https%3A%2F%2Fwww.marchofdimes.org%2Fdonate-now%3FsrcCode%3DGCLGENEM2301CNT00130001%26...
adservice.google.com/ddm/fls/z/ Frame 4494 42 B
401 B 89ms
47ms Image
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/dc_pre=CLzH_paM8vwCFVEMogMdvu4FDA;src=8832015;type=rt;cat=donforms;ord=2334208738352;gtm=2wg1p0;auiddc=*;~oref=https%3A%2F%2Fwww.marchofdimes.org%2Fdonate-now%3FsrcCode%3DGCLGENEM2301CNT00130001%26amp%3Butm_medium%3Demail%26amp%3Butm_source%3Dmandr%26amp%3Butm_campaign%3D2023cultivation%26amp%3Butm_content%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1%26amp%3Bmkto%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8832015.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 31 Jan 2023 15:12:34 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 rules-p-4LjrHyeV3QUW4.js Show response
rules.quantcount.com/ 160 B
642 B 40ms
7ms Script
application/javascript 2600:9000:223c:cc00:6:44e3:f8c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rules.quantcount.com/rules-p-4LjrHyeV3QUW4.js
Requested by: Host: secure.quantserve.com
URL: https://secure.quantserve.com/quant.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223c:cc00:6:44e3:f8c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 2aa9b0ccf31fe34e187c3b09bec7e9d8fccdeb48a5b2223d9f80df2a8790a6af

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Tue, 31 Jan 2023 14:35:13 GMT
via: 1.1 1f0db25765b79d244ad1fa2184395c12.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P2
age: 2836
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 160
last-modified: Thu, 13 Oct 2022 23:45:31 GMT
server: AmazonS3
etag: "52b67ed0d6de08757c0affd0509ae576"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=3600
accept-ranges: bytes
x-amz-cf-id: 2ZGpNaLpoTSkeYJcB1NxqsxU5hZwXKeF7cDM5qYNQeqcoZk9bu4w_g==

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/794610601/ 2 KB
1 KB 63ms
62ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/794610601/?random=1675177954017&cv=11&fst=1675177954017&bg=ffffff&guid=ON&async=1&gtm=2oa1p0&u_w=1600&u_h=1200&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fwww.marchofdimes.org%2Fdonate-now%3FsrcCode%3DGCLGENEM2301CNT00130001%26amp%3Butm_medium%3Demail%26amp%3Butm_source%3Dmandr%26amp%3Butm_campaign%3D2023cultivation%26amp%3Butm_content%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1%26amp%3Bmkto%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001&tiba=Donate%20Now%20%7C%20March%20of%20Dimes&auid=1629772784.1675177954&uamb=0&uaw=0&data=event%3Dgtag.config&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-794610601&l=dataLayer&cx=c

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b10eee194abe7bfc3af726e63d4bed87bc9d6f63a9e05648f22c9eedc5c7eb9a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 31 Jan 2023 15:12:34 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1026
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20230125/r20110914/elements/html/ 8 KB
3 KB 48ms
7ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230125/r20110914/elements/html/omrhp.js

Requested by

Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adj/N9539.197812NSO.CODESRV/B21591273.227039140;sz=1x2;ord=969060591217?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1d84738c2afaf595ff5d4921d8dc6bb5ce19a7b9c33a6c02d8a35ff80611cc87

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 22:16:39 GMT
content-encoding: br
x-content-type-options: nosniff
age: 60955
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2986
x-xss-protection: 0
server: cafe
etag: 3296546412363819624
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 13 Feb 2023 22:16:39 GMT

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ 0
0 137ms
57ms Fetch
image/gif 142.250.180.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsu7LCu9jrg6lVpXU_6RRdc2z56vEpbYq0heVHp7Iz2EfjQbgSLUi3sdhoO_CMMrltZuaFWfic5ssWDrdTK25ZO_hOMA-eiaWEtZpLBZFbLB-qzF9YUqx6sR6AEqb0UDH0JZOqOzWo2ZyaZ2k4GIVA8&sai=AMfl-YQOOj6cLBzQkKqRjBdcuFG206-u8MjBXHXXYcjrhdLJLYLBylQSzcyG5-vLE2Me3X44KmNueMf52wOYI_x3jQ&sig=Cg0ArKJSzGRNPNMLg3m5EAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1&cbvp=1&cisv=r20230125.91766&arae=0&ftch=1&adurl=

Requested by

Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adj/N9539.197812NSO.CODESRV/B21591273.227039140;sz=1x2;ord=969060591217?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.180.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bud02s34-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Tue, 31 Jan 2023 15:12:34 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Tue, 31 Jan 2023 15:12:34 GMT

GET
H/1.1 200
OK pixel.js Show response
origin.acuityplatform.com/event/v2/ Frame 4494 2 KB
3 KB 75ms
8ms Script
application/javascript 95.101.179.119
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://origin.acuityplatform.com/event/v2/pixel.js
Requested by: Host: 8832015.fls.doubleclick.net
URL: https://8832015.fls.doubleclick.net/activityi;dc_pre=CLzH_paM8vwCFVEMogMdvu4FDA;src=8832015;type=rt;cat=donforms;ord=2334208738352;gtm=2wg1p0;auiddc=1629772784.1675177954;~oref=https%3A%2F%2Fwww.marchofdimes.org%2Fdonate-now%3FsrcCode%3DGCLGENEM2301CNT00130001%26amp%3Butm_medium%3Demail%26amp%3Butm_source%3Dmandr%26amp%3Butm_campaign%3D2023cultivation%26amp%3Butm_content%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1%26amp%3Bmkto%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001?
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 95.101.179.119 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a95-101-179-119.deploy.static.akamaitechnologies.com
Software: nginx/1.14.0 /
Resource Hash: 89cf66cb9de8da20fc15e9953845dd4d1de2c0fb465c827a09d818449222c533

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8832015.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date: Tue, 31 Jan 2023 15:12:34 GMT
Last-Modified: Wed, 04 Jan 2023 18:57:40 GMT
Server: nginx/1.14.0
ETag: "63b5cc24-978"
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2424

GET
H2 200 bat.js Show response
bat.bing.com/ Frame 4494 38 KB
11 KB 33ms
30ms Script
application/javascript 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/bat.js

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

1d26490f083b209ef29e08d092649725edf15ac2b33ad62fdeaafd37f7d79d6f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8832015.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
date: Tue, 31 Jan 2023 15:12:33 GMT
last-modified: Mon, 23 Jan 2023 19:59:24 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 8245C96509C54C06B775573CBE3031B2 Ref B: FRAEDGE1521 Ref C: 2023-01-31T15:12:34Z
etag: "076bc30652fd91:0"
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript
cache-control: private,max-age=1800
accept-ranges: bytes
content-length: 11563

GET
H2 200 quant.js Show response
secure.quantserve.com/ Frame 4494 26 KB
10 KB 9ms
6ms Script
application/javascript 2620:116:800d:21:c5a4:625:6563:a5bb
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.quantserve.com/quant.js
Requested by: Host: 8832015.fls.doubleclick.net
URL: https://8832015.fls.doubleclick.net/activityi;dc_pre=CLzH_paM8vwCFVEMogMdvu4FDA;src=8832015;type=rt;cat=donforms;ord=2334208738352;gtm=2wg1p0;auiddc=1629772784.1675177954;~oref=https%3A%2F%2Fwww.marchofdimes.org%2Fdonate-now%3FsrcCode%3DGCLGENEM2301CNT00130001%26amp%3Butm_medium%3Demail%26amp%3Butm_source%3Dmandr%26amp%3Butm_campaign%3D2023cultivation%26amp%3Butm_content%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1%26amp%3Bmkto%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001?
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2620:116:800d:21:c5a4:625:6563:a5bb , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 8c979ed3785f184174cba3c38dd0ebbd5b244add676982d9aeafb57b3e53b1a4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8832015.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Tue, 31 Jan 2023 15:12:34 GMT
content-encoding: gzip
etag: "j4o3/UzQJzEULY/aoGayAw=="
vary: Accept-Encoding
content-type: application/javascript
cache-control: private, max-age=604800
accept-ranges: bytes
expires: Tue, 07 Feb 2023 15:12:34 GMT

GET
H3 200 fbevents.js Show response
connect.facebook.net/en_US/ Frame 4494 106 KB
27 KB 10ms
8ms Script
application/x-javascript 2a03:2880:f083:100:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f083:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

c1e56ad863615fc191d80d7807852db95e57579f6535186d83d04ecdebef5236

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8832015.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Tue, 31 Jan 2023 15:12:34 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 27843
x-fb-rlafr: 0
x-xss-protection: 0
pragma: public
x-fb-debug: NnNjYZKs5BC+Xw8TgqBqyAdtm1ztFhCxcIAtrb5BndEOyEJP+/0TDoyPTJ2dCrACobb+4QgYvUvNXVWADVbNYg==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
origin-agent-cluster: ?0
cache-control: public, max-age=1200
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 font-awesome.min.css
maxcdn.bootstrapcdn.com/font-awesome/4.1.0/css/ Frame 3680 20 KB
5 KB 44ms
20ms Stylesheet
text/css 2606:4700::6812:bcf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://maxcdn.bootstrapcdn.com/font-awesome/4.1.0/css/font-awesome.min.css

Requested by

Host: give.marchofdimes.org
URL: https://give.marchofdimes.org/css/app.6076a70b.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:bcf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b769324e0921f9f649611113e65f528ebae5e140da8a7e63c5d6ea7bc7a33bc0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Tue, 31 Jan 2023 15:12:34 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
cdn-edgestorageid: 723, 617
age: 8191340
cdn-cachedat: 2021-07-24 09:40:41
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Mon, 25 Jan 2021 22:04:53 GMT
server: cloudflare
cdn-requestpullcode: 200
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cache-control: public, max-age=31919000
cdn-requestid: 2b50aaedc481ac5a56e54a88a5b8c43a
timing-allow-origin: *
cdn-requestcountrycode: DE
cdn-status: 200
cf-ray: 792362e50a839159-FRA
cdn-requestpullsuccess: True

GET
H2 200 pixel;r=2123786139;source=gtm;rf=0;a=p-4LjrHyeV3QUW4;url=https%3A%2F%2Fwww.marchofdimes.org%2Fdonate-now%3FsrcCode%3DGCLGENEM2301CNT00130001%26amp%3Butm_medium%3Demail%26amp%3Butm_source%3Dmandr%26...
pixel.quantserve.com/ 35 B
371 B 25ms
10ms Image
image/gif 2620:116:800d:21:c5a4:625:6563:a5bb
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.quantserve.com/pixel;r=2123786139;source=gtm;rf=0;a=p-4LjrHyeV3QUW4;url=https%3A%2F%2Fwww.marchofdimes.org%2Fdonate-now%3FsrcCode%3DGCLGENEM2301CNT00130001%26amp%3Butm_medium%3Demail%26amp%3Butm_source%3Dmandr%26amp%3Butm_campaign%3D2023cultivation%26amp%3Butm_content%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1%26amp%3Bmkto%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001;uht=2;fpan=1;fpa=P0-283805891-1675177953995;pbc=;ns=0;ce=1;qjs=1;qv=c1229512-20230130173030;cm=;gdpr=0;ref=;d=marchofdimes.org;dst=0;et=1675177954088;tzo=0;ogl=type.Page%2Ctitle.Donate%20Now%2Cdescription.March%20of%20Dimes%20donations%20go%20towards%20lifesaving%20research%20and%20advocating%20policies%20%2Cimage.https%3A%2F%2Fwww%252Emarchofdimes%252Eorg%2Fsites%2Fdefault%2Ffiles%2F2022-11%2FJAJEES_v2%252Ejpg;ses=6ec66c80-666a-4893-826c-124610c59f68

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:c5a4:625:6563:a5bb , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 31 Jan 2023 15:12:34 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
content-type: image/gif
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/1071894384/ 42 B
455 B 120ms
50ms Image
image/gif 2a00:1450:400d:80d::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/1071894384/?random=1675177953938&cv=11&fst=1675177200000&bg=ffffff&guid=ON&async=1&gtm=2oa1p0&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Fwww.marchofdimes.org%2Fdonate-now%3FsrcCode%3DGCLGENEM2301CNT00130001%26amp%3Butm_medium%3Demail%26amp%3Butm_source%3Dmandr%26amp%3Butm_campaign%3D2023cultivation%26amp%3Butm_content%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1%26amp%3Bmkto%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001&tiba=Donate%20Now%20%7C%20March%20of%20Dimes&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=4061576418&rmt_tld=0&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80d::2004 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 31 Jan 2023 15:12:34 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/1071894384/ 42 B
108 B 122ms
52ms Image
image/gif 2a00:1450:400d:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/1071894384/?random=1675177953938&cv=11&fst=1675177200000&bg=ffffff&guid=ON&async=1&gtm=2oa1p0&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Fwww.marchofdimes.org%2Fdonate-now%3FsrcCode%3DGCLGENEM2301CNT00130001%26amp%3Butm_medium%3Demail%26amp%3Butm_source%3Dmandr%26amp%3Butm_campaign%3D2023cultivation%26amp%3Butm_content%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1%26amp%3Bmkto%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001&tiba=Donate%20Now%20%7C%20March%20of%20Dimes&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=4061576418&rmt_tld=1&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:808::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 31 Jan 2023 15:12:34 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 rules-p-uyn8UnTsRXguL.js Show response
rules.quantcount.com/ Frame 4494 5 KB
2 KB 9ms
8ms Script
application/javascript 2600:9000:223c:cc00:6:44e3:f8c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rules.quantcount.com/rules-p-uyn8UnTsRXguL.js
Requested by: Host: secure.quantserve.com
URL: https://secure.quantserve.com/quant.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223c:cc00:6:44e3:f8c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 8d375fb8f67575a449606683fc8be339674f03ff2fee1c42e632564d0b207c3b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8832015.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Tue, 31 Jan 2023 14:56:12 GMT
content-encoding: gzip
via: 1.1 1f0db25765b79d244ad1fa2184395c12.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P2
age: 2075
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
last-modified: Thu, 13 Oct 2022 15:08:42 GMT
server: AmazonS3
etag: W/"b4a376a3ece8af98e7567e60db986dc9"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=3600
x-amz-cf-id: drI6aCZGMSY0dzIKqqveoS7yk09jOPUhhR4Ys9cpAbERSvyfSB4K1A==

GET
H3 200 812396462484872 Show response
connect.facebook.net/signals/config/ Frame 4494 378 KB
108 KB 63ms
63ms Script
application/x-javascript 2a03:2880:f083:100:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/812396462484872?v=2.9.95&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f083:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

2477be612f5e4939a5c21b74229e761795158fe09ee705f603f81bd950a0a838

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8832015.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Tue, 31 Jan 2023 15:12:34 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-fb-rlafr: 0
x-xss-protection: 0
pragma: public
x-fb-debug: ogj/iCzi1Fr6YYRPZivVE1AbVj9g5h5y4ZZJCqO9CkkGyhgcHdqXBNk/KO+sYmVmxKJKd86RM8F7Ig7tEEMFTQ==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
origin-agent-cluster: ?0
cache-control: public, max-age=1200
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/794610601/ 42 B
108 B 76ms
51ms Image
image/gif 2a00:1450:400d:80d::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/794610601/?random=1675177954017&cv=11&fst=1675177200000&bg=ffffff&guid=ON&async=1&gtm=2oa1p0&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Fwww.marchofdimes.org%2Fdonate-now%3FsrcCode%3DGCLGENEM2301CNT00130001%26amp%3Butm_medium%3Demail%26amp%3Butm_source%3Dmandr%26amp%3Butm_campaign%3D2023cultivation%26amp%3Butm_content%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1%26amp%3Bmkto%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001&tiba=Donate%20Now%20%7C%20March%20of%20Dimes&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3849781476&rmt_tld=0&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80d::2004 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 31 Jan 2023 15:12:34 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/794610601/ 42 B
455 B 74ms
49ms Image
image/gif 2a00:1450:400d:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/794610601/?random=1675177954017&cv=11&fst=1675177200000&bg=ffffff&guid=ON&async=1&gtm=2oa1p0&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Fwww.marchofdimes.org%2Fdonate-now%3FsrcCode%3DGCLGENEM2301CNT00130001%26amp%3Butm_medium%3Demail%26amp%3Butm_source%3Dmandr%26amp%3Butm_campaign%3D2023cultivation%26amp%3Butm_content%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1%26amp%3Bmkto%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001&tiba=Donate%20Now%20%7C%20March%20of%20Dimes&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3849781476&rmt_tld=1&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:808::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 31 Jan 2023 15:12:34 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 25042596.js Show response
bat.bing.com/p/action/ Frame 4494 0
117 B 105ms
105ms Script
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/p/action/25042596.js

Requested by

Host: bat.bing.com
URL: https://bat.bing.com/bat.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8832015.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: private,max-age=1800
date: Tue, 31 Jan 2023 15:12:33 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: C3B7B6EDC888448AB1213054538381FC Ref B: FRAEDGE1521 Ref C: 2023-01-31T15:12:34Z
x-cache: CONFIG_NOCACHE

GET
H2 204 0
bat.bing.com/action/ Frame 4494 0
120 B 34ms
33ms Image
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bat.bing.com/action/0?ti=25042596&Ver=2&mid=0e70c214-4e46-4803-ad46-3c76ea3aa1ae&sid=b06d12b0a17911ed91e1891e503fc1a7&vid=b06d4320a17911ed932dedca57ef7c39&vids=1&msclkid=N&pi=1200101525&lg=en-US&sw=1600&sh=1200&sc=24&p=https%3A%2F%2Fwww.marchofdimes.org%2F&r=&lt=417&evt=pageLoad&ifm=1&sv=1&rn=968725

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8832015.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Tue, 31 Jan 2023 15:12:33 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 126589AD07C24F4E97FA40D0A99BC1F2 Ref B: FRAEDGE1521 Ref C: 2023-01-31T15:12:34Z
x-cache: CONFIG_NOCACHE
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pixel;r=2052940623;labels=_fp.channel.marchofdimes;rf=0;a=p-uyn8UnTsRXguL;url=https%3A%2F%2F8832015.fls.doubleclick.net%2Factivityi%3Bdc_pre%3DCLzH_paM8vwCFVEMogMdvu4FDA%3Bsrc%3D8832015%3Btype%3Drt...
pixel.quantserve.com/ Frame 4494 35 B
210 B 9ms
9ms Image
image/gif 2620:116:800d:21:c5a4:625:6563:a5bb
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.quantserve.com/pixel;r=2052940623;labels=_fp.channel.marchofdimes;rf=0;a=p-uyn8UnTsRXguL;url=https%3A%2F%2F8832015.fls.doubleclick.net%2Factivityi%3Bdc_pre%3DCLzH_paM8vwCFVEMogMdvu4FDA%3Bsrc%3D8832015%3Btype%3Drt%3Bcat%3Ddonforms%3Bord%3D2334208738352%3Bgtm%3D2wg1p0%3Bauiddc%3D1629772784.1675177954%3B~oref%3Dhttps%253A%252F%252Fwww.marchofdimes.org%252Fdonate-now%253FsrcCode%253DGCLGENEM2301CNT00130001%2526amp%253Butm_medium%253Demail%2526amp%253Butm_source%253Dmandr%2526amp%253Butm_campaign%253D2023cultivation%2526amp%253Butm_content%253Dem-nat-mandr-2023cultivation-2023-01-30-email-1%2526amp%253Bmkto%253Dem-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001%3F;ref=https%3A%2F%2Fwww.marchofdimes.org%2F;uh=e51ed67dfb8d91dc24b15e2ace0c3bc33bc53c3e1dfb09200d6c2f8387d67ea6;uht=2;fpan=1;fpa=P0-1681385537-1675177954102;pbc=;ns=1;ce=1;qjs=1;qv=c1229512-20230130173030;cm=;gdpr=0;d=8832015.fls.doubleclick.net;dst=0;et=1675177954147;tzo=0;ogl=;ses=1ea70131-c643-4814-a4bc-df2f4909ebb3

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:c5a4:625:6563:a5bb , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8832015.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Tue, 31 Jan 2023 15:12:34 GMT
cache-control: private, no-cache, no-store, proxy-revalidate
strict-transport-security: max-age=86400
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H/1.1 200
OK pj Show response
e.acuityplatform.com/ Frame 4494 1 KB
2 KB 165ms
15ms Script
text/javascript 154.59.122.94
COGENT-174

General

Check archive.org

Show headers Download Go to

Full URL: https://e.acuityplatform.com/pj?pk=8367128157478054027&pu=https%3A%2F%2F8832015.fls.doubleclick.net%2Factivityi%3Bdc_pre%3DCLzH_paM8vwCFVEMogMdvu4FDA%3Bsrc%3D8832015%3Btype%3Drt%3Bcat%3Ddonforms%3Bord%3D2334208738352%3Bgtm%3D2wg1p0%3Bauiddc%3D1629772784.1675177954%3B~oref%3Dhttps%253A%252F%252Fwww.marchofdimes.org%252Fdonate-now%253FsrcCode%253DGCLGENEM2301CNT00130001%2526amp%253Butm_medium%253Demail%2526amp%253Butm_source%253Dmandr%2526amp%253Butm_campaign%253D2023cultivation%2526amp%253Butm_content%253Dem-nat-mandr-2023cultivation-2023-01-30-email-1%2526amp%253Bmkto%253Dem-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001%3F&pixelKey=8367128157478054027
Requested by: Host: origin.acuityplatform.com
URL: https://origin.acuityplatform.com/event/v2/pixel.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 154.59.122.94 , United States, ASN174 (COGENT-174, US),
Reverse DNS
Software: /
Resource Hash: 671159d92d021d97a29e278abdada9084cdec308bb77e9dc9bf3d798a5a08de4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8832015.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Content-Length: 1529
Content-Type: text/javascript

GET
H2 200 syncframe Show response
gum.criteo.com/ Frame 4AD2 15 KB
6 KB 66ms
23ms Document
text/html 2a02:2638:1::13
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/syncframe?topUrl=www.marchofdimes.org&origin=onetag

Requested by

Host: dynamic.criteo.com
URL: https://dynamic.criteo.com/js/ld/ld.js?a=81237

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::13 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

d0f07190791630edc058ad6e5a33a3cda6a8f85c470e593ce0bbed46ffec148b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://8832015.fls.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: private, max-age=3600
content-encoding: gzip
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Tue, 31 Jan 2023 15:12:34 GMT
server: Kestrel
server-processing-duration-in-ticks: 762888
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H2 200 /
www.facebook.com/tr/ Frame 4494 0
185 B 41ms
11ms Image
text/plain 2a03:2880:f176:181:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=812396462484872&ev=PageView&dl=https%3A%2F%2F8832015.fls.doubleclick.net%2Factivityi%3Bdc_pre%3DCLzH_paM8vwCFVEMogMdvu4FDA%3Bsrc%3D8832015%3Btype%3Drt%3Bcat%3Ddonforms%3Bord%3D2334208738352%3Bgtm%3D2wg1p0%3Bauiddc%3D1629772784.1675177954%3B~oref%3Dhttps%253A%252F%252Fwww.marchofdimes.org%252Fdonate-now%253FsrcCode%253DGCLGENEM2301CNT00130001%2526amp%253Butm_medium%253Demail%2526amp%253Butm_source%253Dmandr%2526amp%253Butm_campaign%253D2023cultivation%2526amp%253Butm_content%253Dem-nat-mandr-2023cultivation-2023-01-30-email-1%2526amp%253Bmkto%253Dem-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001%3F&rl=https%3A%2F%2Fwww.marchofdimes.org%2F&if=true&ts=1675177954243&sw=1600&sh=1200&v=2.9.95&r=stable&ec=0&o=30&it=1675177954112&coo=false&rqm=GET

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f176:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8832015.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Tue, 31 Jan 2023 15:12:34 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 /
www.facebook.com/tr/ 0
31 B 8ms
7ms Image
text/plain 2a03:2880:f176:181:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1621384747882069&ev=PageView&dl=https%3A%2F%2Fwww.marchofdimes.org%2Fdonate-now%3FsrcCode%3DGCLGENEM2301CNT00130001%26amp%3Butm_medium%3Demail%26amp%3Butm_source%3Dmandr%26amp%3Butm_campaign%3D2023cultivation%26amp%3Butm_content%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1%26amp%3Bmkto%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001&rl=&if=false&ts=1675177954295&sw=1600&sh=1200&v=2.9.95&r=stable&ec=0&o=30&fbp=fb.1.1675177954286.1475093205&it=1675177953761&coo=false&rqm=GET

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f176:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Tue, 31 Jan 2023 15:12:34 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2

200

sid Show response
mug.criteo.com/ Frame 4AD2
Redirect Chain

https://gum.criteo.com/sid/json?origin=onetag&domain=8832015.fls.doubleclick.net&sn=ChromeSyncframe&so=0&topUrl=www.marchofdimes.org&lsw=1&topicsavail=0&fledgeavail=0
https://mug.criteo.com/sid?cpp=3HXW63x1VzJ5SEFQb3ozR0F2OUFzVDZLcGJhY1lRWlA1ejdmQVZRRzdXQndmMVE4QUtDeG96a1dRVmJMbjV0SitMaXUxcWV2NjdML1JDQVlJdmJ0NURaQ003cUx1N3hSZ3dLaTEyMjNad01xQXNGTTRVQmdydmlKMnRTMl...

462 B
677 B

148ms
39ms

Fetch
application/json

178.250.2.146
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://mug.criteo.com/sid?cpp=3HXW63x1VzJ5SEFQb3ozR0F2OUFzVDZLcGJhY1lRWlA1ejdmQVZRRzdXQndmMVE4QUtDeG96a1dRVmJMbjV0SitMaXUxcWV2NjdML1JDQVlJdmJ0NURaQ003cUx1N3hSZ3dLaTEyMjNad01xQXNGTTRVQmdydmlKMnRTMlNqUDBubGlkTlR4UXZZMEdXQWYxaXBiSjNmSVZCMXFkakNnb1hNd3AzVTJlYkg5TXZ5V2JNTDN6OWxnUFpzUUNoT2FyejZLLzZ1dml3MHExOUtSaU8zTFdOUkhNMnk4cmhNOGZTZTkrcE9EbEVvNFRNazJ4em9YNUNjZk84cEwyeVZjRkgvWnNmZ2FHTVh3Ty8vTDZodmh1SkMxN2diY0FwOHpuVnJDakk3WGRFVllsU3dMRC82VXdKSlN1U09kb0Q0eEIwNG8zbXw&cppv=2

Requested by

Protocol

Server

178.250.2.146 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

6c9db9515e4558690ee455f4de3b5780348b67b1d04cf89fb865686fdf3b363f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gum.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 31 Jan 2023 15:12:34 GMT
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
server: Kestrel
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: https://gum.criteo.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 15247839
expires: 0

Redirect headers

pragma: no-cache
date: Tue, 31 Jan 2023 15:12:33 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
location: https://mug.criteo.com/sid?cpp=3HXW63x1VzJ5SEFQb3ozR0F2OUFzVDZLcGJhY1lRWlA1ejdmQVZRRzdXQndmMVE4QUtDeG96a1dRVmJMbjV0SitMaXUxcWV2NjdML1JDQVlJdmJ0NURaQ003cUx1N3hSZ3dLaTEyMjNad01xQXNGTTRVQmdydmlKMnRTMlNqUDBubGlkTlR4UXZZMEdXQWYxaXBiSjNmSVZCMXFkakNnb1hNd3AzVTJlYkg5TXZ5V2JNTDN6OWxnUFpzUUNoT2FyejZLLzZ1dml3MHExOUtSaU8zTFdOUkhNMnk4cmhNOGZTZTkrcE9EbEVvNFRNazJ4em9YNUNjZk84cEwyeVZjRkgvWnNmZ2FHTVh3Ty8vTDZodmh1SkMxN2diY0FwOHpuVnJDakk3WGRFVllsU3dMRC82VXdKSlN1U09kb0Q0eEIwNG8zbXw&cppv=2
cache-control: no-cache, no-store, must-revalidate
server-processing-duration-in-ticks: 686126
content-length: 0
expires: 0

GET
H/1.1

204
No Content

sum
ums.acuityplatform.com/ Frame 4494
Redirect Chain

https://secure.adnxs.com/getuid?https%3A%2F%2Fums.acuityplatform.com%2Fsum%3Fumid%3D10%26auid%3D737826230612%26uid%3D%24UID
https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fums.acuityplatform.com%252Fsum%253Fumid%253D10%2526auid%253D737826230612%2526uid%253D%2524UID
https://ums.acuityplatform.com/sum?umid=10&auid=737826230612&uid=2018361787894374834

0
894 B

78ms
15ms

Image
text/plain

154.59.122.79
COGENT-174

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ums.acuityplatform.com/sum?umid=10&auid=737826230612&uid=2018361787894374834
Requested by: Host: 8832015.fls.doubleclick.net
URL: https://8832015.fls.doubleclick.net/activityi;dc_pre=CLzH_paM8vwCFVEMogMdvu4FDA;src=8832015;type=rt;cat=donforms;ord=2334208738352;gtm=2wg1p0;auiddc=1629772784.1675177954;~oref=https%3A%2F%2Fwww.marchofdimes.org%2Fdonate-now%3FsrcCode%3DGCLGENEM2301CNT00130001%26amp%3Butm_medium%3Demail%26amp%3Butm_source%3Dmandr%26amp%3Butm_campaign%3D2023cultivation%26amp%3Butm_content%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1%26amp%3Bmkto%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001?
Protocol: HTTP/1.1
Server: 154.59.122.79 , United States, ASN174 (COGENT-174, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8832015.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

access-control-allow-origin: *
access-control-expose-headers: X-Acuity-UserID
x-acuity-userid: 737842868980

Redirect headers

Date: Tue, 31 Jan 2023 15:12:34 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 217.64.151.69; 217.64.151.69; 867.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: 8f4f1978-64f6-4ecd-997c-7165d2b340d5
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
Location: https://ums.acuityplatform.com/sum?umid=10&auid=737826230612&uid=2018361787894374834
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 204
No Content sync
cs.admanmedia.com/ Frame 4494 0
199 B 302ms
89ms Image
text/plain 80.77.87.166
NATCOWEB

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cs.admanmedia.com/sync?dsp=acuity&dsp_id=737826230612&to=https%3A%2F%2Fums.acuityplatform.com%2Fsum%3Fumid%3D134%26auid%3D737826230612%26uid%3D%5BADM%5D

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

80.77.87.166 Clifton, United States, ASN46636 (NATCOWEB, US),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8832015.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date: Tue, 31 Jan 2023 15:12:34 GMT
Strict-Transport-Security: max-age=63072000; includeSubdomains; preload
Server: nginx
Connection: keep-alive
X-Frame-Options: DENY

GET
H/1.1

204
No Content

sum
ums.acuityplatform.com/ Frame 4494
Redirect Chain

https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NyZ0bD0xMjk2MDA=&piggybackCookie=uid:737826230612&r=https%3A%2F%2Fums.acuityplatform.com%2Fsum%3Fumid%3D6%26auid%3D737...
https://ums.acuityplatform.com/sum?umid=6&auid=737826230612&uid=${PUBMATIC_UID}

0
27 B

61ms
15ms

Image
text/plain

154.59.122.79
COGENT-174

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ums.acuityplatform.com/sum?umid=6&auid=737826230612&uid=${PUBMATIC_UID}
Requested by: Host: 8832015.fls.doubleclick.net
URL: https://8832015.fls.doubleclick.net/activityi;dc_pre=CLzH_paM8vwCFVEMogMdvu4FDA;src=8832015;type=rt;cat=donforms;ord=2334208738352;gtm=2wg1p0;auiddc=1629772784.1675177954;~oref=https%3A%2F%2Fwww.marchofdimes.org%2Fdonate-now%3FsrcCode%3DGCLGENEM2301CNT00130001%26amp%3Butm_medium%3Demail%26amp%3Butm_source%3Dmandr%26amp%3Butm_campaign%3D2023cultivation%26amp%3Butm_content%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1%26amp%3Bmkto%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001?
Protocol: HTTP/1.1
Server: 154.59.122.79 , United States, ASN174 (COGENT-174, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8832015.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Redirect headers

location: https://ums.acuityplatform.com/sum?umid=6&auid=737826230612&uid=${PUBMATIC_UID}
date: Tue, 31 Jan 2023 15:12:33 GMT
cache-control: no-store, no-cache, private
server: nginx
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 4494
Redirect Chain

https://dsum-sec.casalemedia.com/rum?cm_dsp_id=10&external_user_id=737826230612
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=10&external_user_id=737826230612&C=1

43 B
766 B

7ms
7ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=10&external_user_id=737826230612&C=1
Requested by: Host: 8832015.fls.doubleclick.net
URL: https://8832015.fls.doubleclick.net/activityi;dc_pre=CLzH_paM8vwCFVEMogMdvu4FDA;src=8832015;type=rt;cat=donforms;ord=2334208738352;gtm=2wg1p0;auiddc=1629772784.1675177954;~oref=https%3A%2F%2Fwww.marchofdimes.org%2Fdonate-now%3FsrcCode%3DGCLGENEM2301CNT00130001%26amp%3Butm_medium%3Demail%26amp%3Butm_source%3Dmandr%26amp%3Butm_campaign%3D2023cultivation%26amp%3Butm_content%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1%26amp%3Bmkto%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001?
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8832015.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 31 Jan 2023 15:12:34 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=499
Content-Length: 43
Expires: 0

Redirect headers

Pragma: no-cache
Date: Tue, 31 Jan 2023 15:12:34 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: /rum?cm_dsp_id=10&external_user_id=737826230612&C=1
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=500
Content-Length: 0
Expires: 0

GET
H2

204

sync
ups.analytics.yahoo.com/ups/55950/ Frame 4494
Redirect Chain

https://pixel.advertising.com/ups/55950/sync?uid=737826230612&_origin=1
https://ups.analytics.yahoo.com/ups/55950/sync?uid=737826230612&_origin=1
https://ups.analytics.yahoo.com/ups/55950/sync?uid=737826230612&_origin=1&verify=true

0
121 B

10ms
9ms

Image
text/plain

3.126.56.137
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ups.analytics.yahoo.com/ups/55950/sync?uid=737826230612&_origin=1&verify=true

Requested by

Protocol

Server

3.126.56.137 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-126-56-137.eu-central-1.compute.amazonaws.com

Software

ATS/9.1.10.25 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8832015.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Tue, 31 Jan 2023 15:12:34 GMT
strict-transport-security: max-age=31536000
server: ATS/9.1.10.25
age: 0
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

Redirect headers

location: https://ups.analytics.yahoo.com/ups/55950/sync?uid=737826230612&_origin=1&verify=true
date: Tue, 31 Jan 2023 15:12:34 GMT
strict-transport-security: max-age=31536000
server: ATS/9.1.10.25
age: 0
content-length: 0
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H/1.1

200
OK

us.gif
sync.go.sonobi.com/ Frame 4494
Redirect Chain

https://x.bidswitch.net/sync?dsp_id=236&user_id=737826230612&expires=30&user_group=1
https://x.bidswitch.net/ul_cb/sync?dsp_id=236&user_id=737826230612&expires=30&user_group=1
https://sync.go.sonobi.com/us.gif?nw=bidswitch&nuid=116aedf9-b3a2-4361-b943-075021b33efd

49 B
535 B

497ms
105ms

Image
image/gif

69.166.1.12
AS-XFERNET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sync.go.sonobi.com/us.gif?nw=bidswitch&nuid=116aedf9-b3a2-4361-b943-075021b33efd

Requested by

Protocol

HTTP/1.1

Server

69.166.1.12 , United States, ASN27630 (AS-XFERNET, US),

Reverse DNS

Software

sonobi-go /

Resource Hash

8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8832015.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 31 Jan 2023 15:12:34 GMT
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: go-iad-2-5-162
Content-Type: image/gif
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache, no-store, private
Tcn: Choice
Content-Length: 49
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

location: //sync.go.sonobi.com/us.gif?nw=bidswitch&nuid=116aedf9-b3a2-4361-b943-075021b33efd
date: Tue, 31 Jan 2023 15:12:34 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0

GET
H/1.1

204
No Content

sum
ums.acuityplatform.com/ Frame 4494
Redirect Chain

https://tags.bluekai.com/site/37592?id=123456&limit=0&redir=https%3A%2F%2Fums.acuityplatform.com%2Fsum%3Fumid%3D49%26auid%3D737826230612%26uid%3D%24_BK_UUID
https://ums.acuityplatform.com/sum?umid=49&auid=737826230612&uid=$_BK_UUID

0
27 B

15ms
15ms

Image
text/plain

154.59.122.79
COGENT-174

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ums.acuityplatform.com/sum?umid=49&auid=737826230612&uid=$_BK_UUID
Requested by: Host: 8832015.fls.doubleclick.net
URL: https://8832015.fls.doubleclick.net/activityi;dc_pre=CLzH_paM8vwCFVEMogMdvu4FDA;src=8832015;type=rt;cat=donforms;ord=2334208738352;gtm=2wg1p0;auiddc=1629772784.1675177954;~oref=https%3A%2F%2Fwww.marchofdimes.org%2Fdonate-now%3FsrcCode%3DGCLGENEM2301CNT00130001%26amp%3Butm_medium%3Demail%26amp%3Butm_source%3Dmandr%26amp%3Butm_campaign%3D2023cultivation%26amp%3Butm_content%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1%26amp%3Bmkto%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001?
Protocol: HTTP/1.1
Server: 154.59.122.79 , United States, ASN174 (COGENT-174, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8832015.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Redirect headers

location: https://ums.acuityplatform.com/sum?umid=49&auid=737826230612&uid=$_BK_UUID
date: Tue, 31 Jan 2023 15:12:34 GMT
content-length: 0
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"

