urlscan.io logo urlscan.io
SecurityTrails logo

www.nhscovidapp.sambeatson.com Open in urlscan Pro
149.255.58.47  Public Scan

Go To Rescan Add Verdict Report
URL: https://www.nhscovidapp.sambeatson.com/
Submission: On August 01 via automatic, source certstream-urgent
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 57 IPs in 8 countries across 47 domains to perform 94 HTTP transactions. The main IP is 149.255.58.47, located in United Kingdom and belongs to AWARESOFT, GB. The main domain is www.nhscovidapp.sambeatson.com.
TLS certificate: Issued by cPanel, Inc. Certification Authority on August 1st 2021. Valid for: 3 months.
This is the only time www.nhscovidapp.sambeatson.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
5 149.255.58.47 34931 (AWARESOFT)
2 2606:4700:10:... 13335 (CLOUDFLAR...)
1 1 2606:4700:303... 13335 (CLOUDFLAR...)
5 2606:4700:303... 13335 (CLOUDFLAR...)
2 2a00:1450:400... 15169 (GOOGLE)
5 2a00:1450:400... 15169 (GOOGLE)
7 2a00:1450:400... 15169 (GOOGLE)
3 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 216.58.212.162 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 13.224.96.42 16509 (AMAZON-02)
2 2a00:1450:400... 15169 (GOOGLE)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
1 142.250.184.194 15169 (GOOGLE)
3 2a00:1288:80:... 203220 (YAHOO-DEB)
3 2620:1ec:c11:... 8068 (MICROSOFT...)
1 2a02:2638::3 44788 (ASN-CRITE...)
5 52.55.4.239 14618 (AMAZON-AES)
1 1 178.250.0.163 44788 (ASN-CRITE...)
1 74.119.119.150 19750 (AS-CRITEO)
2 51.161.92.183 16276 (OVH)
3 4 2a02:2638:1::13 44788 (ASN-CRITE...)
1 52.201.89.61 14618 (AMAZON-AES)
1 2a00:1450:400... 15169 (GOOGLE)
1 178.250.2.146 44788 (ASN-CRITE...)
1 3 52.59.115.28 16509 (AMAZON-02)
1 64.202.112.159 22075 (AS-OUTBRAIN)
1 212.82.100.181 34010 (YAHOO-IRD)
1 2 18.156.0.31 16509 (AMAZON-02)
1 104.19.136.78 13335 (CLOUDFLAR...)
1 91.192.148.30 42481 (BEGUN-AS)
1 1 142.250.184.226 15169 (GOOGLE)
3 178.250.2.151 44788 (ASN-CRITE...)
1 2 52.209.68.132 16509 (AMAZON-02)
1 3.120.66.60 16509 (AMAZON-02)
3 4 37.252.172.45 29990 (ASN-APPNEX)
1 1 2001:678:cb4:... 56396 (TURN)
1 2 76.223.111.18 16509 (AMAZON-02)
1 185.64.189.110 62713 (AS-PUBMATIC)
1 104.75.88.126 16625 (AKAMAI-AS)
1 69.173.144.138 26667 (RUBICONPR...)
1 104.111.242.245 16625 (AKAMAI-AS)
1 34.249.191.197 16509 (AMAZON-02)
1 2 2.18.234.21 16625 (AKAMAI-AS)
1 2.18.235.93 16625 (AKAMAI-AS)
2 2 54.237.38.76 14618 (AMAZON-AES)
1 2600:1f18:444... 14618 (AMAZON-AES)
1 141.226.228.48 200478 (TABOOLA-AS)
1 3.125.134.133 16509 (AMAZON-02)
1 2 54.93.66.232 16509 (AMAZON-02)
1 185.86.139.115 201081 (SMARTADSE...)
1 3.223.233.80 14618 (AMAZON-AES)
1 13.224.96.81 16509 (AMAZON-02)
2 2a00:1450:400... 15169 (GOOGLE)
1 35.244.174.68 15169 (GOOGLE)
94 57
5    149.255.58.47 (United Kingdom)

ASN34931 (AWARESOFT, GB)
PTR: cloud713.thundercloud.uk
www.nhscovidapp.sambeatson.com
2    2606:4700:10::6816:47c5 (United States)

ASN13335 (CLOUDFLARENET, US)
static.addtoany.com
1    2606:4700:3037::ac43:875e (United States)

ASN13335 (CLOUDFLARENET, US)
app.groovefunnels.com
5    2606:4700:3033::ac43:8b0d (United States)

ASN13335 (CLOUDFLARENET, US)
app.groove.cm
2    2a00:1450:4001:830::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
cse.google.com
5    2a00:1450:4001:82a::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
pagead2.googlesyndication.com
7    2a00:1450:4001:828::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.com
3    2a00:1450:4001:82f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
googleads.g.doubleclick.net
1    2a00:1450:4001:828::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
clients1.google.com
1    216.58.212.162 (Mountain View, United States)

ASN15169 (GOOGLE, US)
PTR: ams15s22-in-f2.1e100.net
partner.googleadservices.com
1    2a00:1450:4001:809::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
adservice.google.de
1    2a00:1450:4001:80e::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
adservice.google.com
1    2a00:1450:4001:812::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagservices.com
2    2a00:1450:4001:831::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
1    2606:4700::6810:135e (United States)

ASN13335 (CLOUDFLARENET, US)
cdnjs.cloudflare.com
1    13.224.96.42 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-96-42.zrh50.r.cloudfront.net
cdn.heapanalytics.com
2    2a00:1450:4001:82b::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
1    2606:4700::6812:acf (United States)

ASN13335 (CLOUDFLARENET, US)
stackpath.bootstrapcdn.com
1    2a00:1450:4001:80f::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
1    142.250.184.194 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s11-in-f2.1e100.net
www.googleadservices.com
3    2a00:1288:80:800::7000 (Frankfurt am Main, Germany)

ASN203220 (YAHOO-DEB, GB)
s.yimg.com
ads.yahoo.com
3    2620:1ec:c11::200 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
bat.bing.com
1    2a02:2638::3 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
static.criteo.net
5    52.55.4.239 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-55-4-239.compute-1.amazonaws.com
175592.tracking.hyros.com
1    178.250.0.163 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
sslwidget.criteo.com
1    74.119.119.150 (United States)

ASN19750 (AS-CRITEO, US)
widget.us.criteo.com
2    51.161.92.183 (Montreal, Canada)

ASN16276 (OVH, FR)
PTR: ip183.ip-51-161-92.net
matomo.groovetech.io
4    2a02:2638:1::13 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
gum.criteo.com
1    52.201.89.61 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-201-89-61.compute-1.amazonaws.com
heapanalytics.com
1    2a00:1450:4001:80f::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.de
1    178.250.2.146 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
mug.criteo.com
3    52.59.115.28 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-59-115-28.eu-central-1.compute.amazonaws.com
x.bidswitch.net
1    64.202.112.159 (United States)

ASN22075 (AS-OUTBRAIN, US)
PTR: ny.outbrain.com
sync.outbrain.com
1    212.82.100.181 (Dublin, Ireland)

ASN34010 (YAHOO-IRD, GB)
PTR: spdc.pbp.vip.ir2.yahoo.com
sp.analytics.yahoo.com
2    18.156.0.31 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-156-0-31.eu-central-1.compute.amazonaws.com
ups.analytics.yahoo.com
1    104.19.136.78 (United States)

ASN13335 (CLOUDFLARENET, US)
cm.mgid.com
1    91.192.148.30 (Russian Federation)

ASN42481 (BEGUN-AS, RU)
PTR: zvezda.ssp.rambler.ru
profile.ssp.rambler.ru
1    142.250.184.226 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s12-in-f2.1e100.net
cm.g.doubleclick.net
3    178.250.2.151 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
dis.criteo.com
2    52.209.68.132 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-209-68-132.eu-west-1.compute.amazonaws.com
partner.mediawallahscript.com
1    3.120.66.60 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-120-66-60.eu-central-1.compute.amazonaws.com
crb.kargo.com
4    37.252.172.45 (Frankfurt am Main, Germany)

ASN29990 (ASN-APPNEX, US)
PTR: 693.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
secure.adnxs.com
1    2001:678:cb4:bbbb::13 (United Kingdom)

ASN56396 (TURN, GB)
d.turn.com
2    76.223.111.18 (United States)

ASN16509 (AMAZON-02, US)
eb2.3lift.com
1    185.64.189.110 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)
simage2.pubmatic.com
1    104.75.88.126 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-75-88-126.deploy.static.akamaitechnologies.com
cw.addthis.com
1    69.173.144.138 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)
pixel.rubiconproject.com
1    104.111.242.245 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-242-245.deploy.static.akamaitechnologies.com
criteo-sync.teads.tv
1    34.249.191.197 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
trends.revcontent.com
2    2.18.234.21 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-234-21.deploy.static.akamaitechnologies.com
r.casalemedia.com
1    2.18.235.93 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-235-93.deploy.static.akamaitechnologies.com
contextual.media.net
2    54.237.38.76 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-237-38-76.compute-1.amazonaws.com
i.liadm.com
1    2600:1f18:444a:4602:4614:a08b:388f:2234 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
i6.liadm.com
1    141.226.228.48 (Netherlands)

ASN200478 (TABOOLA-AS, IL)
sync-t1.taboola.com
1    3.125.134.133 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
match.sharethrough.com
2    54.93.66.232 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
ad.360yield.com
1    185.86.139.115 (France)

ASN201081 (SMARTADSERVER, FR)
rtb-csync.smartadserver.com
1    3.223.233.80 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
jadserve.postrelease.com
1    13.224.96.81 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-96-81.zrh50.r.cloudfront.net
s.ad.smaato.net
2    2a00:1450:4001:801::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
tpc.googlesyndication.com
1    35.244.174.68 (Kansas City, United States)

ASN15169 (GOOGLE, US)
idsync.rlcdn.com
Apex Domain
Subdomains		 Transfer
11 google.com
cse.google.com
www.google.com
clients1.google.com
adservice.google.com
163 KB
10 criteo.com
sslwidget.criteo.com
widget.us.criteo.com
gum.criteo.com
mug.criteo.com
dis.criteo.com
12 KB
7 googlesyndication.com
pagead2.googlesyndication.com
tpc.googlesyndication.com
175 KB
5 hyros.com
175592.tracking.hyros.com
12 KB
5 groove.cm
app.groove.cm
3 MB
5 sambeatson.com
www.nhscovidapp.sambeatson.com
6 KB
4 adnxs.com
secure.adnxs.com
4 KB
4 yahoo.com
ads.yahoo.com
sp.analytics.yahoo.com
ups.analytics.yahoo.com
3 KB
4 doubleclick.net
googleads.g.doubleclick.net
cm.g.doubleclick.net
6 KB
3 liadm.com
i.liadm.com
i6.liadm.com
2 KB
3 bidswitch.net
x.bidswitch.net
1 KB
3 bing.com
bat.bing.com
9 KB
2 360yield.com
ad.360yield.com
851 B
2 casalemedia.com
r.casalemedia.com
2 KB
2 3lift.com
eb2.3lift.com
734 B
2 mediawallahscript.com
partner.mediawallahscript.com
1 KB
2 groovetech.io
matomo.groovetech.io
32 KB
2 yimg.com
s.yimg.com
7 KB
2 googletagmanager.com
www.googletagmanager.com
110 KB
2 heapanalytics.com
cdn.heapanalytics.com
heapanalytics.com
42 KB
2 googleapis.com
fonts.googleapis.com
137 KB
2 google.de
adservice.google.de
www.google.de
917 B
2 googleadservices.com
partner.googleadservices.com
www.googleadservices.com
14 KB
2 addtoany.com
static.addtoany.com
62 KB
1 rlcdn.com
idsync.rlcdn.com
416 B
1 smaato.net
s.ad.smaato.net
236 B
1 postrelease.com
jadserve.postrelease.com
427 B
1 smartadserver.com
rtb-csync.smartadserver.com
163 B
1 sharethrough.com
match.sharethrough.com
263 B
1 taboola.com
sync-t1.taboola.com
255 B
1 media.net
contextual.media.net
866 B
1 revcontent.com
trends.revcontent.com
337 B
1 teads.tv
criteo-sync.teads.tv
172 B
1 rubiconproject.com
pixel.rubiconproject.com
239 B
1 addthis.com
cw.addthis.com
426 B
1 pubmatic.com
simage2.pubmatic.com
541 B
1 turn.com
d.turn.com
418 B
1 kargo.com
crb.kargo.com
360 B
1 rambler.ru
profile.ssp.rambler.ru
169 B
1 mgid.com
cm.mgid.com
851 B
1 outbrain.com
sync.outbrain.com
475 B
1 criteo.net
static.criteo.net
13 KB
1 google-analytics.com
www.google-analytics.com
19 KB
1 bootstrapcdn.com
stackpath.bootstrapcdn.com
7 KB
1 cloudflare.com
cdnjs.cloudflare.com
5 KB
1 googletagservices.com
www.googletagservices.com
28 KB
1 groovefunnels.com
app.groovefunnels.com
678 B
94 47
Domain Requested by
7 www.google.com cse.google.com
www.google.com
www.nhscovidapp.sambeatson.com
app.groove.cm
tpc.googlesyndication.com
5 175592.tracking.hyros.com www.nhscovidapp.sambeatson.com
175592.tracking.hyros.com
5 pagead2.googlesyndication.com www.nhscovidapp.sambeatson.com
pagead2.googlesyndication.com
tpc.googlesyndication.com
5 app.groove.cm www.nhscovidapp.sambeatson.com
app.groovefunnels.com
app.groove.cm
5 www.nhscovidapp.sambeatson.com www.nhscovidapp.sambeatson.com
4 secure.adnxs.com 3 redirects
4 gum.criteo.com 3 redirects static.criteo.net
3 dis.criteo.com
3 x.bidswitch.net 1 redirects
3 bat.bing.com www.nhscovidapp.sambeatson.com
bat.bing.com
app.groove.cm
3 googleads.g.doubleclick.net pagead2.googlesyndication.com
www.googleadservices.com
2 tpc.googlesyndication.com pagead2.googlesyndication.com
tpc.googlesyndication.com
2 ad.360yield.com 1 redirects
2 i.liadm.com 2 redirects
2 r.casalemedia.com 1 redirects
2 eb2.3lift.com 1 redirects
2 partner.mediawallahscript.com 1 redirects
2 ups.analytics.yahoo.com 1 redirects
2 matomo.groovetech.io app.groove.cm
2 s.yimg.com www.nhscovidapp.sambeatson.com
s.yimg.com
2 www.googletagmanager.com app.groove.cm
www.googletagmanager.com
2 fonts.googleapis.com app.groove.cm
2 cse.google.com www.nhscovidapp.sambeatson.com
www.google.com
2 static.addtoany.com www.nhscovidapp.sambeatson.com
static.addtoany.com
1 idsync.rlcdn.com
1 s.ad.smaato.net www.nhscovidapp.sambeatson.com
1 jadserve.postrelease.com www.nhscovidapp.sambeatson.com
1 rtb-csync.smartadserver.com www.nhscovidapp.sambeatson.com
1 match.sharethrough.com www.nhscovidapp.sambeatson.com
1 sync-t1.taboola.com www.nhscovidapp.sambeatson.com
1 i6.liadm.com
1 contextual.media.net www.nhscovidapp.sambeatson.com
1 trends.revcontent.com www.nhscovidapp.sambeatson.com
1 criteo-sync.teads.tv www.nhscovidapp.sambeatson.com
1 pixel.rubiconproject.com www.nhscovidapp.sambeatson.com
1 cw.addthis.com www.nhscovidapp.sambeatson.com
1 simage2.pubmatic.com www.nhscovidapp.sambeatson.com
1 d.turn.com 1 redirects
1 crb.kargo.com www.nhscovidapp.sambeatson.com
1 cm.g.doubleclick.net 1 redirects
1 profile.ssp.rambler.ru www.nhscovidapp.sambeatson.com
1 cm.mgid.com www.nhscovidapp.sambeatson.com
1 sp.analytics.yahoo.com www.nhscovidapp.sambeatson.com
1 ads.yahoo.com www.nhscovidapp.sambeatson.com
1 sync.outbrain.com www.nhscovidapp.sambeatson.com
1 mug.criteo.com app.groove.cm
1 www.google.de app.groove.cm
1 heapanalytics.com app.groove.cm
1 widget.us.criteo.com app.groove.cm
1 sslwidget.criteo.com 1 redirects
1 static.criteo.net www.googletagmanager.com
1 www.googleadservices.com www.googletagmanager.com
1 www.google-analytics.com www.googletagmanager.com
1 stackpath.bootstrapcdn.com app.groove.cm
1 cdn.heapanalytics.com app.groove.cm
1 cdnjs.cloudflare.com app.groove.cm
1 www.googletagservices.com pagead2.googlesyndication.com
1 adservice.google.com pagead2.googlesyndication.com
1 adservice.google.de pagead2.googlesyndication.com
1 partner.googleadservices.com pagead2.googlesyndication.com
1 clients1.google.com www.nhscovidapp.sambeatson.com
1 app.groovefunnels.com 1 redirects
94 62

This site contains links to these domains. Also see Links.

