travel.northeast.aaa.com Open in urlscan Pro
52.206.165.190 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://travel.northeast.aaa.com/trip/sKHVj7O3RAWhevDLVmXnGw/booking/W4AT5aogRY-bnf1SLkkj3w/terms?termsType=Cancellation&tst_emai...
Effective URL:
https://travel.northeast.aaa.com/trip/sKHVj7O3RAWhevDLVmXnGw/booking/W4AT5aogRY-bnf1SLkkj3w/terms?termsType=Cancellation&tst_emai...
Submission: On December 11 via api (December 11th 2022, 10:58:51 pm UTC) from CH — Scanned from DE

Summary HTTP 166 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 55 IPs in 8 countries across 51 domains to perform 166 HTTP transactions. The main IP is 52.206.165.190, located in Ashburn, United States and belongs to AMAZON-AES, US. The main domain is travel.northeast.aaa.com. The Cisco Umbrella rank of the primary domain is 374887.
TLS certificate: Issued by Trustwave Organization Validation SHA... on June 6th 2022. Valid for: a year.

This is the only time travel.northeast.aaa.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	184.72.128.159 184.72.128.159	14618 (AMAZON-AES) (AMAZON-AES)
11	52.206.165.190 52.206.165.190	14618 (AMAZON-AES) (AMAZON-AES)
1	2a00:1450:400... 2a00:1450:4001:831::200a	15169 (GOOGLE) (GOOGLE)
5	54.231.204.104 54.231.204.104	16509 (AMAZON-02) (AMAZON-02)
10	2a02:26f0:350... 2a02:26f0:3500:587::1e80	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	45.60.154.98 45.60.154.98	19551 (INCAPSULA) (INCAPSULA)
1	2a05:d014:275... 2a05:d014:275:cb01:457d:6b8c:73fc:8f8f	16509 (AMAZON-02) (AMAZON-02)
2	2a02:6ea0:c70... 2a02:6ea0:c700::10	60068 (CDN77 ^_^) (CDN77 ^_^)
4	2a00:1450:400... 2a00:1450:4001:828::200e	15169 (GOOGLE) (GOOGLE)
11	2a00:1450:400... 2a00:1450:4001:830::2008	15169 (GOOGLE) (GOOGLE)
11	52.19.242.51 52.19.242.51	16509 (AMAZON-02) (AMAZON-02)
1	34.120.253.250 34.120.253.250	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	65.9.84.142 65.9.84.142	16509 (AMAZON-02) (AMAZON-02)
1	104.109.94.223 104.109.94.223	16625 (AKAMAI-AS) (AKAMAI-AS)
4	45.60.64.121 45.60.64.121	19551 (INCAPSULA) (INCAPSULA)
1	2001:4de0:ac1... 2001:4de0:ac18::1:a:2b	20446 (STACKPATH...) (STACKPATH-CDN)
2	2600:1901:0:7... 2600:1901:0:7a0b::	15169 (GOOGLE) (GOOGLE)
1	52.30.252.118 52.30.252.118	16509 (AMAZON-02) (AMAZON-02)
3	15.188.95.229 15.188.95.229	16509 (AMAZON-02) (AMAZON-02)
7 8	151.101.194.49 151.101.194.49	54113 (FASTLY) (FASTLY)
1 1	54.171.1.252 54.171.1.252	16509 (AMAZON-02) (AMAZON-02)
1	3.248.2.215 3.248.2.215	16509 (AMAZON-02) (AMAZON-02)
2	2a00:1450:400... 2a00:1450:400c:c00::9c	15169 (GOOGLE) (GOOGLE)
1 14	2a00:1450:400... 2a00:1450:4001:82b::2002	15169 (GOOGLE) (GOOGLE)
2	2606:4700:10:... 2606:4700:10::ac43:aac	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 16	2a00:1450:400... 2a00:1450:4001:803::2004	15169 (GOOGLE) (GOOGLE)
16	2a00:1450:400... 2a00:1450:4001:806::2003	15169 (GOOGLE) (GOOGLE)
2	2a03:2880:f02... 2a03:2880:f02d:12:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
2	142.250.186.130 142.250.186.130	15169 (GOOGLE) (GOOGLE)
1	2a02:26f0:780... 2a02:26f0:780::5f65:3669	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2001:4860:480... 2001:4860:4802:34::36	15169 (GOOGLE) (GOOGLE)
1 1	185.29.132.245 185.29.132.245	30419 (MEDIAMATH...) (MEDIAMATH-INC)
2	2600:9000:223... 2600:9000:223d:2a00:2:53b2:240:93a1	16509 (AMAZON-02) (AMAZON-02)
3 3	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	13.107.42.14 13.107.42.14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
5	34.98.72.95 34.98.72.95	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
5	2620:1ec:c11:... 2620:1ec:c11::200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2 2	52.57.83.94 52.57.83.94	16509 (AMAZON-02) (AMAZON-02)
1	108.156.60.33 108.156.60.33	16509 (AMAZON-02) (AMAZON-02)
3	2a03:2880:f12... 2a03:2880:f12d:83:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1	34.117.96.210 34.117.96.210	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	35.244.234.129 35.244.234.129	15169 (GOOGLE) (GOOGLE)
1	34.120.126.172 34.120.126.172	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2	35.244.174.68 35.244.174.68	15169 (GOOGLE) (GOOGLE)
1 1	2001:678:cb4:... 2001:678:cb4:bbbb::13	56396 (AMOBEE) (AMOBEE)
1	2606:4700::68... 2606:4700::6812:17ea	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	52.223.40.198 52.223.40.198	16509 (AMAZON-02) (AMAZON-02)
1	34.107.191.194 34.107.191.194	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1 1	52.57.150.20 52.57.150.20	16509 (AMAZON-02) (AMAZON-02)
1	34.111.8.32 34.111.8.32	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	34.102.193.48 34.102.193.48	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	2606:4700:10:... 2606:4700:10::6816:39f5	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 1	212.82.100.182 212.82.100.182	34010 (YAHOO-IRD) (YAHOO-IRD)
2 3	184.24.11.75 184.24.11.75	16625 (AKAMAI-AS) (AKAMAI-AS)
1	35.175.70.135 35.175.70.135	14618 (AMAZON-AES) (AMAZON-AES)
2 2	13.32.99.21 13.32.99.21	16509 (AMAZON-02) (AMAZON-02)
1	52.19.187.82 52.19.187.82	16509 (AMAZON-02) (AMAZON-02)
1	142.250.185.226 142.250.185.226	15169 (GOOGLE) (GOOGLE)
1	69.173.144.138 69.173.144.138	26667 (RUBICONPR...) (RUBICONPROJECT)
1 2	185.80.39.216 185.80.39.216	27381 (CASALE-MEDIA) (CASALE-MEDIA)
1	35.244.159.8 35.244.159.8	15169 (GOOGLE) (GOOGLE)
1	185.64.189.110 185.64.189.110	62713 (AS-PUBMATIC) (AS-PUBMATIC)
1 2	185.94.180.126 185.94.180.126	35220 (SPOTX-AMS) (SPOTX-AMS)
1 1	54.154.250.204 54.154.250.204	16509 (AMAZON-02) (AMAZON-02)
2 2	52.30.134.174 52.30.134.174	16509 (AMAZON-02) (AMAZON-02)
1 1	44.195.94.142 44.195.94.142	14618 (AMAZON-AES) (AMAZON-AES)
166	55