GET
H2

403

ProfilesEngineServlet
sync.intentiq.com/profiles_engine/ Frame 4494
Redirect Chain

https://fei.pro-market.net/engine?mimetype=img&du=9&csync=737826230612
https://fei.pro-market.net/engine?mimetype=img&du=9&csync=737826230612&sr
https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&dpi=3&pcid=-3878396796125230071

0
0

96ms
28ms

Image
text/html

54.230.112.81
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&dpi=3&pcid=-3878396796125230071
Requested by: Host: 8832015.fls.doubleclick.net
URL: https://8832015.fls.doubleclick.net/activityi;dc_pre=CLzH_paM8vwCFVEMogMdvu4FDA;src=8832015;type=rt;cat=donforms;ord=2334208738352;gtm=2wg1p0;auiddc=1629772784.1675177954;~oref=https%3A%2F%2Fwww.marchofdimes.org%2Fdonate-now%3FsrcCode%3DGCLGENEM2301CNT00130001%26amp%3Butm_medium%3Demail%26amp%3Butm_source%3Dmandr%26amp%3Butm_campaign%3D2023cultivation%26amp%3Butm_content%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1%26amp%3Bmkto%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001?
Protocol: H2
Server: 54.230.112.81 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-54-230-112-81.mrs52.r.cloudfront.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8832015.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Redirect headers

pragma: no-cache
date: Tue, 31 Jan 2023 15:12:34 GMT
via: 1.1 google
server: Apache-Coyote/1.1
anserver: gapp-eu-4.c.datonics-gcp-01.internal
p3p: CP="NOI DSP COR NID CURa ADMo TAIa PSAo PSDo OUR SAMo BUS UNI PUR COM NAV INT DEM CNT STA PRE LOC"
access-control-allow-origin: *
location: https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&dpi=3&pcid=-3878396796125230071
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate
alt-svc: clear
content-length: 0
expires: Mon, 1 Jan 1990 0:0:0 GMT

GET
H/1.1

204
No Content

sum
ums.acuityplatform.com/ Frame 4494
Redirect Chain

https://pixel.tapad.com/idsync/ex/receive?partner_id=3150&partner_device_id=737826230612&partner_url=https%3A%2F%2Fums.acuityplatform.com%2Fsum%3Fumid%3D64%26auid%3D737826230612%26uid%3D%24%7BTA_DE...
https://pixel.tapad.com/idsync/ex/receive/check?partner_id=3150&partner_device_id=737826230612&partner_url=https%3A%2F%2Fums.acuityplatform.com%2Fsum%3Fumid%3D64%26auid%3D737826230612%26uid%3D%24%7...
https://ums.acuityplatform.com/sum?umid=64&auid=737826230612&uid=801f4340-2f30-42cf-846d-b411cc3efd2e

0
883 B

46ms
16ms

Image
text/plain

154.59.122.79
COGENT-174

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ums.acuityplatform.com/sum?umid=64&auid=737826230612&uid=801f4340-2f30-42cf-846d-b411cc3efd2e
Requested by: Host: 8832015.fls.doubleclick.net
URL: https://8832015.fls.doubleclick.net/activityi;dc_pre=CLzH_paM8vwCFVEMogMdvu4FDA;src=8832015;type=rt;cat=donforms;ord=2334208738352;gtm=2wg1p0;auiddc=1629772784.1675177954;~oref=https%3A%2F%2Fwww.marchofdimes.org%2Fdonate-now%3FsrcCode%3DGCLGENEM2301CNT00130001%26amp%3Butm_medium%3Demail%26amp%3Butm_source%3Dmandr%26amp%3Butm_campaign%3D2023cultivation%26amp%3Butm_content%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1%26amp%3Bmkto%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001?
Protocol: HTTP/1.1
Server: 154.59.122.79 , United States, ASN174 (COGENT-174, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8832015.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

access-control-allow-origin: *
access-control-expose-headers: X-Acuity-UserID
x-acuity-userid: 737842850579

Redirect headers

date: Tue, 31 Jan 2023 15:12:34 GMT
strict-transport-security: max-age=31536000
via: 1.1 google
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
access-control-allow-origin: *
location: https://ums.acuityplatform.com/sum?umid=64&auid=737826230612&uid=801f4340-2f30-42cf-846d-b411cc3efd2e
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H/1.1

204
No Content

sum
ums.acuityplatform.com/ Frame 4494
Redirect Chain

https://dpm.demdex.net/ibs:dpid=12105&dpuuid=737826230612&redir=https%3A%2F%2Fums.acuityplatform.com%2Fsum%3Fumid%3D41%26auid%3D737826230612%26uid%3D%24%7BDD_UUID%7D
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=12105&dpuuid=737826230612&redir=https%3A%2F%2Fums.acuityplatform.com%2Fsum%3Fumid%3D41%26auid%3D737826230612%26uid%3D%24%7BDD_UUID%7D
https://ums.acuityplatform.com/sum?umid=41&auid=737826230612&uid=11377128738871908940671891590044596718

0
943 B

14ms
14ms

Image
text/plain

154.59.122.79
COGENT-174

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ums.acuityplatform.com/sum?umid=41&auid=737826230612&uid=11377128738871908940671891590044596718
Requested by: Host: 8832015.fls.doubleclick.net
URL: https://8832015.fls.doubleclick.net/activityi;dc_pre=CLzH_paM8vwCFVEMogMdvu4FDA;src=8832015;type=rt;cat=donforms;ord=2334208738352;gtm=2wg1p0;auiddc=1629772784.1675177954;~oref=https%3A%2F%2Fwww.marchofdimes.org%2Fdonate-now%3FsrcCode%3DGCLGENEM2301CNT00130001%26amp%3Butm_medium%3Demail%26amp%3Butm_source%3Dmandr%26amp%3Butm_campaign%3D2023cultivation%26amp%3Butm_content%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1%26amp%3Bmkto%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001?
Protocol: HTTP/1.1
Server: 154.59.122.79 , United States, ASN174 (COGENT-174, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8832015.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

access-control-allow-origin: *
access-control-expose-headers: X-Acuity-UserID
x-acuity-userid: 737842794692

Redirect headers

DCS: dcs-prod-irl1-2-v045-0eab94181.edge-irl1.demdex.com 3 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: Upa/jAmQTg4=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Location: https://ums.acuityplatform.com/sum?umid=41&auid=737826230612&uid=11377128738871908940671891590044596718
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H2 200 amazon.js Show response
give.marchofdimes.org/js/ Frame 3680 6 KB
2 KB 128ms
126ms Script
application/javascript 2606:4700:10::6816:4345
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://give.marchofdimes.org/js/amazon.js?rnd=20210831
Requested by: Host: give.marchofdimes.org
URL: https://give.marchofdimes.org/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:4345 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 9c56f97c002513e5266bed356153984b1612bac56582f71f519180dac3c712d1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.marchofdimes.org/?srcCode=GCLGENEM2301CNT00130001&utm_medium=email&utm_source=mandr&utm_campaign=2023cultivation&utm_content=em-nat-mandr-2023cultivation-2023-01-30-email-1&mkto=em-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001&DonationFormId=262&urlReferer=https%3A%2F%2Fwww.marchofdimes.org%2Fdonate-now%3FsrcCode%3DGCLGENEM2301CNT00130001%26amp%3Butm_medium%3Demail%26amp%3Butm_source%3Dmandr%26amp%3Butm_campaign%3D2023cultivation%26amp%3Butm_content%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1%26amp%3Bmkto%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Tue, 31 Jan 2023 15:12:34 GMT
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Mon, 23 Jan 2023 18:57:00 GMT
server: cloudflare
cf-polished: origSize=11007
etag: W/"fbe447795c2fd91:0"
vary: Accept-Encoding
x-powered-by: ASP.NET
content-type: application/javascript
cache-control: max-age=14400
permissions-policy: interest-cohort=()
cf-ray: 792362e7784c915e-FRA

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ Frame 3680 110 KB
43 KB 27ms
25ms Script
application/javascript 2a00:1450:4001:808::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-219864-1

Requested by

Host: give.marchofdimes.org
URL: https://give.marchofdimes.org/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

7b1533a518cf6a90f0155617cfc6ba57e0a3c0412032712af34809e348a84814

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Tue, 31 Jan 2023 15:12:34 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 44020
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Tue, 31 Jan 2023 15:12:34 GMT

GET
H2 200 donation.doublemydonation.js Show response
give.marchofdimes.org/js/ Frame 3680 3 KB
1 KB 116ms
113ms Script
application/javascript 2606:4700:10::6816:4345
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://give.marchofdimes.org/js/donation.doublemydonation.js
Requested by: Host: give.marchofdimes.org
URL: https://give.marchofdimes.org/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:4345 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 52e86f5586819f24342659ff63cc353f4350f806a44d8ac57d21672d1eb9107b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.marchofdimes.org/?srcCode=GCLGENEM2301CNT00130001&utm_medium=email&utm_source=mandr&utm_campaign=2023cultivation&utm_content=em-nat-mandr-2023cultivation-2023-01-30-email-1&mkto=em-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001&DonationFormId=262&urlReferer=https%3A%2F%2Fwww.marchofdimes.org%2Fdonate-now%3FsrcCode%3DGCLGENEM2301CNT00130001%26amp%3Butm_medium%3Demail%26amp%3Butm_source%3Dmandr%26amp%3Butm_campaign%3D2023cultivation%26amp%3Butm_content%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1%26amp%3Bmkto%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Tue, 31 Jan 2023 15:12:34 GMT
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Mon, 23 Jan 2023 18:57:00 GMT
server: cloudflare
cf-polished: origSize=5595
etag: W/"fbe447795c2fd91:0"
vary: Accept-Encoding
x-powered-by: ASP.NET
content-type: application/javascript
cache-control: max-age=14400
permissions-policy: interest-cohort=()
cf-ray: 792362e7784d915e-FRA

GET
H2 200 ddplugin.js Show response
doublethedonation.com/api/js/ Frame 3680 430 KB
92 KB 94ms
92ms Script
text/javascript 23.96.109.67
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://doublethedonation.com/api/js/ddplugin.js
Requested by: Host: give.marchofdimes.org
URL: https://give.marchofdimes.org/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 23.96.109.67 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: nginx /
Resource Hash: e0195bcde6d877ec77cae5b0985ee178f751b44f3015b6e66146d8fc5bfdc707

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Tue, 31 Jan 2023 15:12:34 GMT
content-encoding: br
last-modified: Fri, 27 Jan 2023 14:44:13 GMT
server: nginx
etag: "63d3e33d-16df6"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
cache-control: public, max-age=600;
content-length: 93686

GET
H2 200 jquery-ui.js Show response
give.marchofdimes.org/js/ Frame 3680 327 KB
80 KB 128ms
127ms Script
application/javascript 2606:4700:10::6816:4345
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://give.marchofdimes.org/js/jquery-ui.js
Requested by: Host: give.marchofdimes.org
URL: https://give.marchofdimes.org/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:4345 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 1ba5287a919753a8fdb18929f1e3e7f6ccc31154169d254872080d11a9b1c4ee

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.marchofdimes.org/?srcCode=GCLGENEM2301CNT00130001&utm_medium=email&utm_source=mandr&utm_campaign=2023cultivation&utm_content=em-nat-mandr-2023cultivation-2023-01-30-email-1&mkto=em-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001&DonationFormId=262&urlReferer=https%3A%2F%2Fwww.marchofdimes.org%2Fdonate-now%3FsrcCode%3DGCLGENEM2301CNT00130001%26amp%3Butm_medium%3Demail%26amp%3Butm_source%3Dmandr%26amp%3Butm_campaign%3D2023cultivation%26amp%3Butm_content%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1%26amp%3Bmkto%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Tue, 31 Jan 2023 15:12:34 GMT
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Mon, 23 Jan 2023 18:57:00 GMT
server: cloudflare
cf-polished: origSize=539419
etag: W/"2b5a48795c2fd91:0"
vary: Accept-Encoding
x-powered-by: ASP.NET
content-type: application/javascript
cache-control: max-age=14400
permissions-policy: interest-cohort=()
cf-ray: 792362e7784f915e-FRA

GET
H2 200 jquery-3.6.0.min.js Show response
give.marchofdimes.org/js/ Frame 3680 87 KB
31 KB 138ms
137ms Script
application/javascript 2606:4700:10::6816:4345
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://give.marchofdimes.org/js/jquery-3.6.0.min.js
Requested by: Host: give.marchofdimes.org
URL: https://give.marchofdimes.org/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:4345 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: ce9d07500ad91ec2b524c270764ec4c9a33e78320d8d374ec400ede488f6251b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.marchofdimes.org/?srcCode=GCLGENEM2301CNT00130001&utm_medium=email&utm_source=mandr&utm_campaign=2023cultivation&utm_content=em-nat-mandr-2023cultivation-2023-01-30-email-1&mkto=em-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001&DonationFormId=262&urlReferer=https%3A%2F%2Fwww.marchofdimes.org%2Fdonate-now%3FsrcCode%3DGCLGENEM2301CNT00130001%26amp%3Butm_medium%3Demail%26amp%3Butm_source%3Dmandr%26amp%3Butm_campaign%3D2023cultivation%26amp%3Butm_content%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1%26amp%3Bmkto%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Tue, 31 Jan 2023 15:12:34 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Mon, 23 Jan 2023 18:57:00 GMT
server: cloudflare
etag: W/"fbe447795c2fd91:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=14400
permissions-policy: interest-cohort=()
cf-ray: 792362e77851915e-FRA

GET
H2 200 constants.js Show response
give.marchofdimes.org/ Frame 3680 599 B
472 B 116ms
115ms Script
application/javascript 2606:4700:10::6816:4345
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://give.marchofdimes.org/constants.js?20210814
Requested by: Host: give.marchofdimes.org
URL: https://give.marchofdimes.org/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:4345 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 2a551c6a84e41383c61251d498656509ca2609cf7e5d54a8ed4c8c6df97c3d00

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.marchofdimes.org/?srcCode=GCLGENEM2301CNT00130001&utm_medium=email&utm_source=mandr&utm_campaign=2023cultivation&utm_content=em-nat-mandr-2023cultivation-2023-01-30-email-1&mkto=em-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001&DonationFormId=262&urlReferer=https%3A%2F%2Fwww.marchofdimes.org%2Fdonate-now%3FsrcCode%3DGCLGENEM2301CNT00130001%26amp%3Butm_medium%3Demail%26amp%3Butm_source%3Dmandr%26amp%3Butm_campaign%3D2023cultivation%26amp%3Butm_content%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1%26amp%3Bmkto%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Tue, 31 Jan 2023 15:12:34 GMT
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Thu, 05 Aug 2021 14:19:11 GMT
server: cloudflare
cf-polished: origSize=732
etag: W/"c582b1dc48ad71:0"
vary: Accept-Encoding
x-powered-by: ASP.NET
content-type: application/javascript
cache-control: max-age=14400
permissions-policy: interest-cohort=()
cf-ray: 792362e77853915e-FRA

GET
H2

200

event Show response
widget.us.criteo.com/ Frame 4494
Redirect Chain

https://sslwidget.criteo.com/event?a=81237&v=5.13.0&p0=e%3Dexd%26site_type%3Dd%26ref%3Dhttps%253A%252F%252Fwww.marchofdimes.org&p1=e%3Dvp%26p%3D1&p2=e%3Dvb%26p%3D%255Bi%25253D1%252526pr%25253D0%252...
https://widget.us.criteo.com/event?a=81237&v=5.13.0&p0=e%3Dexd%26site_type%3Dd%26ref%3Dhttps%253A%252F%252Fwww.marchofdimes.org&p1=e%3Dvp%26p%3D1&p2=e%3Dvb%26p%3D%255Bi%25253D1%252526pr%25253D0%252...

8 KB
4 KB

466ms
105ms

Script
application/x-javascript

74.119.119.150
AS-CRITEO

General

Check archive.org

Show headers Download Go to

Full URL

https://widget.us.criteo.com/event?a=81237&v=5.13.0&p0=e%3Dexd%26site_type%3Dd%26ref%3Dhttps%253A%252F%252Fwww.marchofdimes.org&p1=e%3Dvp%26p%3D1&p2=e%3Dvb%26p%3D%255Bi%25253D1%252526pr%25253D0%252526q%25253D1%255D&p3=e%3Ddis&bundle=Q-LkJl9LdFpScmlhSWNPTFVFSGxGaEFmMmhBVXQ3bUlVUlY3ZTB3b0ZGS09DbDBHNVZtZjNveHRZd1lueXklMkJwU3NXVUQ5djNoc2VhJTJCZnR5d3llJTJGNGUxSWklMkJtNHglMkI4Rng3bSUyRjlTd0hmdXlnVXF1Z0tpaXd4JTJGU0YzJTJCTktTR3pnRVRUQ1dpQjNJZjlvbVd0ZjJNMUk3U2lOaHFnblBhY3l0bk5SNUlGVTJzY2NaR3BJJTNE&tld=8832015.fls.doubleclick.net&dy=1&fu=https%253A%252F%252Fwww.marchofdimes.org&pu=https%253A%252F%252Fwww.marchofdimes.org&dtycbr=76126

Requested by

Protocol

Server

74.119.119.150 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

Kestrel /

Resource Hash

dc60bea94528b716780eb7f196f1e88f2eb18fc6d74754b5f996ede9b919318c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8832015.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 31 Jan 2023 15:12:34 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
server: Kestrel
content-type: application/x-javascript
access-control-allow-origin: *
p3p: NON DSP COR CURa PSA PSD OUR BUS NAV STA
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 13348398
timing-allow-origin: *
expires: 0

Redirect headers

pragma: no-cache
date: Tue, 31 Jan 2023 15:12:34 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
server: Kestrel
location: https://widget.us.criteo.com/event?a=81237&v=5.13.0&p0=e%3Dexd%26site_type%3Dd%26ref%3Dhttps%253A%252F%252Fwww.marchofdimes.org&p1=e%3Dvp%26p%3D1&p2=e%3Dvb%26p%3D%255Bi%25253D1%252526pr%25253D0%252526q%25253D1%255D&p3=e%3Ddis&bundle=Q-LkJl9LdFpScmlhSWNPTFVFSGxGaEFmMmhBVXQ3bUlVUlY3ZTB3b0ZGS09DbDBHNVZtZjNveHRZd1lueXklMkJwU3NXVUQ5djNoc2VhJTJCZnR5d3llJTJGNGUxSWklMkJtNHglMkI4Rng3bSUyRjlTd0hmdXlnVXF1Z0tpaXd4JTJGU0YzJTJCTktTR3pnRVRUQ1dpQjNJZjlvbVd0ZjJNMUk3U2lOaHFnblBhY3l0bk5SNUlGVTJzY2NaR3BJJTNE&tld=8832015.fls.doubleclick.net&dy=1&fu=https%253A%252F%252Fwww.marchofdimes.org&pu=https%253A%252F%252Fwww.marchofdimes.org&dtycbr=76126
access-control-allow-origin: *
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 7095987
timing-allow-origin: *
content-length: 0
expires: 0

GET
H2 200 js Show response
maps.googleapis.com/maps/api/ Frame 3680 166 KB
55 KB 73ms
36ms Script
text/javascript 2a00:1450:4001:82b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://maps.googleapis.com/maps/api/js?key=AIzaSyDuRY-BMAtBAIm1P8HW5Ts8ztNiofeZgBY&libraries=places&v=weekly

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

mafe /

Resource Hash

f1254fee3a641493452a188ca7a0b01cfec72fb19585fc0bf0792461dc745ee2

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Tue, 31 Jan 2023 15:12:34 GMT
content-encoding: gzip
server: mafe
vary: Accept-Language
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1800
cross-origin-resource-policy: cross-origin
server-timing: gfet4t7; dur=30
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 55666
x-xss-protection: 0
expires: Tue, 31 Jan 2023 15:42:34 GMT

GET
H3 200 gtm.js Show response
www.googletagmanager.com/ Frame 3680 271 KB
88 KB 32ms
31ms Script
application/javascript 2a00:1450:4001:808::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-WNJ3K3P

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

88f7396ed78704a73f8f111ea2fa5d734f0caf0465ac39d2a4f67a99ac241719

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Tue, 31 Jan 2023 15:12:34 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 90145
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Tue, 31 Jan 2023 15:12:34 GMT

GET
H2 200 Widgets.js Show response
static-na.payments-amazon.com/OffAmazonPayments/us/js/ Frame 3680 329 KB
101 KB 42ms
6ms Script
application/x-javascript 65.9.66.114
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static-na.payments-amazon.com/OffAmazonPayments/us/js/Widgets.js
Requested by: Host: give.marchofdimes.org
URL: https://give.marchofdimes.org/js/amazon.js?rnd=20210831
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.114 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-114.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 203abc15bd3690ec5c9a82cd24379fbec3f5f42d74f93558296bddd9e0dad938

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

x-amz-version-id: VLU5TMX8Yq82mp10dhycteoi15YRUPpJ
content-encoding: gzip
via: 1.1 e39402e2cf62b31f7774452c905f38f2.cloudfront.net (CloudFront)
date: Tue, 31 Jan 2023 15:10:27 GMT
last-modified: Thu, 15 Dec 2022 07:34:20 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-C1
age: 821
etag: W/"8a5c996b69ff320c690aef7e66b71354"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/x-javascript; charset=utf-8
cache-control: max-age=1200,public
x-amz-cf-id: 3XJXnFt8Fw263wGYolPlOrP0FQ2xlRl7IIHu5bVb-Kz7wHkn5wobYQ==

GET
H3 200 analytics.js Show response
www.google-analytics.com/ Frame 3680 49 KB
20 KB 10ms
9ms Script
text/javascript 2001:4860:4802:38::178
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-219864-1

Protocol

Security

QUIC, , AES_128_GCM

Server

2001:4860:4802:38::178 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

5971b095cff574a66d35ada016d4c077c86e2dea62e9c0f14cf7c94b258619de

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Tue, 31 Jan 2023 14:54:50 GMT
last-modified: Tue, 10 Jan 2023 21:29:14 GMT
server: Golfe2
age: 1064
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20085
expires: Tue, 31 Jan 2023 16:54:50 GMT

GET
H2 200 api.js Show response
www.google.com/recaptcha/ Frame 3680 852 B
750 B 55ms
54ms Script
text/javascript 2a00:1450:400d:80d::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api.js?render=explicit

Requested by

Host: give.marchofdimes.org
URL: https://give.marchofdimes.org/js/chunk-vendors.19a53d4c.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80d::2004 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

cf6b8e5810b81c2eb90ca7454bd6413ec5df5d2af382a764302b797006c43ef0

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Tue, 31 Jan 2023 15:12:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self'
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 558
x-xss-protection: 1; mode=block
expires: Tue, 31 Jan 2023 15:12:34 GMT

GET
H2 200 get Show response
give.marchofdimes.org/server/api/donationforms/ Frame 3680 8 KB
3 KB 497ms
496ms XHR
application/json 2606:4700:10::6816:4345
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://give.marchofdimes.org/server/api/donationforms/get?donationFormId=262&srcCode=GCLGENEM2301CNT00130001&utm_medium=email&utm_source=mandr&utm_campaign=2023cultivation&utm_content=em-nat-mandr-2023cultivation-2023-01-30-email-1&mkto=em-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001&DonationFormId=262&urlReferer=https:%2F%2Fwww.marchofdimes.org%2Fdonate-now%3FsrcCode%3DGCLGENEM2301CNT00130001%26amp%3Butm_medium%3Demail%26amp%3Butm_source%3Dmandr%26amp%3Butm_campaign%3D2023cultivation%26amp%3Butm_content%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1%26amp%3Bmkto%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001
Requested by: Host: give.marchofdimes.org
URL: https://give.marchofdimes.org/js/chunk-vendors.19a53d4c.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:4345 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 8bd9b4ac0e00d6345d29f0360138d9eef7f4f5a2161f43ca02ca473e89eeb899

Request headers

Accept: application/json, text/plain, */*
Referer: https://give.marchofdimes.org/?srcCode=GCLGENEM2301CNT00130001&utm_medium=email&utm_source=mandr&utm_campaign=2023cultivation&utm_content=em-nat-mandr-2023cultivation-2023-01-30-email-1&mkto=em-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001&DonationFormId=262&urlReferer=https%3A%2F%2Fwww.marchofdimes.org%2Fdonate-now%3FsrcCode%3DGCLGENEM2301CNT00130001%26amp%3Butm_medium%3Demail%26amp%3Butm_source%3Dmandr%26amp%3Butm_campaign%3D2023cultivation%26amp%3Butm_content%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1%26amp%3Bmkto%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001
accept-language: de-DE,de;q=0.9
X-Referer: https://give.marchofdimes.org/?srcCode=GCLGENEM2301CNT00130001&utm_medium=email&utm_source=mandr&utm_campaign=2023cultivation&utm_content=em-nat-mandr-2023cultivation-2023-01-30-email-1&mkto=em-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001&DonationFormId=262&urlReferer=https%3A%2F%2Fwww.marchofdimes.org%2Fdonate-now%3FsrcCode%3DGCLGENEM2301CNT00130001%26amp%3Butm_medium%3Demail%26amp%3Butm_source%3Dmandr%26amp%3Butm_campaign%3D2023cultivation%26amp%3Butm_content%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1%26amp%3Bmkto%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Tue, 31 Jan 2023 15:12:35 GMT
content-encoding: br
cf-cache-status: DYNAMIC
server: cloudflare
x-powered-by: ASP.NET
content-type: application/json; charset=utf-8
permissions-policy: interest-cohort=()
cf-ray: 792362e9cd3d915e-FRA

POST
H2 204 rum Show response
give.marchofdimes.org/cdn-cgi/ Frame 3680 0
59 B 14ms
12ms XHR
text/plain 2606:4700:10::6816:4345
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://give.marchofdimes.org/cdn-cgi/rum?

Requested by

Host: static.cloudflareinsights.com
URL: https://static.cloudflareinsights.com/beacon.min.js/vaafb692b2aea4879b33c060e79fe94621666317369993

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:4345 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://give.marchofdimes.org/?srcCode=GCLGENEM2301CNT00130001&utm_medium=email&utm_source=mandr&utm_campaign=2023cultivation&utm_content=em-nat-mandr-2023cultivation-2023-01-30-email-1&mkto=em-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001&DonationFormId=262&urlReferer=https%3A%2F%2Fwww.marchofdimes.org%2Fdonate-now%3FsrcCode%3DGCLGENEM2301CNT00130001%26amp%3Butm_medium%3Demail%26amp%3Butm_source%3Dmandr%26amp%3Butm_campaign%3D2023cultivation%26amp%3Butm_content%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1%26amp%3Bmkto%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
content-type: application/json

Response headers

date: Tue, 31 Jan 2023 15:12:34 GMT
x-content-type-options: nosniff
server: cloudflare
vary: Origin
access-control-max-age: 86400
access-control-allow-methods: POST,OPTIONS
access-control-allow-origin: https://give.marchofdimes.org
x-frame-options: DENY
access-control-allow-credentials: true
cf-ray: 792362e9dd85915e-FRA

GET
H3 200 /
www.facebook.com/tr/ 0
18 B 11ms
9ms Image
text/plain 2a03:2880:f176:181:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1621384747882069&ev=Microdata&dl=https%3A%2F%2Fwww.marchofdimes.org%2Fdonate-now%3FsrcCode%3DGCLGENEM2301CNT00130001%26amp%3Butm_medium%3Demail%26amp%3Butm_source%3Dmandr%26amp%3Butm_campaign%3D2023cultivation%26amp%3Butm_content%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1%26amp%3Bmkto%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001&rl=&if=false&ts=1675177954859&cd[DataLayer]=%5B%5D&cd[Meta]=%7B%22title%22%3A%22Donate%20Now%20%7C%20March%20of%20Dimes%22%7D&cd[OpenGraph]=%7B%22og%3Atype%22%3A%22Page%22%2C%22og%3Atitle%22%3A%22Donate%20Now%22%2C%22og%3Adescription%22%3A%22March%20of%20Dimes%20donations%20go%20towards%20lifesaving%20research%20and%20advocating%20policies%20that%20prioritize%20the%20health%20of%20moms%20and%20babies.%20Your%20donation%20to%20our%20nonprofit%20can%20help%20improve%20the%20lives%20of%20moms%20and%20babies%20everywhere.%20Donate%20to%20March%20of%20Dimes%20today.%22%2C%22og%3Aimage%22%3A%22https%3A%2F%2Fwww.marchofdimes.org%2Fsites%2Fdefault%2Ffiles%2F2022-11%2FJAJEES_v2.jpg%22%7D&cd[Schema.org]=%5B%5D&cd[JSON-LD]=%5B%5D&sw=1600&sh=1200&v=2.9.95&r=stable&ec=1&o=30&fbp=fb.1.1675177954286.1475093205&it=1675177953761&coo=false&es=automatic&tm=3&rqm=GET

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f176:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Tue, 31 Jan 2023 15:12:34 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0
priority: u=3,i

GET
H3 200 ecommerce.js Show response
www.google-analytics.com/plugins/ua/ Frame 3680 1 KB
763 B 13ms
10ms Script
text/javascript 2001:4860:4802:38::178
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/plugins/ua/ecommerce.js

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2001:4860:4802:38::178 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8e1b84265e633c043720dd0921476c16bc9f75e393e855c9116ca7c3a847b5c7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Tue, 31 Jan 2023 14:41:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1838
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 738
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Tue, 31 Jan 2023 15:41:56 GMT

GET
H3 200 js Show response
www.google-analytics.com/gtm/ Frame 3680 120 KB
45 KB 25ms
24ms Script
application/javascript 2001:4860:4802:38::178
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/gtm/js?id=GTM-W2ZD7L3&t=gtag_UA_219864_1&cid=35072588.1675177954

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2001:4860:4802:38::178 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

d1514d1b92e33d5ca3ed4ad91f9a245f8e02c6e8ffe2d9fd50ea7b2f2d36a76c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Tue, 31 Jan 2023 15:12:34 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 46233
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Tue, 31 Jan 2023 15:12:34 GMT

GET
H/1.1 200
OK sessionstabilizer Show response
payments.amazon.com/gp/widgets/ Frame 3680 93 B
1 KB 1248ms
253ms XHR
application/json 54.239.28.235
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://payments.amazon.com/gp/widgets/sessionstabilizer?countryOfEstablishment=US&ledgerCurrency=USD&isSandbox=false

Requested by

Host: static-na.payments-amazon.com
URL: https://static-na.payments-amazon.com/OffAmazonPayments/us/js/Widgets.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.239.28.235 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

3360d3aef084198d27d54ed56dfada445eac7c7d754a7a1e792deb1ce20d6b7c

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date: Tue, 31 Jan 2023 15:12:36 GMT
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Server: Server
x-amz-rid: H5WDWKQE0B23DX6MMNVZ
x-amzn-RequestId: H5WDWKQE0B23DX6MMNVZ
Vary: Content-Type,Accept-Encoding,User-Agent
Content-Type: application/json
Access-Control-Allow-Origin: https://give.marchofdimes.org
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 93

GET
H2 200 login.js Show response
static-na.payments-amazon.com/v2/ Frame 3680 45 KB
14 KB 10ms
6ms Script
application/javascript 65.9.66.114
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static-na.payments-amazon.com/v2/login.js
Requested by: Host: static-na.payments-amazon.com
URL: https://static-na.payments-amazon.com/OffAmazonPayments/us/js/Widgets.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.114 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-114.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 893b40849cf60754fc6a8cfd3c32b73f9ee7f3f92eea065e2fde15af5b78f934

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

x-amz-version-id: 9p.xOeFC.Qn3EMrRTw7QGUB6DUt7sVuF
content-encoding: gzip
via: 1.1 e39402e2cf62b31f7774452c905f38f2.cloudfront.net (CloudFront)
date: Tue, 31 Jan 2023 15:10:28 GMT
last-modified: Thu, 15 Dec 2022 07:34:15 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-C1
age: 127
etag: W/"acd792cd059f76059109edda71505c84"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=1200,public
x-amz-cf-id: d7dwr_Kc1HX0ohmYdgwawY27buThQl72uYGWo6NITSZH4iqF6XcUWw==

GET
H3 200 gen_204 Show response
maps.googleapis.com/maps/api/mapsjs/ Frame 3680 3 B
45 B 42ms
22ms XHR
application/json 2a00:1450:4001:82b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://maps.googleapis.com/maps/api/mapsjs/gen_204?csp_test=true

Requested by

Host: maps.googleapis.com
URL: https://maps.googleapis.com/maps/api/js?key=AIzaSyDuRY-BMAtBAIm1P8HW5Ts8ztNiofeZgBY&libraries=places&v=weekly

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

scaffolding on HTTPServer2 /

Resource Hash

ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Tue, 31 Jan 2023 15:12:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: scaffolding on HTTPServer2
vary: Origin, X-Origin, Referer
x-frame-options: SAMEORIGIN
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://give.marchofdimes.org
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
cache-control: private
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 23
x-xss-protection: 0

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ Frame 3680 111 KB
43 KB 29ms
29ms Script
application/javascript 2a00:1450:4001:808::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=DC-8832015

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WNJ3K3P

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

7a47b52f285752e442c6846f775ad5b6a262659f5b63eafb8da15e3e00e320c6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Tue, 31 Jan 2023 15:12:34 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 44318
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Tue, 31 Jan 2023 15:12:34 GMT

GET
H3 200 analytics.js Show response
www.google-analytics.com/ Frame 3680 49 KB
20 KB 18ms
17ms Script
text/javascript 2001:4860:4802:38::178
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WNJ3K3P

Protocol

Security

QUIC, , AES_128_GCM

Server

2001:4860:4802:38::178 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

5971b095cff574a66d35ada016d4c077c86e2dea62e9c0f14cf7c94b258619de

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Tue, 31 Jan 2023 14:54:50 GMT
last-modified: Tue, 10 Jan 2023 21:29:14 GMT
server: Golfe2
age: 1064
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20085
expires: Tue, 31 Jan 2023 16:54:50 GMT

GET
H3

200

activityi;dc_pre=CIPXx5eM8vwCFZVDGAod_M4FjQ;src=8832015;type=rt;cat=gen;ord=7764937972392;gtm=2wg1p0;auiddc=1629772784.1675177954;~oref=https%3A%2F%2Fgive.marchofdimes.org%2F%3FsrcCode%3DGCLGENEM23... Show response
8832015.fls.doubleclick.net/ Frame 200F
Redirect Chain

https://8832015.fls.doubleclick.net/activityi;src=8832015;type=rt;cat=gen;ord=7764937972392;gtm=2wg1p0;auiddc=1629772784.1675177954;~oref=https%3A%2F%2Fgive.marchofdimes.org%2F%3FsrcCode%3DGCLGENEM...
https://8832015.fls.doubleclick.net/activityi;dc_pre=CIPXx5eM8vwCFZVDGAod_M4FjQ;src=8832015;type=rt;cat=gen;ord=7764937972392;gtm=2wg1p0;auiddc=1629772784.1675177954;~oref=https%3A%2F%2Fgive.marcho...

4 KB
2 KB

79ms
78ms

Document
text/html

142.251.208.134
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://8832015.fls.doubleclick.net/activityi;dc_pre=CIPXx5eM8vwCFZVDGAod_M4FjQ;src=8832015;type=rt;cat=gen;ord=7764937972392;gtm=2wg1p0;auiddc=1629772784.1675177954;~oref=https%3A%2F%2Fgive.marchofdimes.org%2F%3FsrcCode%3DGCLGENEM2301CNT00130001%26utm_medium%3Demail%26utm_source%3Dmandr%26utm_campaign%3D2023cultivation%26utm_content%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1%26mkto%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001%26DonationFormId%3D262%26urlReferer%3Dhttps%253A%252F%252Fwww.marchofdimes.org%252Fdonate-now%253FsrcCode%253DGCLGENEM2301CNT00130001%2526amp%253Butm_medium%253Demail%2526amp%253Butm_source%253Dmandr%2526amp%253Butm_campaign%253D2023cultivation%2526amp%253Butm_content%253Dem-nat-mandr-2023cultivation-2023-01-30-email-1%2526amp%253Bmkto%253Dem-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001?