Domain
www.addtoany.com
www.nhscovidapp.com
play.google.com
apps.apple.com
www.youtube.com
Subject Issuer Validity Valid
nhscovidapp.com
cPanel, Inc. Certification Authority		 2021-08-01 -
2021-10-30		 3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2021-07-05 -
2022-07-04		 a year crt.sh
*.google.com
GTS CA 1C3		 2021-06-28 -
2021-09-20		 3 months crt.sh
*.g.doubleclick.net
GTS CA 1C3		 2021-06-28 -
2021-09-20		 3 months crt.sh
www.google.com
GTS CA 1C3		 2021-06-28 -
2021-09-20		 3 months crt.sh
*.googleadservices.com
GTS CA 1C3		 2021-06-28 -
2021-09-20		 3 months crt.sh
*.google.de
GTS CA 1C3		 2021-06-28 -
2021-09-20		 3 months crt.sh
upload.video.google.com
GTS CA 1O1		 2021-07-05 -
2021-09-27		 3 months crt.sh
cdn.heapanalytics.com
Amazon		 2020-09-24 -
2021-10-26		 a year crt.sh
*.google-analytics.com
GTS CA 1C3		 2021-06-28 -
2021-09-20		 3 months crt.sh
www.googleadservices.com
GTS CA 1C3		 2021-06-28 -
2021-09-20		 3 months crt.sh
*.yahoo.com
DigiCert SHA2 High Assurance Server CA		 2021-07-26 -
2021-09-15		 2 months crt.sh
www.bing.com
Microsoft RSA TLS CA 02		 2021-07-06 -
2022-01-06		 6 months crt.sh
*.criteo.net
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2021-06-27 -
2021-09-24		 3 months crt.sh
tracking.hyros.com
Amazon		 2021-06-01 -
2022-06-30		 a year crt.sh
*.us.criteo.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2021-06-08 -
2021-09-05		 3 months crt.sh
*.groovetech.io
Sectigo RSA Domain Validation Secure Server CA		 2019-08-23 -
2021-08-22		 2 years crt.sh
*.criteo.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2021-06-27 -
2021-09-24		 3 months crt.sh
heapanalytics.com
Amazon		 2020-12-24 -
2022-01-22		 a year crt.sh
*.bidswitch.net
Sectigo RSA Domain Validation Secure Server CA		 2020-04-23 -
2022-05-04		 2 years crt.sh
*.outbrain.com
Thawte RSA CA 2018		 2019-10-29 -
2021-11-23		 2 years crt.sh
*.analytics.yahoo.com
DigiCert SHA2 High Assurance Server CA		 2021-05-24 -
2021-11-17		 6 months crt.sh
ups.analytics.yahoo.com
DigiCert SHA2 High Assurance Server CA		 2021-03-22 -
2021-09-15		 6 months crt.sh
profile.ssp.rambler.ru
R3		 2021-06-07 -
2021-09-05		 3 months crt.sh
*.mediawallahscript.com
Amazon		 2021-05-19 -
2022-06-17		 a year crt.sh
*.dev.kargo.com
Amazon		 2021-03-16 -
2022-04-14		 a year crt.sh
*.adnxs.com
GeoTrust ECC CA 2018		 2021-03-05 -
2022-02-19		 a year crt.sh
*.3lift.com
Amazon		 2021-06-12 -
2022-07-11		 a year crt.sh
*.pubmatic.com
DigiCert Baltimore TLS RSA SHA256 2020 CA1		 2020-12-07 -
2021-12-14		 a year crt.sh
odc-addthis-prod-01.oracle.com
DigiCert SHA2 Secure Server CA		 2021-04-25 -
2022-04-27		 a year crt.sh
*.rubiconproject.com
DigiCert TLS RSA SHA256 2020 CA1		 2021-03-30 -
2022-04-04		 a year crt.sh
teads.tv
R3		 2021-06-14 -
2021-09-12		 3 months crt.sh
revcontent.com
Amazon		 2020-07-08 -
2021-08-08		 a year crt.sh
san.casalemedia.com
GeoTrust RSA CA 2018		 2021-02-05 -
2022-02-09		 a year crt.sh
*.media.net
DigiCert SHA2 Secure Server CA		 2021-04-12 -
2022-04-20		 a year crt.sh
*.liadm.com
Amazon		 2020-11-30 -
2021-12-29		 a year crt.sh
*.taboola.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2020-11-25 -
2021-12-26		 a year crt.sh
*.sharethrough.com
Amazon		 2020-09-09 -
2021-10-11		 a year crt.sh
*.360yield.com
Amazon		 2021-07-29 -
2022-08-27		 a year crt.sh
*.smartadserver.com
DigiCert ECC Secure Server CA		 2020-01-30 -
2022-02-03		 2 years crt.sh
*.postrelease.com
Amazon		 2021-01-28 -
2022-02-25		 a year crt.sh
s.ad.smaato.net
Amazon		 2021-03-17 -
2022-04-15		 a year crt.sh
tpc.googlesyndication.com
GTS CA 1C3		 2021-06-28 -
2021-09-20		 3 months crt.sh
*.rlcdn.com
Sectigo RSA Domain Validation Secure Server CA		 2021-02-25 -
2022-03-28		 a year crt.sh

This page contains 8 frames:

Primary Page: https://www.nhscovidapp.sambeatson.com/
Frame ID: 097AE7F1358A5A5B024F59664989C533
Requests: 27 HTTP requests in this frame

Frame: https://app.groove.cm/groovemail/form/view/NWY2ZjM4YzI2YmU2ZDA2MDBmNWEyMWMy
Frame ID: 61FE3A484ED9C0F95D4409470E559C3F
Requests: 30 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20210728/r20190131/zrt_lookup.html
Frame ID: BE28B7ED3CDDE13F96BB93D71BA82366
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2300775173595760&output=html&adk=1812271804&adf=3025194257&lmt=1601241422&plat=8%3A134217728%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fwww.nhscovidapp.sambeatson.com%2F&ea=0&flash=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1627787739454&bpp=3&bdt=273&idt=75&shv=r20210728&mjsv=m202107290101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=6151940634220&frm=20&pv=2&ga_vid=888147217.1627787740&ga_sid=1627787740&ga_hid=1218906403&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=20211866&oid=3&pvsid=3563695007242933&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=93
Frame ID: F36A05C63595802B504869B8A074DA87
Requests: 1 HTTP requests in this frame

Frame: https://gum.criteo.com/syncframe?topUrl=www.nhscovidapp.sambeatson.com&origin=onetag
Frame ID: B24AB20DCB0A77A6B649186A09F49631
Requests: 2 HTTP requests in this frame

Frame: https://x.bidswitch.net/ul_cb/sync?dsp_id=46&user_id=k-G4NEob8QfOtBTXRHOWujBUB-mOgN0ctG7CKt3g&expires=30&user_group=5
Frame ID: D27EBC859CB10AB72DA8FFBB7C82D8DC
Requests: 30 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html
Frame ID: 8A81CDFDE0C553686DEF86EEE33AC0DE
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: AEDCDB5E88D72271CCA6C5FF38606F69
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i

Page Statistics

94
Requests

99 %
HTTPS

39 %
IPv6

47
Domains

62
Subdomains

57
IPs

8
Countries

4371 kB
Transfer

19079 kB
Size

3
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 2
  • https://app.groovefunnels.com/groovemail/embed/app.js HTTP 302
  • https://app.groove.cm/groovemail/embed/app.js
Request Chain 44
  • https://sslwidget.criteo.com/event?a=81296&v=5.7.1&p0=e%3Dexd%26site_type%3Dd%26ref%3Dhttps%253A%252F%252Fwww.nhscovidapp.sambeatson.com&p1=e%3Dvh&p2=e%3Dvp%26p%3D1&p3=e%3Ddis&tld=app.groove.cm&dtycbr=46211 HTTP 302
  • https://widget.us.criteo.com/event?a=81296&v=5.7.1&p0=e%3Dexd%26site_type%3Dd%26ref%3Dhttps%253A%252F%252Fwww.nhscovidapp.sambeatson.com&p1=e%3Dvh&p2=e%3Dvp%26p%3D1&p3=e%3Ddis&tld=app.groove.cm&dtycbr=46211
Request Chain 55
  • https://gum.criteo.com/sid/json?origin=onetag&domain=app.groove.cm&sn=ChromeSyncframe&so=0&topUrl=www.nhscovidapp.sambeatson.com HTTP 302
  • https://mug.criteo.com/sid?cpp=cFbkInxRdVhFUG13S3V0TEl4UTZZM2duQ2hKeXFJUXhCcXBadThGQ2YrVWxvQXdwckoyeHdwKzNlVlI2T09IcEdKYW5FTkllTFVoWGJKZmJrZXJhQW1sUEZVQ0JrNTBJQjJzWWpJV2d4YzlJY0MrR0xCU051bVIweHErdVRrcGZwN3krUjQ3OEJXdTFLVU1qRVozYVcyNVUvUWZJcmEzRm8wRzg1Y0dMWU1YczFHQU9waVlhd09hYzAxaHJtVStzZlR5OHk5TllIbnh1UWE3R05pWm9xdzNMTWFnPT18&cppv=2
Request Chain 56
  • https://x.bidswitch.net/sync?dsp_id=46&user_id=k-G4NEob8QfOtBTXRHOWujBUB-mOgN0ctG7CKt3g&expires=30&user_group=5 HTTP 302
  • https://x.bidswitch.net/ul_cb/sync?dsp_id=46&user_id=k-G4NEob8QfOtBTXRHOWujBUB-mOgN0ctG7CKt3g&expires=30&user_group=5
Request Chain 60
  • https://ups.analytics.yahoo.com/ups/58301/sync?_origin=1&uid=k-sLwtAb8QfOtBTXRHOWujBUB-mOjr5Kzwtv3arw HTTP 302
  • https://ups.analytics.yahoo.com/ups/58301/sync?_origin=1&uid=k-sLwtAb8QfOtBTXRHOWujBUB-mOjr5Kzwtv3arw&verify=true
Request Chain 63
  • https://cm.g.doubleclick.net/pixel?google_nid=cjp&google_sc&google_ula=913071&google_hm=ay1xcEpmVnI4UWZPdEJUWFJIT1d1akJVQi1tT2hORW9ybXFsd0hjdw HTTP 302
  • https://dis.criteo.com/dis/rtb/google/cookiematch.aspx?id=&google_ula=913071,0
Request Chain 64
  • https://partner.mediawallahscript.com/?account_id=1043&partner_id=1048&uid=k-qpJfVr8QfOtBTXRHOWujBUB-mOhNEormqlwHcw&custom=&tag_format=img&tag_action=sync&custom=&cb=93bb0ebf-4d62-446a-a0c3-ecf094876903 HTTP 302
  • https://partner.mediawallahscript.com/?account_id=1043&partner_id=1048&uid=k-qpJfVr8QfOtBTXRHOWujBUB-mOhNEormqlwHcw&custom%5B0%5D=&custom%5B1%5D=&tag_format=img&tag_action=sync&cb=93bb0ebf-4d62-446a-a0c3-ecf094876903&final=true&reqid=c066d700-f276-11eb-9207-f76dd474af4d&timestamp=2021-08-01T03%3A15%3A41.296Z
Request Chain 66
  • https://secure.adnxs.com/setuid?entity=52&code=k-7mIo4r8QfOtBTXRHOWujBUB-mOhVLUbzOnQqfg&seg=95287 HTTP 307
  • https://secure.adnxs.com/bounce?%2Fsetuid%3Fentity%3D52%26code%3Dk-7mIo4r8QfOtBTXRHOWujBUB-mOhVLUbzOnQqfg%26seg%3D95287
Request Chain 67
  • https://gum.criteo.com/sync?c=383&r=1&a=1&u=https%3A%2F%2Fd.turn.com%2Fr%2Fdd%2Fid%2FL2NzaWQvMS9jaWQvMTc0ODc0NDU2Ni90LzI%2Fdpuid%2F%40USERID%40%2Furl%2Fhttps%253A%252F%252Fdis.criteo.com%252Fdis%252Frtb%252Fcdb%252Fcookiematch.aspx%253F%2526extid%253D%2524!%7BTURN_UUID%7D HTTP 302
  • https://d.turn.com/r/dd/id/L2NzaWQvMS9jaWQvMTc0ODc0NDU2Ni90LzI/dpuid/la6KbdW2XzElRAQx4Uq7j0UAzsDkEpjw/url/https%3A%2F%2Fdis.criteo.com%2Fdis%2Frtb%2Fcdb%2Fcookiematch.aspx%3F%26extid%3D%24!%7BTURN_UUID%7D HTTP 302
  • https://dis.criteo.com/dis/rtb/cdb/cookiematch.aspx?&extid=3886769485818945800
Request Chain 68
  • https://eb2.3lift.com/xuid?mid=2711&xuid=k-bIathr8QfOtBTXRHOWujBUB-mOg9wtoCxQYGyQ&dongle=013b HTTP 302
  • https://eb2.3lift.com/xuid?ld=1&mid=2711&xuid=k-bIathr8QfOtBTXRHOWujBUB-mOg9wtoCxQYGyQ&dongle=013b&gdpr=1&cmp_cs=&us_privacy=
Request Chain 74
  • https://r.casalemedia.com/rum?cm_dsp_id=20&external_user_id=k-rGTI9b8QfOtBTXRHOWujBUB-mOibDBSEIhFpAg HTTP 302
  • https://r.casalemedia.com/rum?cm_dsp_id=20&external_user_id=k-rGTI9b8QfOtBTXRHOWujBUB-mOibDBSEIhFpAg&C=1
Request Chain 76
  • https://i.liadm.com/s/28292?bidder_id=71340&bidder_uuid=k-1FOU4r8QfOtBTXRHOWujBUB-mOgjK0F5o8x0jg HTTP 303
  • https://i.liadm.com/s/28292?bidder_id=71340&bidder_uuid=k-1FOU4r8QfOtBTXRHOWujBUB-mOgjK0F5o8x0jg&_li_chk=true&previous_uuid=3eef57af7e7f48e6aeb07d342975e3cc HTTP 303
  • https://i6.liadm.com/s/28292?bidder_id=71340&bidder_uuid=k-1FOU4r8QfOtBTXRHOWujBUB-mOgjK0F5o8x0jg
Request Chain 79
  • https://ad.360yield.com/match?publisher_dsp_id=38&external_user_id=k-vj0S_78QfOtBTXRHOWujBUB-mOjXFOrPy24g4g HTTP 302
  • https://ad.360yield.com/ul_cb/match?publisher_dsp_id=38&external_user_id=k-vj0S_78QfOtBTXRHOWujBUB-mOjXFOrPy24g4g
Request Chain 90
  • https://secure.adnxs.com/seg?add=95287&redir=https%3A%2F%2Fsecure.adnxs.com%2Fgetuid%3Fhttps%3A%2F%2Fdis.criteo.com%2Fdis%2Frtb%2Fappnexus%2Fcookiematch.aspx%3Fappnxsid%3D%24UID HTTP 302
  • https://secure.adnxs.com/getuid?https://dis.criteo.com/dis/rtb/appnexus/cookiematch.aspx?appnxsid=$UID HTTP 302
  • https://dis.criteo.com/dis/rtb/appnexus/cookiematch.aspx?appnxsid=7938167925531604470
Request Chain 93
  • https://gum.criteo.com/sync?c=6&r=1&a=1&u=https%3A%2F%2Fidsync.rlcdn.com%2F397596.gif%3Fpartner_uid%3D%40USERID%40 HTTP 302
  • https://idsync.rlcdn.com/397596.gif?partner_uid=UcmTTUvOJUFNp98KQHC5cQTYKq7-qgQ1

94 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
www.nhscovidapp.sambeatson.com/ 		5 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.nhscovidapp.sambeatson.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
149.255.58.47 , United Kingdom, ASN34931 (AWARESOFT, GB),
Reverse DNS
cloud713.thundercloud.uk
Software
Apache /
Resource Hash
6150a301980f49d0670352323ea81041c35c2e8ea56ce05c7c02923390287704

Request headers

:method
GET
:authority
www.nhscovidapp.sambeatson.com
:scheme
https
:path
/
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 01 Aug 2021 03:15:38 GMT
server
Apache
last-modified
Sun, 27 Sep 2020 21:17:02 GMT
accept-ranges
bytes
content-length
5461
content-type
text/html
main.css
www.nhscovidapp.sambeatson.com/assets/ 		0
0 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.nhscovidapp.sambeatson.com/assets/main.css
Requested by
Host: www.nhscovidapp.sambeatson.com
URL: https://www.nhscovidapp.sambeatson.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
149.255.58.47 , United Kingdom, ASN34931 (AWARESOFT, GB),
Reverse DNS
cloud713.thundercloud.uk
Software
Apache /
Resource Hash

Request headers

:path
/assets/main.css
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
text/css,*/*;q=0.1
cache-control
no-cache
sec-fetch-dest
style
:authority
www.nhscovidapp.sambeatson.com
referer
https://www.nhscovidapp.sambeatson.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://www.nhscovidapp.sambeatson.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 01 Aug 2021 03:15:38 GMT
server
Apache
content-length
315
content-type
text/html; charset=iso-8859-1
page.js
static.addtoany.com/menu/ 		84 KB
29 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.addtoany.com/menu/page.js
Requested by
Host: www.nhscovidapp.sambeatson.com
URL: https://www.nhscovidapp.sambeatson.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:47c5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f909a31bfd7a13b9dd53e98b5652f13f4782fdfd1653dc4befade7386c087371
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.nhscovidapp.sambeatson.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 01 Aug 2021 03:15:39 GMT
via
e1s
x-content-type-options
nosniff
cf-cache-status
HIT
age
73934
p3p
CP="ALL DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT"
content-encoding
br
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified
Fri, 14 May 2021 06:41:59 GMT
server
cloudflare
etag
W/"14f2c-5c2448a7281f2"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/javascript; charset=utf-8
vary
Accept-Encoding
cache-control
public, max-age=172800
cf-ray
677be73a0c0242e7-FRA
cf-bgj
minify
app.js
app.groove.cm/groovemail/embed/
Redirect Chain
  • https://app.groovefunnels.com/groovemail/embed/app.js
  • https://app.groove.cm/groovemail/embed/app.js
3 MB
301 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://app.groove.cm/groovemail/embed/app.js
Requested by
Host: www.nhscovidapp.sambeatson.com
URL: https://www.nhscovidapp.sambeatson.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3033::ac43:8b0d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bee9266ce99959c08654ace434f1b5e4a54f51fda334409ac8f82b56da960dec