1 184.72.128.159 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-184-72-128-159.compute-1.amazonaws.com

travel.northeast.aaa.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 52.206.165.190 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-206-165-190.compute-1.amazonaws.com

travel.northeast.aaa.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:831::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 54.231.204.104 (Ashburn, United States)

ASN16509 (AMAZON-02, US)
PTR: s3-1.amazonaws.com

s3.amazonaws.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a02:26f0:3500:587::1e80 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

assets.adobedtm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 45.60.154.98 (United States)

ASN19551 (INCAPSULA, US)

nm.northeast.aaa.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a05:d014:275:cb01:457d:6b8c:73fc:8f8f (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)

www.fullstory.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:6ea0:c700::10 (Frankfurt am Main, Germany)

ASN60068 (CDN77 ^_^, GB)

rec.smartlook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:828::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2a00:1450:4001:830::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 52.19.242.51 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-19-242-51.eu-west-1.compute.amazonaws.com

dpm.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.120.253.250 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 250.253.120.34.bc.googleusercontent.com

tag.wknd.ai	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 65.9.84.142 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-65-9-84-142.ams1.r.cloudfront.net

d2wy8f7a9ursnm.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.109.94.223 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-109-94-223.deploy.static.akamaitechnologies.com

www.everestjs.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 45.60.64.121 (United States)

ASN19551 (INCAPSULA, US)

www.aaa.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4de0:ac18::1:a:2b (Netherlands)

ASN20446 (STACKPATH-CDN, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:1901:0:7a0b:: (Kansas City, United States)

ASN15169 (GOOGLE, US)

sessions.bugsnag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.30.252.118 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-30-252-118.eu-west-1.compute.amazonaws.com

aaanortheast.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 15.188.95.229 (Paris, France)

ASN16509 (AMAZON-02, US)
PTR: ec2-15-188-95-229.eu-west-3.compute.amazonaws.com

mcdmetrics.aaa.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adobedc.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 151.101.194.49 (United States) 7 redirects

ASN54113 (FASTLY, US)

lasteventf-tm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
sync-tm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.171.1.252 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-54-171-1-252.eu-west-1.compute.amazonaws.com

cm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.248.2.215 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-248-2-215.eu-west-1.compute.amazonaws.com

mcdmetrics2.aaa.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400c:c00::9c (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 2a00:1450:4001:82b::2002 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:10::ac43:aac (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.inspectlet.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
hn.inspectlet.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 2a00:1450:4001:803::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 2a00:1450:4001:806::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f02d:12:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.186.130 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s07-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:780::5f65:3669 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.29.132.245 (United Kingdom) 1 redirects

ASN30419 (MEDIAMATH-INC, US)

sync.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:223d:2a00:2:53b2:240:93a1 (United States)

ASN16509 (AMAZON-02, US)

cdn.linkedin.oribi.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:1ec:21::14 (United States) 3 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.107.42.14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px4.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 34.98.72.95 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 95.72.98.34.bc.googleusercontent.com

assets.bounceexchange.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2620:1ec:c11::200 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.57.83.94 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-57-83-94.eu-central-1.compute.amazonaws.com

pm.w55c.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 108.156.60.33 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-156-60-33.ams1.r.cloudfront.net

cdn.pbbl.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a03:2880:f12d:83:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.117.96.210 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 210.96.117.34.bc.googleusercontent.com

data.cdnbasket.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.244.234.129 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 129.234.244.35.bc.googleusercontent.com

page.cdnbasket.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.120.126.172 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 172.126.120.34.bc.googleusercontent.com

view.cdnbasket.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.244.174.68 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 68.174.244.35.bc.googleusercontent.com

idsync.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:678:cb4:bbbb::13 (United Kingdom) 1 redirects

ASN56396 (AMOBEE, GB)

d.turn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:17ea (United States)

ASN13335 (CLOUDFLARENET, US)

idpix.media6degrees.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.223.40.198 (United States)

ASN16509 (AMAZON-02, US)
PTR: a6370ebea231e0c9a.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.107.191.194 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 194.191.107.34.bc.googleusercontent.com

ids.cdnwidget.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.57.150.20 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-57-150-20.eu-central-1.compute.amazonaws.com

ps.eyeota.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.111.8.32 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 32.8.111.34.bc.googleusercontent.com

api.bounceexchange.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.102.193.48 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 48.193.102.34.bc.googleusercontent.com

e.cdnwidget.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:10::6816:39f5 (United States)

ASN13335 (CLOUDFLARENET, US)

hn.inspectlet.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 212.82.100.182 (Dublin, Ireland) 1 redirects

ASN34010 (YAHOO-IRD, GB)
PTR: spcms.pbp.vip.ir2.yahoo.com

cms.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 184.24.11.75 (Frankfurt am Main, Germany) 2 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a184-24-11-75.deploy.static.akamaitechnologies.com

px.owneriq.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.175.70.135 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-35-175-70-135.compute-1.amazonaws.com

usersync.videoamp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.32.99.21 (United States) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: server-13-32-99-21.fra60.r.cloudfront.net

ads.scorecardresearch.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.19.187.82 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-19-187-82.eu-west-1.compute.amazonaws.com

sync.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.185.226 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s53-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.173.144.138 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.80.39.216 (Canada) 1 redirects

ASN27381 (CASALE-MEDIA, CA)

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.244.159.8 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 8.159.244.35.bc.googleusercontent.com

us-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.64.189.110 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)

image2.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.94.180.126 (Amsterdam, Netherlands) 1 redirects

ASN35220 (SPOTX-AMS, US)

sync.search.spotxchange.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.154.250.204 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-54-154-250-204.eu-west-1.compute.amazonaws.com

g2.gumgum.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.30.134.174 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-30-134-174.eu-west-1.compute.amazonaws.com

match.prod.bidr.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 44.195.94.142 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-44-195-94-142.compute-1.amazonaws.com

