4605991.fls.doubleclick.net Open in urlscan Pro
142.250.185.102 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://4605991.fls.doubleclick.net/activityi;dc_pre=COXP_bOtr-MCFUfT1QoddcUGvQ;src=4605991;type=hp_offer;cat=off_all;gtm=2wg6q1;gcl...
Submission Tags: falconsandbox
Submission: On July 10 via api (July 10th 2021, 10:02:14 pm UTC) from US

Summary HTTP 101 Redirects Behaviour Indicators

Summary

This website contacted 35 IPs in 6 countries across 37 domains to perform 101 HTTP transactions. The main IP is 142.250.185.102, located in United States and belongs to GOOGLE, US. The main domain is 4605991.fls.doubleclick.net.
TLS certificate: Issued by GTS CA 1C3 on June 22nd 2021. Valid for: 3 months.

This is the only time 4605991.fls.doubleclick.net was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
2 6	142.250.185.102 142.250.185.102	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:800::2002	15169 (GOOGLE) (GOOGLE)
1 1	2a00:1450:400... 2a00:1450:4001:827::2002	15169 (GOOGLE) (GOOGLE)
1 2	64.158.223.137 64.158.223.137	41041 (VCLK-EU-SE) (VCLK-EU-SE)
1 1	89.207.16.137 89.207.16.137	41041 (VCLK-EU-SE) (VCLK-EU-SE)
1	104.111.242.245 104.111.242.245	16625 (AKAMAI-AS) (AKAMAI-AS)
1	212.82.100.181 212.82.100.181	34010 (YAHOO-IRD) (YAHOO-IRD)
1	172.217.16.130 172.217.16.130	15169 (GOOGLE) (GOOGLE)
1	2a02:2638:1::3 2a02:2638:1::3	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
2 2	193.0.160.46 193.0.160.46	54312 (ROCKETFUEL) (ROCKETFUEL)
3	193.0.160.49 193.0.160.49	54312 (ROCKETFUEL) (ROCKETFUEL)
5	2a00:1288:80:... 2a00:1288:80:800::7001	203220 (YAHOO-DEB) (YAHOO-DEB)
2	91.228.74.226 91.228.74.226	16509 (AMAZON-02) (AMAZON-02)
1 2	52.95.123.167 52.95.123.167	16509 (AMAZON-02) (AMAZON-02)
3	2600:9000:21f... 2600:9000:21f3:3400:1:76cf:fe80:93a1	16509 (AMAZON-02) (AMAZON-02)
2	2a00:1450:400... 2a00:1450:4001:813::2002	15169 (GOOGLE) (GOOGLE)
1	178.250.2.151 178.250.2.151	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1 2	2a02:2638::1c 2a02:2638::1c	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
6 22	193.0.160.129 193.0.160.129	54312 (ROCKETFUEL) (ROCKETFUEL)
2	2a00:1450:400... 2a00:1450:4001:808::2004	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:827::2003	15169 (GOOGLE) (GOOGLE)
4	2.18.232.7 2.18.232.7	16625 (AKAMAI-AS) (AKAMAI-AS)
4 4	142.250.185.226 142.250.185.226	15169 (GOOGLE) (GOOGLE)
2 5	37.252.173.22 37.252.173.22	29990 (ASN-APPNEX) (ASN-APPNEX)
3 6	23.37.43.59 23.37.43.59	16625 (AKAMAI-AS) (AKAMAI-AS)
3	69.173.144.165 69.173.144.165	26667 (RUBICONPR...) (RUBICONPROJECT)
1 4	54.171.168.191 54.171.168.191	16509 (AMAZON-02) (AMAZON-02)
1 4	2.18.234.21 2.18.234.21	16625 (AKAMAI-AS) (AKAMAI-AS)
3 9	35.244.174.68 35.244.174.68	15169 (GOOGLE) (GOOGLE)
1 4	185.94.180.126 185.94.180.126	35220 (SPOTX-AMS) (SPOTX-AMS)
3	2600:1f18:612... 2600:1f18:612b:4232:380b:6483:6fb1:583d	14618 (AMAZON-AES) (AMAZON-AES)
3	3.127.52.31 3.127.52.31	16509 (AMAZON-02) (AMAZON-02)
3	34.247.15.24 34.247.15.24	16509 (AMAZON-02) (AMAZON-02)
1 4	3.126.158.103 3.126.158.103	16509 (AMAZON-02) (AMAZON-02)
1 4	3.121.27.153 3.121.27.153	16509 (AMAZON-02) (AMAZON-02)
4 4	151.101.14.49 151.101.14.49	54113 (FASTLY) (FASTLY)
3	2.18.235.93 2.18.235.93	16625 (AKAMAI-AS) (AKAMAI-AS)
3 3	54.93.158.246 54.93.158.246	16509 (AMAZON-02) (AMAZON-02)
3 3	13.225.74.112 13.225.74.112	16509 (AMAZON-02) (AMAZON-02)
3	184.73.14.153 184.73.14.153	14618 (AMAZON-AES) (AMAZON-AES)
1	2600:9000:20e... 2600:9000:20eb:4c00:6:44e3:f8c0:93a1	16509 (AMAZON-02) (AMAZON-02)
101	35

6 142.250.185.102 (United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s49-in-f6.1e100.net

4605991.fls.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
9635419.fls.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:800::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:827::2002 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 64.158.223.137 (Amsterdam, Netherlands) 1 redirects

ASN41041 (VCLK-EU-SE, US)
PTR: ams02-usadmm.dotomi.com

login.dotomi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 89.207.16.137 (United States) 1 redirects

ASN41041 (VCLK-EU-SE, US)
PTR: ams03-usadmm.dotomi.com

core.conversant.mgr.consensu.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.111.242.245 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-242-245.deploy.static.akamaitechnologies.com

p.teads.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 212.82.100.181 (Dublin, Ireland)

ASN34010 (YAHOO-IRD, GB)
PTR: spdc.pbp.vip.ir2.yahoo.com

sp.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.217.16.130 (United States)

ASN15169 (GOOGLE, US)
PTR: fra15s46-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:2638:1::3 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

static.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 193.0.160.46 (United States) 2 redirects

ASN54312 (ROCKETFUEL, US)

emea-alitalia.apxprogrammatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 193.0.160.49 (United States)

ASN54312 (ROCKETFUEL, US)

apxprogrammatic.netmng.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1288:80:800::7001 (Frankfurt am Main, Germany)

ASN203220 (YAHOO-DEB, GB)

s.yimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ads.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 91.228.74.226 (United Kingdom)

ASN16509 (AMAZON-02, US)

secure.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixel.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.95.123.167 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)

aax-eu.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2600:9000:21f3:3400:1:76cf:fe80:93a1 (United States)

ASN16509 (AMAZON-02, US)

c1.rfihub.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:813::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.250.2.151 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

sslwidget.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:2638::1c (France) 1 redirects

ASN44788 (ASN-CRITEO-EUROPE, FR)

gum.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

22 193.0.160.129 (United States) 6 redirects

ASN54312 (ROCKETFUEL, US)

20740829p.rfihub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
a.rfihub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
p.rfihub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
20822660p.rfihub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
20822659p.rfihub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:808::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:827::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2.18.232.7 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-232-7.deploy.static.akamaitechnologies.com

t.teads.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 142.250.185.226 (United States) 4 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s53-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 37.252.173.22 (Frankfurt am Main, Germany) 2 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 536.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 23.37.43.59 (Frankfurt am Main, Germany) 3 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a23-37-43-59.deploy.static.akamaitechnologies.com

stags.bluekai.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
x.dlx.addthis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 69.173.144.165 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 54.171.168.191 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-54-171-168-191.eu-west-1.compute.amazonaws.com

dpm.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2.18.234.21 (Frankfurt am Main, Germany) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-234-21.deploy.static.akamaitechnologies.com

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 35.244.174.68 (Kansas City, United States) 3 redirects

ASN15169 (GOOGLE, US)
PTR: 68.174.244.35.bc.googleusercontent.com

idsync.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 185.94.180.126 (United States) 1 redirects

ASN35220 (SPOTX-AMS, US)

sync.search.spotxchange.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2600:1f18:612b:4232:380b:6483:6fb1:583d (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

partners.tremorhub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 3.127.52.31 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-127-52-31.eu-central-1.compute.amazonaws.com

aa.agkn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 34.247.15.24 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-247-15-24.eu-west-1.compute.amazonaws.com

beacon.krxd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 3.126.158.103 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-126-158-103.eu-central-1.compute.amazonaws.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 3.121.27.153 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-121-27-153.eu-central-1.compute.amazonaws.com

ps.eyeota.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 151.101.14.49 (Frankfurt am Main, Germany) 4 redirects

ASN54113 (FASTLY, US)

sync-tm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2.18.235.93 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-235-93.deploy.static.akamaitechnologies.com

contextual.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 54.93.158.246 (Frankfurt am Main, Germany) 3 redirects

ASN16509 (AMAZON-02, US)

bs.serving-sys.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 13.225.74.112 (United States) 3 redirects

ASN16509 (AMAZON-02, US)
PTR: server-13-225-74-112.fra2.r.cloudfront.net

live.rezync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 184.73.14.153 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-184-73-14-153.compute-1.amazonaws.com

bpi.rtactivate.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:20eb:4c00:6:44e3:f8c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

rules.quantcount.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
22	rfihub.com 6 redirects 20740829p.rfihub.com a.rfihub.com p.rfihub.com 20822660p.rfihub.com 20822659p.rfihub.com	34 KB
12	doubleclick.net 6 redirects 4605991.fls.doubleclick.net googleads.g.doubleclick.net cm.g.doubleclick.net 9635419.fls.doubleclick.net	10 KB
9	rlcdn.com 3 redirects idsync.rlcdn.com	3 KB
5	adnxs.com 2 redirects ib.adnxs.com	5 KB
5	teads.tv p.teads.tv t.teads.tv	7 KB
5	google.com adservice.google.com www.google.com	1 KB
4	everesttech.net 4 redirects sync-tm.everesttech.net	757 B
4	eyeota.net 1 redirects ps.eyeota.net	2 KB
4	bidswitch.net 1 redirects x.bidswitch.net	1 KB
4	spotxchange.com 1 redirects sync.search.spotxchange.com	2 KB
4	casalemedia.com 1 redirects dsum-sec.casalemedia.com	4 KB
4	demdex.net 1 redirects dpm.demdex.net	4 KB
4	yahoo.com sp.analytics.yahoo.com ads.yahoo.com	2 KB
3	rtactivate.com bpi.rtactivate.com	325 B
3	rezync.com 3 redirects live.rezync.com	2 KB
3	serving-sys.com 3 redirects bs.serving-sys.com	2 KB
3	media.net contextual.media.net	2 KB
3	krxd.net beacon.krxd.net	1012 B
3	agkn.com aa.agkn.com	712 B
3	tremorhub.com partners.tremorhub.com	547 B
3	addthis.com x.dlx.addthis.com	573 B
3	rubiconproject.com pixel.rubiconproject.com	717 B
3	bluekai.com 3 redirects stags.bluekai.com	2 KB
3	criteo.com 1 redirects sslwidget.criteo.com gum.criteo.com	2 KB
3	rfihub.net c1.rfihub.net	19 KB
3	netmng.com apxprogrammatic.netmng.com	5 KB
3	google.de 1 redirects adservice.google.de www.google.de	809 B
2	amazon-adsystem.com 1 redirects aax-eu.amazon-adsystem.com	2 KB
2	quantserve.com secure.quantserve.com pixel.quantserve.com	9 KB
2	yimg.com s.yimg.com	7 KB
2	apxprogrammatic.com 2 redirects emea-alitalia.apxprogrammatic.com	528 B
2	dotomi.com 1 redirects login.dotomi.com	642 B
1	quantcount.com rules.quantcount.com	2 KB
1	criteo.net static.criteo.net	13 KB
1	googleadservices.com www.googleadservices.com	17 KB
1	consensu.org 1 redirects core.conversant.mgr.consensu.org	292 B
0	sam4m.com Failed eu-ma.sam4m.com Failed
101	37

	Domain	Requested by
16	p.rfihub.com	6 redirects 4605991.fls.doubleclick.net
9	idsync.rlcdn.com	3 redirects 4605991.fls.doubleclick.net 20822660p.rfihub.com 20822659p.rfihub.com
5	ib.adnxs.com	2 redirects 4605991.fls.doubleclick.net 20822660p.rfihub.com 20822659p.rfihub.com
4	9635419.fls.doubleclick.net	2 redirects emea-alitalia.apxprogrammatic.com apxprogrammatic.netmng.com
4	sync-tm.everesttech.net	4 redirects
4	ps.eyeota.net	1 redirects 4605991.fls.doubleclick.net
4	x.bidswitch.net	1 redirects 4605991.fls.doubleclick.net 20822660p.rfihub.com 20822659p.rfihub.com
4	sync.search.spotxchange.com	1 redirects 4605991.fls.doubleclick.net 20822660p.rfihub.com 20822659p.rfihub.com
4	dsum-sec.casalemedia.com	1 redirects 4605991.fls.doubleclick.net 20822660p.rfihub.com 20822659p.rfihub.com
4	dpm.demdex.net	1 redirects 4605991.fls.doubleclick.net 20822660p.rfihub.com 20822659p.rfihub.com
4	cm.g.doubleclick.net	4 redirects
4	t.teads.tv	4605991.fls.doubleclick.net p.teads.tv
3	bpi.rtactivate.com	4605991.fls.doubleclick.net 20822660p.rfihub.com 20822659p.rfihub.com
3	live.rezync.com	3 redirects
3	bs.serving-sys.com	3 redirects
3	contextual.media.net	4605991.fls.doubleclick.net 20822660p.rfihub.com 20822659p.rfihub.com
3	beacon.krxd.net	4605991.fls.doubleclick.net 9635419.fls.doubleclick.net
3	aa.agkn.com	4605991.fls.doubleclick.net 20822660p.rfihub.com 20822659p.rfihub.com
3	partners.tremorhub.com	4605991.fls.doubleclick.net 9635419.fls.doubleclick.net
3	x.dlx.addthis.com	4605991.fls.doubleclick.net 20822660p.rfihub.com 20822659p.rfihub.com
3	ads.yahoo.com	4605991.fls.doubleclick.net 9635419.fls.doubleclick.net
3	pixel.rubiconproject.com	4605991.fls.doubleclick.net 9635419.fls.doubleclick.net
3	stags.bluekai.com	3 redirects
3	a.rfihub.com	4605991.fls.doubleclick.net
3	c1.rfihub.net	4605991.fls.doubleclick.net 9635419.fls.doubleclick.net
3	apxprogrammatic.netmng.com	4605991.fls.doubleclick.net emea-alitalia.apxprogrammatic.com
3	adservice.google.com	4605991.fls.doubleclick.net 9635419.fls.doubleclick.net
2	www.google.de	4605991.fls.doubleclick.net
2	www.google.com	4605991.fls.doubleclick.net
2	gum.criteo.com	1 redirects static.criteo.net
2	googleads.g.doubleclick.net	www.googleadservices.com
2	aax-eu.amazon-adsystem.com	1 redirects 4605991.fls.doubleclick.net
2	s.yimg.com	4605991.fls.doubleclick.net s.yimg.com
2	emea-alitalia.apxprogrammatic.com	2 redirects
2	login.dotomi.com	1 redirects 4605991.fls.doubleclick.net
2	4605991.fls.doubleclick.net	adservice.google.com
1	20822659p.rfihub.com	c1.rfihub.net
1	20822660p.rfihub.com	c1.rfihub.net
1	pixel.quantserve.com	4605991.fls.doubleclick.net
1	rules.quantcount.com	secure.quantserve.com
1	20740829p.rfihub.com	c1.rfihub.net
1	sslwidget.criteo.com	static.criteo.net
1	secure.quantserve.com	4605991.fls.doubleclick.net
1	static.criteo.net	4605991.fls.doubleclick.net
1	www.googleadservices.com	4605991.fls.doubleclick.net
1	sp.analytics.yahoo.com	4605991.fls.doubleclick.net
1	p.teads.tv	4605991.fls.doubleclick.net
1	core.conversant.mgr.consensu.org	1 redirects
1	adservice.google.de	1 redirects
0	eu-ma.sam4m.com Failed	4605991.fls.doubleclick.net
101	50

This site contains no links.

Subject Issuer	Validity	Valid
*.doubleclick.net GTS CA 1C3	`2021-06-22` - `2021-09-14`	3 months	crt.sh
*.google.com GTS CA 1C3	`2021-06-22` - `2021-09-14`	3 months	crt.sh
*.dotomi.com GlobalSign RSA OV SSL CA 2018	`2019-06-19` - `2021-08-31`	2 years	crt.sh
teads.tv R3	`2021-06-14` - `2021-09-12`	3 months	crt.sh
*.analytics.yahoo.com DigiCert SHA2 High Assurance Server CA	`2021-05-24` - `2021-11-17`	6 months	crt.sh
www.googleadservices.com GTS CA 1C3	`2021-06-22` - `2021-09-14`	3 months	crt.sh
*.criteo.net DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2021-06-27` - `2021-09-24`	3 months	crt.sh
*.netmng.com Sectigo RSA Domain Validation Secure Server CA	`2021-02-04` - `2022-02-04`	a year	crt.sh
*.yahoo.com DigiCert SHA2 High Assurance Server CA	`2021-06-23` - `2021-08-04`	a month	crt.sh
*.quantserve.com DigiCert SHA2 High Assurance Server CA	`2020-10-02` - `2021-10-07`	a year	crt.sh
aax-eu.amazon-adsystem.com Amazon	`2021-04-09` - `2022-03-20`	a year	crt.sh
*.rfihub.net Sectigo RSA Domain Validation Secure Server CA	`2021-02-10` - `2022-02-10`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-06-22` - `2021-09-14`	3 months	crt.sh
*.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2021-06-27` - `2021-09-24`	3 months	crt.sh
*.rfihub.com Sectigo RSA Domain Validation Secure Server CA	`2020-06-18` - `2022-06-18`	2 years	crt.sh
www.google.com GTS CA 1C3	`2021-06-22` - `2021-09-14`	3 months	crt.sh
www.google.de GTS CA 1C3	`2021-06-22` - `2021-09-14`	3 months	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2021-03-05` - `2022-02-19`	a year	crt.sh
*.rubiconproject.com DigiCert TLS RSA SHA256 2020 CA1	`2020-12-18` - `2022-01-18`	a year	crt.sh
*.demdex.net DigiCert TLS RSA SHA256 2020 CA1	`2020-12-02` - `2022-01-02`	a year	crt.sh
san.casalemedia.com GeoTrust RSA CA 2018	`2021-02-05` - `2022-02-09`	a year	crt.sh
*.rlcdn.com Sectigo RSA Domain Validation Secure Server CA	`2021-02-25` - `2022-03-28`	a year	crt.sh
odc-pixel-prod-01.oracle.com DigiCert SHA2 Secure Server CA	`2021-04-25` - `2022-04-26`	a year	crt.sh
*.search.spotxchange.com GeoTrust RSA CA 2018	`2021-04-08` - `2022-05-09`	a year	crt.sh
*.tremorhub.com Amazon	`2021-06-27` - `2022-07-26`	a year	crt.sh
*.agkn.com RapidSSL RSA CA 2018	`2020-07-25` - `2022-09-18`	2 years	crt.sh
beacon.krxd.net DigiCert TLS RSA SHA256 2020 CA1	`2021-01-13` - `2022-01-07`	a year	crt.sh
*.bidswitch.net Sectigo RSA Domain Validation Secure Server CA	`2020-04-23` - `2022-05-04`	2 years	crt.sh
*.eyeota.net R3	`2021-06-28` - `2021-09-26`	3 months	crt.sh
*.media.net DigiCert SHA2 Secure Server CA	`2021-04-12` - `2022-04-20`	a year	crt.sh
rtactivate.com Amazon	`2021-05-13` - `2022-06-11`	a year	crt.sh

This page contains 10 frames:

Primary Page: https://4605991.fls.doubleclick.net/activityi;dc_pre=COXP_bOtr-MCFUfT1QoddcUGvQ;src=4605991;type=hp_offer;cat=off_all;gtm=2wg6q1;gcldc=EAIaIQobChMIwfS5pa2v4wIVCYbVCh1hHAfOEAAYASAAEgIafPD_BwE;gclaw=EAIaIQobChMIwfS5pa2v4wIVCYbVCh1hHAfOEAAYASAAEgIafPD_BwE;auiddc=1160107375.1562933607;u16=undefined;u15=undefined;u1=gb_en;~oref=https:/www.alitalia.com/en_gb/offers.html%3FWT.mc_id=search_Google_BrandGeneric_UK&WT.srch=1&gclid=EAIaIQobChMIwfS5pa2v4wIVCYbVCh1hHAfOEAAYASAAEgIafPD_BwE&gclsrc=aw.ds
Frame ID: B510A51BFE3F591344D9E38ECD7BFCBC
Requests: 1 HTTP requests in this frame

Frame: https://adservice.google.com/ddm/fls/i/dc_pre=COXP_bOtr-MCFUfT1QoddcUGvQ;src=4605991;type=hp_offer;cat=off_all;gtm=2wg6q1;gcldc=EAIaIQobChMIwfS5pa2v4wIVCYbVCh1hHAfOEAAYASAAEgIafPD_BwE;gclaw=EAIaIQobChMIwfS5pa2v4wIVCYbVCh1hHAfOEAAYASAAEgIafPD_BwE;auiddc=1160107375.1562933607;u16=undefined;u15=undefined;u1=gb_en;~oref=https:/www.alitalia.com/en_gb/offers.html%3FWT.mc_id=search_Google_BrandGeneric_UK&WT.srch=1&gclid=EAIaIQobChMIwfS5pa2v4wIVCYbVCh1hHAfOEAAYASAAEgIafPD_BwE&gclsrc=aw.ds
Frame ID: 2C86514503B7948A8A45AA9AF013E271
Requests: 1 HTTP requests in this frame

Frame: https://4605991.fls.doubleclick.net/ddm/fls/r/dc_pre=COXP_bOtr-MCFUfT1QoddcUGvQ;src=4605991;type=hp_offer;cat=off_all;gtm=2wg6q1;gcldc=EAIaIQobChMIwfS5pa2v4wIVCYbVCh1hHAfOEAAYASAAEgIafPD_BwE;gclaw=EAIaIQobChMIwfS5pa2v4wIVCYbVCh1hHAfOEAAYASAAEgIafPD_BwE;auiddc=1160107375.1562933607;u16=undefined;u15=undefined;u1=gb_en;~oref=https:/www.alitalia.com/en_gb/offers.html%3FWT.mc_id=search_Google_BrandGeneric_UK&WT.srch=1&gclid=EAIaIQobChMIwfS5pa2v4wIVCYbVCh1hHAfOEAAYASAAEgIafPD_BwE&gclsrc=aw.ds
Frame ID: 421A70FC7B24E6615B19536F38B972FA
Requests: 28 HTTP requests in this frame

Frame: https://aax-eu.amazon-adsystem.com/s/iu3?d=generic&ex-fargs=%3Fid%3D1cd23696-67af-92b0-02c8-fbb9008ce99b%26type%3D4%26m%3D35691&ex-fch=416613&ex-src=www.alitalia.com&ex-hargs=v%3D1.0%3Bc%3D4732567590802%3Bp%3D1CD23696-67AF-92B0-02C8-FBB9008CE99B&cb=327627923747403600&dcc=t
Frame ID: 0A6BA2548824C509CBE153C25BA92944
Requests: 1 HTTP requests in this frame

Frame: https://gum.criteo.com/syncframe?topUrl=4605991.fls.doubleclick.net&origin=onetag
Frame ID: 0F00B09A92CC65F59BB9574F3F49A908
Requests: 1 HTTP requests in this frame

Frame: https://20740829p.rfihub.com/ca.html?ver=9&rb=26997&ca=20740829&_o=26997&_t=20740829&pe=https%3A%2F%2F4605991.fls.doubleclick.net%2Fddm%2Ffls%2Fr%2Fdc_pre%3DCOXP_bOtr-MCFUfT1QoddcUGvQ%3Bsrc%3D4605991%3Btype%3Dhp_offer%3Bcat%3Doff_all%3Bgtm%3D2wg6q1%3Bgcldc%3DEAIaIQobChMIwfS5pa2v4wIVCYbVCh1hHAfOEAAYASAAEgIafPD_BwE%3Bgclaw%3DEAIaIQobChMIwfS5pa2v4wIVCYbVCh1hHAfOEAAYASAAEgIafPD_BwE%3Bauiddc%3D1160107375.1562933607%3Bu16%3Dundefined%3Bu15%3Dundefined%3Bu1%3Dgb_en%3B%7Eoref%3Dhttps%3A%2Fwww.alitalia.com%2Fen_gb%2Foffers.html%253FWT.mc_id%3Dsearch_Google_BrandGeneric_UK%26WT.srch%3D1%26gclid%3DEAIaIQobChMIwfS5pa2v4wIVCYbVCh1hHAfOEAAYASAAEgIafPD_BwE%26gclsrc%3Daw.ds&pf=https%3A%2F%2Fadservice.google.com%2F&ra=4995958545197192
Frame ID: AC3BCB591941677DE944DD47F7707CE8
Requests: 21 HTTP requests in this frame

Frame: https://9635419.fls.doubleclick.net/activityi;dc_pre=CJX_pMzA2fECFUwH4AodpJgH7A;src=9635419;type=111127;cat=6697125;qty=1;cost=0.00;u=8831E537-AA66-46C4-B179-DDD8B746F995;u1=xnamyl4jur38i;u2=0.00;u3=;u4=;u5=;u6=;u7=;u8=;u9=;u10=;u11=;u12=;u13=;u14=;u15=;u16=;u17=;u18=;u19=;u20=;ord=xnamyl4jur38i
Frame ID: 3ECA3B560432240783951C21D7FDC9E1
Requests: 3 HTTP requests in this frame

Frame: https://9635419.fls.doubleclick.net/activityi;dc_pre=CNzCpszA2fECFUt-4AodIxcHBg;src=9635419;type=6158;cat=111127;ord=xnamyl4jur38i;u20=[306697124]
Frame ID: 9D8F23F3435AAD790DC5ADE110904876
Requests: 3 HTTP requests in this frame

Frame: https://20822660p.rfihub.com/ca.html?ver=9&rb=40600&ca=20822660&_o=40600&_t=306697125&transid=xnamyl4jur38i&pe=https%3A%2F%2F9635419.fls.doubleclick.net%2Factivityi%3Bdc_pre%3DCJX_pMzA2fECFUwH4AodpJgH7A%3Bsrc%3D9635419%3Btype%3D111127%3Bcat%3D6697125%3Bqty%3D1%3Bcost%3D0.00%3Bu%3D8831E537-AA66-46C4-B179-DDD8B746F995%3Bu1%3Dxnamyl4jur38i%3Bu2%3D0.00%3Bu3%3D%3Bu4%3D%3Bu5%3D%3Bu6%3D%3Bu7%3D%3Bu8%3D%3Bu9%3D%3Bu10%3D%3Bu11%3D%3Bu12%3D%3Bu13%3D%3Bu14%3D%3Bu15%3D%3Bu16%3D%3Bu17%3D%3Bu18%3D%3Bu19%3D%3Bu20%3D%3Bord%3Dxnamyl4jur38i%3F&pf=https%3A%2F%2F4605991.fls.doubleclick.net%2F&ra=6767492651534741
Frame ID: 0A6B57DD3B6F7B493804877E592FDDE4
Requests: 21 HTTP requests in this frame

Frame: https://20822659p.rfihub.com/ca.html?ver=9&rb=40600&ca=20822659&_o=40600&_t=6158&segments=%5B306697124%5D&pe=https%3A%2F%2F9635419.fls.doubleclick.net%2Factivityi%3Bdc_pre%3DCNzCpszA2fECFUt-4AodIxcHBg%3Bsrc%3D9635419%3Btype%3D6158%3Bcat%3D111127%3Bord%3Dxnamyl4jur38i%3Bu20%3D%5B306697124%5D%3F&pf=https%3A%2F%2F4605991.fls.doubleclick.net%2F&ra=765586558986697
Frame ID: 2CE56211F5AF622DF5690EAAAD72D7E0
Requests: 21 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Statistics