Request headers

Referer
https://www.nhscovidapp.sambeatson.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 01 Aug 2021 03:15:39 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Fri, 23 Jul 2021 03:08:11 GMT
server
cloudflare
age
2757
etag
W/"60fa329b-3027c5"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=92Rs6xA7lLTt%2BnWJazLr6WBRCQsjetuEOcYFXEHyuioOqnc%2B0M3e0uBqmo4r%2FigKZLbrC0PQ%2BI%2FDu5Q7PWKVJCgHYQiCEQp%2FxBsnAI049tfYsg%2B4NvJxMewbfl0fx5c2LEfxyWGwUK0sDLXa"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=14400
nel
{"report_to":"cf-nel","max_age":604800}
cf-ray
677be73a2d124ece-FRA
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400

Redirect headers

date
Sun, 01 Aug 2021 03:15:39 GMT
nel
{"report_to":"cf-nel","max_age":604800}
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=v%2FLYP1OAIPu0z2H%2B4pxH8wJifFOE4iebqutKPGHT78zYEo3P10HVk2Dyy8rMLCG3jriESFMOzAbxNVHJvDKl7xM4X%2Bhi4QJpUoKa97%2BFLYQRfDk9ZO0KlzuYUmzBL%2BohGjuECw6NVhwf32nQRCgq%2BfC58zw%3D"}],"group":"cf-nel","max_age":604800}
location
https://app.groove.cm/groovemail/embed/app.js
cache-control
private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cf-ray
677be73a0ed105f1-FRA
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-request-id
0ba14ed840000005f127b87000000001
expires
Thu, 01 Jan 1970 00:00:01 GMT
image02.jpg
www.nhscovidapp.sambeatson.com/assets/images/ 		315 B
315 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.nhscovidapp.sambeatson.com/assets/images/image02.jpg
Requested by
Host: www.nhscovidapp.sambeatson.com
URL: https://www.nhscovidapp.sambeatson.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
149.255.58.47 , United Kingdom, ASN34931 (AWARESOFT, GB),
Reverse DNS
cloud713.thundercloud.uk
Software
Apache /
Resource Hash
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Request headers

:path
/assets/images/image02.jpg
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
www.nhscovidapp.sambeatson.com
referer
https://www.nhscovidapp.sambeatson.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://www.nhscovidapp.sambeatson.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 01 Aug 2021 03:15:38 GMT
server
Apache
content-length
315
content-type
text/html; charset=iso-8859-1
cse.js
cse.google.com/ 		7 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cse.google.com/cse.js?cx=7b52fdcf708b4bba3
Requested by
Host: www.nhscovidapp.sambeatson.com
URL: https://www.nhscovidapp.sambeatson.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
gws /
Resource Hash
64e5c6b0fa34e8e382e96de9fb2c15e7942fe80b64d5875bb65e097c76da3fc9
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://www.nhscovidapp.sambeatson.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

bfcache-opt-in
unload
date
Sun, 01 Aug 2021 03:15:39 GMT
content-encoding
br
server
gws
x-frame-options
SAMEORIGIN
p3p
CP="This is not a P3P policy! See g.co/p3phelp for more info."
cache-control
private
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2879
x-xss-protection
0
expires
Sun, 01 Aug 2021 03:15:39 GMT
adsbygoogle.js
pagead2.googlesyndication.com/pagead/js/ 		136 KB
49 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Requested by
Host: www.nhscovidapp.sambeatson.com
URL: https://www.nhscovidapp.sambeatson.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
d77db41dc4c7b8c130a5569ce570646d824303b3909cbfc8767a5c513b4c9140
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.nhscovidapp.sambeatson.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 01 Aug 2021 03:15:39 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
49341
x-xss-protection
0
server
cafe
etag
5430280584477430018
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Sun, 01 Aug 2021 03:15:39 GMT
main.js
www.nhscovidapp.sambeatson.com/assets/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://www.nhscovidapp.sambeatson.com/assets/main.js
Requested by
Host: www.nhscovidapp.sambeatson.com
URL: https://www.nhscovidapp.sambeatson.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
149.255.58.47 , United Kingdom, ASN34931 (AWARESOFT, GB),
Reverse DNS
cloud713.thundercloud.uk
Software
Apache /
Resource Hash

Request headers

:path
/assets/main.js
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
www.nhscovidapp.sambeatson.com
referer
https://www.nhscovidapp.sambeatson.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://www.nhscovidapp.sambeatson.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 01 Aug 2021 03:15:38 GMT
server
Apache
content-length
315
content-type
text/html; charset=iso-8859-1
truncated
/ 		34 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
1e85ec81b9800b4c443d39caca0d0926089a3ac201120db1ceb45b93789480b8

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/gif
icons.29.svg.js
static.addtoany.com/menu/svg/ 		78 KB
33 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.addtoany.com/menu/svg/icons.29.svg.js
Requested by
Host: static.addtoany.com
URL: https://static.addtoany.com/menu/page.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2606:4700:10::6816:47c5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e30f848c353b8ab801c18d2109527cb32a27f145262dccb3cd4db9f309cc53bb
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.nhscovidapp.sambeatson.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 01 Aug 2021 03:15:39 GMT
via
e1s
x-content-type-options
nosniff
cf-cache-status
HIT
age
11341186
p3p
CP="ALL DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT"
content-encoding
br
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified
Mon, 31 Dec 2018 23:29:11 GMT
server
cloudflare
etag
W/"13937-57e59c7b88bd6"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/javascript; charset=utf-8
vary
Accept-Encoding
cache-control
max-age=315360000, immutable
cf-ray
677be73a5dfe05ed-FRA
cf-bgj
minify
NWY2ZjM4YzI2YmU2ZDA2MDBmNWEyMWMy
app.groove.cm/groovemail/form/view/ Frame 61FE 		4 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://app.groove.cm/groovemail/form/view/NWY2ZjM4YzI2YmU2ZDA2MDBmNWEyMWMy
Requested by
Host: app.groovefunnels.com
URL: https://app.groovefunnels.com/groovemail/embed/app.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3033::ac43:8b0d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1c70bcd7e90aeebef39b97060c4f307c8b31fe63c2f7b5ff01af68cbc209ece3

Request headers

:method
GET
:authority
app.groove.cm
:scheme
https
:path
/groovemail/form/view/NWY2ZjM4YzI2YmU2ZDA2MDBmNWEyMWMy
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://www.nhscovidapp.sambeatson.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://www.nhscovidapp.sambeatson.com/

Response headers

date
Sun, 01 Aug 2021 03:15:39 GMT
content-type
text/html
vary
Accept-Encoding
last-modified
Sat, 31 Jul 2021 00:04:30 GMT
cf-cache-status
DYNAMIC
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Qf5S08g3Sb24Tg9IxSERIe%2B5hsRoEVwNeQnPxVbh4X4Kn2sqnst1quyMUY1y2czTcskeirqQbygleGdce4IF3nYRTBZjTdzbCKXWemMsaBTlF9Ph9kTB3ytKkqf%2FRj5NKzrFixH3e1TNSSkG"}],"group":"cf-nel","max_age":604800}
nel
{"report_to":"cf-nel","max_age":604800}
server
cloudflare
cf-ray
677be73b1df54ece-FRA
content-encoding
br
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
truncated
/ 		185 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
2cebf37203bb8ffa6e9565037bf0339303b94d95e6730a8d97f8a4af7206a336

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/svg+xml
cse_element__en.js
www.google.com/cse/static/element/b54a745638da8bbb/ 		280 KB
92 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google.com/cse/static/element/b54a745638da8bbb/cse_element__en.js?usqp=CAI%3D
Requested by
Host: cse.google.com
URL: https://cse.google.com/cse.js?cx=7b52fdcf708b4bba3
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
94fc1b6f57eaec5b66d02212a4a8c63fb22b3b46c2643d76c1b39edeea337b71
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.nhscovidapp.sambeatson.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 27 Jul 2021 16:52:55 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
382964
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/prose-team
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
93992
x-xss-protection
0
last-modified
Wed, 30 Jun 2021 17:07:08 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Wed, 27 Jul 2022 16:52:55 GMT
default+en.css
www.google.com/cse/static/element/b54a745638da8bbb/ 		41 KB
9 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.google.com/cse/static/element/b54a745638da8bbb/default+en.css
Requested by
Host: cse.google.com
URL: https://cse.google.com/cse.js?cx=7b52fdcf708b4bba3
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
4c1355d27b14881a055e00a4a2afa4608b452c9780ac5c61e1b8f9fd55fa3e1e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.nhscovidapp.sambeatson.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 27 Jul 2021 16:52:55 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
382964
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/prose-team
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
9032
x-xss-protection
0
last-modified
Wed, 30 Jun 2021 17:07:08 GMT
server
sffe
vary
Accept-Encoding
content-type
text/css
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Wed, 27 Jul 2022 16:52:55 GMT
default.css
www.google.com/cse/static/style/look/v4/ 		4 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.google.com/cse/static/style/look/v4/default.css
Requested by
Host: cse.google.com
URL: https://cse.google.com/cse.js?cx=7b52fdcf708b4bba3
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
dcec22bbcb68119d6c7d6d5e088fb82183a9826d0c9e3403f1386fd837f06a89
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.nhscovidapp.sambeatson.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 01 Aug 2021 02:56:12 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
1167
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/prose-team
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1345
x-xss-protection
0
last-modified
Wed, 17 Jun 2020 00:00:00 GMT
server
sffe
vary
Accept-Encoding
content-type
text/css
cache-control
public, max-age=3000
accept-ranges
bytes
expires
Sun, 01 Aug 2021 03:46:12 GMT
main.js
www.nhscovidapp.sambeatson.com/assets/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://www.nhscovidapp.sambeatson.com/assets/main.js
Requested by
Host: www.nhscovidapp.sambeatson.com
URL: https://www.nhscovidapp.sambeatson.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
149.255.58.47 , United Kingdom, ASN34931 (AWARESOFT, GB),
Reverse DNS
cloud713.thundercloud.uk
Software
Apache /
Resource Hash

Request headers

:path
/assets/main.js
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
www.nhscovidapp.sambeatson.com
referer
https://www.nhscovidapp.sambeatson.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://www.nhscovidapp.sambeatson.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 01 Aug 2021 03:15:38 GMT
server
Apache
content-length
315
content-type
text/html; charset=iso-8859-1
show_ads_impl_with_ama_fy2019.js
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202107290101/ 		250 KB
93 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202107290101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-2300775173595760&plah=www.nhscovidapp.sambeatson.com&amaexp=1
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
92704f0026adca12f0fd6fca2cfcf6849d465c18126b13527cab79d4a668c9a2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.nhscovidapp.sambeatson.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 01 Aug 2021 03:15:39 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
95279
x-xss-protection
0
server
cafe
etag
1002108113196412170
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin
*
expires
Sun, 01 Aug 2021 03:15:39 GMT
zrt_lookup.html
googleads.g.doubleclick.net/pagead/html/r20210728/r20190131/ Frame BE28 		10 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/html/r20210728/r20190131/zrt_lookup.html
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
5d1310353e02e0a006b79b7d607131cb6d9411543a8957b772f565816fdf3ce4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
googleads.g.doubleclick.net
:scheme
https
:path
/pagead/html/r20210728/r20190131/zrt_lookup.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://www.nhscovidapp.sambeatson.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://www.nhscovidapp.sambeatson.com/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
vary
Accept-Encoding
date
Sun, 01 Aug 2021 00:54:55 GMT
expires
Sun, 15 Aug 2021 00:54:55 GMT
content-type
text/html; charset=UTF-8
etag
4389807852502320046
x-content-type-options
nosniff
content-encoding
gzip
server
cafe
content-length
4579
x-xss-protection
0
age
8444
cache-control
public, max-age=1209600
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
async-ads.js
cse.google.com/adsense/search/ 		148 KB
54 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cse.google.com/adsense/search/async-ads.js
Requested by
Host: www.google.com
URL: https://www.google.com/cse/static/element/b54a745638da8bbb/cse_element__en.js?usqp=CAI%3D
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
1f585fc95fc2a2e4c04a758967589277652849c9ce47b021e7666152c5895bb3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.nhscovidapp.sambeatson.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 01 Aug 2021 03:15:39 GMT
content-encoding
gzip
vary
Accept-Encoding
server
sffe
x-content-type-options
nosniff
etag
"12779429809493147570"
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
expires
Sun, 01 Aug 2021 03:15:39 GMT
clear.png
www.google.com/cse/static/css/v2/ 		1018 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/cse/static/css/v2/clear.png
Requested by
Host: www.google.com
URL: https://www.google.com/cse/static/element/b54a745638da8bbb/default+en.css
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
329d1a750114920332eadc55c129957d9dbe5a1b25745e2f7e0ed4fad75e04cd
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.google.com/cse/static/element/b54a745638da8bbb/default+en.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 26 Jul 2021 21:17:51 GMT
x-content-type-options
nosniff
last-modified
Mon, 25 May 2020 08:30:00 GMT
server
sffe
age
453468
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/prose-team
content-type
image/png
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1018
x-xss-protection
0
expires
Tue, 26 Jul 2022 21:17:51 GMT
branding.png
www.google.com/cse/static/images/1x/en/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/cse/static/images/1x/en/branding.png
Requested by
Host: www.nhscovidapp.sambeatson.com
URL: https://www.nhscovidapp.sambeatson.com/
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
331b2b1241f1f2a53744bdca867c5b76954d9431970e91f490f64c707fc24a16
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.nhscovidapp.sambeatson.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 27 Jul 2021 01:12:58 GMT
x-content-type-options
nosniff
last-modified
Mon, 25 May 2020 08:30:00 GMT
server
sffe
age
439361
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/prose-team
content-type
image/png
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1372
x-xss-protection
0
expires
Wed, 27 Jul 2022 01:12:58 GMT
generate_204
clients1.google.com/ 		0
199 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://clients1.google.com/generate_204
Requested by
Host: www.nhscovidapp.sambeatson.com
URL: https://www.nhscovidapp.sambeatson.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.nhscovidapp.sambeatson.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 01 Aug 2021 03:15:39 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
cookie.js
partner.googleadservices.com/gampad/ 		204 B
660 B 		Script
General
Check archive.org
Download Go to
Full URL
https://partner.googleadservices.com/gampad/cookie.js?domain=www.nhscovidapp.sambeatson.com&callback=_gfp_s_&client=ca-pub-2300775173595760
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202107290101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-2300775173595760&plah=www.nhscovidapp.sambeatson.com&amaexp=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
216.58.212.162 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
ams15s22-in-f2.1e100.net
Software
cafe /
Resource Hash
7471e4f5404f2616537ba184499301a88908e8761deefc9af33126ea611a2657
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.nhscovidapp.sambeatson.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 01 Aug 2021 03:15:39 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type
text/javascript; charset=UTF-8
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
194
x-xss-protection
0
integrator.js
adservice.google.de/adsid/ 		107 B
853 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.de/adsid/integrator.js?domain=www.nhscovidapp.sambeatson.com
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202107290101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-2300775173595760&plah=www.nhscovidapp.sambeatson.com&amaexp=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.nhscovidapp.sambeatson.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin
*
date
Sun, 01 Aug 2021 03:15:39 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
integrator.js
adservice.google.com/adsid/ 		107 B
570 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=www.nhscovidapp.sambeatson.com
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202107290101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-2300775173595760&plah=www.nhscovidapp.sambeatson.com&amaexp=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.nhscovidapp.sambeatson.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin
*
date
Sun, 01 Aug 2021 03:15:39 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
ads
googleads.g.doubleclick.net/pagead/ Frame F36A 		603 B
67 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2300775173595760&output=html&adk=1812271804&adf=3025194257&lmt=1601241422&plat=8%3A134217728%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fwww.nhscovidapp.sambeatson.com%2F&ea=0&flash=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1627787739454&bpp=3&bdt=273&idt=75&shv=r20210728&mjsv=m202107290101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=6151940634220&frm=20&pv=2&ga_vid=888147217.1627787740&ga_sid=1627787740&ga_hid=1218906403&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=20211866&oid=3&pvsid=3563695007242933&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=93
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202107290101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-2300775173595760&plah=www.nhscovidapp.sambeatson.com&amaexp=1
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
00daef3b4a945d15f73efa05e0ce2ca51f2f8252e1da8fae5c2efb0f6dddacce
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
googleads.g.doubleclick.net
:scheme
https
:path
/pagead/ads?client=ca-pub-2300775173595760&output=html&adk=1812271804&adf=3025194257&lmt=1601241422&plat=8%3A134217728%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fwww.nhscovidapp.sambeatson.com%2F&ea=0&flash=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1627787739454&bpp=3&bdt=273&idt=75&shv=r20210728&mjsv=m202107290101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=6151940634220&frm=20&pv=2&ga_vid=888147217.1627787740&ga_sid=1627787740&ga_hid=1218906403&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=20211866&oid=3&pvsid=3563695007242933&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=93
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://www.nhscovidapp.sambeatson.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://www.nhscovidapp.sambeatson.com/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
br
date
Sun, 01 Aug 2021 03:15:39 GMT
server
cafe
content-length
46
x-xss-protection
0
set-cookie
test_cookie=CheckForPermission; expires=Sun, 01-Aug-2021 03:30:39 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
osd.js
www.googletagservices.com/activeview/js/current/ 		73 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/osd.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202107290101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-2300775173595760&plah=www.nhscovidapp.sambeatson.com&amaexp=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
163ad32a13401b1f5387b23c7d749fccac8da49e9914584fe3aca42884532c09
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.nhscovidapp.sambeatson.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 01 Aug 2021 03:15:39 GMT
content-encoding
gzip
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server
sffe
etag
"1627644667915703"
vary
Accept-Encoding
content-type
text/javascript
cache-control
private, max-age=3000
x-content-type-options
nosniff
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
27995
x-xss-protection
0
expires
Sun, 01 Aug 2021 03:15:39 GMT
app.css
app.groove.cm/groovemail/css/ Frame 61FE 		2 MB
289 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://app.groove.cm/groovemail/css/app.css
Requested by
Host: app.groove.cm
URL: https://app.groove.cm/groovemail/form/view/NWY2ZjM4YzI2YmU2ZDA2MDBmNWEyMWMy
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3033::ac43:8b0d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5b68fbca96c94ece5ff9310e37f8cc8fa6ee5b24f783e5fd5d37e0a51b152f4d