sync.srv.stackadapt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
21	aaa.com 1 redirects travel.northeast.aaa.com — Cisco Umbrella Rank: 374887 nm.northeast.aaa.com — Cisco Umbrella Rank: 335784 www.aaa.com — Cisco Umbrella Rank: 50726 mcdmetrics.aaa.com — Cisco Umbrella Rank: 248541 mcdmetrics2.aaa.com — Cisco Umbrella Rank: 239457	3 MB
17	doubleclick.net 1 redirects stats.g.doubleclick.net — Cisco Umbrella Rank: 81 googleads.g.doubleclick.net — Cisco Umbrella Rank: 34 cm.g.doubleclick.net — Cisco Umbrella Rank: 215	14 KB
16	google.de www.google.de — Cisco Umbrella Rank: 7952	1 KB
16	google.com 1 redirects www.google.com — Cisco Umbrella Rank: 2	1 KB
13	demdex.net dpm.demdex.net — Cisco Umbrella Rank: 206 aaanortheast.demdex.net — Cisco Umbrella Rank: 289379 adobedc.demdex.net — Cisco Umbrella Rank: 9738	18 KB
11	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 47	827 KB
10	adobedtm.com assets.adobedtm.com — Cisco Umbrella Rank: 487	173 KB
9	everesttech.net 8 redirects lasteventf-tm.everesttech.net — Cisco Umbrella Rank: 6789 cm.everesttech.net — Cisco Umbrella Rank: 1046 sync-tm.everesttech.net — Cisco Umbrella Rank: 572	2 KB
6	bounceexchange.com assets.bounceexchange.com — Cisco Umbrella Rank: 1902 api.bounceexchange.com — Cisco Umbrella Rank: 2158	143 KB
5	bing.com bat.bing.com — Cisco Umbrella Rank: 373	12 KB
5	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 28 region1.google-analytics.com — Cisco Umbrella Rank: 3983	20 KB
5	amazonaws.com s3.amazonaws.com	513 KB
4	linkedin.com 3 redirects px.ads.linkedin.com — Cisco Umbrella Rank: 372 www.linkedin.com — Cisco Umbrella Rank: 643 px4.ads.linkedin.com — Cisco Umbrella Rank: 6944	4 KB
3	owneriq.net 2 redirects px.owneriq.net — Cisco Umbrella Rank: 899	1 KB
3	cdnbasket.net data.cdnbasket.net — Cisco Umbrella Rank: 3819 page.cdnbasket.net — Cisco Umbrella Rank: 3821 view.cdnbasket.net — Cisco Umbrella Rank: 3823	1014 B
3	facebook.com www.facebook.com — Cisco Umbrella Rank: 113	271 B
3	inspectlet.com cdn.inspectlet.com — Cisco Umbrella Rank: 8373 hn.inspectlet.com — Cisco Umbrella Rank: 8420	63 KB
2	bidr.io 2 redirects match.prod.bidr.io — Cisco Umbrella Rank: 476	1 KB
2	spotxchange.com 1 redirects sync.search.spotxchange.com — Cisco Umbrella Rank: 592	1 KB
2	casalemedia.com 1 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 507	1 KB
2	scorecardresearch.com 2 redirects ads.scorecardresearch.com — Cisco Umbrella Rank: 2253	604 B
2	cdnwidget.com ids.cdnwidget.com — Cisco Umbrella Rank: 2992 e.cdnwidget.com — Cisco Umbrella Rank: 9808	306 B
2	rlcdn.com idsync.rlcdn.com — Cisco Umbrella Rank: 335	107 B
2	w55c.net 2 redirects pm.w55c.net — Cisco Umbrella Rank: 718	1 KB
2	oribi.io cdn.linkedin.oribi.io — Cisco Umbrella Rank: 887	375 B
2	googleadservices.com www.googleadservices.com — Cisco Umbrella Rank: 171	18 KB
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 152	112 KB
2	bugsnag.com sessions.bugsnag.com — Cisco Umbrella Rank: 731	35 B
2	smartlook.com rec.smartlook.com — Cisco Umbrella Rank: 22088	17 KB
1	stackadapt.com 1 redirects sync.srv.stackadapt.com — Cisco Umbrella Rank: 692	560 B
1	gumgum.com 1 redirects g2.gumgum.com — Cisco Umbrella Rank: 1310	260 B
1	pubmatic.com image2.pubmatic.com — Cisco Umbrella Rank: 882	453 B
1	openx.net us-u.openx.net — Cisco Umbrella Rank: 395	273 B
1	rubiconproject.com pixel.rubiconproject.com — Cisco Umbrella Rank: 321	239 B
1	crwdcntrl.net sync.crwdcntrl.net — Cisco Umbrella Rank: 752	266 B
1	videoamp.com usersync.videoamp.com — Cisco Umbrella Rank: 11060	79 B
1	yahoo.com 1 redirects cms.analytics.yahoo.com — Cisco Umbrella Rank: 869	678 B
1	eyeota.net 1 redirects ps.eyeota.net — Cisco Umbrella Rank: 949	418 B
1	adsrvr.org match.adsrvr.org — Cisco Umbrella Rank: 323	265 B
1	media6degrees.com idpix.media6degrees.com — Cisco Umbrella Rank: 1833	205 B
1	turn.com 1 redirects d.turn.com — Cisco Umbrella Rank: 1154	402 B
1	pbbl.co cdn.pbbl.co — Cisco Umbrella Rank: 7764
1	mathtag.com 1 redirects sync.mathtag.com — Cisco Umbrella Rank: 447	684 B
1	licdn.com snap.licdn.com — Cisco Umbrella Rank: 742	5 KB
1	jquery.com code.jquery.com — Cisco Umbrella Rank: 687	29 KB
1	everestjs.net www.everestjs.net — Cisco Umbrella Rank: 6130	3 KB
1	cloudfront.net d2wy8f7a9ursnm.cloudfront.net	43 KB
1	wknd.ai tag.wknd.ai — Cisco Umbrella Rank: 4714	4 KB
1	fullstory.com www.fullstory.com — Cisco Umbrella Rank: 24072
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 37	1 KB
0	adnxs.com Failed ib.adnxs.com Failed
166	51

	Domain	Requested by
16	www.google.de	travel.northeast.aaa.com
16	www.google.com	1 redirects travel.northeast.aaa.com
14	googleads.g.doubleclick.net	1 redirects www.googletagmanager.com www.googleadservices.com
12	travel.northeast.aaa.com	1 redirects travel.northeast.aaa.com d2wy8f7a9ursnm.cloudfront.net
11	dpm.demdex.net	assets.adobedtm.com travel.northeast.aaa.com
11	www.googletagmanager.com	travel.northeast.aaa.com assets.adobedtm.com www.googletagmanager.com
10	assets.adobedtm.com	travel.northeast.aaa.com assets.adobedtm.com
7	sync-tm.everesttech.net	7 redirects
5	bat.bing.com	www.googletagmanager.com bat.bing.com travel.northeast.aaa.com
5	assets.bounceexchange.com	tag.wknd.ai assets.bounceexchange.com
5	s3.amazonaws.com	travel.northeast.aaa.com s3.amazonaws.com
4	www.aaa.com	assets.adobedtm.com
4	www.google-analytics.com	travel.northeast.aaa.com www.google-analytics.com
3	px.owneriq.net	2 redirects
3	www.facebook.com	travel.northeast.aaa.com
2	match.prod.bidr.io	2 redirects
2	sync.search.spotxchange.com	1 redirects
2	dsum-sec.casalemedia.com	1 redirects
2	ads.scorecardresearch.com	2 redirects
2	hn.inspectlet.com	cdn.inspectlet.com
2	idsync.rlcdn.com	travel.northeast.aaa.com
2	pm.w55c.net	2 redirects
2	px.ads.linkedin.com	2 redirects
2	cdn.linkedin.oribi.io	snap.licdn.com
2	www.googleadservices.com	assets.adobedtm.com www.googletagmanager.com
2	connect.facebook.net	travel.northeast.aaa.com connect.facebook.net
2	stats.g.doubleclick.net	www.google-analytics.com
2	mcdmetrics.aaa.com	assets.adobedtm.com
2	sessions.bugsnag.com	d2wy8f7a9ursnm.cloudfront.net
2	rec.smartlook.com	travel.northeast.aaa.com rec.smartlook.com
2	nm.northeast.aaa.com	travel.northeast.aaa.com
1	sync.srv.stackadapt.com	1 redirects
1	g2.gumgum.com	1 redirects
1	image2.pubmatic.com
1	us-u.openx.net
1	pixel.rubiconproject.com
1	cm.g.doubleclick.net
1	sync.crwdcntrl.net
1	usersync.videoamp.com
1	cms.analytics.yahoo.com	1 redirects
1	e.cdnwidget.com	travel.northeast.aaa.com
1	api.bounceexchange.com	assets.bounceexchange.com
1	ps.eyeota.net	1 redirects
1	ids.cdnwidget.com	cdn.inspectlet.com
1	match.adsrvr.org	travel.northeast.aaa.com
1	idpix.media6degrees.com	travel.northeast.aaa.com
1	d.turn.com	1 redirects
1	view.cdnbasket.net	assets.bounceexchange.com
1	page.cdnbasket.net	assets.bounceexchange.com
1	data.cdnbasket.net	assets.bounceexchange.com
1	cdn.pbbl.co	travel.northeast.aaa.com
1	adobedc.demdex.net	assets.adobedtm.com
1	px4.ads.linkedin.com	travel.northeast.aaa.com
1	www.linkedin.com	1 redirects
1	sync.mathtag.com	1 redirects
1	region1.google-analytics.com	www.googletagmanager.com
1	snap.licdn.com	travel.northeast.aaa.com
1	cdn.inspectlet.com	travel.northeast.aaa.com
1	mcdmetrics2.aaa.com	assets.adobedtm.com
1	cm.everesttech.net	1 redirects
1	lasteventf-tm.everesttech.net	www.everestjs.net
1	aaanortheast.demdex.net	assets.adobedtm.com
1	code.jquery.com	assets.adobedtm.com
1	www.everestjs.net	assets.adobedtm.com
1	d2wy8f7a9ursnm.cloudfront.net	assets.adobedtm.com
1	tag.wknd.ai	travel.northeast.aaa.com
1	www.fullstory.com	travel.northeast.aaa.com
1	fonts.googleapis.com	travel.northeast.aaa.com
0	ib.adnxs.com Failed
166	69