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WNJ3K3P

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.208.134 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bud02s42-in-f6.1e100.net

Software

cafe /

Resource Hash

6ef88dd324ec57c3b1c48ce5ee2eb3fb14639c1323ef140c944e3027dde03e33

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://give.marchofdimes.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=0
content-encoding: br
content-length: 1589
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 31 Jan 2023 15:12:35 GMT
expires: Tue, 31 Jan 2023 15:12:35 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 31 Jan 2023 15:12:35 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown: 1
location: https://8832015.fls.doubleclick.net/activityi;dc_pre=CIPXx5eM8vwCFZVDGAod_M4FjQ;src=8832015;type=rt;cat=gen;ord=7764937972392;gtm=2wg1p0;auiddc=1629772784.1675177954;~oref=https%3A%2F%2Fgive.marchofdimes.org%2F%3FsrcCode%3DGCLGENEM2301CNT00130001%26utm_medium%3Demail%26utm_source%3Dmandr%26utm_campaign%3D2023cultivation%26utm_content%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1%26mkto%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001%26DonationFormId%3D262%26urlReferer%3Dhttps%253A%252F%252Fwww.marchofdimes.org%252Fdonate-now%253FsrcCode%253DGCLGENEM2301CNT00130001%2526amp%253Butm_medium%253Demail%2526amp%253Butm_source%253Dmandr%2526amp%253Butm_campaign%253D2023cultivation%2526amp%253Butm_content%253Dem-nat-mandr-2023cultivation-2023-01-30-email-1%2526amp%253Bmkto%253Dem-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001?
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 tfa.js Show response
cdn.taboola.com/libtrc/unip/1335104/ Frame 3680 58 KB
18 KB 17ms
14ms Script
application/javascript 151.101.1.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/libtrc/unip/1335104/tfa.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WNJ3K3P
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 74ccbc93851c337e3f764c712dac726bb612522e583432b1ffffb1d61dfe9c8b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

x-amz-version-id: H42nGUwn4yjBQH148Ck7FaRlJMoBMiLu
content-encoding: gzip
via: 1.1 varnish
date: Tue, 31 Jan 2023 15:12:35 GMT
x-amz-request-id: WAX57F1KMWY3W6XZ
age: 44
x-cache: HIT
x-amz-replication-status: COMPLETED
content-length: 18347
x-amz-id-2: bwifaG4QpxpQlXEVgVe/YPNEHx5GuGC1QME1F2VsiV7zkuQ738jHOtZhpXOA8lsCoUkG+C7wp4I=
x-served-by: cache-hhn-etou8220063-HHN
last-modified: Sun, 29 Jan 2023 11:10:09 GMT
server: AmazonS3
x-timer: S1675177955.010424,VS0,VE0
etag: "9fddc35e14fd429cf99c2e1766022d1f"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
abp: 80
cache-control: private,max-age=14401
accept-ranges: bytes
x-cache-hits: 2

GET
H2 200 bat.js Show response
bat.bing.com/ Frame 3680 38 KB
11 KB 35ms
32ms Script
application/javascript 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/bat.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WNJ3K3P

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

1d26490f083b209ef29e08d092649725edf15ac2b33ad62fdeaafd37f7d79d6f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
date: Tue, 31 Jan 2023 15:12:34 GMT
last-modified: Mon, 23 Jan 2023 19:59:24 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 312119BC09EE465CB55ED1BADD1D734E Ref B: FRAEDGE1521 Ref C: 2023-01-31T15:12:35Z
etag: "076bc30652fd91:0"
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript
cache-control: private,max-age=1800
accept-ranges: bytes
content-length: 11552

GET
H2 200 quant.js Show response
secure.quantserve.com/ Frame 3680 26 KB
10 KB 20ms
18ms Script
application/javascript 2620:116:800d:21:c5a4:625:6563:a5bb
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.quantserve.com/quant.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WNJ3K3P
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2620:116:800d:21:c5a4:625:6563:a5bb , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 8c979ed3785f184174cba3c38dd0ebbd5b244add676982d9aeafb57b3e53b1a4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Tue, 31 Jan 2023 15:12:35 GMT
content-encoding: gzip
etag: "j4o3/UzQJzEULY/aoGayAw=="
vary: Accept-Encoding
content-type: application/javascript
cache-control: private, max-age=604800
accept-ranges: bytes
expires: Tue, 07 Feb 2023 15:12:35 GMT

GET
H3 200 fbevents.js Show response
connect.facebook.net/en_US/ Frame 3680 106 KB
27 KB 19ms
19ms Script
application/x-javascript 2a03:2880:f083:100:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f083:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

c1e56ad863615fc191d80d7807852db95e57579f6535186d83d04ecdebef5236

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Tue, 31 Jan 2023 15:12:35 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 27843
x-fb-rlafr: 0
x-xss-protection: 0
pragma: public
x-fb-debug: NnNjYZKs5BC+Xw8TgqBqyAdtm1ztFhCxcIAtrb5BndEOyEJP+/0TDoyPTJ2dCrACobb+4QgYvUvNXVWADVbNYg==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
origin-agent-cluster: ?0
cache-control: public, max-age=1200
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 204 analytics.min.js Show response
cdn.resonate.com/analytics.js/v1/101125894/ Frame 3680 0
55 B 18ms
18ms Script
text/plain 104.18.13.242
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.resonate.com/analytics.js/v1/101125894/analytics.min.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.13.242 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Tue, 31 Jan 2023 15:12:35 GMT
strict-transport-security: max-age=15552000
server: cloudflare
cf-ray: 792362eadef39bbc-FRA
vary: Accept-Encoding

GET
H3

200

B21581475.265419780;dc_pre=CKqFyJeM8vwCFYfzEQgdZhYAng;dc_trk_aid=424965911;dc_trk_cid=104722561;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=
ad.doubleclick.net/ddm/trackimp/N9539.3391082MARCHOFDIMES/ Frame 3680
Redirect Chain

https://ad.doubleclick.net/ddm/trackimp/N9539.3391082MARCHOFDIMES/B21581475.265419780;dc_trk_aid=424965911;dc_trk_cid=104722561;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tf...
https://ad.doubleclick.net/ddm/trackimp/N9539.3391082MARCHOFDIMES/B21581475.265419780;dc_pre=CKqFyJeM8vwCFYfzEQgdZhYAng;dc_trk_aid=424965911;dc_trk_cid=104722561;ord=[timestamp];dc_lat=;dc_rdid=;ta...

42 B
63 B

58ms
58ms

Image
image/gif

172.217.19.102
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ad.doubleclick.net/ddm/trackimp/N9539.3391082MARCHOFDIMES/B21581475.265419780;dc_pre=CKqFyJeM8vwCFYfzEQgdZhYAng;dc_trk_aid=424965911;dc_trk_cid=104722561;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?

Protocol

Server

172.217.19.102 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

muc03s07-in-f102.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 31 Jan 2023 15:12:35 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 31 Jan 2023 15:12:35 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ad.doubleclick.net/ddm/trackimp/N9539.3391082MARCHOFDIMES/B21581475.265419780;dc_pre=CKqFyJeM8vwCFYfzEQgdZhYAng;dc_trk_aid=424965911;dc_trk_cid=104722561;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?
content-type: text/html; charset=UTF-8
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
follow-only-when-prerender-shown: 1
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 B21591273.227039140;sz=1x2;ord=455222933924 Show response
ad.doubleclick.net/ddm/adj/N9539.197812NSO.CODESRV/ Frame 3680 34 KB
13 KB 72ms
72ms Script
text/javascript 172.217.19.102
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.doubleclick.net/ddm/adj/N9539.197812NSO.CODESRV/B21591273.227039140;sz=1x2;ord=455222933924?

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.19.102 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

muc03s07-in-f102.1e100.net

Software

cafe /

Resource Hash

b1a0d32005979c12562947d398fa663e84c1127640530a78edcda303d3a33c73

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 31 Jan 2023 15:12:35 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12895
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 optimize.js Show response
www.googleoptimize.com/ Frame 3680 120 KB
45 KB 49ms
48ms Script
application/javascript 2a00:1450:400d:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleoptimize.com/optimize.js?id=GTM-W2ZD7L3

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WNJ3K3P

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:808::200e , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

ce9f52a2c98f5b57b7591379ad3d95bc7ccd7ebe18e06699fb4a0aa1f2c2026a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Tue, 31 Jan 2023 15:12:35 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 46168
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Tue, 31 Jan 2023 15:12:35 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ Frame 3680 218 KB
76 KB 24ms
23ms Script
application/javascript 2a00:1450:4001:808::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-0DRBVSJJB1&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WNJ3K3P

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

7dbc0d021a7c898fecf2f88202551efe3ac072fd4846e641a065a55f8b043f2a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Tue, 31 Jan 2023 15:12:35 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 77790
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Tue, 31 Jan 2023 15:12:35 GMT

GET
H2 200 recaptcha__de.js Show response
www.gstatic.com/recaptcha/releases/RGRQD9tdxHtnt-Bxkx9pM75S/ Frame 3680 405 KB
162 KB 92ms
22ms Script
text/javascript 2a00:1450:400d:805::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/RGRQD9tdxHtnt-Bxkx9pM75S/recaptcha__de.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api.js?render=explicit

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:805::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

447256eb31b03e8de245de6feb98fad0a7710874162ab5cd91bd39274eaed7a7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://give.marchofdimes.org/
Origin: https://give.marchofdimes.org
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:04:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 112076
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 165279
x-xss-protection: 0
last-modified: Mon, 23 Jan 2023 01:02:00 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 30 Jan 2024 08:04:39 GMT

GET
H/1.1 200
OK accountStatus Show response
payments.amazon.com/merchantAccount/A24SJ7EJ7ID1HK/ Frame 3680 34 B
407 B 1992ms
712ms XHR
application/json 54.239.28.235
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://payments.amazon.com/merchantAccount/A24SJ7EJ7ID1HK/accountStatus?countryOfEstablishment=US&ledgerCurrency=USD&originDomain=https://give.marchofdimes.org&storeId=amzn1.application-oa2-client.e1ff19fc46434acbbc47678d3a8496e3

Requested by

Host: static-na.payments-amazon.com
URL: https://static-na.payments-amazon.com/OffAmazonPayments/us/js/Widgets.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.239.28.235 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

6daf092c820d6323f36c5ddad13658cf42a525808c69025cc3e7a36d76ab5508

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date: Tue, 31 Jan 2023 15:12:36 GMT
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Server: Server
x-amz-rid: BEB49MX688QPJQTEEC3E
x-amzn-RequestId: BEB49MX688QPJQTEEC3E
Vary: Content-Type,Accept-Encoding,User-Agent
Content-Type: application/json
Access-Control-Allow-Origin: *
Connection: keep-alive
Content-Length: 34

POST
H3 200 collect Show response
www.google-analytics.com/j/ Frame 3680 4 B
24 B 14ms
14ms XHR
text/plain 2001:4860:4802:38::178
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j99&a=151665829&t=pageview&_s=1&dl=https%3A%2F%2Fgive.marchofdimes.org%2F%3FsrcCode%3DGCLGENEM2301CNT00130001%26utm_medium%3Demail%26utm_source%3Dmandr%26utm_campaign%3D2023cultivation%26utm_content%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1%26mkto%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001%26DonationFormId%3D262%26urlReferer%3Dhttps%253A%252F%252Fwww.marchofdimes.org%252Fdonate-now%253FsrcCode%253DGCLGENEM2301CNT00130001%2526amp%253Butm_medium%253Demail%2526amp%253Butm_source%253Dmandr%2526amp%253Butm_campaign%253D2023cultivation%2526amp%253Butm_content%253Dem-nat-mandr-2023cultivation-2023-01-30-email-1%2526amp%253Bmkto%253Dem-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001&dr=https%3A%2F%2Fwww.marchofdimes.org%2F&ul=en-us&de=UTF-8&dt=March%20of%20Dimes%20Donation&sd=24-bit&sr=1600x1200&vp=736x560&je=0&_u=SCCAAUITQAAAACAAI~&jid=931777845&gjid=434602715&cid=35072588.1675177954&tid=UA-219864-1&_gid=2002133705.1675177954&_r=1&_slc=1&gtm=2ou1p0&z=2121242239

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2001:4860:4802:38::178 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://give.marchofdimes.org/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 31 Jan 2023 15:12:35 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://give.marchofdimes.org
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 200 collect Show response
www.google-analytics.com/j/ Frame 3680 2 B
22 B 15ms
15ms XHR
text/plain 2001:4860:4802:38::178
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j99&a=151665829&t=pageview&_s=1&dl=https%3A%2F%2Fgive.marchofdimes.org%2F%3FsrcCode%3DGCLGENEM2301CNT00130001%26utm_medium%3Demail%26utm_source%3Dmandr%26utm_campaign%3D2023cultivation%26utm_content%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1%26mkto%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001%26DonationFormId%3D262%26urlReferer%3Dhttps%253A%252F%252Fwww.marchofdimes.org%252Fdonate-now%253FsrcCode%253DGCLGENEM2301CNT00130001%2526amp%253Butm_medium%253Demail%2526amp%253Butm_source%253Dmandr%2526amp%253Butm_campaign%253D2023cultivation%2526amp%253Butm_content%253Dem-nat-mandr-2023cultivation-2023-01-30-email-1%2526amp%253Bmkto%253Dem-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001&dr=https%3A%2F%2Fwww.marchofdimes.org%2F&ul=en-us&de=UTF-8&dt=March%20of%20Dimes%20Donation&sd=24-bit&sr=1600x1200&vp=736x560&je=0&_u=SCCAAUITQAAAACAAI~&jid=&gjid=&cid=35072588.1675177954&tid=UA-219864-60&_gid=2002133705.1675177954&_slc=1&gtm=2wg1p0WNJ3K3P&z=1494643596

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2001:4860:4802:38::178 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://give.marchofdimes.org/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 31 Jan 2023 15:12:35 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://give.marchofdimes.org
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 json Show response
trc.taboola.com/1335104/trc/3/ Frame 3680 2 KB
1 KB 25ms
23ms Script
application/javascript 151.101.1.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://trc.taboola.com/1335104/trc/3/json?tim=1675177955080&data=%7B%22id%22%3A460%2C%22ii%22%3A%22%2F%22%2C%22it%22%3A%22video%22%2C%22sd%22%3Anull%2C%22ui%22%3Anull%2C%22vi%22%3A1675177955076%2C%22cv%22%3A%2220230129-6-RELEASE%22%2C%22uiv%22%3A%22default%22%2C%22u%22%3A%22https%3A%2F%2Fgive.marchofdimes.org%2F%3FsrcCode%3DGCLGENEM2301CNT00130001%26utm_medium%3Demail%26utm_source%3Dmandr%26utm_campaign%3D2023cultivation%26utm_content%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1%26mkto%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001%26DonationFormId%3D262%26urlReferer%3Dhttps%253A%252F%252Fwww.marchofdimes.org%252Fdonate-now%253FsrcCode%253DGCLGENEM2301CNT00130001%2526amp%253Butm_medium%253Demail%2526amp%253Butm_source%253Dmandr%2526amp%253Butm_campaign%253D2023cultivation%2526amp%253Butm_content%253Dem-nat-mandr-2023cultivation-2023-01-30-email-1%2526amp%253Bmkto%253Dem-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001%22%2C%22e%22%3Anull%2C%22cb%22%3A%22TFASC.trkCallback%22%2C%22qs%22%3A%22%3FsrcCode%3DGCLGENEM2301CNT00130001%26utm_medium%3Demail%26utm_source%3Dmandr%26utm_campaign%3D2023cultivation%26utm_content%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1%26mkto%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001%26DonationFormId%3D262%22%2C%22r%22%3A%5B%7B%22li%22%3A%22rbox-tracking%22%2C%22s%22%3A0%2C%22uim%22%3A%22rbox-tracking%3Apub%3Dtruenorth-marchofdimes-sc%3Aabp%3D0%22%2C%22uip%22%3A%22rbox-tracking%22%2C%22orig_uip%22%3A%22rbox-tracking%22%7D%5D%2C%22mpv%22%3Atrue%2C%22supv%22%3Atrue%2C%22mpvd%22%3A%7B%22en%22%3A%22page_view%22%2C%22tim%22%3A1675177955079%2C%22ref%22%3Anull%2C%22item-url%22%3A%22https%3A%2F%2Fgive.marchofdimes.org%2F%3FsrcCode%3DGCLGENEM2301CNT00130001%26utm_medium%3Demail%26utm_source%3Dmandr%26utm_campaign%3D2023cultivation%26utm_content%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1%26mkto%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001%26DonationFormId%3D262%26urlReferer%3Dhttps%253A%252F%252Fwww.marchofdimes.org%252Fdonate-now%253FsrcCode%253DGCLGENEM2301CNT00130001%2526amp%253Butm_medium%253Demail%2526amp%253Butm_source%253Dmandr%2526amp%253Butm_campaign%253D2023cultivation%2526amp%253Butm_content%253Dem-nat-mandr-2023cultivation-2023-01-30-email-1%2526amp%253Bmkto%253Dem-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001%22%2C%22tos%22%3A1%2C%22ssd%22%3A1%2C%22scd%22%3A0%2C%22ler%22%3A%22other%22%2C%22supv%22%3Atrue%7D%7D&pubit=i
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/unip/1335104/tfa.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 5a4aba4ef6b3dc927cf61fbef7cfc360db9d4a81a149b6b11907887f18f0efde

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

x-vcl-time-ms: 16
date: Tue, 31 Jan 2023 15:12:35 GMT
content-encoding: gzip
via: 1.1 varnish
x-served-by: cache-hhn-etou8220063-HHN
server: nginx
x-timer: S1675177955.084120,VS0,VE16
vary: Accept-Encoding
x-cache: MISS
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin: *
content-type: application/javascript; charset=utf-8
access-control-allow-credentials: true
accept-ranges: bytes
x-cache-hits: 0

GET
H2 200 rules-p-4LjrHyeV3QUW4.js Show response
rules.quantcount.com/ Frame 3680 160 B
633 B 9ms
6ms Script
application/javascript 2600:9000:223c:cc00:6:44e3:f8c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rules.quantcount.com/rules-p-4LjrHyeV3QUW4.js
Requested by: Host: secure.quantserve.com
URL: https://secure.quantserve.com/quant.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223c:cc00:6:44e3:f8c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 2aa9b0ccf31fe34e187c3b09bec7e9d8fccdeb48a5b2223d9f80df2a8790a6af

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Tue, 31 Jan 2023 14:35:13 GMT
via: 1.1 1f0db25765b79d244ad1fa2184395c12.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P2
age: 2837
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 160
last-modified: Thu, 13 Oct 2022 23:45:31 GMT
server: AmazonS3
etag: "52b67ed0d6de08757c0affd0509ae576"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=3600
accept-ranges: bytes
x-amz-cf-id: _TuFnxZHKzxin5LB65CFUOVYDu20CgJShdqDQcDpFbmftmBEu5-Tkg==

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ Frame 3680 184 KB
66 KB 19ms
18ms Script
application/javascript 2a00:1450:4001:808::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-794610601&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-219864-1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

8041b5e79eead5d0e7367e24dc5ee90295698a6d838682658081b100a094ea44

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Tue, 31 Jan 2023 15:12:35 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 67723
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Tue, 31 Jan 2023 15:12:35 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ Frame 3680 128 KB
50 KB 22ms
22ms Script
application/javascript 2a00:1450:4001:808::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-1071894384&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-219864-1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

58738c49da73f2e22fe9c9c4732712bbb8aa5d4110e42a503fc4c5515969bc32

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Tue, 31 Jan 2023 15:12:35 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 50852
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Tue, 31 Jan 2023 15:12:35 GMT

GET
H3 200 1621384747882069 Show response
connect.facebook.net/signals/config/ Frame 3680 379 KB
108 KB 17ms
16ms Script
application/x-javascript 2a03:2880:f083:100:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/1621384747882069?v=2.9.95&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f083:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

84768aef16e00db6fcaa24a5b82328cf4d7d747707f28b9a04d0d91a6b671d09

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Tue, 31 Jan 2023 15:12:35 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 110912
x-fb-rlafr: 0
x-xss-protection: 0
pragma: public
x-fb-debug: h85qo5ClgUXs8VPSnDIJ5vHv4flh5HgTHNjglTaQhDbiZVoXoJXox0ojsyvWFV84xmmX/rp41X0ZxLyF/ZIJSg==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
origin-agent-cluster: ?0
cache-control: public, max-age=1200
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 204 25017097.js Show response
bat.bing.com/p/action/ Frame 3680 0
118 B 109ms
108ms Script
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/p/action/25017097.js

Requested by

Host: bat.bing.com
URL: https://bat.bing.com/bat.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: private,max-age=1800
date: Tue, 31 Jan 2023 15:12:34 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: BEE67C3831594FE4BD868940D5E4436D Ref B: FRAEDGE1521 Ref C: 2023-01-31T15:12:35Z
x-cache: CONFIG_NOCACHE

GET
H2 204 0
bat.bing.com/action/ Frame 3680 0
120 B 31ms
30ms Image
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bat.bing.com/action/0?ti=25017097&tm=gtm002&Ver=2&mid=4f7aa080-0a0e-4fc6-9018-e057f57a5328&sid=b04b9c30a17911edb636e395cc17cbf3&vid=b04be0c0a17911edb47f89a523e2302a&vids=0&msclkid=N&pi=1200101525&lg=en-US&sw=1600&sh=1200&sc=24&tl=March%20of%20Dimes%20Donation&p=https%3A%2F%2Fwww.marchofdimes.org%2F&r=&lt=1050&evt=pageLoad&ifm=1&sv=1&rn=186291

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Tue, 31 Jan 2023 15:12:34 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: D9673DF598144297BF847CAB7291D8E1 Ref B: FRAEDGE1521 Ref C: 2023-01-31T15:12:35Z
x-cache: CONFIG_NOCACHE
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ Frame 3680 1 B
350 B 65ms
21ms XHR
text/plain 2a00:1450:400c:c06::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-219864-1&cid=35072588.1675177954&jid=931777845&gjid=434602715&_gid=2002133705.1675177954&_u=SCCAAUISQAAAACAAI~&z=169733705

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c06::9d Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://give.marchofdimes.org/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Tue, 31 Jan 2023 15:12:35 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://give.marchofdimes.org
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ld.js Show response
dynamic.criteo.com/js/ld/ Frame 200F 43 KB
15 KB 31ms
30ms Script
application/javascript 2a02:2638:1::d
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://dynamic.criteo.com/js/ld/ld.js?a=81237

Requested by

Host: 8832015.fls.doubleclick.net
URL: https://8832015.fls.doubleclick.net/activityi;dc_pre=CIPXx5eM8vwCFZVDGAod_M4FjQ;src=8832015;type=rt;cat=gen;ord=7764937972392;gtm=2wg1p0;auiddc=1629772784.1675177954;~oref=https%3A%2F%2Fgive.marchofdimes.org%2F%3FsrcCode%3DGCLGENEM2301CNT00130001%26utm_medium%3Demail%26utm_source%3Dmandr%26utm_campaign%3D2023cultivation%26utm_content%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1%26mkto%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001%26DonationFormId%3D262%26urlReferer%3Dhttps%253A%252F%252Fwww.marchofdimes.org%252Fdonate-now%253FsrcCode%253DGCLGENEM2301CNT00130001%2526amp%253Butm_medium%253Demail%2526amp%253Butm_source%253Dmandr%2526amp%253Butm_campaign%253D2023cultivation%2526amp%253Butm_content%253Dem-nat-mandr-2023cultivation-2023-01-30-email-1%2526amp%253Bmkto%253Dem-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::d , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

c56564287df791f808cee17bb95d43fa8340f4295f1e591bed50d401a97c9e98

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8832015.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Tue, 31 Jan 2023 15:12:34 GMT
content-encoding: br
strict-transport-security: max-age=31536000; preload;
server: Kestrel
vary: Origin, Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: public,max-age=10800
cross-origin-resource-policy: cross-origin
timing-allow-origin: *

GET
H2 204 Pixels
px.adentifi.com/ Frame 200F 0
34 B 102ms
101ms Image
text/plain 34.193.14.46
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.adentifi.com/Pixels?a_id=3404;uq=1503580022;
Requested by: Host: 8832015.fls.doubleclick.net
URL: https://8832015.fls.doubleclick.net/activityi;dc_pre=CIPXx5eM8vwCFZVDGAod_M4FjQ;src=8832015;type=rt;cat=gen;ord=7764937972392;gtm=2wg1p0;auiddc=1629772784.1675177954;~oref=https%3A%2F%2Fgive.marchofdimes.org%2F%3FsrcCode%3DGCLGENEM2301CNT00130001%26utm_medium%3Demail%26utm_source%3Dmandr%26utm_campaign%3D2023cultivation%26utm_content%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1%26mkto%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001%26DonationFormId%3D262%26urlReferer%3Dhttps%253A%252F%252Fwww.marchofdimes.org%252Fdonate-now%253FsrcCode%253DGCLGENEM2301CNT00130001%2526amp%253Butm_medium%253Demail%2526amp%253Butm_source%253Dmandr%2526amp%253Butm_campaign%253D2023cultivation%2526amp%253Butm_content%253Dem-nat-mandr-2023cultivation-2023-01-30-email-1%2526amp%253Bmkto%253Dem-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001?
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.193.14.46 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-193-14-46.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8832015.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Tue, 31 Jan 2023 15:12:35 GMT

GET
H2 200 dc_pre=CIPXx5eM8vwCFZVDGAod_M4FjQ;src=8832015;type=rt;cat=gen;ord=7764937972392;gtm=2wg1p0;auiddc=*;~oref=https%3A%2F%2Fgive.marchofdimes.org%2F%3FsrcCode%3DGCLGENEM2301CNT00130001%26utm_medium%3De...
adservice.google.com/ddm/fls/z/ Frame 200F 42 B
107 B 46ms
44ms Image
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/dc_pre=CIPXx5eM8vwCFZVDGAod_M4FjQ;src=8832015;type=rt;cat=gen;ord=7764937972392;gtm=2wg1p0;auiddc=*;~oref=https%3A%2F%2Fgive.marchofdimes.org%2F%3FsrcCode%3DGCLGENEM2301CNT00130001%26utm_medium%3Demail%26utm_source%3Dmandr%26utm_campaign%3D2023cultivation%26utm_content%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1%26mkto%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001%26DonationFormId%3D262%26urlReferer%3Dhttps%253A%252F%252Fwww.marchofdimes.org%252Fdonate-now%253FsrcCode%253DGCLGENEM2301CNT00130001%2526amp%253Butm_medium%253Demail%2526amp%253Butm_source%253Dmandr%2526amp%253Butm_campaign%253D2023cultivation%2526amp%253Butm_content%253Dem-nat-mandr-2023cultivation-2023-01-30-email-1%2526amp%253Bmkto%253Dem-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8832015.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 31 Jan 2023 15:12:35 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20230125/r20110914/elements/html/ Frame 3680 8 KB
3 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230125/r20110914/elements/html/omrhp.js

Requested by

Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adj/N9539.197812NSO.CODESRV/B21591273.227039140;sz=1x2;ord=455222933924?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1d84738c2afaf595ff5d4921d8dc6bb5ce19a7b9c33a6c02d8a35ff80611cc87

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 22:16:39 GMT
content-encoding: br
x-content-type-options: nosniff
age: 60956
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2986
x-xss-protection: 0
server: cafe
etag: 3296546412363819624
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 13 Feb 2023 22:16:39 GMT

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 3680 0
0 55ms
54ms Fetch
image/gif 142.250.180.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssVFJKWeBw93slRSdE-H1nUhN0cknsPrQkGu5wWdRxihoIzuZq_JR8Rk98xwhQmXDKqmCR8_MAByyxMILf8_iwR_9r7cwPY8Y6bzeQpo1EjcJQ0Y3IlYmSVBv5IGRh9rWg_kKLeWehKrGGBpGcdHLWUT_Hoy0qO1xli9ywHcg&sai=AMfl-YQNKieGTkzzoTSrktat2oNokYD-hE9X8Q7EYGEtRQ4Ei8GK1Eg82IAio_APGImAw3wZrP6_-BE5bTGPaX9znoIBywSXQUFonKzOAUkQ&sig=Cg0ArKJSzEg_t0PshxBZEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1&cbvp=1&cisv=r20230125.16415&arae=0&ftch=1&adurl=

Requested by

Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adj/N9539.197812NSO.CODESRV/B21591273.227039140;sz=1x2;ord=455222933924?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.180.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bud02s34-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Tue, 31 Jan 2023 15:12:35 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Tue, 31 Jan 2023 15:12:35 GMT

GET
H3 200 fbevents.js Show response
connect.facebook.net/en_US/ Frame 200F 106 KB
27 KB 8ms
7ms Script
application/x-javascript 2a03:2880:f083:100:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f083:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

c1e56ad863615fc191d80d7807852db95e57579f6535186d83d04ecdebef5236

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8832015.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Tue, 31 Jan 2023 15:12:35 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 27843
x-fb-rlafr: 0
x-xss-protection: 0
pragma: public
x-fb-debug: NnNjYZKs5BC+Xw8TgqBqyAdtm1ztFhCxcIAtrb5BndEOyEJP+/0TDoyPTJ2dCrACobb+4QgYvUvNXVWADVbNYg==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
origin-agent-cluster: ?0
cache-control: public, max-age=1200
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 quant.js Show response
secure.quantserve.com/ Frame 200F 26 KB
10 KB 8ms
8ms Script
application/javascript 2620:116:800d:21:c5a4:625:6563:a5bb
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.quantserve.com/quant.js
Requested by: Host: 8832015.fls.doubleclick.net
URL: https://8832015.fls.doubleclick.net/activityi;dc_pre=CIPXx5eM8vwCFZVDGAod_M4FjQ;src=8832015;type=rt;cat=gen;ord=7764937972392;gtm=2wg1p0;auiddc=1629772784.1675177954;~oref=https%3A%2F%2Fgive.marchofdimes.org%2F%3FsrcCode%3DGCLGENEM2301CNT00130001%26utm_medium%3Demail%26utm_source%3Dmandr%26utm_campaign%3D2023cultivation%26utm_content%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1%26mkto%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001%26DonationFormId%3D262%26urlReferer%3Dhttps%253A%252F%252Fwww.marchofdimes.org%252Fdonate-now%253FsrcCode%253DGCLGENEM2301CNT00130001%2526amp%253Butm_medium%253Demail%2526amp%253Butm_source%253Dmandr%2526amp%253Butm_campaign%253D2023cultivation%2526amp%253Butm_content%253Dem-nat-mandr-2023cultivation-2023-01-30-email-1%2526amp%253Bmkto%253Dem-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001?
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2620:116:800d:21:c5a4:625:6563:a5bb , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 8c979ed3785f184174cba3c38dd0ebbd5b244add676982d9aeafb57b3e53b1a4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8832015.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Tue, 31 Jan 2023 15:12:35 GMT
content-encoding: gzip
etag: "j4o3/UzQJzEULY/aoGayAw=="
vary: Accept-Encoding
content-type: application/javascript
cache-control: private, max-age=604800
accept-ranges: bytes
expires: Tue, 07 Feb 2023 15:12:35 GMT

GET
H2 200 bat.js Show response
bat.bing.com/ Frame 200F 38 KB
11 KB 36ms
33ms Script
application/javascript 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/bat.js

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

1d26490f083b209ef29e08d092649725edf15ac2b33ad62fdeaafd37f7d79d6f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8832015.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
date: Tue, 31 Jan 2023 15:12:34 GMT
last-modified: Mon, 23 Jan 2023 19:59:24 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: EBCB819B72A34EFBAE5EBC1694A8BA78 Ref B: FRAEDGE1521 Ref C: 2023-01-31T15:12:35Z
etag: "076bc30652fd91:0"
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript
cache-control: private,max-age=1800
accept-ranges: bytes
content-length: 11552

GET
H/1.1 200
OK pixel.js Show response
origin.acuityplatform.com/event/v2/ Frame 200F 2 KB
3 KB 15ms
12ms Script
application/javascript 95.101.179.119
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://origin.acuityplatform.com/event/v2/pixel.js
Requested by: Host: 8832015.fls.doubleclick.net
URL: https://8832015.fls.doubleclick.net/activityi;dc_pre=CIPXx5eM8vwCFZVDGAod_M4FjQ;src=8832015;type=rt;cat=gen;ord=7764937972392;gtm=2wg1p0;auiddc=1629772784.1675177954;~oref=https%3A%2F%2Fgive.marchofdimes.org%2F%3FsrcCode%3DGCLGENEM2301CNT00130001%26utm_medium%3Demail%26utm_source%3Dmandr%26utm_campaign%3D2023cultivation%26utm_content%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1%26mkto%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001%26DonationFormId%3D262%26urlReferer%3Dhttps%253A%252F%252Fwww.marchofdimes.org%252Fdonate-now%253FsrcCode%253DGCLGENEM2301CNT00130001%2526amp%253Butm_medium%253Demail%2526amp%253Butm_source%253Dmandr%2526amp%253Butm_campaign%253D2023cultivation%2526amp%253Butm_content%253Dem-nat-mandr-2023cultivation-2023-01-30-email-1%2526amp%253Bmkto%253Dem-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001?
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 95.101.179.119 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a95-101-179-119.deploy.static.akamaitechnologies.com
Software: nginx/1.14.0 /
Resource Hash: 89cf66cb9de8da20fc15e9953845dd4d1de2c0fb465c827a09d818449222c533

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8832015.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date: Tue, 31 Jan 2023 15:12:35 GMT
Last-Modified: Wed, 04 Jan 2023 18:57:40 GMT
Server: nginx/1.14.0
ETag: "63b5cc24-978"
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2424

GET
H2 200 pixel;r=235441809;source=gtm;rf=0;a=p-4LjrHyeV3QUW4;url=https%3A%2F%2Fgive.marchofdimes.org%2F%3FsrcCode%3DGCLGENEM2301CNT00130001%26utm_medium%3Demail%26utm_source%3Dmandr%26utm_campaign%3D2023cul...
pixel.quantserve.com/ Frame 3680 35 B
210 B 9ms
9ms Image
image/gif 2620:116:800d:21:c5a4:625:6563:a5bb
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.quantserve.com/pixel;r=235441809;source=gtm;rf=0;a=p-4LjrHyeV3QUW4;url=https%3A%2F%2Fgive.marchofdimes.org%2F%3FsrcCode%3DGCLGENEM2301CNT00130001%26utm_medium%3Demail%26utm_source%3Dmandr%26utm_campaign%3D2023cultivation%26utm_content%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1%26mkto%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001%26DonationFormId%3D262%26urlReferer%3Dhttps%253A%252F%252Fwww.marchofdimes.org%252Fdonate-now%253FsrcCode%253DGCLGENEM2301CNT00130001%2526amp%253Butm_medium%253Demail%2526amp%253Butm_source%253Dmandr%2526amp%253Butm_campaign%253D2023cultivation%2526amp%253Butm_content%253Dem-nat-mandr-2023cultivation-2023-01-30-email-1%2526amp%253Bmkto%253Dem-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001;ref=https%3A%2F%2Fwww.marchofdimes.org%2F;uht=2;fpan=0;fpa=P0-283805891-1675177953995;pbc=;ns=1;ce=1;qjs=1;qv=c1229512-20230130173030;cm=;gdpr=0;d=marchofdimes.org;dst=0;et=1675177955245;tzo=0;ogl=;ses=4b2cba9a-6f5c-459e-9230-e70de7fff0b0

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:c5a4:625:6563:a5bb , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Tue, 31 Jan 2023 15:12:35 GMT
cache-control: private, no-cache, no-store, proxy-revalidate
strict-transport-security: max-age=86400
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/1071894384/ Frame 3680 3 KB
1 KB 152ms
151ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1071894384/?random=1675177955256&cv=11&fst=1675177955256&bg=ffffff&guid=ON&async=1&gtm=2oa1p0&u_w=1600&u_h=1200&hn=www.googleadservices.com&frm=2&url=https%3A%2F%2Fgive.marchofdimes.org%2F%3FsrcCode%3DGCLGENEM2301CNT00130001%26utm_medium%3Demail%26utm_source%3Dmandr%26utm_campaign%3D2023cultivation%26utm_content%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1%26mkto%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001%26DonationFormId%3D262%26urlReferer%3Dhttps%253A%252F%252Fwww.marchofdimes.org%252Fdonate-now%253FsrcCode%253DGCLGENEM2301CNT00130001%2526amp%253Butm_medium%253Demail%2526amp%253Butm_source%253Dmandr%2526amp%253Butm_campaign%253D2023cultivation%2526amp%253Butm_content%253Dem-nat-mandr-2023&ref=https%3A%2F%2Fwww.marchofdimes.org%2F&tiba=March%20of%20Dimes%20Donation&auid=1629772784.1675177954&uamb=0&uaw=0&data=event%3Dgtag.config&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-1071894384&l=dataLayer&cx=c

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

45d6edeb32bf69e5898777a3c10f9945acf266355d49d7e2c17dd471c25972e6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 31 Jan 2023 15:12:35 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1100
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/794610601/ Frame 3680 3 KB
1 KB 59ms
57ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/794610601/?random=1675177955322&cv=11&fst=1675177955322&bg=ffffff&guid=ON&async=1&gtm=2oa1p0&u_w=1600&u_h=1200&hn=www.googleadservices.com&frm=2&url=https%3A%2F%2Fgive.marchofdimes.org%2F%3FsrcCode%3DGCLGENEM2301CNT00130001%26utm_medium%3Demail%26utm_source%3Dmandr%26utm_campaign%3D2023cultivation%26utm_content%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1%26mkto%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001%26DonationFormId%3D262%26urlReferer%3Dhttps%253A%252F%252Fwww.marchofdimes.org%252Fdonate-now%253FsrcCode%253DGCLGENEM2301CNT00130001%2526amp%253Butm_medium%253Demail%2526amp%253Butm_source%253Dmandr%2526amp%253Butm_campaign%253D2023cultivation%2526amp%253Butm_content%253Dem-nat-mandr-2023&ref=https%3A%2F%2Fwww.marchofdimes.org%2F&tiba=March%20of%20Dimes%20Donation&auid=1629772784.1675177954&uamb=0&uaw=0&data=event%3Dgtag.config&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-794610601&l=dataLayer&cx=c

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f50a7c535aeb44b7ab031b51f62e95a590250b60c44800b8292e7445dff9c222