Request headers

Referer
https://app.groove.cm/groovemail/form/view/NWY2ZjM4YzI2YmU2ZDA2MDBmNWEyMWMy
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 01 Aug 2021 03:15:39 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Sat, 31 Jul 2021 00:04:30 GMT
server
cloudflare
age
2757
etag
W/"6104938e-2549ee"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XCMgzxUnjTpp0LojpXgIm3pB%2BpgtdIxNqJa1g1ZbYhRFwYPgR5rg%2FWh%2Fr%2BFB8HvwokkMG1cx6h7krD15WlDs0WtRygqNZfjQ5%2FN15BNmTMe8w4hiD0JQwDMh97sdlmNfGbVx%2FMHPl%2FMYZ9Vs"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=14400
nel
{"report_to":"cf-nel","max_age":604800}
cf-ray
677be73c4f684ece-FRA
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
app.js
app.groove.cm/groovemail/js/ Frame 61FE 		11 MB
3 MB 		Script
General
Check archive.org
Download Go to
Full URL
https://app.groove.cm/groovemail/js/app.js
Requested by
Host: app.groove.cm
URL: https://app.groove.cm/groovemail/form/view/NWY2ZjM4YzI2YmU2ZDA2MDBmNWEyMWMy
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3033::ac43:8b0d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9da1ee5332d2aa60444d9f4ef164d014d53f5fbf23fc78845bfec8f5562c4bf5

Request headers

Referer
https://app.groove.cm/groovemail/form/view/NWY2ZjM4YzI2YmU2ZDA2MDBmNWEyMWMy
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 01 Aug 2021 03:15:39 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Sat, 31 Jul 2021 00:04:30 GMT
server
cloudflare
age
2757
etag
W/"6104938e-aafbc3"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=py9bZs9lSDmSKZfFcDiXHZEKcaLRRTTH7CdhMkyXks0xKU0uYNY3hHrmXQXDV8K3Ksmfi7GAiCbW5yqtUzF9uhAL2d3tXQnOj1TzKwnize%2F8g2gJzyVmSm9I2ZEO7pXlEz4j90BkcbCr8KmX"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=14400
nel
{"report_to":"cf-nel","max_age":604800}
cf-ray
677be73c4f6b4ece-FRA
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
css2
fonts.googleapis.com/ Frame 61FE 		8 KB
720 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Nunito+Sans:ital,wght@0,300;0,400;0,600;0,700;0,800;0,900;1,400&display=swap
Requested by
Host: app.groove.cm
URL: https://app.groove.cm/groovemail/form/view/NWY2ZjM4YzI2YmU2ZDA2MDBmNWEyMWMy
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
e345cc9cd43f23662004c176ec7aa6cd7c16d4bd3530e99a88085177daf790af
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://app.groove.cm/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Sun, 01 Aug 2021 03:15:39 GMT
server
ESF
date
Sun, 01 Aug 2021 03:15:39 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Sun, 01 Aug 2021 03:15:39 GMT
iframeResizer.contentWindow.min.js
cdnjs.cloudflare.com/ajax/libs/iframe-resizer/4.2.8/ Frame 61FE 		13 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/iframe-resizer/4.2.8/iframeResizer.contentWindow.min.js
Requested by
Host: app.groove.cm
URL: https://app.groove.cm/groovemail/form/view/NWY2ZjM4YzI2YmU2ZDA2MDBmNWEyMWMy
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:135e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6b79dedcd9e48e0977603301bb9dd2809400389cc0978578e6001c91dfaec993
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

Referer
https://app.groove.cm/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 01 Aug 2021 03:15:39 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
age
765502
cross-origin-resource-policy
cross-origin
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length
4395
timing-allow-origin
*
last-modified
Mon, 04 May 2020 16:11:11 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb03e9f-348d"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15780000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nywr%2FX4ZmEwMZ25tSlJoAlML%2BOWn%2FbbgQPQfVdOgsAcwKCDFizlBchQ7MJBPE1iOCYPLwwPvb3v2gpu35d%2FGBDpB8teIBbo7pPJ5JDPvAt%2FXHFtIMuLS8LGMWt5D8dLu4CkoE3pFA%2F%2B12Z%2FlrHN%2FHZhN"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=30672000
accept-ranges
bytes
cf-ray
677be73c491505f1-FRA
expires
Fri, 22 Jul 2022 03:15:39 GMT
heap-3364072150.js
cdn.heapanalytics.com/js/ Frame 61FE 		107 KB
41 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.heapanalytics.com/js/heap-3364072150.js
Requested by
Host: app.groove.cm
URL: https://app.groove.cm/groovemail/form/view/NWY2ZjM4YzI2YmU2ZDA2MDBmNWEyMWMy
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.96.42 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-96-42.zrh50.r.cloudfront.net
Software
nginx /
Resource Hash
4b3976390333f9b70fa9c60dee45d260bd17e0a71297323a86a1a9735c249202
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://app.groove.cm/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 01 Aug 2021 03:14:19 GMT
content-encoding
gzip
server
nginx
age
80
etag
W/"1aba4-s4AVxxTw/PbIeUk82e+Xaw"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript; charset=utf-8
via
1.1 a63182cf51dce7998774e112bf9ee7c6.cloudfront.net (CloudFront)
cache-control
public, max-age=120
x-amz-cf-pop
ZRH50-C1
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-id
RrRLnE52rRA9Ak0XaRW_Ex5s8gp0C-zkT3RZ1iJqzW_4rQoSMK_2hQ==
gtm.js
www.googletagmanager.com/ Frame 61FE 		174 KB
60 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-MKWM7K2
Requested by
Host: app.groove.cm
URL: https://app.groove.cm/groovemail/form/view/NWY2ZjM4YzI2YmU2ZDA2MDBmNWEyMWMy
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
9744d1564c18e14faf2a00cb6be828062997c339e80bf5ea50bf6417a0fb7f40
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://app.groove.cm/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 01 Aug 2021 03:15:39 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
61462
x-xss-protection
0
last-modified
Sun, 01 Aug 2021 03:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Sun, 01 Aug 2021 03:15:39 GMT
font-awesome.min.css
stackpath.bootstrapcdn.com/font-awesome/4.7.0/css/ Frame 61FE 		30 KB
7 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://stackpath.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css
Requested by
Host: app.groove.cm
URL: https://app.groove.cm/groovemail/css/app.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:acf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://app.groove.cm/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 01 Aug 2021 03:15:39 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
cdn-edgestorageid
723, 617, 617
age
11341186
cdn-cachedat
2021-03-11 11:57:51
cdn-pullzone
252412
cross-origin-resource-policy
cross-origin
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
timing-allow-origin
*
access-control-allow-origin
*
last-modified
Mon, 25 Jan 2021 22:04:55 GMT
server
cloudflare
cdn-requestpullcode
200
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/css; charset=utf-8
cdn-cache
HIT
vary
Accept-Encoding
cache-control
public, max-age=31919000
cdn-uid
b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestid
6fc1a75116c932681ed09108db37b84c
cf-ray
677be73cac212b12-FRA
cdn-requestcountrycode
DE
cdn-requestpullsuccess
True
css2
fonts.googleapis.com/ Frame 61FE 		706 KB
136 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Abril+Fatface&family=Amatic+SC:wght@400;700&family=Architects+Daughter&family=Asap:wght@400;700&family=Balsamiq+Sans:wght@400;700&family=Barlow:wght@400;700;900&family=Bebas+Neue&family=Bitter:wght@400;700;900&family=Cabin:wght@400;700&family=Cairo:wght@400;700&family=Cormorant+Garamond:wght@400;700&family=Crimson+Text:wght@400;700&family=Dancing+Script:wght@400;700&family=Fira+Sans:wght@400;700;900&family=Fjalla+One&family=Indie+Flower&family=Josefin+Sans:wght@400;700&family=Lato:wght@400;700;900&family=Libre+Baskerville:wght@400;700&family=Libre+Franklin:wght@400;700;900&family=Lobster&family=Lora:wght@400;700&family=Martel:wght@400;700;900&family=Merriweather:wght@400;700;900&family=Montserrat:wght@400;700;900&family=Mukta:wght@400;700&family=Noto+Sans+JP:wght@400;700&family=Noto+Sans+KR:wght@400;700;900&family=Noto+Sans:wght@400;700&family=Noto+Serif:wght@400;700&family=Nunito+Sans:wght@200;300;400;700;900&family=Nunito:wght@300;400;700;900&family=Old+Standard+TT:wght@400;700&family=Open+Sans+Condensed:wght@300;700&family=Open+Sans:wght@300;400;700&family=Oswald:wght@400;700&family=Overpass:wght@400;700;900&family=Oxygen:wght@300;400;700&family=PT+Sans+Narrow:wght@400;700&family=PT+Sans:wght@400;700&family=PT+Serif:wght@400;700&family=Pacifico&family=Playfair+Display:wght@400;700;900&family=Poppins:ital,wght@0,400;0,700;1,900&family=Raleway:wght@400;700;900&family=Roboto+Condensed:wght@400;700&family=Roboto+Slab:wght@400;700;900&family=Roboto:ital,wght@0,100;0,300;0,400;0,500;0,700;0,900;1,100;1,300;1,400;1,500;1,700;1,900&family=Rubik:ital,wght@0,400;0,700;1,900&family=Shadows+Into+Light&family=Signika:wght@400;700&family=Slabo+27px&family=Source+Code+Pro:wght@400;700;900&family=Source+Sans+Pro:wght@400;700;900&family=Source+Serif+Pro:wght@400;700;900&family=Tajawal:wght@400;700;900&family=Titillium+Web:wght@400;700;900&family=Ubuntu:wght@400;700&family=Work+Sans:wght@400;700;900&display=swap
Requested by
Host: app.groove.cm
URL: https://app.groove.cm/groovemail/css/app.css
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
4f04b92c9b78db3b85cc0e0ba8a9df33317a5969fc40f0853d24e5f2968cde46
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://app.groove.cm/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Sun, 01 Aug 2021 02:23:18 GMT
server
ESF
date
Sun, 01 Aug 2021 03:15:39 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Sun, 01 Aug 2021 03:15:39 GMT
js
www.googletagmanager.com/gtag/ Frame 61FE 		127 KB
50 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-VQKC5VQTH1&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MKWM7K2
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
578a23171786489c8780c44f85401d28fa16baf31b35aa4f0089b3bd349763c4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://app.groove.cm/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 01 Aug 2021 03:15:39 GMT
content-encoding
br
server
Google Tag Manager
access-control-allow-headers
Cache-Control
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; includeSubDomains
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
51088
x-xss-protection
0
expires
Sun, 01 Aug 2021 03:15:39 GMT
analytics.js
www.google-analytics.com/ Frame 61FE 		48 KB
19 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MKWM7K2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e61660c659c426e45bce2937dddb01af6b550502a2904546575c1ec2ba1121dd
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://app.groove.cm/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 13 Jul 2021 18:24:06 GMT
server
Golfe2
age
5945
date
Sun, 01 Aug 2021 01:36:34 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
19672
expires
Sun, 01 Aug 2021 03:36:34 GMT
conversion_async.js
www.googleadservices.com/pagead/ Frame 61FE 		36 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googleadservices.com/pagead/conversion_async.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MKWM7K2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.184.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s11-in-f2.1e100.net
Software
cafe /
Resource Hash
8069956acb4c566506ff71f7a23c8e23f75ce9443384fe3393ed5c846924026e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://app.groove.cm/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 01 Aug 2021 03:15:39 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13910
x-xss-protection
0
server
cafe
etag
8154934153164151798
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Sun, 01 Aug 2021 03:15:39 GMT
ytc.js
s.yimg.com/wi/ Frame 61FE 		15 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s.yimg.com/wi/ytc.js
Requested by
Host: www.nhscovidapp.sambeatson.com
URL: https://www.nhscovidapp.sambeatson.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1288:80:800::7000 Frankfurt am Main, Germany, ASN203220 (YAHOO-DEB, GB),
Reverse DNS
Software
ATS /
Resource Hash
b9e6c38b3493790e6525ba6715ad839211cab5db3ddc80c7f70f20f92679fee6
Security Headers
Name Value
Strict-Transport-Security max-age=15552000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://app.groove.cm/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

ats-carp-promotion
1
date
Sun, 01 Aug 2021 03:04:53 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
647
x-amz-server-side-encryption
AES256
vary
Origin, Accept-Encoding
content-length
5639
x-amz-id-2
wudKQQrHw/WcGSjfH43Q8nwgZ+4m5W13O9nOypA4XLwmevbr3MmDTs6q6wEty2FFXYcZIOtcNVU=
referrer-policy
no-referrer-when-downgrade
x-amz-expiration
expiry-date="Sat, 02 Jul 2022 00:00:00 GMT", rule-id="oath-standard-lifecycle"
last-modified
Thu, 27 May 2021 13:00:20 GMT
server
ATS
etag
"6de43f1c725d89777edaa2bc5d679ecb-df"
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security
max-age=15552000
x-amz-request-id
FT6REXXMMYCSX8TZ
x-xss-protection
1; mode=block
cache-control
public,max-age=3600
x-amz-version-id
Bv0RNzsjZsSn6kGrZjdvdggYqc20u__d
accept-ranges
bytes
content-type
application/javascript
bat.js
bat.bing.com/ Frame 61FE 		30 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://bat.bing.com/bat.js
Requested by
Host: www.nhscovidapp.sambeatson.com
URL: https://www.nhscovidapp.sambeatson.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
5c1282fb121104f5a505ecbfd7194e64c98db6b830684450dcfc478021d05257

Request headers

Referer
https://app.groove.cm/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 01 Aug 2021 03:15:39 GMT
content-encoding
gzip
last-modified
Wed, 28 Jul 2021 18:27:37 GMT
x-msedge-ref
Ref A: 33AE54788E48448AB031D30123DDF056 Ref B: FRAEDGE1407 Ref C: 2021-08-01T03:15:39Z
etag
"80f2963dde83d71:0"
vary
Accept-Encoding
x-cache
CONFIG_NOCACHE
content-type
application/javascript
access-control-allow-origin
*
cache-control
private,max-age=1800
accept-ranges
bytes
content-length
9024
ld.js
static.criteo.net/js/ld/ Frame 61FE 		39 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.criteo.net/js/ld/ld.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MKWM7K2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
nginx /
Resource Hash
76c79d3af714cd2570cdee0ff55daf2022f51477a4b5a89de470068280f8ddb1

Request headers

Referer
https://app.groove.cm/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 01 Aug 2021 03:15:39 GMT
content-encoding
gzip
last-modified
Thu, 17 Jun 2021 10:54:06 GMT
server
nginx
etag
W/"60cb29ce-9d98"
content-type
text/javascript
access-control-allow-origin
*
cache-control
max-age=86400, public
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
expires
Mon, 02 Aug 2021 03:15:39 GMT
universal-script
175592.tracking.hyros.com/v1/lst/ Frame 61FE 		11 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://175592.tracking.hyros.com/v1/lst/universal-script?ph=8d32ccb64bc3b013ad08e3b3db8b5c12f7094658f7a1802e1282fdafe6b1af24&tag=!tracking
Requested by
Host: www.nhscovidapp.sambeatson.com
URL: https://www.nhscovidapp.sambeatson.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.55.4.239 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-55-4-239.compute-1.amazonaws.com
Software
Jetty(9.4.41.v20210516) /
Resource Hash
b3e303a1090ced3fb72c2f8a03a46fcb46aabe6d6cd0158b506708c3a4ad202b