This site contains links to these domains. Also see Links.

Domain
northeast.aaa.com

Subject Issuer	Validity	Valid
cruises.northeast.aaa.com Trustwave Organization Validation SHA256 CA, Level 1	`2022-06-06` - `2023-07-05`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2022-11-07` - `2023-01-30`	3 months	crt.sh
s3.amazonaws.com Amazon	`2022-04-01` - `2023-03-30`	a year	crt.sh
assets.adobedtm.com DigiCert TLS RSA SHA256 2020 CA1	`2022-07-19` - `2023-08-19`	a year	crt.sh
*.northeast.aaa.com Trustwave Organization Validation SHA256 CA, Level 1	`2022-01-03` - `2023-01-27`	a year	crt.sh
bionic.fullstory.com R3	`2022-11-05` - `2023-02-03`	3 months	crt.sh
1610534878.rsc.cdn77.org R3	`2022-11-02` - `2023-01-31`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-11-07` - `2023-01-30`	3 months	crt.sh
*.demdex.com DigiCert TLS RSA SHA256 2020 CA1	`2022-09-26` - `2023-10-27`	a year	crt.sh
tag.wknd.ai R3	`2022-11-25` - `2023-02-23`	3 months	crt.sh
*.cloudfront.net Amazon	`2022-02-01` - `2023-01-31`	a year	crt.sh
www.everestjs.net DigiCert TLS RSA SHA256 2020 CA1	`2022-08-09` - `2023-09-09`	a year	crt.sh
imperva.com GlobalSign Atlas R3 DV TLS CA 2022 Q4	`2022-11-14` - `2023-05-13`	6 months	crt.sh
*.jquery.com Sectigo RSA Domain Validation Secure Server CA	`2022-08-03` - `2023-07-14`	a year	crt.sh
*.bugsnag.com Sectigo RSA Domain Validation Secure Server CA	`2022-04-26` - `2023-04-26`	a year	crt.sh
mcdmetrics.aaa.com DigiCert TLS RSA SHA256 2020 CA1	`2022-03-01` - `2023-04-01`	a year	crt.sh
*.everesttech.net GlobalSign Atlas R3 DV TLS CA 2022 Q4	`2022-11-07` - `2023-12-09`	a year	crt.sh
mcdmetrics2.aaa.com DigiCert TLS RSA SHA256 2020 CA1	`2022-03-02` - `2023-03-02`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-11-07` - `2023-01-30`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-06-17` - `2023-06-17`	a year	crt.sh
www.google.com GTS CA 1C3	`2022-11-07` - `2023-01-30`	3 months	crt.sh
www.google.de GTS CA 1C3	`2022-11-07` - `2023-01-30`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2022-09-20` - `2022-12-19`	3 months	crt.sh
www.googleadservices.com GTS CA 1C3	`2022-11-07` - `2023-01-30`	3 months	crt.sh
snap.licdn.com DigiCert SHA2 Secure Server CA	`2022-03-01` - `2023-03-01`	a year	crt.sh
*.google.com GTS CA 1C3	`2022-11-07` - `2023-01-30`	3 months	crt.sh
*.google.de GTS CA 1C3	`2022-11-07` - `2023-01-30`	3 months	crt.sh
*.googleadservices.com GTS CA 1C3	`2022-11-07` - `2023-01-30`	3 months	crt.sh
linkedin.oribi.io Amazon	`2022-07-07` - `2023-08-06`	a year	crt.sh
adobedc.demdex.net DigiCert TLS RSA SHA256 2020 CA1	`2022-10-20` - `2023-11-20`	a year	crt.sh
assets.bounceexchange.com GTS CA 1D4	`2022-11-29` - `2023-02-27`	3 months	crt.sh
www.bing.com Microsoft RSA TLS CA 02	`2022-11-25` - `2023-05-25`	6 months	crt.sh
*.pbbl.co Amazon	`2022-10-04` - `2023-11-02`	a year	crt.sh
data.cdnbasket.net GTS CA 1D4	`2022-11-25` - `2023-02-23`	3 months	crt.sh
page.cdnbasket.net GTS CA 1D4	`2022-11-25` - `2023-02-23`	3 months	crt.sh
view.cdnbasket.net GTS CA 1D4	`2022-11-25` - `2023-02-23`	3 months	crt.sh
*.rlcdn.com Sectigo RSA Domain Validation Secure Server CA	`2022-02-03` - `2023-02-25`	a year	crt.sh
dstillery.com Sectigo RSA Domain Validation Secure Server CA	`2022-05-05` - `2023-04-28`	a year	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2022-03-31` - `2023-05-02`	a year	crt.sh
ids.cdnwidget.com R3	`2022-12-03` - `2023-03-03`	3 months	crt.sh
*.wunderkind.co R3	`2022-12-11` - `2023-03-11`	3 months	crt.sh
e.cdnwidget.com R3	`2022-11-10` - `2023-02-08`	3 months	crt.sh
*.videoamp.com Amazon	`2022-09-06` - `2023-10-04`	a year	crt.sh
*.crwdcntrl.net Go Daddy Secure Certificate Authority - G2	`2022-05-01` - `2023-06-02`	a year	crt.sh

This page contains 3 frames:

Primary Page: https://travel.northeast.aaa.com/trip/sKHVj7O3RAWhevDLVmXnGw/booking/W4AT5aogRY-bnf1SLkkj3w/terms?termsType=Cancellation&tst_email=confirmation&utm_source=conf_email&utm_medium=email&utm_campaign=car_insurance
Frame ID: 50F49349B8B6871C11C755562E4C7B86
Requests: 140 HTTP requests in this frame

Frame: https://aaanortheast.demdex.net/dest5.html?d_nsid=0
Frame ID: B7C079434CCC6D79EA18D145C10637D1
Requests: 25 HTTP requests in this frame

Frame: https://assets.bounceexchange.com/assets/bounce/local_storage_frame16.min.html
Frame ID: 83E4F3F65D816721D4B831C3B227EB27
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Cancellation Terms