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 31 Jan 2023 15:12:35 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1101
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.facebook.com/tr/ Frame 3680 0
15 B 9ms
8ms Image
text/plain 2a03:2880:f176:181:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1621384747882069&ev=PageView&dl=https%3A%2F%2Fgive.marchofdimes.org%2F%3FsrcCode%3DGCLGENEM2301CNT00130001%26utm_medium%3Demail%26utm_source%3Dmandr%26utm_campaign%3D2023cultivation%26utm_content%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1%26mkto%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001%26DonationFormId%3D262%26urlReferer%3Dhttps%253A%252F%252Fwww.marchofdimes.org%252Fdonate-now%253FsrcCode%253DGCLGENEM2301CNT00130001%2526amp%253Butm_medium%253Demail%2526amp%253Butm_source%253Dmandr%2526amp%253Butm_campaign%253D2023cultivation%2526amp%253Butm_content%253Dem-nat-mandr-2023cultivation-2023-01-30-email-1%2526amp%253Bmkto%253Dem-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001&rl=https%3A%2F%2Fwww.marchofdimes.org%2F&if=true&ts=1675177955344&sw=1600&sh=1200&v=2.9.95&r=stable&ec=0&o=30&fbp=fb.1.1675177954286.1475093205&it=1675177955116&coo=false&rqm=GET

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f176:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Tue, 31 Jan 2023 15:12:35 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0
priority: u=3,i

GET
H3 200 anchor Show response
www.google.com/recaptcha/api2/ Frame 604D 42 KB
22 KB 57ms
55ms Document
text/html 2a00:1450:400d:80d::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lf_Xq4UAAAAAHd1hKHMAy-iydWdiqmt5E-IKeak&co=aHR0cHM6Ly9naXZlLm1hcmNob2ZkaW1lcy5vcmc6NDQz&hl=de&v=RGRQD9tdxHtnt-Bxkx9pM75S&size=invisible&cb=68pfm5jeaesh

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/RGRQD9tdxHtnt-Bxkx9pM75S/recaptcha__de.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80d::2004 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

7575f49aab44ee253777871324241836470b2eaa4a3cd53381f0108fe6263661

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-RJNzcveDtbzAZYu_YO0meg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://give.marchofdimes.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-length: 22370
content-security-policy: script-src 'report-sample' 'nonce-RJNzcveDtbzAZYu_YO0meg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Tue, 31 Jan 2023 15:12:35 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

OPTIONS
H2 200 graphql
payments.braintree-api.com/ Frame 0
0 318ms
17ms Preflight 76.223.13.31
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://payments.braintree-api.com/graphql

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

76.223.13.31 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ae1d37305401c759d.awsglobalaccelerator.com

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,braintree-version,content-type
Access-Control-Request-Method: POST
Origin: https://give.marchofdimes.org
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

access-control-allow-headers: authorization,braintree-version,content-type
access-control-allow-methods: GET,DELETE,OPTIONS,PATCH,POST,PUT
access-control-allow-origin: https://give.marchofdimes.org
access-control-max-age: 1800
date: Tue, 31 Jan 2023 15:12:35 GMT
paypal-debug-id: da9e4aad79204
server: nginx
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
x-frame-options: DENY

POST
H2 200 graphql Show response
payments.braintree-api.com/ Frame 3680 2 KB
1 KB 589ms
588ms XHR
application/json 76.223.13.31
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://payments.braintree-api.com/graphql

Requested by

Host: give.marchofdimes.org
URL: https://give.marchofdimes.org/js/chunk-vendors.19a53d4c.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

76.223.13.31 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ae1d37305401c759d.awsglobalaccelerator.com

Software

nginx /

Resource Hash

fcd533319a7060dd43a60595b017b36bbe63d244ad6f4262c5f5662c832b192d

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://give.marchofdimes.org/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiIsImtpZCI6IjIwMTgwNDI2MTYtcHJvZHVjdGlvbiIsImlzcyI6Imh0dHBzOi8vYXBpLmJyYWludHJlZWdhdGV3YXkuY29tIn0.eyJleHAiOjE2NzUyNjQzNTUsImp0aSI6IjA2ZDcxNmE1LWZjMmItNDg5NS1iYzBjLWNkYjJlNDQyZTQ1MyIsInN1YiI6InNoY3g1OHNwMjhuYnhrbjUiLCJpc3MiOiJodHRwczovL2FwaS5icmFpbnRyZWVnYXRld2F5LmNvbSIsIm1lcmNoYW50Ijp7InB1YmxpY19pZCI6InNoY3g1OHNwMjhuYnhrbjUiLCJ2ZXJpZnlfY2FyZF9ieV9kZWZhdWx0Ijp0cnVlfSwicmlnaHRzIjpbIm1hbmFnZV92YXVsdCJdLCJzY29wZSI6WyJCcmFpbnRyZWU6VmF1bHQiXSwib3B0aW9ucyI6e319.jdjmSkYOLLWHQM5mI942bWaPSFW4WKdopfanNUwbIASBNkLJ2cR0SkI1YzD4sYoTTlNAXty1Hs1xuoNynTIokA
Braintree-Version: 2018-05-10
Content-Type: application/json

Response headers

pragma: no-cache
date: Tue, 31 Jan 2023 15:12:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubdomains; preload
server: nginx
vary: Braintree-Version, Accept-Encoding
braintree-version: 2016-10-07
content-type: application/json
access-control-allow-origin: https://give.marchofdimes.org
paypal-debug-id: a39be90e1c914
cache-control: no-cache, no-store
x-frame-options: DENY
content-length: 1086

GET
H2 200 1.js Show response
cdn.ywxi.net/js/ Frame 3680 19 KB
5 KB 255ms
30ms Script
text/javascript 2600:9000:21c7:e400:14:6bfc:5740:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ywxi.net/js/1.js

Requested by

Host: give.marchofdimes.org
URL: https://give.marchofdimes.org/js/app.11603775.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:21c7:e400:14:6bfc:5740:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Apache /

Resource Hash

ee01d40bfdd77aba5652b3ff93095712b618a6a2cc2637828bd875979cfe9cb8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Tue, 31 Jan 2023 14:39:41 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-encoding: gzip
via: 1.1 b619a16f6f8fe9793bf642d2a8434284.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS54-C1
age: 1974
content-security-policy-report-only: report-uri https://52723791ca12811bfedec52ea4c44290.report-uri.com/r/d/csp/reportOnly; default-src 'self'; script-src * 'unsafe-inline' 'unsafe-eval'; script-src-elem * 'unsafe-inline'; script-src-attr 'unsafe-inline'; style-src 'self' 'unsafe-inline'; style-src-elem * 'unsafe-inline'; style-src-attr 'self' 'unsafe-inline'; img-src * data:; font-src * data:; connect-src *; media-src * blob:; object-src 'none'; frame-src *; frame-ancestors *; form-action 'self'
x-cache: Hit from cloudfront
content-length: 4567
referrer-policy: strict-origin-when-cross-origin
server: Apache
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
x-amz-cf-id: G940IayUyOM_tOu2jL8nVCQXQvZJ7kq4jVHlCVDjsyGWhs8PyD8ETg==
expires: Tue, 31 Jan 2023 15:39:40 GMT

GET
H2 200 btn-cc.png
give.marchofdimes.org/images/ Frame 3680 2 KB
2 KB 132ms
129ms Image
image/webp 2606:4700:10::6816:4345
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://give.marchofdimes.org/images/btn-cc.png
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:4345 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 8ab6178ed23ee18aa7ea5b16f2114096645d98ab305ba16d290cb80e5dc9760a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.marchofdimes.org/?srcCode=GCLGENEM2301CNT00130001&utm_medium=email&utm_source=mandr&utm_campaign=2023cultivation&utm_content=em-nat-mandr-2023cultivation-2023-01-30-email-1&mkto=em-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001&DonationFormId=262&urlReferer=https%3A%2F%2Fwww.marchofdimes.org%2Fdonate-now%3FsrcCode%3DGCLGENEM2301CNT00130001%26amp%3Butm_medium%3Demail%26amp%3Butm_source%3Dmandr%26amp%3Butm_campaign%3D2023cultivation%26amp%3Butm_content%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1%26amp%3Bmkto%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Tue, 31 Jan 2023 15:12:35 GMT
cf-cache-status: HIT
cf-polished: origFmt=png, origSize=4748
x-powered-by: ASP.NET
content-disposition: inline; filename="btn-cc.webp"
content-length: 2396
cf-bgj: imgq:100,h2pri
last-modified: Thu, 23 Sep 2021 10:57:16 GMT
server: cloudflare
etag: "594b8fc569b0d71:0"
vary: Accept
content-type: image/webp
cache-control: max-age=14400
permissions-policy: interest-cohort=()
accept-ranges: bytes
cf-ray: 792362ededef915e-FRA

GET
H2 200 btn-paypal.png
give.marchofdimes.org/images/ Frame 3680 2 KB
2 KB 132ms
130ms Image
image/webp 2606:4700:10::6816:4345
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://give.marchofdimes.org/images/btn-paypal.png
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:4345 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 9ec3bd6685fcfcc08d6ea574d16db5da8622d5a713ce934ef443dc742330ab89

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.marchofdimes.org/?srcCode=GCLGENEM2301CNT00130001&utm_medium=email&utm_source=mandr&utm_campaign=2023cultivation&utm_content=em-nat-mandr-2023cultivation-2023-01-30-email-1&mkto=em-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001&DonationFormId=262&urlReferer=https%3A%2F%2Fwww.marchofdimes.org%2Fdonate-now%3FsrcCode%3DGCLGENEM2301CNT00130001%26amp%3Butm_medium%3Demail%26amp%3Butm_source%3Dmandr%26amp%3Butm_campaign%3D2023cultivation%26amp%3Butm_content%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1%26amp%3Bmkto%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Tue, 31 Jan 2023 15:12:35 GMT
cf-cache-status: HIT
cf-polished: origFmt=png, origSize=4393
x-powered-by: ASP.NET
content-disposition: inline; filename="btn-paypal.webp"
content-length: 1800
cf-bgj: imgq:100,h2pri
last-modified: Thu, 23 Sep 2021 10:57:16 GMT
server: cloudflare
etag: "594b8fc569b0d71:0"
vary: Accept
content-type: image/webp
cache-control: max-age=14400
permissions-policy: interest-cohort=()
accept-ranges: bytes
cf-ray: 792362ededf8915e-FRA

GET
H2 200 btn-amazon.png
give.marchofdimes.org/images/ Frame 3680 2 KB
2 KB 128ms
126ms Image
image/webp 2606:4700:10::6816:4345
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://give.marchofdimes.org/images/btn-amazon.png
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:4345 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: e739a94ded503457c8474ba4f648ecf57407f6d97638e67adabe221d1b761cd1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.marchofdimes.org/?srcCode=GCLGENEM2301CNT00130001&utm_medium=email&utm_source=mandr&utm_campaign=2023cultivation&utm_content=em-nat-mandr-2023cultivation-2023-01-30-email-1&mkto=em-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001&DonationFormId=262&urlReferer=https%3A%2F%2Fwww.marchofdimes.org%2Fdonate-now%3FsrcCode%3DGCLGENEM2301CNT00130001%26amp%3Butm_medium%3Demail%26amp%3Butm_source%3Dmandr%26amp%3Butm_campaign%3D2023cultivation%26amp%3Butm_content%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1%26amp%3Bmkto%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Tue, 31 Jan 2023 15:12:35 GMT
cf-cache-status: HIT
cf-polished: origFmt=png, origSize=4754
x-powered-by: ASP.NET
content-disposition: inline; filename="btn-amazon.webp"
content-length: 1690
cf-bgj: imgq:100,h2pri
last-modified: Thu, 23 Sep 2021 10:57:16 GMT
server: cloudflare
etag: "67248fc569b0d71:0"
vary: Accept
content-type: image/webp
cache-control: max-age=14400
permissions-policy: interest-cohort=()
accept-ranges: bytes
cf-ray: 792362ededf9915e-FRA

GET
H2 200 gximage2
widgets.guidestar.org/ Frame 3680 11 KB
4 KB 623ms
416ms Image
image/svg+xml 172.67.23.169
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://widgets.guidestar.org/gximage2?o=6906404&l=v4
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.23.169 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 60545e054ec3ed32276ff337a4775973165502a5d7420dcbe0c7c3c1e3136d6b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 31 Jan 2023 15:12:36 GMT
content-encoding: br
cf-cache-status: DYNAMIC
server: cloudflare
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
content-type: image/svg+xml
cache-control: no-cache
cf-ray: 792362ef3c43bb71-FRA
expires: -1

GET
H2 200 bbb.png
give.marchofdimes.org/images/ Frame 3680 5 KB
5 KB 137ms
136ms Image
image/webp 2606:4700:10::6816:4345
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://give.marchofdimes.org/images/bbb.png
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:4345 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 4388358f8e4ced0256b18ac97d008fee4081daa03fe7dd685a3104ee936706d2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.marchofdimes.org/?srcCode=GCLGENEM2301CNT00130001&utm_medium=email&utm_source=mandr&utm_campaign=2023cultivation&utm_content=em-nat-mandr-2023cultivation-2023-01-30-email-1&mkto=em-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001&DonationFormId=262&urlReferer=https%3A%2F%2Fwww.marchofdimes.org%2Fdonate-now%3FsrcCode%3DGCLGENEM2301CNT00130001%26amp%3Butm_medium%3Demail%26amp%3Butm_source%3Dmandr%26amp%3Butm_campaign%3D2023cultivation%26amp%3Butm_content%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1%26amp%3Bmkto%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Tue, 31 Jan 2023 15:12:35 GMT
cf-cache-status: HIT
cf-polished: origFmt=png, origSize=6993
x-powered-by: ASP.NET
content-disposition: inline; filename="bbb.webp"
content-length: 5082
cf-bgj: imgq:100,h2pri
last-modified: Thu, 23 Sep 2021 10:57:16 GMT
server: cloudflare
etag: "67248fc569b0d71:0"
vary: Accept
content-type: image/webp
cache-control: max-age=14400
permissions-policy: interest-cohort=()
accept-ranges: bytes
cf-ray: 792362ededfe915e-FRA

GET
H2 200 85th_symbolic_images_55_x4zpaa.jpg
res.cloudinary.com/marchofdimes/image/upload/v1674484936/Donation%20Forms/ Frame 3680 28 KB
29 KB 239ms
39ms Image
image/jpeg 2a04:4e42:600::393
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://res.cloudinary.com/marchofdimes/image/upload/v1674484936/Donation%20Forms/85th_symbolic_images_55_x4zpaa.jpg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:600::393 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Cloudinary /

Resource Hash

1db601171cdf15471c3b6e2559f0f30bebc516d6b0e5ba6a6fd689fa02579da0

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Tue, 31 Jan 2023 15:12:35 GMT
strict-transport-security: max-age=604800
x-content-type-options: nosniff
last-modified: Mon, 23 Jan 2023 14:42:18 GMT
server: Cloudinary
etag: "23610358b1972ae39cc2056db9ca5679"
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length,ETag,Server-Timing,X-Content-Type-Options
cache-control: public, no-transform, immutable, max-age=2592000
server-timing: fastly;dur=11;cpu=9;start=2023-01-31T15:12:35.729Z;desc=hit,rtt;dur=5
accept-ranges: bytes
timing-allow-origin: *
content-length: 28955

GET
H2 200 Graphik-Bold.ttf
give.marchofdimes.org/fonts/ Frame 3680 148 KB
148 KB 207ms
205ms Font
application/octet-stream 2606:4700:10::6816:4345
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://give.marchofdimes.org/fonts/Graphik-Bold.ttf
Requested by: Host: give.marchofdimes.org
URL: https://give.marchofdimes.org/css/app.6076a70b.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:4345 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: f2f5cb21c545b0010b10a9bc7762a5376f5df10cd53aeb2db765d28afb109e9f

Request headers

Referer: https://give.marchofdimes.org/css/app.6076a70b.css
Origin: https://give.marchofdimes.org
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Tue, 31 Jan 2023 15:12:35 GMT
cf-cache-status: HIT
last-modified: Wed, 04 Aug 2021 19:08:50 GMT
server: cloudflare
etag: "889615296489d71:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: application/octet-stream
cache-control: max-age=14400
permissions-policy: interest-cohort=()
accept-ranges: bytes
cf-ray: 792362edfe02915e-FRA
content-length: 151108

GET
H2 200 Graphik-Regular.ttf
give.marchofdimes.org/fonts/ Frame 3680 145 KB
146 KB 129ms
129ms Font
application/octet-stream 2606:4700:10::6816:4345
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://give.marchofdimes.org/fonts/Graphik-Regular.ttf
Requested by: Host: give.marchofdimes.org
URL: https://give.marchofdimes.org/css/app.6076a70b.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:4345 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 8fc17a517bcaafe39e7c2106483762f877897aa0c22ab9dd472c1cde12188626

Request headers

Referer: https://give.marchofdimes.org/css/app.6076a70b.css
Origin: https://give.marchofdimes.org
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Tue, 31 Jan 2023 15:12:35 GMT
cf-cache-status: HIT
last-modified: Wed, 04 Aug 2021 19:08:50 GMT
server: cloudflare
etag: "7fbd15296489d71:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: application/octet-stream
cache-control: max-age=14400
permissions-policy: interest-cohort=()
accept-ranges: bytes
cf-ray: 792362edfe06915e-FRA
content-length: 148868

GET
H2

200

event Show response
widget.us.criteo.com/ Frame 200F
Redirect Chain

https://sslwidget.criteo.com/event?a=81237&v=5.13.0&p0=e%3Dexd%26site_type%3Dd%26ref%3Dhttps%253A%252F%252Fgive.marchofdimes.org&p1=e%3Dvh&p2=e%3Ddis&bundle=Q-LkJl9LdFpScmlhSWNPTFVFSGxGaEFmMmhBVXQ3...
https://widget.us.criteo.com/event?a=81237&v=5.13.0&p0=e%3Dexd%26site_type%3Dd%26ref%3Dhttps%253A%252F%252Fgive.marchofdimes.org&p1=e%3Dvh&p2=e%3Ddis&bundle=Q-LkJl9LdFpScmlhSWNPTFVFSGxGaEFmMmhBVXQ3...

8 KB
4 KB

121ms
120ms

Script
application/x-javascript

74.119.119.150
AS-CRITEO

General

Check archive.org

Show headers Download Go to

Full URL

https://widget.us.criteo.com/event?a=81237&v=5.13.0&p0=e%3Dexd%26site_type%3Dd%26ref%3Dhttps%253A%252F%252Fgive.marchofdimes.org&p1=e%3Dvh&p2=e%3Ddis&bundle=Q-LkJl9LdFpScmlhSWNPTFVFSGxGaEFmMmhBVXQ3bUlVUlY3ZTB3b0ZGS09DbDBHNVZtZjNveHRZd1lueXklMkJwU3NXVUQ5djNoc2VhJTJCZnR5d3llJTJGNGUxSWklMkJtNHglMkI4Rng3bSUyRjlTd0hmdXlnVXF1Z0tpaXd4JTJGU0YzJTJCTktTR3pnRVRUQ1dpQjNJZjlvbVd0ZjJNMUk3U2lOaHFnblBhY3l0bk5SNUlGVTJzY2NaR3BJJTNE&tld=8832015.fls.doubleclick.net&dy=1&fu=https%253A%252F%252Fwww.marchofdimes.org&pu=https%253A%252F%252Fwww.marchofdimes.org&dtycbr=70165

Requested by

Protocol

Server

74.119.119.150 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

Kestrel /

Resource Hash

538c83d5496c164325c67698d72074813e07fefe618e6a3bd28c913dd7043e34

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8832015.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 31 Jan 2023 15:12:34 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
server: Kestrel
content-type: application/x-javascript
access-control-allow-origin: *
p3p: NON DSP COR CURa PSA PSD OUR BUS NAV STA
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 16434867
timing-allow-origin: *
expires: 0

Redirect headers

pragma: no-cache
date: Tue, 31 Jan 2023 15:12:34 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
server: Kestrel
location: https://widget.us.criteo.com/event?a=81237&v=5.13.0&p0=e%3Dexd%26site_type%3Dd%26ref%3Dhttps%253A%252F%252Fgive.marchofdimes.org&p1=e%3Dvh&p2=e%3Ddis&bundle=Q-LkJl9LdFpScmlhSWNPTFVFSGxGaEFmMmhBVXQ3bUlVUlY3ZTB3b0ZGS09DbDBHNVZtZjNveHRZd1lueXklMkJwU3NXVUQ5djNoc2VhJTJCZnR5d3llJTJGNGUxSWklMkJtNHglMkI4Rng3bSUyRjlTd0hmdXlnVXF1Z0tpaXd4JTJGU0YzJTJCTktTR3pnRVRUQ1dpQjNJZjlvbVd0ZjJNMUk3U2lOaHFnblBhY3l0bk5SNUlGVTJzY2NaR3BJJTNE&tld=8832015.fls.doubleclick.net&dy=1&fu=https%253A%252F%252Fwww.marchofdimes.org&pu=https%253A%252F%252Fwww.marchofdimes.org&dtycbr=70165
access-control-allow-origin: *
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 4203866
timing-allow-origin: *
content-length: 0
expires: 0

GET
H3 200 styles__ltr.css
www.gstatic.com/recaptcha/releases/RGRQD9tdxHtnt-Bxkx9pM75S/ Frame 604D 55 KB
24 KB 94ms
36ms Stylesheet
text/css 2a00:1450:400d:805::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/RGRQD9tdxHtnt-Bxkx9pM75S/styles__ltr.css

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lf_Xq4UAAAAAHd1hKHMAy-iydWdiqmt5E-IKeak&co=aHR0cHM6Ly9naXZlLm1hcmNob2ZkaW1lcy5vcmc6NDQz&hl=de&v=RGRQD9tdxHtnt-Bxkx9pM75S&size=invisible&cb=68pfm5jeaesh

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:805::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

952833e41ba7a4b64c31a2d7b07dde81bf5bbacf5cbb967821cfe459d0c4a0d8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Tue, 31 Jan 2023 12:10:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 10915
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 24605
x-xss-protection: 0
last-modified: Mon, 23 Jan 2023 01:02:00 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 31 Jan 2024 12:10:40 GMT

GET
H3 200 recaptcha__de.js Show response
www.gstatic.com/recaptcha/releases/RGRQD9tdxHtnt-Bxkx9pM75S/ Frame 604D 405 KB
161 KB 104ms
46ms Script
text/javascript 2a00:1450:400d:805::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/RGRQD9tdxHtnt-Bxkx9pM75S/recaptcha__de.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:805::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

447256eb31b03e8de245de6feb98fad0a7710874162ab5cd91bd39274eaed7a7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:04:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 112076
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 165279
x-xss-protection: 0
last-modified: Mon, 23 Jan 2023 01:02:00 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 30 Jan 2024 08:04:39 GMT

GET
H3 200 812396462484872 Show response
connect.facebook.net/signals/config/ Frame 200F 378 KB
108 KB 16ms
15ms Script
application/x-javascript 2a03:2880:f083:100:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/812396462484872?v=2.9.95&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f083:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

2477be612f5e4939a5c21b74229e761795158fe09ee705f603f81bd950a0a838

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8832015.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Tue, 31 Jan 2023 15:12:35 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 110641
x-fb-rlafr: 0
x-xss-protection: 0
pragma: public
x-fb-debug: ogj/iCzi1Fr6YYRPZivVE1AbVj9g5h5y4ZZJCqO9CkkGyhgcHdqXBNk/KO+sYmVmxKJKd86RM8F7Ig7tEEMFTQ==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
origin-agent-cluster: ?0
cache-control: public, max-age=1200
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 syncframe Show response
gum.criteo.com/ Frame 1C49 15 KB
6 KB 24ms
23ms Document
text/html 2a02:2638:1::13
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/syncframe?topUrl=www.marchofdimes.org&origin=onetag

Requested by

Host: dynamic.criteo.com
URL: https://dynamic.criteo.com/js/ld/ld.js?a=81237

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::13 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

d0f07190791630edc058ad6e5a33a3cda6a8f85c470e593ce0bbed46ffec148b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://8832015.fls.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: private, max-age=3600
content-encoding: gzip
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Tue, 31 Jan 2023 15:12:35 GMT
server: Kestrel
server-processing-duration-in-ticks: 1537088
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H2 204 unip Show response
trc-events.taboola.com/1335104/log/3/ 0
251 B 234ms
13ms XHR
text/plain 141.226.228.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://trc-events.taboola.com/1335104/log/3/unip?en=pre_d_eng_tb&tos=1602&scd=0&ssd=1&est=1675177953968&ver=36&isls=true&src=i&invt=1500&msa=362&rv=1&tim=1675177955570&vi=1675177953963&ri=da3db2ff97812bfb48ea999cd8dbee5b&ref=null&cv=20230129-6-RELEASE&item-url=https%3A%2F%2Fwww.marchofdimes.org%2Fdonate-now%3FsrcCode%3DGCLGENEM2301CNT00130001%26amp%3Butm_medium%3Demail%26amp%3Butm_source%3Dmandr%26amp%3Butm_campaign%3D2023cultivation%26amp%3Butm_content%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1%26amp%3Bmkto%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/unip/1335104/tfa.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

access-control-allow-origin: https://www.marchofdimes.org
pragma: no-cache
date: Tue, 31 Jan 2023 15:12:35 GMT
cache-control: no-cache
access-control-allow-credentials: true
server: nginx
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"

GET
H2 204 25042596.js Show response
bat.bing.com/p/action/ Frame 200F 0
117 B 47ms
47ms Script
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/p/action/25042596.js

Requested by

Host: bat.bing.com
URL: https://bat.bing.com/bat.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8832015.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: private,max-age=1800
date: Tue, 31 Jan 2023 15:12:35 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 551AEB1D850E4275A4F71E5A9B5FF66F Ref B: FRAEDGE1521 Ref C: 2023-01-31T15:12:35Z
x-cache: CONFIG_NOCACHE

GET
H2 204 0
bat.bing.com/action/ Frame 200F 0
120 B 48ms
47ms Image
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bat.bing.com/action/0?ti=25042596&Ver=2&mid=bb62caab-3e0e-4933-93ce-96bc72189b26&sid=b06d12b0a17911ed91e1891e503fc1a7&vid=b06d4320a17911ed932dedca57ef7c39&vids=0&msclkid=N&pi=1200101525&lg=en-US&sw=1600&sh=1200&sc=24&p=https%3A%2F%2Fgive.marchofdimes.org%2F&r=&lt=332&evt=pageLoad&ifm=1&sv=1&rn=790

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8832015.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Tue, 31 Jan 2023 15:12:35 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: F50EAFBF0F124C619140E2C99A4B6E19 Ref B: FRAEDGE1521 Ref C: 2023-01-31T15:12:35Z
x-cache: CONFIG_NOCACHE
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK pj Show response
e.acuityplatform.com/ Frame 200F 1002 B
2 KB 26ms
25ms Script
text/javascript 154.59.122.94
COGENT-174

General

Check archive.org

Show headers Download Go to

Full URL: https://e.acuityplatform.com/pj?pk=8367128157478054027&pu=https%3A%2F%2F8832015.fls.doubleclick.net%2Factivityi%3Bdc_pre%3DCIPXx5eM8vwCFZVDGAod_M4FjQ%3Bsrc%3D8832015%3Btype%3Drt%3Bcat%3Dgen%3Bord%3D7764937972392%3Bgtm%3D2wg1p0%3Bauiddc%3D1629772784.1675177954%3B~oref%3Dhttps%253A%252F%252Fgive.marchofdimes.org%252F%253FsrcCode%253DGCLGENEM2301CNT00130001%2526utm_medium%253Demail%2526utm_source%253Dmandr%2526utm_campaign%253D2023cultivation%2526utm_content%253Dem-nat-mandr-2023cultivation-2023-01-30-email-1%2526mkto%253Dem-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001%2526DonationFormId%253D262%2526urlReferer%253Dhttps%25253A%25252F%25252Fwww.marchofdimes.org%25252Fdonate-now%25253FsrcCode%25253DGCLGENEM2301CNT00130001%252526amp%25253Butm_medium%25253Demail%252526amp%25253Butm_source%25253Dmandr%252526amp%25253Butm_campaign%25253D2023cultivation%252526amp%25253Butm_content%25253Dem-nat-mandr-2023cultivation-2023-01-30-email-1%252526amp%25253Bmkto%25253Dem-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001%3F&pixelKey=8367128157478054027
Requested by: Host: origin.acuityplatform.com
URL: https://origin.acuityplatform.com/event/v2/pixel.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 154.59.122.94 , United States, ASN174 (COGENT-174, US),
Reverse DNS
Software: /
Resource Hash: 478915866bec983bd4b2a29e250cac47c0bfcd4cfa115fdb3fae81bee0dd6559

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8832015.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Content-Length: 1002
Content-Type: text/javascript

GET
H2 200 rules-p-uyn8UnTsRXguL.js Show response
rules.quantcount.com/ Frame 200F 5 KB
2 KB 11ms
10ms Script
application/javascript 2600:9000:223c:cc00:6:44e3:f8c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rules.quantcount.com/rules-p-uyn8UnTsRXguL.js
Requested by: Host: secure.quantserve.com
URL: https://secure.quantserve.com/quant.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223c:cc00:6:44e3:f8c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 8d375fb8f67575a449606683fc8be339674f03ff2fee1c42e632564d0b207c3b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8832015.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Tue, 31 Jan 2023 14:56:12 GMT
content-encoding: gzip
via: 1.1 1f0db25765b79d244ad1fa2184395c12.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P2
age: 2076
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
last-modified: Thu, 13 Oct 2022 15:08:42 GMT
server: AmazonS3
etag: W/"b4a376a3ece8af98e7567e60db986dc9"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=3600
x-amz-cf-id: GfjlCJ2NZm8G_LDwdGlo0dJVkOoPpBuljhlDfT_zpOuP7sAX-Y-L3w==

GET
H3 200 /
www.google.com/pagead/1p-user-list/1071894384/ Frame 3680 42 B
64 B 59ms
58ms Image
image/gif 2a00:1450:400d:80d::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/1071894384/?random=1675177955256&cv=11&fst=1675177200000&bg=ffffff&guid=ON&async=1&gtm=2oa1p0&u_w=1600&u_h=1200&frm=2&url=https%3A%2F%2Fgive.marchofdimes.org%2F%3FsrcCode%3DGCLGENEM2301CNT00130001%26utm_medium%3Demail%26utm_source%3Dmandr%26utm_campaign%3D2023cultivation%26utm_content%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1%26mkto%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001%26DonationFormId%3D262%26urlReferer%3Dhttps%253A%252F%252Fwww.marchofdimes.org%252Fdonate-now%253FsrcCode%253DGCLGENEM2301CNT00130001%2526amp%253Butm_medium%253Demail%2526amp%253Butm_source%253Dmandr%2526amp%253Butm_campaign%253D2023cultivation%2526amp%253Butm_content%253Dem-nat-mandr-2023&ref=https%3A%2F%2Fwww.marchofdimes.org%2F&tiba=March%20of%20Dimes%20Donation&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=2131560058&rmt_tld=0&ipr=y

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80d::2004 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 31 Jan 2023 15:12:35 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/1071894384/ Frame 3680 42 B
108 B 52ms
48ms Image
image/gif 2a00:1450:400d:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/1071894384/?random=1675177955256&cv=11&fst=1675177200000&bg=ffffff&guid=ON&async=1&gtm=2oa1p0&u_w=1600&u_h=1200&frm=2&url=https%3A%2F%2Fgive.marchofdimes.org%2F%3FsrcCode%3DGCLGENEM2301CNT00130001%26utm_medium%3Demail%26utm_source%3Dmandr%26utm_campaign%3D2023cultivation%26utm_content%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1%26mkto%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001%26DonationFormId%3D262%26urlReferer%3Dhttps%253A%252F%252Fwww.marchofdimes.org%252Fdonate-now%253FsrcCode%253DGCLGENEM2301CNT00130001%2526amp%253Butm_medium%253Demail%2526amp%253Butm_source%253Dmandr%2526amp%253Butm_campaign%253D2023cultivation%2526amp%253Butm_content%253Dem-nat-mandr-2023&ref=https%3A%2F%2Fwww.marchofdimes.org%2F&tiba=March%20of%20Dimes%20Donation&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=2131560058&rmt_tld=1&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:808::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 31 Jan 2023 15:12:35 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.com/pagead/1p-user-list/794610601/ Frame 3680 42 B
64 B 61ms
58ms Image
image/gif 2a00:1450:400d:80d::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/794610601/?random=1675177955322&cv=11&fst=1675177200000&bg=ffffff&guid=ON&async=1&gtm=2oa1p0&u_w=1600&u_h=1200&frm=2&url=https%3A%2F%2Fgive.marchofdimes.org%2F%3FsrcCode%3DGCLGENEM2301CNT00130001%26utm_medium%3Demail%26utm_source%3Dmandr%26utm_campaign%3D2023cultivation%26utm_content%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1%26mkto%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001%26DonationFormId%3D262%26urlReferer%3Dhttps%253A%252F%252Fwww.marchofdimes.org%252Fdonate-now%253FsrcCode%253DGCLGENEM2301CNT00130001%2526amp%253Butm_medium%253Demail%2526amp%253Butm_source%253Dmandr%2526amp%253Butm_campaign%253D2023cultivation%2526amp%253Butm_content%253Dem-nat-mandr-2023&ref=https%3A%2F%2Fwww.marchofdimes.org%2F&tiba=March%20of%20Dimes%20Donation&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3042348946&rmt_tld=0&ipr=y

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80d::2004 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 31 Jan 2023 15:12:35 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/794610601/ Frame 3680 42 B
108 B 55ms
52ms Image
image/gif 2a00:1450:400d:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/794610601/?random=1675177955322&cv=11&fst=1675177200000&bg=ffffff&guid=ON&async=1&gtm=2oa1p0&u_w=1600&u_h=1200&frm=2&url=https%3A%2F%2Fgive.marchofdimes.org%2F%3FsrcCode%3DGCLGENEM2301CNT00130001%26utm_medium%3Demail%26utm_source%3Dmandr%26utm_campaign%3D2023cultivation%26utm_content%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1%26mkto%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001%26DonationFormId%3D262%26urlReferer%3Dhttps%253A%252F%252Fwww.marchofdimes.org%252Fdonate-now%253FsrcCode%253DGCLGENEM2301CNT00130001%2526amp%253Butm_medium%253Demail%2526amp%253Butm_source%253Dmandr%2526amp%253Butm_campaign%253D2023cultivation%2526amp%253Butm_content%253Dem-nat-mandr-2023&ref=https%3A%2F%2Fwww.marchofdimes.org%2F&tiba=March%20of%20Dimes%20Donation&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3042348946&rmt_tld=1&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:808::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 31 Jan 2023 15:12:35 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 sync
x.bidswitch.net/ Frame 1D95 43 B
145 B 44ms
16ms Image
image/gif 3.67.29.124
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://x.bidswitch.net/sync?dsp_id=46&user_id=k-PnO50D65yWbedHfw1ZgpecuiuwXb6ZpZmtUBFA&expires=30
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.67.29.124 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-67-29-124.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Tue, 31 Jan 2023 15:12:35 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 43
content-type: image/gif

GET
H2

200

cookiematch.aspx
dis.criteo.com/dis/rtb/google/ Frame 1D95
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=cjp&google_sc&google_ula=913071&CriteoUserId=k-fk5Zzz65yWbedHfw1ZgpecuiuwXp3CRG44TjXg&google_cm&google_hm=ay1mazVaeno2NXlXYmVkSGZ3MVpncGVjdWl1d1hwM0NSR...
https://dis.criteo.com/dis/rtb/google/cookiematch.aspx?id=&CriteoUserId=k-fk5Zzz65yWbedHfw1ZgpecuiuwXp3CRG44TjXg&google_gid=CAESELTsdrJWq5yBdwv_pIdmKbs&google_cver=1&google_ula=913071,0

43 B
370 B

25ms
23ms

Image
image/gif

178.250.2.151
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dis.criteo.com/dis/rtb/google/cookiematch.aspx?id=&CriteoUserId=k-fk5Zzz65yWbedHfw1ZgpecuiuwXp3CRG44TjXg&google_gid=CAESELTsdrJWq5yBdwv_pIdmKbs&google_cver=1&google_ula=913071,0

Protocol

Server

178.250.2.151 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 31 Jan 2023 15:12:34 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
p3p: CP='NON DSP COR CURa PSA PSD OUR BUS NAV STA'
content-type: image/gif
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 1310935
timing-allow-origin: *
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 31 Jan 2023 15:12:35 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dis.criteo.com/dis/rtb/google/cookiematch.aspx?id=&CriteoUserId=k-fk5Zzz65yWbedHfw1ZgpecuiuwXp3CRG44TjXg&google_gid=CAESELTsdrJWq5yBdwv_pIdmKbs&google_cver=1&google_ula=913071,0
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 398
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

cookiematch.aspx
dis.criteo.com/dis/rtb/appnexus/ Frame 1D95
Redirect Chain

https://ib.adnxs.com/getuid?https://dis.criteo.com/dis/rtb/appnexus/cookiematch.aspx?appnxsid=$UID
https://dis.criteo.com/dis/rtb/appnexus/cookiematch.aspx?appnxsid=2018361787894374834

43 B
371 B

76ms
18ms

Image
image/gif

178.250.2.151
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dis.criteo.com/dis/rtb/appnexus/cookiematch.aspx?appnxsid=2018361787894374834

Protocol

Server

178.250.2.151 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 31 Jan 2023 15:12:34 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
p3p: CP='NON DSP COR CURa PSA PSD OUR BUS NAV STA'
content-type: image/gif
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 2714761
timing-allow-origin: *
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