Request headers

Referer
https://app.groove.cm/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 01 Aug 2021 03:15:40 GMT
access-control-allow-credentials
true
server
Jetty(9.4.41.v20210516)
access-control-expose-headers
Session-ID
access-control-max-age
86400
access-control-allow-methods
GET, PUT, POST, OPTIONS, DELETE
content-type
text/plain;charset=utf-8
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/646915355/ Frame 61FE 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/646915355/?random=1627787739827&cv=9&fst=1627787739827&num=1&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg7s0&sendb=1&ig=1&frm=2&url=https%3A%2F%2Fapp.groove.cm%2Fgroovemail%2Fform%2Fview%2FNWY2ZjM4YzI2YmU2ZDA2MDBmNWEyMWMy&ref=https%3A%2F%2Fwww.nhscovidapp.sambeatson.com%2F&tiba=GrooveFunnels&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4
Requested by
Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
af324ff33e27041b85f263b35345150df04d5ffb25ab7de6a1915084e1c52662
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://app.groove.cm/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 01 Aug 2021 03:15:39 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1062
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
10139345.json
s.yimg.com/wi/config/ Frame 61FE 		2 B
497 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://s.yimg.com/wi/config/10139345.json
Requested by
Host: s.yimg.com
URL: https://s.yimg.com/wi/ytc.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1288:80:800::7000 Frankfurt am Main, Germany, ASN203220 (YAHOO-DEB, GB),
Reverse DNS
Software
ATS /
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
Security Headers
Name Value
Strict-Transport-Security max-age=15552000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://app.groove.cm/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 01 Aug 2021 03:15:15 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
24
vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
x-amz-request-id
41HWJG2WCVQF69EY
x-amz-id-2
oAmZKRMYly0jG/KLYuHLvARMKwMX27iMECQW6zdaiqGLJ+Q52A3yOjeIBZXzhBBQqzLinOZ2jo4=
referrer-policy
no-referrer-when-downgrade
server
ATS
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security
max-age=15552000
access-control-allow-methods
GET
content-type
application/json
access-control-allow-origin
*
x-xss-protection
1; mode=block
cache-control
public,max-age=3600
content-length
22
17533112.js
bat.bing.com/p/action/ Frame 61FE 		0
128 B 		Script
General
Check archive.org
Download Go to
Full URL
https://bat.bing.com/p/action/17533112.js
Requested by
Host: bat.bing.com
URL: https://bat.bing.com/bat.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/ ARR/3.0
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://app.groove.cm/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin
*
date
Sun, 01 Aug 2021 03:15:39 GMT
cache-control
private,max-age=86400
x-msedge-ref
Ref A: FC430C747DD04C76B3D2C330B56389EF Ref B: FRAEDGE1407 Ref C: 2021-08-01T03:15:39Z
x-powered-by
ARR/3.0
x-cache
CONFIG_NOCACHE
event
widget.us.criteo.com/ Frame 61FE
Redirect Chain
  • https://sslwidget.criteo.com/event?a=81296&v=5.7.1&p0=e%3Dexd%26site_type%3Dd%26ref%3Dhttps%253A%252F%252Fwww.nhscovidapp.sambeatson.com&p1=e%3Dvh&p2=e%3Dvp%26p%3D1&p3=e%3Ddis&tld=app.groove.cm&dty...
  • https://widget.us.criteo.com/event?a=81296&v=5.7.1&p0=e%3Dexd%26site_type%3Dd%26ref%3Dhttps%253A%252F%252Fwww.nhscovidapp.sambeatson.com&p1=e%3Dvh&p2=e%3Dvp%26p%3D1&p3=e%3Ddis&tld=app.groove.cm&dty...
7 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://widget.us.criteo.com/event?a=81296&v=5.7.1&p0=e%3Dexd%26site_type%3Dd%26ref%3Dhttps%253A%252F%252Fwww.nhscovidapp.sambeatson.com&p1=e%3Dvh&p2=e%3Dvp%26p%3D1&p3=e%3Ddis&tld=app.groove.cm&dtycbr=46211
Requested by
Host: app.groove.cm
URL: https://app.groove.cm/groovemail/form/view/NWY2ZjM4YzI2YmU2ZDA2MDBmNWEyMWMy
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
74.119.119.150 , United States, ASN19750 (AS-CRITEO, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
935d06703db98502a4d15072006fb758e82b55ed80551cc9c833870ee6769a24

Request headers

Referer
https://app.groove.cm/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 01 Aug 2021 03:15:39 GMT
content-encoding
gzip
server
Microsoft-IIS/10.0
timing-allow-origin
*
x-powered-by
ASP.NET
vary
Accept-Encoding
p3p
NON DSP COR CURa PSA PSD OUR BUS NAV STA
cache-control
no-cache
cross-origin-resource-policy
cross-origin
server-processing-duration-in-ticks
25183
content-type
application/x-javascript
content-length
3636
expires
0

Redirect headers

pragma
no-cache
date
Sun, 01 Aug 2021 03:15:39 GMT
server
Microsoft-IIS/10.0
location
https://widget.us.criteo.com/event?a=81296&v=5.7.1&p0=e%3Dexd%26site_type%3Dd%26ref%3Dhttps%253A%252F%252Fwww.nhscovidapp.sambeatson.com&p1=e%3Dvh&p2=e%3Dvp%26p%3D1&p3=e%3Ddis&tld=app.groove.cm&dtycbr=46211
cache-control
no-cache
cross-origin-resource-policy
cross-origin
server-processing-duration-in-ticks
4155
timing-allow-origin
*
content-length
0
expires
0
matomo.js
matomo.groovetech.io/ Frame 61FE 		100 KB
32 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://matomo.groovetech.io/matomo.js
Requested by
Host: app.groove.cm
URL: https://app.groove.cm/groovemail/js/app.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
51.161.92.183 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS
ip183.ip-51-161-92.net
Software
nginx/1.19.2 /
Resource Hash
68fed142b211b51c4d2e9b610dd4d09bc4812739b5beaa63535d88e38e90a946

Request headers

Referer
https://app.groove.cm/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 01 Aug 2021 03:15:40 GMT
content-encoding
gzip
last-modified
Tue, 21 Jul 2020 21:11:02 GMT
server
nginx/1.19.2
etag
"19167-5aafa0f820d0f-gzip"
vary
Accept-Encoding
content-type
application/javascript
accept-ranges
bytes
content-length
32444
93490338-5b57-447e-9e32-ebc1afd43618
https://app.groove.cm/ Frame 61FE 		98 B
0 		Script
General
Check archive.org
Download Go to
Full URL
blob:https://app.groove.cm/93490338-5b57-447e-9e32-ebc1afd43618
Requested by
Host: app.groove.cm
URL: https://app.groove.cm/groovemail/js/app.js
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
897a12cd42d10e175dc370d84d4cb55381e75e6aeaed9b3c53d0f131b85afb66

Request headers

Origin
https://app.groove.cm
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Length
98
Content-Type
text/javascript
0
bat.bing.com/action/ Frame 61FE 		0
149 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bat.bing.com/action/0?ti=17533112&Ver=2&mid=b05bd684-357e-4afe-b1bd-57ed5099fcfb&pi=0&lg=en-US&sw=1600&sh=1200&sc=24&tl=GrooveFunnels&p=https%3A%2F%2Fwww.nhscovidapp.sambeatson.com%2F&r=&lt=1177&evt=pageLoad&ifm=1&msclkid=N&sv=1&rn=767795
Requested by
Host: app.groove.cm
URL: https://app.groove.cm/groovemail/form/view/NWY2ZjM4YzI2YmU2ZDA2MDBmNWEyMWMy
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://app.groove.cm/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin
*
pragma
no-cache
date
Sun, 01 Aug 2021 03:15:39 GMT
cache-control
no-cache, must-revalidate
x-msedge-ref
Ref A: 16F0433E14434D2AB3DFF41CD018DF34 Ref B: FRAEDGE1407 Ref C: 2021-08-01T03:15:40Z
x-cache
CONFIG_NOCACHE
expires
Fri, 01 Jan 1990 00:00:00 GMT
syncframe
gum.criteo.com/ Frame B24A 		11 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://gum.criteo.com/syncframe?topUrl=www.nhscovidapp.sambeatson.com&origin=onetag
Requested by
Host: static.criteo.net
URL: https://static.criteo.net/js/ld/ld.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:1::13 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
/
Resource Hash
371f0ceab6655c8448f64525b1d11186cb67ca91398655ddf145c93d77964f91
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

:method
GET
:authority
gum.criteo.com
:scheme
https
:path
/syncframe?topUrl=www.nhscovidapp.sambeatson.com&origin=onetag
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://app.groove.cm/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://app.groove.cm/

Response headers

cache-control
private, max-age=3600
content-type
text/html; charset=utf-8
content-encoding
gzip
vary
Accept-Encoding
strict-transport-security
max-age=31536000
cross-origin-resource-policy
cross-origin
cross-origin-embedder-policy
require-corp
server-processing-duration-in-ticks
2261
set-cookie
uid=3357e4d6-f3e5-4367-bda4-b67abf7764c1; expires=Fri, 26 Aug 2022 03:15:39 GMT; domain=.criteo.com; path=/; secure; samesite=none
date
Sun, 01 Aug 2021 03:15:40 GMT
content-length
4664
h
heapanalytics.com/ Frame 61FE 		37 B
259 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://heapanalytics.com/h?a=3364072150&u=5351642209373056&v=3676035484412072&s=6606281957696096&b=web&tv=4.0&z=0&h=%2Fgroovemail%2Fform%2Fview%2FNWY2ZjM4YzI2YmU2ZDA2MDBmNWEyMWMy&d=app.groove.cm&t=GrooveFunnels&r=https%3A%2F%2Fwww.nhscovidapp.sambeatson.com%2F&ts=1627787740709&st=1627787740710
Requested by
Host: app.groove.cm
URL: https://app.groove.cm/groovemail/form/view/NWY2ZjM4YzI2YmU2ZDA2MDBmNWEyMWMy
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.201.89.61 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-201-89-61.compute-1.amazonaws.com
Software
nginx /
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://app.groove.cm/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 01 Aug 2021 03:15:40 GMT
server
nginx
etag
W/"25-PqzQEyMQ6kTK11azeKO8Bw"
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
cache-control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
content-length
37
/
www.google.com/pagead/1p-user-list/646915355/ Frame 61FE 		42 B
64 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/pagead/1p-user-list/646915355/?random=1627787739827&cv=9&fst=1627786800000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg7s0&sendb=1&frm=2&url=https%3A%2F%2Fapp.groove.cm%2Fgroovemail%2Fform%2Fview%2FNWY2ZjM4YzI2YmU2ZDA2MDBmNWEyMWMy&ref=https%3A%2F%2Fwww.nhscovidapp.sambeatson.com%2F&tiba=GrooveFunnels&async=1&fmt=3&is_vtc=1&random=3095995206&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y
Requested by
Host: app.groove.cm
URL: https://app.groove.cm/groovemail/form/view/NWY2ZjM4YzI2YmU2ZDA2MDBmNWEyMWMy
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://app.groove.cm/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 01 Aug 2021 03:15:40 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.de/pagead/1p-user-list/646915355/ Frame 61FE 		42 B
64 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/pagead/1p-user-list/646915355/?random=1627787739827&cv=9&fst=1627786800000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg7s0&sendb=1&frm=2&url=https%3A%2F%2Fapp.groove.cm%2Fgroovemail%2Fform%2Fview%2FNWY2ZjM4YzI2YmU2ZDA2MDBmNWEyMWMy&ref=https%3A%2F%2Fwww.nhscovidapp.sambeatson.com%2F&tiba=GrooveFunnels&async=1&fmt=3&is_vtc=1&random=3095995206&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
Requested by
Host: app.groove.cm
URL: https://app.groove.cm/groovemail/form/view/NWY2ZjM4YzI2YmU2ZDA2MDBmNWEyMWMy
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://app.groove.cm/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 01 Aug 2021 03:15:40 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
config.js
app.groove.cm/config/ Frame 61FE 		248 B
485 B 		Script
General
Check archive.org
Download Go to
Full URL
https://app.groove.cm/config/config.js
Requested by
Host: www.nhscovidapp.sambeatson.com
URL: https://www.nhscovidapp.sambeatson.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3033::ac43:8b0d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
17185a0b1982c1bde62cdb39adc50121f7313c2011ef45bbb26ef50b8c76843b

Request headers

Origin
https://app.groove.cm
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 01 Aug 2021 03:15:40 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Sat, 31 Jul 2021 00:32:53 GMT
server
cloudflare
age
2756
etag
W/"61049a35-f8"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Azu8SUUzOdFW%2BkA2plv%2B%2BX3xsnxks%2FiS3o8GVnefQFUgcjbETTCWghhdRhPnRKeZgiBT0IheVsfVLSLq%2FM8nYHxdyX6j%2Be5mbYAFzpIXqt8T4CZuz7BCBTp88KuPAbmLJM%2BqgABitqGPyzjD"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=14400
nel
{"report_to":"cf-nel","max_age":604800}
cf-ray
677be7437e6e4ece-FRA
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
gusid
175592.tracking.hyros.com/v1/lst/ Frame 61FE 		0
456 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://175592.tracking.hyros.com/v1/lst/gusid?
Requested by
Host: 175592.tracking.hyros.com
URL: https://175592.tracking.hyros.com/v1/lst/universal-script?ph=8d32ccb64bc3b013ad08e3b3db8b5c12f7094658f7a1802e1282fdafe6b1af24&tag=!tracking
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.55.4.239 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-55-4-239.compute-1.amazonaws.com
Software
Jetty(9.4.41.v20210516) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Product-ID
175592
Referer
https://app.groove.cm/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 01 Aug 2021 03:15:41 GMT
session-id
HB-ET_9d61a8960a504a3be3baffa60914a61b4829b092eebea9be86417ba1577be998
etag
HB-ET_9d61a8960a504a3be3baffa60914a61b4829b092eebea9be86417ba1577be998
access-control-max-age
86400
access-control-allow-methods
GET, PUT, POST, OPTIONS, DELETE
access-control-allow-origin
https://app.groove.cm
access-control-expose-headers
Session-ID
access-control-allow-credentials
true
content-length
0
server
Jetty(9.4.41.v20210516)
gusid
175592.tracking.hyros.com/v1/lst/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://175592.tracking.hyros.com/v1/lst/gusid?
Protocol
H2
Server
52.55.4.239 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-55-4-239.compute-1.amazonaws.com
Software
Jetty(9.4.41.v20210516) /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Method
GET
Access-Control-Request-Headers
product-id
Origin
https://app.groove.cm
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

date
Sun, 01 Aug 2021 03:15:40 GMT
content-type
application/vnd.sun.wadl+xml;charset=utf-8
content-length
1439
access-control-allow-origin
https://app.groove.cm
access-control-allow-methods
GET, PUT, POST, OPTIONS, DELETE
access-control-allow-headers
product-id
access-control-expose-headers
Session-ID
access-control-max-age
86400
access-control-allow-credentials
true
allow
HEAD,GET,OPTIONS
last-modified
Sun, 01 Aug 2021 03:15:40 UTC
server
Jetty(9.4.41.v20210516)
sid
mug.criteo.com/ Frame B24A
Redirect Chain
  • https://gum.criteo.com/sid/json?origin=onetag&domain=app.groove.cm&sn=ChromeSyncframe&so=0&topUrl=www.nhscovidapp.sambeatson.com
  • https://mug.criteo.com/sid?cpp=cFbkInxRdVhFUG13S3V0TEl4UTZZM2duQ2hKeXFJUXhCcXBadThGQ2YrVWxvQXdwckoyeHdwKzNlVlI2T09IcEdKYW5FTkllTFVoWGJKZmJrZXJhQW1sUEZVQ0JrNTBJQjJzWWpJV2d4YzlJY0MrR0xCU051bVIweHErdV...
331 B
549 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://mug.criteo.com/sid?cpp=cFbkInxRdVhFUG13S3V0TEl4UTZZM2duQ2hKeXFJUXhCcXBadThGQ2YrVWxvQXdwckoyeHdwKzNlVlI2T09IcEdKYW5FTkllTFVoWGJKZmJrZXJhQW1sUEZVQ0JrNTBJQjJzWWpJV2d4YzlJY0MrR0xCU051bVIweHErdVRrcGZwN3krUjQ3OEJXdTFLVU1qRVozYVcyNVUvUWZJcmEzRm8wRzg1Y0dMWU1YczFHQU9waVlhd09hYzAxaHJtVStzZlR5OHk5TllIbnh1UWE3R05pWm9xdzNMTWFnPT18&cppv=2
Requested by
Host: app.groove.cm
URL: https://app.groove.cm/groovemail/form/view/NWY2ZjM4YzI2YmU2ZDA2MDBmNWEyMWMy
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.2.146 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
/
Resource Hash
c94ec041cf9614b95b4d4064ed8a7bad26e72e11f4263ce4d435f7bae72d32c0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://gum.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=31536000
content-encoding
gzip
date
Sun, 01 Aug 2021 03:15:40 GMT
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/json; charset=utf-8
access-control-allow-origin
https://gum.criteo.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
server-processing-duration-in-ticks
2420
expires
0