Page URL History Show full URLs

http://travel.northeast.aaa.com/trip/sKHVj7O3RAWhevDLVmXnGw/booking/W4AT5aogRY-bnf1SLkkj3w/terms?termsType=C... HTTP 301
https://travel.northeast.aaa.com/trip/sKHVj7O3RAWhevDLVmXnGw/booking/W4AT5aogRY-bnf1SLkkj3w/terms?termsType=C... Page URL

Detected technologies

BugSnag (Analytics) Expand

Overall confidence: 100%
Detected patterns

/bugsnag.*\.js

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Inspectlet (Analytics) Expand

Overall confidence: 100%
Detected patterns

cdn\.inspectlet\.com

Linkedin Insight Tag (Analytics) Expand

Overall confidence: 100%
Detected patterns

snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

PubMatic (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.pubmatic\.com

Rubicon Project (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.rubiconproject\.com

basket.js (JavaScript Libraries) Expand

Overall confidence: 10%
Detected patterns

basket.*\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

166
Requests

87 %
HTTPS

35 %
IPv6

51
Domains

69
Subdomains

55
IPs

8
Countries

4624 kB
Transfer

14515 kB
Size

74
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://northeast.aaa.com/travel/plan-your-trip/travel-insurance.html
Title: Insurance

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://travel.northeast.aaa.com/trip/sKHVj7O3RAWhevDLVmXnGw/booking/W4AT5aogRY-bnf1SLkkj3w/terms?termsType=Cancellation&tst_email=confirmation&utm_source=conf_email&utm_medium=email&utm_campaign=car_insurance HTTP 301
https://travel.northeast.aaa.com/trip/sKHVj7O3RAWhevDLVmXnGw/booking/W4AT5aogRY-bnf1SLkkj3w/terms?termsType=Cancellation&tst_email=confirmation&utm_source=conf_email&utm_medium=email&utm_campaign=car_insurance Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 46

https://cm.everesttech.net/cm/dd?d_uuid=47709484121795006523454029584194499358 HTTP 302
https://dpm.demdex.net/ibs:dpid=411&dpuuid=Y5ZgpQAAABvXZgOJ

Request Chain 69

https://sync.mathtag.com/sync/img?mt_exid=10004&mt_exuid=47709484121795006523454029584194499358&redir=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D269%26dpuuid%3D[MM_UUID]%26ddsuuid%3d47709484121795006523454029584194499358 HTTP 302
https://dpm.demdex.net/ibs:dpid=269&dpuuid=9fc36396-60a7-4e00-9c95-470e468d200d&ddsuuid=47709484121795006523454029584194499358

Request Chain 72

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=2021154&time=1670799526421&url=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FsKHVj7O3RAWhevDLVmXnGw%2Fbooking%2FW4AT5aogRY-bnf1SLkkj3w%2Fterms%3FtermsType%3DCancellation%26tst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dcar_insurance HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D2021154%26time%3D1670799526421%26url%3Dhttps%253A%252F%252Ftravel.northeast.aaa.com%252Ftrip%252FsKHVj7O3RAWhevDLVmXnGw%252Fbooking%252FW4AT5aogRY-bnf1SLkkj3w%252Fterms%253FtermsType%253DCancellation%2526tst_email%253Dconfirmation%2526utm_source%253Dconf_email%2526utm_medium%253Demail%2526utm_campaign%253Dcar_insurance%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=2021154&time=1670799526421&url=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FsKHVj7O3RAWhevDLVmXnGw%2Fbooking%2FW4AT5aogRY-bnf1SLkkj3w%2Fterms%3FtermsType%3DCancellation%26tst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dcar_insurance&liSync=true HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=2021154&time=1670799526421&url=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FsKHVj7O3RAWhevDLVmXnGw%2Fbooking%2FW4AT5aogRY-bnf1SLkkj3w%2Fterms%3FtermsType%3DCancellation%26tst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dcar_insurance&liSync=true&e_ipv6=AQKxA4QgTKP42wAAAYUDaYwbgmts4tXwtKBLe5c-Pcox0JkgGtlSNfSmKhbgcAe42BsquWs

Request Chain 98

https://pm.w55c.net/ping_match.gif?st=dmx&rurl=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D359%26dpuuid%3D_wfivefivec_ HTTP 302
https://pm.w55c.net/ping_match.gif?scc=1&st=dmx&rurl=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D359%26dpuuid%3D_wfivefivec_ HTTP 302
https://dpm.demdex.net/ibs:dpid=359&dpuuid=MM2b1pxy1P4vhs5

Request Chain 101

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1063159333/?random=1171539469&cv=11&fst=1670799526411&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1600&u_h=1200&label=UMmeCJj6xIIBEKWM-voD&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FsKHVj7O3RAWhevDLVmXnGw%2Fbooking%2FW4AT5aogRY-bnf1SLkkj3w%2Fterms%3FtermsType%3DCancellation%26tst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dcar_insurance&tiba=Cancellation%20Terms&gtm_ee=1&auid=1617345795.1670799526&uaw=0&data=event%3Dconversion&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&ocp_id=pmCWY73JGpmP9fgPsMexkAg&sscte=1&crd=&pscrd=Ek9DaEVJZ0p6V25BWVFwZFhONmV5Ung5T2JBUkltQU51S0pZakkyNms0X2pTaTFzX3piNHVaYVFKZG5Qc0JrSy1VcHBoV0hETGcxRHhfZi13GlpDaEVJZ0p6V25BWVEtUHYyNXFLdHpQM1NBUkl1QUE4Y2d5eFUzbU01T2pSYlJzS2c3cGNIRVZiNVVMTGtPNjgyelYyTHhFXzVnY1dLblV1NFBqU2xxcG44aVE HTTP 302
https://www.google.com/pagead/1p-conversion/1063159333/?random=1171539469&cv=11&fst=1670799526411&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1600&u_h=1200&label=UMmeCJj6xIIBEKWM-voD&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FsKHVj7O3RAWhevDLVmXnGw%2Fbooking%2FW4AT5aogRY-bnf1SLkkj3w%2Fterms%3FtermsType%3DCancellation%26tst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dcar_insurance&tiba=Cancellation%20Terms&gtm_ee=1&auid=1617345795.1670799526&uaw=0&data=event%3Dconversion&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&pscrd=Ek9DaEVJZ0p6V25BWVFwZFhONmV5Ung5T2JBUkltQU51S0pZakkyNms0X2pTaTFzX3piNHVaYVFKZG5Qc0JrSy1VcHBoV0hETGcxRHhfZi13GlpDaEVJZ0p6V25BWVEtUHYyNXFLdHpQM1NBUkl1QUE4Y2d5eFUzbU01T2pSYlJzS2c3cGNIRVZiNVVMTGtPNjgyelYyTHhFXzVnY1dLblV1NFBqU2xxcG44aVE&is_vtc=1&ocp_id=pmCWY73JGpmP9fgPsMexkAg&cid=CAQSKQDq26N9xTTGfurbPhJfksLxNhNvoEG-9lOK_1Syr8-ZyebZT6dVEnJNIBM&random=770229435 HTTP 302
https://www.google.de/pagead/1p-conversion/1063159333/?random=1171539469&cv=11&fst=1670799526411&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1600&u_h=1200&label=UMmeCJj6xIIBEKWM-voD&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FsKHVj7O3RAWhevDLVmXnGw%2Fbooking%2FW4AT5aogRY-bnf1SLkkj3w%2Fterms%3FtermsType%3DCancellation%26tst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dcar_insurance&tiba=Cancellation%20Terms&gtm_ee=1&auid=1617345795.1670799526&uaw=0&data=event%3Dconversion&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&pscrd=Ek9DaEVJZ0p6V25BWVFwZFhONmV5Ung5T2JBUkltQU51S0pZakkyNms0X2pTaTFzX3piNHVaYVFKZG5Qc0JrSy1VcHBoV0hETGcxRHhfZi13GlpDaEVJZ0p6V25BWVEtUHYyNXFLdHpQM1NBUkl1QUE4Y2d5eFUzbU01T2pSYlJzS2c3cGNIRVZiNVVMTGtPNjgyelYyTHhFXzVnY1dLblV1NFBqU2xxcG44aVE&is_vtc=1&ocp_id=pmCWY73JGpmP9fgPsMexkAg&cid=CAQSKQDq26N9xTTGfurbPhJfksLxNhNvoEG-9lOK_1Syr8-ZyebZT6dVEnJNIBM&random=770229435&ipr=y&prhg=0