Date: Tue, 31 Jan 2023 15:12:35 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 217.64.151.69; 217.64.151.69; 1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: 5bb7f3ad-5a14-4bc9-95be-c88eec955991
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
Location: https://dis.criteo.com/dis/rtb/appnexus/cookiematch.aspx?appnxsid=2018361787894374834
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

match
ad.360yield.com/ul_cb/ Frame 1D95
Redirect Chain

https://ad.360yield.com/match?publisher_dsp_id=38&external_user_id=k-cFQVTz65yWbedHfw1ZgpecuiuwUCNsV0axxXIg
https://ad.360yield.com/ul_cb/match?publisher_dsp_id=38&external_user_id=k-cFQVTz65yWbedHfw1ZgpecuiuwUCNsV0axxXIg

43 B
448 B

19ms
19ms

Image
image/gif

52.58.241.65
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ad.360yield.com/ul_cb/match?publisher_dsp_id=38&external_user_id=k-cFQVTz65yWbedHfw1ZgpecuiuwUCNsV0axxXIg
Protocol: H2
Server: 52.58.241.65 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-58-241-65.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

access-control-allow-origin: *
date: Tue, 31 Jan 2023 15:12:35 GMT
content-type: image/gif
content-length: 43
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

Redirect headers

location: https://ad.360yield.com/ul_cb/match?publisher_dsp_id=38&external_user_id=k-cFQVTz65yWbedHfw1ZgpecuiuwUCNsV0axxXIg
date: Tue, 31 Jan 2023 15:12:35 GMT
content-type: text/plain
content-length: 0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

GET
H2 200 cksync.php
contextual.media.net/ Frame 1D95 237 B
993 B 229ms
80ms Image
image/gif 2.17.244.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://contextual.media.net/cksync.php?cs=3&type=crt&ovsid=k-MZ-L8T65yWbedHfw1ZgpecuiuwURFhnWYT9dTQ

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.244.21 Vienna, Austria, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-17-244-21.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

11cb2c0e70f91c6a0326cf4a4f9fa1b177c14efba6b56bf7535624b9c7bce990

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000
date: Tue, 31 Jan 2023 15:12:35 GMT
server: Apache
vary: Accept-Encoding
p3p: CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA, CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA, CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
content-length: 237
x-mnet-hl2: E
expires: Tue, 31 Jan 2023 15:12:35 GMT

GET
H/1.1 200
OK cookie-sync
sync.outbrain.com/ Frame 1D95 0
0 449ms
91ms Image
application/json 64.202.112.95
SERVERCENTRAL

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.outbrain.com/cookie-sync?p=criteo&uid=k-OAfcRj65yWbedHfw1ZgpecuiuwVlaU4qUrcO-A
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 64.202.112.95 , United States, ASN23352 (SERVERCENTRAL, US),
Reverse DNS: ny.outbrain.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

GET
H/1.1 204
No Content tap.php
pixel.rubiconproject.com/ Frame 1D95 0
239 B 105ms
18ms Image
image/gif 69.173.144.165
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=6434&nid=2149&put=k-9acb1z65yWbedHfw1ZgpecuiuwWpGuK3y-1G6A&expires=30
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 69.173.144.165 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Content-Type: image/gif
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
X-RPHost: 611afce88997db6fdd35eb213e662871
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H2 204 v1
match.sharethrough.com/sync/ Frame 1D95 0
34 B 124ms
8ms Image
text/plain 52.28.76.139
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.sharethrough.com/sync/v1?source_id=7658cb1d77a660882b48db06&source_user_id=k-xbYI5D65yWbedHfw1ZgpecuiuwUFYAgYG2HTTA
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.28.76.139 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-28-76-139.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Tue, 31 Jan 2023 15:12:35 GMT

GET
H/1.1 200
OK /
rtb-csync.smartadserver.com/redir/ Frame 1D95 43 B
163 B 140ms
25ms Image
image/gif 185.86.137.132
SMARTADSERVER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb-csync.smartadserver.com/redir/?partnerid=79&partneruserid=k-pCFg-z65yWbedHfw1ZgpecuiuwW97_XN2gDiDw
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.137.132 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: 89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Tue, 31 Jan 2023 15:12:35 GMT
transfer-encoding: chunked
content-type: image/gif

GET
H2 200 /
sync-t1.taboola.com/sg/criteortb-network/1/rtb-h/ Frame 1D95 0
98 B 452ms
20ms Image
text/plain 141.226.228.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync-t1.taboola.com/sg/criteortb-network/1/rtb-h/?taboola_hm=k-k-EV0D65yWbedHfw1ZgpecuiuwWUc5-dL12MWw
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Tue, 31 Jan 2023 15:12:36 GMT
access-control-allow-credentials: true
server: nginx
x-fastly-to-nlb-rtt: 13559

GET
H2 200 um
criteo-sync.teads.tv/ Frame 1D95 23 B
172 B 446ms
77ms Image
image/gif 23.35.209.30
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://criteo-sync.teads.tv/um?eid=80&uid=k-rZeLSj65yWbedHfw1ZgpecuiuwWTcgVn7HQIeQ
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.35.209.30 Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-35-209-30.deploy.static.akamaitechnologies.com
Software: akka-http/10.2.9 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

expires: Tue, 31 Jan 2023 15:12:36 GMT
pragma: no-cache
date: Tue, 31 Jan 2023 15:12:36 GMT
cache-control: max-age=0, no-cache, no-store
server: akka-http/10.2.9
content-length: 23
content-type: image/gif

GET
H2 200 xuid
eb2.3lift.com/ Frame 1D95 37 B
140 B 17ms
8ms Image
image/gif 13.248.245.213
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eb2.3lift.com/xuid?mid=2711&xuid=k-xWXSFz65yWbedHfw1ZgpecuiuwUlVp88mqyfrQ&dongle=013b
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.248.245.213 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a0f671730127a0812.awsglobalaccelerator.com
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Tue, 31 Jan 2023 15:12:35 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 37
content-type: image/gif

GET
H2 204 sync
ups.analytics.yahoo.com/ups/58301/ Frame 1D95 0
323 B 15ms
14ms Image
text/plain 3.126.56.137
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ups.analytics.yahoo.com/ups/58301/sync?_origin=1&uid=k-FqeDOD65yWbedHfw1ZgpecuiuwX6HOKWJHiwfQ

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

3.126.56.137 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-126-56-137.eu-central-1.compute.amazonaws.com

Software

ATS/9.1.10.25 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Tue, 31 Jan 2023 15:12:35 GMT
strict-transport-security: max-age=31536000
server: ATS/9.1.10.25
age: 0
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H2 200 pixel
cm.adform.net/ Frame 1D95 43 B
162 B 110ms
26ms Image
image/gif 37.157.2.234
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cm.adform.net/pixel?adform_pid=15&adform_pc=k-FyfRfD65yWbedHfw1ZgpecuiuwXTsfcf4Uzttg
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.2.234 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Tue, 31 Jan 2023 15:12:35 GMT
last-modified: Thu, 28 Jul 2022 12:09:37 GMT
server: nginx
accept-ranges: bytes
etag: "62e27c81-2b"
content-length: 43
content-type: image/gif

GET
H2 200 sync
visitor.omnitagjs.com/visitor/ Frame 1D95 49 B
235 B 79ms
20ms Image
image/gif 185.255.84.153
IGUANE-

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://visitor.omnitagjs.com/visitor/sync?uid=732efe97317e6352de4c1caf24b5064b&name=CRITEO&visitor=k-ZQ4JHz65yWbedHfw1ZgpecuiuwVY4G8Euj7fog

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

185.255.84.153 , France, ASN200271 (IGUANE-, FR),

Reverse DNS

Software

ayl-lb-fra02 /

Resource Hash

d1371feb0512d700cf724b05a588ce79f8d8dfbb0991ae5f45ecd3ab08983a38

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 31 Jan 2023 15:12:35 GMT
x-content-type-options: nosniff
server: ayl-lb-fra02
vary: Accept-Encoding
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate
x-envoy-upstream-service-time: 2
content-length: 49
expires: 0

GET
H2 200 rum
r.casalemedia.com/ Frame 1D95 43 B
773 B 86ms
41ms Image
image/gif 172.64.154.237
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://r.casalemedia.com/rum?cm_dsp_id=20&external_user_id=k-jNGtez65yWbedHfw1ZgpecuiuwWuio1cCAEopw
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.64.154.237 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 31 Jan 2023 15:12:35 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FaMPvfkHTre10IGTCTm2cTyaAmqOrY8eNBbCqUeysQUgo0XGhGPufDBRGsCNpJqIrtGB4LM753VPimJwPWXer77nFBtCPaaYuXaz%2Fx9zQ0HRQLMveX5hrw3hzFLluDNOpSf7"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 792362efec1792a7-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 43
expires: 0

GET
H/1.1

200
OK

ibs:dpid=28645&dpuuid=tWCLbun8pjq7JiZi5E_uitbjScD3_QKp
dpm.demdex.net/ Frame 1D95
Redirect Chain

https://gum.criteo.com/sync?c=8&r=1&a=1&u=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D28645%26dpuuid%3D%40USERID%40
https://dpm.demdex.net/ibs:dpid=28645&dpuuid=tWCLbun8pjq7JiZi5E_uitbjScD3_QKp

42 B
942 B

207ms
207ms

Image
image/gif

52.31.164.85
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=28645&dpuuid=tWCLbun8pjq7JiZi5E_uitbjScD3_QKp

Protocol

HTTP/1.1

Server

52.31.164.85 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-31-164-85.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

DCS: dcs-prod-irl1-1-v045-07e4ed132.edge-irl1.demdex.com 3 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: ktXN+AotQOc=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Content-Type: image/gif
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

location: https://dpm.demdex.net/ibs:dpid=28645&dpuuid=tWCLbun8pjq7JiZi5E_uitbjScD3_QKp
date: Tue, 31 Jan 2023 15:12:35 GMT
cache-control: private, max-age=0, no-cache, no-store, must-revalidate
strict-transport-security: max-age=31536000; preload;
server: Kestrel
server-processing-duration-in-ticks: 1538359
content-length: 0

GET
H/1.1 200 9.gif
id5-sync.com/s/966/ Frame 1D95 43 B
1 KB 58ms
15ms Image
image/gif 162.19.138.119
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://id5-sync.com/s/966/9.gif?puid=k-51XFJj65yWbedHfw1ZgpecuiuwVF6vxqAApElQ

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

162.19.138.119 , France, ASN16276 (OVH, FR),

Reverse DNS

ns31533570.ip-162-19-138.eu

Software

Resource Hash

a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

content-type: image/gif;charset=UTF-8
date: Tue, 31 Jan 2023 15:12:35 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
transfer-encoding: chunked
p3p: CP="CAO PSA OUR"

GET
H2 200 sync
matching.ivitrack.com/ Frame 1D95 42 B
274 B 66ms
18ms Image
image/gif 34.117.157.22
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://matching.ivitrack.com/sync?realm=criteo&uid=k-Kxi6Qj65yWbedHfw1ZgpecuiuwV1QQqe6eRYaQ
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.117.157.22 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 22.157.117.34.bc.googleusercontent.com
Software: istio-envoy /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Tue, 31 Jan 2023 15:12:34 GMT
x-envoy-decorator-operation: tag-manager.programmatic.svc.cluster.local:3000/*
via: 1.1 google
server: istio-envoy
content-type: image/gif
cache-control: public, max-age=86400
x-envoy-upstream-service-time: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42

GET
H2 200 push
exchange.mediavine.com/usersync/ Frame 1D95 0
884 B 71ms
42ms Image
text/html 18.198.153.70
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://exchange.mediavine.com/usersync/push?partner=criteo&partnerId=k-RdN_dD65yWbedHfw1ZgpecuiuwXKbGmbV0-GQA
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.198.153.70 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-198-153-70.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Tue, 31 Jan 2023 15:12:35 GMT
cache-control: private, no-cache
access-control-allow-credentials: true
content-encoding: gzip
vary: Origin, Accept-Encoding
content-type: text/html; charset=utf-8

GET
H2 200 Pug
simage2.pubmatic.com/AdServer/ Frame 1D95 42 B
442 B 90ms
17ms Image
image/gif 185.64.189.110
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCookie=uid:k-oFr14T65yWbedHfw1ZgpecuiuwU-Vioc45XoLw
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

content-type: image/gif; charset=utf-8
date: Tue, 31 Jan 2023 15:12:34 GMT
cache-control: no-store, no-cache, private
server: nginx
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

GET
H2 200 sync
criteo-partners.tremorhub.com/ Frame 1D95 43 B
183 B 325ms
96ms Image
image/gif 2600:1f18:612b:4280:5c4b:c2e1:7939:6359
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://criteo-partners.tremorhub.com/sync?UICR=k-QUHiaT65yWbedHfw1ZgpecuiuwWkv6u5EEGy1g
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:612b:4280:5c4b:c2e1:7939:6359 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: Apache-Coyote/1.1 /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

p3p: CP='This is not a P3P policy. See https://telaria.com/privacy-policy/'
date: Tue, 31 Jan 2023 15:12:36 GMT
server: Apache-Coyote/1.1
content-type: image/gif

GET
H2 200 getusermatch.php
a.twiago.com/rtb/ Frame 1D95 43 B
153 B 98ms
28ms Image
image/gif 85.215.5.31
CRONON-BERLIN-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://a.twiago.com/rtb/getusermatch.php?dataid=6&external_user_id=k-PhKJeD65yWbedHfw1ZgpecuiuwX50c_97Szr-w
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 85.215.5.31 Berlin, Germany, ASN6786 (CRONON-BERLIN-AS, DE),
Reverse DNS
Software: Apache / PHP/7.3.30
Resource Hash: 5704a2e9f2f7ce43a79f9b407f1aedcfd50223cbe8bd2f71ff8c5c819e469cbc

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

access-control-allow-origin: *
date: Tue, 31 Jan 2023 15:12:35 GMT
server: Apache
x-powered-by: PHP/7.3.30
content-length: 43
content-type: image/gif

GET
H/1.1 204
No Content m
ad.yieldlab.net/ Frame 1D95 0
525 B 358ms
291ms Image
text/plain 23.44.72.208
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ad.yieldlab.net/m?dt_id=8664&ext_id=k-kmRxXz65yWbedHfw1ZgpecuiuwXeRsoLH8sQCA

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

23.44.72.208 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-44-72-208.deploy.static.akamaitechnologies.com

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 31 Jan 2023 15:12:36 GMT
x-content-type-options: nosniff
x-frame-options: DENY
Cache-Control: no-store,no-cache,max-age=-3600,must-revalidate,post-check=0,pre-check=0
Connection: keep-alive
x-xss-protection: 1; mode=block
x-application-context: application
Expires: Mon, 30 Jan 2023 15:12:36 GMT

GET
H2 200 sync
sync-criteo.ads.yieldmo.com/ Frame 1D95 43 B
220 B 161ms
32ms Image
image/gif 54.194.205.164
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync-criteo.ads.yieldmo.com/sync?id=k-ykeuuj65yWbedHfw1ZgpecuiuwVItBPtXbuoDw&pn_id=criteo&ext=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.194.205.164 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-194-205-164.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

access-control-allow-origin: *
pragma: no-cache
date: Tue, 31 Jan 2023 15:12:36 GMT
content-type: image/gif
content-length: 43
access-control-allow-methods: GET, OPTIONS
access-control-request-headers: Cache-Control, Pragma

GET
H2 204 put
e1.emxdgt.com/ Frame 1D95 0
55 B 60ms
14ms Image
text/html 3.71.169.66
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://e1.emxdgt.com/put?d=d53&uid=k-59qBnT65yWbedHfw1ZgpecuiuwXr7772BnCaFg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.71.169.66 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-71-169-66.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Tue, 31 Jan 2023 15:12:35 GMT
content-length: 0
content-type: text/html

GET
H2

204

v1
match.sharethrough.com/sync/ Frame 200F
Redirect Chain

https://x.bidswitch.net/sync?dsp_id=236&user_id=737842794692&expires=30&user_group=1
https://match.sharethrough.com/sync/v1?source_id=bf2b131f1f7eff9d8892972c&source_user_id=116aedf9-b3a2-4361-b943-075021b33efd&seat_user_id=&seat_key=&gdpr=&gdpr_consent=&gdpr_pd=&usprivacy=

0
35 B

22ms
7ms

Image
text/plain

52.28.76.139
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.sharethrough.com/sync/v1?source_id=bf2b131f1f7eff9d8892972c&source_user_id=116aedf9-b3a2-4361-b943-075021b33efd&seat_user_id=&seat_key=&gdpr=&gdpr_consent=&gdpr_pd=&usprivacy=
Requested by: Host: 8832015.fls.doubleclick.net
URL: https://8832015.fls.doubleclick.net/activityi;dc_pre=CIPXx5eM8vwCFZVDGAod_M4FjQ;src=8832015;type=rt;cat=gen;ord=7764937972392;gtm=2wg1p0;auiddc=1629772784.1675177954;~oref=https%3A%2F%2Fgive.marchofdimes.org%2F%3FsrcCode%3DGCLGENEM2301CNT00130001%26utm_medium%3Demail%26utm_source%3Dmandr%26utm_campaign%3D2023cultivation%26utm_content%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1%26mkto%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001%26DonationFormId%3D262%26urlReferer%3Dhttps%253A%252F%252Fwww.marchofdimes.org%252Fdonate-now%253FsrcCode%253DGCLGENEM2301CNT00130001%2526amp%253Butm_medium%253Demail%2526amp%253Butm_source%253Dmandr%2526amp%253Butm_campaign%253D2023cultivation%2526amp%253Butm_content%253Dem-nat-mandr-2023cultivation-2023-01-30-email-1%2526amp%253Bmkto%253Dem-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001?
Protocol: H2
Server: 52.28.76.139 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-28-76-139.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8832015.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Tue, 31 Jan 2023 15:12:35 GMT

Redirect headers

location: //match.sharethrough.com/sync/v1?source_id=bf2b131f1f7eff9d8892972c&source_user_id=116aedf9-b3a2-4361-b943-075021b33efd&seat_user_id=&seat_key=&gdpr=&gdpr_consent=&gdpr_pd=&usprivacy=
date: Tue, 31 Jan 2023 15:12:35 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0

GET
H2 404 tpid=737842794692
sync.crwdcntrl.net/map/c=14774/tp=ACUT/ Frame 200F 49 B
266 B 147ms
35ms Image
image/gif 34.254.104.103
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.crwdcntrl.net/map/c=14774/tp=ACUT/tpid=737842794692
Requested by: Host: 8832015.fls.doubleclick.net
URL: https://8832015.fls.doubleclick.net/activityi;dc_pre=CIPXx5eM8vwCFZVDGAod_M4FjQ;src=8832015;type=rt;cat=gen;ord=7764937972392;gtm=2wg1p0;auiddc=1629772784.1675177954;~oref=https%3A%2F%2Fgive.marchofdimes.org%2F%3FsrcCode%3DGCLGENEM2301CNT00130001%26utm_medium%3Demail%26utm_source%3Dmandr%26utm_campaign%3D2023cultivation%26utm_content%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1%26mkto%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001%26DonationFormId%3D262%26urlReferer%3Dhttps%253A%252F%252Fwww.marchofdimes.org%252Fdonate-now%253FsrcCode%253DGCLGENEM2301CNT00130001%2526amp%253Butm_medium%253Demail%2526amp%253Butm_source%253Dmandr%2526amp%253Butm_campaign%253D2023cultivation%2526amp%253Butm_content%253Dem-nat-mandr-2023cultivation-2023-01-30-email-1%2526amp%253Bmkto%253Dem-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001?
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.254.104.103 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-254-104-103.eu-west-1.compute.amazonaws.com
Software: Jetty(9.4.38.v20210224) /
Resource Hash: 2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8832015.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 31 Jan 2023 15:12:35 GMT
server: Jetty(9.4.38.v20210224)
content-type: image/gif
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin: *
cache-control: no-cache
x-server: 10.45.17.228
content-length: 49
expires: 0

GET
H2 204 /
loadm.exelator.com/load/ Frame 200F 0
324 B 148ms
36ms Image
text/plain 54.78.254.47
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://loadm.exelator.com/load/?p=204&g=620&j=0
Requested by: Host: 8832015.fls.doubleclick.net
URL: https://8832015.fls.doubleclick.net/activityi;dc_pre=CIPXx5eM8vwCFZVDGAod_M4FjQ;src=8832015;type=rt;cat=gen;ord=7764937972392;gtm=2wg1p0;auiddc=1629772784.1675177954;~oref=https%3A%2F%2Fgive.marchofdimes.org%2F%3FsrcCode%3DGCLGENEM2301CNT00130001%26utm_medium%3Demail%26utm_source%3Dmandr%26utm_campaign%3D2023cultivation%26utm_content%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1%26mkto%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001%26DonationFormId%3D262%26urlReferer%3Dhttps%253A%252F%252Fwww.marchofdimes.org%252Fdonate-now%253FsrcCode%253DGCLGENEM2301CNT00130001%2526amp%253Butm_medium%253Demail%2526amp%253Butm_source%253Dmandr%2526amp%253Butm_campaign%253D2023cultivation%2526amp%253Butm_content%253Dem-nat-mandr-2023cultivation-2023-01-30-email-1%2526amp%253Bmkto%253Dem-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001?
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.78.254.47 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-78-254-47.eu-west-1.compute.amazonaws.com
Software: nginx / Undertow/1
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8832015.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Tue, 31 Jan 2023 15:12:35 GMT
cache-control: no-cache
access-control-allow-credentials: true
server: nginx
x-powered-by: Undertow/1
p3p: policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA, policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA

GET
H2 200 g.pixel
aa.agkn.com/adscores/ Frame 200F 43 B
504 B 126ms
13ms Image
image/gif 18.185.191.100
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://aa.agkn.com/adscores/g.pixel?sid=9212300608&puid=737842794692
Requested by: Host: 8832015.fls.doubleclick.net
URL: https://8832015.fls.doubleclick.net/activityi;dc_pre=CIPXx5eM8vwCFZVDGAod_M4FjQ;src=8832015;type=rt;cat=gen;ord=7764937972392;gtm=2wg1p0;auiddc=1629772784.1675177954;~oref=https%3A%2F%2Fgive.marchofdimes.org%2F%3FsrcCode%3DGCLGENEM2301CNT00130001%26utm_medium%3Demail%26utm_source%3Dmandr%26utm_campaign%3D2023cultivation%26utm_content%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1%26mkto%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001%26DonationFormId%3D262%26urlReferer%3Dhttps%253A%252F%252Fwww.marchofdimes.org%252Fdonate-now%253FsrcCode%253DGCLGENEM2301CNT00130001%2526amp%253Butm_medium%253Demail%2526amp%253Butm_source%253Dmandr%2526amp%253Butm_campaign%253D2023cultivation%2526amp%253Butm_content%253Dem-nat-mandr-2023cultivation-2023-01-30-email-1%2526amp%253Bmkto%253Dem-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001?
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.185.191.100 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-185-191-100.eu-central-1.compute.amazonaws.com
Software: AAWebServer /
Resource Hash: 98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8832015.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 31 Jan 2023 15:12:35 GMT
server: AAWebServer
access-control-allow-methods: GET, POST, OPTIONS
p3p: policyref="https://www.agkn.com/p3p/p3p.xml",CP="NOI NID"
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
access-control-allow-headers: accept, cache-control, origin, x-requested-with, x-file-name, content-type
content-length: 43
expires: 0

GET
H2 200 getuid
eb2.3lift.com/ Frame 200F 37 B
139 B 52ms
9ms Image
image/gif 13.248.245.213
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eb2.3lift.com/getuid?redir=https%3A%2F%2Fums.acuityplatform.com%2Fsum%3Fumid%3D23%26auid%3D737842794692%26uid%3D%24UID
Requested by: Host: 8832015.fls.doubleclick.net
URL: https://8832015.fls.doubleclick.net/activityi;dc_pre=CIPXx5eM8vwCFZVDGAod_M4FjQ;src=8832015;type=rt;cat=gen;ord=7764937972392;gtm=2wg1p0;auiddc=1629772784.1675177954;~oref=https%3A%2F%2Fgive.marchofdimes.org%2F%3FsrcCode%3DGCLGENEM2301CNT00130001%26utm_medium%3Demail%26utm_source%3Dmandr%26utm_campaign%3D2023cultivation%26utm_content%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1%26mkto%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001%26DonationFormId%3D262%26urlReferer%3Dhttps%253A%252F%252Fwww.marchofdimes.org%252Fdonate-now%253FsrcCode%253DGCLGENEM2301CNT00130001%2526amp%253Butm_medium%253Demail%2526amp%253Butm_source%253Dmandr%2526amp%253Butm_campaign%253D2023cultivation%2526amp%253Butm_content%253Dem-nat-mandr-2023cultivation-2023-01-30-email-1%2526amp%253Bmkto%253Dem-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001?
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.248.245.213 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a0f671730127a0812.awsglobalaccelerator.com
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8832015.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Tue, 31 Jan 2023 15:12:35 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 37
content-type: image/gif

GET
H2 200 generic
match.adsrvr.org/track/cmf/ Frame 200F 70 B
265 B 120ms
38ms Image
image/gif 52.223.40.198
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/generic?ttd_pid=epmasz0&ttd_puid=737842794692&ttd_tpi=1&gpdr=0
Requested by: Host: 8832015.fls.doubleclick.net
URL: https://8832015.fls.doubleclick.net/activityi;dc_pre=CIPXx5eM8vwCFZVDGAod_M4FjQ;src=8832015;type=rt;cat=gen;ord=7764937972392;gtm=2wg1p0;auiddc=1629772784.1675177954;~oref=https%3A%2F%2Fgive.marchofdimes.org%2F%3FsrcCode%3DGCLGENEM2301CNT00130001%26utm_medium%3Demail%26utm_source%3Dmandr%26utm_campaign%3D2023cultivation%26utm_content%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1%26mkto%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001%26DonationFormId%3D262%26urlReferer%3Dhttps%253A%252F%252Fwww.marchofdimes.org%252Fdonate-now%253FsrcCode%253DGCLGENEM2301CNT00130001%2526amp%253Butm_medium%253Demail%2526amp%253Butm_source%253Dmandr%2526amp%253Butm_campaign%253D2023cultivation%2526amp%253Butm_content%253Dem-nat-mandr-2023cultivation-2023-01-30-email-1%2526amp%253Bmkto%253Dem-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001?
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.223.40.198 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8832015.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Tue, 31 Jan 2023 15:12:35 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H2 200 pixel;r=1803081570;labels=_fp.channel.marchofdimes;rf=0;a=p-uyn8UnTsRXguL;url=https%3A%2F%2F8832015.fls.doubleclick.net%2Factivityi%3Bdc_pre%3DCIPXx5eM8vwCFZVDGAod_M4FjQ%3Bsrc%3D8832015%3Btype%3Drt...
pixel.quantserve.com/ Frame 200F 35 B
210 B 8ms
8ms Image
image/gif 2620:116:800d:21:c5a4:625:6563:a5bb
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.quantserve.com/pixel;r=1803081570;labels=_fp.channel.marchofdimes;rf=0;a=p-uyn8UnTsRXguL;url=https%3A%2F%2F8832015.fls.doubleclick.net%2Factivityi%3Bdc_pre%3DCIPXx5eM8vwCFZVDGAod_M4FjQ%3Bsrc%3D8832015%3Btype%3Drt%3Bcat%3Dgen%3Bord%3D7764937972392%3Bgtm%3D2wg1p0%3Bauiddc%3D1629772784.1675177954%3B~oref%3Dhttps%253A%252F%252Fgive.marchofdimes.org%252F%253FsrcCode%253DGCLGENEM2301CNT00130001%2526utm_medium%253Demail%2526utm_source%253Dmandr%2526utm_campaign%253D2023cultivation%2526utm_content%253Dem-nat-mandr-2023cultivation-2023-01-30-email-1%2526mkto%253Dem-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001%2526DonationFormId%253D262%2526urlReferer%253Dhttps%25253A%25252F%25252Fwww.marchofdimes.org%25252Fdonate-now%25253FsrcCode%25253DGCLGENEM2301CNT00130001%252526amp%25253Butm_medium%25253Demail%252526amp%25253Butm_source%25253Dmandr%252526amp%25253Butm_campaign%25253D2023cultivation%252526amp%25253Butm_content%25253Dem-nat-mandr-2023cultivation-2023-01-30-email-1%252526amp%25253Bmkto%25253Dem-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001%3F;ref=https%3A%2F%2Fgive.marchofdimes.org%2F;uh=e51ed67dfb8d91dc24b15e2ace0c3bc33bc53c3e1dfb09200d6c2f8387d67ea6;uht=2;fpan=0;fpa=P0-1681385537-1675177954102;pbc=;ns=1;ce=1;qjs=1;qv=c1229512-20230130173030;cm=;gdpr=0;d=8832015.fls.doubleclick.net;dst=0;et=1675177955714;tzo=0;ogl=;ses=1ea70131-c643-4814-a4bc-df2f4909ebb3

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:c5a4:625:6563:a5bb , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8832015.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Tue, 31 Jan 2023 15:12:35 GMT
cache-control: private, no-cache, no-store, proxy-revalidate
strict-transport-security: max-age=86400
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3 200 /
www.facebook.com/tr/ Frame 200F 0
15 B 21ms
7ms Image
text/plain 2a03:2880:f176:181:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=812396462484872&ev=PageView&dl=https%3A%2F%2F8832015.fls.doubleclick.net%2Factivityi%3Bdc_pre%3DCIPXx5eM8vwCFZVDGAod_M4FjQ%3Bsrc%3D8832015%3Btype%3Drt%3Bcat%3Dgen%3Bord%3D7764937972392%3Bgtm%3D2wg1p0%3Bauiddc%3D1629772784.1675177954%3B~oref%3Dhttps%253A%252F%252Fgive.marchofdimes.org%252F%253FsrcCode%253DGCLGENEM2301CNT00130001%2526utm_medium%253Demail%2526utm_source%253Dmandr%2526utm_campaign%253D2023cultivation%2526utm_content%253Dem-nat-mandr-2023cultivation-2023-01-30-email-1%2526mkto%253Dem-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001%2526DonationFormId%253D262%2526urlReferer%253Dhttps%25253A%25252F%25252Fwww.marchofdimes.org%25252Fdonate-now%25253FsrcCode%25253DGCLGENEM2301CNT00130001%252526amp%25253Butm_medium%25253Demail%252526amp%25253Butm_source%25253Dmandr%252526amp%25253Butm_campaign%25253D2023cultivation%252526amp%25253Butm_content%25253Dem-nat-mandr-2023cultivation-2023-01-30-email-1%252526amp%25253Bmkto%25253Dem-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001%3F&rl=https%3A%2F%2Fgive.marchofdimes.org%2F&if=true&ts=1675177955763&sw=1600&sh=1200&v=2.9.95&r=stable&ec=0&o=30&it=1675177955561&coo=false&rqm=GET

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f176:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8832015.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Tue, 31 Jan 2023 15:12:35 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0
priority: u=3,i

GET
H2

200

sid Show response
mug.criteo.com/ Frame 1C49
Redirect Chain

https://gum.criteo.com/sid/json?origin=onetag&domain=8832015.fls.doubleclick.net&sn=ChromeSyncframe&so=2&topUrl=www.marchofdimes.org&bundle=Q-LkJl9LdFpScmlhSWNPTFVFSGxGaEFmMmhBVXQ3bUlVUlY3ZTB3b0ZGS...
https://mug.criteo.com/sid?cpp=Ak6bC3xHZVNSVnh4SW45ZVJuUlZDcHhJVE1SWlNMSm1PUm9hbVBkNEJCMjAvMWltWG8ybGM3QUdUTlNCeEhCZTEyVlVvRWI2d3lIRTB0dDFyMitVajl0UlJ3TXNOakNvaHp4blE4cEZSdDFxc0RxNDdmYjJOV3JSSXN6ZW...