Redirect headers

pragma
no-cache
strict-transport-security
max-age=31536000
date
Sun, 01 Aug 2021 03:15:40 GMT
content-type
text/html; charset=utf-8
location
https://mug.criteo.com/sid?cpp=cFbkInxRdVhFUG13S3V0TEl4UTZZM2duQ2hKeXFJUXhCcXBadThGQ2YrVWxvQXdwckoyeHdwKzNlVlI2T09IcEdKYW5FTkllTFVoWGJKZmJrZXJhQW1sUEZVQ0JrNTBJQjJzWWpJV2d4YzlJY0MrR0xCU051bVIweHErdVRrcGZwN3krUjQ3OEJXdTFLVU1qRVozYVcyNVUvUWZJcmEzRm8wRzg1Y0dMWU1YczFHQU9waVlhd09hYzAxaHJtVStzZlR5OHk5TllIbnh1UWE3R05pWm9xdzNMTWFnPT18&cppv=2
cache-control
no-cache, no-store, must-revalidate
server-processing-duration-in-ticks
1628
content-length
455
expires
0
sync
x.bidswitch.net/ul_cb/ Frame D27E
Redirect Chain
  • https://x.bidswitch.net/sync?dsp_id=46&user_id=k-G4NEob8QfOtBTXRHOWujBUB-mOgN0ctG7CKt3g&expires=30&user_group=5
  • https://x.bidswitch.net/ul_cb/sync?dsp_id=46&user_id=k-G4NEob8QfOtBTXRHOWujBUB-mOgN0ctG7CKt3g&expires=30&user_group=5
43 B
344 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://x.bidswitch.net/ul_cb/sync?dsp_id=46&user_id=k-G4NEob8QfOtBTXRHOWujBUB-mOgN0ctG7CKt3g&expires=30&user_group=5
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.59.115.28 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-59-115-28.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 01 Aug 2021 03:15:41 GMT
cache-control
no-cache, no-store, must-revalidate
content-length
43
content-type
image/gif

Redirect headers

location
https://x.bidswitch.net/ul_cb/sync?dsp_id=46&user_id=k-G4NEob8QfOtBTXRHOWujBUB-mOgN0ctG7CKt3g&expires=30&user_group=5
date
Sun, 01 Aug 2021 03:15:41 GMT
cache-control
no-cache, no-store, must-revalidate
content-length
0
cookie-sync
sync.outbrain.com/ Frame D27E 		0
475 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.outbrain.com/cookie-sync?p=criteo&uid=k-tG_y_r8QfOtBTXRHOWujBUB-mOh_3vTNCpAuuQ
Requested by
Host: www.nhscovidapp.sambeatson.com
URL: https://www.nhscovidapp.sambeatson.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
64.202.112.159 , United States, ASN22075 (AS-OUTBRAIN, US),
Reverse DNS
ny.outbrain.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Sun, 01 Aug 2021 03:15:41 GMT
Cache-Control
no-cache
X-TraceId
76ca6cfdda7adbd28509029fc3e4b4b
Content-Length
0
v1
ads.yahoo.com/cms/ Frame D27E 		0
297 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ads.yahoo.com/cms/v1?esig=1~7315a025058f3128185459bfaf16e164414683fc&nwid=10000545908&sigv=1
Requested by
Host: www.nhscovidapp.sambeatson.com
URL: https://www.nhscovidapp.sambeatson.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1288:80:800::7000 Frankfurt am Main, Germany, ASN203220 (YAHOO-DEB, GB),
Reverse DNS
Software
ATS /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=15552000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 01 Aug 2021 03:15:41 GMT
cache-control
no-store
x-content-type-options
nosniff
server
ATS
strict-transport-security
max-age=15552000
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-xss-protection
1; mode=block
spp.pl
sp.analytics.yahoo.com/ Frame D27E 		43 B
962 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sp.analytics.yahoo.com/spp.pl?a=10001287818027&.yp=10028862&js=no
Requested by
Host: www.nhscovidapp.sambeatson.com
URL: https://www.nhscovidapp.sambeatson.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
212.82.100.181 Dublin, Ireland, ASN34010 (YAHOO-IRD, GB),
Reverse DNS
spdc.pbp.vip.ir2.yahoo.com
Software
ATS /
Resource Hash
0e4b1e428a2198ef747010c094101c257b568a97cdcc0f31ed5e9868cc835b39
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Sun, 01 Aug 2021 03:15:41 GMT
X-Content-Type-Options
nosniff
Age
0
Connection
keep-alive
Content-Length
43
X-XSS-Protection
1; mode=block
Pragma
no-cache
Referrer-Policy
strict-origin-when-cross-origin
Server
ATS
X-Frame-Options
DENY
Expect-CT
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
Strict-Transport-Security
max-age=31536000
Content-Type
image/gif
Cache-Control
no-cache, private, must-revalidate
Accept-Ranges
bytes
Expires
Sun, 01 Aug 2021 03:15:41 GMT
sync
ups.analytics.yahoo.com/ups/58301/ Frame D27E
Redirect Chain
  • https://ups.analytics.yahoo.com/ups/58301/sync?_origin=1&uid=k-sLwtAb8QfOtBTXRHOWujBUB-mOjr5Kzwtv3arw
  • https://ups.analytics.yahoo.com/ups/58301/sync?_origin=1&uid=k-sLwtAb8QfOtBTXRHOWujBUB-mOjr5Kzwtv3arw&verify=true
0
733 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ups.analytics.yahoo.com/ups/58301/sync?_origin=1&uid=k-sLwtAb8QfOtBTXRHOWujBUB-mOjr5Kzwtv3arw&verify=true
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
18.156.0.31 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-156-0-31.eu-central-1.compute.amazonaws.com
Software
ATS/7.1.2.128 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Sun, 01 Aug 2021 03:15:41 GMT
Server
ATS/7.1.2.128
Connection
keep-alive
Age
0
Strict-Transport-Security
max-age=31536000
P3P
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

Redirect headers

Date
Sun, 01 Aug 2021 03:15:41 GMT
Server
ATS/7.1.2.128
Age
0
Strict-Transport-Security
max-age=31536000
P3P
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Location
https://ups.analytics.yahoo.com/ups/58301/sync?_origin=1&uid=k-sLwtAb8QfOtBTXRHOWujBUB-mOjr5Kzwtv3arw&verify=true
Connection
keep-alive
Content-Length
0
m
cm.mgid.com/ Frame D27E 		43 B
851 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.mgid.com/m?cdsp=617660&c=k-qpJfVr8QfOtBTXRHOWujBUB-mOhNEormqlwHcw
Requested by
Host: www.nhscovidapp.sambeatson.com
URL: https://www.nhscovidapp.sambeatson.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.19.136.78 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 01 Aug 2021 03:15:41 GMT
cf-cache-status
DYNAMIC
x-mg-request-uuid
fdbb6a1f-b0d3-43fe-869c-80b9348b4613
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
p3p
CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
content-type
image/gif
cache-control
max-age=0, no-store, no-cache, must-revalidate
access-control-allow-credentials
true
cf-ray
677be745fd5c32b2-CDG
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
server
cloudflare
sync2.204
profile.ssp.rambler.ru/ Frame D27E 		0
169 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://profile.ssp.rambler.ru/sync2.204?pid=186&anket_id=k-qpJfVr8QfOtBTXRHOWujBUB-mOhNEormqlwHcw
Requested by
Host: www.nhscovidapp.sambeatson.com
URL: https://www.nhscovidapp.sambeatson.com/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
91.192.148.30 , Russian Federation, ASN42481 (BEGUN-AS, RU),
Reverse DNS
zvezda.ssp.rambler.ru
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=0
x-passed
2bal2
server
nginx
date
Sun, 01 Aug 2021 03:15:41 GMT
p3p
policyref="/w3c/p3p.xml", CP="NON DSP COR CUR ADM DEV PSA PSD OUR UNR BUS UNI COM NAV INT DEM STA"
cookiematch.aspx
dis.criteo.com/dis/rtb/google/ Frame D27E
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=cjp&google_sc&google_ula=913071&google_hm=ay1xcEpmVnI4UWZPdEJUWFJIT1d1akJVQi1tT2hORW9ybXFsd0hjdw
  • https://dis.criteo.com/dis/rtb/google/cookiematch.aspx?id=&google_ula=913071,0
43 B
366 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dis.criteo.com/dis/rtb/google/cookiematch.aspx?id=&google_ula=913071,0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.2.151 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 01 Aug 2021 03:15:40 GMT
server
Microsoft-IIS/10.0
p3p
CP='NON DSP COR CURa PSA PSD OUR BUS NAV STA'
x-powered-by
ASP.NET
content-type
image/gif
cache-control
no-cache
cross-origin-resource-policy
cross-origin
server-processing-duration-in-ticks
599
timing-allow-origin
*
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma
no-cache
date
Sun, 01 Aug 2021 03:15:41 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://dis.criteo.com/dis/rtb/google/cookiematch.aspx?id=&google_ula=913071,0
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
279
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
partner.mediawallahscript.com/ Frame D27E
Redirect Chain
  • https://partner.mediawallahscript.com/?account_id=1043&partner_id=1048&uid=k-qpJfVr8QfOtBTXRHOWujBUB-mOhNEormqlwHcw&custom=&tag_format=img&tag_action=sync&custom=&cb=93bb0ebf-4d62-446a-a0c3-ecf0948...
  • https://partner.mediawallahscript.com/?account_id=1043&partner_id=1048&uid=k-qpJfVr8QfOtBTXRHOWujBUB-mOhNEormqlwHcw&custom%5B0%5D=&custom%5B1%5D=&tag_format=img&tag_action=sync&cb=93bb0ebf-4d62-446...
0
638 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://partner.mediawallahscript.com/?account_id=1043&partner_id=1048&uid=k-qpJfVr8QfOtBTXRHOWujBUB-mOhNEormqlwHcw&custom%5B0%5D=&custom%5B1%5D=&tag_format=img&tag_action=sync&cb=93bb0ebf-4d62-446a-a0c3-ecf094876903&final=true&reqid=c066d700-f276-11eb-9207-f76dd474af4d&timestamp=2021-08-01T03%3A15%3A41.296Z
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.209.68.132 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-209-68-132.eu-west-1.compute.amazonaws.com
Software
nginx/1.18.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Sun, 01 Aug 2021 03:15:41 GMT
Cache-Control
private, no-cache, must-revalidate, no-store, max-age=0
Server
nginx/1.18.0
Connection
keep-alive
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Expires
Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

Date
Sun, 01 Aug 2021 03:15:41 GMT
Server
nginx/1.18.0
Vary
Accept, Accept-Encoding
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Location
/?account_id=1043&partner_id=1048&uid=k-qpJfVr8QfOtBTXRHOWujBUB-mOhNEormqlwHcw&custom%5B0%5D=&custom%5B1%5D=&tag_format=img&tag_action=sync&cb=93bb0ebf-4d62-446a-a0c3-ecf094876903&final=true&reqid=c066d700-f276-11eb-9207-f76dd474af4d&timestamp=2021-08-01T03%3A15%3A41.296Z
Cache-Control
private, no-cache, must-revalidate, no-store, max-age=0
Connection
keep-alive
Content-Type
text/plain; charset=utf-8
Content-Length
294
Expires
Sat, 26 Jul 1997 05:00:00 GMT
Criteo
crb.kargo.com/api/v1/dsync/ Frame D27E 		43 B
360 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://crb.kargo.com/api/v1/dsync/Criteo?exid=k-qpJfVr8QfOtBTXRHOWujBUB-mOhNEormqlwHcw
Requested by
Host: www.nhscovidapp.sambeatson.com
URL: https://www.nhscovidapp.sambeatson.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.120.66.60 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-120-66-60.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma
no-cache
Date
Sun, 01 Aug 2021 03:15:41 GMT
Vary
Origin
Content-Type
image/gif
Cache-Control
no-cache, no-store, must-revalidate, private, max-age=0
Connection
keep-alive
Krk-Reject-Reason
consent
Content-Length
43
X-Accel-Expires
0
Expires
Thu, 01 Jan 1970 00:00:00 UTC
bounce
secure.adnxs.com/ Frame D27E
Redirect Chain
  • https://secure.adnxs.com/setuid?entity=52&code=k-7mIo4r8QfOtBTXRHOWujBUB-mOhVLUbzOnQqfg&seg=95287
  • https://secure.adnxs.com/bounce?%2Fsetuid%3Fentity%3D52%26code%3Dk-7mIo4r8QfOtBTXRHOWujBUB-mOhVLUbzOnQqfg%26seg%3D95287
43 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://secure.adnxs.com/bounce?%2Fsetuid%3Fentity%3D52%26code%3Dk-7mIo4r8QfOtBTXRHOWujBUB-mOhVLUbzOnQqfg%26seg%3D95287
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
37.252.172.45 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
693.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
Software
nginx/1.17.9 /
Resource Hash
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma
no-cache
Date
Sun, 01 Aug 2021 03:15:41 GMT
X-Proxy-Origin
82.102.18.114; 82.102.18.114; 693.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid
4660960b-5f0b-4aa6-9306-f3fba6d49b89
Server
nginx/1.17.9
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
*
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Sun, 01 Aug 2021 03:15:41 GMT
X-Proxy-Origin
82.102.18.114; 82.102.18.114; 693.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid
bbfa83a3-fa98-46c5-adc4-4cf432c84c4f
Server
nginx/1.17.9
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://secure.adnxs.com/bounce?%2Fsetuid%3Fentity%3D52%26code%3Dk-7mIo4r8QfOtBTXRHOWujBUB-mOhVLUbzOnQqfg%26seg%3D95287
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
cookiematch.aspx
dis.criteo.com/dis/rtb/cdb/ Frame D27E
Redirect Chain
  • https://gum.criteo.com/sync?c=383&r=1&a=1&u=https%3A%2F%2Fd.turn.com%2Fr%2Fdd%2Fid%2FL2NzaWQvMS9jaWQvMTc0ODc0NDU2Ni90LzI%2Fdpuid%2F%40USERID%40%2Furl%2Fhttps%253A%252F%252Fdis.criteo.com%252Fdis%25...
  • https://d.turn.com/r/dd/id/L2NzaWQvMS9jaWQvMTc0ODc0NDU2Ni90LzI/dpuid/la6KbdW2XzElRAQx4Uq7j0UAzsDkEpjw/url/https%3A%2F%2Fdis.criteo.com%2Fdis%2Frtb%2Fcdb%2Fcookiematch.aspx%3F%26extid%3D%24!%7BTURN_...
  • https://dis.criteo.com/dis/rtb/cdb/cookiematch.aspx?&extid=3886769485818945800
43 B
367 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dis.criteo.com/dis/rtb/cdb/cookiematch.aspx?&extid=3886769485818945800
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.2.151 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 01 Aug 2021 03:15:41 GMT
server
Microsoft-IIS/10.0
p3p
CP='NON DSP COR CURa PSA PSD OUR BUS NAV STA'
x-powered-by
ASP.NET
content-type
image/gif
cache-control
no-cache
cross-origin-resource-policy
cross-origin
server-processing-duration-in-ticks
4550
timing-allow-origin
*
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

location
https://dis.criteo.com/dis/rtb/cdb/cookiematch.aspx?&extid=3886769485818945800
pragma
no-cache
date
Sun, 01 Aug 2021 03:15:41 GMT
cache-control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length
0
p3p
policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
xuid
eb2.3lift.com/ Frame D27E
Redirect Chain
  • https://eb2.3lift.com/xuid?mid=2711&xuid=k-bIathr8QfOtBTXRHOWujBUB-mOg9wtoCxQYGyQ&dongle=013b
  • https://eb2.3lift.com/xuid?ld=1&mid=2711&xuid=k-bIathr8QfOtBTXRHOWujBUB-mOg9wtoCxQYGyQ&dongle=013b&gdpr=1&cmp_cs=&us_privacy=
37 B
352 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://eb2.3lift.com/xuid?ld=1&mid=2711&xuid=k-bIathr8QfOtBTXRHOWujBUB-mOg9wtoCxQYGyQ&dongle=013b&gdpr=1&cmp_cs=&us_privacy=
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
76.223.111.18 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 01 Aug 2021 03:15:41 GMT
cache-control
no-cache, no-store, must-revalidate
content-type
image/gif
content-length
37
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

location
/xuid?ld=1&mid=2711&xuid=k-bIathr8QfOtBTXRHOWujBUB-mOg9wtoCxQYGyQ&dongle=013b&gdpr=1&cmp_cs=&us_privacy=
date
Sun, 01 Aug 2021 03:15:41 GMT
cache-control
no-cache, no-store, must-revalidate
content-length
0
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
Pug
simage2.pubmatic.com/AdServer/ Frame D27E 		42 B
541 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCookie=uid:k-k7Nzlr8QfOtBTXRHOWujBUB-mOgE54EvYOZmXQ
Requested by
Host: www.nhscovidapp.sambeatson.com
URL: https://www.nhscovidapp.sambeatson.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 01 Aug 2021 03:15:40 GMT
cache-control
no-store, no-cache, private
x-lat
amspug018:0:289
server
nginx
content-type
image/gif; charset=utf-8
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
t.gif
cw.addthis.com/ Frame D27E 		0
426 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cw.addthis.com/t.gif?pid=113&pdid=k-v57pl78QfOtBTXRHOWujBUB-mOg0YhO6H5CSLA
Requested by
Host: www.nhscovidapp.sambeatson.com
URL: https://www.nhscovidapp.sambeatson.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.75.88.126 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-75-88-126.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 01 Aug 2021 03:15:41 GMT
cache-control
max-age=0, no-cache, no-store
expires
Sun, 01 Aug 2021 03:15:41 GMT
tap.php
pixel.rubiconproject.com/ Frame D27E 		0
239 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.rubiconproject.com/tap.php?v=6434&nid=2149&put=k-v57pl78QfOtBTXRHOWujBUB-mOg0YhO6H5CSLA&expires=30
Requested by
Host: www.nhscovidapp.sambeatson.com
URL: https://www.nhscovidapp.sambeatson.com/
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_128_GCM
Server
69.173.144.138 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost
611afce88997db6fdd35eb213e662871
Content-Type
image/gif
um
criteo-sync.teads.tv/ Frame D27E 		23 B
172 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://criteo-sync.teads.tv/um?eid=80&uid=k-KVr7tr8QfOtBTXRHOWujBUB-mOh11BhnzaiKIQ
Requested by
Host: www.nhscovidapp.sambeatson.com
URL: https://www.nhscovidapp.sambeatson.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.111.242.245 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-242-245.deploy.static.akamaitechnologies.com
Software
akka-http/10.2.3 /
Resource Hash
328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 01 Aug 2021 03:15:41 GMT
cache-control
max-age=0, no-cache, no-store
expires
Sun, 01 Aug 2021 03:15:41 GMT
server
akka-http/10.2.3
content-length
23
content-type
image/gif
pixel_sync
trends.revcontent.com/cm/ Frame D27E 		35 B
337 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://trends.revcontent.com/cm/pixel_sync?bidder=151&bidder_uid=k-3-jxq78QfOtBTXRHOWujBUB-mOgXSblvwcaazQ
Requested by
Host: www.nhscovidapp.sambeatson.com
URL: https://www.nhscovidapp.sambeatson.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.249.191.197 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/ Express
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 01 Aug 2021 03:15:41 GMT
x-powered-by
Express
content-length
35
content-type
image/gif
rum
r.casalemedia.com/ Frame D27E
Redirect Chain
  • https://r.casalemedia.com/rum?cm_dsp_id=20&external_user_id=k-rGTI9b8QfOtBTXRHOWujBUB-mOibDBSEIhFpAg
  • https://r.casalemedia.com/rum?cm_dsp_id=20&external_user_id=k-rGTI9b8QfOtBTXRHOWujBUB-mOibDBSEIhFpAg&C=1
43 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://r.casalemedia.com/rum?cm_dsp_id=20&external_user_id=k-rGTI9b8QfOtBTXRHOWujBUB-mOibDBSEIhFpAg&C=1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-234-21.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma
no-cache
Date
Sun, 01 Aug 2021 03:15:41 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Sun, 01 Aug 2021 03:15:41 GMT