101
Requests

99 %
HTTPS

27 %
IPv6

37
Domains

50
Subdomains

35
IPs

6
Countries

142 kB
Transfer

232 kB
Size

9
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 1

https://adservice.google.de/ddm/fls/i/dc_pre=COXP_bOtr-MCFUfT1QoddcUGvQ;src=4605991;type=hp_offer;cat=off_all;gtm=2wg6q1;gcldc=EAIaIQobChMIwfS5pa2v4wIVCYbVCh1hHAfOEAAYASAAEgIafPD_BwE;gclaw=EAIaIQobChMIwfS5pa2v4wIVCYbVCh1hHAfOEAAYASAAEgIafPD_BwE;auiddc=1160107375.1562933607;u16=undefined;u15=undefined;u1=gb_en;~oref=https:/www.alitalia.com/en_gb/offers.html%3FWT.mc_id=search_Google_BrandGeneric_UK&WT.srch=1&gclid=EAIaIQobChMIwfS5pa2v4wIVCYbVCh1hHAfOEAAYASAAEgIafPD_BwE&gclsrc=aw.ds HTTP 302
https://4605991.fls.doubleclick.net/ddm/fls/r/dc_pre=COXP_bOtr-MCFUfT1QoddcUGvQ;src=4605991;type=hp_offer;cat=off_all;gtm=2wg6q1;gcldc=EAIaIQobChMIwfS5pa2v4wIVCYbVCh1hHAfOEAAYASAAEgIafPD_BwE;gclaw=EAIaIQobChMIwfS5pa2v4wIVCYbVCh1hHAfOEAAYASAAEgIafPD_BwE;auiddc=1160107375.1562933607;u16=undefined;u15=undefined;u1=gb_en;~oref=https:/www.alitalia.com/en_gb/offers.html%3FWT.mc_id=search_Google_BrandGeneric_UK&WT.srch=1&gclid=EAIaIQobChMIwfS5pa2v4wIVCYbVCh1hHAfOEAAYASAAEgIafPD_BwE&gclsrc=aw.ds

Request Chain 2

https://login.dotomi.com/profile/visit/js/1_0?dtm_cid=80871&dtm_cmagic=ec9a38&dtm_fid=3017&cachebuster=[POPULATE_CACHEBUSTER_HERE] HTTP 302
https://core.conversant.mgr.consensu.org/gdpr/iab/consent/current?rdct_url=https%3A%2F%2Flogin.dotomi.com%2Fprofile%2Fvisit%2Fdisco%2Fjs%3Fdtm_cid%3D80871%26dtm_fid%3D3017%26dtm_cid_original%3D80871%26dtm_cmagic%3Dec9a38%26dtm_country_code%3DAT%26cachebuster%3D%255BPOPULATE_CACHEBUSTER_HERE%255D%26dtm_form_uid%3D852306074574751700%26gdpr%3D1%26gdpr_consent%3D HTTP 302
https://login.dotomi.com/profile/visit/disco/js?dtm_cid=80871&dtm_fid=3017&dtm_cid_original=80871&dtm_cmagic=ec9a38&dtm_country_code=AT&cachebuster=%5BPOPULATE_CACHEBUSTER_HERE%5D&dtm_form_uid=852306074574751700&gdpr=1&gdpr_consent=

Request Chain 7

https://emea-alitalia.apxprogrammatic.com/?aid=6158&ref=https%3A%2F%2Fadservice.google.com%2F HTTP 302
https://apxprogrammatic.netmng.com/?aid=6158&ref=https%3A%2F%2Fadservice.google.com%2F

Request Chain 8

https://emea-alitalia.apxprogrammatic.com/conv/?aid=6158&cpid=306697125&ref=https%3A%2F%2Fadservice.google.com%2F HTTP 302
https://apxprogrammatic.netmng.com/conv/?aid=6158&cpid=306697125&ref=https%3A%2F%2Fadservice.google.com%2F

Request Chain 12

https://aax-eu.amazon-adsystem.com/s/iu3?d=generic&ex-fargs=%3Fid%3D1cd23696-67af-92b0-02c8-fbb9008ce99b%26type%3D4%26m%3D35691&ex-fch=416613&ex-src=www.alitalia.com&ex-hargs=v%3D1.0%3Bc%3D4732567590802%3Bp%3D1CD23696-67AF-92B0-02C8-FBB9008CE99B&cb=327627923747403600 HTTP 302
https://aax-eu.amazon-adsystem.com/s/iu3?d=generic&ex-fargs=%3Fid%3D1cd23696-67af-92b0-02c8-fbb9008ce99b%26type%3D4%26m%3D35691&ex-fch=416613&ex-src=www.alitalia.com&ex-hargs=v%3D1.0%3Bc%3D4732567590802%3Bp%3D1CD23696-67AF-92B0-02C8-FBB9008CE99B&cb=327627923747403600&dcc=t

Request Chain 25

https://cm.g.doubleclick.net/pixel?&in=0&google_nid=zeta_interactive&google_cm=&google_sc=&google_hm=MTg3NTgxOTYyMTI2ODc0MDY2MQ==&forward= HTTP 302
https://a.rfihub.com/cm?pub=445&in=0&forward=&google_gid=CAESEH7Rg4F0c_F8dzRFr1Ph8Ak&google_cver=1

Request Chain 26

https://ib.adnxs.com/setuid?entity=18&code=1875819621268740661 HTTP 307
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D18%26code%3D1875819621268740661

Request Chain 27

https://stags.bluekai.com/site/4722?id=1875819621268740661&redir=https%3A%2F%2Fp.rfihub.com%2Fcm%3Fbk_uuid%3D%24_BK_UUID%26forward%3D HTTP 302
https://p.rfihub.com/cm?bk_uuid=8ZE2%2Fx9999YAYroQ&forward=

Request Chain 29

https://dpm.demdex.net/ibs:dpid=1121&dpuuid=1875819621268740661&redir= HTTP 302
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=1121&dpuuid=1875819621268740661&redir=

Request Chain 30

https://dsum-sec.casalemedia.com/rum?cm_dsp_id=57&external_user_id=1875819621268740661&forward= HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=57&external_user_id=1875819621268740661&forward=&C=1

Request Chain 34

https://sync.search.spotxchange.com/partner?adv_id=7180&uid=1875819621268740661&img=1 HTTP 302
https://sync.search.spotxchange.com/partner?adv_id=7180&uid=1875819621268740661&img=1&__user_check__=1&sync_id=7299fb22-e1ca-11eb-8358-19da87bf0506

Request Chain 38

https://x.bidswitch.net/sync?dsp_id=119&user_id=1875819621268740661&expires=30 HTTP 302
https://x.bidswitch.net/ul_cb/sync?dsp_id=119&user_id=1875819621268740661&expires=30

Request Chain 39

https://p.rfihub.com/cm?pub=24472&in=1 HTTP 302
https://ps.eyeota.net/match?uid=1875819621268740661&bid=omt9pi0 HTTP 302
https://ps.eyeota.net/match/bounce/?uid=1875819621268740661&bid=omt9pi0

Request Chain 40

https://sync-tm.everesttech.net/upi/pid/Mlpt2JaG/?redir=https%3A%2F%2Fp.rfihub.com%2Fcm%3Fin%3D1%26pub%3D21653%26userid%3D%24%7BTM_USER_ID%7D HTTP 302
https://sync-tm.everesttech.net/ct/upi/pid/Mlpt2JaG/?redir=https%3A%2F%2Fp.rfihub.com%2Fcm%3Fin%3D1%26pub%3D21653%26userid%3D%24%7BTM_USER_ID%7D&_test=YOoY1wACuW_t8wA4 HTTP 302
https://p.rfihub.com/cm?in=1&pub=21653&userid=YOoY1wACuW_t8wA4&_test=YOoY1wACuW_t8wA4

Request Chain 42

https://bs.serving-sys.com/serving?cn=um&dpid=12&rtu=https%3A%2F%2Fp.rfihub.com%2Fcm%3Fin%3D1%26pub%3D17945%26userid%3D%5B%25tp_UserID%25%5D HTTP 302
https://p.rfihub.com/cm?in=1&pub=17945&userid=80358bd9-9123-46e5-9ec0-126e0731b2eb

Request Chain 43

https://live.rezync.com/pixel?c=bd8618c307ae9885a12561b7191e2cea&cid=1875819621268740661&referrer=https%3A%2F%2Fadservice.google.com%2F HTTP 302
https://p.rfihub.com/cm?pub=39342&in=0&userid=539dc4c4-e952-4fd9-a6f7-69c5f00e7627%3A1625954519.05&forward=https%3A//idsync.rlcdn.com/501709.gif%3Fpartner_uid%3D539dc4c4-e952-4fd9-a6f7-69c5f00e7627%253A1625954519.05 HTTP 302
https://idsync.rlcdn.com/501709.gif?partner_uid=539dc4c4-e952-4fd9-a6f7-69c5f00e7627%3A1625954519.05 HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=epsilon&google_cm HTTP 302
https://idsync.rlcdn.com/362358.gif?google_gid=CAESENZxQg4rDX5O2VDrgwkUQtE&google_cver=1

Request Chain 48

https://9635419.fls.doubleclick.net/activityi;src=9635419;type=111127;cat=6697125;qty=1;cost=0.00;u=8831E537-AA66-46C4-B179-DDD8B746F995;u1=xnamyl4jur38i;u2=0.00;u3=;u4=;u5=;u6=;u7=;u8=;u9=;u10=;u11=;u12=;u13=;u14=;u15=;u16=;u17=;u18=;u19=;u20=;ord=xnamyl4jur38i HTTP 302
https://9635419.fls.doubleclick.net/activityi;dc_pre=CJX_pMzA2fECFUwH4AodpJgH7A;src=9635419;type=111127;cat=6697125;qty=1;cost=0.00;u=8831E537-AA66-46C4-B179-DDD8B746F995;u1=xnamyl4jur38i;u2=0.00;u3=;u4=;u5=;u6=;u7=;u8=;u9=;u10=;u11=;u12=;u13=;u14=;u15=;u16=;u17=;u18=;u19=;u20=;ord=xnamyl4jur38i

Request Chain 49

https://9635419.fls.doubleclick.net/activityi;src=9635419;type=6158;cat=111127;ord=xnamyl4jur38i;u20=[306697124] HTTP 302
https://9635419.fls.doubleclick.net/activityi;dc_pre=CNzCpszA2fECFUt-4AodIxcHBg;src=9635419;type=6158;cat=111127;ord=xnamyl4jur38i;u20=[306697124]

Request Chain 57

https://cm.g.doubleclick.net/pixel?&in=0&google_nid=zeta_interactive&google_cm=&google_sc=&google_hm=MTg3NTgxOTYyMTI2ODc0MDY2MQ==&forward= HTTP 302
https://a.rfihub.com/cm?pub=445&in=0&forward=&google_gid=CAESEH7Rg4F0c_F8dzRFr1Ph8Ak&google_cver=1

Request Chain 59

https://stags.bluekai.com/site/4722?id=1875819621268740661&redir=https%3A%2F%2Fp.rfihub.com%2Fcm%3Fbk_uuid%3D%24_BK_UUID%26forward%3D HTTP 302
https://p.rfihub.com/cm?bk_uuid=8ZE2%2Fx9999YAYroQ&forward=

Request Chain 67

https://p.rfihub.com/cm?pub=24472&in=1 HTTP 302
https://ps.eyeota.net/match?uid=1875819621268740661&bid=omt9pi0

Request Chain 68

https://sync-tm.everesttech.net/upi/pid/Mlpt2JaG/?redir=https%3A%2F%2Fp.rfihub.com%2Fcm%3Fin%3D1%26pub%3D21653%26userid%3D%24%7BTM_USER_ID%7D HTTP 302
https://p.rfihub.com/cm?in=1&pub=21653&userid=YOoY1wACuW_t8wA4

Request Chain 70

https://bs.serving-sys.com/serving?cn=um&dpid=12&rtu=https%3A%2F%2Fp.rfihub.com%2Fcm%3Fin%3D1%26pub%3D17945%26userid%3D%5B%25tp_UserID%25%5D HTTP 302
https://p.rfihub.com/cm?in=1&pub=17945&userid=80358bd9-9123-46e5-9ec0-126e0731b2eb

Request Chain 76

https://live.rezync.com/pixel?c=bd8618c307ae9885a12561b7191e2cea&cid=1875819621268740661&referrer=https%3A%2F%2F4605991.fls.doubleclick.net%2F HTTP 302
https://p.rfihub.com/cm?pub=39342&in=0&userid=539dc4c4-e952-4fd9-a6f7-69c5f00e7627%3A1625954519.05&forward=https%3A//idsync.rlcdn.com/501709.gif%3Fpartner_uid%3D539dc4c4-e952-4fd9-a6f7-69c5f00e7627%253A1625954519.05 HTTP 302
https://idsync.rlcdn.com/501709.gif?partner_uid=539dc4c4-e952-4fd9-a6f7-69c5f00e7627%3A1625954519.05 HTTP 307
https://ib.adnxs.com/getuid?https%3A%2F%2Fidsync.rlcdn.com%2F52154.gif%3Fserved_by%3Devergreen%26partner_uid%3D%24UID HTTP 302
https://idsync.rlcdn.com/52154.gif?served_by=evergreen&partner_uid=4337401291076033357

Request Chain 77

https://cm.g.doubleclick.net/pixel?&in=0&google_nid=zeta_interactive&google_cm=&google_sc=&google_hm=MTg3NTgxOTYyMTI2ODc0MDY2MQ==&forward= HTTP 302
https://a.rfihub.com/cm?pub=445&in=0&forward=&google_gid=CAESEH7Rg4F0c_F8dzRFr1Ph8Ak&google_cver=1

Request Chain 79

https://stags.bluekai.com/site/4722?id=1875819621268740661&redir=https%3A%2F%2Fp.rfihub.com%2Fcm%3Fbk_uuid%3D%24_BK_UUID%26forward%3D HTTP 302
https://p.rfihub.com/cm?bk_uuid=8ZE2%2Fx9999YAYroQ&forward=

Request Chain 87

https://p.rfihub.com/cm?pub=24472&in=1 HTTP 302
https://ps.eyeota.net/match?uid=1875819621268740661&bid=omt9pi0

Request Chain 88

https://sync-tm.everesttech.net/upi/pid/Mlpt2JaG/?redir=https%3A%2F%2Fp.rfihub.com%2Fcm%3Fin%3D1%26pub%3D21653%26userid%3D%24%7BTM_USER_ID%7D HTTP 302
https://p.rfihub.com/cm?in=1&pub=21653&userid=YOoY1wACuW_t8wA4

Request Chain 90

https://bs.serving-sys.com/serving?cn=um&dpid=12&rtu=https%3A%2F%2Fp.rfihub.com%2Fcm%3Fin%3D1%26pub%3D17945%26userid%3D%5B%25tp_UserID%25%5D HTTP 302
https://p.rfihub.com/cm?in=1&pub=17945&userid=80358bd9-9123-46e5-9ec0-126e0731b2eb

Request Chain 91

https://live.rezync.com/pixel?c=bd8618c307ae9885a12561b7191e2cea&cid=1875819621268740661&referrer=https%3A%2F%2F4605991.fls.doubleclick.net%2F HTTP 302
https://p.rfihub.com/cm?pub=39342&in=0&userid=539dc4c4-e952-4fd9-a6f7-69c5f00e7627%3A1625954519.05&forward=https%3A//idsync.rlcdn.com/501709.gif%3Fpartner_uid%3D539dc4c4-e952-4fd9-a6f7-69c5f00e7627%253A1625954519.05 HTTP 302
https://idsync.rlcdn.com/501709.gif?partner_uid=539dc4c4-e952-4fd9-a6f7-69c5f00e7627%3A1625954519.05 HTTP 307
https://gum.criteo.com/sync?c=6&r=1&a=1&u=https%3A%2F%2Fidsync.rlcdn.com%2F397676.gif%3Fserved_by%3Devergreen%26partner_uid%3D%40USERID%40 HTTP 302
https://idsync.rlcdn.com/397676.gif?served_by=evergreen&partner_uid=-_x6DvGlcGRAXS4q5O3Q41qHIJsHBeQ7

101 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request offers.html%3FWT.mc_id=search_Google_BrandGeneric_UK&WT.srch=1&gclid=EAIaIQobChMIwfS5pa2v4wIVCYbVCh1hHAfOEAAYASAAEgIafPD_BwE&gclsrc=aw.ds Show response
4605991.fls.doubleclick.net/activityi;dc_pre=COXP_bOtr-MCFUfT1QoddcUGvQ;src=4605991;type=hp_offer;cat=off_all;gtm=2wg6q1;gcldc=EAIaIQobChMIwfS5pa2v4wIVCYbVCh1hHAfOEAAYASAAEgIafPD_BwE;gclaw=EAIaIQob... 773 B
1 KB 113ms
37ms Document
text/html 142.250.185.102
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://4605991.fls.doubleclick.net/activityi;dc_pre=COXP_bOtr-MCFUfT1QoddcUGvQ;src=4605991;type=hp_offer;cat=off_all;gtm=2wg6q1;gcldc=EAIaIQobChMIwfS5pa2v4wIVCYbVCh1hHAfOEAAYASAAEgIafPD_BwE;gclaw=EAIaIQobChMIwfS5pa2v4wIVCYbVCh1hHAfOEAAYASAAEgIafPD_BwE;auiddc=1160107375.1562933607;u16=undefined;u15=undefined;u1=gb_en;~oref=https:/www.alitalia.com/en_gb/offers.html%3FWT.mc_id=search_Google_BrandGeneric_UK&WT.srch=1&gclid=EAIaIQobChMIwfS5pa2v4wIVCYbVCh1hHAfOEAAYASAAEgIafPD_BwE&gclsrc=aw.ds

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.102 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f6.1e100.net

Software

cafe /

Resource Hash

ffab8490dcbaba788720f1733a17705bd3e49ce8d9c347476dc2c53b94e769bb

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 4605991.fls.doubleclick.net
:scheme: https
:path: /activityi;dc_pre=COXP_bOtr-MCFUfT1QoddcUGvQ;src=4605991;type=hp_offer;cat=off_all;gtm=2wg6q1;gcldc=EAIaIQobChMIwfS5pa2v4wIVCYbVCh1hHAfOEAAYASAAEgIafPD_BwE;gclaw=EAIaIQobChMIwfS5pa2v4wIVCYbVCh1hHAfOEAAYASAAEgIafPD_BwE;auiddc=1160107375.1562933607;u16=undefined;u15=undefined;u1=gb_en;~oref=https:/www.alitalia.com/en_gb/offers.html%3FWT.mc_id=search_Google_BrandGeneric_UK&WT.srch=1&gclid=EAIaIQobChMIwfS5pa2v4wIVCYbVCh1hHAfOEAAYASAAEgIafPD_BwE&gclsrc=aw.ds
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sat, 10 Jul 2021 22:01:57 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
strict-transport-security: max-age=21600
content-type: text/html; charset=UTF-8
pragma: no-cache
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 507
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Sat, 10-Jul-2021 22:16:57 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 offers.html%3FWT.mc_id=search_Google_BrandGeneric_UK&WT.srch=1&gclid=EAIaIQobChMIwfS5pa2v4wIVCYbVCh1hHAfOEAAYASAAEgIafPD_BwE&gclsrc=aw.ds Show response
adservice.google.com/ddm/fls/i/dc_pre=COXP_bOtr-MCFUfT1QoddcUGvQ;src=4605991;type=hp_offer;cat=off_all;gtm=2wg6q1;gcldc=EAIaIQobChMIwfS5pa2v4wIVCYbVCh1hHAfOEAAYASAAEgIafPD_BwE;gclaw=EAIaIQobChMIwfS... Frame 2C86 772 B
740 B 42ms
42ms Document
text/html 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/ddm/fls/i/dc_pre=COXP_bOtr-MCFUfT1QoddcUGvQ;src=4605991;type=hp_offer;cat=off_all;gtm=2wg6q1;gcldc=EAIaIQobChMIwfS5pa2v4wIVCYbVCh1hHAfOEAAYASAAEgIafPD_BwE;gclaw=EAIaIQobChMIwfS5pa2v4wIVCYbVCh1hHAfOEAAYASAAEgIafPD_BwE;auiddc=1160107375.1562933607;u16=undefined;u15=undefined;u1=gb_en;~oref=https:/www.alitalia.com/en_gb/offers.html%3FWT.mc_id=search_Google_BrandGeneric_UK&WT.srch=1&gclid=EAIaIQobChMIwfS5pa2v4wIVCYbVCh1hHAfOEAAYASAAEgIafPD_BwE&gclsrc=aw.ds

Requested by

Host: 4605991.fls.doubleclick.net
URL: https://4605991.fls.doubleclick.net/activityi;dc_pre=COXP_bOtr-MCFUfT1QoddcUGvQ;src=4605991;type=hp_offer;cat=off_all;gtm=2wg6q1;gcldc=EAIaIQobChMIwfS5pa2v4wIVCYbVCh1hHAfOEAAYASAAEgIafPD_BwE;gclaw=EAIaIQobChMIwfS5pa2v4wIVCYbVCh1hHAfOEAAYASAAEgIafPD_BwE;auiddc=1160107375.1562933607;u16=undefined;u15=undefined;u1=gb_en;~oref=https:/www.alitalia.com/en_gb/offers.html%3FWT.mc_id=search_Google_BrandGeneric_UK&WT.srch=1&gclid=EAIaIQobChMIwfS5pa2v4wIVCYbVCh1hHAfOEAAYASAAEgIafPD_BwE&gclsrc=aw.ds

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0d08e93d2b0746ecb7785ebe51bb3004d2fea65f269ce8eb69eb7107ccd51ef8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: adservice.google.com
:scheme: https
:path: /ddm/fls/i/dc_pre=COXP_bOtr-MCFUfT1QoddcUGvQ;src=4605991;type=hp_offer;cat=off_all;gtm=2wg6q1;gcldc=EAIaIQobChMIwfS5pa2v4wIVCYbVCh1hHAfOEAAYASAAEgIafPD_BwE;gclaw=EAIaIQobChMIwfS5pa2v4wIVCYbVCh1hHAfOEAAYASAAEgIafPD_BwE;auiddc=1160107375.1562933607;u16=undefined;u15=undefined;u1=gb_en;~oref=https:/www.alitalia.com/en_gb/offers.html%3FWT.mc_id=search_Google_BrandGeneric_UK&WT.srch=1&gclid=EAIaIQobChMIwfS5pa2v4wIVCYbVCh1hHAfOEAAYASAAEgIafPD_BwE&gclsrc=aw.ds
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://4605991.fls.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://4605991.fls.doubleclick.net/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sat, 10 Jul 2021 22:01:57 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/html; charset=UTF-8
pragma: no-cache
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 507
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29

200

offers.html%3FWT.mc_id=search_Google_BrandGeneric_UK&WT.srch=1&gclid=EAIaIQobChMIwfS5pa2v4wIVCYbVCh1hHAfOEAAYASAAEgIafPD_BwE&gclsrc=aw.ds Show response
4605991.fls.doubleclick.net/ddm/fls/r/dc_pre=COXP_bOtr-MCFUfT1QoddcUGvQ;src=4605991;type=hp_offer;cat=off_all;gtm=2wg6q1;gcldc=EAIaIQobChMIwfS5pa2v4wIVCYbVCh1hHAfOEAAYASAAEgIafPD_BwE;gclaw=EAIaIQob... Frame 421A
Redirect Chain

https://adservice.google.de/ddm/fls/i/dc_pre=COXP_bOtr-MCFUfT1QoddcUGvQ;src=4605991;type=hp_offer;cat=off_all;gtm=2wg6q1;gcldc=EAIaIQobChMIwfS5pa2v4wIVCYbVCh1hHAfOEAAYASAAEgIafPD_BwE;gclaw=EAIaIQob...
https://4605991.fls.doubleclick.net/ddm/fls/r/dc_pre=COXP_bOtr-MCFUfT1QoddcUGvQ;src=4605991;type=hp_offer;cat=off_all;gtm=2wg6q1;gcldc=EAIaIQobChMIwfS5pa2v4wIVCYbVCh1hHAfOEAAYASAAEgIafPD_BwE;gclaw=...

10 KB
3 KB

72ms
38ms

Document
text/html

142.250.185.102
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://4605991.fls.doubleclick.net/ddm/fls/r/dc_pre=COXP_bOtr-MCFUfT1QoddcUGvQ;src=4605991;type=hp_offer;cat=off_all;gtm=2wg6q1;gcldc=EAIaIQobChMIwfS5pa2v4wIVCYbVCh1hHAfOEAAYASAAEgIafPD_BwE;gclaw=EAIaIQobChMIwfS5pa2v4wIVCYbVCh1hHAfOEAAYASAAEgIafPD_BwE;auiddc=1160107375.1562933607;u16=undefined;u15=undefined;u1=gb_en;~oref=https:/www.alitalia.com/en_gb/offers.html%3FWT.mc_id=search_Google_BrandGeneric_UK&WT.srch=1&gclid=EAIaIQobChMIwfS5pa2v4wIVCYbVCh1hHAfOEAAYASAAEgIafPD_BwE&gclsrc=aw.ds

Requested by

Host: adservice.google.com
URL: https://adservice.google.com/ddm/fls/i/dc_pre=COXP_bOtr-MCFUfT1QoddcUGvQ;src=4605991;type=hp_offer;cat=off_all;gtm=2wg6q1;gcldc=EAIaIQobChMIwfS5pa2v4wIVCYbVCh1hHAfOEAAYASAAEgIafPD_BwE;gclaw=EAIaIQobChMIwfS5pa2v4wIVCYbVCh1hHAfOEAAYASAAEgIafPD_BwE;auiddc=1160107375.1562933607;u16=undefined;u15=undefined;u1=gb_en;~oref=https:/www.alitalia.com/en_gb/offers.html%3FWT.mc_id=search_Google_BrandGeneric_UK&WT.srch=1&gclid=EAIaIQobChMIwfS5pa2v4wIVCYbVCh1hHAfOEAAYASAAEgIafPD_BwE&gclsrc=aw.ds

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.102 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f6.1e100.net

Software

cafe /

Resource Hash

cd8cea29532a7c496fb201775fc586463da05c286f1574353c353298f58462b7

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 4605991.fls.doubleclick.net
:scheme: https
:path: /ddm/fls/r/dc_pre=COXP_bOtr-MCFUfT1QoddcUGvQ;src=4605991;type=hp_offer;cat=off_all;gtm=2wg6q1;gcldc=EAIaIQobChMIwfS5pa2v4wIVCYbVCh1hHAfOEAAYASAAEgIafPD_BwE;gclaw=EAIaIQobChMIwfS5pa2v4wIVCYbVCh1hHAfOEAAYASAAEgIafPD_BwE;auiddc=1160107375.1562933607;u16=undefined;u15=undefined;u1=gb_en;~oref=https:/www.alitalia.com/en_gb/offers.html%3FWT.mc_id=search_Google_BrandGeneric_UK&WT.srch=1&gclid=EAIaIQobChMIwfS5pa2v4wIVCYbVCh1hHAfOEAAYASAAEgIafPD_BwE&gclsrc=aw.ds
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://adservice.google.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://adservice.google.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sat, 10 Jul 2021 22:01:57 GMT
expires: Sat, 10 Jul 2021 22:01:57 GMT
cache-control: private, max-age=0
strict-transport-security: max-age=21600
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 3401
x-xss-protection: 0
set-cookie: IDE=AHWqTUm9_-PwqJ3QfTEV6zF7xy7dxQ0ZlUULi3hJTO97xfFu9eqRola9wZDbyhbv_BI; expires=Thu, 04-Aug-2022 22:01:57 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none test_cookie=; expires=Fri, 01-Aug-2008 22:45:55 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

Redirect headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sat, 10 Jul 2021 22:01:57 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
location: https://4605991.fls.doubleclick.net/ddm/fls/r/dc_pre=COXP_bOtr-MCFUfT1QoddcUGvQ;src=4605991;type=hp_offer;cat=off_all;gtm=2wg6q1;gcldc=EAIaIQobChMIwfS5pa2v4wIVCYbVCh1hHAfOEAAYASAAEgIafPD_BwE;gclaw=EAIaIQobChMIwfS5pa2v4wIVCYbVCh1hHAfOEAAYASAAEgIafPD_BwE;auiddc=1160107375.1562933607;u16=undefined;u15=undefined;u1=gb_en;~oref=https:/www.alitalia.com/en_gb/offers.html%3FWT.mc_id=search_Google_BrandGeneric_UK&WT.srch=1&gclid=EAIaIQobChMIwfS5pa2v4wIVCYbVCh1hHAfOEAAYASAAEgIafPD_BwE&gclsrc=aw.ds
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"

GET
H2

200

js Show response
login.dotomi.com/profile/visit/disco/ Frame 421A
Redirect Chain

https://login.dotomi.com/profile/visit/js/1_0?dtm_cid=80871&dtm_cmagic=ec9a38&dtm_fid=3017&cachebuster=[POPULATE_CACHEBUSTER_HERE]
https://core.conversant.mgr.consensu.org/gdpr/iab/consent/current?rdct_url=https%3A%2F%2Flogin.dotomi.com%2Fprofile%2Fvisit%2Fdisco%2Fjs%3Fdtm_cid%3D80871%26dtm_fid%3D3017%26dtm_cid_original%3D8087...
https://login.dotomi.com/profile/visit/disco/js?dtm_cid=80871&dtm_fid=3017&dtm_cid_original=80871&dtm_cmagic=ec9a38&dtm_country_code=AT&cachebuster=%5BPOPULATE_CACHEBUSTER_HERE%5D&dtm_form_uid=8523...