444 B
672 B

28ms
24ms

Fetch
application/json

178.250.2.146
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://mug.criteo.com/sid?cpp=Ak6bC3xHZVNSVnh4SW45ZVJuUlZDcHhJVE1SWlNMSm1PUm9hbVBkNEJCMjAvMWltWG8ybGM3QUdUTlNCeEhCZTEyVlVvRWI2d3lIRTB0dDFyMitVajl0UlJ3TXNOakNvaHp4blE4cEZSdDFxc0RxNDdmYjJOV3JSSXN6ZWl6ZU9hMTlSaUhpdTM1Sk5FWTJxcHhXRjFPemg3T1RIVXUxeXN3UUxjQTI3UTBMUXpRYU9waGoySVN6TVlDb2dhc2V5MkY2TVd6YlBoRytFOFhVdi95aVlFMDZrUGhkdHp1RUpZYXRpQnE1RTdnYW5HOWVDb29iWTFPQUNucHZzeHgrZm9sVE1nR2cvZWY5M0JkeWJRRHJJM0RsYVlWR3lWU3FVSDZwaXlSWEJPYmM1elpzLzNGOVltbG9LWlhBRSsrSmdGbDdUWnlyejlINVloYWpwb29rc3VPanVCQUE9PXw&cppv=2

Requested by

Protocol

Server

178.250.2.146 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

5e5fca20e67744cd5a9705d25167ec8c4b8795bd50bb534a3e0584b5ef451256

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gum.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 31 Jan 2023 15:12:35 GMT
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
server: Kestrel
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: https://gum.criteo.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 1623350
expires: 0

Redirect headers

pragma: no-cache
date: Tue, 31 Jan 2023 15:12:35 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
location: https://mug.criteo.com/sid?cpp=Ak6bC3xHZVNSVnh4SW45ZVJuUlZDcHhJVE1SWlNMSm1PUm9hbVBkNEJCMjAvMWltWG8ybGM3QUdUTlNCeEhCZTEyVlVvRWI2d3lIRTB0dDFyMitVajl0UlJ3TXNOakNvaHp4blE4cEZSdDFxc0RxNDdmYjJOV3JSSXN6ZWl6ZU9hMTlSaUhpdTM1Sk5FWTJxcHhXRjFPemg3T1RIVXUxeXN3UUxjQTI3UTBMUXpRYU9waGoySVN6TVlDb2dhc2V5MkY2TVd6YlBoRytFOFhVdi95aVlFMDZrUGhkdHp1RUpZYXRpQnE1RTdnYW5HOWVDb29iWTFPQUNucHZzeHgrZm9sVE1nR2cvZWY5M0JkeWJRRHJJM0RsYVlWR3lWU3FVSDZwaXlSWEJPYmM1elpzLzNGOVltbG9LWlhBRSsrSmdGbDdUWnlyejlINVloYWpwb29rc3VPanVCQUE9PXw&cppv=2
cache-control: no-cache, no-store, must-revalidate
server-processing-duration-in-ticks: 605250
content-length: 0
expires: 0

GET
H3 200 logo_48.png
www.gstatic.com/recaptcha/api2/ Frame 604D 2 KB
2 KB 21ms
20ms Image
image/png 2a00:1450:400d:805::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/recaptcha/api2/logo_48.png

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/RGRQD9tdxHtnt-Bxkx9pM75S/styles__ltr.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:805::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gstatic.com/recaptcha/releases/RGRQD9tdxHtnt-Bxkx9pM75S/styles__ltr.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Tue, 24 Jan 2023 15:21:21 GMT
x-content-type-options: nosniff
age: 604274
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2228
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: image/png
cache-control: public, max-age=604800
accept-ranges: bytes
expires: Tue, 31 Jan 2023 15:21:21 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 604D 15 KB
16 KB 39ms
7ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/
Origin: https://www.google.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Sat, 28 Jan 2023 12:17:50 GMT
x-content-type-options: nosniff
age: 269685
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15344
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 28 Jan 2024 12:17:50 GMT

GET
H2 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 604D 15 KB
15 KB 45ms
13ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/
Origin: https://www.google.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 22:21:19 GMT
x-content-type-options: nosniff
age: 60676
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15552
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:33:02 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 30 Jan 2024 22:21:19 GMT

GET
H3 200 webworker.js
www.google.com/recaptcha/api2/ Frame 604D 102 B
134 B 47ms
45ms Other
text/javascript 2a00:1450:400d:80d::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/webworker.js?hl=de&v=RGRQD9tdxHtnt-Bxkx9pM75S

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80d::2004 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

cec2fe6ccfa38f972e79f25c46c812727d1048f7d364d3d5639cb2e9528acf5f

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lf_Xq4UAAAAAHd1hKHMAy-iydWdiqmt5E-IKeak&co=aHR0cHM6Ly9naXZlLm1hcmNob2ZkaW1lcy5vcmc6NDQz&hl=de&v=RGRQD9tdxHtnt-Bxkx9pM75S&size=invisible&cb=68pfm5jeaesh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Tue, 31 Jan 2023 15:12:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self'
server: GSE
cross-origin-embedder-policy: require-corp
x-frame-options: SAMEORIGIN
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=300
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 112
x-xss-protection: 1; mode=block
expires: Tue, 31 Jan 2023 15:12:35 GMT

GET
H/1.1 200
OK client.json Show response
s3-us-west-2.amazonaws.com/mfesecure-public/host/give.marchofdimes.org/ Frame 3680 213 B
1 KB 545ms
177ms XHR
application/json 52.218.183.64
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s3-us-west-2.amazonaws.com/mfesecure-public/host/give.marchofdimes.org/client.json?source=jsmain
Requested by: Host: cdn.ywxi.net
URL: https://cdn.ywxi.net/js/1.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.218.183.64 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-us-west-2.amazonaws.com
Software: AmazonS3 /
Resource Hash: 6d4bdbf320347534ec118f2be63919f471f8c8e5de04a234f47088c33eb400e0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date: Tue, 31 Jan 2023 15:12:37 GMT
Content-Encoding: gzip
x-amz-version-id: hT5N30_sI7FQRtOsY80zE8p5lVsizRBc
x-amz-request-id: HSKSFQNPG9K0B667
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
Content-Length: 175
x-amz-id-2: mnPjbzV0D6U1h3k0SHV/jJGR8iwzC+i4CTcjm9RQUid/92+g+ZyURTmsrU3NCSchFxHZuQf9KFo=
Last-Modified: Mon, 30 Jan 2023 08:33:23 GMT
Server: AmazonS3
ETag: "08286967aa1f4a5bb3ab2a127149af97"
Access-Control-Max-Age: 60
Access-Control-Allow-Methods: GET, HEAD
Content-Type: application/json
Access-Control-Allow-Origin: https://give.marchofdimes.org
Access-Control-Expose-Headers: Access-Control-Allow-Origin
Vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
Access-Control-Allow-Credentials: true
Cache-Control: public, max-age=60
Accept-Ranges: bytes

GET
H/1.1 200
OK client.json Show response
s3-us-west-2.amazonaws.com/mfesecure-public/host/give.marchofdimes.org/ Frame 3680 213 B
1 KB 559ms
182ms XHR
application/json 52.218.183.64
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s3-us-west-2.amazonaws.com/mfesecure-public/host/give.marchofdimes.org/client.json?source=jsinline
Requested by: Host: cdn.ywxi.net
URL: https://cdn.ywxi.net/js/1.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.218.183.64 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-us-west-2.amazonaws.com
Software: AmazonS3 /
Resource Hash: 6d4bdbf320347534ec118f2be63919f471f8c8e5de04a234f47088c33eb400e0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date: Tue, 31 Jan 2023 15:12:37 GMT
Content-Encoding: gzip
x-amz-version-id: hT5N30_sI7FQRtOsY80zE8p5lVsizRBc
x-amz-request-id: HSKX98RQM32ZRTM7
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
Content-Length: 175
x-amz-id-2: 0Ao4Z/DEuaWmtnE0qey5yFeaL5PwS5TfeAdNYg07EuW11ttG8NuKEh66+fHf7uajpmCvjHuUC90=
Last-Modified: Mon, 30 Jan 2023 08:33:23 GMT
Server: AmazonS3
ETag: "08286967aa1f4a5bb3ab2a127149af97"
Access-Control-Max-Age: 60
Access-Control-Allow-Methods: GET, HEAD
Content-Type: application/json
Access-Control-Allow-Origin: https://give.marchofdimes.org
Access-Control-Expose-Headers: Access-Control-Allow-Origin
Vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
Access-Control-Allow-Credentials: true
Cache-Control: public, max-age=60
Accept-Ranges: bytes

GET
H3 200 /
www.facebook.com/tr/ Frame 4494 0
15 B 8ms
7ms Image
text/plain 2a03:2880:f176:181:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=812396462484872&ev=Microdata&dl=https%3A%2F%2F8832015.fls.doubleclick.net%2Factivityi%3Bdc_pre%3DCLzH_paM8vwCFVEMogMdvu4FDA%3Bsrc%3D8832015%3Btype%3Drt%3Bcat%3Ddonforms%3Bord%3D2334208738352%3Bgtm%3D2wg1p0%3Bauiddc%3D1629772784.1675177954%3B~oref%3Dhttps%253A%252F%252Fwww.marchofdimes.org%252Fdonate-now%253FsrcCode%253DGCLGENEM2301CNT00130001%2526amp%253Butm_medium%253Demail%2526amp%253Butm_source%253Dmandr%2526amp%253Butm_campaign%253D2023cultivation%2526amp%253Butm_content%253Dem-nat-mandr-2023cultivation-2023-01-30-email-1%2526amp%253Bmkto%253Dem-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001%3F&rl=https%3A%2F%2Fwww.marchofdimes.org%2F&if=true&ts=1675177955906&cd[DataLayer]=%5B%5D&cd[Meta]=%7B%22title%22%3A%22%22%7D&cd[OpenGraph]=%7B%7D&cd[Schema.org]=%5B%5D&cd[JSON-LD]=%5B%5D&sw=1600&sh=1200&v=2.9.95&r=stable&ec=1&o=30&it=1675177954112&coo=false&es=automatic&tm=3&rqm=GET

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f176:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8832015.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Tue, 31 Jan 2023 15:12:35 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0
priority: u=3,i

GET
H2

204

usermatch.gif
beacon.krxd.net/ Frame 1D95
Redirect Chain

https://gum.criteo.com/sync?c=83&r=1&a=1&u=https%3A%2F%2Fbeacon.krxd.net%2Fusermatch.gif%3Fpartner%3Dcriteo%26partner_uid%3D%40USERID%40
https://beacon.krxd.net/usermatch.gif?partner=criteo&partner_uid=c7uCNeFB4y8XjBUTUa1xo6Z4_XXtv-Mv

0
338 B

189ms
31ms

Image
text/plain

54.195.73.77
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://beacon.krxd.net/usermatch.gif?partner=criteo&partner_uid=c7uCNeFB4y8XjBUTUa1xo6Z4_XXtv-Mv
Protocol: H2
Server: 54.195.73.77 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-195-73-77.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

x-served-by: beacon-n024-dub-prod.krxd.net
date: Tue, 31 Jan 2023 15:12:36 GMT
cache-control: private, no-cache, no-store
x-request-time: D=99 t=1675177956
p3p: policyref="https://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

location: https://beacon.krxd.net/usermatch.gif?partner=criteo&partner_uid=c7uCNeFB4y8XjBUTUa1xo6Z4_XXtv-Mv
date: Tue, 31 Jan 2023 15:12:36 GMT
cache-control: private, max-age=0, no-cache, no-store, must-revalidate
strict-transport-security: max-age=31536000; preload;
server: Kestrel
server-processing-duration-in-ticks: 1400915
content-length: 0

GET
H2 200 common.js Show response
maps.googleapis.com/maps-api-v3/api/js/51/7/intl/de_ALL/ Frame 3680 272 KB
76 KB 16ms
14ms Script
text/javascript 2a00:1450:4001:82b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://maps.googleapis.com/maps-api-v3/api/js/51/7/intl/de_ALL/common.js

Requested by

Host: maps.googleapis.com
URL: https://maps.googleapis.com/maps/api/js?key=AIzaSyDuRY-BMAtBAIm1P8HW5Ts8ztNiofeZgBY&libraries=places&v=weekly

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b18208c9d118b2a3ef63d789e600229bcc86da65b1ccb37dbefe6cbc50ae11b0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Fri, 27 Jan 2023 16:32:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 340806
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/maps-api-js
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 77467
x-xss-protection: 0
last-modified: Mon, 23 Jan 2023 21:48:53 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="maps-api-js"
vary: Accept-Encoding, Origin
report-to: {"group":"maps-api-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/maps-api-js"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 27 Jan 2024 16:32:30 GMT

GET
H2 200 util.js Show response
maps.googleapis.com/maps-api-v3/api/js/51/7/intl/de_ALL/ Frame 3680 158 KB
58 KB 16ms
14ms Script
text/javascript 2a00:1450:4001:82b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://maps.googleapis.com/maps-api-v3/api/js/51/7/intl/de_ALL/util.js

Requested by

Host: maps.googleapis.com
URL: https://maps.googleapis.com/maps/api/js?key=AIzaSyDuRY-BMAtBAIm1P8HW5Ts8ztNiofeZgBY&libraries=places&v=weekly

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

08ffbe8132934a6bff10ba3ce45c44031ddb3eff98a69d74a118efdcb51775e2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Fri, 27 Jan 2023 18:13:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 334751
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/maps-api-js
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 59508
x-xss-protection: 0
last-modified: Mon, 23 Jan 2023 21:48:53 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="maps-api-js"
vary: Accept-Encoding, Origin
report-to: {"group":"maps-api-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/maps-api-js"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 27 Jan 2024 18:13:25 GMT

GET
H2 200 controls.js Show response
maps.googleapis.com/maps-api-v3/api/js/51/7/intl/de_ALL/ Frame 3680 88 KB
27 KB 35ms
33ms Script
text/javascript 2a00:1450:4001:82b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://maps.googleapis.com/maps-api-v3/api/js/51/7/intl/de_ALL/controls.js

Requested by

Host: maps.googleapis.com
URL: https://maps.googleapis.com/maps/api/js?key=AIzaSyDuRY-BMAtBAIm1P8HW5Ts8ztNiofeZgBY&libraries=places&v=weekly

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

dd005c0a5171ebaf9e8ece73b6ddef42bc6293263aece42fd1cea69730c44442

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Fri, 27 Jan 2023 04:12:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 385197
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/maps-api-js
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 27341
x-xss-protection: 0
last-modified: Mon, 23 Jan 2023 21:48:53 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="maps-api-js"
vary: Accept-Encoding, Origin
report-to: {"group":"maps-api-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/maps-api-js"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 27 Jan 2024 04:12:39 GMT

GET
H2 200 places_impl.js Show response
maps.googleapis.com/maps-api-v3/api/js/51/7/intl/de_ALL/ Frame 3680 47 KB
17 KB 27ms
26ms Script
text/javascript 2a00:1450:4001:82b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://maps.googleapis.com/maps-api-v3/api/js/51/7/intl/de_ALL/places_impl.js

Requested by

Host: maps.googleapis.com
URL: https://maps.googleapis.com/maps/api/js?key=AIzaSyDuRY-BMAtBAIm1P8HW5Ts8ztNiofeZgBY&libraries=places&v=weekly

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6c81d63f39c0a7924742dba1cc8a5ee8ac13ba9a37ac5f27fe74c449b4c78e76

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Fri, 27 Jan 2023 19:03:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 331741
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/maps-api-js
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 17806
x-xss-protection: 0
last-modified: Mon, 23 Jan 2023 21:48:53 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="maps-api-js"
vary: Accept-Encoding, Origin
report-to: {"group":"maps-api-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/maps-api-js"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 27 Jan 2024 19:03:35 GMT

GET
H2 200 sync
x.bidswitch.net/ Frame 48DC 43 B
145 B 28ms
1ms Image
image/gif 3.67.29.124
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://x.bidswitch.net/sync?dsp_id=46&user_id=k-PnO50D65yWbedHfw1ZgpecuiuwXb6ZpZmtUBFA&expires=30
Requested by: Host: www.marchofdimes.org
URL: https://www.marchofdimes.org/donate-now?srcCode=GCLGENEM2301CNT00130001&utm_medium=email&utm_source=mandr&utm_campaign=2023cultivation&utm_content=em-nat-mandr-2023cultivation-2023-01-30-email-1&mkto=em-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.67.29.124 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-67-29-124.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Tue, 31 Jan 2023 15:12:36 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 43
content-type: image/gif

GET
H2

200

cookiematch.aspx
dis.criteo.com/dis/rtb/google/ Frame 48DC
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=cjp&google_sc&google_ula=913071&CriteoUserId=k-fk5Zzz65yWbedHfw1ZgpecuiuwXp3CRG44TjXg&google_cm&google_hm=ay1mazVaeno2NXlXYmVkSGZ3MVpncGVjdWl1d1hwM0NSR...
https://dis.criteo.com/dis/rtb/google/cookiematch.aspx?id=&CriteoUserId=k-fk5Zzz65yWbedHfw1ZgpecuiuwXp3CRG44TjXg&google_gid=CAESELTsdrJWq5yBdwv_pIdmKbs&google_cver=1&google_ula=913071,0

43 B
369 B

24ms
16ms

Image
image/gif

178.250.2.151
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dis.criteo.com/dis/rtb/google/cookiematch.aspx?id=&CriteoUserId=k-fk5Zzz65yWbedHfw1ZgpecuiuwXp3CRG44TjXg&google_gid=CAESELTsdrJWq5yBdwv_pIdmKbs&google_cver=1&google_ula=913071,0

Protocol

Server

178.250.2.151 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 31 Jan 2023 15:12:36 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
p3p: CP='NON DSP COR CURa PSA PSD OUR BUS NAV STA'
content-type: image/gif
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 831412
timing-allow-origin: *
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 31 Jan 2023 15:12:36 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dis.criteo.com/dis/rtb/google/cookiematch.aspx?id=&CriteoUserId=k-fk5Zzz65yWbedHfw1ZgpecuiuwXp3CRG44TjXg&google_gid=CAESELTsdrJWq5yBdwv_pIdmKbs&google_cver=1&google_ula=913071,0
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 398
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

cookiematch.aspx
dis.criteo.com/dis/rtb/appnexus/ Frame 48DC
Redirect Chain

https://ib.adnxs.com/getuid?https://dis.criteo.com/dis/rtb/appnexus/cookiematch.aspx?appnxsid=$UID
https://dis.criteo.com/dis/rtb/appnexus/cookiematch.aspx?appnxsid=2018361787894374834

43 B
370 B

42ms
15ms

Image
image/gif

178.250.2.151
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dis.criteo.com/dis/rtb/appnexus/cookiematch.aspx?appnxsid=2018361787894374834

Protocol

Server

178.250.2.151 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 31 Jan 2023 15:12:36 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
p3p: CP='NON DSP COR CURa PSA PSD OUR BUS NAV STA'
content-type: image/gif
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 1534938
timing-allow-origin: *
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

Date: Tue, 31 Jan 2023 15:12:36 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 217.64.151.69; 217.64.151.69; 1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: 079b411a-5716-4b75-9c56-698416cf2fb4
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
Location: https://dis.criteo.com/dis/rtb/appnexus/cookiematch.aspx?appnxsid=2018361787894374834
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 match
ad.360yield.com/ Frame 48DC 43 B
447 B 50ms
7ms Image
image/gif 52.58.241.65
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ad.360yield.com/match?publisher_dsp_id=38&external_user_id=k-cFQVTz65yWbedHfw1ZgpecuiuwUCNsV0axxXIg
Requested by: Host: www.marchofdimes.org
URL: https://www.marchofdimes.org/donate-now?srcCode=GCLGENEM2301CNT00130001&utm_medium=email&utm_source=mandr&utm_campaign=2023cultivation&utm_content=em-nat-mandr-2023cultivation-2023-01-30-email-1&mkto=em-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.58.241.65 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-58-241-65.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

access-control-allow-origin: *
date: Tue, 31 Jan 2023 15:12:36 GMT
content-type: image/gif
content-length: 43
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

GET
H2 200 cksync.php
contextual.media.net/ Frame 48DC 237 B
830 B 202ms
160ms Image
image/gif 2.17.244.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://contextual.media.net/cksync.php?cs=3&type=crt&ovsid=k-MZ-L8T65yWbedHfw1ZgpecuiuwURFhnWYT9dTQ

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.244.21 Vienna, Austria, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-17-244-21.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

11cb2c0e70f91c6a0326cf4a4f9fa1b177c14efba6b56bf7535624b9c7bce990

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000
date: Tue, 31 Jan 2023 15:12:36 GMT
server: Apache
vary: Accept-Encoding
p3p: CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA, CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
content-length: 237
x-mnet-hl2: E
expires: Tue, 31 Jan 2023 15:12:36 GMT

GET
H/1.1 200
OK cookie-sync
sync.outbrain.com/ Frame 48DC 0
0 370ms
88ms Image
application/json 64.202.112.95
SERVERCENTRAL

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.outbrain.com/cookie-sync?p=criteo&uid=k-OAfcRj65yWbedHfw1ZgpecuiuwVlaU4qUrcO-A
Requested by: Host: www.marchofdimes.org
URL: https://www.marchofdimes.org/donate-now?srcCode=GCLGENEM2301CNT00130001&utm_medium=email&utm_source=mandr&utm_campaign=2023cultivation&utm_content=em-nat-mandr-2023cultivation-2023-01-30-email-1&mkto=em-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 64.202.112.95 , United States, ASN23352 (SERVERCENTRAL, US),
Reverse DNS: ny.outbrain.com
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

GET
H/1.1 200
OK /
rtb-csync.smartadserver.com/redir/ Frame 48DC 43 B
163 B 50ms
25ms Image
image/gif 185.86.137.132
SMARTADSERVER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb-csync.smartadserver.com/redir/?partnerid=79&partneruserid=k-pCFg-z65yWbedHfw1ZgpecuiuwW97_XN2gDiDw
Requested by: Host: www.marchofdimes.org
URL: https://www.marchofdimes.org/donate-now?srcCode=GCLGENEM2301CNT00130001&utm_medium=email&utm_source=mandr&utm_campaign=2023cultivation&utm_content=em-nat-mandr-2023cultivation-2023-01-30-email-1&mkto=em-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.137.132 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: 89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Tue, 31 Jan 2023 15:12:35 GMT
transfer-encoding: chunked
content-type: image/gif

GET
H2 200 /
sync-t1.taboola.com/sg/criteortb-network/1/rtb-h/ Frame 48DC 0
98 B 52ms
10ms Image
text/plain 141.226.228.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync-t1.taboola.com/sg/criteortb-network/1/rtb-h/?taboola_hm=k-k-EV0D65yWbedHfw1ZgpecuiuwWUc5-dL12MWw
Requested by: Host: www.marchofdimes.org
URL: https://www.marchofdimes.org/donate-now?srcCode=GCLGENEM2301CNT00130001&utm_medium=email&utm_source=mandr&utm_campaign=2023cultivation&utm_content=em-nat-mandr-2023cultivation-2023-01-30-email-1&mkto=em-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Tue, 31 Jan 2023 15:12:36 GMT
access-control-allow-credentials: true
server: nginx
x-fastly-to-nlb-rtt: 13457

GET
H2 200 um
criteo-sync.teads.tv/ Frame 48DC 23 B
172 B 168ms
129ms Image
image/gif 23.35.209.30
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://criteo-sync.teads.tv/um?eid=80&uid=k-rZeLSj65yWbedHfw1ZgpecuiuwWTcgVn7HQIeQ
Requested by: Host: www.marchofdimes.org
URL: https://www.marchofdimes.org/donate-now?srcCode=GCLGENEM2301CNT00130001&utm_medium=email&utm_source=mandr&utm_campaign=2023cultivation&utm_content=em-nat-mandr-2023cultivation-2023-01-30-email-1&mkto=em-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.35.209.30 Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-35-209-30.deploy.static.akamaitechnologies.com
Software: akka-http/10.2.9 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

expires: Tue, 31 Jan 2023 15:12:36 GMT
pragma: no-cache
date: Tue, 31 Jan 2023 15:12:36 GMT
cache-control: max-age=0, no-cache, no-store
server: akka-http/10.2.9
content-length: 23
content-type: image/gif

GET
H2 200 xuid
eb2.3lift.com/ Frame 48DC 37 B
139 B 45ms
5ms Image
image/gif 13.248.245.213
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eb2.3lift.com/xuid?mid=2711&xuid=k-xWXSFz65yWbedHfw1ZgpecuiuwUlVp88mqyfrQ&dongle=013b
Requested by: Host: www.marchofdimes.org
URL: https://www.marchofdimes.org/donate-now?srcCode=GCLGENEM2301CNT00130001&utm_medium=email&utm_source=mandr&utm_campaign=2023cultivation&utm_content=em-nat-mandr-2023cultivation-2023-01-30-email-1&mkto=em-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.248.245.213 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a0f671730127a0812.awsglobalaccelerator.com
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Tue, 31 Jan 2023 15:12:36 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 37
content-type: image/gif

GET
H2 200 pixel
cm.adform.net/ Frame 48DC 43 B
161 B 52ms
18ms Image
image/gif 37.157.2.234
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cm.adform.net/pixel?adform_pid=15&adform_pc=k-FyfRfD65yWbedHfw1ZgpecuiuwXTsfcf4Uzttg
Requested by: Host: www.marchofdimes.org
URL: https://www.marchofdimes.org/donate-now?srcCode=GCLGENEM2301CNT00130001&utm_medium=email&utm_source=mandr&utm_campaign=2023cultivation&utm_content=em-nat-mandr-2023cultivation-2023-01-30-email-1&mkto=em-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.2.234 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Tue, 31 Jan 2023 15:12:36 GMT
last-modified: Thu, 28 Jul 2022 12:09:37 GMT
server: nginx
accept-ranges: bytes
etag: "62e27c81-2b"
content-length: 43
content-type: image/gif

GET
H2 200 sync
visitor.omnitagjs.com/visitor/ Frame 48DC 49 B
94 B 54ms
19ms Image
image/gif 185.255.84.153
IGUANE-

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://visitor.omnitagjs.com/visitor/sync?uid=732efe97317e6352de4c1caf24b5064b&name=CRITEO&visitor=k-ZQ4JHz65yWbedHfw1ZgpecuiuwVY4G8Euj7fog

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

185.255.84.153 , France, ASN200271 (IGUANE-, FR),

Reverse DNS

Software

ayl-lb-fra02 /

Resource Hash

d1371feb0512d700cf724b05a588ce79f8d8dfbb0991ae5f45ecd3ab08983a38

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 31 Jan 2023 15:12:35 GMT
x-content-type-options: nosniff
server: ayl-lb-fra02
vary: Accept-Encoding
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate
x-envoy-upstream-service-time: 3
content-length: 49
expires: 0

GET
H2 200 rum
r.casalemedia.com/ Frame 48DC 43 B
532 B 60ms
14ms Image
image/gif 172.64.154.237
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://r.casalemedia.com/rum?cm_dsp_id=20&external_user_id=k-jNGtez65yWbedHfw1ZgpecuiuwWuio1cCAEopw
Requested by: Host: www.marchofdimes.org
URL: https://www.marchofdimes.org/donate-now?srcCode=GCLGENEM2301CNT00130001&utm_medium=email&utm_source=mandr&utm_campaign=2023cultivation&utm_content=em-nat-mandr-2023cultivation-2023-01-30-email-1&mkto=em-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.64.154.237 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 31 Jan 2023 15:12:36 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DZeJysVFv3hMOa7toPgBs3ZrTRFvhDynl1b6jahzukFnQbOor4KbanWqujH1dV5qhdGhcaGc8ujmjbdsIpGHC4r1pPdm%2BD4LKrpmL8uLuWtNmkuxjtLfUC1J%2B5HdX6IEBBOr"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 792362f1cf2092a7-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 43
expires: 0

GET
H/1.1

200
OK

ibs:dpid=28645&dpuuid=SVp7CgKCDlr3pLc93fq_jFA65MXyL95p
dpm.demdex.net/ Frame 48DC
Redirect Chain

https://gum.criteo.com/sync?c=8&r=1&a=1&u=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D28645%26dpuuid%3D%40USERID%40
https://dpm.demdex.net/ibs:dpid=28645&dpuuid=SVp7CgKCDlr3pLc93fq_jFA65MXyL95p

42 B
942 B

153ms
151ms

Image
image/gif

52.31.164.85
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=28645&dpuuid=SVp7CgKCDlr3pLc93fq_jFA65MXyL95p

Protocol

HTTP/1.1

Server

52.31.164.85 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-31-164-85.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

DCS: dcs-prod-irl1-2-v045-000256d3c.edge-irl1.demdex.com 2 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: v6D09UKDSNc=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Content-Type: image/gif
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

location: https://dpm.demdex.net/ibs:dpid=28645&dpuuid=SVp7CgKCDlr3pLc93fq_jFA65MXyL95p
date: Tue, 31 Jan 2023 15:12:35 GMT
cache-control: private, max-age=0, no-cache, no-store, must-revalidate
strict-transport-security: max-age=31536000; preload;
server: Kestrel
server-processing-duration-in-ticks: 1392412
content-length: 0

GET
H/1.1 200 9.gif
id5-sync.com/s/966/ Frame 48DC 43 B
1 KB 34ms
11ms Image
image/gif 162.19.138.119
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://id5-sync.com/s/966/9.gif?puid=k-51XFJj65yWbedHfw1ZgpecuiuwVF6vxqAApElQ

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

162.19.138.119 , France, ASN16276 (OVH, FR),

Reverse DNS

ns31533570.ip-162-19-138.eu

Software

Resource Hash

a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

content-type: image/gif;charset=UTF-8
date: Tue, 31 Jan 2023 15:12:36 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
transfer-encoding: chunked
p3p: CP="CAO PSA OUR"

GET
H2 200 sync
matching.ivitrack.com/ Frame 48DC 42 B
103 B 46ms
2ms Image
image/gif 34.117.157.22
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://matching.ivitrack.com/sync?realm=criteo&uid=k-Kxi6Qj65yWbedHfw1ZgpecuiuwV1QQqe6eRYaQ
Requested by: Host: www.marchofdimes.org
URL: https://www.marchofdimes.org/donate-now?srcCode=GCLGENEM2301CNT00130001&utm_medium=email&utm_source=mandr&utm_campaign=2023cultivation&utm_content=em-nat-mandr-2023cultivation-2023-01-30-email-1&mkto=em-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.117.157.22 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 22.157.117.34.bc.googleusercontent.com
Software: istio-envoy /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Tue, 31 Jan 2023 15:12:35 GMT
x-envoy-decorator-operation: tag-manager.programmatic.svc.cluster.local:3000/*
via: 1.1 google
server: istio-envoy
content-type: image/gif
cache-control: public, max-age=86400
x-envoy-upstream-service-time: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42

GET
H2 200 Pug
simage2.pubmatic.com/AdServer/ Frame 48DC 42 B
424 B 45ms
1ms Image
image/gif 185.64.189.110
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCookie=uid:k-oFr14T65yWbedHfw1ZgpecuiuwU-Vioc45XoLw
Requested by: Host: www.marchofdimes.org
URL: https://www.marchofdimes.org/donate-now?srcCode=GCLGENEM2301CNT00130001&utm_medium=email&utm_source=mandr&utm_campaign=2023cultivation&utm_content=em-nat-mandr-2023cultivation-2023-01-30-email-1&mkto=em-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

content-type: image/gif; charset=utf-8
date: Tue, 31 Jan 2023 15:12:35 GMT
cache-control: no-store, no-cache, private
server: nginx
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

GET
H2 200 sync
criteo-partners.tremorhub.com/ Frame 48DC 43 B
182 B 133ms
88ms Image
image/gif 2600:1f18:612b:4280:5c4b:c2e1:7939:6359
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://criteo-partners.tremorhub.com/sync?UICR=k-QUHiaT65yWbedHfw1ZgpecuiuwWkv6u5EEGy1g
Requested by: Host: www.marchofdimes.org
URL: https://www.marchofdimes.org/donate-now?srcCode=GCLGENEM2301CNT00130001&utm_medium=email&utm_source=mandr&utm_campaign=2023cultivation&utm_content=em-nat-mandr-2023cultivation-2023-01-30-email-1&mkto=em-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:612b:4280:5c4b:c2e1:7939:6359 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: Apache-Coyote/1.1 /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

p3p: CP='This is not a P3P policy. See https://telaria.com/privacy-policy/'
date: Tue, 31 Jan 2023 15:12:36 GMT
server: Apache-Coyote/1.1
content-type: image/gif

GET
H2 200 getusermatch.php
a.twiago.com/rtb/ Frame 48DC 43 B
153 B 53ms
9ms Image
image/gif 85.215.5.31
CRONON-BERLIN-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://a.twiago.com/rtb/getusermatch.php?dataid=6&external_user_id=k-PhKJeD65yWbedHfw1ZgpecuiuwX50c_97Szr-w
Requested by: Host: www.marchofdimes.org
URL: https://www.marchofdimes.org/donate-now?srcCode=GCLGENEM2301CNT00130001&utm_medium=email&utm_source=mandr&utm_campaign=2023cultivation&utm_content=em-nat-mandr-2023cultivation-2023-01-30-email-1&mkto=em-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 85.215.5.31 Berlin, Germany, ASN6786 (CRONON-BERLIN-AS, DE),
Reverse DNS
Software: Apache / PHP/7.3.29
Resource Hash: 5704a2e9f2f7ce43a79f9b407f1aedcfd50223cbe8bd2f71ff8c5c819e469cbc

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

access-control-allow-origin: *
date: Tue, 31 Jan 2023 15:12:36 GMT
server: Apache
x-powered-by: PHP/7.3.29
content-length: 43
content-type: image/gif

GET
H/1.1 204
No Content m
ad.yieldlab.net/ Frame 48DC 0
525 B 103ms
44ms Image
text/plain 23.44.72.208
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ad.yieldlab.net/m?dt_id=8664&ext_id=k-kmRxXz65yWbedHfw1ZgpecuiuwXeRsoLH8sQCA

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

23.44.72.208 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-44-72-208.deploy.static.akamaitechnologies.com

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 31 Jan 2023 15:12:36 GMT
x-content-type-options: nosniff
x-frame-options: DENY
Cache-Control: no-store,no-cache,max-age=-3600,must-revalidate,post-check=0,pre-check=0
Connection: keep-alive
x-xss-protection: 1; mode=block
x-application-context: application
Expires: Mon, 30 Jan 2023 15:12:36 GMT

GET
H2 200 sync
sync-criteo.ads.yieldmo.com/ Frame 48DC 0
37 B 61ms
18ms Image
text/plain 54.194.205.164
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync-criteo.ads.yieldmo.com/sync?id=k-ykeuuj65yWbedHfw1ZgpecuiuwVItBPtXbuoDw&pn_id=criteo&ext=1
Requested by: Host: www.marchofdimes.org
URL: https://www.marchofdimes.org/donate-now?srcCode=GCLGENEM2301CNT00130001&utm_medium=email&utm_source=mandr&utm_campaign=2023cultivation&utm_content=em-nat-mandr-2023cultivation-2023-01-30-email-1&mkto=em-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.194.205.164 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-194-205-164.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Tue, 31 Jan 2023 15:12:36 GMT
content-length: 0

GET
H/1.1 204
No Content tap.php
pixel.rubiconproject.com/ Frame 48DC 0
239 B 34ms
14ms Image
image/gif 69.173.144.165
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=6434&nid=2149&put=k-9acb1z65yWbedHfw1ZgpecuiuwWpGuK3y-1G6A&expires=30
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 69.173.144.165 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Content-Type: image/gif
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
X-RPHost: 611afce88997db6fdd35eb213e662871
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H2 204 v1
match.sharethrough.com/sync/ Frame 48DC 0
34 B 37ms
0ms Image
text/plain 52.28.76.139
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.sharethrough.com/sync/v1?source_id=7658cb1d77a660882b48db06&source_user_id=k-xbYI5D65yWbedHfw1ZgpecuiuwUFYAgYG2HTTA
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.28.76.139 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-28-76-139.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Tue, 31 Jan 2023 15:12:36 GMT

GET
H2 204 sync
ups.analytics.yahoo.com/ups/58301/ Frame 48DC 0
323 B 41ms
0ms Image
text/plain 3.126.56.137
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ups.analytics.yahoo.com/ups/58301/sync?_origin=1&uid=k-FqeDOD65yWbedHfw1ZgpecuiuwX6HOKWJHiwfQ

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

3.126.56.137 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-126-56-137.eu-central-1.compute.amazonaws.com

Software

ATS/9.1.10.25 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Tue, 31 Jan 2023 15:12:36 GMT
strict-transport-security: max-age=31536000
server: ATS/9.1.10.25
age: 0
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H2 200 push
exchange.mediavine.com/usersync/ Frame 48DC 0
883 B 38ms
0ms Image
text/html 18.198.153.70
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://exchange.mediavine.com/usersync/push?partner=criteo&partnerId=k-RdN_dD65yWbedHfw1ZgpecuiuwXKbGmbV0-GQA
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.198.153.70 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-198-153-70.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Tue, 31 Jan 2023 15:12:36 GMT
cache-control: private, no-cache
access-control-allow-credentials: true
content-encoding: gzip
vary: Origin, Accept-Encoding
content-type: text/html; charset=utf-8

GET
H2 204 put
e1.emxdgt.com/ Frame 48DC 0
22 B 46ms
4ms Image
text/html 3.71.169.66
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://e1.emxdgt.com/put?d=d53&uid=k-59qBnT65yWbedHfw1ZgpecuiuwXr7772BnCaFg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.71.169.66 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-71-169-66.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Tue, 31 Jan 2023 15:12:35 GMT
content-length: 0
content-type: text/html

GET
H2 200 powered-by-google-on-white3.png
maps.gstatic.com/mapfiles/api-3/images/ Frame 3680 2 KB
2 KB 65ms
18ms Image
image/png 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://maps.gstatic.com/mapfiles/api-3/images/powered-by-google-on-white3.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cd80d0dcb2a44bd30c11fcdf13d4c280f336dad9442ee7da79146f2bb77381a4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Tue, 31 Jan 2023 15:12:36 GMT
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/geo-tactile
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1616
x-xss-protection: 0
last-modified: Tue, 18 May 2021 19:15:00 GMT
server: sffe
report-to: {"group":"geo-tactile","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/geo-tactile"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: private, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="geo-tactile"
expires: Tue, 31 Jan 2023 15:12:36 GMT

GET
H2 200 autocomplete-icons.png
maps.gstatic.com/mapfiles/api-3/images/ Frame 3680 3 KB
3 KB 66ms
20ms Image
image/png 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://maps.gstatic.com/mapfiles/api-3/images/autocomplete-icons.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

db209390b90b70f4b1ef3540cb581e4ec8edbba21980971b68e4aef5c5d352fb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Tue, 31 Jan 2023 15:12:36 GMT
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/geo-tactile
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3351
x-xss-protection: 0
last-modified: Tue, 18 May 2021 19:15:00 GMT
server: sffe
report-to: {"group":"geo-tactile","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/geo-tactile"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: private, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="geo-tactile"
expires: Tue, 31 Jan 2023 15:12:36 GMT

POST
H/1.1 200
OK uedata Show response
apay-us.amazon.com/cs/ Frame 3680 0
440 B 1278ms
216ms XHR
application/json 52.46.135.222
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://apay-us.amazon.com/cs/uedata

Requested by

Host: static-na.payments-amazon.com
URL: https://static-na.payments-amazon.com/OffAmazonPayments/us/js/Widgets.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.46.135.222 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Accept: application/json
Referer: https://give.marchofdimes.org/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

Date: Tue, 31 Jan 2023 15:12:37 GMT
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Server: Server
x-amz-rid: AEXPNMG72CMGHEMVHMQN
x-amzn-RequestId: AEXPNMG72CMGHEMVHMQN
Vary: Content-Type,Accept-Encoding,User-Agent
Content-Type: application/json
Access-Control-Allow-Origin: https://give.marchofdimes.org
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 0

GET
H/1.1 200
OK abTestV2 Show response
payments.amazon.com/ Frame 3680 327 B
769 B 459ms
453ms XHR
application/json 54.239.28.235
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://payments.amazon.com/abTestV2?countryOfEstablishment=US&ledgerCurrency=USD&isSandbox=false&encryptedSessionId=nD%252B37E%252BJDEx7wllLODaZZgMxlVhPSsE6JOP1u2OikYDRyuPLpTIpszHPIaqQ%252FsE%253D&merchantId=A24SJ7EJ7ID1HK

Requested by

Host: static-na.payments-amazon.com
URL: https://static-na.payments-amazon.com/OffAmazonPayments/us/js/Widgets.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.239.28.235 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

ef783ddf3214504338e74ae68ad1cb5229f3e8519eb4a539bb964deb38864ca9

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date: Tue, 31 Jan 2023 15:12:36 GMT
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Server: Server
x-amz-rid: SBNK3WGA3KC7JQ1DH959
x-amzn-RequestId: SBNK3WGA3KC7JQ1DH959
Vary: Content-Type,Accept-Encoding,User-Agent
Content-Type: application/json
Access-Control-Allow-Origin: https://give.marchofdimes.org
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 327

GET
H2

200

cs
s.thebrighttag.com/ Frame 1D95
Redirect Chain

https://gum.criteo.com/sync?c=10&r=1&u=https%3A%2F%2Fs.thebrighttag.com%2Fcs%3Fbtt%3D0%26tp%3Dcr%26uid%3D%40USERID%40
https://s.thebrighttag.com/cs?btt=0&tp=cr&uid=u6SUh51uApLV9m29l50CTLmI8P5n0ZF1

35 B
268 B

402ms
111ms

Image
image/gif

18.116.2.22
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.thebrighttag.com/cs?btt=0&tp=cr&uid=u6SUh51uApLV9m29l50CTLmI8P5n0ZF1
Protocol: H2
Server: 18.116.2.22 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-116-2-22.us-east-2.compute.amazonaws.com
Software: nginx /
Resource Hash: 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 31 Jan 2023 15:12:36 GMT
x-bt-requestid: b1ef7b10-a179-11ed-9bb7-0000ac1703a4
server: nginx
content-type: image/gif
access-control-allow-origin
p3p: CP=NOI DSP COR NID
cache-control: private, must-revalidate
content-length: 35
expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

location: https://s.thebrighttag.com/cs?btt=0&tp=cr&uid=u6SUh51uApLV9m29l50CTLmI8P5n0ZF1
date: Tue, 31 Jan 2023 15:12:35 GMT
cache-control: private, max-age=0, no-cache, no-store, must-revalidate
strict-transport-security: max-age=31536000; preload;
server: Kestrel
server-processing-duration-in-ticks: 1086193
content-length: 0