Request Chain 136

https://d.turn.com/r/dd/id/L2NzaWQvMS9jaWQvMjM2NTYzMjkvdC8y/url/https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D470%26dpuuid%3D%24!%7BTURN_UUID%7D HTTP 302
https://dpm.demdex.net/ibs:dpid=470&dpuuid=4145369225822972429

Request Chain 144

https://ps.eyeota.net/match?bid=6j5b2cv&uid=47709484121795006523454029584194499358&r=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D30064%26dpuuid%3D%7BUUID_6j5b2cv%7D HTTP 302
https://dpm.demdex.net/ibs:dpid=30064&dpuuid=%7BUUID_6j5b2cv%7D

Request Chain 148

https://cms.analytics.yahoo.com/cms?partner_id=ADOBE&_hosted_id=47709484121795006523454029584194499358&gdpr=0&gdpr_consent= HTTP 302
https://dpm.demdex.net/ibs:dpid=30646?dpuuid=y-PygnBo9E2pFz5UoEsaIcZVr2Z6kdVX1j3Hs-~A

Request Chain 151

https://px.owneriq.net/eucm/p/adpq?redir=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D53196%26dpuuid%3D(OIQ_UUID) HTTP 302
https://px.owneriq.net/ecc?redir=https%3a%2f%2fdpm.demdex.net%2fibs%3adpid%3d53196%26dpuuid%3dQ7240859271140296342&uid=Q7240859271140296342&ref=%2Feucm%2Fp%2Fadpq HTTP 302
https://px.owneriq.net/noop?ct=image%2Fgif

Request Chain 153

https://ads.scorecardresearch.com/p?c1=9&c2=6034944&c3=2&cs_xi=47709484121795006523454029584194499358&rn=1670799525648&r=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D73426%26dpuuid%3D47709484121795006523454029584194499358 HTTP 302
https://ads.scorecardresearch.com/p2?c1=9&c2=6034944&c3=2&cs_xi=47709484121795006523454029584194499358&rn=1670799525648&r=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D73426%26dpuuid%3D47709484121795006523454029584194499358 HTTP 302
https://dpm.demdex.net/ibs:dpid=73426&dpuuid=47709484121795006523454029584194499358

Request Chain 155

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_push%26google_sc%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_push&google_sc&google_hm=WTVaZ3BRQUFBQnZYWmdPSg==

Request Chain 156

https://sync-tm.everesttech.net/upi/pid/btu4jd3a?redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D7941%26nid%3D2243%26put%3D%24%7BUSER_ID%7D%26expires%3D90 HTTP 302
https://pixel.rubiconproject.com/tap.php?v=7941&nid=2243&put=Y5ZgpQAAABvXZgOJ&expires=90

Request Chain 157

https://sync-tm.everesttech.net/upi/pid/ZMAwryCI?redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Frum%3Fcm_dsp_id%3D88%26external_user_id%3D%24%7BTM_USER_ID%7D HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=88&external_user_id=Y5ZgpQAAABvXZgOJ HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=88&external_user_id=Y5ZgpQAAABvXZgOJ&C=1

Request Chain 159

https://sync-tm.everesttech.net/upi/pid/UH6TUt9n?redir=https%3A%2F%2Fib.adnxs.com%2Fsetuid%3Fentity%3D158%26code%3D%24%7BTM_USER_ID%7D HTTP 302
https://ib.adnxs.com/setuid?entity=158&code=Y5ZgpQAAABvXZgOJ

Request Chain 160

https://sync-tm.everesttech.net/upi/pid/ny75r2x0?redir=https%3A%2F%2Fus-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537148856%26val%3D%24%7BTM_USER_ID%7D HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537148856&val=Y5ZgpQAAABvXZgOJ

Request Chain 161

https://sync-tm.everesttech.net/upi/pid/b9pj45k4?redir=https%3A%2F%2Fimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER_ID%7D HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=Y5ZgpQAAABvXZgOJ

Request Chain 162

https://sync-tm.everesttech.net/upi/pid/h0r58thg?redir=https%3A%2F%2Fsync.search.spotxchange.com%2Fpartner%3Fadv_id%3D6409%26uid%3D%24%7BUSER_ID%7D%26img%3D1 HTTP 302
https://sync.search.spotxchange.com/partner?adv_id=6409&uid=Y5ZgpQAAABvXZgOJ&img=1 HTTP 302
https://sync.search.spotxchange.com/partner?adv_id=6409&uid=Y5ZgpQAAABvXZgOJ&img=1&__user_check__=1&sync_id=5f6d26a7-79a7-11ed-bcea-1586fee60306

Request Chain 163

https://sync-tm.everesttech.net/upi/pid/r7ifn0SL?redir=https%3A%2F%2Fwww.facebook.com%2Ffr%2Fb.php%3Fp%3D1531105787105294%26e%3D%24%7BTM_USER_ID%7D%26t%3D2592000%26o%3D0 HTTP 302
https://www.facebook.com/fr/b.php?p=1531105787105294&e=Y5ZgpQAAABvXZgOJ&t=2592000&o=0

Request Chain 164

https://g2.gumgum.com/adobe/s2s HTTP 302
https://dpm.demdex.net/ibs:dpid=143525&dpuuid=e_977536c3-ca35-4183-bfaa-33264bae7cf2

Request Chain 165

https://match.prod.bidr.io/cookie-sync/adobe?gdpr=0&gdpr_consent= HTTP 303
https://match.prod.bidr.io/cookie-sync/adobe?gdpr=0&gdpr_consent=&_bee_ppp=1 HTTP 303
https://dpm.demdex.net/ibs:dpid=275754&dpuuid=AAHKuE7HLMEAACC0dReYLg?gdpr=0

Request Chain 166

https://sync.srv.stackadapt.com/sync?nid=adobe HTTP 302
https://dpm.demdex.net/ibs:dpid=390122&dpuuid=YEUvWDbVSMVftIfJB5q-fpJGdW4

166 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request terms Show response
travel.northeast.aaa.com/trip/sKHVj7O3RAWhevDLVmXnGw/booking/W4AT5aogRY-bnf1SLkkj3w/
Redirect Chain

http://travel.northeast.aaa.com/trip/sKHVj7O3RAWhevDLVmXnGw/booking/W4AT5aogRY-bnf1SLkkj3w/terms?termsType=Cancellation&tst_email=confirmation&utm_source=conf_email&utm_medium=email&utm_campaign=ca...
https://travel.northeast.aaa.com/trip/sKHVj7O3RAWhevDLVmXnGw/booking/W4AT5aogRY-bnf1SLkkj3w/terms?termsType=Cancellation&tst_email=confirmation&utm_source=conf_email&utm_medium=email&utm_campaign=c...