19 B
210 B

39ms
39ms

Script
application/javascript

64.158.223.137
VCLK-EU-SE

General

Check archive.org

Show headers Download Go to

Full URL: https://login.dotomi.com/profile/visit/disco/js?dtm_cid=80871&dtm_fid=3017&dtm_cid_original=80871&dtm_cmagic=ec9a38&dtm_country_code=AT&cachebuster=%5BPOPULATE_CACHEBUSTER_HERE%5D&dtm_form_uid=852306074574751700&gdpr=1&gdpr_consent=
Requested by: Host: 4605991.fls.doubleclick.net
URL: https://4605991.fls.doubleclick.net/ddm/fls/r/dc_pre=COXP_bOtr-MCFUfT1QoddcUGvQ;src=4605991;type=hp_offer;cat=off_all;gtm=2wg6q1;gcldc=EAIaIQobChMIwfS5pa2v4wIVCYbVCh1hHAfOEAAYASAAEgIafPD_BwE;gclaw=EAIaIQobChMIwfS5pa2v4wIVCYbVCh1hHAfOEAAYASAAEgIafPD_BwE;auiddc=1160107375.1562933607;u16=undefined;u15=undefined;u1=gb_en;~oref=https:/www.alitalia.com/en_gb/offers.html%3FWT.mc_id=search_Google_BrandGeneric_UK&WT.srch=1&gclid=EAIaIQobChMIwfS5pa2v4wIVCYbVCh1hHAfOEAAYASAAEgIafPD_BwE&gclsrc=aw.ds
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 64.158.223.137 Amsterdam, Netherlands, ASN41041 (VCLK-EU-SE, US),
Reverse DNS: ams02-usadmm.dotomi.com
Software: nginx /
Resource Hash: 2db1dbcf1a4a6e63576e5f22320949e1ddc87ff4c10ff26ec353abc9540cd228

Request headers

Referer: https://4605991.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 10 Jul 2021 22:01:58 GMT
server: nginx
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP NID OUR STP"
cache-control: no-cache, private, max-age=0, no-store
content-type: application/javascript
content-length: 19
expires: 0

Redirect headers

location: https://login.dotomi.com/profile/visit/disco/js?dtm_cid=80871&dtm_fid=3017&dtm_cid_original=80871&dtm_cmagic=ec9a38&dtm_country_code=AT&cachebuster=%5BPOPULATE_CACHEBUSTER_HERE%5D&dtm_form_uid=852306074574751700&gdpr=1&gdpr_consent=
pragma: no-cache
date: Sat, 10 Jul 2021 22:01:58 GMT
cache-control: no-cache, private, max-age=0, no-store
server: nginx
content-length: 0
expires: 0

GET
H/1.1 200
OK teads-fellow.js Show response
p.teads.tv/ Frame 421A 6 KB
7 KB 144ms
40ms Script
application/javascript 104.111.242.245
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://p.teads.tv/teads-fellow.js
Requested by: Host: 4605991.fls.doubleclick.net
URL: https://4605991.fls.doubleclick.net/ddm/fls/r/dc_pre=COXP_bOtr-MCFUfT1QoddcUGvQ;src=4605991;type=hp_offer;cat=off_all;gtm=2wg6q1;gcldc=EAIaIQobChMIwfS5pa2v4wIVCYbVCh1hHAfOEAAYASAAEgIafPD_BwE;gclaw=EAIaIQobChMIwfS5pa2v4wIVCYbVCh1hHAfOEAAYASAAEgIafPD_BwE;auiddc=1160107375.1562933607;u16=undefined;u15=undefined;u1=gb_en;~oref=https:/www.alitalia.com/en_gb/offers.html%3FWT.mc_id=search_Google_BrandGeneric_UK&WT.srch=1&gclid=EAIaIQobChMIwfS5pa2v4wIVCYbVCh1hHAfOEAAYASAAEgIafPD_BwE&gclsrc=aw.ds
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.111.242.245 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-242-245.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 9bb46dbf7fdadc1a69827398f101c6bb10c30350373d5b04231d6b51323aca03

Request headers

Referer: https://4605991.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 10 Jul 2021 22:01:58 GMT
Last-Modified: Mon, 05 Jul 2021 14:11:34 GMT
Server: AmazonS3
x-amz-request-id: 8K0APKNJK5X8YV6G
ETag: "7918094c80a96d5722a588024f4cf5d3"
Content-Type: application/javascript
Cache-Control: max-age=353
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 6411
x-amz-id-2: 6KF19P+Puvl44LPeSVfLk0CcC2er9ZlV6iyychScF3yVW4OPmPg3ENTh7SNi0cWzpc85t2gOmvY=

GET
H/1.1 200
OK spp.pl
sp.analytics.yahoo.com/ Frame 421A 43 B
964 B 157ms
52ms Image
image/gif 212.82.100.181
YAHOO-IRD

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sp.analytics.yahoo.com/spp.pl?a=10000&.yp=10067142&ec=visit

Requested by

Host: 4605991.fls.doubleclick.net
URL: https://4605991.fls.doubleclick.net/ddm/fls/r/dc_pre=COXP_bOtr-MCFUfT1QoddcUGvQ;src=4605991;type=hp_offer;cat=off_all;gtm=2wg6q1;gcldc=EAIaIQobChMIwfS5pa2v4wIVCYbVCh1hHAfOEAAYASAAEgIafPD_BwE;gclaw=EAIaIQobChMIwfS5pa2v4wIVCYbVCh1hHAfOEAAYASAAEgIafPD_BwE;auiddc=1160107375.1562933607;u16=undefined;u15=undefined;u1=gb_en;~oref=https:/www.alitalia.com/en_gb/offers.html%3FWT.mc_id=search_Google_BrandGeneric_UK&WT.srch=1&gclid=EAIaIQobChMIwfS5pa2v4wIVCYbVCh1hHAfOEAAYASAAEgIafPD_BwE&gclsrc=aw.ds

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

212.82.100.181 Dublin, Ireland, ASN34010 (YAHOO-IRD, GB),

Reverse DNS

spdc.pbp.vip.ir2.yahoo.com

Software

ATS /

Resource Hash

0e4b1e428a2198ef747010c094101c257b568a97cdcc0f31ed5e9868cc835b39

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://4605991.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 10 Jul 2021 22:01:58 GMT
X-Content-Type-Options: nosniff
Age: 0
Connection: keep-alive
Content-Length: 43
X-XSS-Protection: 1; mode=block
Pragma: no-cache
Referrer-Policy: strict-origin-when-cross-origin
Server: ATS
X-Frame-Options: DENY
Expect-CT: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
Strict-Transport-Security: max-age=31536000
Content-Type: image/gif
Cache-Control: no-cache, private, must-revalidate
Accept-Ranges: bytes
Expires: Sat, 10 Jul 2021 22:01:58 GMT

GET
H2 200 conversion.js Show response
www.googleadservices.com/pagead/ Frame 421A 44 KB
17 KB 103ms
40ms Script
text/javascript 172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

cafe /

Resource Hash

0f506a0bf099d96a1f34c7c23cb74929b8fa381d4114509f9aef2273f2c852b3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://4605991.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 10 Jul 2021 22:01:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17349
x-xss-protection: 0
server: cafe
etag: 3780840205288251298
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Sat, 10 Jul 2021 22:01:58 GMT

GET
H2 200 ld.js Show response
static.criteo.net/js/ld/ Frame 421A 39 KB
13 KB 49ms
15ms Script
text/javascript 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://static.criteo.net/js/ld/ld.js
Requested by: Host: 4605991.fls.doubleclick.net
URL: https://4605991.fls.doubleclick.net/ddm/fls/r/dc_pre=COXP_bOtr-MCFUfT1QoddcUGvQ;src=4605991;type=hp_offer;cat=off_all;gtm=2wg6q1;gcldc=EAIaIQobChMIwfS5pa2v4wIVCYbVCh1hHAfOEAAYASAAEgIafPD_BwE;gclaw=EAIaIQobChMIwfS5pa2v4wIVCYbVCh1hHAfOEAAYASAAEgIafPD_BwE;auiddc=1160107375.1562933607;u16=undefined;u15=undefined;u1=gb_en;~oref=https:/www.alitalia.com/en_gb/offers.html%3FWT.mc_id=search_Google_BrandGeneric_UK&WT.srch=1&gclid=EAIaIQobChMIwfS5pa2v4wIVCYbVCh1hHAfOEAAYASAAEgIafPD_BwE&gclsrc=aw.ds
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: nginx /
Resource Hash: 76c79d3af714cd2570cdee0ff55daf2022f51477a4b5a89de470068280f8ddb1

Request headers

Referer: https://4605991.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 10 Jul 2021 22:01:58 GMT
content-encoding: gzip
last-modified: Thu, 17 Jun 2021 10:54:06 GMT
server: nginx
etag: W/"60cb29ce-9d98"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 11 Jul 2021 22:01:58 GMT

GET
H/1.1

200
OK

/ Show response
apxprogrammatic.netmng.com/ Frame 421A
Redirect Chain

https://emea-alitalia.apxprogrammatic.com/?aid=6158&ref=https%3A%2F%2Fadservice.google.com%2F
https://apxprogrammatic.netmng.com/?aid=6158&ref=https%3A%2F%2Fadservice.google.com%2F

311 B
1 KB

453ms
44ms

Script
text/javascript

193.0.160.49
ROCKETFUEL

General

Check archive.org

Show headers Download Go to

Full URL: https://apxprogrammatic.netmng.com/?aid=6158&ref=https%3A%2F%2Fadservice.google.com%2F
Requested by: Host: 4605991.fls.doubleclick.net
URL: https://4605991.fls.doubleclick.net/ddm/fls/r/dc_pre=COXP_bOtr-MCFUfT1QoddcUGvQ;src=4605991;type=hp_offer;cat=off_all;gtm=2wg6q1;gcldc=EAIaIQobChMIwfS5pa2v4wIVCYbVCh1hHAfOEAAYASAAEgIafPD_BwE;gclaw=EAIaIQobChMIwfS5pa2v4wIVCYbVCh1hHAfOEAAYASAAEgIafPD_BwE;auiddc=1160107375.1562933607;u16=undefined;u15=undefined;u1=gb_en;~oref=https:/www.alitalia.com/en_gb/offers.html%3FWT.mc_id=search_Google_BrandGeneric_UK&WT.srch=1&gclid=EAIaIQobChMIwfS5pa2v4wIVCYbVCh1hHAfOEAAYASAAEgIafPD_BwE&gclsrc=aw.ds
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 193.0.160.49 , United States, ASN54312 (ROCKETFUEL, US),
Reverse DNS
Software: nginx /
Resource Hash: a2ec11229f2b490dfc9f5b64c1c515c8b3911d09b21b4013fb7888695f167421

Request headers

Referer: https://4605991.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 10 Jul 2021 22:01:59 GMT
Last-Modified: Thu, 08 Jul 2021 22:01:59 GMT
Server: nginx
Transfer-Encoding: chunked
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa PSAa OUR BUS COM NAV"
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: keep-alive
Content-Type: text/javascript; charset=UTF-8
Expires: Thu, 08 Jul 2021 22:01:59 GMT

Redirect headers

Location: https://apxprogrammatic.netmng.com/?aid=6158&ref=https%3A%2F%2Fadservice.google.com%2F
Date: Sat, 10 Jul 2021 22:01:58 GMT
Server: nginx
Connection: keep-alive
Content-Length: 154
Content-Type: text/html

GET
H/1.1

200
OK

/ Show response
apxprogrammatic.netmng.com/conv/ Frame 421A
Redirect Chain

https://emea-alitalia.apxprogrammatic.com/conv/?aid=6158&cpid=306697125&ref=https%3A%2F%2Fadservice.google.com%2F
https://apxprogrammatic.netmng.com/conv/?aid=6158&cpid=306697125&ref=https%3A%2F%2Fadservice.google.com%2F

726 B
2 KB

445ms
46ms

Script
text/html

193.0.160.49
ROCKETFUEL

General

Check archive.org

Show headers Download Go to

Full URL: https://apxprogrammatic.netmng.com/conv/?aid=6158&cpid=306697125&ref=https%3A%2F%2Fadservice.google.com%2F
Requested by: Host: 4605991.fls.doubleclick.net
URL: https://4605991.fls.doubleclick.net/ddm/fls/r/dc_pre=COXP_bOtr-MCFUfT1QoddcUGvQ;src=4605991;type=hp_offer;cat=off_all;gtm=2wg6q1;gcldc=EAIaIQobChMIwfS5pa2v4wIVCYbVCh1hHAfOEAAYASAAEgIafPD_BwE;gclaw=EAIaIQobChMIwfS5pa2v4wIVCYbVCh1hHAfOEAAYASAAEgIafPD_BwE;auiddc=1160107375.1562933607;u16=undefined;u15=undefined;u1=gb_en;~oref=https:/www.alitalia.com/en_gb/offers.html%3FWT.mc_id=search_Google_BrandGeneric_UK&WT.srch=1&gclid=EAIaIQobChMIwfS5pa2v4wIVCYbVCh1hHAfOEAAYASAAEgIafPD_BwE&gclsrc=aw.ds
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 193.0.160.49 , United States, ASN54312 (ROCKETFUEL, US),
Reverse DNS
Software: nginx /
Resource Hash: 146e3af555835f125a3b02df8697d6d3ccf3b6a7298326206212b261527105ab

Request headers

Referer: https://4605991.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 10 Jul 2021 22:01:59 GMT
Last-Modified: Thu, 08 Jul 2021 22:01:59 GMT
Server: nginx
Transfer-Encoding: chunked
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa PSAa OUR BUS COM NAV"
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: keep-alive
Content-Type: text/html; charset=UTF-8
Expires: Thu, 08 Jul 2021 22:01:59 GMT

Redirect headers

Location: https://apxprogrammatic.netmng.com/conv/?aid=6158&cpid=306697125&ref=https%3A%2F%2Fadservice.google.com%2F
Date: Sat, 10 Jul 2021 22:01:58 GMT
Server: nginx
Connection: keep-alive
Content-Length: 154
Content-Type: text/html

GET
H2 200 ytc.js Show response
s.yimg.com/wi/ Frame 421A 15 KB
6 KB 22ms
7ms Script
application/javascript 2a00:1288:80:800::7001
YAHOO-DEB

General

Check archive.org

Show headers Download Go to

Full URL

https://s.yimg.com/wi/ytc.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1288:80:800::7001 Frankfurt am Main, Germany, ASN203220 (YAHOO-DEB, GB),

Reverse DNS

Software

ATS /

Resource Hash

b9e6c38b3493790e6525ba6715ad839211cab5db3ddc80c7f70f20f92679fee6

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://4605991.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

ats-carp-promotion: 1
date: Sat, 10 Jul 2021 21:49:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 776
x-amz-server-side-encryption: AES256
vary: Origin, Accept-Encoding
content-length: 5639
x-amz-id-2: B6F3GuCLJBjGeJY/0hU1AdUlFjbiHPY2EfgRi4w34blQggpBh7rMEHXjmnV7We0sKPhOErYLLio=
referrer-policy: no-referrer-when-downgrade
x-amz-expiration: expiry-date="Sat, 02 Jul 2022 00:00:00 GMT", rule-id="oath-standard-lifecycle"
last-modified: Thu, 27 May 2021 13:00:20 GMT
server: ATS
etag: "6de43f1c725d89777edaa2bc5d679ecb-df"
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=15552000
x-amz-request-id: 4NMH247JH8TYCFA9
x-xss-protection: 1; mode=block
cache-control: public,max-age=3600
x-amz-version-id: Bv0RNzsjZsSn6kGrZjdvdggYqc20u__d
accept-ranges: bytes
content-type: application/javascript

GET
H2 200 quant.js Show response
secure.quantserve.com/ Frame 421A 24 KB
9 KB 430ms
44ms Script
application/javascript 91.228.74.226
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.quantserve.com/quant.js
Requested by: Host: 4605991.fls.doubleclick.net
URL: https://4605991.fls.doubleclick.net/ddm/fls/r/dc_pre=COXP_bOtr-MCFUfT1QoddcUGvQ;src=4605991;type=hp_offer;cat=off_all;gtm=2wg6q1;gcldc=EAIaIQobChMIwfS5pa2v4wIVCYbVCh1hHAfOEAAYASAAEgIafPD_BwE;gclaw=EAIaIQobChMIwfS5pa2v4wIVCYbVCh1hHAfOEAAYASAAEgIafPD_BwE;auiddc=1160107375.1562933607;u16=undefined;u15=undefined;u1=gb_en;~oref=https:/www.alitalia.com/en_gb/offers.html%3FWT.mc_id=search_Google_BrandGeneric_UK&WT.srch=1&gclid=EAIaIQobChMIwfS5pa2v4wIVCYbVCh1hHAfOEAAYASAAEgIafPD_BwE&gclsrc=aw.ds
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 91.228.74.226 , United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: bba4d46952f094b62205fe06e4a78114cac5d934971925a4716ef40c33f96012

Request headers

Referer: https://4605991.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 10 Jul 2021 22:01:58 GMT
content-encoding: gzip
etag: "WhyxmPkT7L77qVDcrjxwGw=="
vary: Accept-Encoding
content-type: application/javascript
cache-control: private, max-age=604800
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
expires: Sat, 17 Jul 2021 22:01:58 GMT

GET sa.js
eu-ma.sam4m.com/2.0/site/undefined/analytics/ Frame 421A 0
0

GET
H/1.1

200
OK

Cookie set iu3 Show response
aax-eu.amazon-adsystem.com/s/ Frame 0A6B
Redirect Chain

https://aax-eu.amazon-adsystem.com/s/iu3?d=generic&ex-fargs=%3Fid%3D1cd23696-67af-92b0-02c8-fbb9008ce99b%26type%3D4%26m%3D35691&ex-fch=416613&ex-src=www.alitalia.com&ex-hargs=v%3D1.0%3Bc%3D47325675...
https://aax-eu.amazon-adsystem.com/s/iu3?d=generic&ex-fargs=%3Fid%3D1cd23696-67af-92b0-02c8-fbb9008ce99b%26type%3D4%26m%3D35691&ex-fch=416613&ex-src=www.alitalia.com&ex-hargs=v%3D1.0%3Bc%3D47325675...

64 B
760 B

206ms
206ms

Document
text/html

52.95.123.167
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://aax-eu.amazon-adsystem.com/s/iu3?d=generic&ex-fargs=%3Fid%3D1cd23696-67af-92b0-02c8-fbb9008ce99b%26type%3D4%26m%3D35691&ex-fch=416613&ex-src=www.alitalia.com&ex-hargs=v%3D1.0%3Bc%3D4732567590802%3Bp%3D1CD23696-67AF-92B0-02C8-FBB9008CE99B&cb=327627923747403600&dcc=t
Requested by: Host: 4605991.fls.doubleclick.net
URL: https://4605991.fls.doubleclick.net/ddm/fls/r/dc_pre=COXP_bOtr-MCFUfT1QoddcUGvQ;src=4605991;type=hp_offer;cat=off_all;gtm=2wg6q1;gcldc=EAIaIQobChMIwfS5pa2v4wIVCYbVCh1hHAfOEAAYASAAEgIafPD_BwE;gclaw=EAIaIQobChMIwfS5pa2v4wIVCYbVCh1hHAfOEAAYASAAEgIafPD_BwE;auiddc=1160107375.1562933607;u16=undefined;u15=undefined;u1=gb_en;~oref=https:/www.alitalia.com/en_gb/offers.html%3FWT.mc_id=search_Google_BrandGeneric_UK&WT.srch=1&gclid=EAIaIQobChMIwfS5pa2v4wIVCYbVCh1hHAfOEAAYASAAEgIafPD_BwE&gclsrc=aw.ds
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.95.123.167 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Server /
Resource Hash: f17fe415b91a13ea86b93344389e18c996384323ca3c2f4267b18c96b8314a12

Request headers

Host: aax-eu.amazon-adsystem.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://4605991.fls.doubleclick.net/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: ad-id=Ax6V7AkOxk1FmAAx2TQTbps|t
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://4605991.fls.doubleclick.net/

Response headers

Server: Server
Date: Sat, 10 Jul 2021 22:01:58 GMT
Content-Type: text/html;charset=ISO-8859-1
Content-Length: 64
Connection: keep-alive
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Set-Cookie: ad-id=Ax6V7AkOxk1FmAAx2TQTbps; Domain=.amazon-adsystem.com; Expires=Fri, 01-Apr-2022 22:01:58 GMT; Path=/; Secure; HttpOnly; SameSite=None ad-privacy=0; Domain=.amazon-adsystem.com; Expires=Thu, 01-Oct-2026 22:01:58 GMT; Path=/; Secure; HttpOnly; SameSite=None
Vary: User-Agent

Redirect headers

Server: Server
Date: Sat, 10 Jul 2021 22:01:58 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location: https://aax-eu.amazon-adsystem.com/s/iu3?d=generic&ex-fargs=%3Fid%3D1cd23696-67af-92b0-02c8-fbb9008ce99b%26type%3D4%26m%3D35691&ex-fch=416613&ex-src=www.alitalia.com&ex-hargs=v%3D1.0%3Bc%3D4732567590802%3Bp%3D1CD23696-67AF-92B0-02C8-FBB9008CE99B&cb=327627923747403600&dcc=t
Set-Cookie: ad-id=Ax6V7AkOxk1FmAAx2TQTbps|t; Domain=.amazon-adsystem.com; Expires=Fri, 01-Apr-2022 22:01:58 GMT; Path=/; Secure; HttpOnly; SameSite=None
Vary: User-Agent

GET
H2 200 tc.min.js Show response
c1.rfihub.net/js/ Frame 421A 19 KB
6 KB 31ms
6ms Script
application/x-javascript 2600:9000:21f3:3400:1:76cf:fe80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c1.rfihub.net/js/tc.min.js
Requested by: Host: 4605991.fls.doubleclick.net
URL: https://4605991.fls.doubleclick.net/ddm/fls/r/dc_pre=COXP_bOtr-MCFUfT1QoddcUGvQ;src=4605991;type=hp_offer;cat=off_all;gtm=2wg6q1;gcldc=EAIaIQobChMIwfS5pa2v4wIVCYbVCh1hHAfOEAAYASAAEgIafPD_BwE;gclaw=EAIaIQobChMIwfS5pa2v4wIVCYbVCh1hHAfOEAAYASAAEgIafPD_BwE;auiddc=1160107375.1562933607;u16=undefined;u15=undefined;u1=gb_en;~oref=https:/www.alitalia.com/en_gb/offers.html%3FWT.mc_id=search_Google_BrandGeneric_UK&WT.srch=1&gclid=EAIaIQobChMIwfS5pa2v4wIVCYbVCh1hHAfOEAAYASAAEgIafPD_BwE&gclsrc=aw.ds
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:21f3:3400:1:76cf:fe80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Jetty(9.3.29.v20201019) /
Resource Hash: 7ef97b12890fc6fee67f869c6e1f74b6719de7d66ac0d649c8d7386a80b4c30f

Request headers

Referer: https://4605991.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 10 Jul 2021 21:32:47 GMT
content-encoding: gzip
last-modified: Sat, 10 Jul 2021 21:32:37 GMT
server: Jetty(9.3.29.v20201019)
age: 1751
x-cache: Hit from cloudfront
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
via: 1.1 6fa33d47af6f4da7007689083cfe9b9c.cloudfront.net (CloudFront)
cache-control: public, max-age=3600
x-amz-cf-pop: FRA2-C2
content-type: application/x-javascript
content-length: 6162
x-amz-cf-id: bqWnJEDqL2WH2QM737rPLfvB7Y16N2uQ0APVw8ukITLyj1sHIIllgA==
expires: Sat, 10 Jul 2021 22:32:47 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/1035319983/ Frame 421A 3 KB
1 KB 22ms
21ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1035319983/?random=1625954518343&cv=9&fst=1625954518343&num=1&guid=ON&resp=GooglemKTybQhCsO&eid=2505059650&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&sendb=1&ig=1&data=flight_destid%3D%3Bflight_originid%3D%3Bflight_startdate%3D%3Bflight_pagetype%3DSO%3Bflight_enddate%3D&frm=1&url=https%3A%2F%2F4605991.fls.doubleclick.net%2Factivityi%3Bdc_pre%3DCOXP_bOtr-MCFUfT1QoddcUGvQ%3Bsrc%3D4605991%3Btype%3Dhp_offer%3Bcat%3Doff_all%3Bgtm%3D2wg6q1%3Bgcldc%3DEAIaIQobChMIwfS5pa2v4wIVCYbVCh1hHAfOEAAYASAAEgIafPD_BwE%3Bgclaw%3DEAIaIQobChMIwfS5pa2v4wIVCYbVCh1hHAfOEAAYASAAEgIafPD_BwE%3Bauiddc%3D1160107375.1562933607%3Bu16%3Dundefined%3Bu15%3Dundefined%3Bu1%3Dgb_en%3B~oref%3Dhttps%3A%2Fwww.alitalia.com%2Fen_gb%2Foffers.html%253FWT.mc_id%3Dsearch_Google_BrandGeneric_UK%26WT.srch%3D1%26gclid%3DEAIaIQobChMIwfS5pa2v4wIVCYbVCh1hHAfOEAAYASAAEgIafPD_BwE%26gclsrc%3Daw.ds&ref=https%3A%2F%2Fadservice.google.com%2F&hn=www.googleadservices.com&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ebf5a3be758e1579c639a4600e3e5184bb2dce6b897ce479643d94aff9b79151

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://4605991.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 10 Jul 2021 22:01:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1316
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/1033758791/ Frame 421A 3 KB
1 KB 22ms
22ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1033758791/?random=1625954518350&cv=9&fst=1625954518343&num=2&label=WGZ1CKbpvFgQx9D37AM&guid=ON&resp=GooglemKTybQhCsO&eid=2505059651&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&sendb=1&ig=1&data=flight_destid%3D%3Bflight_originid%3D%3Bflight_startdate%3D%3Bflight_pagetype%3DSO%3Bflight_enddate%3D&frm=1&url=https%3A%2F%2F4605991.fls.doubleclick.net%2Factivityi%3Bdc_pre%3DCOXP_bOtr-MCFUfT1QoddcUGvQ%3Bsrc%3D4605991%3Btype%3Dhp_offer%3Bcat%3Doff_all%3Bgtm%3D2wg6q1%3Bgcldc%3DEAIaIQobChMIwfS5pa2v4wIVCYbVCh1hHAfOEAAYASAAEgIafPD_BwE%3Bgclaw%3DEAIaIQobChMIwfS5pa2v4wIVCYbVCh1hHAfOEAAYASAAEgIafPD_BwE%3Bauiddc%3D1160107375.1562933607%3Bu16%3Dundefined%3Bu15%3Dundefined%3Bu1%3Dgb_en%3B~oref%3Dhttps%3A%2Fwww.alitalia.com%2Fen_gb%2Foffers.html%253FWT.mc_id%3Dsearch_Google_BrandGeneric_UK%26WT.srch%3D1%26gclid%3DEAIaIQobChMIwfS5pa2v4wIVCYbVCh1hHAfOEAAYASAAEgIafPD_BwE%26gclsrc%3Daw.ds&ref=https%3A%2F%2Fadservice.google.com%2F&hn=www.googleadservices.com&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef263f262689cf1c15d7f53c7b08c5623dffb5b39f6acfb427b1eb5b6716190d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://4605991.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 10 Jul 2021 22:01:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1369
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 event Show response
sslwidget.criteo.com/ Frame 421A 1 KB
1 KB 115ms
44ms Script
application/x-javascript 178.250.2.151
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://sslwidget.criteo.com/event?a=19068&v=5.7.1&p0=e%3Dexd%26site_type%3Dd%26ref%3Dhttps%253A%252F%252Fadservice.google.com&p1=e%3Dvh&p2=e%3Ddis&tld=4605991.fls.doubleclick.net&dtycbr=54058
Requested by: Host: static.criteo.net
URL: https://static.criteo.net/js/ld/ld.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.2.151 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: adc122ef897132ff02987ecf6a4f01726ba7def1e20c782a8897e8648edfb490

Request headers

Referer: https://4605991.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 10 Jul 2021 22:01:58 GMT
content-encoding: gzip
server: Microsoft-IIS/10.0
timing-allow-origin: *
x-powered-by: ASP.NET
vary: Accept-Encoding
p3p: NON DSP COR CURa PSA PSD OUR BUS NAV STA
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 18669
content-type: application/x-javascript
content-length: 863
expires: 0

GET
H2 200 syncframe Show response
gum.criteo.com/ Frame 0F00 291 B
591 B 72ms
22ms Document
text/html 2a02:2638::1c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/syncframe?topUrl=4605991.fls.doubleclick.net&origin=onetag

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/ld.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::1c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

baf437304d79006a4f050b871807483c921e783a2a91808ad4b8f77802cde740

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

:method: GET
:authority: gum.criteo.com
:scheme: https
:path: /syncframe?topUrl=4605991.fls.doubleclick.net&origin=onetag
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://4605991.fls.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://4605991.fls.doubleclick.net/