GET
H2

204

usermatch.gif
beacon.krxd.net/ Frame 48DC
Redirect Chain

https://gum.criteo.com/sync?c=83&r=1&a=1&u=https%3A%2F%2Fbeacon.krxd.net%2Fusermatch.gif%3Fpartner%3Dcriteo%26partner_uid%3D%40USERID%40
https://beacon.krxd.net/usermatch.gif?partner=criteo&partner_uid=UMgEH7e76kQvTlInv8ZBBtZDom_NidC-

0
337 B

30ms
29ms

Image
text/plain

54.195.73.77
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://beacon.krxd.net/usermatch.gif?partner=criteo&partner_uid=UMgEH7e76kQvTlInv8ZBBtZDom_NidC-
Protocol: H2
Server: 54.195.73.77 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-195-73-77.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

x-served-by: beacon-n016-dub-prod.krxd.net
date: Tue, 31 Jan 2023 15:12:36 GMT
cache-control: private, no-cache, no-store
x-request-time: D=30 t=1675177956
p3p: policyref="https://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

location: https://beacon.krxd.net/usermatch.gif?partner=criteo&partner_uid=UMgEH7e76kQvTlInv8ZBBtZDom_NidC-
date: Tue, 31 Jan 2023 15:12:35 GMT
cache-control: private, max-age=0, no-cache, no-store, must-revalidate
strict-transport-security: max-age=31536000; preload;
server: Kestrel
server-processing-duration-in-ticks: 1506166
content-length: 0

POST
H/1.1 200
OK shcx58sp28nbxkn5 Show response
client-analytics.braintreegateway.com/ Frame 3680 0
286 B 20ms
14ms XHR
text/plain 18.195.154.142
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://client-analytics.braintreegateway.com/shcx58sp28nbxkn5
Requested by: Host: give.marchofdimes.org
URL: https://give.marchofdimes.org/js/chunk-vendors.19a53d4c.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.195.154.142 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-154-142.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://give.marchofdimes.org/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
Content-Type: application/json

Response headers

Date: Tue, 31 Jan 2023 15:12:36 GMT
Server: nginx
Access-Control-Max-Age: 3000
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: https://give.marchofdimes.org
Connection: keep-alive
Access-Control-Allow-Headers
Content-Length: 0

POST
H/1.1 200
OK shcx58sp28nbxkn5 Show response
client-analytics.braintreegateway.com/ Frame 3680 0
286 B 16ms
14ms XHR
text/plain 18.195.154.142
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://client-analytics.braintreegateway.com/shcx58sp28nbxkn5
Requested by: Host: give.marchofdimes.org
URL: https://give.marchofdimes.org/js/chunk-vendors.19a53d4c.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.195.154.142 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-154-142.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://give.marchofdimes.org/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
Content-Type: application/json

Response headers

Date: Tue, 31 Jan 2023 15:12:36 GMT
Server: nginx
Access-Control-Max-Age: 3000
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: https://give.marchofdimes.org
Connection: keep-alive
Access-Control-Allow-Headers
Content-Length: 0

OPTIONS
H/1.1 200
OK shcx58sp28nbxkn5
client-analytics.braintreegateway.com/ Frame 0
0 48ms
7ms Preflight 18.195.154.142
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://client-analytics.braintreegateway.com/shcx58sp28nbxkn5
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.195.154.142 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-154-142.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://give.marchofdimes.org
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Access-Control-Allow-Headers: content-type
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: https://give.marchofdimes.org
Access-Control-Max-Age: 3000
Connection: keep-alive
Content-Length: 0
Date: Tue, 31 Jan 2023 15:12:36 GMT
Server: nginx

OPTIONS
H/1.1 200
OK shcx58sp28nbxkn5
client-analytics.braintreegateway.com/ Frame 0
0 48ms
8ms Preflight 18.195.154.142
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://client-analytics.braintreegateway.com/shcx58sp28nbxkn5
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.195.154.142 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-154-142.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://give.marchofdimes.org
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Access-Control-Allow-Headers: content-type
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: https://give.marchofdimes.org
Access-Control-Max-Age: 3000
Connection: keep-alive
Content-Length: 0
Date: Tue, 31 Jan 2023 15:12:36 GMT
Server: nginx

OPTIONS
H/1.1 200
OK shcx58sp28nbxkn5
client-analytics.braintreegateway.com/ Frame 0
0 26ms
9ms Preflight 18.195.154.142
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://client-analytics.braintreegateway.com/shcx58sp28nbxkn5
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.195.154.142 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-154-142.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://give.marchofdimes.org
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Access-Control-Allow-Headers: content-type
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: https://give.marchofdimes.org
Access-Control-Max-Age: 3000
Connection: keep-alive
Content-Length: 0
Date: Tue, 31 Jan 2023 15:12:36 GMT
Server: nginx

OPTIONS
H2 200 graphql
payments.braintree-api.com/ Frame 0
0 14ms
12ms Preflight 76.223.13.31
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://payments.braintree-api.com/graphql

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

76.223.13.31 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ae1d37305401c759d.awsglobalaccelerator.com

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,braintree-version,content-type
Access-Control-Request-Method: POST
Origin: https://give.marchofdimes.org
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

access-control-allow-headers: authorization,braintree-version,content-type
access-control-allow-methods: GET,DELETE,OPTIONS,PATCH,POST,PUT
access-control-allow-origin: https://give.marchofdimes.org
access-control-max-age: 1800
date: Tue, 31 Jan 2023 15:12:36 GMT
paypal-debug-id: 50bdcf84cfa54
server: nginx
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
x-frame-options: DENY

OPTIONS
H/1.1 200
OK shcx58sp28nbxkn5
client-analytics.braintreegateway.com/ Frame 0
0 28ms
12ms Preflight 18.195.154.142
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://client-analytics.braintreegateway.com/shcx58sp28nbxkn5
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.195.154.142 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-154-142.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://give.marchofdimes.org
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Access-Control-Allow-Headers: content-type
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: https://give.marchofdimes.org
Access-Control-Max-Age: 3000
Connection: keep-alive
Content-Length: 0
Date: Tue, 31 Jan 2023 15:12:36 GMT
Server: nginx

POST
H/1.1 200
OK shcx58sp28nbxkn5 Show response
client-analytics.braintreegateway.com/ Frame 3680 0
286 B 13ms
10ms XHR
text/plain 18.195.154.142
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://client-analytics.braintreegateway.com/shcx58sp28nbxkn5
Requested by: Host: give.marchofdimes.org
URL: https://give.marchofdimes.org/js/chunk-vendors.19a53d4c.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.195.154.142 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-154-142.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://give.marchofdimes.org/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
Content-Type: application/json

Response headers

Date: Tue, 31 Jan 2023 15:12:36 GMT
Server: nginx
Access-Control-Max-Age: 3000
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: https://give.marchofdimes.org
Connection: keep-alive
Access-Control-Allow-Headers
Content-Length: 0

POST
H2 200 graphql Show response
payments.braintree-api.com/ Frame 3680 382 B
650 B 171ms
170ms XHR
application/json 76.223.13.31
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://payments.braintree-api.com/graphql

Requested by

Host: give.marchofdimes.org
URL: https://give.marchofdimes.org/js/chunk-vendors.19a53d4c.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

76.223.13.31 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ae1d37305401c759d.awsglobalaccelerator.com

Software

nginx /

Resource Hash

bd9a372e0be63d97a75575bb1e202e4e619cdaad3eb2fbc1a47f2583752ef097

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://give.marchofdimes.org/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiIsImtpZCI6IjIwMTgwNDI2MTYtcHJvZHVjdGlvbiIsImlzcyI6Imh0dHBzOi8vYXBpLmJyYWludHJlZWdhdGV3YXkuY29tIn0.eyJleHAiOjE2NzUyNjQzNTUsImp0aSI6IjA2ZDcxNmE1LWZjMmItNDg5NS1iYzBjLWNkYjJlNDQyZTQ1MyIsInN1YiI6InNoY3g1OHNwMjhuYnhrbjUiLCJpc3MiOiJodHRwczovL2FwaS5icmFpbnRyZWVnYXRld2F5LmNvbSIsIm1lcmNoYW50Ijp7InB1YmxpY19pZCI6InNoY3g1OHNwMjhuYnhrbjUiLCJ2ZXJpZnlfY2FyZF9ieV9kZWZhdWx0Ijp0cnVlfSwicmlnaHRzIjpbIm1hbmFnZV92YXVsdCJdLCJzY29wZSI6WyJCcmFpbnRyZWU6VmF1bHQiXSwib3B0aW9ucyI6e319.jdjmSkYOLLWHQM5mI942bWaPSFW4WKdopfanNUwbIASBNkLJ2cR0SkI1YzD4sYoTTlNAXty1Hs1xuoNynTIokA
Braintree-Version: 2018-05-10
Content-Type: application/json

Response headers

pragma: no-cache
date: Tue, 31 Jan 2023 15:12:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubdomains; preload
server: nginx
vary: Braintree-Version, Accept-Encoding
braintree-version: 2016-10-07
content-type: application/json
access-control-allow-origin: https://give.marchofdimes.org
paypal-debug-id: 22339c6571384
cache-control: no-cache, no-store
x-frame-options: DENY
content-length: 292

POST
H/1.1 200
OK shcx58sp28nbxkn5 Show response
client-analytics.braintreegateway.com/ Frame 3680 0
286 B 13ms
12ms XHR
text/plain 18.195.154.142
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://client-analytics.braintreegateway.com/shcx58sp28nbxkn5
Requested by: Host: give.marchofdimes.org
URL: https://give.marchofdimes.org/js/chunk-vendors.19a53d4c.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.195.154.142 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-154-142.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://give.marchofdimes.org/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
Content-Type: application/json

Response headers

Date: Tue, 31 Jan 2023 15:12:36 GMT
Server: nginx
Access-Control-Max-Age: 3000
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: https://give.marchofdimes.org
Connection: keep-alive
Access-Control-Allow-Headers
Content-Length: 0

GET
H2 200 fb.js Show response
c.paypal.com/da/r/ Frame 3680 58 KB
20 KB 83ms
9ms Script
application/javascript 151.101.65.35
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://c.paypal.com/da/r/fb.js

Requested by

Host: give.marchofdimes.org
URL: https://give.marchofdimes.org/js/chunk-vendors.19a53d4c.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.65.35 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

ECAcc (dce/26D3) /

Resource Hash

def7e4d139a8615c2721b3a2f0aee56e08052118029fa0bc8101fc0daea957d6

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

x-cache-hits: 1463890
date: Tue, 31 Jan 2023 15:12:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains; preload
via: 1.1 varnish
age: 2315768
x-cache: HIT, HIT
paypal-debug-id: ead3a6f42dd89
server-timing: content-encoding;desc="gzip",x-cdn;desc="fastly"
dc: ccg11-origin-www-1.paypal.com
content-length: 20336
x-served-by: cache-hhn-etou8220093-HHN
last-modified: Tue, 20 Dec 2022 17:16:51 GMT
server: ECAcc (dce/26D3)
traceparent: 00-0000000000000000000ead3a6f42dd89-8fcdf00fed62c94f-01
x-timer: S1675177956.446668,VS0,VE1
etag: W/"63a1ee03-e9eb"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: s-maxage=31536000, public,max-age=86400
access-control-allow-credentials: false
access-control-max-age: 86400
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 01 Feb 2023 15:12:36 GMT

POST
H/1.1 200
OK shcx58sp28nbxkn5 Show response
client-analytics.braintreegateway.com/ Frame 3680 0
286 B 15ms
14ms XHR
text/plain 18.195.154.142
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://client-analytics.braintreegateway.com/shcx58sp28nbxkn5
Requested by: Host: give.marchofdimes.org
URL: https://give.marchofdimes.org/js/chunk-vendors.19a53d4c.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.195.154.142 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-154-142.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://give.marchofdimes.org/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
Content-Type: application/json

Response headers

Date: Tue, 31 Jan 2023 15:12:36 GMT
Server: nginx
Access-Control-Max-Age: 3000
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: https://give.marchofdimes.org
Connection: keep-alive
Access-Control-Allow-Headers
Content-Length: 0

OPTIONS
H/1.1 200
OK shcx58sp28nbxkn5
client-analytics.braintreegateway.com/ Frame 0
0 28ms
12ms Preflight 18.195.154.142
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://client-analytics.braintreegateway.com/shcx58sp28nbxkn5
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.195.154.142 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-154-142.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://give.marchofdimes.org
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Access-Control-Allow-Headers: content-type
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: https://give.marchofdimes.org
Access-Control-Max-Age: 3000
Connection: keep-alive
Content-Length: 0
Date: Tue, 31 Jan 2023 15:12:36 GMT
Server: nginx

GET
H/1.1

200
OK

logo.htm Show response
ssl.kaptcha.com/ Frame AA8D
Redirect Chain

https://assets.braintreegateway.com/data/logo.htm?m=null&s=57034ecf89433df29b0060edc983414e
https://ssl.kaptcha.com/logo.htm?m=null&s=57034ecf89433df29b0060edc983414e

41 B
366 B

585ms
172ms

Document
text/html

54.148.115.137
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ssl.kaptcha.com/logo.htm?m=null&s=57034ecf89433df29b0060edc983414e
Requested by: Host: give.marchofdimes.org
URL: https://give.marchofdimes.org/js/chunk-vendors.19a53d4c.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 54.148.115.137 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-148-115-137.us-west-2.compute.amazonaws.com
Software: /
Resource Hash: a09179dd962df38a01440ce2e4748c37bd832fe1ac2f65ad974490a89d63d129

Request headers

Referer: https://give.marchofdimes.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Access-Control-Allow-Origin: *
Cache-Control: no-cache no-store must-revalidate private
Content-Length: 41
Content-Type: text/html
Date: Tue, 31 Jan 2023 15:12:37 GMT
Expires: 0
Pragma: no-cache
X-Correlation-Id: d633ecb4-6bcf-4415-abbb-e682404ac60f

Redirect headers

cache-control: max-age=86400
content-length: 154
content-type: text/html
date: Tue, 31 Jan 2023 15:12:36 GMT
expires: Wed, 01 Feb 2023 15:12:36 GMT
location: https://ssl.kaptcha.com/logo.htm?m=null&s=57034ecf89433df29b0060edc983414e
server: nginx
strict-transport-security: max-age=31536000
via: 1.1 ba761cfda8bfa6cbda2b6c433d6201f6.cloudfront.net (CloudFront)
x-amz-cf-id: 6IJ7b-4enK0tUFdRvZYhHHxFWaDKA9Ohu4f_LaiVnIDWRXVb91xRAw==
x-amz-cf-pop: VIE50-C2
x-cache: Miss from cloudfront

GET
H2

200

cs
s.thebrighttag.com/ Frame 48DC
Redirect Chain

https://gum.criteo.com/sync?c=10&r=1&u=https%3A%2F%2Fs.thebrighttag.com%2Fcs%3Fbtt%3D0%26tp%3Dcr%26uid%3D%40USERID%40
https://s.thebrighttag.com/cs?btt=0&tp=cr&uid=fG5yCoh35slyczgZVzHEKk_NzpoWikLr

35 B
267 B

323ms
112ms

Image
image/gif

18.116.2.22
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.thebrighttag.com/cs?btt=0&tp=cr&uid=fG5yCoh35slyczgZVzHEKk_NzpoWikLr
Protocol: H2
Server: 18.116.2.22 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-116-2-22.us-east-2.compute.amazonaws.com
Software: nginx /
Resource Hash: 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 31 Jan 2023 15:12:36 GMT
x-bt-requestid: b1ef7b10-a179-11ed-8aa5-0000ac170005
server: nginx
content-type: image/gif
access-control-allow-origin
p3p: CP=NOI DSP COR NID
cache-control: private, must-revalidate
content-length: 35
expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

location: https://s.thebrighttag.com/cs?btt=0&tp=cr&uid=fG5yCoh35slyczgZVzHEKk_NzpoWikLr
date: Tue, 31 Jan 2023 15:12:36 GMT
cache-control: private, max-age=0, no-cache, no-store, must-revalidate
strict-transport-security: max-age=31536000; preload;
server: Kestrel
server-processing-duration-in-ticks: 845794
content-length: 0

GET
H2 200 ajax Show response
www.trustedsite.com/rpc/ Frame 3680 6 B
954 B 544ms
170ms Script
text/javascript 44.225.161.93
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.trustedsite.com/rpc/ajax?do=tmjs-visit&host=give.marchofdimes.org&rand=1675177956442

Requested by

Host: cdn.ywxi.net
URL: https://cdn.ywxi.net/js/1.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

44.225.161.93 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-44-225-161-93.us-west-2.compute.amazonaws.com

Software

Apache /

Resource Hash

a4aa9f775af34f63386d8b4d8a14fce2225c317c3f93cbafdeb5a8524eb542a1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Tue, 31 Jan 2023 15:12:36 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
content-encoding: gzip
server: Apache
content-security-policy-report-only: report-uri https://52723791ca12811bfedec52ea4c44290.report-uri.com/r/d/csp/reportOnly; default-src 'self'; script-src * 'unsafe-inline' 'unsafe-eval'; script-src-elem * 'unsafe-inline'; script-src-attr 'unsafe-inline'; style-src 'self' 'unsafe-inline'; style-src-elem * 'unsafe-inline'; style-src-attr 'self' 'unsafe-inline'; img-src * data:; font-src * data:; connect-src *; media-src * blob:; object-src 'none'; frame-src *; frame-ancestors *; form-action 'self'
content-type: text/javascript; charset=utf-8
content-length: 26

GET
H2 200 212.svg
cdn.ywxi.net/meter/give.marchofdimes.org/ Frame 3680 21 KB
8 KB 173ms
172ms Image
image/svg+xml 2600:9000:21c7:e400:14:6bfc:5740:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.ywxi.net/meter/give.marchofdimes.org/212.svg?ts=1675067602488&l=en-US

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:21c7:e400:14:6bfc:5740:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Apache /

Resource Hash

6e8f6b76132f1b9dfe46847a40f6bda5a9eb11e889663b16e63dfd65ff0e6fb8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Tue, 31 Jan 2023 15:12:36 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
content-encoding: gzip
server: Apache
via: 1.1 b619a16f6f8fe9793bf642d2a8434284.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS54-C1
content-security-policy-report-only: report-uri https://52723791ca12811bfedec52ea4c44290.report-uri.com/r/d/csp/reportOnly; default-src 'self'; script-src * 'unsafe-inline' 'unsafe-eval'; script-src-elem * 'unsafe-inline'; script-src-attr 'unsafe-inline'; style-src 'self' 'unsafe-inline'; style-src-elem * 'unsafe-inline'; style-src-attr 'self' 'unsafe-inline'; img-src * data:; font-src * data:; connect-src *; media-src * blob:; object-src 'none'; frame-src *; frame-ancestors *; form-action 'self'
x-cache: Miss from cloudfront
content-type: image/svg+xml
cache-control: public
content-length: 7871
x-amz-cf-id: Sy9VuMTwfUS7xw8KgwcufMO0YoZ-sXkh0PRyDT2A61XnYFxUQX9I0w==
expires: Tue, 31 Jan 2023 16:12:36 GMT

GET
H2 200 i Show response
c.paypal.com/v1/r/d/ Frame B223 160 B
1 KB 170ms
167ms Document
text/html 151.101.65.35
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://c.paypal.com/v1/r/d/i?js_src=https://c.paypal.com/da/r/fb.js

Requested by

Host: c.paypal.com
URL: https://c.paypal.com/da/r/fb.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.65.35 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

9321bc63a75b3ac6d384b411665b6e77a8b326a4b176ca2049872d3b5d4974f5

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://give.marchofdimes.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Platform, Sec-CH-UA, Sec-CH-UA-Full
accept-ranges: none
cache-control: max-age=0, no-cache, no-store, must-revalidate
content-encoding: br
content-security-policy-report-only: default-src 'self' https://*.paypal.com https://*.paypalobjects.com; script-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.paypalinc.com https://www.facebook.com 'unsafe-eval' 'unsafe-inline' blob:; connect-src 'self' https://*.paypal.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com data:; img-src 'self' https: data:; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; object-src 'self' https://*.paypal.com https://*.paypalobjects.com; report-uri https://www.paypal.com/csplog/api/log/csp
content-type: text/html;charset=UTF-8
correlation-id: 9fcfe6b062339
date: Tue, 31 Jan 2023 15:12:36 GMT
origin-trial: A+THamRrv1ypMR6JeaJx7Wmo8rytLELMAeCL0XGhTihfUtp+dVqcCNYiWxOzySlH2Xk7lzRrFY3mxv6viKT1qggAAACKeyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlLCJpc1RoaXJkUGFydHkiOnRydWV9
paypal-debug-id: 9fcfe6b062339
server-timing: content-encoding;desc="",x-cdn;desc="fastly"
strict-transport-security: max-age=63072000; includeSubDomains; preload
timing-allow-origin: *
traceparent: 00-00000000000000000009fcfe6b062339-3a43dca41d8addda-01
vary: Accept-Encoding
via: 1.1 varnish
x-cache: MISS
x-cache-hits: 0
x-content-type-options: nosniff
x-served-by: cache-hhn-etou8220093-HHN
x-timer: S1675177956.493301,VS0,VE158
x-xss-protection: 1; mode=block

GET
H/1.1

200
OK

counter2.cgi
dub.stats.paypal.com/ Frame 9D62
Redirect Chain

https://b.stats.paypal.com/counter.cgi?i=127.0.0.1&p=98f8231b68c738ea0f7763f906a41da0&t=1675177956.371&a=14
https://dub.stats.paypal.com/counter2.cgi?i=127.0.0.1&p=98f8231b68c738ea0f7763f906a41da0&t=1675177956.371&a=14

42 B
299 B

130ms
34ms

Image
image/jpeg

64.4.245.84
PAYPAL

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dub.stats.paypal.com/counter2.cgi?i=127.0.0.1&p=98f8231b68c738ea0f7763f906a41da0&t=1675177956.371&a=14
Protocol: HTTP/1.1
Server: 64.4.245.84 , United States, ASN17012 (PAYPAL, US),
Reverse DNS
Software: PayPal-B.Stats/1.0 /
Resource Hash: 47043e4823a6c21a8881de789b4185355330b5804629d23f6b43dd93f5265292

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date: Tue, 31 Jan 2023 15:12:36 GMT
Server: PayPal-B.Stats/1.0
Connection: close
Content-Length: 42
Content-Type: image/jpeg

Redirect headers

Location: https://dub.stats.paypal.com/counter2.cgi?i=127.0.0.1&p=98f8231b68c738ea0f7763f906a41da0&t=1675177956.371&a=14
Date: Tue, 31 Jan 2023 15:12:36 GMT
Server: PayPal-B.Stats/1.0
Connection: close
Content-Length: 0
Content-Type: application/octet-stream

POST
H/1.1 200
OK shcx58sp28nbxkn5 Show response
client-analytics.braintreegateway.com/ Frame 3680 0
286 B 10ms
9ms XHR
text/plain 18.195.154.142
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://client-analytics.braintreegateway.com/shcx58sp28nbxkn5
Requested by: Host: give.marchofdimes.org
URL: https://give.marchofdimes.org/js/chunk-vendors.19a53d4c.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.195.154.142 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-154-142.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://give.marchofdimes.org/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
Content-Type: application/json

Response headers

Date: Tue, 31 Jan 2023 15:12:36 GMT
Server: nginx
Access-Control-Max-Age: 3000
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: https://give.marchofdimes.org
Connection: keep-alive
Access-Control-Allow-Headers
Content-Length: 0

OPTIONS
H/1.1 200
OK shcx58sp28nbxkn5
client-analytics.braintreegateway.com/ Frame 0
0 13ms
13ms Preflight 18.195.154.142
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://client-analytics.braintreegateway.com/shcx58sp28nbxkn5
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.195.154.142 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-154-142.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://give.marchofdimes.org
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Access-Control-Allow-Headers: content-type
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: https://give.marchofdimes.org
Access-Control-Max-Age: 3000
Connection: keep-alive
Content-Length: 0
Date: Tue, 31 Jan 2023 15:12:36 GMT
Server: nginx

GET
H2 200 button_T6.png
d2ldlvi1yef00y.cloudfront.net/us/live/en_us/amazonpay/gold/medium/ Frame 3680 3 KB
4 KB 69ms
16ms Image
image/png 2600:9000:2204:6a00:14:4f74:f880:21
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d2ldlvi1yef00y.cloudfront.net/us/live/en_us/amazonpay/gold/medium/button_T6.png
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2204:6a00:14:4f74:f880:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: bdf44a7473d1aa23ccedf8d377d7d4c2b549de4c0df53d2ba4cfe0b022f0ba68

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Tue, 31 Jan 2023 05:01:49 GMT
via: 1.1 32f32412600ac6ef6d3d418a75accb72.cloudfront.net (CloudFront)
last-modified: Wed, 20 Jun 2018 16:11:27 GMT
server: AmazonS3
x-amz-cf-pop: AMS50-C1
age: 36648
etag: "a06d383d676e4682cdf81b57dd9a13d3"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/png
cache-control: max-age=43200
accept-ranges: bytes
content-length: 3228
x-amz-cf-id: OXo_C9vGUrXDghgyodcAVRYSQtpks-UsVV_6K-vDeCC8IU_3ajV9lA==

GET
H2 200 fb.js Show response
c.paypal.com/da/r/ Frame B223 58 KB
20 KB 15ms
15ms Script
application/javascript 151.101.65.35
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://c.paypal.com/da/r/fb.js

Requested by

Host: c.paypal.com
URL: https://c.paypal.com/v1/r/d/i?js_src=https://c.paypal.com/da/r/fb.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.65.35 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

ECAcc (dce/26D3) /

Resource Hash

def7e4d139a8615c2721b3a2f0aee56e08052118029fa0bc8101fc0daea957d6

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c.paypal.com/v1/r/d/i?js_src=https://c.paypal.com/da/r/fb.js
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

x-cache-hits: 1463891
date: Tue, 31 Jan 2023 15:12:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains; preload
via: 1.1 varnish
age: 2315768
x-cache: HIT, HIT
paypal-debug-id: ead3a6f42dd89
server-timing: content-encoding;desc="gzip",x-cdn;desc="fastly"
dc: ccg11-origin-www-1.paypal.com
content-length: 20336
x-served-by: cache-hhn-etou8220093-HHN
last-modified: Tue, 20 Dec 2022 17:16:51 GMT
server: ECAcc (dce/26D3)
traceparent: 00-0000000000000000000ead3a6f42dd89-8fcdf00fed62c94f-01
x-timer: S1675177957.677366,VS0,VE2
etag: W/"63a1ee03-e9eb"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: s-maxage=31536000, public,max-age=86400
access-control-allow-credentials: false
access-control-max-age: 86400
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 01 Feb 2023 15:12:36 GMT

POST
H2 200 p1 Show response
c.paypal.com/v1/r/d/b/ Frame B223 125 B
782 B 193ms
193ms XHR
application/json 151.101.65.35
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://c.paypal.com/v1/r/d/b/p1

Requested by

Host: c.paypal.com
URL: https://c.paypal.com/da/r/fb.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.65.35 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

bff788afb01cb267a0841bef4d1af90bfc6774289884ab93aed906bcbe78b84e

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://c.paypal.com/v1/r/d/i?js_src=https://c.paypal.com/da/r/fb.js
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
Content-Type: application/json

Response headers

date: Tue, 31 Jan 2023 15:12:36 GMT
via: 1.1 varnish
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-cache: MISS
p3p: policyref="/w3c/p3p.xml", CP="NON DSP COR ADM OUR IND COM"
paypal-debug-id: 607b82887d3c
server-timing: content-encoding;desc="",x-cdn;desc="fastly"
content-length: 125
x-served-by: cache-hhn-etou8220093-HHN
correlation-id: 607b82887d3c
traceparent: 00-00000000000000000000607b82887d3c-e303b2dac3d88ab4-01
content-type: application/json
cache-control: max-age=0, no-cache, no-store, must-revalidate
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 0

POST
H2 204 e Show response
c.paypal.com/v1/r/d/b/ Frame B223 0
189 B 176ms
175ms XHR
text/plain 151.101.65.35
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://c.paypal.com/v1/r/d/b/e

Requested by

Host: c.paypal.com
URL: https://c.paypal.com/da/r/fb.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.65.35 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://c.paypal.com/v1/r/d/i?js_src=https://c.paypal.com/da/r/fb.js
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
Content-Type: application/json

Response headers

x-served-by: cache-hhn-etou8220093-HHN
date: Tue, 31 Jan 2023 15:12:36 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
correlation-id: 83df458dc6b0e
via: 1.1 varnish
traceparent: 00-000000000000000000083df458dc6b0e-1d0916ceabd92e7e-01
x-cache: MISS
paypal-debug-id: 83df458dc6b0e
cache-control: max-age=0, no-cache, no-store, must-revalidate
server-timing: content-encoding;desc="",x-cdn;desc="fastly"
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 0

GET
H2 200 p3
c6.paypal.com/v1/r/d/b/ Frame B223 0
336 B 294ms
184ms Image
text/plain 2606:2800:233:ce53:4396:b914:64c2:638e
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c6.paypal.com/v1/r/d/b/p3?f=98f8231b68c738ea0f7763f906a41da0&s=BRAINTREE_SIGNIN

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:233:ce53:4396:b914:64c2:638e , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (lhd/3710) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c.paypal.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Tue, 31 Jan 2023 15:12:36 GMT
content-encoding: gzip
correlation-id: 6885d2ff92250
strict-transport-security: max-age=63072000; includeSubDomains; preload
server: ECAcc (lhd/3710)
traceparent: 00-00000000000000000006885d2ff92250-1b303f403f5ac92b-01
vary: Accept-Encoding
paypal-debug-id: 6885d2ff92250
cache-control: max-age=0, no-cache, no-store, must-revalidate
server-timing: content-encoding;desc="", x-cdn;desc="edgecast"
timing-allow-origin: *
content-length: 20

POST
H/1.1 200
OK uedata Show response
apay-us.amazon.com/cs/ Frame 3680 0
523 B 1082ms
419ms XHR
application/json 52.46.135.222
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://apay-us.amazon.com/cs/uedata

Requested by

Host: static-na.payments-amazon.com
URL: https://static-na.payments-amazon.com/OffAmazonPayments/us/js/Widgets.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.46.135.222 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Accept: application/json
Referer: https://give.marchofdimes.org/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

Date: Tue, 31 Jan 2023 15:12:37 GMT
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Server: Server
x-amz-rid: GBECAJMFEHVHTEX6SPKS
x-amzn-RequestId: GBECAJMFEHVHTEX6SPKS
Vary: Content-Type,Accept-Encoding,User-Agent
Content-Type: application/json
Access-Control-Allow-Origin: https://give.marchofdimes.org
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 0

GET
H3 200 /
www.facebook.com/tr/ Frame 3680 0
15 B 8ms
8ms Image
text/plain 2a03:2880:f176:181:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1621384747882069&ev=Microdata&dl=https%3A%2F%2Fgive.marchofdimes.org%2F%3FsrcCode%3DGCLGENEM2301CNT00130001%26utm_medium%3Demail%26utm_source%3Dmandr%26utm_campaign%3D2023cultivation%26utm_content%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1%26mkto%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001%26DonationFormId%3D262%26urlReferer%3Dhttps%253A%252F%252Fwww.marchofdimes.org%252Fdonate-now%253FsrcCode%253DGCLGENEM2301CNT00130001%2526amp%253Butm_medium%253Demail%2526amp%253Butm_source%253Dmandr%2526amp%253Butm_campaign%253D2023cultivation%2526amp%253Butm_content%253Dem-nat-mandr-2023cultivation-2023-01-30-email-1%2526amp%253Bmkto%253Dem-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001&rl=https%3A%2F%2Fwww.marchofdimes.org%2F&if=true&ts=1675177956895&cd[DataLayer]=%5B%5D&cd[Meta]=%7B%22title%22%3A%22March%20of%20Dimes%20Donation%22%7D&cd[OpenGraph]=%7B%7D&cd[Schema.org]=%5B%5D&cd[JSON-LD]=%5B%5D&sw=1600&sh=1200&v=2.9.95&r=stable&ec=1&o=30&fbp=fb.1.1675177954286.1475093205&it=1675177955116&coo=false&es=automatic&tm=3&rqm=GET

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f176:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Tue, 31 Jan 2023 15:12:36 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0
priority: u=3,i

GET
H3 200 /
www.facebook.com/tr/ Frame 200F 0
15 B 9ms
8ms Image
text/plain 2a03:2880:f176:181:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=812396462484872&ev=Microdata&dl=https%3A%2F%2F8832015.fls.doubleclick.net%2Factivityi%3Bdc_pre%3DCIPXx5eM8vwCFZVDGAod_M4FjQ%3Bsrc%3D8832015%3Btype%3Drt%3Bcat%3Dgen%3Bord%3D7764937972392%3Bgtm%3D2wg1p0%3Bauiddc%3D1629772784.1675177954%3B~oref%3Dhttps%253A%252F%252Fgive.marchofdimes.org%252F%253FsrcCode%253DGCLGENEM2301CNT00130001%2526utm_medium%253Demail%2526utm_source%253Dmandr%2526utm_campaign%253D2023cultivation%2526utm_content%253Dem-nat-mandr-2023cultivation-2023-01-30-email-1%2526mkto%253Dem-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001%2526DonationFormId%253D262%2526urlReferer%253Dhttps%25253A%25252F%25252Fwww.marchofdimes.org%25252Fdonate-now%25253FsrcCode%25253DGCLGENEM2301CNT00130001%252526amp%25253Butm_medium%25253Demail%252526amp%25253Butm_source%25253Dmandr%252526amp%25253Butm_campaign%25253D2023cultivation%252526amp%25253Butm_content%25253Dem-nat-mandr-2023cultivation-2023-01-30-email-1%252526amp%25253Bmkto%25253Dem-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001%3F&rl=https%3A%2F%2Fgive.marchofdimes.org%2F&if=true&ts=1675177957266&cd[DataLayer]=%5B%5D&cd[Meta]=%7B%22title%22%3A%22%22%7D&cd[OpenGraph]=%7B%7D&cd[Schema.org]=%5B%5D&cd[JSON-LD]=%5B%5D&sw=1600&sh=1200&v=2.9.95&r=stable&ec=1&o=30&it=1675177955561&coo=false&es=automatic&tm=3&rqm=GET

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f176:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8832015.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Tue, 31 Jan 2023 15:12:37 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0
priority: u=3,i

GET
H2 204 unip Show response
trc-events.taboola.com/1335104/log/3/ 0
250 B 18ms
17ms XHR
text/plain 141.226.228.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://trc-events.taboola.com/1335104/log/3/unip?en=pre_d_eng_tb&tos=4603&scd=0&ssd=1&est=1675177953968&ver=36&isls=true&src=i&invt=3000&msa=362&rv=1&tim=1675177958572&vi=1675177953963&ri=da3db2ff97812bfb48ea999cd8dbee5b&ref=null&cv=20230129-6-RELEASE&item-url=https%3A%2F%2Fwww.marchofdimes.org%2Fdonate-now%3FsrcCode%3DGCLGENEM2301CNT00130001%26amp%3Butm_medium%3Demail%26amp%3Butm_source%3Dmandr%26amp%3Butm_campaign%3D2023cultivation%26amp%3Butm_content%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1%26amp%3Bmkto%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/unip/1335104/tfa.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.marchofdimes.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

access-control-allow-origin: https://www.marchofdimes.org
pragma: no-cache
date: Tue, 31 Jan 2023 15:12:38 GMT
cache-control: no-cache
access-control-allow-credentials: true
server: nginx
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"

POST
H2 204 collect
region1.google-analytics.com/g/ Frame 3680 0
76 B 15ms
14ms Ping
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-0DRBVSJJB1&gtm=2oe1p0&_p=151665829&cid=35072588.1675177954&ul=en-us&sr=1600x1200&uaW=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&sid=1675177953&sct=1&seg=1&dl=https%3A%2F%2Fgive.marchofdimes.org%2F%3FsrcCode%3DGCLGENEM2301CNT00130001%26utm_medium%3Demail%26utm_source%3Dmandr%26utm_campaign%3D2023cultivation%26utm_content%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1%26mkto%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001%26DonationFormId%3D262%26urlReferer%3Dhttps%253A%252F%252Fwww.marchofdimes.org%252Fdonate-now%253FsrcCode%253DGCLGENEM2301CNT00130001%2526amp%253Butm_medium%253Demail%2526amp%253Butm_source%253Dmandr%2526amp%253Butm_campaign%253D2023cultivation%2526amp%253Butm_content%253Dem-nat-mandr-2023cultivation-2023-01-30-email-1%2526amp%253Bmkto%253Dem-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001&dr=https%3A%2F%2Fwww.marchofdimes.org%2F&dt=March%20of%20Dimes%20Donation&_s=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-0DRBVSJJB1&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://give.marchofdimes.org/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Tue, 31 Jan 2023 15:12:40 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://give.marchofdimes.org
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