Redirect headers

Pragma
no-cache
Date
Sun, 01 Aug 2021 03:15:41 GMT
Server
Apache
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location
https://r.casalemedia.com/rum?cm_dsp_id=20&external_user_id=k-rGTI9b8QfOtBTXRHOWujBUB-mOibDBSEIhFpAg&C=1
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
text/html; charset=iso-8859-1
Content-Length
296
Expires
Sun, 01 Aug 2021 03:15:41 GMT
cksync.php
contextual.media.net/ Frame D27E 		46 B
866 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://contextual.media.net/cksync.php?cs=3&type=crt&ovsid=k-H4cxa78QfOtBTXRHOWujBUB-mOjfRSPrbc3glg
Requested by
Host: www.nhscovidapp.sambeatson.com
URL: https://www.nhscovidapp.sambeatson.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-235-93.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
579a172ca2c700734ebcfa06d105a134f31ec2357660e58e0874cfdee8472fd4
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=604800
server
Apache
date
Sun, 01 Aug 2021 03:15:41 GMT
p3p
CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA, CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA, CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
cache-control
max-age=0, no-cache, no-store
content-type
image/gif
content-length
46
x-mnet-hl2
E
expires
Sun, 01 Aug 2021 03:15:41 GMT
28292
i6.liadm.com/s/ Frame D27E
Redirect Chain
  • https://i.liadm.com/s/28292?bidder_id=71340&bidder_uuid=k-1FOU4r8QfOtBTXRHOWujBUB-mOgjK0F5o8x0jg
  • https://i.liadm.com/s/28292?bidder_id=71340&bidder_uuid=k-1FOU4r8QfOtBTXRHOWujBUB-mOgjK0F5o8x0jg&_li_chk=true&previous_uuid=3eef57af7e7f48e6aeb07d342975e3cc
  • https://i6.liadm.com/s/28292?bidder_id=71340&bidder_uuid=k-1FOU4r8QfOtBTXRHOWujBUB-mOgjK0F5o8x0jg
43 B
447 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i6.liadm.com/s/28292?bidder_id=71340&bidder_uuid=k-1FOU4r8QfOtBTXRHOWujBUB-mOgjK0F5o8x0jg
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f18:444a:4602:4614:a08b:388f:2234 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
/
Resource Hash
caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Sun, 01 Aug 2021 03:15:42 GMT
Cache-Control
no-store
Connection
keep-alive
trace-id
847f8ce762f561a5
Content-Length
43
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Type
image/gif

Redirect headers

Location
https://i6.liadm.com/s/28292?bidder_id=71340&bidder_uuid=k-1FOU4r8QfOtBTXRHOWujBUB-mOgjK0F5o8x0jg
Date
Sun, 01 Aug 2021 03:15:41 GMT
Connection
keep-alive
trace-id
ca74635868c26049
Content-Length
0
Strict-Transport-Security
max-age=31536000; includeSubDomains
/
sync-t1.taboola.com/sg/criteortb-network/1/rtb-h/ Frame D27E 		0
255 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync-t1.taboola.com/sg/criteortb-network/1/rtb-h/?taboola_hm=k-5mrOA78QfOtBTXRHOWujBUB-mOiNvipLc_jOPg
Requested by
Host: www.nhscovidapp.sambeatson.com
URL: https://www.nhscovidapp.sambeatson.com/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

tbl-x-upstream
10.40.0.134:10213
date
Sun, 01 Aug 2021 03:15:41 GMT
access-control-allow-credentials
true
server
nginx
x-fastly-to-nlb-rtt
9266
v1
match.sharethrough.com/sync/ Frame D27E 		68 B
263 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.sharethrough.com/sync/v1?source_id=7658cb1d77a660882b48db06&source_user_id=k-cxFpcL8QfOtBTXRHOWujBUB-mOhQjzrjWFnKKw
Requested by
Host: www.nhscovidapp.sambeatson.com
URL: https://www.nhscovidapp.sambeatson.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.125.134.133 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
6019c3c9e47dc991f8d9937deafbb0740c2e61e321324798cb508773b0814824

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 01 Aug 2021 03:15:41 GMT
content-length
68
content-type
image/png
match
ad.360yield.com/ul_cb/ Frame D27E
Redirect Chain
  • https://ad.360yield.com/match?publisher_dsp_id=38&external_user_id=k-vj0S_78QfOtBTXRHOWujBUB-mOjXFOrPy24g4g
  • https://ad.360yield.com/ul_cb/match?publisher_dsp_id=38&external_user_id=k-vj0S_78QfOtBTXRHOWujBUB-mOjXFOrPy24g4g
43 B
445 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ad.360yield.com/ul_cb/match?publisher_dsp_id=38&external_user_id=k-vj0S_78QfOtBTXRHOWujBUB-mOjXFOrPy24g4g
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.93.66.232 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin
*
date
Sun, 01 Aug 2021 03:15:41 GMT
content-type
image/gif
content-length
43
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

Redirect headers

location
https://ad.360yield.com/ul_cb/match?publisher_dsp_id=38&external_user_id=k-vj0S_78QfOtBTXRHOWujBUB-mOjXFOrPy24g4g
date
Sun, 01 Aug 2021 03:15:41 GMT
content-type
text/plain
content-length
0
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
/
rtb-csync.smartadserver.com/redir/ Frame D27E 		43 B
163 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb-csync.smartadserver.com/redir/?partnerid=79&partneruserid=k-wL1sLb8QfOtBTXRHOWujBUB-mOjajUl-zlXs4g
Requested by
Host: www.nhscovidapp.sambeatson.com
URL: https://www.nhscovidapp.sambeatson.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
185.86.139.115 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software
/
Resource Hash
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 01 Aug 2021 03:15:41 GMT
transfer-encoding
chunked
content-type
image/gif
1017
jadserve.postrelease.com/suid/ Frame D27E 		43 B
427 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://jadserve.postrelease.com/suid/1017?vk=k-TfNYyr8QfOtBTXRHOWujBUB-mOjQFDijc2Gghw
Requested by
Host: www.nhscovidapp.sambeatson.com
URL: https://www.nhscovidapp.sambeatson.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.223.233.80 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
nginx/1.12.1 /
Resource Hash
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 01 Aug 2021 03:15:41 GMT
server
nginx/1.12.1
p3p
CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-type
image/gif
content-length
43
expires
Mon, 1 Jan 1990 12:00:00 GMT
/
s.ad.smaato.net/c/ Frame D27E 		0
236 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.ad.smaato.net/c/?dspInit=1001851&dspCookie=k-IxQ-5L8QfOtBTXRHOWujBUB-mOhk_DrkAHqlzQ
Requested by
Host: www.nhscovidapp.sambeatson.com
URL: https://www.nhscovidapp.sambeatson.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.96.81 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-96-81.zrh50.r.cloudfront.net
Software
CloudFront /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 01 Aug 2021 03:15:41 GMT
via
1.1 a2037d86ccb1a548f20827ebd95a65f3.cloudfront.net (CloudFront)
server
CloudFront
cache-control
no-cache, must-revalidate
x-amz-cf-pop
ZRH50-C1
x-amz-cf-id
33lL3CuXKyDunEbfSTRvrIgI2CC_Kp8uwPp066vkfHp_tPBnDA2Lfw==
x-cache
Miss from cloudfront
sodar
pagead2.googlesyndication.com/getconfig/ 		11 KB
8 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20210728&st=env
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202107290101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-2300775173595760&plah=www.nhscovidapp.sambeatson.com&amaexp=1
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a1a279a3063dffb699e6790fbb9135f442a90ef1a7d849af70c51b583ce70bd5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.nhscovidapp.sambeatson.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin
*
date
Sun, 01 Aug 2021 03:15:41 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/json; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
8360
x-xss-protection
0
matomo.php
matomo.groovetech.io/ Frame 61FE 		43 B
217 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://matomo.groovetech.io/matomo.php?action_name=GrooveFunnels&idsite=3&rec=1&r=023900&h=5&m=15&s=41&url=https%3A%2F%2Fapp.groove.cm%2Fgroovemail%2Fform%2Fview%2FNWY2ZjM4YzI2YmU2ZDA2MDBmNWEyMWMy&urlref=https%3A%2F%2Fwww.nhscovidapp.sambeatson.com%2F&_id=014383f3728df0e2&_idts=1627787741&_idvc=1&_idn=1&_refts=1627787741&_viewts=1627787741&_ref=https%3A%2F%2Fwww.nhscovidapp.sambeatson.com%2F&send_image=1&cookie=1&res=1600x1200&gt_ms=184&pv_id=qoplMD
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
51.161.92.183 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS
ip183.ip-51-161-92.net
Software
nginx/1.19.2 / PHP/7.4.16
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Referer
https://app.groove.cm/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 01 Aug 2021 03:15:41 GMT
cache-control
no-store
server
nginx/1.19.2
x-powered-by
PHP/7.4.16
content-length
43
content-type
image/gif
sodar2.js
tpc.googlesyndication.com/sodar/ 		17 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202107290101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-2300775173595760&plah=www.nhscovidapp.sambeatson.com&amaexp=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.nhscovidapp.sambeatson.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 01 Aug 2021 03:15:41 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1624308425655142"
vary
Accept-Encoding
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6467
x-xss-protection
0
expires
Sun, 01 Aug 2021 03:15:41 GMT
pc
175592.tracking.hyros.com/v1/lst/ Frame 61FE 		0
456 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://175592.tracking.hyros.com/v1/lst/pc?prev_url=https%3A%2F%2Fwww.nhscovidapp.sambeatson.com%2F&ref_url=https%3A%2F%2Fapp.groove.cm%2Fgroovemail%2Fform%2Fview%2FNWY2ZjM4YzI2YmU2ZDA2MDBmNWEyMWMy&u_agent=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F89.0.4389.72+Safari%2F537.36
Requested by
Host: 175592.tracking.hyros.com
URL: https://175592.tracking.hyros.com/v1/lst/universal-script?ph=8d32ccb64bc3b013ad08e3b3db8b5c12f7094658f7a1802e1282fdafe6b1af24&tag=!tracking
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.55.4.239 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-55-4-239.compute-1.amazonaws.com
Software
Jetty(9.4.41.v20210516) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Access-Control-Allow-Origin
*
Referer
https://app.groove.cm/
Session-ID
HB-ET_9d61a8960a504a3be3baffa60914a61b4829b092eebea9be86417ba1577be998
Product-ID
175592
Access-Control-Allow-Headers
*
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-type
application/json; charset=utf-8

Response headers

date
Sun, 01 Aug 2021 03:15:41 GMT
session-id
HB-ET_9d61a8960a504a3be3baffa60914a61b4829b092eebea9be86417ba1577be998
etag
HB-ET_9d61a8960a504a3be3baffa60914a61b4829b092eebea9be86417ba1577be998
access-control-max-age
86400
access-control-allow-methods
GET, PUT, POST, OPTIONS, DELETE
access-control-allow-origin
https://app.groove.cm
access-control-expose-headers
Session-ID
access-control-allow-credentials
true
content-length
0
server
Jetty(9.4.41.v20210516)
runner.html
tpc.googlesyndication.com/sodar/sodar2/224/ Frame 8A81 		12 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
tpc.googlesyndication.com
:scheme
https
:path
/sodar/sodar2/224/runner.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://www.nhscovidapp.sambeatson.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://www.nhscovidapp.sambeatson.com/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html
cross-origin-resource-policy
cross-origin
content-length
5029
date
Sun, 01 Aug 2021 01:09:07 GMT
expires
Mon, 01 Aug 2022 01:09:07 GMT
last-modified
Wed, 02 Jun 2021 17:09:45 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
cache-control
public, max-age=31536000
age
7594
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
aframe
www.google.com/recaptcha/api2/ Frame AEDC 		783 B
533 B 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/aframe
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
5be7265e4023fc44d6eb8fc64d5b4bd24783b9949a1f96001968fc6010d52145
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-fV3Yx4OLUB/Zf4g4v3JPpA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
www.google.com
:scheme
https
:path
/recaptcha/api2/aframe
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://www.nhscovidapp.sambeatson.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://www.nhscovidapp.sambeatson.com/

Response headers

expires
Sun, 01 Aug 2021 03:15:41 GMT
date
Sun, 01 Aug 2021 03:15:41 GMT
cache-control
private, max-age=300
content-type
text/html; charset=utf-8
content-security-policy
script-src 'report-sample' 'nonce-fV3Yx4OLUB/Zf4g4v3JPpA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding
gzip
x-content-type-options
nosniff
x-xss-protection
1; mode=block
content-length
514
server
GSE
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
pc
175592.tracking.hyros.com/v1/lst/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://175592.tracking.hyros.com/v1/lst/pc?prev_url=https%3A%2F%2Fwww.nhscovidapp.sambeatson.com%2F&ref_url=https%3A%2F%2Fapp.groove.cm%2Fgroovemail%2Fform%2Fview%2FNWY2ZjM4YzI2YmU2ZDA2MDBmNWEyMWMy&u_agent=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F89.0.4389.72+Safari%2F537.36
Protocol
H2
Server
52.55.4.239 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-55-4-239.compute-1.amazonaws.com
Software
Jetty(9.4.41.v20210516) /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Method
GET
Access-Control-Request-Headers
access-control-allow-headers,access-control-allow-origin,content-type,product-id,session-id
Origin
https://app.groove.cm
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

date
Sun, 01 Aug 2021 03:15:41 GMT
content-type
application/vnd.sun.wadl+xml;charset=utf-8
content-length
2148
access-control-allow-origin
https://app.groove.cm
access-control-allow-methods
GET, PUT, POST, OPTIONS, DELETE
access-control-allow-headers
access-control-allow-headers,access-control-allow-origin,content-type,product-id,session-id
access-control-expose-headers
Session-ID
access-control-max-age
86400
access-control-allow-credentials
true
allow
HEAD,GET,OPTIONS
last-modified
Sun, 01 Aug 2021 03:15:41 UTC
server
Jetty(9.4.41.v20210516)
cookiematch.aspx
dis.criteo.com/dis/rtb/appnexus/ Frame D27E
Redirect Chain
  • https://secure.adnxs.com/seg?add=95287&redir=https%3A%2F%2Fsecure.adnxs.com%2Fgetuid%3Fhttps%3A%2F%2Fdis.criteo.com%2Fdis%2Frtb%2Fappnexus%2Fcookiematch.aspx%3Fappnxsid%3D%24UID
  • https://secure.adnxs.com/getuid?https://dis.criteo.com/dis/rtb/appnexus/cookiematch.aspx?appnxsid=$UID
  • https://dis.criteo.com/dis/rtb/appnexus/cookiematch.aspx?appnxsid=7938167925531604470
43 B
367 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dis.criteo.com/dis/rtb/appnexus/cookiematch.aspx?appnxsid=7938167925531604470
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.2.151 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 01 Aug 2021 03:15:41 GMT
server
Microsoft-IIS/10.0
p3p
CP='NON DSP COR CURa PSA PSD OUR BUS NAV STA'
x-powered-by
ASP.NET
content-type
image/gif
cache-control
no-cache
cross-origin-resource-policy
cross-origin
server-processing-duration-in-ticks
5773
timing-allow-origin
*
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Sun, 01 Aug 2021 03:15:41 GMT
X-Proxy-Origin
82.102.18.114; 82.102.18.114; 693.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid
4f6e7a0d-384c-4b6c-9ff1-3d1c2617f8e7
Server
nginx/1.17.9
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://dis.criteo.com/dis/rtb/appnexus/cookiematch.aspx?appnxsid=7938167925531604470
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
sync
x.bidswitch.net/ Frame D27E 		43 B
145 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://x.bidswitch.net/sync?dsp_id=46&user_id=k-7mIo4r8QfOtBTXRHOWujBUB-mOhVLUbzOnQqfg&expires=30&user_group=5
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.59.115.28 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-59-115-28.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 01 Aug 2021 03:15:41 GMT
cache-control
no-cache, no-store, must-revalidate
content-length
43
content-type
image/gif
5DoHiAB8gciOXy4tN-30Samgrf9Qq3bIy1sciudvWGA.js
pagead2.googlesyndication.com/bg/ Frame 8A81 		35 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/5DoHiAB8gciOXy4tN-30Samgrf9Qq3bIy1sciudvWGA.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e43a0788007c81c88e5f2e2d37edf449a9a0adff50ab76c8cb5b1c8ae76f5860
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 30 Jul 2021 13:50:58 GMT
content-encoding
br
x-content-type-options
nosniff
age
134683
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13434
x-xss-protection
0
last-modified
Mon, 26 Jul 2021 08:58:00 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Sat, 30 Jul 2022 13:50:58 GMT
397596.gif
idsync.rlcdn.com/ Frame D27E
Redirect Chain
  • https://gum.criteo.com/sync?c=6&r=1&a=1&u=https%3A%2F%2Fidsync.rlcdn.com%2F397596.gif%3Fpartner_uid%3D%40USERID%40
  • https://idsync.rlcdn.com/397596.gif?partner_uid=UcmTTUvOJUFNp98KQHC5cQTYKq7-qgQ1
42 B
416 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://idsync.rlcdn.com/397596.gif?partner_uid=UcmTTUvOJUFNp98KQHC5cQTYKq7-qgQ1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.174.68 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin
*
date
Sun, 01 Aug 2021 03:15:41 GMT
via
1.1 google
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
cache-control
no-cache, no-store
content-type
image/gif
alt-svc
clear
content-length
42