Response headers

cache-control: private, max-age=0
content-type: text/html; charset=utf-8
content-encoding: gzip
vary: Accept-Encoding
strict-transport-security: max-age=31536000
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
server-processing-duration-in-ticks: 1646
date: Sat, 10 Jul 2021 22:01:57 GMT
content-length: 321

GET
H2 200 10067142.json Show response
s.yimg.com/wi/config/ Frame 421A 2 B
457 B 24ms
11ms XHR
application/json 2a00:1288:80:800::7001
YAHOO-DEB

General

Check archive.org

Show headers Download Go to

Full URL

https://s.yimg.com/wi/config/10067142.json

Requested by

Host: s.yimg.com
URL: https://s.yimg.com/wi/ytc.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1288:80:800::7001 Frankfurt am Main, Germany, ASN203220 (YAHOO-DEB, GB),

Reverse DNS

Software

ATS /

Resource Hash

44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://4605991.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 10 Jul 2021 21:38:14 GMT
x-content-type-options: nosniff
age: 1424
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: 04S5F77S0VSHGB0J
x-amz-id-2: z9BG1gxG74awXOSPhA4e0HDF8AKQIJAAR7B6QnDVYYk13VFI7NQHNjswT1uGVu3Qt7seWzgf78U=
referrer-policy: no-referrer-when-downgrade
server: ATS
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=15552000
access-control-allow-methods: GET
content-type: application/json
access-control-allow-origin: *
x-xss-protection: 1; mode=block
cache-control: public,max-age=3600
content-length: 2

GET
H/1.1 200
OK Cookie set ca.html Show response
20740829p.rfihub.com/ Frame AC3B 3 KB
4 KB 181ms
41ms Document
text/html 193.0.160.129
ROCKETFUEL

General

Check archive.org

Show headers Download Go to

Full URL: https://20740829p.rfihub.com/ca.html?ver=9&rb=26997&ca=20740829&_o=26997&_t=20740829&pe=https%3A%2F%2F4605991.fls.doubleclick.net%2Fddm%2Ffls%2Fr%2Fdc_pre%3DCOXP_bOtr-MCFUfT1QoddcUGvQ%3Bsrc%3D4605991%3Btype%3Dhp_offer%3Bcat%3Doff_all%3Bgtm%3D2wg6q1%3Bgcldc%3DEAIaIQobChMIwfS5pa2v4wIVCYbVCh1hHAfOEAAYASAAEgIafPD_BwE%3Bgclaw%3DEAIaIQobChMIwfS5pa2v4wIVCYbVCh1hHAfOEAAYASAAEgIafPD_BwE%3Bauiddc%3D1160107375.1562933607%3Bu16%3Dundefined%3Bu15%3Dundefined%3Bu1%3Dgb_en%3B%7Eoref%3Dhttps%3A%2Fwww.alitalia.com%2Fen_gb%2Foffers.html%253FWT.mc_id%3Dsearch_Google_BrandGeneric_UK%26WT.srch%3D1%26gclid%3DEAIaIQobChMIwfS5pa2v4wIVCYbVCh1hHAfOEAAYASAAEgIafPD_BwE%26gclsrc%3Daw.ds&pf=https%3A%2F%2Fadservice.google.com%2F&ra=4995958545197192
Requested by: Host: c1.rfihub.net
URL: https://c1.rfihub.net/js/tc.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_CBC
Server: 193.0.160.129 , United States, ASN54312 (ROCKETFUEL, US),
Reverse DNS
Software: Jetty(9.3.29.v20201019) /
Resource Hash: 2061e392c47614e1fcfefebbf82e3a2d726fdee6bfd40c0339699bd8d68ae10e

Request headers

Host: 20740829p.rfihub.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://4605991.fls.doubleclick.net/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://4605991.fls.doubleclick.net/

Response headers

Date: Sat, 10 Jul 2021 22:01:58 GMT
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: rud=H4sIAAAAAAAAAOMSNrQwN7UwtDQzMjQyszA3MTAzMxTiM9TNssj083EKyC2K0g2V4jU0MzK1NDUxNbQwNTECAEGtO_Y0AAAA; Path=/; Domain=.rfihub.com; Expires=Thu, 4 Aug 2022 22:01:58 GMT; Secure; SameSite=None ruds=H4sIAAAAAAAAAOMSNrQwN7UwtDQzMjQyszA3MTAzMxTiM9TNssj083EKyC2K0g0FAN6j2OslAAAA; Path=/; Domain=.rfihub.com; Secure; SameSite=None eud=H4sIAAAAAAAAAJvFyGtoZmRqaWpiamgBJFah8U-h8V-h8X-h8ScxofJnofEXofFXofE3ofF3ofE_oetnQeXfQuNvYkUzjxvN_Wj8RcKo_EdofACHPXNeMAEAAA; Path=/; Domain=.rfihub.com; Expires=Thu, 4 Aug 2022 22:01:58 GMT; Secure; SameSite=None
Cache-Control: no-cache
Content-Type: text/html;charset=utf-8
Content-Length: 2938
Server: Jetty(9.3.29.v20201019)

GET
H2 200 /
www.google.com/pagead/1p-user-list/1035319983/ Frame 421A 42 B
138 B 18ms
17ms Image
image/gif 2a00:1450:4001:808::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/1035319983/?random=1625954518343&cv=9&fst=1625954400000&num=1&guid=ON&eid=2505059650&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&sendb=1&data=flight_destid%3D%3Bflight_originid%3D%3Bflight_startdate%3D%3Bflight_pagetype%3DSO%3Bflight_enddate%3D&frm=1&url=https%3A%2F%2F4605991.fls.doubleclick.net%2Factivityi%3Bdc_pre%3DCOXP_bOtr-MCFUfT1QoddcUGvQ%3Bsrc%3D4605991%3Btype%3Dhp_offer%3Bcat%3Doff_all%3Bgtm%3D2wg6q1%3Bgcldc%3DEAIaIQobChMIwfS5pa2v4wIVCYbVCh1hHAfOEAAYASAAEgIafPD_BwE%3Bgclaw%3DEAIaIQobChMIwfS5pa2v4wIVCYbVCh1hHAfOEAAYASAAEgIafPD_BwE%3Bauiddc%3D1160107375.1562933607%3Bu16%3Dundefined%3Bu15%3Dundefined%3Bu1%3Dgb_en%3B~oref%3Dhttps%3A%2Fwww.alitalia.com%2Fen_gb%2Foffers.html%253FWT.mc_id%3Dsearch_Google_BrandGeneric_UK%26WT.srch%3D1%26gclid%3DEAIaIQobChMIwfS5pa2v4wIVCYbVCh1hHAfOEAAYASAAEgIafPD_BwE%26gclsrc%3Daw.ds&ref=https%3A%2F%2Fadservice.google.com%2F&fmt=3&is_vtc=1&random=622994906&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://4605991.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 10 Jul 2021 22:01:58 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/1035319983/ Frame 421A 42 B
108 B 18ms
17ms Image
image/gif 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/1035319983/?random=1625954518343&cv=9&fst=1625954400000&num=1&guid=ON&eid=2505059650&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&sendb=1&data=flight_destid%3D%3Bflight_originid%3D%3Bflight_startdate%3D%3Bflight_pagetype%3DSO%3Bflight_enddate%3D&frm=1&url=https%3A%2F%2F4605991.fls.doubleclick.net%2Factivityi%3Bdc_pre%3DCOXP_bOtr-MCFUfT1QoddcUGvQ%3Bsrc%3D4605991%3Btype%3Dhp_offer%3Bcat%3Doff_all%3Bgtm%3D2wg6q1%3Bgcldc%3DEAIaIQobChMIwfS5pa2v4wIVCYbVCh1hHAfOEAAYASAAEgIafPD_BwE%3Bgclaw%3DEAIaIQobChMIwfS5pa2v4wIVCYbVCh1hHAfOEAAYASAAEgIafPD_BwE%3Bauiddc%3D1160107375.1562933607%3Bu16%3Dundefined%3Bu15%3Dundefined%3Bu1%3Dgb_en%3B~oref%3Dhttps%3A%2Fwww.alitalia.com%2Fen_gb%2Foffers.html%253FWT.mc_id%3Dsearch_Google_BrandGeneric_UK%26WT.srch%3D1%26gclid%3DEAIaIQobChMIwfS5pa2v4wIVCYbVCh1hHAfOEAAYASAAEgIafPD_BwE%26gclsrc%3Daw.ds&ref=https%3A%2F%2Fadservice.google.com%2F&fmt=3&is_vtc=1&random=622994906&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://4605991.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 10 Jul 2021 22:01:58 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/1033758791/ Frame 421A 42 B
108 B 17ms
17ms Image
image/gif 2a00:1450:4001:808::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/1033758791/?random=1625954518350&cv=9&fst=1625954400000&num=2&label=WGZ1CKbpvFgQx9D37AM&guid=ON&eid=2505059651&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&sendb=1&data=flight_destid%3D%3Bflight_originid%3D%3Bflight_startdate%3D%3Bflight_pagetype%3DSO%3Bflight_enddate%3D&frm=1&url=https%3A%2F%2F4605991.fls.doubleclick.net%2Factivityi%3Bdc_pre%3DCOXP_bOtr-MCFUfT1QoddcUGvQ%3Bsrc%3D4605991%3Btype%3Dhp_offer%3Bcat%3Doff_all%3Bgtm%3D2wg6q1%3Bgcldc%3DEAIaIQobChMIwfS5pa2v4wIVCYbVCh1hHAfOEAAYASAAEgIafPD_BwE%3Bgclaw%3DEAIaIQobChMIwfS5pa2v4wIVCYbVCh1hHAfOEAAYASAAEgIafPD_BwE%3Bauiddc%3D1160107375.1562933607%3Bu16%3Dundefined%3Bu15%3Dundefined%3Bu1%3Dgb_en%3B~oref%3Dhttps%3A%2Fwww.alitalia.com%2Fen_gb%2Foffers.html%253FWT.mc_id%3Dsearch_Google_BrandGeneric_UK%26WT.srch%3D1%26gclid%3DEAIaIQobChMIwfS5pa2v4wIVCYbVCh1hHAfOEAAYASAAEgIafPD_BwE%26gclsrc%3Daw.ds&ref=https%3A%2F%2Fadservice.google.com%2F&fmt=3&is_vtc=1&random=2097695104&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://4605991.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 10 Jul 2021 22:01:58 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/1033758791/ Frame 421A 42 B
108 B 18ms
17ms Image
image/gif 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/1033758791/?random=1625954518350&cv=9&fst=1625954400000&num=2&label=WGZ1CKbpvFgQx9D37AM&guid=ON&eid=2505059651&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&sendb=1&data=flight_destid%3D%3Bflight_originid%3D%3Bflight_startdate%3D%3Bflight_pagetype%3DSO%3Bflight_enddate%3D&frm=1&url=https%3A%2F%2F4605991.fls.doubleclick.net%2Factivityi%3Bdc_pre%3DCOXP_bOtr-MCFUfT1QoddcUGvQ%3Bsrc%3D4605991%3Btype%3Dhp_offer%3Bcat%3Doff_all%3Bgtm%3D2wg6q1%3Bgcldc%3DEAIaIQobChMIwfS5pa2v4wIVCYbVCh1hHAfOEAAYASAAEgIafPD_BwE%3Bgclaw%3DEAIaIQobChMIwfS5pa2v4wIVCYbVCh1hHAfOEAAYASAAEgIafPD_BwE%3Bauiddc%3D1160107375.1562933607%3Bu16%3Dundefined%3Bu15%3Dundefined%3Bu1%3Dgb_en%3B~oref%3Dhttps%3A%2Fwww.alitalia.com%2Fen_gb%2Foffers.html%253FWT.mc_id%3Dsearch_Google_BrandGeneric_UK%26WT.srch%3D1%26gclid%3DEAIaIQobChMIwfS5pa2v4wIVCYbVCh1hHAfOEAAYASAAEgIafPD_BwE%26gclsrc%3Daw.ds&ref=https%3A%2F%2Fadservice.google.com%2F&fmt=3&is_vtc=1&random=2097695104&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://4605991.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 10 Jul 2021 22:01:58 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 track
t.teads.tv/ Frame 421A 23 B
143 B 177ms
69ms Image
image/gif 2.18.232.7
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://t.teads.tv/track?action=pageView&env=js-web&advertiser_id=13731&referer=https%3A%2F%2F4605991.fls.doubleclick.net%2Factivityi%3Bdc_pre%3DCOXP_bOtr-MCFUfT1QoddcUGvQ%3Bsrc%3D4605991%3Btype%3Dhp_offer%3Bcat%3Doff_all%3Bgtm%3D2wg6q1%3Bgcldc%3DEAIaIQobChMIwfS5pa2v4wIVCYbVCh1hHAfOEAAYASAAEgIafPD_BwE%3Bgclaw%3DEAIaIQobChMIwfS5pa2v4wIVCYbVCh1hHAfOEAAYASAAEgIafPD_BwE%3Bauiddc%3D1160107375.1562933607%3Bu16%3Dundefined%3Bu15%3Dundefined%3Bu1%3Dgb_en%3B~oref%3Dhttps%3A%2Fwww.alitalia.com%2Fen_gb%2Foffers.html%253FWT.mc_id%3Dsearch_Google_BrandGeneric_UK%26WT.srch%3D1%26gclid%3DEAIaIQobChMIwfS5pa2v4wIVCYbVCh1hHAfOEAAYASAAEgIafPD_BwE%26gclsrc%3Daw.ds
Requested by: Host: 4605991.fls.doubleclick.net
URL: https://4605991.fls.doubleclick.net/ddm/fls/r/dc_pre=COXP_bOtr-MCFUfT1QoddcUGvQ;src=4605991;type=hp_offer;cat=off_all;gtm=2wg6q1;gcldc=EAIaIQobChMIwfS5pa2v4wIVCYbVCh1hHAfOEAAYASAAEgIafPD_BwE;gclaw=EAIaIQobChMIwfS5pa2v4wIVCYbVCh1hHAfOEAAYASAAEgIafPD_BwE;auiddc=1160107375.1562933607;u16=undefined;u15=undefined;u1=gb_en;~oref=https:/www.alitalia.com/en_gb/offers.html%3FWT.mc_id=search_Google_BrandGeneric_UK&WT.srch=1&gclid=EAIaIQobChMIwfS5pa2v4wIVCYbVCh1hHAfOEAAYASAAEgIafPD_BwE&gclsrc=aw.ds
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.18.232.7 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-232-7.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

Referer: https://4605991.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 10 Jul 2021 22:01:58 GMT
cache-control: max-age=0, no-cache, no-store
expires: Sat, 26 Jul 1997 05:00:00 GMT
content-length: 23
content-type: image/gif

GET
H/1.1

200
OK

cm
a.rfihub.com/ Frame AC3B
Redirect Chain

https://cm.g.doubleclick.net/pixel?&in=0&google_nid=zeta_interactive&google_cm=&google_sc=&google_hm=MTg3NTgxOTYyMTI2ODc0MDY2MQ==&forward=
https://a.rfihub.com/cm?pub=445&in=0&forward=&google_gid=CAESEH7Rg4F0c_F8dzRFr1Ph8Ak&google_cver=1

42 B
1 KB

145ms
37ms

Image
image/gif

193.0.160.129
ROCKETFUEL

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://a.rfihub.com/cm?pub=445&in=0&forward=&google_gid=CAESEH7Rg4F0c_F8dzRFr1Ph8Ak&google_cver=1
Requested by: Host: 4605991.fls.doubleclick.net
URL: https://4605991.fls.doubleclick.net/ddm/fls/r/dc_pre=COXP_bOtr-MCFUfT1QoddcUGvQ;src=4605991;type=hp_offer;cat=off_all;gtm=2wg6q1;gcldc=EAIaIQobChMIwfS5pa2v4wIVCYbVCh1hHAfOEAAYASAAEgIafPD_BwE;gclaw=EAIaIQobChMIwfS5pa2v4wIVCYbVCh1hHAfOEAAYASAAEgIafPD_BwE;auiddc=1160107375.1562933607;u16=undefined;u15=undefined;u1=gb_en;~oref=https:/www.alitalia.com/en_gb/offers.html%3FWT.mc_id=search_Google_BrandGeneric_UK&WT.srch=1&gclid=EAIaIQobChMIwfS5pa2v4wIVCYbVCh1hHAfOEAAYASAAEgIafPD_BwE&gclsrc=aw.ds
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_CBC
Server: 193.0.160.129 , United States, ASN54312 (ROCKETFUEL, US),
Reverse DNS
Software: Jetty(9.3.29.v20201019) /
Resource Hash: 47043e4823a6c21a8881de789b4185355330b5804629d23f6b43dd93f5265292

Request headers

Referer: https://20740829p.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 10 Jul 2021 22:01:58 GMT
Cache-Control: no-cache
Server: Jetty(9.3.29.v20201019)
Content-Type: image/gif
Content-Length: 42
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

Redirect headers

pragma: no-cache
date: Sat, 10 Jul 2021 22:01:58 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://a.rfihub.com/cm?pub=445&in=0&forward=&google_gid=CAESEH7Rg4F0c_F8dzRFr1Ph8Ak&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 311
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

bounce
ib.adnxs.com/ Frame AC3B
Redirect Chain

https://ib.adnxs.com/setuid?entity=18&code=1875819621268740661
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D18%26code%3D1875819621268740661

43 B
1 KB

27ms
27ms

Image
image/gif

37.252.173.22
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D18%26code%3D1875819621268740661

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.173.22 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

536.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://20740829p.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 10 Jul 2021 22:01:58 GMT
X-Proxy-Origin: 5.253.207.212; 5.253.207.212; 536.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid: b614bdea-eca1-4f6b-893f-e2f69bbcc90c
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Sat, 10 Jul 2021 22:01:58 GMT
X-Proxy-Origin: 5.253.207.212; 5.253.207.212; 536.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid: 66d62259-9805-45d6-96e1-2c1d5828a8d1
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D18%26code%3D1875819621268740661
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1

200
OK

cm
p.rfihub.com/ Frame AC3B
Redirect Chain

https://stags.bluekai.com/site/4722?id=1875819621268740661&redir=https%3A%2F%2Fp.rfihub.com%2Fcm%3Fbk_uuid%3D%24_BK_UUID%26forward%3D
https://p.rfihub.com/cm?bk_uuid=8ZE2%2Fx9999YAYroQ&forward=

42 B
990 B

207ms
39ms

Image
image/gif

193.0.160.129
ROCKETFUEL

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://p.rfihub.com/cm?bk_uuid=8ZE2%2Fx9999YAYroQ&forward=
Requested by: Host: 4605991.fls.doubleclick.net
URL: https://4605991.fls.doubleclick.net/ddm/fls/r/dc_pre=COXP_bOtr-MCFUfT1QoddcUGvQ;src=4605991;type=hp_offer;cat=off_all;gtm=2wg6q1;gcldc=EAIaIQobChMIwfS5pa2v4wIVCYbVCh1hHAfOEAAYASAAEgIafPD_BwE;gclaw=EAIaIQobChMIwfS5pa2v4wIVCYbVCh1hHAfOEAAYASAAEgIafPD_BwE;auiddc=1160107375.1562933607;u16=undefined;u15=undefined;u1=gb_en;~oref=https:/www.alitalia.com/en_gb/offers.html%3FWT.mc_id=search_Google_BrandGeneric_UK&WT.srch=1&gclid=EAIaIQobChMIwfS5pa2v4wIVCYbVCh1hHAfOEAAYASAAEgIafPD_BwE&gclsrc=aw.ds
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_CBC
Server: 193.0.160.129 , United States, ASN54312 (ROCKETFUEL, US),
Reverse DNS
Software: Jetty(9.3.29.v20201019) /
Resource Hash: 47043e4823a6c21a8881de789b4185355330b5804629d23f6b43dd93f5265292

Request headers

Referer: https://20740829p.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 10 Jul 2021 22:01:59 GMT
Cache-Control: no-cache
Server: Jetty(9.3.29.v20201019)
Content-Type: image/gif
Content-Length: 42
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

Redirect headers

Location: https://p.rfihub.com/cm?bk_uuid=8ZE2%2Fx9999YAYroQ&forward=
Date: Sat, 10 Jul 2021 22:01:58 GMT
Connection: keep-alive
Content-Length: 0
BK-Server: 3b51
P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"

GET
H/1.1 204
No Content tap.php
pixel.rubiconproject.com/ Frame AC3B 0
239 B 115ms
28ms Image
image/gif 69.173.144.165
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=13490&nid=2596&put=1875819621268740661
Requested by: Host: 4605991.fls.doubleclick.net
URL: https://4605991.fls.doubleclick.net/ddm/fls/r/dc_pre=COXP_bOtr-MCFUfT1QoddcUGvQ;src=4605991;type=hp_offer;cat=off_all;gtm=2wg6q1;gcldc=EAIaIQobChMIwfS5pa2v4wIVCYbVCh1hHAfOEAAYASAAEgIafPD_BwE;gclaw=EAIaIQobChMIwfS5pa2v4wIVCYbVCh1hHAfOEAAYASAAEgIafPD_BwE;auiddc=1160107375.1562933607;u16=undefined;u15=undefined;u1=gb_en;~oref=https:/www.alitalia.com/en_gb/offers.html%3FWT.mc_id=search_Google_BrandGeneric_UK&WT.srch=1&gclid=EAIaIQobChMIwfS5pa2v4wIVCYbVCh1hHAfOEAAYASAAEgIafPD_BwE&gclsrc=aw.ds
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 69.173.144.165 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://20740829p.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: 78e3bdce5107450057bade54d54a0a7e
Content-Type: image/gif

GET
H/1.1

200
OK

demconf.jpg
dpm.demdex.net/ Frame AC3B
Redirect Chain

https://dpm.demdex.net/ibs:dpid=1121&dpuuid=1875819621268740661&redir=
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=1121&dpuuid=1875819621268740661&redir=

42 B
956 B

55ms
51ms

Image
image/gif

54.171.168.191
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=1121&dpuuid=1875819621268740661&redir=

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.171.168.191 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-54-171-168-191.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: https://20740829p.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

DCS: dcs-prod-irl1-1-v012-075923402.edge-irl1.demdex.com 6.3.1.20210623115127
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: 3z/1T0+QRSQ=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

DCS: dcs-prod-irl1-2-v012-0ade9229d.edge-irl1.demdex.com 6.3.1.20210623115127
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: iL7KNrBbQSQ=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Location: https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=1121&dpuuid=1875819621268740661&redir=
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame AC3B
Redirect Chain

https://dsum-sec.casalemedia.com/rum?cm_dsp_id=57&external_user_id=1875819621268740661&forward=
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=57&external_user_id=1875819621268740661&forward=&C=1

43 B
1006 B

46ms
46ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=57&external_user_id=1875819621268740661&forward=&C=1
Requested by: Host: 4605991.fls.doubleclick.net
URL: https://4605991.fls.doubleclick.net/ddm/fls/r/dc_pre=COXP_bOtr-MCFUfT1QoddcUGvQ;src=4605991;type=hp_offer;cat=off_all;gtm=2wg6q1;gcldc=EAIaIQobChMIwfS5pa2v4wIVCYbVCh1hHAfOEAAYASAAEgIafPD_BwE;gclaw=EAIaIQobChMIwfS5pa2v4wIVCYbVCh1hHAfOEAAYASAAEgIafPD_BwE;auiddc=1160107375.1562933607;u16=undefined;u15=undefined;u1=gb_en;~oref=https:/www.alitalia.com/en_gb/offers.html%3FWT.mc_id=search_Google_BrandGeneric_UK&WT.srch=1&gclid=EAIaIQobChMIwfS5pa2v4wIVCYbVCh1hHAfOEAAYASAAEgIafPD_BwE&gclsrc=aw.ds
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://20740829p.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 10 Jul 2021 22:01:58 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Sat, 10 Jul 2021 22:01:58 GMT

Redirect headers

Pragma: no-cache
Date: Sat, 10 Jul 2021 22:01:58 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=57&external_user_id=1875819621268740661&forward=&C=1
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: text/html; charset=iso-8859-1
Content-Length: 295
Expires: Sat, 10 Jul 2021 22:01:58 GMT

GET
H2 204 v1
ads.yahoo.com/cms/ Frame AC3B 0
300 B 19ms
7ms Image
text/plain 2a00:1288:80:800::7001
YAHOO-DEB

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ads.yahoo.com/cms/v1?esig=1~84c296ca4cae9f73fbcc48363a3cd4cd34be98f5&nwid=10000648372&sigv=1

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1288:80:800::7001 Frankfurt am Main, Germany, ASN203220 (YAHOO-DEB, GB),

Reverse DNS

Software

ATS /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://20740829p.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 10 Jul 2021 22:01:58 GMT
cache-control: no-store
x-content-type-options: nosniff
server: ATS
strict-transport-security: max-age=15552000
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-xss-protection: 1; mode=block

GET
H2 200 360947.gif
idsync.rlcdn.com/ Frame AC3B 42 B
417 B 99ms
35ms Image
image/gif 35.244.174.68
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://idsync.rlcdn.com/360947.gif?partner_uid=1875819621268740661
Requested by: Host: 4605991.fls.doubleclick.net
URL: https://4605991.fls.doubleclick.net/ddm/fls/r/dc_pre=COXP_bOtr-MCFUfT1QoddcUGvQ;src=4605991;type=hp_offer;cat=off_all;gtm=2wg6q1;gcldc=EAIaIQobChMIwfS5pa2v4wIVCYbVCh1hHAfOEAAYASAAEgIafPD_BwE;gclaw=EAIaIQobChMIwfS5pa2v4wIVCYbVCh1hHAfOEAAYASAAEgIafPD_BwE;auiddc=1160107375.1562933607;u16=undefined;u15=undefined;u1=gb_en;~oref=https:/www.alitalia.com/en_gb/offers.html%3FWT.mc_id=search_Google_BrandGeneric_UK&WT.srch=1&gclid=EAIaIQobChMIwfS5pa2v4wIVCYbVCh1hHAfOEAAYASAAEgIafPD_BwE&gclsrc=aw.ds
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.174.68 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 68.174.244.35.bc.googleusercontent.com
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://20740829p.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 10 Jul 2021 22:01:58 GMT
via: 1.1 google
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
cache-control: no-cache, no-store
content-type: image/gif
alt-svc: clear
content-length: 42

GET
H2 200 rocketfuel_sync
x.dlx.addthis.com/e/ Frame AC3B 43 B
191 B 255ms
190ms Image
image/gif 23.37.43.59
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://x.dlx.addthis.com/e/rocketfuel_sync?na_exid=1875819621268740661

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.37.43.59 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-37-43-59.deploy.static.akamaitechnologies.com

Software

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=2628000

Request headers

Referer: https://20740829p.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 10 Jul 2021 22:01:58 GMT
cache-control: max-age=0, no-cache, no-store
expires: Sat, 10 Jul 2021 22:01:58 GMT
content-length: 43
strict-transport-security: max-age=2628000
content-type: image/gif

GET
H/1.1

200

partner
sync.search.spotxchange.com/ Frame AC3B
Redirect Chain

https://sync.search.spotxchange.com/partner?adv_id=7180&uid=1875819621268740661&img=1
https://sync.search.spotxchange.com/partner?adv_id=7180&uid=1875819621268740661&img=1&__user_check__=1&sync_id=7299fb22-e1ca-11eb-8358-19da87bf0506

43 B
548 B

40ms
40ms

Image
image/gif

185.94.180.126
SPOTX-AMS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.search.spotxchange.com/partner?adv_id=7180&uid=1875819621268740661&img=1&__user_check__=1&sync_id=7299fb22-e1ca-11eb-8358-19da87bf0506
Requested by: Host: 4605991.fls.doubleclick.net
URL: https://4605991.fls.doubleclick.net/ddm/fls/r/dc_pre=COXP_bOtr-MCFUfT1QoddcUGvQ;src=4605991;type=hp_offer;cat=off_all;gtm=2wg6q1;gcldc=EAIaIQobChMIwfS5pa2v4wIVCYbVCh1hHAfOEAAYASAAEgIafPD_BwE;gclaw=EAIaIQobChMIwfS5pa2v4wIVCYbVCh1hHAfOEAAYASAAEgIafPD_BwE;auiddc=1160107375.1562933607;u16=undefined;u15=undefined;u1=gb_en;~oref=https:/www.alitalia.com/en_gb/offers.html%3FWT.mc_id=search_Google_BrandGeneric_UK&WT.srch=1&gclid=EAIaIQobChMIwfS5pa2v4wIVCYbVCh1hHAfOEAAYASAAEgIafPD_BwE&gclsrc=aw.ds
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.94.180.126 , United States, ASN35220 (SPOTX-AMS, US),
Reverse DNS
Software: nginx /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

Referer: https://20740829p.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 10 Jul 2021 22:01:58 GMT
Server: nginx
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: image/gif
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials: false
X-fe: 94
Connection: keep-alive
Content-Length: 43