69 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

76 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.marchofdimes.org/	1970-01-20 09:21:04	Name: df5remind Value: https://www.marchofdimes.org/donate-now?srcCode=GCLGENEM2301CNT00130001&amp
.www.marchofdimes.org/	1970-01-20 18:05:13	Name: OptanonConsent Value: isIABGlobal=false&datestamp=Tue+Jan+31+2023+15%3A12%3A33+GMT%2B0000+(GMT)&version=5.13.0&landingPath=https%3A%2F%2Fwww.marchofdimes.org%2Fdonate-now%3FsrcCode%3DGCLGENEM2301CNT00130001%26amp%3Butm_medium%3Demail%26amp%3Butm_source%3Dmandr%26amp%3Butm_campaign%3D2023cultivation%26amp%3Butm_content%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1%26amp%3Bmkto%3Dem-nat-mandr-2023cultivation-2023-01-30-email-1-SRCGCLGENEM2301CNT00130001&groups=C0003%3A1%2CC0001%3A1%2CC0002%3A1%2CC0004%3A1&hosts=
.marchofdimes.org/	1970-01-20 11:29:13	Name: _gcl_au Value: 1.1.1629772784.1675177954
.marchofdimes.org/	1970-01-20 09:21:04	Name: _gid Value: GA1.2.2002133705.1675177954
.marchofdimes.org/	1970-01-20 09:19:38	Name: _gat_UA-219864-60 Value: 1
.bing.com/	1970-01-20 18:41:13	Name: MUID Value: 1CBEB032275469F134C0A298263F6891
.doubleclick.net/	1970-01-20 18:41:13	Name: IDE Value: AHWqTUkJpIMmxl3-QReRn9blFgEBXW7jBeWARo9FrcAW0js0Ovze_RMpGjSMgLMYJ6k
.quantserve.com/	1970-01-20 18:49:52	Name: mc Value: 63d92fe2-1ae2d-11df0-be177
.marchofdimes.org/	1970-01-20 18:44:06	Name: __qca Value: P0-283805891-1675177953995
.criteo.com/	1970-01-20 18:41:13	Name: uid Value: bb486a86-3a73-42aa-89e3-044a85152b1f
.marchofdimes.org/	1970-01-20 11:29:13	Name: _fbp Value: fb.1.1675177954286.1475093205
.adnxs.com/	1970-01-20 11:29:13	Name: uuid2 Value: 2018361787894374834
.pubmatic.com/	1970-01-20 11:29:13	Name: KRTBCOOKIE_469 Value: 8273-uid:737826230612&KRTB&23428-uid:737826230612
.tapad.com/	1970-01-20 10:46:01	Name: TapAd_TS Value: 1675177954375
.tapad.com/	1970-01-20 10:46:01	Name: TapAd_DID Value: 801f4340-2f30-42cf-846d-b411cc3efd2e
.advertising.com/	1970-01-20 18:05:35	Name: A3 Value: d=AQABBOIv2WMCEBEahEPp_BFSrTJoTNOcilUFEgEBAQGB2mPjYwAAAAAA_eMAAA&S=AQAAAjtlKxWiH13JXC51I0B8SfI
.pro-market.net/	1970-01-20 13:38:49	Name: anProfile Value: "-tgs8x7c75iif+1+1f=1+1g=1+1j=41+rs=s+rt=20010AC800203D001012CB56E7DE14BA+s2=(rpcvky)+vm=9-737826230612"
.pro-market.net/	1970-01-20 10:02:49	Name: anHistory Value: "-tgs8x7c75iif+2+!#74g!B!'hP"
.tapad.com/	1970-01-20 10:46:01	Name: TapAd_3WAY_SYNCS Value:
.casalemedia.com/	1970-01-20 18:05:13	Name: CMID Value: Y9kv4lyioFZa.AO9Y7WBnAAA
.casalemedia.com/	1970-01-20 11:29:13	Name: CMPS Value: 3223
.casalemedia.com/	1970-01-20 11:29:13	Name: CMPRO Value: 3223
.bidswitch.net/	1970-01-20 18:05:13	Name: tuuid Value: 116aedf9-b3a2-4361-b943-075021b33efd
.bidswitch.net/	1970-01-20 18:05:13	Name: c Value: 1675177954
.bidswitch.net/	1970-01-20 18:05:13	Name: tuuid_lu Value: 1675177954
.yahoo.com/	1970-01-20 18:05:35	Name: A3 Value: d=AQABBOIv2WMCEECeG137M7gO9xSrIfWIPHMFEgEBAQGB2mPjYwAAAAAA_eMAAA&S=AQAAAui0F8t6-ZnMXcJFXumUM98
.adentifi.com/	1970-01-20 18:05:13	Name: adtheorent[cuid] Value: cuid_0905a5bc-1cf3-46cb-885c-b336f6449514
.bluekai.com/	1970-01-20 13:40:16	Name: bku Value: tJ/99m/FtVmNDd6D
.bluekai.com/	1970-01-20 13:40:16	Name: bkpa Value: KJyA0n6vQp9x9mY7mD5dfMuox0Q+Wii57uDRuyXXkmx02m6nf4qhBjkNSXQm/NT8rQboc60NLfYb+Aoq8mEK3ZzsrQabxaXANtW+gJ2pedGbA+Eg/R9Iayc0HEQYE46/SWn8tjv2GWa3ERK98oI9dUJdnFwXZnTe9vRDJby=
.go.sonobi.com/	1969-12-31 23:59:59	Name: HAPLB8S Value: s86152\|Y9kv5
give.marchofdimes.org/	1970-01-20 09:21:04	Name: language Value: en_US
give.marchofdimes.org/	1969-12-31 23:59:59	Name: amazon-pay-connectedAuth Value: connectedAuth_general
.marchofdimes.org/	1970-01-20 09:19:38	Name: _gat_gtag_UA_219864_1 Value: 1
.marchofdimes.org/	1970-01-20 18:55:37	Name: _ga_0DRBVSJJB1 Value: GS1.1.1675177953.1.1.1675177955.0.0.0
.marchofdimes.org/	1970-01-20 18:55:37	Name: _ga Value: GA1.1.35072588.1675177954
.demdex.net/	1970-01-20 13:38:49	Name: demdex Value: 11377128738871908940671891590044596718
.marchofdimes.org/	1970-01-20 09:21:04	Name: _uetsid Value: b04b9c30a17911edb636e395cc17cbf3
.marchofdimes.org/	1970-01-20 18:41:13	Name: _uetvid Value: b04be0c0a17911edb47f89a523e2302a
.dpm.demdex.net/	1970-01-20 13:38:49	Name: dpm Value: 11377128738871908940671891590044596718
.acuityplatform.com/	1970-01-20 18:05:13	Name: auid Value: 737842794692
.acuityplatform.com/	1970-01-20 18:05:13	Name: aum Value: "OikKAfqbdXNlck1hdGNoQnlVc2VyTWF0Y2hpbmdJZE1hcPqBNjT6jXVzZXJNYXRjaGluZ0lkJAKAkWxhc3REcm9wVGltZU1pbGxpcyUBQwIMMGSWmGxhc3RTdWNjZXNzZnVsTWF0Y2hNaWxsaXMlAUMCDDBklo90aGlyZFBhcnR5VXNlcklkYzgwMWY0MzQwLTJmMzAtNDJjZi04NDZkLWI0MTFjYzNlZmQyZfuBNDn6QiQBokMlAUMCDDBgikQhRSH7gTE3+kIkokMlAUMCDDBgikQhRSH7gjEzNPpCJASMQyUBQwIMMGCKRCFFIfuANvpCzEMlAUMCDDBgikQhRSH7gjEzNfpCJASOQyUBQwIMMGCKRCFFIfuAOPpC0EMlAUMCDDBgikQhRSH7gTQx+kIkAZJDJQFDAgwxBo5EJQFDAgwxBo5FZTExMzc3MTI4NzM4ODcxOTA4OTQwNjcxODkxNTkwMDQ0NTk2NzE4+4ExMPpC1EMlAUMCDDBgikQhRSH7gTYz+kIkAb5DJQFDAgwwYIpEIUUh+4E2MvpCJAG8QyUBQwIMMQieRCFFIfuBNzD6QiQCjEMlAUMCDDEInkQhRSH7gTQw+kIkAZBDJQFDAgwxCJ5EIUUh+4IxMjL6QiQDtEMlAUMCDDEInkQhRSH7gTIz+kIkrkMlAUMCDDEInkQhRSH7gjExM/pCJAOiQyUBQwIMMQieRCFFIfuCMTI3+kIkA75DJQFDAgwxCJ5EIUUh+4IxMjn6QiQEgkMlAUMCDDEInkQhRSH7gjExN/pCJAOqQyUBQwIMMQieRCFFIfuBNjX6QiQCgkMlAUMCDDEInkQhRSH7+4Z2ZXJzaW9uwvs="
.360yield.com/	1970-01-20 11:29:13	Name: tuuid Value: 63001d7a-9b4d-476c-b238-b54be8958997
.360yield.com/	1970-01-20 11:29:13	Name: tuuid_lu Value: 1675177955
.analytics.yahoo.com/	1970-01-20 18:05:13	Name: IDSYNC Value: "1766~29qf:18zh~29qf"
.agkn.com/	1970-01-20 18:05:13	Name: ab Value: 0001%3AZe6kOZuvN%2FZ%2F%2Ft33PObbZoQdf8neGmZ6
.id5-sync.com/	1970-01-20 09:19:38	Name: cf Value:
.id5-sync.com/	1970-01-20 09:19:38	Name: cip Value:
.id5-sync.com/	1970-01-20 09:19:38	Name: cnac Value:
.id5-sync.com/	1970-01-20 09:19:38	Name: car Value:
.id5-sync.com/	1970-01-20 09:19:38	Name: gdpr Value:
.id5-sync.com/	1970-01-20 09:19:38	Name: callback Value:
.media.net/	1970-01-20 18:05:13	Name: visitor-id Value: 3181795558890124000V10
.media.net/	1970-01-20 10:02:49	Name: data-c Value: k-MZ-L8T65yWbedHfw1ZgpecuiuwURFhnWYT9dTQ~~3
exchange.mediavine.com/	1970-01-20 09:39:47	Name: mv_tokens Value: %7B%22mv_uuid%22%3A%22b175b730-a179-11ed-b6cd-a13a08fa343d%22%2C%22version%22%3A%22eu-v1%22%7D
exchange.mediavine.com/	1970-01-20 09:39:47	Name: mv_tokens_eu-v1 Value: %7B%22mv_uuid%22%3A%22b175b730-a179-11ed-b6cd-a13a08fa343d%22%2C%22version%22%3A%22eu-v1%22%7D
exchange.mediavine.com/	1970-01-20 09:39:47	Name: am_tokens Value: %7B%22mv_uuid%22%3A%22b175b730-a179-11ed-b6cd-a13a08fa343d%22%2C%22version%22%3A%22eu-v1%22%7D
exchange.mediavine.com/	1970-01-20 09:39:47	Name: am_tokens_eu-v1 Value: %7B%22mv_uuid%22%3A%22b175b730-a179-11ed-b6cd-a13a08fa343d%22%2C%22version%22%3A%22eu-v1%22%7D
exchange.mediavine.com/	1970-01-20 09:39:47	Name: criteo Value: %7B%22id%22%3A%22k-RdN_dD65yWbedHfw1ZgpecuiuwXKbGmbV0-GQA%22%2C%22version%22%3A%22criteo%22%7D
.pubmatic.com/	1970-01-20 10:02:49	Name: KRTBCOOKIE_97 Value: 3385-uid:k-oFr14T65yWbedHfw1ZgpecuiuwU-Vioc45XoLw&KRTB&23144-uid:k-oFr14T65yWbedHfw1ZgpecuiuwU-Vioc45XoLw&KRTB&23286-uid:k-oFr14T65yWbedHfw1ZgpecuiuwU-Vioc45XoLw&KRTB&23287-uid:k-oFr14T65yWbedHfw1ZgpecuiuwU-Vioc45XoLw
widgets.guidestar.org/	1970-01-20 09:29:42	Name: AWSALBCORS Value: TmcHh1VeLrykV4iCzy9eOmZ1uRnOeEXdH80zxr07kjjfDphsr0nzwtf5KHx9vPJZbm5FRAPr/mwKT78jzu3NiRpIL5wH7ZLjtsHZq6jXye6sGXjEtnkVGAbr8u6/
.360yield.com/	1970-01-20 11:29:13	Name: um Value: !38,4XJNArYGq1zRBSn10tnpf54CCbsApyIEJzdWx.luy5kBQMgSmkrwPws21G.r0MtJU6ookYR5,1682953956
.360yield.com/	1970-01-20 11:29:13	Name: umeh Value: !38,0,1737385956,-1
.pubmatic.com/	1970-01-20 10:02:49	Name: PugT Value: 1675177955
.amazon.com/	1970-01-20 18:05:13	Name: session-token Value: "mYCuoLdwhGxlZiIF6P054ZdvTpZ9A2krKV62dBiljefgqhRczisKFtm1nFUGwUjlbYV+Kg3cjjKaQg3QBUg3hMxjEvQ/uDf34249Ivh/0HQtXUVsZ9e9Utxi6hS1jUpQW94BNgl048JxPffpNJtP9bzuR/ZXfvuCn1o20uylDANWO6Wye2dGuz0yoGu+tVBzX67ej6EdN0KoCLeLvb5ihw=="
.amazon.com/	1970-01-20 18:05:13	Name: session-id Value: 137-8439667-4480062
.amazon.com/	1970-01-20 18:05:13	Name: session-id-time Value: 2082758400
.amazon.com/	1970-01-20 18:05:13	Name: session-id-apay Value: 137-8439667-4480062
give.marchofdimes.org/	1970-01-20 09:21:04	Name: apay-session-set Value: nD%2B37E%2BJDEx7wllLODaZZgMxlVhPSsE6JOP1u2OikYDRyuPLpTIpszHPIaqQ%2FsE%3D
.media.net/	1970-01-20 10:02:49	Name: data-c-ts Value: 1675177956
.krxd.net/	1970-01-20 13:38:49	Name: _kuid_ Value: PWg2OXI8
give.marchofdimes.org/	1970-01-20 09:21:04	Name: trustedsite_visit Value: 1
give.marchofdimes.org/	1970-01-20 09:19:38	Name: trustedsite_tm_float_seen Value: 1
.c.paypal.com/	1970-01-20 18:55:37	Name: sc_f Value: 2MU8g0TiMoUiQrkhIfOgU2cUnILeqB53svmP4P_6UWd8LWiGWb-bB_x_-14UA8ecKWs-Vtsl_iYR8iNh1yHDBKDG_6EgcFV7xY4SqG
.paypal.com/	1970-01-20 18:55:37	Name: KHcl0EuY7AKSMgfvHl7J5E7hPtK Value: 0IHrMZZWBhNW_BajQX0W5_ASgV_AFdIZVfkBzjn6H3aqDA7vKnvZfjHdCX5jLK2uoPTVYplv72Or_hWf
.paypal.com/	1970-01-20 09:19:39	Name: l7_az Value: dcg02.phx
www.trustedsite.com/	1970-01-20 09:29:42	Name: AWSALBCORS Value: oXnscPOEn3WEKWxFb+PuuOJyHsjkgAw+BSqtQuYyu8xjYY7TtVEHN1ZVRdLPXjv2TAHYJbbixLrWz1s5RJqYGPBrXDvxkxGjFFc/PkOUAxUJAGISVRDg4kxxMp5W

9 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	warning	Message: Error with Permissions-Policy header: Origin trial controlled feature not enabled: 'interest-cohort'.
security	warning	Message: Error with Permissions-Policy header: Origin trial controlled feature not enabled: 'interest-cohort'.
javascript	warning	URL: https://ad.doubleclick.net/ddm/adj/N9539.197812NSO.CODESRV/B21591273.227039140;sz=1x2;ord=969060591217? Message: Failed to execute 'write' on 'Document': It isn't possible to write into a document from an asynchronously-loaded external script unless it is explicitly opened.
javascript	warning	URL: https://ad.doubleclick.net/ddm/adj/N9539.197812NSO.CODESRV/B21591273.227039140;sz=1x2;ord=969060591217?(Line 142) Message: Failed to execute 'write' on 'Document': It isn't possible to write into a document from an asynchronously-loaded external script unless it is explicitly opened.
network	error	URL: https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&dpi=3&pcid=-3878396796125230071 Message: Failed to load resource: the server responded with a status of 403 ()
javascript	warning	URL: https://ad.doubleclick.net/ddm/adj/N9539.197812NSO.CODESRV/B21591273.227039140;sz=1x2;ord=455222933924? Message: Failed to execute 'write' on 'Document': It isn't possible to write into a document from an asynchronously-loaded external script unless it is explicitly opened.
javascript	warning	URL: https://ad.doubleclick.net/ddm/adj/N9539.197812NSO.CODESRV/B21591273.227039140;sz=1x2;ord=455222933924?(Line 142) Message: Failed to execute 'write' on 'Document': It isn't possible to write into a document from an asynchronously-loaded external script unless it is explicitly opened.
network	error	URL: https://sync.crwdcntrl.net/map/c=14774/tp=ACUT/tpid=737842794692 Message: Failed to load resource: the server responded with a status of 404 ()
javascript	warning	URL: https://give.marchofdimes.org/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js Message: The devicemotion events are blocked by permissions policy. See https://github.com/w3c/webappsec-permissions-policy/blob/master/features.md#sensor-features

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

8832015.fls.doubleclick.net
a.twiago.com
aa.agkn.com
ad.360yield.com
ad.doubleclick.net
ad.yieldlab.net
adservice.google.com
apay-us.amazon.com
assets.braintreegateway.com
b.stats.paypal.com
bat.bing.com
beacon.krxd.net
bm.adentifi.com
c.paypal.com
c6.paypal.com
cdn.cookielaw.org
cdn.resonate.com
cdn.taboola.com
cdn.ywxi.net
client-analytics.braintreegateway.com
cm.adform.net
cm.g.doubleclick.net
connect.facebook.net
contextual.media.net
criteo-partners.tremorhub.com
criteo-sync.teads.tv
cs.admanmedia.com
d2ldlvi1yef00y.cloudfront.net
dis.criteo.com
doublethedonation.com
dpm.demdex.net
dsum-sec.casalemedia.com
dub.stats.paypal.com
dynamic.criteo.com
e.acuityplatform.com
e1.emxdgt.com
eb2.3lift.com
exchange.mediavine.com
fei.pro-market.net
fonts.googleapis.com
fonts.gstatic.com
give.marchofdimes.org
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
gum.criteo.com
ib.adnxs.com
id5-sync.com
image2.pubmatic.com
js.braintreegateway.com
loadm.exelator.com
maps.googleapis.com
maps.gstatic.com
match.adsrvr.org
match.sharethrough.com
matching.ivitrack.com
maxcdn.bootstrapcdn.com
mug.criteo.com
origin.acuityplatform.com
pagead2.googlesyndication.com
payments.amazon.com
payments.braintree-api.com
pixel.advertising.com
pixel.quantserve.com
pixel.rubiconproject.com
pixel.tapad.com
px.adentifi.com
r.casalemedia.com
region1.google-analytics.com
res.cloudinary.com
rtb-csync.smartadserver.com
rules.quantcount.com
s.thebrighttag.com
s3-us-west-2.amazonaws.com
secure.adnxs.com
secure.quantserve.com
simage2.pubmatic.com
ssl.kaptcha.com
sslwidget.criteo.com
static-na.payments-amazon.com
static.cloudflareinsights.com
stats.g.doubleclick.net
sync-criteo.ads.yieldmo.com
sync-t1.taboola.com
sync.crwdcntrl.net
sync.go.sonobi.com
sync.intentiq.com
sync.outbrain.com
tags.bluekai.com
trc-events.taboola.com
trc.taboola.com
ums.acuityplatform.com
ups.analytics.yahoo.com
visitor.omnitagjs.com
widget.us.criteo.com
widgets.guidestar.org
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googleoptimize.com
www.googletagmanager.com
www.gstatic.com
www.marchofdimes.org
www.trustedsite.com
x.bidswitch.net
104.18.13.242
13.248.245.213
13.32.110.94
141.226.228.48
142.250.180.226
142.250.181.226
142.251.208.134
151.101.1.44
151.101.65.35
154.59.122.79
154.59.122.94
162.19.138.119
172.217.19.102
172.64.154.237
172.67.23.169
178.250.0.163
178.250.2.146
178.250.2.151
18.116.2.22
18.185.191.100
18.195.154.142
18.198.153.70
185.255.84.153
185.64.189.110
185.80.39.216
185.86.137.132
2.17.244.21
2.17.245.187
2001:4860:4802:32::36
2001:4860:4802:38::178
23.35.209.30
23.44.72.208
23.96.109.67
2600:1901:0:8eee::
2600:1f18:612b:4280:5c4b:c2e1:7939:6359
2600:9000:21c7:e400:14:6bfc:5740:93a1
2600:9000:2204:6a00:14:4f74:f880:21
2600:9000:223c:cc00:6:44e3:f8c0:93a1
2606:2800:233:ce53:4396:b914:64c2:638e
2606:4700:10::6816:4345
2606:4700::6810:3965
2606:4700::6810:9540
2606:4700::6812:bcf
2620:116:800d:21:c5a4:625:6563:a5bb
2620:1ec:c11::200
2a00:1450:4001:808::2008
2a00:1450:4001:80b::2002
2a00:1450:4001:80e::200a
2a00:1450:4001:829::2002
2a00:1450:4001:829::2003
2a00:1450:4001:82a::2003
2a00:1450:4001:82b::2002
2a00:1450:4001:82b::200a
2a00:1450:400c:c06::9d
2a00:1450:400d:805::2003
2a00:1450:400d:808::2003
2a00:1450:400d:808::200e
2a00:1450:400d:80d::2004
2a02:2638:1::13
2a02:2638:1::d
2a03:2880:f083:100:face:b00c:0:3
2a03:2880:f176:181:face:b00c:0:25de
2a04:4e42:600::393
3.126.56.137
3.67.29.124
3.71.169.66
34.117.157.22
34.193.14.46
34.254.104.103
35.227.248.159
37.157.2.234
37.252.171.21
37.252.173.215
44.225.161.93
52.218.183.64
52.223.40.198
52.28.76.139
52.31.164.85
52.46.135.222
52.58.241.65
54.148.115.137
54.194.205.164
54.195.73.77
54.230.112.81
54.239.28.235
54.78.254.47
54.87.147.157
64.202.112.95
64.4.245.84
65.9.66.114
69.166.1.12
69.173.144.165
74.119.119.150
76.223.13.31
80.77.87.166
85.215.5.31
95.101.179.119
99.86.4.118
019696b175f8558a9f629b596b30b4715bf1219fbee3e3588dbacfb1582df84c
06324d4849d5639cda90634913fa2132841fb1d8ca37323b3b683f7ff5c2ea96
08ffbe8132934a6bff10ba3ce45c44031ddb3eff98a69d74a118efdcb51775e2
0c19c0adeab0b61fb69a6cf3e0357c8eb0f230d489ed2f4ed0cd97e1fde0b256
0f48c5678ce459a596423b0e55344e7ad8eb3d3b1b27c54cd76a9d4cee7dd6c3
116448ff3191f74560d6d91c76cebc18ec741564aa62d5c6f8bdf8f611e8a2b7
11cb2c0e70f91c6a0326cf4a4f9fa1b177c14efba6b56bf7535624b9c7bce990
18d8b01a017352f12271be88cef2115348d1778db29ea36776307a7f76df8585
1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a
1ba5287a919753a8fdb18929f1e3e7f6ccc31154169d254872080d11a9b1c4ee
1c310c30cb2068184650f80cba1e42a2f3d6f7dbd6ba88b6e7f917291e319882
1d26490f083b209ef29e08d092649725edf15ac2b33ad62fdeaafd37f7d79d6f
1d84738c2afaf595ff5d4921d8dc6bb5ce19a7b9c33a6c02d8a35ff80611cc87
1db601171cdf15471c3b6e2559f0f30bebc516d6b0e5ba6a6fd689fa02579da0
203abc15bd3690ec5c9a82cd24379fbec3f5f42d74f93558296bddd9e0dad938
218b91569ad8f0a5cf1aba89f3957966ecffb7b5852ca25b709bd8f887a00c90
21f7167ab74ead6a6e3489d9b9fba5d85d81ccab4acc32c6903f46be4e0595df
24049fb41335d87d82a9faea10cf9aa2a0ef868037667b029d2953a940cdf67b
2477be612f5e4939a5c21b74229e761795158fe09ee705f603f81bd950a0a838
25a26a31ffe8b00b9f7b84305ebb06c50376ad33265161f71ccf908604988a92
2a551c6a84e41383c61251d498656509ca2609cf7e5d54a8ed4c8c6df97c3d00
2a79623b8606d1583bada494ecdaac61b10440ba7a0da23185892f9d86f172dc
2aa9b0ccf31fe34e187c3b09bec7e9d8fccdeb48a5b2223d9f80df2a8790a6af
2bd6c30a523ce8b33d96dc79b1d759b5d5634740ae76aa6557e2d3741082e067
2eee0761bf0536e5f4bc229317ca5f9969a78fbfee526ede845fb663a7ea9a16
2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef
328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7
3360d3aef084198d27d54ed56dfada445eac7c7d754a7a1e792deb1ce20d6b7c
35f91a61fb778a5507d8527904d3bb532d0c8655e7a6c77af344df8015adc2c1
38ca4da17412c46f91661cf0307473b854dfc94e4e41eb1da7b1ec703a42332a
3d09998427ddfe9ad41b4f3f75c0c55020ae97e8db61ca9ce3aba5a3c516a89b
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
420a436e0e9e1c48a2f9ce50b59fdb2b805d0274cc20fa569fd1726c4dbf90e9
4388358f8e4ced0256b18ac97d008fee4081daa03fe7dd685a3104ee936706d2
4471ccb98d7627f19e1fd997e5562b4be936baf86b6597eb63330c6843fc59c1
447256eb31b03e8de245de6feb98fad0a7710874162ab5cd91bd39274eaed7a7
4557bc3ac83c0fcf4ac09c82fcccddb57cc926e3c75d1d95e56fc19b80adb79d
45d6edeb32bf69e5898777a3c10f9945acf266355d49d7e2c17dd471c25972e6
47043e4823a6c21a8881de789b4185355330b5804629d23f6b43dd93f5265292
478915866bec983bd4b2a29e250cac47c0bfcd4cfa115fdb3fae81bee0dd6559
4aa2fdddfcb25552a1713673a954bc864de1a7b22dc0ebe664fe8ddb6bcb21ee
4bd75f4bceeae5b02e7596a72ce227c51a7f6bf8bce25e96de044caeb6e64976
4c73ae3eda72c7eef8b13c75031180df1d81626dec2a68a846094d697fec3546
4d663da5e7f6fe773fda5fe642d04a71cd988f1132b343edb5be914d44a1f534
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
52142e0671ba7294da28434e2a92636b8848c1fe284fe09543c4e8f7e4716d11
52e86f5586819f24342659ff63cc353f4350f806a44d8ac57d21672d1eb9107b
538c83d5496c164325c67698d72074813e07fefe618e6a3bd28c913dd7043e34
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
5704a2e9f2f7ce43a79f9b407f1aedcfd50223cbe8bd2f71ff8c5c819e469cbc
58738c49da73f2e22fe9c9c4732712bbb8aa5d4110e42a503fc4c5515969bc32
5971b095cff574a66d35ada016d4c077c86e2dea62e9c0f14cf7c94b258619de
5a4aba4ef6b3dc927cf61fbef7cfc360db9d4a81a149b6b11907887f18f0efde
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
5b4cb861c0a96921bd708714737d480605c5328b0be8f182c8865ca12e8b694d
5cc76e7f5b027b2566d97e2701af7b605a376c4a0487302d2634bbceb67eb349
5e5fca20e67744cd5a9705d25167ec8c4b8795bd50bb534a3e0584b5ef451256
5fbdec47eb761902c4f7d14ccd5a3b97bbaca6a18d485482157fff7f97684d3d
60545e054ec3ed32276ff337a4775973165502a5d7420dcbe0c7c3c1e3136d6b
671159d92d021d97a29e278abdada9084cdec308bb77e9dc9bf3d798a5a08de4
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6bdbf570e965ff84c49856d2c9b66fbae9b8ddecc20431a77f1a0588907607e2
6c81d63f39c0a7924742dba1cc8a5ee8ac13ba9a37ac5f27fe74c449b4c78e76
6c9db9515e4558690ee455f4de3b5780348b67b1d04cf89fb865686fdf3b363f
6cd794b69baaca85a6bd556df2713a3e6c07ca5cc159ff28aec8674b65347106
6d4bdbf320347534ec118f2be63919f471f8c8e5de04a234f47088c33eb400e0
6daf092c820d6323f36c5ddad13658cf42a525808c69025cc3e7a36d76ab5508
6e8f6b76132f1b9dfe46847a40f6bda5a9eb11e889663b16e63dfd65ff0e6fb8
6ef88dd324ec57c3b1c48ce5ee2eb3fb14639c1323ef140c944e3027dde03e33
7176a2935514018f4c12a99dccc108407f9f4bdd7c1be1a097cbec7a90fb7542
74ccbc93851c337e3f764c712dac726bb612522e583432b1ffffb1d61dfe9c8b
7575f49aab44ee253777871324241836470b2eaa4a3cd53381f0108fe6263661
759cbd9881e14214af52dfb585ccf70ea59037598b67cc9cf6df7d3fea7abfd0
75c911d121bdba9548b91e8a057bfae7edbebe988a7423821fc7d4c090c64b92
7a47b52f285752e442c6846f775ad5b6a262659f5b63eafb8da15e3e00e320c6
7b1533a518cf6a90f0155617cfc6ba57e0a3c0412032712af34809e348a84814
7dbc0d021a7c898fecf2f88202551efe3ac072fd4846e641a065a55f8b043f2a
8041b5e79eead5d0e7367e24dc5ee90295698a6d838682658081b100a094ea44
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
83f8393c6593831a76ea84324c946029082b5c72507176c13387468d21c651ff
84768aef16e00db6fcaa24a5b82328cf4d7d747707f28b9a04d0d91a6b671d09
8719782486aec06c1298c155d4d7326bc83db3e7b31fa1964787aaf9dfd5b011
88f7396ed78704a73f8f111ea2fa5d734f0caf0465ac39d2a4f67a99ac241719
893b40849cf60754fc6a8cfd3c32b73f9ee7f3f92eea065e2fde15af5b78f934
89cf66cb9de8da20fc15e9953845dd4d1de2c0fb465c827a09d818449222c533
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7
8ab6178ed23ee18aa7ea5b16f2114096645d98ab305ba16d290cb80e5dc9760a
8baad8c872e6151f0eebedff088050aa8570d12e30c5ba3e28c4b2cf0a104ebd
8bd9b4ac0e00d6345d29f0360138d9eef7f4f5a2161f43ca02ca473e89eeb899
8c979ed3785f184174cba3c38dd0ebbd5b244add676982d9aeafb57b3e53b1a4
8d375fb8f67575a449606683fc8be339674f03ff2fee1c42e632564d0b207c3b
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8e1b84265e633c043720dd0921476c16bc9f75e393e855c9116ca7c3a847b5c7
8e758310065d56c81731fadefacd48f77fe962456070bcd42b4fab78e044a69d
8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5
8fc17a517bcaafe39e7c2106483762f877897aa0c22ab9dd472c1cde12188626
9321bc63a75b3ac6d384b411665b6e77a8b326a4b176ca2049872d3b5d4974f5
952833e41ba7a4b64c31a2d7b07dde81bf5bbacf5cbb967821cfe459d0c4a0d8
95468a4e3708532534a0ff8bd5270ee2bb35dcbc83a2837e561865ad9bfc2eb1
98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a
9c56f97c002513e5266bed356153984b1612bac56582f71f519180dac3c712d1
9ec3bd6685fcfcc08d6ea574d16db5da8622d5a713ce934ef443dc742330ab89
a03c785037ad1b5e421dd7d4335f1f697c0ab24f71aa14e49e632679b4112299
a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a09179dd962df38a01440ce2e4748c37bd832fe1ac2f65ad974490a89d63d129
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a2925ebc9df04ccd6394511af90bc09bf370d19e6797a2434459574d89a6797e
a4aa9f775af34f63386d8b4d8a14fce2225c317c3f93cbafdeb5a8524eb542a1
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
b10eee194abe7bfc3af726e63d4bed87bc9d6f63a9e05648f22c9eedc5c7eb9a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b18208c9d118b2a3ef63d789e600229bcc86da65b1ccb37dbefe6cbc50ae11b0
b1a0d32005979c12562947d398fa663e84c1127640530a78edcda303d3a33c73
b30aaa29aead0ced901f49560b6f13f09ff52fc3494e6bc0baddce97f80f928f
b410913850321efd333e39ddf1a5d49a433b29721126ec6d785f8f039e98bc32
b73c2239b5b0ae6e051cb135734dc2101aeaf9032dd6b2c29ce9679330fc0bd0
b769324e0921f9f649611113e65f528ebae5e140da8a7e63c5d6ea7bc7a33bc0
b81f50d6d819dd6d6aaf0cb6402329f0479c734ad2f0918eb9f8366b66f78c83
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
bd9a372e0be63d97a75575bb1e202e4e619cdaad3eb2fbc1a47f2583752ef097
bdf44a7473d1aa23ccedf8d377d7d4c2b549de4c0df53d2ba4cfe0b022f0ba68
bff788afb01cb267a0841bef4d1af90bfc6774289884ab93aed906bcbe78b84e
c1e56ad863615fc191d80d7807852db95e57579f6535186d83d04ecdebef5236
c56564287df791f808cee17bb95d43fa8340f4295f1e591bed50d401a97c9e98
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
cb4009a87c060e8cd986760bc62821454c55ff6539a78887df48a43cd0b5d0bb
ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142
cd80d0dcb2a44bd30c11fcdf13d4c280f336dad9442ee7da79146f2bb77381a4
ce9d07500ad91ec2b524c270764ec4c9a33e78320d8d374ec400ede488f6251b
ce9f52a2c98f5b57b7591379ad3d95bc7ccd7ebe18e06699fb4a0aa1f2c2026a
cec2fe6ccfa38f972e79f25c46c812727d1048f7d364d3d5639cb2e9528acf5f
cf6b8e5810b81c2eb90ca7454bd6413ec5df5d2af382a764302b797006c43ef0
d0f07190791630edc058ad6e5a33a3cda6a8f85c470e593ce0bbed46ffec148b
d1371feb0512d700cf724b05a588ce79f8d8dfbb0991ae5f45ecd3ab08983a38
d1514d1b92e33d5ca3ed4ad91f9a245f8e02c6e8ffe2d9fd50ea7b2f2d36a76c
d1802297dea21b3e6a860ccb64dac092312598f1743b8b6b9dd6c30adb4bfe45
d588c2dead8a2ebb078dbcc9612bf32b58351998fa5e7889e63b41e761d44103
d6b03c0ce04b39e345143e08b559dac92951ed2db93a2aa699430d56e746c605
db209390b90b70f4b1ef3540cb581e4ec8edbba21980971b68e4aef5c5d352fb
dc60bea94528b716780eb7f196f1e88f2eb18fc6d74754b5f996ede9b919318c
dd005c0a5171ebaf9e8ece73b6ddef42bc6293263aece42fd1cea69730c44442
def7e4d139a8615c2721b3a2f0aee56e08052118029fa0bc8101fc0daea957d6
e0195bcde6d877ec77cae5b0985ee178f751b44f3015b6e66146d8fc5bfdc707
e2717d806962fe1e4c9810ca869fb82c8bbd86638ca6787d01ff8c947c20df3c
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4eaadc2def43bb3f805070c6b7bf4361c6501b710c71188469666c12a8ae37c
e739a94ded503457c8474ba4f648ecf57407f6d97638e67adabe221d1b761cd1
e944de09b6e048d89b1dff57baf718b2ac1dc0d273e55560decb4c82cc828c8f
eaf736a6920f3db6d17d645fcd35d011c2a690f39481e22afc99f4b81a7016b4
ebd6d32400095fb406e63e748a6a8451eb6cdefc0f57d5f3217de10fdc57b416
ee01d40bfdd77aba5652b3ff93095712b618a6a2cc2637828bd875979cfe9cb8
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef783ddf3214504338e74ae68ad1cb5229f3e8519eb4a539bb964deb38864ca9
f05b1bfe0ba17ee79b6d32a84f86c53d597d19052d77d9d4209099ebe3caf332
f1254fee3a641493452a188ca7a0b01cfec72fb19585fc0bf0792461dc745ee2
f20618a9611f101433a64fbcc4524da7827f460c048ac9c383cc2eea9bb1bb2d
f2f5cb21c545b0010b10a9bc7762a5376f5df10cd53aeb2db765d28afb109e9f
f312af48d9dcc5d90470fab6410aabb3b5dcb4c8aaf6e5bc4cdef61f614b9dcb
f50259e9dde42350eb3f2478687da5a714cd2dc1542ec2386bd718d61c20e100
f50a7c535aeb44b7ab031b51f62e95a590250b60c44800b8292e7445dff9c222
f52e4e999a441c151183d77efd6dad3915e650409ea65b94b7e0fc067dcd0abd
f6cfb0d3d7be77e19468d1f315e892963adf4975af43084e66d25d5b6a7edce1
fcd533319a7060dd43a60595b017b36bbe63d244ad6f4262c5f5662c832b192d

www.marchofdimes.org Open in urlscan Pro 2606:4700:10::6816:4345 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

293 Requests

90 %HTTPS

33 %IPv6

73 Domains

105 Subdomains

90 IPs

11 Countries

4023 kBTransfer

11836 kBSize

76 Cookies

10 Outgoing links

Redirected requests

293 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 17 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.marchofdimes.org Open in urlscan Pro
2606:4700:10::6816:4345 Public Scan

Screenshot
Live screenshot

Full Image

293
Requests

90 %
HTTPS

33 %
IPv6

73
Domains

105
Subdomains

90
IPs

11
Countries

4023 kB
Transfer

11836 kB
Size

76
Cookies

293 HTTP transactions
17 data transactions