Redirect headers

location
https://idsync.rlcdn.com/397596.gif?partner_uid=UcmTTUvOJUFNp98KQHC5cQTYKq7-qgQ1
strict-transport-security
max-age=31536000
cache-control
private, max-age=0, no-cache, no-store, must-revalidate
server-processing-duration-in-ticks
2866
date
Sun, 01 Aug 2021 03:15:41 GMT
content-length
197
content-type
text/html; charset=utf-8
gen_204
pagead2.googlesyndication.com/pagead/ 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=224&t=2&li=gda_r20210728&jk=3563695007242933&bg=!8vGl8bXNAAals0SOpbM7ACkAdvg8WkFYEOFFwiiHG8HwHciiVqyEfwy1VWjv16hyXzjAb6SAFNBWRQIAAABBUgAAAAtoAQcKAO8es23lpu6RLg5T-RXitSHd1ojf6jHDM7WMsrIk4lk18mrTntGA3nC9rqleYh4rGg5zjuimLuGgDC-pJ3XvPXY7gofNwzvWj9O2UXEkdpQjAouiy-MAf7R9Ag-6lCYQGeqxbYJSPzFROWXXGb3Y21L3KQYxpxWir_HorU8ZfNAVOlJdScjPdYOp_hmNpKTf48kRj9-ayo9DMzJYL3FooD9fhnbpq6mU5gbbihsn2PzzxDe-QmNGvZbY071Odjr3lpiLaaep8n7ZqyQ0ftSMDF5CGPCqsYzfL9acRaopMHHeFFBjfrGDh4uJOtT3yKWkkJkCkttitTiS0lJMbltouTc-s2aNaamK4LFMXW1XieuAMlFxX8-BRSn7mNvZGBbzgAmaxvv0_LTI7RiJrg-1jJm8VuVCuz43D865f4tn74CTXJeaTY_iUSIs3jdcudthjYgnYoSj2Bt60_YBRuw_UQCjiv984K1NCAN7r1Uxh6ZcJQ55wBgVUAwKylq16j7as5vPS4sjR8Jv2C4fvWuQMsQK7Zdi3mVQh-DqGNqDmOTwnxjUoe9KolOQNgANF_YO0sDQUnqvHKSuVaE6mPJUQOS570UAlYlu_51TCw3m1yUko7VMUJ9MJWRgmY-KLq_Q7tBM4wesymGAFZ9-5PtEEbJTskcJGie9wXmh0WmVE3cH2hj8YHPQRruOz06-KcN8ja8nuAdE_i7ayqK-6BNcGHoPMwBd0Pf21ux--F6boUj0iCwmUfOgWU6DKhTAi-xzbPtrEQuGEYqJQDKuEsy2ksJWMnazmh-04TNCVs2UhZ3glfLGSIFZud_xGSrV1h7sEbXSQNRMlc-qyhC48lkz4DQ0UoBXjbRzp_AYQ5H6srkD_HBa4ogG4q7DBjmisVYq-4ByZOqoaHxXyKtUInJxVEgv6YT9CPIu7SQiOd-F6PbYSwLhzpnTJwa5csMXsHgNVy19rjZzio-md-7qrOCU7D1Mx4b0AC1shDvhS9MCy8PovecxmOAZPfB9xfYebUlJ5vXndfR0b15dTq9JA_thOirtKWFEnIILg2il2RexI6UimiSS3XsgSOr78ySAlcHPtMY_TdMbPx9cUz6kF9G_8i7Gvjlj2mS06op0FeJrZbicfsD15rhLMfKyOWuVqXGJsLL0IbmL8bo0fAsXM1LcjEGKgvEIzsjf-82PeRecIo7ewf5PEEw
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.nhscovidapp.sambeatson.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 01 Aug 2021 03:15:41 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

96 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| onbeforexrselect object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker boolean| originAgentCluster object| trustedTypes boolean| crossOriginIsolated object| a2a_config object| a2a function| a2a_show_dropdown function| a2a_miniLeaveDelay function| a2a_init string| min_a2a string| min_1 string| min_2 string| min_3 string| min_4 string| min_5 string| min_6 string| min_7 string| min_8 string| min_9 string| min_10 string| min_11 number| a2apage_init object| icons string| svg_tag_open string| svg_tag_close string| svg_src string| svg_src_default function| setImmediate function| clearImmediate object| regeneratorRuntime function| iFrameResize object| FontAwesomeConfig object| ___FONT_AWESOME___ object| __gcse undefined| color object| google_js_reporting_queue number| google_srt object| google_logging_queue object| google_ad_modifications object| ggeac boolean| google_measure_js_timing object| google_reactive_ads_global_state object| adsbygoogle boolean| _gfp_a_ object| google_sa_queue object| google_sl_win function| google_process_slots object| google_persistent_state_async function| google_spfd number| google_unique_id object| google_sv_map string| google_user_agent_client_hint object| module$exports$cse$search object| module$exports$cse$CustomImageSearch object| module$exports$cse$CustomWebSearch object| google object| module$exports$cse$searchcontrol object| module$exports$cse$customsearchcontrol object| closure_lm_644423 function| _googCsa number| nextSearchboxId function| Goog_AdSense_getAdAdapterInstance function| Goog_AdSense_OsdAdapter function| google_sa_impl object| __google_ad_urls number| google_global_correlator number| __google_ad_urls_id object| googleToken object| googleIMState boolean| _gfp_p_ function| processGoogleToken object| google_prev_clients object| gaGlobal object| google_jobrunner object| ampInaboxIframes object| ampInaboxPendingMessages boolean| google_osd_loaded boolean| google_onload_fired number| googleNDT_ number| googleAltLoader function| Goog_Osd_UnloadAdBlock function| Goog_Osd_UpdateElementToMeasure function| google_osd_amcb object| GoogleGcLKhOms object| google_image_requests

3 Cookies

Domain/Path Name / Value
.criteo.com/ Name: uid
Value: 3357e4d6-f3e5-4367-bda4-b67abf7764c1
.doubleclick.net/ Name: IDE
Value: AHWqTUnF5maYxqDjiV8186UMCzwnGKeBAsSNVhm6OEB591wW9rN-etFsqTm-wodW
.sambeatson.com/ Name: __gads
Value: ID=ac03a8273f15b835-2238e0ae90c80032:T=1627787739:RT=1627787739:S=ALNI_MZh_KQUyoYZyfC2oPySgSZCdcyiPw

2 Console Messages

Source Level URL
Text
console-api log URL: https://175592.tracking.hyros.com/v1/lst/universal-script?ph=8d32ccb64bc3b013ad08e3b3db8b5c12f7094658f7a1802e1282fdafe6b1af24&tag=!tracking(Line 1)
Message:
%c [UTS] [gusid]: HB-ET_9d61a8960a504a3be3baffa60914a61b4829b092eebea9be86417ba1577be998 color: green;
console-api log URL: https://175592.tracking.hyros.com/v1/lst/universal-script?ph=8d32ccb64bc3b013ad08e3b3db8b5c12f7094658f7a1802e1282fdafe6b1af24&tag=!tracking(Line 1)
Message:
%c [UTS] [pc] color: green;

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

175592.tracking.hyros.com
ad.360yield.com
ads.yahoo.com
adservice.google.com
adservice.google.de
app.groove.cm
app.groovefunnels.com
bat.bing.com
cdn.heapanalytics.com
cdnjs.cloudflare.com
clients1.google.com
cm.g.doubleclick.net
cm.mgid.com
contextual.media.net
crb.kargo.com
criteo-sync.teads.tv
cse.google.com
cw.addthis.com
d.turn.com
dis.criteo.com
eb2.3lift.com
fonts.googleapis.com
googleads.g.doubleclick.net
gum.criteo.com
heapanalytics.com
i.liadm.com
i6.liadm.com
idsync.rlcdn.com
jadserve.postrelease.com
match.sharethrough.com
matomo.groovetech.io
mug.criteo.com
pagead2.googlesyndication.com
partner.googleadservices.com
partner.mediawallahscript.com
pixel.rubiconproject.com
profile.ssp.rambler.ru
r.casalemedia.com
rtb-csync.smartadserver.com
s.ad.smaato.net
s.yimg.com
secure.adnxs.com
simage2.pubmatic.com
sp.analytics.yahoo.com
sslwidget.criteo.com
stackpath.bootstrapcdn.com
static.addtoany.com
static.criteo.net
sync-t1.taboola.com
sync.outbrain.com
tpc.googlesyndication.com
trends.revcontent.com
ups.analytics.yahoo.com
widget.us.criteo.com
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.googletagservices.com
www.nhscovidapp.sambeatson.com
x.bidswitch.net
104.111.242.245
104.19.136.78
104.75.88.126
13.224.96.42
13.224.96.81
141.226.228.48
142.250.184.194
142.250.184.226
149.255.58.47
178.250.0.163
178.250.2.146
178.250.2.151
18.156.0.31
185.64.189.110
185.86.139.115
2.18.234.21
2.18.235.93
2001:678:cb4:bbbb::13
212.82.100.181
216.58.212.162
2600:1f18:444a:4602:4614:a08b:388f:2234
2606:4700:10::6816:47c5
2606:4700:3033::ac43:8b0d
2606:4700:3037::ac43:875e
2606:4700::6810:135e
2606:4700::6812:acf
2620:1ec:c11::200
2a00:1288:80:800::7000
2a00:1450:4001:801::2001
2a00:1450:4001:809::2002
2a00:1450:4001:80e::2002
2a00:1450:4001:80f::2003
2a00:1450:4001:80f::200e
2a00:1450:4001:812::2002
2a00:1450:4001:828::2004
2a00:1450:4001:828::200e
2a00:1450:4001:82a::2002
2a00:1450:4001:82b::2008
2a00:1450:4001:82f::2002
2a00:1450:4001:830::200e
2a00:1450:4001:831::200a
2a02:2638:1::13
2a02:2638::3
3.120.66.60
3.125.134.133
3.223.233.80
34.249.191.197
35.244.174.68
37.252.172.45
51.161.92.183
52.201.89.61
52.209.68.132
52.55.4.239
52.59.115.28
54.237.38.76
54.93.66.232
64.202.112.159
69.173.144.138
74.119.119.150
76.223.111.18
91.192.148.30
00daef3b4a945d15f73efa05e0ce2ca51f2f8252e1da8fae5c2efb0f6dddacce
0e4b1e428a2198ef747010c094101c257b568a97cdcc0f31ed5e9868cc835b39
163ad32a13401b1f5387b23c7d749fccac8da49e9914584fe3aca42884532c09
17185a0b1982c1bde62cdb39adc50121f7313c2011ef45bbb26ef50b8c76843b
1c70bcd7e90aeebef39b97060c4f307c8b31fe63c2f7b5ff01af68cbc209ece3
1e85ec81b9800b4c443d39caca0d0926089a3ac201120db1ceb45b93789480b8
1f585fc95fc2a2e4c04a758967589277652849c9ce47b021e7666152c5895bb3
2cebf37203bb8ffa6e9565037bf0339303b94d95e6730a8d97f8a4af7206a336
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7
329d1a750114920332eadc55c129957d9dbe5a1b25745e2f7e0ed4fad75e04cd
331b2b1241f1f2a53744bdca867c5b76954d9431970e91f490f64c707fc24a16
371f0ceab6655c8448f64525b1d11186cb67ca91398655ddf145c93d77964f91
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
4b3976390333f9b70fa9c60dee45d260bd17e0a71297323a86a1a9735c249202
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4c1355d27b14881a055e00a4a2afa4608b452c9780ac5c61e1b8f9fd55fa3e1e
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4f04b92c9b78db3b85cc0e0ba8a9df33317a5969fc40f0853d24e5f2968cde46
4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
578a23171786489c8780c44f85401d28fa16baf31b35aa4f0089b3bd349763c4
579a172ca2c700734ebcfa06d105a134f31ec2357660e58e0874cfdee8472fd4
5b68fbca96c94ece5ff9310e37f8cc8fa6ee5b24f783e5fd5d37e0a51b152f4d
5be7265e4023fc44d6eb8fc64d5b4bd24783b9949a1f96001968fc6010d52145
5c1282fb121104f5a505ecbfd7194e64c98db6b830684450dcfc478021d05257
5d1310353e02e0a006b79b7d607131cb6d9411543a8957b772f565816fdf3ce4
6019c3c9e47dc991f8d9937deafbb0740c2e61e321324798cb508773b0814824
6150a301980f49d0670352323ea81041c35c2e8ea56ce05c7c02923390287704
64e5c6b0fa34e8e382e96de9fb2c15e7942fe80b64d5875bb65e097c76da3fc9
68fed142b211b51c4d2e9b610dd4d09bc4812739b5beaa63535d88e38e90a946
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6b79dedcd9e48e0977603301bb9dd2809400389cc0978578e6001c91dfaec993
7471e4f5404f2616537ba184499301a88908e8761deefc9af33126ea611a2657
76c79d3af714cd2570cdee0ff55daf2022f51477a4b5a89de470068280f8ddb1
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
8069956acb4c566506ff71f7a23c8e23f75ce9443384fe3393ed5c846924026e
897a12cd42d10e175dc370d84d4cb55381e75e6aeaed9b3c53d0f131b85afb66
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7
92704f0026adca12f0fd6fca2cfcf6849d465c18126b13527cab79d4a668c9a2
935d06703db98502a4d15072006fb758e82b55ed80551cc9c833870ee6769a24
94fc1b6f57eaec5b66d02212a4a8c63fb22b3b46c2643d76c1b39edeea337b71
9744d1564c18e14faf2a00cb6be828062997c339e80bf5ea50bf6417a0fb7f40
9da1ee5332d2aa60444d9f4ef164d014d53f5fbf23fc78845bfec8f5562c4bf5
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a1a279a3063dffb699e6790fbb9135f442a90ef1a7d849af70c51b583ce70bd5
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db
aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22
af324ff33e27041b85f263b35345150df04d5ffb25ab7de6a1915084e1c52662
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b3e303a1090ced3fb72c2f8a03a46fcb46aabe6d6cd0158b506708c3a4ad202b
b9e6c38b3493790e6525ba6715ad839211cab5db3ddc80c7f70f20f92679fee6
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
bee9266ce99959c08654ace434f1b5e4a54f51fda334409ac8f82b56da960dec
c94ec041cf9614b95b4d4064ed8a7bad26e72e11f4263ce4d435f7bae72d32c0
caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
d77db41dc4c7b8c130a5569ce570646d824303b3909cbfc8767a5c513b4c9140
dcec22bbcb68119d6c7d6d5e088fb82183a9826d0c9e3403f1386fd837f06a89
e30f848c353b8ab801c18d2109527cb32a27f145262dccb3cd4db9f309cc53bb
e345cc9cd43f23662004c176ec7aa6cd7c16d4bd3530e99a88085177daf790af
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e43a0788007c81c88e5f2e2d37edf449a9a0adff50ab76c8cb5b1c8ae76f5860
e61660c659c426e45bce2937dddb01af6b550502a2904546575c1ec2ba1121dd
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f909a31bfd7a13b9dd53e98b5652f13f4782fdfd1653dc4befade7386c087371