Redirect headers

Date: Sat, 10 Jul 2021 22:01:58 GMT
Server: nginx
Location: /partner?adv_id=7180&uid=1875819621268740661&img=1&__user_check__=1&sync_id=7299fb22-e1ca-11eb-8358-19da87bf0506
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/plain
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials: false
X-fe: 136
Connection: keep-alive
Content-Length: 0

GET
H2 200 sync
partners.tremorhub.com/ Frame AC3B 43 B
183 B 285ms
93ms Image
image/gif 2600:1f18:612b:4232:380b:6483:6fb1:583d
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://partners.tremorhub.com/sync?UIRF=1875819621268740661&r=xj3NS5PrnEaS
Requested by: Host: 4605991.fls.doubleclick.net
URL: https://4605991.fls.doubleclick.net/ddm/fls/r/dc_pre=COXP_bOtr-MCFUfT1QoddcUGvQ;src=4605991;type=hp_offer;cat=off_all;gtm=2wg6q1;gcldc=EAIaIQobChMIwfS5pa2v4wIVCYbVCh1hHAfOEAAYASAAEgIafPD_BwE;gclaw=EAIaIQobChMIwfS5pa2v4wIVCYbVCh1hHAfOEAAYASAAEgIafPD_BwE;auiddc=1160107375.1562933607;u16=undefined;u15=undefined;u1=gb_en;~oref=https:/www.alitalia.com/en_gb/offers.html%3FWT.mc_id=search_Google_BrandGeneric_UK&WT.srch=1&gclid=EAIaIQobChMIwfS5pa2v4wIVCYbVCh1hHAfOEAAYASAAEgIafPD_BwE&gclsrc=aw.ds
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:612b:4232:380b:6483:6fb1:583d Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: Apache-Coyote/1.1 /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Referer: https://20740829p.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 10 Jul 2021 22:01:58 GMT
server: Apache-Coyote/1.1
p3p: CP='This is not a P3P policy. See https://telaria.com/privacy-policy/'
content-type: image/gif

GET
H2 200 g.pixel
aa.agkn.com/adscores/ Frame AC3B 43 B
238 B 97ms
27ms Image
image/gif 3.127.52.31
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://aa.agkn.com/adscores/g.pixel?sid=9212192898&rf=1875819621268740661
Requested by: Host: 4605991.fls.doubleclick.net
URL: https://4605991.fls.doubleclick.net/ddm/fls/r/dc_pre=COXP_bOtr-MCFUfT1QoddcUGvQ;src=4605991;type=hp_offer;cat=off_all;gtm=2wg6q1;gcldc=EAIaIQobChMIwfS5pa2v4wIVCYbVCh1hHAfOEAAYASAAEgIafPD_BwE;gclaw=EAIaIQobChMIwfS5pa2v4wIVCYbVCh1hHAfOEAAYASAAEgIafPD_BwE;auiddc=1160107375.1562933607;u16=undefined;u15=undefined;u1=gb_en;~oref=https:/www.alitalia.com/en_gb/offers.html%3FWT.mc_id=search_Google_BrandGeneric_UK&WT.srch=1&gclid=EAIaIQobChMIwfS5pa2v4wIVCYbVCh1hHAfOEAAYASAAEgIafPD_BwE&gclsrc=aw.ds
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.127.52.31 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-127-52-31.eu-central-1.compute.amazonaws.com
Software: AAWebServer /
Resource Hash: 98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a

Request headers

Referer: https://20740829p.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 10 Jul 2021 22:01:58 GMT
server: AAWebServer
p3p: policyref="https://www.agkn.com/p3p/p3p.xml",CP="NOI NID"
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-length: 43
expires: 0

GET
H2 204 usermatch.gif
beacon.krxd.net/ Frame AC3B 0
338 B 157ms
51ms Image
text/plain 34.247.15.24
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://beacon.krxd.net/usermatch.gif?partner_id=rfuel&partner_user_id=1875819621268740661
Requested by: Host: 4605991.fls.doubleclick.net
URL: https://4605991.fls.doubleclick.net/ddm/fls/r/dc_pre=COXP_bOtr-MCFUfT1QoddcUGvQ;src=4605991;type=hp_offer;cat=off_all;gtm=2wg6q1;gcldc=EAIaIQobChMIwfS5pa2v4wIVCYbVCh1hHAfOEAAYASAAEgIafPD_BwE;gclaw=EAIaIQobChMIwfS5pa2v4wIVCYbVCh1hHAfOEAAYASAAEgIafPD_BwE;auiddc=1160107375.1562933607;u16=undefined;u15=undefined;u1=gb_en;~oref=https:/www.alitalia.com/en_gb/offers.html%3FWT.mc_id=search_Google_BrandGeneric_UK&WT.srch=1&gclid=EAIaIQobChMIwfS5pa2v4wIVCYbVCh1hHAfOEAAYASAAEgIafPD_BwE&gclsrc=aw.ds
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.247.15.24 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-247-15-24.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://20740829p.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 10 Jul 2021 22:01:58 GMT
cache-control: private, no-cache, no-store
x-request-time: D=29 t=1625954518
x-served-by: beacon-n012-dub-prod.krxd.net
p3p: policyref="https://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H2

200

sync
x.bidswitch.net/ul_cb/ Frame AC3B
Redirect Chain

https://x.bidswitch.net/sync?dsp_id=119&user_id=1875819621268740661&expires=30
https://x.bidswitch.net/ul_cb/sync?dsp_id=119&user_id=1875819621268740661&expires=30

43 B
344 B

32ms
32ms

Image
image/gif

3.126.158.103
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://x.bidswitch.net/ul_cb/sync?dsp_id=119&user_id=1875819621268740661&expires=30
Requested by: Host: 4605991.fls.doubleclick.net
URL: https://4605991.fls.doubleclick.net/ddm/fls/r/dc_pre=COXP_bOtr-MCFUfT1QoddcUGvQ;src=4605991;type=hp_offer;cat=off_all;gtm=2wg6q1;gcldc=EAIaIQobChMIwfS5pa2v4wIVCYbVCh1hHAfOEAAYASAAEgIafPD_BwE;gclaw=EAIaIQobChMIwfS5pa2v4wIVCYbVCh1hHAfOEAAYASAAEgIafPD_BwE;auiddc=1160107375.1562933607;u16=undefined;u15=undefined;u1=gb_en;~oref=https:/www.alitalia.com/en_gb/offers.html%3FWT.mc_id=search_Google_BrandGeneric_UK&WT.srch=1&gclid=EAIaIQobChMIwfS5pa2v4wIVCYbVCh1hHAfOEAAYASAAEgIafPD_BwE&gclsrc=aw.ds
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.126.158.103 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-158-103.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Referer: https://20740829p.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 10 Jul 2021 22:01:58 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 43
content-type: image/gif

Redirect headers

location: https://x.bidswitch.net/ul_cb/sync?dsp_id=119&user_id=1875819621268740661&expires=30
date: Sat, 10 Jul 2021 22:01:58 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0

GET
H/1.1

200
OK

/
ps.eyeota.net/match/bounce/ Frame AC3B
Redirect Chain

https://p.rfihub.com/cm?pub=24472&in=1
https://ps.eyeota.net/match?uid=1875819621268740661&bid=omt9pi0
https://ps.eyeota.net/match/bounce/?uid=1875819621268740661&bid=omt9pi0

70 B
440 B

32ms
28ms

Image
image/gif

3.121.27.153
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ps.eyeota.net/match/bounce/?uid=1875819621268740661&bid=omt9pi0
Requested by: Host: 4605991.fls.doubleclick.net
URL: https://4605991.fls.doubleclick.net/ddm/fls/r/dc_pre=COXP_bOtr-MCFUfT1QoddcUGvQ;src=4605991;type=hp_offer;cat=off_all;gtm=2wg6q1;gcldc=EAIaIQobChMIwfS5pa2v4wIVCYbVCh1hHAfOEAAYASAAEgIafPD_BwE;gclaw=EAIaIQobChMIwfS5pa2v4wIVCYbVCh1hHAfOEAAYASAAEgIafPD_BwE;auiddc=1160107375.1562933607;u16=undefined;u15=undefined;u1=gb_en;~oref=https:/www.alitalia.com/en_gb/offers.html%3FWT.mc_id=search_Google_BrandGeneric_UK&WT.srch=1&gclid=EAIaIQobChMIwfS5pa2v4wIVCYbVCh1hHAfOEAAYASAAEgIafPD_BwE&gclsrc=aw.ds
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 3.121.27.153 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-121-27-153.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: de9d3fd0eb948bd294477d0eda60a73b85caff1794803530d0463193a113da98

Request headers

Referer: https://20740829p.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 10 Jul 2021 22:01:59 GMT
Content-Type: image/gif
Content-Length: 70
P3P: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR SAMo BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR", policyref="http://ps.eyeota.net/w3c/p3p.xml"

Redirect headers

Location: /match/bounce/?uid=1875819621268740661&bid=omt9pi0
Date: Sat, 10 Jul 2021 22:01:59 GMT
Content-Length: 0
P3P: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR SAMo BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR", policyref="http://ps.eyeota.net/w3c/p3p.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR SAMo BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR", policyref="http://ps.eyeota.net/w3c/p3p.xml"

GET
H/1.1

200
OK

cm
p.rfihub.com/ Frame AC3B
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/Mlpt2JaG/?redir=https%3A%2F%2Fp.rfihub.com%2Fcm%3Fin%3D1%26pub%3D21653%26userid%3D%24%7BTM_USER_ID%7D
https://sync-tm.everesttech.net/ct/upi/pid/Mlpt2JaG/?redir=https%3A%2F%2Fp.rfihub.com%2Fcm%3Fin%3D1%26pub%3D21653%26userid%3D%24%7BTM_USER_ID%7D&_test=YOoY1wACuW_t8wA4
https://p.rfihub.com/cm?in=1&pub=21653&userid=YOoY1wACuW_t8wA4&_test=YOoY1wACuW_t8wA4

42 B
1 KB

38ms
38ms

Image
image/gif

193.0.160.129
ROCKETFUEL

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://p.rfihub.com/cm?in=1&pub=21653&userid=YOoY1wACuW_t8wA4&_test=YOoY1wACuW_t8wA4
Requested by: Host: 4605991.fls.doubleclick.net
URL: https://4605991.fls.doubleclick.net/ddm/fls/r/dc_pre=COXP_bOtr-MCFUfT1QoddcUGvQ;src=4605991;type=hp_offer;cat=off_all;gtm=2wg6q1;gcldc=EAIaIQobChMIwfS5pa2v4wIVCYbVCh1hHAfOEAAYASAAEgIafPD_BwE;gclaw=EAIaIQobChMIwfS5pa2v4wIVCYbVCh1hHAfOEAAYASAAEgIafPD_BwE;auiddc=1160107375.1562933607;u16=undefined;u15=undefined;u1=gb_en;~oref=https:/www.alitalia.com/en_gb/offers.html%3FWT.mc_id=search_Google_BrandGeneric_UK&WT.srch=1&gclid=EAIaIQobChMIwfS5pa2v4wIVCYbVCh1hHAfOEAAYASAAEgIafPD_BwE&gclsrc=aw.ds
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_CBC
Server: 193.0.160.129 , United States, ASN54312 (ROCKETFUEL, US),
Reverse DNS
Software: Jetty(9.3.29.v20201019) /
Resource Hash: 47043e4823a6c21a8881de789b4185355330b5804629d23f6b43dd93f5265292

Request headers

Referer: https://20740829p.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 10 Jul 2021 22:01:59 GMT
Cache-Control: no-cache
Server: Jetty(9.3.29.v20201019)
Content-Type: image/gif
Content-Length: 42
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

Redirect headers

pragma: no-cache
date: Sat, 10 Jul 2021 22:01:59 GMT
via: 1.1 varnish
server: Varnish
x-timer: S1625954519.092049,VS0,VE0
x-served-by: cache-fra19152-FRA
x-cache: HIT
location: https://p.rfihub.com/cm?in=1&pub=21653&userid=YOoY1wACuW_t8wA4&_test=YOoY1wACuW_t8wA4
cache-control: no-cache
accept-ranges: bytes
content-length: 0
retry-after: 0
x-cache-hits: 0

GET
H2 200 cksync.php
contextual.media.net/ Frame AC3B 46 B
696 B 258ms
86ms Image
image/gif 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://contextual.media.net/cksync.php?cs=3&type=rkt&ovsid=1875819621268740661

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

579a172ca2c700734ebcfa06d105a134f31ec2357660e58e0874cfdee8472fd4

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Referer: https://20740829p.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=604800
server: Apache
date: Sat, 10 Jul 2021 22:01:59 GMT
p3p: CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA, CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
cache-control: max-age=0, no-cache, no-store
content-type: image/gif
content-length: 46
x-mnet-hl2: E
expires: Sat, 10 Jul 2021 22:01:59 GMT

GET
H/1.1

200
OK

cm
p.rfihub.com/ Frame AC3B
Redirect Chain

https://bs.serving-sys.com/serving?cn=um&dpid=12&rtu=https%3A%2F%2Fp.rfihub.com%2Fcm%3Fin%3D1%26pub%3D17945%26userid%3D%5B%25tp_UserID%25%5D
https://p.rfihub.com/cm?in=1&pub=17945&userid=80358bd9-9123-46e5-9ec0-126e0731b2eb

42 B
1 KB

78ms
37ms

Image
image/gif

193.0.160.129
ROCKETFUEL

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://p.rfihub.com/cm?in=1&pub=17945&userid=80358bd9-9123-46e5-9ec0-126e0731b2eb
Requested by: Host: 4605991.fls.doubleclick.net
URL: https://4605991.fls.doubleclick.net/ddm/fls/r/dc_pre=COXP_bOtr-MCFUfT1QoddcUGvQ;src=4605991;type=hp_offer;cat=off_all;gtm=2wg6q1;gcldc=EAIaIQobChMIwfS5pa2v4wIVCYbVCh1hHAfOEAAYASAAEgIafPD_BwE;gclaw=EAIaIQobChMIwfS5pa2v4wIVCYbVCh1hHAfOEAAYASAAEgIafPD_BwE;auiddc=1160107375.1562933607;u16=undefined;u15=undefined;u1=gb_en;~oref=https:/www.alitalia.com/en_gb/offers.html%3FWT.mc_id=search_Google_BrandGeneric_UK&WT.srch=1&gclid=EAIaIQobChMIwfS5pa2v4wIVCYbVCh1hHAfOEAAYASAAEgIafPD_BwE&gclsrc=aw.ds
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_CBC
Server: 193.0.160.129 , United States, ASN54312 (ROCKETFUEL, US),
Reverse DNS
Software: Jetty(9.3.29.v20201019) /
Resource Hash: 47043e4823a6c21a8881de789b4185355330b5804629d23f6b43dd93f5265292

Request headers

Referer: https://20740829p.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 10 Jul 2021 22:01:59 GMT
Cache-Control: no-cache
Server: Jetty(9.3.29.v20201019)
Content-Type: image/gif
Content-Length: 42
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

Redirect headers

pragma: no-cache
date: Sat, 10 Jul 2021 22:01:58 GMT
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
p3p: CP="NOI DEVa OUR BUS UNI"
location: https://p.rfihub.com/cm?in=1&pub=17945&userid=80358bd9-9123-46e5-9ec0-126e0731b2eb
cache-control: private
content-type: text/html; charset=UTF-8
content-length: 213
expires: Sun, 05-Jun-2005 22:00:00 GMT

GET
H2

200

362358.gif
idsync.rlcdn.com/ Frame AC3B
Redirect Chain

https://live.rezync.com/pixel?c=bd8618c307ae9885a12561b7191e2cea&cid=1875819621268740661&referrer=https%3A%2F%2Fadservice.google.com%2F
https://p.rfihub.com/cm?pub=39342&in=0&userid=539dc4c4-e952-4fd9-a6f7-69c5f00e7627%3A1625954519.05&forward=https%3A//idsync.rlcdn.com/501709.gif%3Fpartner_uid%3D539dc4c4-e952-4fd9-a6f7-69c5f00e7627...
https://idsync.rlcdn.com/501709.gif?partner_uid=539dc4c4-e952-4fd9-a6f7-69c5f00e7627%3A1625954519.05
https://cm.g.doubleclick.net/pixel?google_nid=epsilon&google_cm
https://idsync.rlcdn.com/362358.gif?google_gid=CAESENZxQg4rDX5O2VDrgwkUQtE&google_cver=1

42 B
299 B

36ms
36ms

Image
image/gif

35.244.174.68
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://idsync.rlcdn.com/362358.gif?google_gid=CAESENZxQg4rDX5O2VDrgwkUQtE&google_cver=1
Requested by: Host: 4605991.fls.doubleclick.net
URL: https://4605991.fls.doubleclick.net/ddm/fls/r/dc_pre=COXP_bOtr-MCFUfT1QoddcUGvQ;src=4605991;type=hp_offer;cat=off_all;gtm=2wg6q1;gcldc=EAIaIQobChMIwfS5pa2v4wIVCYbVCh1hHAfOEAAYASAAEgIafPD_BwE;gclaw=EAIaIQobChMIwfS5pa2v4wIVCYbVCh1hHAfOEAAYASAAEgIafPD_BwE;auiddc=1160107375.1562933607;u16=undefined;u15=undefined;u1=gb_en;~oref=https:/www.alitalia.com/en_gb/offers.html%3FWT.mc_id=search_Google_BrandGeneric_UK&WT.srch=1&gclid=EAIaIQobChMIwfS5pa2v4wIVCYbVCh1hHAfOEAAYASAAEgIafPD_BwE&gclsrc=aw.ds
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.174.68 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 68.174.244.35.bc.googleusercontent.com
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://20740829p.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 10 Jul 2021 22:01:59 GMT
via: 1.1 google
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
cache-control: no-cache, no-store
content-type: image/gif
alt-svc: clear
content-length: 42

Redirect headers

pragma: no-cache
date: Sat, 10 Jul 2021 22:01:59 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://idsync.rlcdn.com/362358.gif?google_gid=CAESENZxQg4rDX5O2VDrgwkUQtE&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 289
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
bpi.rtactivate.com/tag/ Frame AC3B 43 B
109 B 387ms
156ms Image
image/gif 184.73.14.153
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bpi.rtactivate.com/tag/?id=11017&user_id=1875819621268740661
Requested by: Host: 4605991.fls.doubleclick.net
URL: https://4605991.fls.doubleclick.net/ddm/fls/r/dc_pre=COXP_bOtr-MCFUfT1QoddcUGvQ;src=4605991;type=hp_offer;cat=off_all;gtm=2wg6q1;gcldc=EAIaIQobChMIwfS5pa2v4wIVCYbVCh1hHAfOEAAYASAAEgIafPD_BwE;gclaw=EAIaIQobChMIwfS5pa2v4wIVCYbVCh1hHAfOEAAYASAAEgIafPD_BwE;auiddc=1160107375.1562933607;u16=undefined;u15=undefined;u1=gb_en;~oref=https:/www.alitalia.com/en_gb/offers.html%3FWT.mc_id=search_Google_BrandGeneric_UK&WT.srch=1&gclid=EAIaIQobChMIwfS5pa2v4wIVCYbVCh1hHAfOEAAYASAAEgIafPD_BwE&gclsrc=aw.ds
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 184.73.14.153 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-184-73-14-153.compute-1.amazonaws.com
Software: awselb/2.0 /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://20740829p.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 10 Jul 2021 22:01:59 GMT
server: awselb/2.0
content-length: 43
content-type: image/gif

GET
H2 200 rules-p-wVQdcdeYp7FcS.js Show response
rules.quantcount.com/ Frame 421A 11 KB
2 KB 27ms
8ms Script
application/javascript 2600:9000:20eb:4c00:6:44e3:f8c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rules.quantcount.com/rules-p-wVQdcdeYp7FcS.js
Requested by: Host: secure.quantserve.com
URL: https://secure.quantserve.com/quant.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20eb:4c00:6:44e3:f8c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: fde53a8d44fa3ca23eaed6b37432264e8fb6a280c893b5480f56b3f6f0b225a1

Request headers

Referer: https://4605991.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 10 Jul 2021 21:53:19 GMT
content-encoding: gzip
age: 568
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
last-modified: Mon, 05 Oct 2020 11:54:09 GMT
server: AmazonS3
etag: W/"0488f9bc595ff250b7527e353950bb56"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript
via: 1.1 0e75d8f2d484ce463fc04f5c422aa179.cloudfront.net (CloudFront)
cache-control: max-age=3600
x-amz-cf-pop: FRA2-C1
x-amz-cf-id: 8p3jaKilaQWYPynQ4d1zzJ9x8CePJo0SH7eBERrc0hzNNT6m0x5LkA==

GET
H2 200 pixel;r=91175073;labels=_fp.event.Default;rf=0;a=p-wVQdcdeYp7FcS;url=https%3A%2F%2F4605991.fls.doubleclick.net%2Fddm%2Ffls%2Fr%2Fdc_pre%3DCOXP_bOtr-MCFUfT1QoddcUGvQ%3Bsrc%3D4605991%3Btype%3Dhp_offe...
pixel.quantserve.com/ Frame 421A 35 B
371 B 44ms
43ms Image
image/gif 91.228.74.226
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.quantserve.com/pixel;r=91175073;labels=_fp.event.Default;rf=0;a=p-wVQdcdeYp7FcS;url=https%3A%2F%2F4605991.fls.doubleclick.net%2Fddm%2Ffls%2Fr%2Fdc_pre%3DCOXP_bOtr-MCFUfT1QoddcUGvQ%3Bsrc%3D4605991%3Btype%3Dhp_offer%3Bcat%3Doff_all%3Bgtm%3D2wg6q1%3Bgcldc%3DEAIaIQobChMIwfS5pa2v4wIVCYbVCh1hHAfOEAAYASAAEgIafPD_BwE%3Bgclaw%3DEAIaIQobChMIwfS5pa2v4wIVCYbVCh1hHAfOEAAYASAAEgIafPD_BwE%3Bauiddc%3D1160107375.1562933607%3Bu16%3Dundefined%3Bu15%3Dundefined%3Bu1%3Dgb_en%3B~oref%3Dhttps%3A%2Fwww.alitalia.com%2Fen_gb%2Foffers.html%253FWT.mc_id%3Dsearch_Google_BrandGeneric_UK%26WT.srch%3D1%26gclid%3DEAIaIQobChMIwfS5pa2v4wIVCYbVCh1hHAfOEAAYASAAEgIafPD_BwE%26gclsrc%3Daw.ds;ref=https%3A%2F%2Fadservice.google.com%2F;uht=2;fpan=1;fpa=P0-1712324626-1625954518800;pbcn=u;pbc=;ns=1;ce=1;qjs=1;qv=82efd7d8-20210517233434;cm=;gdpr=0;d=4605991.fls.doubleclick.net;je=0;sr=1600x1200x24;dst=1;et=1625954518800;tzo=-120;ogl=

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

91.228.74.226 , United Kingdom, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Referer: https://4605991.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 10 Jul 2021 22:01:58 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
cache-control: private, no-cache, no-store, proxy-revalidate
content-type: image/gif
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H/1.1 200
OK / Show response
apxprogrammatic.netmng.com/ Frame 421A 609 B
2 KB 45ms
44ms Script
text/javascript 193.0.160.49
ROCKETFUEL

General

Check archive.org

Show headers Download Go to

Full URL: https://apxprogrammatic.netmng.com/?aid=6158&ref=https%3A%2F%2Fadservice.google.com%2F&cch
Requested by: Host: emea-alitalia.apxprogrammatic.com
URL: https://emea-alitalia.apxprogrammatic.com/?aid=6158&ref=https%3A%2F%2Fadservice.google.com%2F
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 193.0.160.49 , United States, ASN54312 (ROCKETFUEL, US),
Reverse DNS
Software: nginx /
Resource Hash: 49e7112b9d54bc0a2bd23fa70052a4f2639bfbb3e535ad0bfebac012ab05a5a0

Request headers

Referer: https://4605991.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 10 Jul 2021 22:01:59 GMT
Last-Modified: Thu, 08 Jul 2021 22:01:59 GMT
Server: nginx
Transfer-Encoding: chunked
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa PSAa OUR BUS COM NAV"
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: keep-alive
Content-Type: text/javascript; charset=UTF-8
Expires: Thu, 08 Jul 2021 22:01:59 GMT

GET
H3-29

200

activityi;dc_pre=CJX_pMzA2fECFUwH4AodpJgH7A;src=9635419;type=111127;cat=6697125;qty=1;cost=0.00;u=8831E537-AA66-46C4-B179-DDD8B746F995;u1=xnamyl4jur38i;u2=0.00;u3=;u4=;u5=;u6=;u7=;u8=;u9=;u10=;u11=... Show response
9635419.fls.doubleclick.net/ Frame 3ECA
Redirect Chain

https://9635419.fls.doubleclick.net/activityi;src=9635419;type=111127;cat=6697125;qty=1;cost=0.00;u=8831E537-AA66-46C4-B179-DDD8B746F995;u1=xnamyl4jur38i;u2=0.00;u3=;u4=;u5=;u6=;u7=;u8=;u9=;u10=;u1...
https://9635419.fls.doubleclick.net/activityi;dc_pre=CJX_pMzA2fECFUwH4AodpJgH7A;src=9635419;type=111127;cat=6697125;qty=1;cost=0.00;u=8831E537-AA66-46C4-B179-DDD8B746F995;u1=xnamyl4jur38i;u2=0.00;u...

1 KB
741 B

44ms
43ms

Document
text/html

142.250.185.102
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://9635419.fls.doubleclick.net/activityi;dc_pre=CJX_pMzA2fECFUwH4AodpJgH7A;src=9635419;type=111127;cat=6697125;qty=1;cost=0.00;u=8831E537-AA66-46C4-B179-DDD8B746F995;u1=xnamyl4jur38i;u2=0.00;u3=;u4=;u5=;u6=;u7=;u8=;u9=;u10=;u11=;u12=;u13=;u14=;u15=;u16=;u17=;u18=;u19=;u20=;ord=xnamyl4jur38i?

Requested by

Host: emea-alitalia.apxprogrammatic.com
URL: https://emea-alitalia.apxprogrammatic.com/conv/?aid=6158&cpid=306697125&ref=https%3A%2F%2Fadservice.google.com%2F

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.102 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f6.1e100.net

Software

cafe /

Resource Hash

b4f9dad81f0b938b3a1b5f4b260ce5621e61dfd12a3b5061ec41f2a9c0f8ba6f

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 9635419.fls.doubleclick.net
:scheme: https
:path: /activityi;dc_pre=CJX_pMzA2fECFUwH4AodpJgH7A;src=9635419;type=111127;cat=6697125;qty=1;cost=0.00;u=8831E537-AA66-46C4-B179-DDD8B746F995;u1=xnamyl4jur38i;u2=0.00;u3=;u4=;u5=;u6=;u7=;u8=;u9=;u10=;u11=;u12=;u13=;u14=;u15=;u16=;u17=;u18=;u19=;u20=;ord=xnamyl4jur38i?
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://4605991.fls.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUm9_-PwqJ3QfTEV6zF7xy7dxQ0ZlUULi3hJTO97xfFu9eqRola9wZDbyhbv_BI
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://4605991.fls.doubleclick.net/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sat, 10 Jul 2021 22:01:59 GMT
expires: Sat, 10 Jul 2021 22:01:59 GMT
cache-control: private, max-age=0
strict-transport-security: max-age=21600
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 718
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

Redirect headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sat, 10 Jul 2021 22:01:59 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
follow-only-when-prerender-shown: 1
strict-transport-security: max-age=21600
location: https://9635419.fls.doubleclick.net/activityi;dc_pre=CJX_pMzA2fECFUwH4AodpJgH7A;src=9635419;type=111127;cat=6697125;qty=1;cost=0.00;u=8831E537-AA66-46C4-B179-DDD8B746F995;u1=xnamyl4jur38i;u2=0.00;u3=;u4=;u5=;u6=;u7=;u8=;u9=;u10=;u11=;u12=;u13=;u14=;u15=;u16=;u17=;u18=;u19=;u20=;ord=xnamyl4jur38i?
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29

200

activityi;dc_pre=CNzCpszA2fECFUt-4AodIxcHBg;src=9635419;type=6158;cat=111127;ord=xnamyl4jur38i;u20=[306697124] Show response
9635419.fls.doubleclick.net/ Frame 9D8F
Redirect Chain

https://9635419.fls.doubleclick.net/activityi;src=9635419;type=6158;cat=111127;ord=xnamyl4jur38i;u20=[306697124]?
https://9635419.fls.doubleclick.net/activityi;dc_pre=CNzCpszA2fECFUt-4AodIxcHBg;src=9635419;type=6158;cat=111127;ord=xnamyl4jur38i;u20=[306697124]?

1 KB
655 B

46ms
45ms

Document
text/html

142.250.185.102
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://9635419.fls.doubleclick.net/activityi;dc_pre=CNzCpszA2fECFUt-4AodIxcHBg;src=9635419;type=6158;cat=111127;ord=xnamyl4jur38i;u20=[306697124]?