126 KB
127 KB

1057ms
859ms

Document
text/html

52.206.165.190
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://travel.northeast.aaa.com/trip/sKHVj7O3RAWhevDLVmXnGw/booking/W4AT5aogRY-bnf1SLkkj3w/terms?termsType=Cancellation&tst_email=confirmation&utm_source=conf_email&utm_medium=email&utm_campaign=car_insurance

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.206.165.190 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-206-165-190.compute-1.amazonaws.com

Software

Resource Hash

a2f911b401d743ecfd4cef614c1aa4f30f121c9f6da07cf3389bffa865274505

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .tstllc.net .aaa.com ama.ab.ca .amatravel.ca .atlantic.caa.ca .caamanitoba.com .caaneo.ca .caask.ca .caaniagara.ca *.caascotravel.com
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-cache, max-age=0, must-revalidate, no-store
content-length: 129468
content-security-policy: frame-ancestors 'self' *.tstllc.net *.aaa.com ama.ab.ca *.amatravel.ca *.atlantic.caa.ca *.caamanitoba.com *.caaneo.ca *.caask.ca *.caaniagara.ca *.caascotravel.com
content-type: text/html; charset=UTF-8
date: Sun, 11 Dec 2022 22:58:44 GMT
referrer-policy: origin-when-cross-origin, strict-origin-when-cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
trace-id: 5407722a93bdcfbf

Redirect headers

Connection: keep-alive
Content-Length: 162
Content-Security-Policy: frame-ancestors 'self' *.tstllc.net *.aaa.com ama.ab.ca *.amatravel.ca *.atlantic.caa.ca *.caamanitoba.com *.caaneo.ca *.caask.ca *.caaniagara.ca *.caascotravel.com
Content-Type: text/html
Date: Sun, 11 Dec 2022 22:58:43 GMT
Location: https://travel.northeast.aaa.com/trip/sKHVj7O3RAWhevDLVmXnGw/booking/W4AT5aogRY-bnf1SLkkj3w/terms?termsType=Cancellation&tst_email=confirmation&utm_source=conf_email&utm_medium=email&utm_campaign=car_insurance
Strict-Transport-Security: max-age=31536000; includeSubDomains

GET
H2 404 trip.css
travel.northeast.aaa.com/trip/assets/stylesheets/v1/ 0
0 189ms
185ms Stylesheet
text/html 52.206.165.190
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://travel.northeast.aaa.com/trip/assets/stylesheets/v1/trip.css

Requested by

Host: travel.northeast.aaa.com
URL: https://travel.northeast.aaa.com/trip/sKHVj7O3RAWhevDLVmXnGw/booking/W4AT5aogRY-bnf1SLkkj3w/terms?termsType=Cancellation&tst_email=confirmation&utm_source=conf_email&utm_medium=email&utm_campaign=car_insurance

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.206.165.190 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-206-165-190.compute-1.amazonaws.com

Software

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .tstllc.net .aaa.com ama.ab.ca .amatravel.ca .atlantic.caa.ca .caamanitoba.com .caaneo.ca .caask.ca .caaniagara.ca *.caascotravel.com
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/trip/sKHVj7O3RAWhevDLVmXnGw/booking/W4AT5aogRY-bnf1SLkkj3w/terms?termsType=Cancellation&tst_email=confirmation&utm_source=conf_email&utm_medium=email&utm_campaign=car_insurance
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 22:58:44 GMT
content-security-policy: frame-ancestors 'self' *.tstllc.net *.aaa.com ama.ab.ca *.amatravel.ca *.atlantic.caa.ca *.caamanitoba.com *.caaneo.ca *.caask.ca *.caaniagara.ca *.caascotravel.com
referrer-policy: origin-when-cross-origin, strict-origin-when-cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
trace-id: 8cd7a398d65de63e
content-length: 1150
content-type: text/html; charset=UTF-8

GET
H2 200 css
fonts.googleapis.com/ 10 KB
1 KB 42ms
16ms Stylesheet
text/css 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans:300,400,600,700&lang=en

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

6c4133ff5eff0f23ca2f6fdaceea1d4dd3a91e499a0b0aef688b0f31206b0328

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Sun, 11 Dec 2022 22:58:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Sun, 11 Dec 2022 21:03:56 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sun, 11 Dec 2022 22:58:44 GMT

GET
H/1.1 200
OK antd.min.css
s3.amazonaws.com/tstllc-assets/css/antd/dist/ 451 KB
451 KB 326ms
116ms Stylesheet
text/css 54.231.204.104
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s3.amazonaws.com/tstllc-assets/css/antd/dist/antd.min.css
Requested by: Host: travel.northeast.aaa.com
URL: https://travel.northeast.aaa.com/trip/sKHVj7O3RAWhevDLVmXnGw/booking/W4AT5aogRY-bnf1SLkkj3w/terms?termsType=Cancellation&tst_email=confirmation&utm_source=conf_email&utm_medium=email&utm_campaign=car_insurance
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.231.204.104 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-1.amazonaws.com
Software: AmazonS3 /
Resource Hash: 897600b074c2a2e02b176f2d3e5caf964883dc5ea1c340c7576723e3932b9128

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Date: Sun, 11 Dec 2022 22:58:45 GMT
x-amz-version-id: null
Last-Modified: Mon, 07 Jan 2019 18:42:01 GMT
Server: AmazonS3
x-amz-request-id: H21MPF37SAP9TFW6
ETag: "5178b4827ce4ac2d7f96ed9861b4cd6d"
Content-Type: text/css
Cache-Control: no-cache
Accept-Ranges: bytes
Content-Length: 461624
x-amz-id-2: N6MHLjnDMQn6saa6WEcm/Fr8N+hndaG6DwYnrYkjGBPxQ1uuupn+uqJwiPtVz5cKb8VT6GqLAsI=

GET
H/1.1 200
OK proxima-nova.min.css
s3.amazonaws.com/tstllc-assets/fonts/proxima-nova/ 4 KB
4 KB 326ms
116ms Stylesheet
text/css 54.231.204.104
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s3.amazonaws.com/tstllc-assets/fonts/proxima-nova/proxima-nova.min.css
Requested by: Host: travel.northeast.aaa.com
URL: https://travel.northeast.aaa.com/trip/sKHVj7O3RAWhevDLVmXnGw/booking/W4AT5aogRY-bnf1SLkkj3w/terms?termsType=Cancellation&tst_email=confirmation&utm_source=conf_email&utm_medium=email&utm_campaign=car_insurance
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.231.204.104 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-1.amazonaws.com
Software: AmazonS3 /
Resource Hash: d7de9b79990bb103408b06aacc98307309774f564e70ba905949e80b5ba47f14

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Date: Sun, 11 Dec 2022 22:58:45 GMT
x-amz-version-id: null
Last-Modified: Tue, 18 Sep 2018 14:07:09 GMT
Server: AmazonS3
x-amz-request-id: H21JHBF0H5F32HPH
ETag: "371ff5a9f43f342812125d9e1497f068"
Content-Type: text/css
Accept-Ranges: bytes
Content-Length: 4191
x-amz-id-2: +2Dz2+QUfujvcRp70gVH/KTdKHvRfV1qmOq4hwkUMuqfZE3emYAgrIZsMoVlz5+IgHeI0fyrmjk=