Requested by

Host: apxprogrammatic.netmng.com
URL: https://apxprogrammatic.netmng.com/?aid=6158&ref=https%3A%2F%2Fadservice.google.com%2F&cch

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.102 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f6.1e100.net

Software

cafe /

Resource Hash

0a80baa6dc810c12c967415a0e9efa1ac1894c7ccbb5b142f3c9f5ff9fcc0095

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 9635419.fls.doubleclick.net
:scheme: https
:path: /activityi;dc_pre=CNzCpszA2fECFUt-4AodIxcHBg;src=9635419;type=6158;cat=111127;ord=xnamyl4jur38i;u20=[306697124]?
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://4605991.fls.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUm9_-PwqJ3QfTEV6zF7xy7dxQ0ZlUULi3hJTO97xfFu9eqRola9wZDbyhbv_BI
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://4605991.fls.doubleclick.net/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sat, 10 Jul 2021 22:01:59 GMT
expires: Sat, 10 Jul 2021 22:01:59 GMT
cache-control: private, max-age=0
strict-transport-security: max-age=21600
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 632
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

Redirect headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sat, 10 Jul 2021 22:01:59 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
follow-only-when-prerender-shown: 1
strict-transport-security: max-age=21600
location: https://9635419.fls.doubleclick.net/activityi;dc_pre=CNzCpszA2fECFUt-4AodIxcHBg;src=9635419;type=6158;cat=111127;ord=xnamyl4jur38i;u20=[306697124]?
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H/1.1 200
OK cm
p.rfihub.com/ Frame 421A 42 B
1 KB 39ms
39ms Image
image/gif 193.0.160.129
ROCKETFUEL

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://p.rfihub.com/cm?pub=40519&in=1&userid=xnamyl4jur38i
Requested by: Host: 4605991.fls.doubleclick.net
URL: https://4605991.fls.doubleclick.net/ddm/fls/r/dc_pre=COXP_bOtr-MCFUfT1QoddcUGvQ;src=4605991;type=hp_offer;cat=off_all;gtm=2wg6q1;gcldc=EAIaIQobChMIwfS5pa2v4wIVCYbVCh1hHAfOEAAYASAAEgIafPD_BwE;gclaw=EAIaIQobChMIwfS5pa2v4wIVCYbVCh1hHAfOEAAYASAAEgIafPD_BwE;auiddc=1160107375.1562933607;u16=undefined;u15=undefined;u1=gb_en;~oref=https:/www.alitalia.com/en_gb/offers.html%3FWT.mc_id=search_Google_BrandGeneric_UK&WT.srch=1&gclid=EAIaIQobChMIwfS5pa2v4wIVCYbVCh1hHAfOEAAYASAAEgIafPD_BwE&gclsrc=aw.ds
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_CBC
Server: 193.0.160.129 , United States, ASN54312 (ROCKETFUEL, US),
Reverse DNS
Software: Jetty(9.3.29.v20201019) /
Resource Hash: 47043e4823a6c21a8881de789b4185355330b5804629d23f6b43dd93f5265292

Request headers

Referer: https://4605991.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 10 Jul 2021 22:01:59 GMT
Cache-Control: no-cache
Server: Jetty(9.3.29.v20201019)
Content-Type: image/gif
Content-Length: 42
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H3-29 200 dc_pre=CJX_pMzA2fECFUwH4AodpJgH7A;src=9635419;type=111127;cat=6697125;qty=1;cost=0.00;u=8831E537-AA66-46C4-B179-DDD8B746F995;u1=xnamyl4jur38i;u2=0.00;u3=;u4=;u5=;u6=;u7=;u8=;u9=;u10=;u11=;u12=;u13=...
adservice.google.com/ddm/fls/z/ Frame 3ECA 42 B
63 B 58ms
44ms Image
image/gif 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/dc_pre=CJX_pMzA2fECFUwH4AodpJgH7A;src=9635419;type=111127;cat=6697125;qty=1;cost=0.00;u=8831E537-AA66-46C4-B179-DDD8B746F995;u1=xnamyl4jur38i;u2=0.00;u3=;u4=;u5=;u6=;u7=;u8=;u9=;u10=;u11=;u12=;u13=;u14=;u15=;u16=;u17=;u18=;u19=;u20=;ord=xnamyl4jur38i

Requested by

Host: 9635419.fls.doubleclick.net
URL: https://9635419.fls.doubleclick.net/activityi;dc_pre=CJX_pMzA2fECFUwH4AodpJgH7A;src=9635419;type=111127;cat=6697125;qty=1;cost=0.00;u=8831E537-AA66-46C4-B179-DDD8B746F995;u1=xnamyl4jur38i;u2=0.00;u3=;u4=;u5=;u6=;u7=;u8=;u9=;u10=;u11=;u12=;u13=;u14=;u15=;u16=;u17=;u18=;u19=;u20=;ord=xnamyl4jur38i?

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://9635419.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 10 Jul 2021 22:01:59 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 tc.min.js Show response
c1.rfihub.net/js/ Frame 3ECA 19 KB
6 KB 7ms
6ms Script
application/x-javascript 2600:9000:21f3:3400:1:76cf:fe80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c1.rfihub.net/js/tc.min.js
Requested by: Host: 9635419.fls.doubleclick.net
URL: https://9635419.fls.doubleclick.net/activityi;dc_pre=CJX_pMzA2fECFUwH4AodpJgH7A;src=9635419;type=111127;cat=6697125;qty=1;cost=0.00;u=8831E537-AA66-46C4-B179-DDD8B746F995;u1=xnamyl4jur38i;u2=0.00;u3=;u4=;u5=;u6=;u7=;u8=;u9=;u10=;u11=;u12=;u13=;u14=;u15=;u16=;u17=;u18=;u19=;u20=;ord=xnamyl4jur38i?
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:21f3:3400:1:76cf:fe80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Jetty(9.3.29.v20201019) /
Resource Hash: 7ef97b12890fc6fee67f869c6e1f74b6719de7d66ac0d649c8d7386a80b4c30f

Request headers

Referer: https://9635419.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 10 Jul 2021 21:32:47 GMT
content-encoding: gzip
last-modified: Sat, 10 Jul 2021 21:32:37 GMT
server: Jetty(9.3.29.v20201019)
age: 1752
x-cache: Hit from cloudfront
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
via: 1.1 6fa33d47af6f4da7007689083cfe9b9c.cloudfront.net (CloudFront)
cache-control: public, max-age=3600
x-amz-cf-pop: FRA2-C2
content-type: application/x-javascript
content-length: 6162
x-amz-cf-id: 6fHG1-RS5d3cupovW4NLgUPGP4Dt6v2NL2bCIChHeyNBD1Z7A-DjVg==
expires: Sat, 10 Jul 2021 22:32:47 GMT

GET
H/1.1 200
OK Cookie set ca.html Show response
20822660p.rfihub.com/ Frame 0A6B 3 KB
4 KB 177ms
41ms Document
text/html 193.0.160.129
ROCKETFUEL

General

Check archive.org

Show headers Download Go to

Full URL: https://20822660p.rfihub.com/ca.html?ver=9&rb=40600&ca=20822660&_o=40600&_t=306697125&transid=xnamyl4jur38i&pe=https%3A%2F%2F9635419.fls.doubleclick.net%2Factivityi%3Bdc_pre%3DCJX_pMzA2fECFUwH4AodpJgH7A%3Bsrc%3D9635419%3Btype%3D111127%3Bcat%3D6697125%3Bqty%3D1%3Bcost%3D0.00%3Bu%3D8831E537-AA66-46C4-B179-DDD8B746F995%3Bu1%3Dxnamyl4jur38i%3Bu2%3D0.00%3Bu3%3D%3Bu4%3D%3Bu5%3D%3Bu6%3D%3Bu7%3D%3Bu8%3D%3Bu9%3D%3Bu10%3D%3Bu11%3D%3Bu12%3D%3Bu13%3D%3Bu14%3D%3Bu15%3D%3Bu16%3D%3Bu17%3D%3Bu18%3D%3Bu19%3D%3Bu20%3D%3Bord%3Dxnamyl4jur38i%3F&pf=https%3A%2F%2F4605991.fls.doubleclick.net%2F&ra=6767492651534741
Requested by: Host: c1.rfihub.net
URL: https://c1.rfihub.net/js/tc.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_CBC
Server: 193.0.160.129 , United States, ASN54312 (ROCKETFUEL, US),
Reverse DNS
Software: Jetty(9.3.29.v20201019) /
Resource Hash: 2f03c6f938002482742341269afc73bacde15065d45270a7ef3bc9f0dccc028b

Request headers

Host: 20822660p.rfihub.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://9635419.fls.doubleclick.net/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: rud=H4sIAAAAAAAAAOMSNrQwN7UwtDQzMjQyszA3MTAzMxTiM9TNssj083EKyC2K0g2V4jU0MzK1NDUxNbQwNTECAEGtO_Y0AAAA; ruds=H4sIAAAAAAAAAOMSNrQwN7UwtDQzMjQyszA3MTAzMxTiM9TNssj083EKyC2K0g0FAN6j2OslAAAA; smd=H4sIAAAAAAAAADPiNTQzMrU0NTE1tDQ0MgUANHoDEw8AAAA; eud=H4sIAAAAAAAAAF3Pr04DQRDH8UDA0FRdJRK7ZGd2Z3cH15BekOT6AKS3t8ef_hFNSIDHqDx5srKSR-ARkEhkZRV13I2Z5CN-32QuLuF2PJlO7nzxaHMdH_JQfRT5Gu6fwnheDMEhMVmCEACbk46PZyv8JfwrfBDenPbdCLfCW-Gd8KfwXu7P-v4W3p2L3kD8M7gK2lAoK1YMaJR1iRSnqBWgS9obKDGV-86MtfUHkdlkSIaraKNViQmVrY_Bmau9chyp1jp5h_7mP3Ktqck6USBss370R7gZDd9Ws-X7wr68rk14bkfdPfMftRi-6fkBAAA; euds=H4sIAAAAAAAAAA3LOwrCQBAAUJBUgjewtB2ZmZ3Z3bELkmApegBJNhv_FgFBLT2GpSfV17_xlJZlta1WYbOXGtOujt1rUw-0PsTy_BnNIjqNbWdgxA7EZwXLCYHYZwyOWs7tu2B11iVJAtmUQfp_aHwfwFvSHjEHz2FBntVUlGyO-i0mj1tzfV7kdB9cPP4A-ZU0l4oAAAA
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://9635419.fls.doubleclick.net/

Response headers

Date: Sat, 10 Jul 2021 22:01:59 GMT
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: eud=H4sIAAAAAAAAAF3PrU4DQRSG4UDA0FRtJRI7ZM7MOTNzcA3pBkm2F0C6s7P89Ec0IQEuo3LlyspKLoFLQCKRlVXgunvkI743-S4u4XY8mU7ufPGIuY4Peag-inwN909hPC-G4AwxIUEIYJqToxnBboW_hH-FD8Kb074b4VZ4K7wT_hTey_1Z39_Cu3PRG4g_g6ugLYWyYsVgrEKXSHGKWoFxSXsLpUnlvjvT6A8is8kMWa4iRlSJySis_4MzV3vlOFKtdfLO-Jvj6FpTk3UiQKbN-tEf4WY0fFvNlu8LfHld2_Dcjrp75j9fvvQj-QEAAA; Path=/; Domain=.rfihub.com; Expires=Thu, 4 Aug 2022 22:01:59 GMT; Secure; SameSite=None rud=H4sIAAAAAAAAAOMSNrQwN7UwtDQzMjQyszA3MTAzMxTiM9TNssj083EKyC2K0g2V4jU0MzK1NDUxNbQwNTECAEGtO_Y0AAAA; Path=/; Domain=.rfihub.com; Expires=Thu, 4 Aug 2022 22:01:59 GMT; Secure; SameSite=None ruds=H4sIAAAAAAAAAOMSNrQwN7UwtDQzMjQyszA3MTAzMxTiM9TNssj083EKyC2K0g0FAN6j2OslAAAA; Path=/; Domain=.rfihub.com; Secure; SameSite=None
Cache-Control: no-cache
Content-Type: text/html;charset=utf-8
Content-Length: 2945
Server: Jetty(9.3.29.v20201019)

GET
H3-29 200 dc_pre=CNzCpszA2fECFUt-4AodIxcHBg;src=9635419;type=6158;cat=111127;ord=xnamyl4jur38i;u20=[306697124]
adservice.google.com/ddm/fls/z/ Frame 9D8F 42 B
63 B 41ms
40ms Image
image/gif 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/dc_pre=CNzCpszA2fECFUt-4AodIxcHBg;src=9635419;type=6158;cat=111127;ord=xnamyl4jur38i;u20=[306697124]

Requested by

Host: 9635419.fls.doubleclick.net
URL: https://9635419.fls.doubleclick.net/activityi;dc_pre=CNzCpszA2fECFUt-4AodIxcHBg;src=9635419;type=6158;cat=111127;ord=xnamyl4jur38i;u20=[306697124]?

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://9635419.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 10 Jul 2021 22:01:59 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 tc.min.js Show response
c1.rfihub.net/js/ Frame 9D8F 19 KB
6 KB 9ms
8ms Script
application/x-javascript 2600:9000:21f3:3400:1:76cf:fe80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c1.rfihub.net/js/tc.min.js
Requested by: Host: 9635419.fls.doubleclick.net
URL: https://9635419.fls.doubleclick.net/activityi;dc_pre=CNzCpszA2fECFUt-4AodIxcHBg;src=9635419;type=6158;cat=111127;ord=xnamyl4jur38i;u20=[306697124]?
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:21f3:3400:1:76cf:fe80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Jetty(9.3.29.v20201019) /
Resource Hash: 7ef97b12890fc6fee67f869c6e1f74b6719de7d66ac0d649c8d7386a80b4c30f

Request headers

Referer: https://9635419.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 10 Jul 2021 21:32:47 GMT
content-encoding: gzip
last-modified: Sat, 10 Jul 2021 21:32:37 GMT
server: Jetty(9.3.29.v20201019)
age: 1752
x-cache: Hit from cloudfront
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
via: 1.1 6fa33d47af6f4da7007689083cfe9b9c.cloudfront.net (CloudFront)
cache-control: public, max-age=3600
x-amz-cf-pop: FRA2-C2
content-type: application/x-javascript
content-length: 6162
x-amz-cf-id: 59j8vGO2Zq1bQFwRGMvV7NspKmExOPwhPSChoPg7qVW2PNaADRgnGQ==
expires: Sat, 10 Jul 2021 22:32:47 GMT

GET
H/1.1 200
OK Cookie set ca.html Show response
20822659p.rfihub.com/ Frame 2CE5 3 KB
4 KB 259ms
40ms Document
text/html 193.0.160.129
ROCKETFUEL

General

Check archive.org

Show headers Download Go to

Full URL: https://20822659p.rfihub.com/ca.html?ver=9&rb=40600&ca=20822659&_o=40600&_t=6158&segments=%5B306697124%5D&pe=https%3A%2F%2F9635419.fls.doubleclick.net%2Factivityi%3Bdc_pre%3DCNzCpszA2fECFUt-4AodIxcHBg%3Bsrc%3D9635419%3Btype%3D6158%3Bcat%3D111127%3Bord%3Dxnamyl4jur38i%3Bu20%3D%5B306697124%5D%3F&pf=https%3A%2F%2F4605991.fls.doubleclick.net%2F&ra=765586558986697
Requested by: Host: c1.rfihub.net
URL: https://c1.rfihub.net/js/tc.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_CBC
Server: 193.0.160.129 , United States, ASN54312 (ROCKETFUEL, US),
Reverse DNS
Software: Jetty(9.3.29.v20201019) /
Resource Hash: 760aed5edde091d7307d75cf18e9998dca82b2cab48889815d0990b00d45a781

Request headers

Host: 20822659p.rfihub.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://9635419.fls.doubleclick.net/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: rud=H4sIAAAAAAAAAOMSNrQwN7UwtDQzMjQyszA3MTAzMxTiM9TNssj083EKyC2K0g2V4jU0MzK1NDUxNbQwNTECAEGtO_Y0AAAA; ruds=H4sIAAAAAAAAAOMSNrQwN7UwtDQzMjQyszA3MTAzMxTiM9TNssj083EKyC2K0g0FAN6j2OslAAAA; smd=H4sIAAAAAAAAADPiNTQzMrU0NTE1tDQ0MgUANHoDEw8AAAA; eud=H4sIAAAAAAAAAF3Pr04DQRDH8UDA0FRdJRK7ZGd2Z3cH15BekOT6AKS3t8ef_hFNSIDHqDx5srKSR-ARkEhkZRV13I2Z5CN-32QuLuF2PJlO7nzxaHMdH_JQfRT5Gu6fwnheDMEhMVmCEACbk46PZyv8JfwrfBDenPbdCLfCW-Gd8KfwXu7P-v4W3p2L3kD8M7gK2lAoK1YMaJR1iRSnqBWgS9obKDGV-86MtfUHkdlkSIaraKNViQmVrY_Bmau9chyp1jp5h_7mP3Ktqck6USBss370R7gZDd9Ws-X7wr68rk14bkfdPfMftRi-6fkBAAA; euds=H4sIAAAAAAAAAA3LOwrCQBAAUJBUgjewtB2ZmZ3Z3bELkmApegBJNhv_FgFBLT2GpSfV17_xlJZlta1WYbOXGtOujt1rUw-0PsTy_BnNIjqNbWdgxA7EZwXLCYHYZwyOWs7tu2B11iVJAtmUQfp_aHwfwFvSHjEHz2FBntVUlGyO-i0mj1tzfV7kdB9cPP4A-ZU0l4oAAAA
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://9635419.fls.doubleclick.net/

Response headers

Date: Sat, 10 Jul 2021 22:01:59 GMT
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: eud=H4sIAAAAAAAAAF3Pr04DQRDH8dCAaVN1lUjskp3Znd0dXEN6QZLjAUhvb49_LaIJCfAYlSdPVlbyCDwCEomsrKKudyM_k_y-yQzP4Xo6u5vd-OLB5jre56H6LPIV3D6G6UsxBofEZAlCAGxOjmZCsxH-Fv4T3guvB303wq3wRngr_CW8k_vTvn-Et2eiNxL_jC6CNhTKihUDGmVdIsUpagXokvYGSkzlrjvT1u9FZp0hGa6ijValw0HZ-hCcu9orx5FqrZN36K-Oo0tNTdaJAGGb9aO_ws1k_P46X34s7PPbyoSndtLdM_8Dzkiv6fkBAAA; Path=/; Domain=.rfihub.com; Expires=Thu, 4 Aug 2022 22:01:59 GMT; Secure; SameSite=None rud=H4sIAAAAAAAAAOMSNrQwN7UwtDQzMjQyszA3MTAzMxTiM9TNssj083EKyC2K0g2V4jU0MzK1NDUxNbQwNTECAEGtO_Y0AAAA; Path=/; Domain=.rfihub.com; Expires=Thu, 4 Aug 2022 22:01:59 GMT; Secure; SameSite=None ruds=H4sIAAAAAAAAAOMSNrQwN7UwtDQzMjQyszA3MTAzMxTiM9TNssj083EKyC2K0g0FAN6j2OslAAAA; Path=/; Domain=.rfihub.com; Secure; SameSite=None
Cache-Control: no-cache
Content-Type: text/html;charset=utf-8
Content-Length: 2945
Server: Jetty(9.3.29.v20201019)

GET
H/1.1

200
OK

cm
a.rfihub.com/ Frame 0A6B
Redirect Chain

https://cm.g.doubleclick.net/pixel?&in=0&google_nid=zeta_interactive&google_cm=&google_sc=&google_hm=MTg3NTgxOTYyMTI2ODc0MDY2MQ==&forward=
https://a.rfihub.com/cm?pub=445&in=0&forward=&google_gid=CAESEH7Rg4F0c_F8dzRFr1Ph8Ak&google_cver=1

42 B
1 KB

41ms
40ms

Image
image/gif

193.0.160.129
ROCKETFUEL

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://a.rfihub.com/cm?pub=445&in=0&forward=&google_gid=CAESEH7Rg4F0c_F8dzRFr1Ph8Ak&google_cver=1
Requested by: Host: 4605991.fls.doubleclick.net
URL: https://4605991.fls.doubleclick.net/ddm/fls/r/dc_pre=COXP_bOtr-MCFUfT1QoddcUGvQ;src=4605991;type=hp_offer;cat=off_all;gtm=2wg6q1;gcldc=EAIaIQobChMIwfS5pa2v4wIVCYbVCh1hHAfOEAAYASAAEgIafPD_BwE;gclaw=EAIaIQobChMIwfS5pa2v4wIVCYbVCh1hHAfOEAAYASAAEgIafPD_BwE;auiddc=1160107375.1562933607;u16=undefined;u15=undefined;u1=gb_en;~oref=https:/www.alitalia.com/en_gb/offers.html%3FWT.mc_id=search_Google_BrandGeneric_UK&WT.srch=1&gclid=EAIaIQobChMIwfS5pa2v4wIVCYbVCh1hHAfOEAAYASAAEgIafPD_BwE&gclsrc=aw.ds
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_CBC
Server: 193.0.160.129 , United States, ASN54312 (ROCKETFUEL, US),
Reverse DNS
Software: Jetty(9.3.29.v20201019) /
Resource Hash: 47043e4823a6c21a8881de789b4185355330b5804629d23f6b43dd93f5265292

Request headers

Referer: https://20822660p.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 10 Jul 2021 22:01:59 GMT
Cache-Control: no-cache
Server: Jetty(9.3.29.v20201019)
Content-Type: image/gif
Content-Length: 42
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

Redirect headers

pragma: no-cache
date: Sat, 10 Jul 2021 22:01:59 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://a.rfihub.com/cm?pub=445&in=0&forward=&google_gid=CAESEH7Rg4F0c_F8dzRFr1Ph8Ak&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 311
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK setuid
ib.adnxs.com/ Frame 0A6B 43 B
994 B 57ms
55ms Image
image/gif 37.252.173.22
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=18&code=1875819621268740661

Requested by

Host: 20822660p.rfihub.com
URL: https://20822660p.rfihub.com/ca.html?ver=9&rb=40600&ca=20822660&_o=40600&_t=306697125&transid=xnamyl4jur38i&pe=https%3A%2F%2F9635419.fls.doubleclick.net%2Factivityi%3Bdc_pre%3DCJX_pMzA2fECFUwH4AodpJgH7A%3Bsrc%3D9635419%3Btype%3D111127%3Bcat%3D6697125%3Bqty%3D1%3Bcost%3D0.00%3Bu%3D8831E537-AA66-46C4-B179-DDD8B746F995%3Bu1%3Dxnamyl4jur38i%3Bu2%3D0.00%3Bu3%3D%3Bu4%3D%3Bu5%3D%3Bu6%3D%3Bu7%3D%3Bu8%3D%3Bu9%3D%3Bu10%3D%3Bu11%3D%3Bu12%3D%3Bu13%3D%3Bu14%3D%3Bu15%3D%3Bu16%3D%3Bu17%3D%3Bu18%3D%3Bu19%3D%3Bu20%3D%3Bord%3Dxnamyl4jur38i%3F&pf=https%3A%2F%2F4605991.fls.doubleclick.net%2F&ra=6767492651534741

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.173.22 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

536.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://20822660p.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 10 Jul 2021 22:01:59 GMT
X-Proxy-Origin: 5.253.207.212; 5.253.207.212; 536.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid: ebb4517a-19e9-49de-a0da-e401681604f0
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1

200
OK

cm
p.rfihub.com/ Frame 0A6B
Redirect Chain

https://stags.bluekai.com/site/4722?id=1875819621268740661&redir=https%3A%2F%2Fp.rfihub.com%2Fcm%3Fbk_uuid%3D%24_BK_UUID%26forward%3D
https://p.rfihub.com/cm?bk_uuid=8ZE2%2Fx9999YAYroQ&forward=

42 B
1 KB

37ms
37ms

Image
image/gif

193.0.160.129
ROCKETFUEL

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://p.rfihub.com/cm?bk_uuid=8ZE2%2Fx9999YAYroQ&forward=
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_CBC
Server: 193.0.160.129 , United States, ASN54312 (ROCKETFUEL, US),
Reverse DNS
Software: Jetty(9.3.29.v20201019) /
Resource Hash: 47043e4823a6c21a8881de789b4185355330b5804629d23f6b43dd93f5265292

Request headers

Referer: https://20822660p.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 10 Jul 2021 22:01:59 GMT
Cache-Control: no-cache
Server: Jetty(9.3.29.v20201019)
Content-Type: image/gif
Content-Length: 42
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

Redirect headers

Date: Sat, 10 Jul 2021 22:01:59 GMT
P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
Location: https://p.rfihub.com/cm?bk_uuid=8ZE2%2Fx9999YAYroQ&forward=
Cache-Control: max-age=86400, private
Connection: keep-alive
Content-Length: 0
BK-Server: 4e07
Expires: Sun, 11 Jul 2021 22:01:59 GMT

GET
H/1.1 200
OK ibs:dpid=1121&dpuuid=1875819621268740661&redir=
dpm.demdex.net/ Frame 0A6B 42 B
956 B 56ms
53ms Image
image/gif 54.171.168.191
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=1121&dpuuid=1875819621268740661&redir=

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.171.168.191 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-54-171-168-191.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: https://20822660p.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

DCS: dcs-prod-irl1-1-v012-0a5d1c7f9.edge-irl1.demdex.com 6.3.1.20210623115127
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: UcfJ6g1tRzs=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H/1.1 200
OK rum
dsum-sec.casalemedia.com/ Frame 0A6B 43 B
1006 B 50ms
45ms Image
image/gif 2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=57&external_user_id=1875819621268740661&forward=
Requested by: Host: 20822660p.rfihub.com
URL: https://20822660p.rfihub.com/ca.html?ver=9&rb=40600&ca=20822660&_o=40600&_t=306697125&transid=xnamyl4jur38i&pe=https%3A%2F%2F9635419.fls.doubleclick.net%2Factivityi%3Bdc_pre%3DCJX_pMzA2fECFUwH4AodpJgH7A%3Bsrc%3D9635419%3Btype%3D111127%3Bcat%3D6697125%3Bqty%3D1%3Bcost%3D0.00%3Bu%3D8831E537-AA66-46C4-B179-DDD8B746F995%3Bu1%3Dxnamyl4jur38i%3Bu2%3D0.00%3Bu3%3D%3Bu4%3D%3Bu5%3D%3Bu6%3D%3Bu7%3D%3Bu8%3D%3Bu9%3D%3Bu10%3D%3Bu11%3D%3Bu12%3D%3Bu13%3D%3Bu14%3D%3Bu15%3D%3Bu16%3D%3Bu17%3D%3Bu18%3D%3Bu19%3D%3Bu20%3D%3Bord%3Dxnamyl4jur38i%3F&pf=https%3A%2F%2F4605991.fls.doubleclick.net%2F&ra=6767492651534741
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://20822660p.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 10 Jul 2021 22:01:59 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Sat, 10 Jul 2021 22:01:59 GMT

GET
H2 200 360947.gif
idsync.rlcdn.com/ Frame 0A6B 42 B
299 B 40ms
34ms Image
image/gif 35.244.174.68
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://idsync.rlcdn.com/360947.gif?partner_uid=1875819621268740661
Requested by: Host: 20822660p.rfihub.com
URL: https://20822660p.rfihub.com/ca.html?ver=9&rb=40600&ca=20822660&_o=40600&_t=306697125&transid=xnamyl4jur38i&pe=https%3A%2F%2F9635419.fls.doubleclick.net%2Factivityi%3Bdc_pre%3DCJX_pMzA2fECFUwH4AodpJgH7A%3Bsrc%3D9635419%3Btype%3D111127%3Bcat%3D6697125%3Bqty%3D1%3Bcost%3D0.00%3Bu%3D8831E537-AA66-46C4-B179-DDD8B746F995%3Bu1%3Dxnamyl4jur38i%3Bu2%3D0.00%3Bu3%3D%3Bu4%3D%3Bu5%3D%3Bu6%3D%3Bu7%3D%3Bu8%3D%3Bu9%3D%3Bu10%3D%3Bu11%3D%3Bu12%3D%3Bu13%3D%3Bu14%3D%3Bu15%3D%3Bu16%3D%3Bu17%3D%3Bu18%3D%3Bu19%3D%3Bu20%3D%3Bord%3Dxnamyl4jur38i%3F&pf=https%3A%2F%2F4605991.fls.doubleclick.net%2F&ra=6767492651534741
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.174.68 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 68.174.244.35.bc.googleusercontent.com
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://20822660p.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 10 Jul 2021 22:01:59 GMT
via: 1.1 google
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
cache-control: no-cache, no-store
content-type: image/gif
alt-svc: clear
content-length: 42

GET
H2 200 rocketfuel_sync
x.dlx.addthis.com/e/ Frame 0A6B 43 B
191 B 203ms
198ms Image
image/gif 23.37.43.59
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://x.dlx.addthis.com/e/rocketfuel_sync?na_exid=1875819621268740661

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.37.43.59 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-37-43-59.deploy.static.akamaitechnologies.com

Software

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=2628000

Request headers

Referer: https://20822660p.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 10 Jul 2021 22:01:59 GMT
cache-control: max-age=0, no-cache, no-store
expires: Sat, 10 Jul 2021 22:01:59 GMT
content-length: 43
strict-transport-security: max-age=2628000
content-type: image/gif

GET
H/1.1 200 partner
sync.search.spotxchange.com/ Frame 0A6B 43 B
548 B 44ms
41ms Image
image/gif 185.94.180.126
SPOTX-AMS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.search.spotxchange.com/partner?adv_id=7180&uid=1875819621268740661&img=1
Requested by: Host: 20822660p.rfihub.com
URL: https://20822660p.rfihub.com/ca.html?ver=9&rb=40600&ca=20822660&_o=40600&_t=306697125&transid=xnamyl4jur38i&pe=https%3A%2F%2F9635419.fls.doubleclick.net%2Factivityi%3Bdc_pre%3DCJX_pMzA2fECFUwH4AodpJgH7A%3Bsrc%3D9635419%3Btype%3D111127%3Bcat%3D6697125%3Bqty%3D1%3Bcost%3D0.00%3Bu%3D8831E537-AA66-46C4-B179-DDD8B746F995%3Bu1%3Dxnamyl4jur38i%3Bu2%3D0.00%3Bu3%3D%3Bu4%3D%3Bu5%3D%3Bu6%3D%3Bu7%3D%3Bu8%3D%3Bu9%3D%3Bu10%3D%3Bu11%3D%3Bu12%3D%3Bu13%3D%3Bu14%3D%3Bu15%3D%3Bu16%3D%3Bu17%3D%3Bu18%3D%3Bu19%3D%3Bu20%3D%3Bord%3Dxnamyl4jur38i%3F&pf=https%3A%2F%2F4605991.fls.doubleclick.net%2F&ra=6767492651534741
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.94.180.126 , United States, ASN35220 (SPOTX-AMS, US),
Reverse DNS
Software: nginx /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

Referer: https://20822660p.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 10 Jul 2021 22:01:59 GMT
Server: nginx
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: image/gif
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials: false
X-fe: 68
Connection: keep-alive
Content-Length: 43

GET
H2 200 g.pixel
aa.agkn.com/adscores/ Frame 0A6B 43 B
237 B 31ms
27ms Image
image/gif 3.127.52.31
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://aa.agkn.com/adscores/g.pixel?sid=9212192898&rf=1875819621268740661
Requested by: Host: 20822660p.rfihub.com
URL: https://20822660p.rfihub.com/ca.html?ver=9&rb=40600&ca=20822660&_o=40600&_t=306697125&transid=xnamyl4jur38i&pe=https%3A%2F%2F9635419.fls.doubleclick.net%2Factivityi%3Bdc_pre%3DCJX_pMzA2fECFUwH4AodpJgH7A%3Bsrc%3D9635419%3Btype%3D111127%3Bcat%3D6697125%3Bqty%3D1%3Bcost%3D0.00%3Bu%3D8831E537-AA66-46C4-B179-DDD8B746F995%3Bu1%3Dxnamyl4jur38i%3Bu2%3D0.00%3Bu3%3D%3Bu4%3D%3Bu5%3D%3Bu6%3D%3Bu7%3D%3Bu8%3D%3Bu9%3D%3Bu10%3D%3Bu11%3D%3Bu12%3D%3Bu13%3D%3Bu14%3D%3Bu15%3D%3Bu16%3D%3Bu17%3D%3Bu18%3D%3Bu19%3D%3Bu20%3D%3Bord%3Dxnamyl4jur38i%3F&pf=https%3A%2F%2F4605991.fls.doubleclick.net%2F&ra=6767492651534741
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.127.52.31 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-127-52-31.eu-central-1.compute.amazonaws.com
Software: AAWebServer /
Resource Hash: 98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a

Request headers

Referer: https://20822660p.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 10 Jul 2021 22:01:59 GMT
server: AAWebServer
p3p: policyref="https://www.agkn.com/p3p/p3p.xml",CP="NOI NID"
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-length: 43
expires: 0

GET
H2 200 sync
x.bidswitch.net/ Frame 0A6B 43 B
145 B 32ms
29ms Image
image/gif 3.126.158.103
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://x.bidswitch.net/sync?dsp_id=119&user_id=1875819621268740661&expires=30
Requested by: Host: 20822660p.rfihub.com
URL: https://20822660p.rfihub.com/ca.html?ver=9&rb=40600&ca=20822660&_o=40600&_t=306697125&transid=xnamyl4jur38i&pe=https%3A%2F%2F9635419.fls.doubleclick.net%2Factivityi%3Bdc_pre%3DCJX_pMzA2fECFUwH4AodpJgH7A%3Bsrc%3D9635419%3Btype%3D111127%3Bcat%3D6697125%3Bqty%3D1%3Bcost%3D0.00%3Bu%3D8831E537-AA66-46C4-B179-DDD8B746F995%3Bu1%3Dxnamyl4jur38i%3Bu2%3D0.00%3Bu3%3D%3Bu4%3D%3Bu5%3D%3Bu6%3D%3Bu7%3D%3Bu8%3D%3Bu9%3D%3Bu10%3D%3Bu11%3D%3Bu12%3D%3Bu13%3D%3Bu14%3D%3Bu15%3D%3Bu16%3D%3Bu17%3D%3Bu18%3D%3Bu19%3D%3Bu20%3D%3Bord%3Dxnamyl4jur38i%3F&pf=https%3A%2F%2F4605991.fls.doubleclick.net%2F&ra=6767492651534741
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.126.158.103 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-158-103.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Referer: https://20822660p.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 10 Jul 2021 22:01:59 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 43
content-type: image/gif

GET
H/1.1

200
OK

match
ps.eyeota.net/ Frame 0A6B
Redirect Chain

https://p.rfihub.com/cm?pub=24472&in=1
https://ps.eyeota.net/match?uid=1875819621268740661&bid=omt9pi0

70 B
440 B

374ms
374ms

Image
image/gif

3.121.27.153
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ps.eyeota.net/match?uid=1875819621268740661&bid=omt9pi0
Requested by: Host: 4605991.fls.doubleclick.net
URL: https://4605991.fls.doubleclick.net/ddm/fls/r/dc_pre=COXP_bOtr-MCFUfT1QoddcUGvQ;src=4605991;type=hp_offer;cat=off_all;gtm=2wg6q1;gcldc=EAIaIQobChMIwfS5pa2v4wIVCYbVCh1hHAfOEAAYASAAEgIafPD_BwE;gclaw=EAIaIQobChMIwfS5pa2v4wIVCYbVCh1hHAfOEAAYASAAEgIafPD_BwE;auiddc=1160107375.1562933607;u16=undefined;u15=undefined;u1=gb_en;~oref=https:/www.alitalia.com/en_gb/offers.html%3FWT.mc_id=search_Google_BrandGeneric_UK&WT.srch=1&gclid=EAIaIQobChMIwfS5pa2v4wIVCYbVCh1hHAfOEAAYASAAEgIafPD_BwE&gclsrc=aw.ds
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 3.121.27.153 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-121-27-153.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: de9d3fd0eb948bd294477d0eda60a73b85caff1794803530d0463193a113da98

Request headers

Referer: https://20822660p.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 10 Jul 2021 22:01:59 GMT
Content-Type: image/gif
Content-Length: 70
P3P: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR SAMo BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR", policyref="http://ps.eyeota.net/w3c/p3p.xml"

Redirect headers

Location: https://ps.eyeota.net/match?uid=1875819621268740661&bid=omt9pi0
Date: Sat, 10 Jul 2021 22:01:59 GMT
Server: Jetty(9.3.29.v20201019)
Content-Length: 0
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H/1.1

200
OK

cm
p.rfihub.com/ Frame 0A6B
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/Mlpt2JaG/?redir=https%3A%2F%2Fp.rfihub.com%2Fcm%3Fin%3D1%26pub%3D21653%26userid%3D%24%7BTM_USER_ID%7D
https://p.rfihub.com/cm?in=1&pub=21653&userid=YOoY1wACuW_t8wA4

42 B
1 KB

38ms
37ms

Image
image/gif

193.0.160.129
ROCKETFUEL

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://p.rfihub.com/cm?in=1&pub=21653&userid=YOoY1wACuW_t8wA4
Requested by: Host: 4605991.fls.doubleclick.net
URL: https://4605991.fls.doubleclick.net/ddm/fls/r/dc_pre=COXP_bOtr-MCFUfT1QoddcUGvQ;src=4605991;type=hp_offer;cat=off_all;gtm=2wg6q1;gcldc=EAIaIQobChMIwfS5pa2v4wIVCYbVCh1hHAfOEAAYASAAEgIafPD_BwE;gclaw=EAIaIQobChMIwfS5pa2v4wIVCYbVCh1hHAfOEAAYASAAEgIafPD_BwE;auiddc=1160107375.1562933607;u16=undefined;u15=undefined;u1=gb_en;~oref=https:/www.alitalia.com/en_gb/offers.html%3FWT.mc_id=search_Google_BrandGeneric_UK&WT.srch=1&gclid=EAIaIQobChMIwfS5pa2v4wIVCYbVCh1hHAfOEAAYASAAEgIafPD_BwE&gclsrc=aw.ds
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_CBC
Server: 193.0.160.129 , United States, ASN54312 (ROCKETFUEL, US),
Reverse DNS
Software: Jetty(9.3.29.v20201019) /
Resource Hash: 47043e4823a6c21a8881de789b4185355330b5804629d23f6b43dd93f5265292

Request headers

Referer: https://20822660p.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 10 Jul 2021 22:01:59 GMT
Cache-Control: no-cache
Server: Jetty(9.3.29.v20201019)
Content-Type: image/gif
Content-Length: 42
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

Redirect headers

pragma: no-cache
date: Sat, 10 Jul 2021 22:01:59 GMT
via: 1.1 varnish
server: Varnish
x-timer: S1625954519.458593,VS0,VE0
x-served-by: cache-fra19152-FRA
x-cache: HIT
location: https://p.rfihub.com/cm?in=1&pub=21653&userid=YOoY1wACuW_t8wA4
cache-control: no-cache
accept-ranges: bytes
content-length: 0
retry-after: 0
x-cache-hits: 0

GET
H2 200 cksync.php
contextual.media.net/ Frame 0A6B 46 B
533 B 78ms
75ms Image
image/gif 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://contextual.media.net/cksync.php?cs=3&type=rkt&ovsid=1875819621268740661

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

579a172ca2c700734ebcfa06d105a134f31ec2357660e58e0874cfdee8472fd4

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Referer: https://20822660p.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=604800
server: Apache
date: Sat, 10 Jul 2021 22:01:59 GMT
p3p: CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
cache-control: max-age=0, no-cache, no-store
content-type: image/gif
content-length: 46
x-mnet-hl2: E
expires: Sat, 10 Jul 2021 22:01:59 GMT

GET
H/1.1

200
OK

cm
p.rfihub.com/ Frame 0A6B
Redirect Chain

https://bs.serving-sys.com/serving?cn=um&dpid=12&rtu=https%3A%2F%2Fp.rfihub.com%2Fcm%3Fin%3D1%26pub%3D17945%26userid%3D%5B%25tp_UserID%25%5D
https://p.rfihub.com/cm?in=1&pub=17945&userid=80358bd9-9123-46e5-9ec0-126e0731b2eb

42 B
1 KB

39ms
39ms

Image
image/gif

193.0.160.129
ROCKETFUEL

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://p.rfihub.com/cm?in=1&pub=17945&userid=80358bd9-9123-46e5-9ec0-126e0731b2eb
Requested by: Host: 4605991.fls.doubleclick.net
URL: https://4605991.fls.doubleclick.net/ddm/fls/r/dc_pre=COXP_bOtr-MCFUfT1QoddcUGvQ;src=4605991;type=hp_offer;cat=off_all;gtm=2wg6q1;gcldc=EAIaIQobChMIwfS5pa2v4wIVCYbVCh1hHAfOEAAYASAAEgIafPD_BwE;gclaw=EAIaIQobChMIwfS5pa2v4wIVCYbVCh1hHAfOEAAYASAAEgIafPD_BwE;auiddc=1160107375.1562933607;u16=undefined;u15=undefined;u1=gb_en;~oref=https:/www.alitalia.com/en_gb/offers.html%3FWT.mc_id=search_Google_BrandGeneric_UK&WT.srch=1&gclid=EAIaIQobChMIwfS5pa2v4wIVCYbVCh1hHAfOEAAYASAAEgIafPD_BwE&gclsrc=aw.ds
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_CBC
Server: 193.0.160.129 , United States, ASN54312 (ROCKETFUEL, US),
Reverse DNS
Software: Jetty(9.3.29.v20201019) /
Resource Hash: 47043e4823a6c21a8881de789b4185355330b5804629d23f6b43dd93f5265292

Request headers

Referer: https://20822660p.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 10 Jul 2021 22:01:59 GMT
Cache-Control: no-cache
Server: Jetty(9.3.29.v20201019)
Content-Type: image/gif
Content-Length: 42
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

Redirect headers

pragma: no-cache
date: Sat, 10 Jul 2021 22:01:59 GMT
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
p3p: CP="NOI DEVa OUR BUS UNI"
location: https://p.rfihub.com/cm?in=1&pub=17945&userid=80358bd9-9123-46e5-9ec0-126e0731b2eb
cache-control: private
content-type: text/html; charset=UTF-8
content-length: 213
expires: Sun, 05-Jun-2005 22:00:00 GMT

GET
H2 200 /
bpi.rtactivate.com/tag/ Frame 0A6B 43 B
108 B 181ms
178ms Image
image/gif 184.73.14.153
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bpi.rtactivate.com/tag/?id=11017&user_id=1875819621268740661
Requested by: Host: 20822660p.rfihub.com
URL: https://20822660p.rfihub.com/ca.html?ver=9&rb=40600&ca=20822660&_o=40600&_t=306697125&transid=xnamyl4jur38i&pe=https%3A%2F%2F9635419.fls.doubleclick.net%2Factivityi%3Bdc_pre%3DCJX_pMzA2fECFUwH4AodpJgH7A%3Bsrc%3D9635419%3Btype%3D111127%3Bcat%3D6697125%3Bqty%3D1%3Bcost%3D0.00%3Bu%3D8831E537-AA66-46C4-B179-DDD8B746F995%3Bu1%3Dxnamyl4jur38i%3Bu2%3D0.00%3Bu3%3D%3Bu4%3D%3Bu5%3D%3Bu6%3D%3Bu7%3D%3Bu8%3D%3Bu9%3D%3Bu10%3D%3Bu11%3D%3Bu12%3D%3Bu13%3D%3Bu14%3D%3Bu15%3D%3Bu16%3D%3Bu17%3D%3Bu18%3D%3Bu19%3D%3Bu20%3D%3Bord%3Dxnamyl4jur38i%3F&pf=https%3A%2F%2F4605991.fls.doubleclick.net%2F&ra=6767492651534741
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 184.73.14.153 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-184-73-14-153.compute-1.amazonaws.com
Software: awselb/2.0 /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://20822660p.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 10 Jul 2021 22:01:59 GMT
server: awselb/2.0
content-length: 43
content-type: image/gif

GET
H/1.1 204
No Content tap.php
pixel.rubiconproject.com/ Frame 0A6B 0
239 B 30ms
28ms Image
image/gif 69.173.144.165
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=13490&nid=2596&put=1875819621268740661
Requested by: Host: 9635419.fls.doubleclick.net
URL: https://9635419.fls.doubleclick.net/activityi;dc_pre=CJX_pMzA2fECFUwH4AodpJgH7A;src=9635419;type=111127;cat=6697125;qty=1;cost=0.00;u=8831E537-AA66-46C4-B179-DDD8B746F995;u1=xnamyl4jur38i;u2=0.00;u3=;u4=;u5=;u6=;u7=;u8=;u9=;u10=;u11=;u12=;u13=;u14=;u15=;u16=;u17=;u18=;u19=;u20=;ord=xnamyl4jur38i?
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 69.173.144.165 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://20822660p.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: 78e3bdce5107450057bade54d54a0a7e
Content-Type: image/gif

GET
H2 204 v1
ads.yahoo.com/cms/ Frame 0A6B 0
293 B 9ms
7ms Image
text/plain 2a00:1288:80:800::7001
YAHOO-DEB

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ads.yahoo.com/cms/v1?esig=1~84c296ca4cae9f73fbcc48363a3cd4cd34be98f5&nwid=10000648372&sigv=1

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1288:80:800::7001 Frankfurt am Main, Germany, ASN203220 (YAHOO-DEB, GB),

Reverse DNS

Software

ATS /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://20822660p.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 10 Jul 2021 22:01:59 GMT
cache-control: no-store
x-content-type-options: nosniff
server: ATS
strict-transport-security: max-age=15552000
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-xss-protection: 1; mode=block

GET
H2 200 sync
partners.tremorhub.com/ Frame 0A6B 43 B
182 B 95ms
93ms Image
image/gif 2600:1f18:612b:4232:380b:6483:6fb1:583d
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://partners.tremorhub.com/sync?UIRF=1875819621268740661&r=1a3oWDLOCKO9
Requested by: Host: 9635419.fls.doubleclick.net
URL: https://9635419.fls.doubleclick.net/activityi;dc_pre=CJX_pMzA2fECFUwH4AodpJgH7A;src=9635419;type=111127;cat=6697125;qty=1;cost=0.00;u=8831E537-AA66-46C4-B179-DDD8B746F995;u1=xnamyl4jur38i;u2=0.00;u3=;u4=;u5=;u6=;u7=;u8=;u9=;u10=;u11=;u12=;u13=;u14=;u15=;u16=;u17=;u18=;u19=;u20=;ord=xnamyl4jur38i?
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:612b:4232:380b:6483:6fb1:583d Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: Apache-Coyote/1.1 /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Referer: https://20822660p.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 10 Jul 2021 22:01:59 GMT
server: Apache-Coyote/1.1
p3p: CP='This is not a P3P policy. See https://telaria.com/privacy-policy/'
content-type: image/gif

GET
H2 204 usermatch.gif
beacon.krxd.net/ Frame 0A6B 0
337 B 53ms
51ms Image
text/plain 34.247.15.24
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://beacon.krxd.net/usermatch.gif?partner_id=rfuel&partner_user_id=1875819621268740661
Requested by: Host: 9635419.fls.doubleclick.net
URL: https://9635419.fls.doubleclick.net/activityi;dc_pre=CJX_pMzA2fECFUwH4AodpJgH7A;src=9635419;type=111127;cat=6697125;qty=1;cost=0.00;u=8831E537-AA66-46C4-B179-DDD8B746F995;u1=xnamyl4jur38i;u2=0.00;u3=;u4=;u5=;u6=;u7=;u8=;u9=;u10=;u11=;u12=;u13=;u14=;u15=;u16=;u17=;u18=;u19=;u20=;ord=xnamyl4jur38i?
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.247.15.24 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-247-15-24.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://20822660p.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 10 Jul 2021 22:01:59 GMT
cache-control: private, no-cache, no-store
x-request-time: D=73 t=1625954519
x-served-by: beacon-n001-dub-prod.krxd.net
p3p: policyref="https://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H2

200

52154.gif
idsync.rlcdn.com/ Frame 0A6B
Redirect Chain

https://live.rezync.com/pixel?c=bd8618c307ae9885a12561b7191e2cea&cid=1875819621268740661&referrer=https%3A%2F%2F4605991.fls.doubleclick.net%2F
https://p.rfihub.com/cm?pub=39342&in=0&userid=539dc4c4-e952-4fd9-a6f7-69c5f00e7627%3A1625954519.05&forward=https%3A//idsync.rlcdn.com/501709.gif%3Fpartner_uid%3D539dc4c4-e952-4fd9-a6f7-69c5f00e7627...
https://idsync.rlcdn.com/501709.gif?partner_uid=539dc4c4-e952-4fd9-a6f7-69c5f00e7627%3A1625954519.05
https://ib.adnxs.com/getuid?https%3A%2F%2Fidsync.rlcdn.com%2F52154.gif%3Fserved_by%3Devergreen%26partner_uid%3D%24UID
https://idsync.rlcdn.com/52154.gif?served_by=evergreen&partner_uid=4337401291076033357

42 B
308 B

35ms
35ms

Image
image/gif

35.244.174.68
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://idsync.rlcdn.com/52154.gif?served_by=evergreen&partner_uid=4337401291076033357
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.174.68 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 68.174.244.35.bc.googleusercontent.com
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://20822660p.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 10 Jul 2021 22:01:59 GMT
via: 1.1 google
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
cache-control: no-cache, no-store
content-type: image/gif
alt-svc: clear
content-length: 42

Redirect headers

Pragma: no-cache
Date: Sat, 10 Jul 2021 22:01:59 GMT
X-Proxy-Origin: 5.253.207.212; 5.253.207.212; 536.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid: 136d66d7-dfd2-4ee2-8a45-d1c60a8eb94f
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://idsync.rlcdn.com/52154.gif?served_by=evergreen&partner_uid=4337401291076033357
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1

200
OK

cm
a.rfihub.com/ Frame 2CE5
Redirect Chain

https://cm.g.doubleclick.net/pixel?&in=0&google_nid=zeta_interactive&google_cm=&google_sc=&google_hm=MTg3NTgxOTYyMTI2ODc0MDY2MQ==&forward=
https://a.rfihub.com/cm?pub=445&in=0&forward=&google_gid=CAESEH7Rg4F0c_F8dzRFr1Ph8Ak&google_cver=1

42 B
1 KB

42ms
40ms

Image
image/gif

193.0.160.129
ROCKETFUEL

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://a.rfihub.com/cm?pub=445&in=0&forward=&google_gid=CAESEH7Rg4F0c_F8dzRFr1Ph8Ak&google_cver=1
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_CBC
Server: 193.0.160.129 , United States, ASN54312 (ROCKETFUEL, US),
Reverse DNS
Software: Jetty(9.3.29.v20201019) /
Resource Hash: 47043e4823a6c21a8881de789b4185355330b5804629d23f6b43dd93f5265292

Request headers

Referer: https://20822659p.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 10 Jul 2021 22:01:59 GMT
Cache-Control: no-cache
Server: Jetty(9.3.29.v20201019)
Content-Type: image/gif
Content-Length: 42
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

Redirect headers

pragma: no-cache
date: Sat, 10 Jul 2021 22:01:59 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://a.rfihub.com/cm?pub=445&in=0&forward=&google_gid=CAESEH7Rg4F0c_F8dzRFr1Ph8Ak&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 311
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK setuid
ib.adnxs.com/ Frame 2CE5 43 B
994 B 31ms
27ms Image
image/gif 37.252.173.22
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=18&code=1875819621268740661

Requested by

Host: 20822659p.rfihub.com
URL: https://20822659p.rfihub.com/ca.html?ver=9&rb=40600&ca=20822659&_o=40600&_t=6158&segments=%5B306697124%5D&pe=https%3A%2F%2F9635419.fls.doubleclick.net%2Factivityi%3Bdc_pre%3DCNzCpszA2fECFUt-4AodIxcHBg%3Bsrc%3D9635419%3Btype%3D6158%3Bcat%3D111127%3Bord%3Dxnamyl4jur38i%3Bu20%3D%5B306697124%5D%3F&pf=https%3A%2F%2F4605991.fls.doubleclick.net%2F&ra=765586558986697

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.173.22 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

536.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://20822659p.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 10 Jul 2021 22:01:59 GMT
X-Proxy-Origin: 5.253.207.212; 5.253.207.212; 536.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid: 4cd6a6a1-07e7-41fd-8786-98ce7ff8d502
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1

200
OK

cm
p.rfihub.com/ Frame 2CE5
Redirect Chain

https://stags.bluekai.com/site/4722?id=1875819621268740661&redir=https%3A%2F%2Fp.rfihub.com%2Fcm%3Fbk_uuid%3D%24_BK_UUID%26forward%3D
https://p.rfihub.com/cm?bk_uuid=8ZE2%2Fx9999YAYroQ&forward=

42 B
1 KB

37ms
37ms

Image
image/gif

193.0.160.129
ROCKETFUEL

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://p.rfihub.com/cm?bk_uuid=8ZE2%2Fx9999YAYroQ&forward=
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_CBC
Server: 193.0.160.129 , United States, ASN54312 (ROCKETFUEL, US),
Reverse DNS
Software: Jetty(9.3.29.v20201019) /
Resource Hash: 47043e4823a6c21a8881de789b4185355330b5804629d23f6b43dd93f5265292

Request headers

Referer: https://20822659p.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 10 Jul 2021 22:01:59 GMT
Cache-Control: no-cache
Server: Jetty(9.3.29.v20201019)
Content-Type: image/gif
Content-Length: 42
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

Redirect headers

location: https://p.rfihub.com/cm?bk_uuid=8ZE2%2Fx9999YAYroQ&forward=
date: Sat, 10 Jul 2021 22:01:59 GMT
cache-control: max-age=86400, private
expires: Sun, 11 Jul 2021 22:01:59 GMT
content-length: 0
bk-server: 3327
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"

GET
H/1.1 200
OK ibs:dpid=1121&dpuuid=1875819621268740661&redir=
dpm.demdex.net/ Frame 2CE5 42 B
956 B 57ms
53ms Image
image/gif 54.171.168.191
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=1121&dpuuid=1875819621268740661&redir=

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.171.168.191 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-54-171-168-191.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: https://20822659p.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

DCS: dcs-prod-irl1-1-v012-0d93da951.edge-irl1.demdex.com 6.3.1.20210623115127
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: 9M68qBHETuQ=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H/1.1 200
OK rum
dsum-sec.casalemedia.com/ Frame 2CE5 43 B
886 B 49ms
46ms Image
image/gif 2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=57&external_user_id=1875819621268740661&forward=
Requested by: Host: 20822659p.rfihub.com
URL: https://20822659p.rfihub.com/ca.html?ver=9&rb=40600&ca=20822659&_o=40600&_t=6158&segments=%5B306697124%5D&pe=https%3A%2F%2F9635419.fls.doubleclick.net%2Factivityi%3Bdc_pre%3DCNzCpszA2fECFUt-4AodIxcHBg%3Bsrc%3D9635419%3Btype%3D6158%3Bcat%3D111127%3Bord%3Dxnamyl4jur38i%3Bu20%3D%5B306697124%5D%3F&pf=https%3A%2F%2F4605991.fls.doubleclick.net%2F&ra=765586558986697
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://20822659p.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 10 Jul 2021 22:01:59 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Sat, 10 Jul 2021 22:01:59 GMT

GET
H2 200 360947.gif
idsync.rlcdn.com/ Frame 2CE5 42 B
299 B 40ms
36ms Image
image/gif 35.244.174.68
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://idsync.rlcdn.com/360947.gif?partner_uid=1875819621268740661
Requested by: Host: 20822659p.rfihub.com
URL: https://20822659p.rfihub.com/ca.html?ver=9&rb=40600&ca=20822659&_o=40600&_t=6158&segments=%5B306697124%5D&pe=https%3A%2F%2F9635419.fls.doubleclick.net%2Factivityi%3Bdc_pre%3DCNzCpszA2fECFUt-4AodIxcHBg%3Bsrc%3D9635419%3Btype%3D6158%3Bcat%3D111127%3Bord%3Dxnamyl4jur38i%3Bu20%3D%5B306697124%5D%3F&pf=https%3A%2F%2F4605991.fls.doubleclick.net%2F&ra=765586558986697
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.174.68 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 68.174.244.35.bc.googleusercontent.com
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://20822659p.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 10 Jul 2021 22:01:59 GMT
via: 1.1 google
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
cache-control: no-cache, no-store
content-type: image/gif
alt-svc: clear
content-length: 42

GET
H2 200 rocketfuel_sync
x.dlx.addthis.com/e/ Frame 2CE5 43 B
191 B 192ms
189ms Image
image/gif 23.37.43.59
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://x.dlx.addthis.com/e/rocketfuel_sync?na_exid=1875819621268740661

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.37.43.59 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-37-43-59.deploy.static.akamaitechnologies.com

Software

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=2628000

Request headers

Referer: https://20822659p.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 10 Jul 2021 22:01:59 GMT
cache-control: max-age=0, no-cache, no-store
expires: Sat, 10 Jul 2021 22:01:59 GMT
content-length: 43
strict-transport-security: max-age=2628000
content-type: image/gif

GET
H/1.1 200 partner
sync.search.spotxchange.com/ Frame 2CE5 43 B
547 B 44ms
41ms Image
image/gif 185.94.180.126
SPOTX-AMS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.search.spotxchange.com/partner?adv_id=7180&uid=1875819621268740661&img=1
Requested by: Host: 20822659p.rfihub.com
URL: https://20822659p.rfihub.com/ca.html?ver=9&rb=40600&ca=20822659&_o=40600&_t=6158&segments=%5B306697124%5D&pe=https%3A%2F%2F9635419.fls.doubleclick.net%2Factivityi%3Bdc_pre%3DCNzCpszA2fECFUt-4AodIxcHBg%3Bsrc%3D9635419%3Btype%3D6158%3Bcat%3D111127%3Bord%3Dxnamyl4jur38i%3Bu20%3D%5B306697124%5D%3F&pf=https%3A%2F%2F4605991.fls.doubleclick.net%2F&ra=765586558986697
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.94.180.126 , United States, ASN35220 (SPOTX-AMS, US),
Reverse DNS
Software: nginx /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

Referer: https://20822659p.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 10 Jul 2021 22:01:59 GMT
Server: nginx
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: image/gif
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials: false
X-fe: 7
Connection: keep-alive
Content-Length: 43

GET
H2 200 g.pixel
aa.agkn.com/adscores/ Frame 2CE5 43 B
237 B 31ms
28ms Image
image/gif 3.127.52.31
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://aa.agkn.com/adscores/g.pixel?sid=9212192898&rf=1875819621268740661
Requested by: Host: 20822659p.rfihub.com
URL: https://20822659p.rfihub.com/ca.html?ver=9&rb=40600&ca=20822659&_o=40600&_t=6158&segments=%5B306697124%5D&pe=https%3A%2F%2F9635419.fls.doubleclick.net%2Factivityi%3Bdc_pre%3DCNzCpszA2fECFUt-4AodIxcHBg%3Bsrc%3D9635419%3Btype%3D6158%3Bcat%3D111127%3Bord%3Dxnamyl4jur38i%3Bu20%3D%5B306697124%5D%3F&pf=https%3A%2F%2F4605991.fls.doubleclick.net%2F&ra=765586558986697
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.127.52.31 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-127-52-31.eu-central-1.compute.amazonaws.com
Software: AAWebServer /
Resource Hash: 98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a

Request headers

Referer: https://20822659p.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 10 Jul 2021 22:01:59 GMT
server: AAWebServer
p3p: policyref="https://www.agkn.com/p3p/p3p.xml",CP="NOI NID"
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-length: 43
expires: 0

GET
H2 200 sync
x.bidswitch.net/ Frame 2CE5 43 B
145 B 35ms
32ms Image
image/gif 3.126.158.103
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://x.bidswitch.net/sync?dsp_id=119&user_id=1875819621268740661&expires=30
Requested by: Host: 20822659p.rfihub.com
URL: https://20822659p.rfihub.com/ca.html?ver=9&rb=40600&ca=20822659&_o=40600&_t=6158&segments=%5B306697124%5D&pe=https%3A%2F%2F9635419.fls.doubleclick.net%2Factivityi%3Bdc_pre%3DCNzCpszA2fECFUt-4AodIxcHBg%3Bsrc%3D9635419%3Btype%3D6158%3Bcat%3D111127%3Bord%3Dxnamyl4jur38i%3Bu20%3D%5B306697124%5D%3F&pf=https%3A%2F%2F4605991.fls.doubleclick.net%2F&ra=765586558986697
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.126.158.103 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-158-103.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Referer: https://20822659p.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 10 Jul 2021 22:01:59 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 43
content-type: image/gif

GET
H/1.1

200
OK

match
ps.eyeota.net/ Frame 2CE5
Redirect Chain

https://p.rfihub.com/cm?pub=24472&in=1
https://ps.eyeota.net/match?uid=1875819621268740661&bid=omt9pi0

70 B
440 B

1108ms
1050ms

Image
image/gif

3.121.27.153
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ps.eyeota.net/match?uid=1875819621268740661&bid=omt9pi0
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 3.121.27.153 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-121-27-153.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: de9d3fd0eb948bd294477d0eda60a73b85caff1794803530d0463193a113da98

Request headers

Referer: https://20822659p.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 10 Jul 2021 22:02:00 GMT
Content-Type: image/gif
Content-Length: 70
P3P: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR SAMo BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR", policyref="http://ps.eyeota.net/w3c/p3p.xml"

Redirect headers

Location: https://ps.eyeota.net/match?uid=1875819621268740661&bid=omt9pi0
Date: Sat, 10 Jul 2021 22:01:59 GMT
Server: Jetty(9.3.29.v20201019)
Content-Length: 0
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H/1.1

200
OK

cm
p.rfihub.com/ Frame 2CE5
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/Mlpt2JaG/?redir=https%3A%2F%2Fp.rfihub.com%2Fcm%3Fin%3D1%26pub%3D21653%26userid%3D%24%7BTM_USER_ID%7D
https://p.rfihub.com/cm?in=1&pub=21653&userid=YOoY1wACuW_t8wA4

42 B
1 KB

41ms
41ms

Image
image/gif

193.0.160.129
ROCKETFUEL

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://p.rfihub.com/cm?in=1&pub=21653&userid=YOoY1wACuW_t8wA4
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_CBC
Server: 193.0.160.129 , United States, ASN54312 (ROCKETFUEL, US),
Reverse DNS
Software: Jetty(9.3.29.v20201019) /
Resource Hash: 47043e4823a6c21a8881de789b4185355330b5804629d23f6b43dd93f5265292

Request headers

Referer: https://20822659p.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 10 Jul 2021 22:01:59 GMT
Cache-Control: no-cache
Server: Jetty(9.3.29.v20201019)
Content-Type: image/gif
Content-Length: 42
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

Redirect headers

pragma: no-cache
date: Sat, 10 Jul 2021 22:01:59 GMT
via: 1.1 varnish
server: Varnish
x-timer: S1625954520.568235,VS0,VE0
x-served-by: cache-fra19152-FRA
x-cache: HIT
location: https://p.rfihub.com/cm?in=1&pub=21653&userid=YOoY1wACuW_t8wA4
cache-control: no-cache
accept-ranges: bytes
content-length: 0
retry-after: 0
x-cache-hits: 0

GET
H2 200 cksync.php
contextual.media.net/ Frame 2CE5 46 B
533 B 121ms
118ms Image
image/gif 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://contextual.media.net/cksync.php?cs=3&type=rkt&ovsid=1875819621268740661

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

579a172ca2c700734ebcfa06d105a134f31ec2357660e58e0874cfdee8472fd4

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Referer: https://20822659p.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=604800
server: Apache
date: Sat, 10 Jul 2021 22:01:59 GMT
p3p: CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
cache-control: max-age=0, no-cache, no-store
content-type: image/gif
content-length: 46
x-mnet-hl2: E
expires: Sat, 10 Jul 2021 22:01:59 GMT

GET
H/1.1

200
OK

cm
p.rfihub.com/ Frame 2CE5
Redirect Chain

https://bs.serving-sys.com/serving?cn=um&dpid=12&rtu=https%3A%2F%2Fp.rfihub.com%2Fcm%3Fin%3D1%26pub%3D17945%26userid%3D%5B%25tp_UserID%25%5D
https://p.rfihub.com/cm?in=1&pub=17945&userid=80358bd9-9123-46e5-9ec0-126e0731b2eb

42 B
1 KB

41ms
41ms

Image
image/gif

193.0.160.129
ROCKETFUEL

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://p.rfihub.com/cm?in=1&pub=17945&userid=80358bd9-9123-46e5-9ec0-126e0731b2eb
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_CBC
Server: 193.0.160.129 , United States, ASN54312 (ROCKETFUEL, US),
Reverse DNS
Software: Jetty(9.3.29.v20201019) /
Resource Hash: 47043e4823a6c21a8881de789b4185355330b5804629d23f6b43dd93f5265292

Request headers

Referer: https://20822659p.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 10 Jul 2021 22:01:59 GMT
Cache-Control: no-cache
Server: Jetty(9.3.29.v20201019)
Content-Type: image/gif
Content-Length: 42
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

Redirect headers

pragma: no-cache
date: Sat, 10 Jul 2021 22:01:59 GMT
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
p3p: CP="NOI DEVa OUR BUS UNI"
location: https://p.rfihub.com/cm?in=1&pub=17945&userid=80358bd9-9123-46e5-9ec0-126e0731b2eb
cache-control: private
content-type: text/html; charset=UTF-8
content-length: 213
expires: Sun, 05-Jun-2005 22:00:00 GMT

GET
H2

200

397676.gif
idsync.rlcdn.com/ Frame 2CE5
Redirect Chain

https://live.rezync.com/pixel?c=bd8618c307ae9885a12561b7191e2cea&cid=1875819621268740661&referrer=https%3A%2F%2F4605991.fls.doubleclick.net%2F
https://p.rfihub.com/cm?pub=39342&in=0&userid=539dc4c4-e952-4fd9-a6f7-69c5f00e7627%3A1625954519.05&forward=https%3A//idsync.rlcdn.com/501709.gif%3Fpartner_uid%3D539dc4c4-e952-4fd9-a6f7-69c5f00e7627...
https://idsync.rlcdn.com/501709.gif?partner_uid=539dc4c4-e952-4fd9-a6f7-69c5f00e7627%3A1625954519.05
https://gum.criteo.com/sync?c=6&r=1&a=1&u=https%3A%2F%2Fidsync.rlcdn.com%2F397676.gif%3Fserved_by%3Devergreen%26partner_uid%3D%40USERID%40
https://idsync.rlcdn.com/397676.gif?served_by=evergreen&partner_uid=-_x6DvGlcGRAXS4q5O3Q41qHIJsHBeQ7

42 B
315 B

34ms
34ms

Image
image/gif

35.244.174.68
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://idsync.rlcdn.com/397676.gif?served_by=evergreen&partner_uid=-_x6DvGlcGRAXS4q5O3Q41qHIJsHBeQ7
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.174.68 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 68.174.244.35.bc.googleusercontent.com
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://20822659p.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 10 Jul 2021 22:01:59 GMT
via: 1.1 google
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
cache-control: no-cache, no-store
content-type: image/gif
alt-svc: clear
content-length: 42

Redirect headers

location: https://idsync.rlcdn.com/397676.gif?served_by=evergreen&partner_uid=-_x6DvGlcGRAXS4q5O3Q41qHIJsHBeQ7
strict-transport-security: max-age=31536000
cache-control: private, max-age=0, no-cache, no-store, must-revalidate
server-processing-duration-in-ticks: 3080
date: Sat, 10 Jul 2021 22:01:59 GMT
content-length: 221
content-type: text/html; charset=utf-8

GET
H2 200 /
bpi.rtactivate.com/tag/ Frame 2CE5 43 B
108 B 149ms
147ms Image
image/gif 184.73.14.153
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bpi.rtactivate.com/tag/?id=11017&user_id=1875819621268740661
Requested by: Host: 20822659p.rfihub.com
URL: https://20822659p.rfihub.com/ca.html?ver=9&rb=40600&ca=20822659&_o=40600&_t=6158&segments=%5B306697124%5D&pe=https%3A%2F%2F9635419.fls.doubleclick.net%2Factivityi%3Bdc_pre%3DCNzCpszA2fECFUt-4AodIxcHBg%3Bsrc%3D9635419%3Btype%3D6158%3Bcat%3D111127%3Bord%3Dxnamyl4jur38i%3Bu20%3D%5B306697124%5D%3F&pf=https%3A%2F%2F4605991.fls.doubleclick.net%2F&ra=765586558986697
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 184.73.14.153 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-184-73-14-153.compute-1.amazonaws.com
Software: awselb/2.0 /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://20822659p.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 10 Jul 2021 22:01:59 GMT
server: awselb/2.0
content-length: 43
content-type: image/gif

GET
H/1.1 204
No Content tap.php
pixel.rubiconproject.com/ Frame 2CE5 0
239 B 29ms
28ms Image
image/gif 69.173.144.165
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=13490&nid=2596&put=1875819621268740661
Requested by: Host: 9635419.fls.doubleclick.net
URL: https://9635419.fls.doubleclick.net/activityi;dc_pre=CNzCpszA2fECFUt-4AodIxcHBg;src=9635419;type=6158;cat=111127;ord=xnamyl4jur38i;u20=[306697124]?
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 69.173.144.165 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://20822659p.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: 78e3bdce5107450057bade54d54a0a7e
Content-Type: image/gif

GET
H2 204 v1
ads.yahoo.com/cms/ Frame 2CE5 0
19 B 8ms
6ms Image
text/plain 2a00:1288:80:800::7001
YAHOO-DEB

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ads.yahoo.com/cms/v1?esig=1~84c296ca4cae9f73fbcc48363a3cd4cd34be98f5&nwid=10000648372&sigv=1

Requested by

Host: 9635419.fls.doubleclick.net
URL: https://9635419.fls.doubleclick.net/activityi;dc_pre=CNzCpszA2fECFUt-4AodIxcHBg;src=9635419;type=6158;cat=111127;ord=xnamyl4jur38i;u20=[306697124]?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1288:80:800::7001 Frankfurt am Main, Germany, ASN203220 (YAHOO-DEB, GB),

Reverse DNS

Software

ATS /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://20822659p.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 10 Jul 2021 22:01:59 GMT
cache-control: no-store
x-content-type-options: nosniff
server: ATS
strict-transport-security: max-age=15552000
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-xss-protection: 1; mode=block

GET
H2 200 sync
partners.tremorhub.com/ Frame 2CE5 43 B
182 B 95ms
93ms Image
image/gif 2600:1f18:612b:4232:380b:6483:6fb1:583d
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://partners.tremorhub.com/sync?UIRF=1875819621268740661&r=wL5FXiROZmF4
Requested by: Host: 9635419.fls.doubleclick.net
URL: https://9635419.fls.doubleclick.net/activityi;dc_pre=CNzCpszA2fECFUt-4AodIxcHBg;src=9635419;type=6158;cat=111127;ord=xnamyl4jur38i;u20=[306697124]?
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:612b:4232:380b:6483:6fb1:583d Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: Apache-Coyote/1.1 /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Referer: https://20822659p.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 10 Jul 2021 22:01:59 GMT
server: Apache-Coyote/1.1
p3p: CP='This is not a P3P policy. See https://telaria.com/privacy-policy/'
content-type: image/gif

GET
H2 204 usermatch.gif
beacon.krxd.net/ Frame 2CE5 0
337 B 56ms
55ms Image
text/plain 34.247.15.24
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://beacon.krxd.net/usermatch.gif?partner_id=rfuel&partner_user_id=1875819621268740661
Requested by: Host: 9635419.fls.doubleclick.net
URL: https://9635419.fls.doubleclick.net/activityi;dc_pre=CNzCpszA2fECFUt-4AodIxcHBg;src=9635419;type=6158;cat=111127;ord=xnamyl4jur38i;u20=[306697124]?
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.247.15.24 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-247-15-24.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://20822659p.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 10 Jul 2021 22:01:59 GMT
cache-control: private, no-cache, no-store
x-request-time: D=25 t=1625954519
x-served-by: beacon-n012-dub-prod.krxd.net
p3p: policyref="https://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H2 200 track
t.teads.tv/ Frame 421A 23 B
143 B 66ms
66ms Image
image/gif 2.18.232.7
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://t.teads.tv/track?action=timeSpent&env=js-web&advertiser_id=13731&referer=https%3A%2F%2F4605991.fls.doubleclick.net%2Factivityi%3Bdc_pre%3DCOXP_bOtr-MCFUfT1QoddcUGvQ%3Bsrc%3D4605991%3Btype%3Dhp_offer%3Bcat%3Doff_all%3Bgtm%3D2wg6q1%3Bgcldc%3DEAIaIQobChMIwfS5pa2v4wIVCYbVCh1hHAfOEAAYASAAEgIafPD_BwE%3Bgclaw%3DEAIaIQobChMIwfS5pa2v4wIVCYbVCh1hHAfOEAAYASAAEgIafPD_BwE%3Bauiddc%3D1160107375.1562933607%3Bu16%3Dundefined%3Bu15%3Dundefined%3Bu1%3Dgb_en%3B~oref%3Dhttps%3A%2Fwww.alitalia.com%2Fen_gb%2Foffers.html%253FWT.mc_id%3Dsearch_Google_BrandGeneric_UK%26WT.srch%3D1%26gclid%3DEAIaIQobChMIwfS5pa2v4wIVCYbVCh1hHAfOEAAYASAAEgIafPD_BwE%26gclsrc%3Daw.ds
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.18.232.7 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-232-7.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

Referer: https://4605991.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 10 Jul 2021 22:02:00 GMT
cache-control: max-age=0, no-cache, no-store
expires: Sat, 26 Jul 1997 05:00:00 GMT
content-length: 23
content-type: image/gif

GET
H2 200 track
t.teads.tv/ Frame 421A 23 B
143 B 69ms
68ms Image
image/gif 2.18.232.7
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://t.teads.tv/track?action=timeSpent&env=js-web&advertiser_id=13731&referer=https%3A%2F%2F4605991.fls.doubleclick.net%2Factivityi%3Bdc_pre%3DCOXP_bOtr-MCFUfT1QoddcUGvQ%3Bsrc%3D4605991%3Btype%3Dhp_offer%3Bcat%3Doff_all%3Bgtm%3D2wg6q1%3Bgcldc%3DEAIaIQobChMIwfS5pa2v4wIVCYbVCh1hHAfOEAAYASAAEgIafPD_BwE%3Bgclaw%3DEAIaIQobChMIwfS5pa2v4wIVCYbVCh1hHAfOEAAYASAAEgIafPD_BwE%3Bauiddc%3D1160107375.1562933607%3Bu16%3Dundefined%3Bu15%3Dundefined%3Bu1%3Dgb_en%3B~oref%3Dhttps%3A%2Fwww.alitalia.com%2Fen_gb%2Foffers.html%253FWT.mc_id%3Dsearch_Google_BrandGeneric_UK%26WT.srch%3D1%26gclid%3DEAIaIQobChMIwfS5pa2v4wIVCYbVCh1hHAfOEAAYASAAEgIafPD_BwE%26gclsrc%3Daw.ds
Requested by: Host: p.teads.tv
URL: https://p.teads.tv/teads-fellow.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.18.232.7 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-232-7.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

Referer: https://4605991.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 10 Jul 2021 22:02:03 GMT
cache-control: max-age=0, no-cache, no-store
expires: Sat, 26 Jul 1997 05:00:00 GMT
content-length: 23
content-type: image/gif

GET
H2 200 track
t.teads.tv/ Frame 421A 23 B
143 B 66ms
66ms Image
image/gif 2.18.232.7
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://t.teads.tv/track?action=timeSpent&env=js-web&advertiser_id=13731&referer=https%3A%2F%2F4605991.fls.doubleclick.net%2Factivityi%3Bdc_pre%3DCOXP_bOtr-MCFUfT1QoddcUGvQ%3Bsrc%3D4605991%3Btype%3Dhp_offer%3Bcat%3Doff_all%3Bgtm%3D2wg6q1%3Bgcldc%3DEAIaIQobChMIwfS5pa2v4wIVCYbVCh1hHAfOEAAYASAAEgIafPD_BwE%3Bgclaw%3DEAIaIQobChMIwfS5pa2v4wIVCYbVCh1hHAfOEAAYASAAEgIafPD_BwE%3Bauiddc%3D1160107375.1562933607%3Bu16%3Dundefined%3Bu15%3Dundefined%3Bu1%3Dgb_en%3B~oref%3Dhttps%3A%2Fwww.alitalia.com%2Fen_gb%2Foffers.html%253FWT.mc_id%3Dsearch_Google_BrandGeneric_UK%26WT.srch%3D1%26gclid%3DEAIaIQobChMIwfS5pa2v4wIVCYbVCh1hHAfOEAAYASAAEgIafPD_BwE%26gclsrc%3Daw.ds
Requested by: Host: p.teads.tv
URL: https://p.teads.tv/teads-fellow.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.18.232.7 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-232-7.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

Referer: https://4605991.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 10 Jul 2021 22:02:08 GMT
cache-control: max-age=0, no-cache, no-store
expires: Sat, 26 Jul 1997 05:00:00 GMT
content-length: 23
content-type: image/gif

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: eu-ma.sam4m.com
URL: https://eu-ma.sam4m.com/2.0/site/undefined/analytics/sa.js

Verdicts & Comments Add Verdict or Comment

12 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

9 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.rfihub.com/	1970-01-20 05:00:50	Name: eud Value: H4sIAAAAAAAAAF3Pr04DQRDH8dCAaVN1lUjskp3Znd0dXEN6QZLjAUhvb49_LaIJCfAYlSdPVlbyCDwCEomsrKKudyM_k_y-yQzP4Xo6u5vd-OLB5jre56H6LPIV3D6G6UsxBofEZAlCAGxOjmZCsxH-Fv4T3guvB303wq3wRngr_CW8k_vTvn-Et2eiNxL_jC6CNhTKihUDGmVdIsUpagXokvYGSkzlrjvT1u9FZp0hGa6ijValw0HZ-hCcu9orx5FqrZN36K-Oo0tNTdaJAGGb9aO_ws1k_P46X34s7PPbyoSndtLdM_8Dzkiv6fkBAAA
.rfihub.com/	1969-12-31 23:59:59	Name: ruds Value: H4sIAAAAAAAAAOMSNrQwN7UwtDQzMjQyszA3MTAzMxTiM9TNssj083EKyC2K0g0FAN6j2OslAAAA
.criteo.com/	1970-01-20 05:00:50	Name: uid Value: cd467a4f-98cc-4f6a-ad2f-8fb0d4e80f96
.rfihub.com/	1969-12-31 23:59:59	Name: euds Value: H4sIAAAAAAAAAA3LOwrCQBAAUJBUgjewtB2ZmZ3Z3bELkmApegBJNhv_FgFBLT2GpSfV17_xlJZlta1WYbOXGtOujt1rUw-0PsTy_BnNIjqNbWdgxA7EZwXLCYHYZwyOWs7tu2B11iVJAtmUQfp_aHwfwFvSHjEHz2FBntVUlGyO-i0mj1tzfV7kdB9cPP4A-ZU0l4oAAAA
.doubleclick.net/	1970-01-20 05:00:50	Name: IDE Value: AHWqTUm9_-PwqJ3QfTEV6zF7xy7dxQ0ZlUULi3hJTO97xfFu9eqRola9wZDbyhbv_BI
.amazon-adsystem.com/	1970-01-20 02:00:50	Name: ad-id Value: Ax6V7AkOxk1FmAAx2TQTbps
.amazon-adsystem.com/	1970-01-21 17:28:12	Name: ad-privacy Value: 0
.rfihub.com/	1970-01-20 05:00:50	Name: smd Value: H4sIAAAAAAAAAOPiNTQzMrU0NTE1tDSxNDdC4hoamQIAA45e1B4AAAA
.rfihub.com/	1970-01-20 05:00:50	Name: rud Value: H4sIAAAAAAAAAOMSNrQwN7UwtDQzMjQyszA3MTAzMxTiM9TNssj083EKyC2K0g2V4jU0MzK1NDUxNbQwNTECAEGtO_Y0AAAA

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

20740829p.rfihub.com
20822659p.rfihub.com
20822660p.rfihub.com
4605991.fls.doubleclick.net
9635419.fls.doubleclick.net
a.rfihub.com
aa.agkn.com
aax-eu.amazon-adsystem.com
ads.yahoo.com
adservice.google.com
adservice.google.de
apxprogrammatic.netmng.com
beacon.krxd.net
bpi.rtactivate.com
bs.serving-sys.com
c1.rfihub.net
cm.g.doubleclick.net
contextual.media.net
core.conversant.mgr.consensu.org
dpm.demdex.net
dsum-sec.casalemedia.com
emea-alitalia.apxprogrammatic.com
eu-ma.sam4m.com
googleads.g.doubleclick.net
gum.criteo.com
ib.adnxs.com
idsync.rlcdn.com
live.rezync.com
login.dotomi.com
p.rfihub.com
p.teads.tv
partners.tremorhub.com
pixel.quantserve.com
pixel.rubiconproject.com
ps.eyeota.net
rules.quantcount.com
s.yimg.com
secure.quantserve.com
sp.analytics.yahoo.com
sslwidget.criteo.com
stags.bluekai.com
static.criteo.net
sync-tm.everesttech.net
sync.search.spotxchange.com
t.teads.tv
www.google.com
www.google.de
www.googleadservices.com
x.bidswitch.net
x.dlx.addthis.com
eu-ma.sam4m.com
104.111.242.245
13.225.74.112
142.250.185.102
142.250.185.226
151.101.14.49
172.217.16.130
178.250.2.151
184.73.14.153
185.94.180.126
193.0.160.129
193.0.160.46
193.0.160.49
2.18.232.7
2.18.234.21
2.18.235.93
212.82.100.181
23.37.43.59
2600:1f18:612b:4232:380b:6483:6fb1:583d
2600:9000:20eb:4c00:6:44e3:f8c0:93a1
2600:9000:21f3:3400:1:76cf:fe80:93a1
2a00:1288:80:800::7001
2a00:1450:4001:800::2002
2a00:1450:4001:808::2004
2a00:1450:4001:813::2002
2a00:1450:4001:827::2002
2a00:1450:4001:827::2003
2a02:2638:1::3
2a02:2638::1c
3.121.27.153
3.126.158.103
3.127.52.31
34.247.15.24
35.244.174.68
37.252.173.22
52.95.123.167
54.171.168.191
54.93.158.246
64.158.223.137
69.173.144.165
89.207.16.137
91.228.74.226
0a80baa6dc810c12c967415a0e9efa1ac1894c7ccbb5b142f3c9f5ff9fcc0095
0d08e93d2b0746ecb7785ebe51bb3004d2fea65f269ce8eb69eb7107ccd51ef8
0e4b1e428a2198ef747010c094101c257b568a97cdcc0f31ed5e9868cc835b39
0f506a0bf099d96a1f34c7c23cb74929b8fa381d4114509f9aef2273f2c852b3
146e3af555835f125a3b02df8697d6d3ccf3b6a7298326206212b261527105ab
2061e392c47614e1fcfefebbf82e3a2d726fdee6bfd40c0339699bd8d68ae10e
2db1dbcf1a4a6e63576e5f22320949e1ddc87ff4c10ff26ec353abc9540cd228
2f03c6f938002482742341269afc73bacde15065d45270a7ef3bc9f0dccc028b
328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
47043e4823a6c21a8881de789b4185355330b5804629d23f6b43dd93f5265292
49e7112b9d54bc0a2bd23fa70052a4f2639bfbb3e535ad0bfebac012ab05a5a0
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
579a172ca2c700734ebcfa06d105a134f31ec2357660e58e0874cfdee8472fd4
760aed5edde091d7307d75cf18e9998dca82b2cab48889815d0990b00d45a781
76c79d3af714cd2570cdee0ff55daf2022f51477a4b5a89de470068280f8ddb1
7ef97b12890fc6fee67f869c6e1f74b6719de7d66ac0d649c8d7386a80b4c30f
98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a
9bb46dbf7fdadc1a69827398f101c6bb10c30350373d5b04231d6b51323aca03
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a2ec11229f2b490dfc9f5b64c1c515c8b3911d09b21b4013fb7888695f167421
adc122ef897132ff02987ecf6a4f01726ba7def1e20c782a8897e8648edfb490
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b4f9dad81f0b938b3a1b5f4b260ce5621e61dfd12a3b5061ec41f2a9c0f8ba6f
b9e6c38b3493790e6525ba6715ad839211cab5db3ddc80c7f70f20f92679fee6
baf437304d79006a4f050b871807483c921e783a2a91808ad4b8f77802cde740
bba4d46952f094b62205fe06e4a78114cac5d934971925a4716ef40c33f96012
cd8cea29532a7c496fb201775fc586463da05c286f1574353c353298f58462b7
de9d3fd0eb948bd294477d0eda60a73b85caff1794803530d0463193a113da98
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e
ebf5a3be758e1579c639a4600e3e5184bb2dce6b897ce479643d94aff9b79151
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef263f262689cf1c15d7f53c7b08c5623dffb5b39f6acfb427b1eb5b6716190d
f17fe415b91a13ea86b93344389e18c996384323ca3c2f4267b18c96b8314a12
fde53a8d44fa3ca23eaed6b37432264e8fb6a280c893b5480f56b3f6f0b225a1
ffab8490dcbaba788720f1733a17705bd3e49ce8d9c347476dc2c53b94e769bb

4605991.fls.doubleclick.net Open in urlscan Pro 142.250.185.102 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Statistics

101 Requests

99 %HTTPS

27 %IPv6

37 Domains

50 Subdomains

35 IPs

6 Countries

142 kBTransfer

232 kBSize

9 Cookies

0 Outgoing links

Redirected requests

101 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

4605991.fls.doubleclick.net Open in urlscan Pro
142.250.185.102 Public Scan

Screenshot
Live screenshot

Full Image

101
Requests

99 %
HTTPS

27 %
IPv6

37
Domains

50
Subdomains

35
IPs

6
Countries

142 kB
Transfer

232 kB
Size

9
Cookies

101 HTTP transactions
0 data transactions