GET
H/1.1 200
OK black-tie.min.css
s3.amazonaws.com/tstllc-assets/fonts/black-tie/css/ 22 KB
22 KB 329ms
115ms Stylesheet
text/css 54.231.204.104
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s3.amazonaws.com/tstllc-assets/fonts/black-tie/css/black-tie.min.css
Requested by: Host: travel.northeast.aaa.com
URL: https://travel.northeast.aaa.com/trip/sKHVj7O3RAWhevDLVmXnGw/booking/W4AT5aogRY-bnf1SLkkj3w/terms?termsType=Cancellation&tst_email=confirmation&utm_source=conf_email&utm_medium=email&utm_campaign=car_insurance
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.231.204.104 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-1.amazonaws.com
Software: AmazonS3 /
Resource Hash: 3ff7b0b317b417d887b4d1b311ac5a390b85345337838d182296dad380682a87

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Date: Sun, 11 Dec 2022 22:58:45 GMT
x-amz-version-id: null
Last-Modified: Fri, 12 Oct 2018 23:42:34 GMT
Server: AmazonS3
x-amz-request-id: H21PM380FGEC2NK0
ETag: "c9a2ca04d6ec76b7da644506f215fc4b"
Content-Type: text/css
Accept-Ranges: bytes
Content-Length: 22456
x-amz-id-2: hUVhqShqSPg7vKi2zbrorgBje4Tlt5OYisvpsVs3YthUdm4UjuaekvjS7LrtxzTb6YpQ36UXMUs=

GET
H2 200 gtm-helper-script-bundle.js Show response
travel.northeast.aaa.com/web-services/assets/resource/js/ 31 KB
10 KB 186ms
184ms Script
application/javascript 52.206.165.190
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://travel.northeast.aaa.com/web-services/assets/resource/js/gtm-helper-script-bundle.js

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.206.165.190 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-206-165-190.compute-1.amazonaws.com

Software

/ Express

Resource Hash

ed2b9de8f36895ff8e5324067c9a27a15ba63337c2a3232bd757863585507ef9

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .tstllc.net .aaa.com ama.ab.ca .amatravel.ca .atlantic.caa.ca .caamanitoba.com .caaneo.ca .caask.ca .caaniagara.ca *.caascotravel.com
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/trip/sKHVj7O3RAWhevDLVmXnGw/booking/W4AT5aogRY-bnf1SLkkj3w/terms?termsType=Cancellation&tst_email=confirmation&utm_source=conf_email&utm_medium=email&utm_campaign=car_insurance
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 22:58:44 GMT
content-encoding: gzip
content-security-policy: frame-ancestors 'self' *.tstllc.net *.aaa.com ama.ab.ca *.amatravel.ca *.atlantic.caa.ca *.caamanitoba.com *.caaneo.ca *.caask.ca *.caaniagara.ca *.caascotravel.com
last-modified: Fri, 09 Dec 2022 16:56:45 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-powered-by: Express
etag: W/"7a95-184f7d163e1"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=0
accept-ranges: bytes

GET
H2 200 legacy-confirmation-styles.css
travel.northeast.aaa.com/web-services/assets/resource/stylesheets/ 657 KB
329 KB 187ms
185ms Stylesheet
text/css 52.206.165.190
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://travel.northeast.aaa.com/web-services/assets/resource/stylesheets/legacy-confirmation-styles.css

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.206.165.190 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-206-165-190.compute-1.amazonaws.com

Software

/ Express

Resource Hash

1d32627006e0e63d706ca39ec8735807bc8f73946f38f4985740679edea22edd

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .tstllc.net .aaa.com ama.ab.ca .amatravel.ca .atlantic.caa.ca .caamanitoba.com .caaneo.ca .caask.ca .caaniagara.ca *.caascotravel.com
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/trip/sKHVj7O3RAWhevDLVmXnGw/booking/W4AT5aogRY-bnf1SLkkj3w/terms?termsType=Cancellation&tst_email=confirmation&utm_source=conf_email&utm_medium=email&utm_campaign=car_insurance
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 22:58:44 GMT
content-encoding: gzip
content-security-policy: frame-ancestors 'self' *.tstllc.net *.aaa.com ama.ab.ca *.amatravel.ca *.atlantic.caa.ca *.caamanitoba.com *.caaneo.ca *.caask.ca *.caaniagara.ca *.caascotravel.com
last-modified: Fri, 09 Dec 2022 16:56:45 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-powered-by: Express
etag: W/"a4449-184f7d163fd"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
cache-control: public, max-age=0
accept-ranges: bytes

GET
H2 200 legacy-confirmation-page-bundle.js Show response
travel.northeast.aaa.com/web-services/assets/resource/js/ 3 MB
849 KB 187ms
185ms Script
application/javascript 52.206.165.190
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://travel.northeast.aaa.com/web-services/assets/resource/js/legacy-confirmation-page-bundle.js

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.206.165.190 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-206-165-190.compute-1.amazonaws.com

Software

/ Express

Resource Hash

de1271b75470960be5b33d00f9264602eab356f0b86045292a33713d79d21a89

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .tstllc.net .aaa.com ama.ab.ca .amatravel.ca .atlantic.caa.ca .caamanitoba.com .caaneo.ca .caask.ca .caaniagara.ca *.caascotravel.com
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/trip/sKHVj7O3RAWhevDLVmXnGw/booking/W4AT5aogRY-bnf1SLkkj3w/terms?termsType=Cancellation&tst_email=confirmation&utm_source=conf_email&utm_medium=email&utm_campaign=car_insurance
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 22:58:44 GMT
content-encoding: gzip
content-security-policy: frame-ancestors 'self' *.tstllc.net *.aaa.com ama.ab.ca *.amatravel.ca *.atlantic.caa.ca *.caamanitoba.com *.caaneo.ca *.caask.ca *.caaniagara.ca *.caascotravel.com
last-modified: Fri, 09 Dec 2022 16:56:45 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-powered-by: Express
etag: W/"30b69e-184f7d163e1"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=0
accept-ranges: bytes

GET
H2 200 satelliteLib-eaeb14e639d9c16e6550a4be4dc38d49846c3e8f.js Show response
assets.adobedtm.com/c0e73f44ef33452babf4efe81baa1b482ed0ca98/ 609 KB
146 KB 98ms
14ms Script
application/x-javascript 2a02:26f0:3500:587::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/c0e73f44ef33452babf4efe81baa1b482ed0ca98/satelliteLib-eaeb14e639d9c16e6550a4be4dc38d49846c3e8f.js
Requested by: Host: travel.northeast.aaa.com
URL: https://travel.northeast.aaa.com/trip/sKHVj7O3RAWhevDLVmXnGw/booking/W4AT5aogRY-bnf1SLkkj3w/terms?termsType=Cancellation&tst_email=confirmation&utm_source=conf_email&utm_medium=email&utm_campaign=car_insurance
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:587::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 20e3f4b611985bd51b4f1c21b8a0eae79f221c770d2020025835976ad06263bd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 22:58:44 GMT
content-encoding: gzip
last-modified: Thu, 08 Dec 2022 18:13:45 GMT
server: AkamaiNetStorage
etag: "5c5fa11709b9f4028f8cfd021ee82c82:1670523225.164357"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://travel.northeast.aaa.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 149335
expires: Sun, 11 Dec 2022 23:58:44 GMT

GET
H2 403 remote_header.js
nm.northeast.aaa.com/assets/remote/js/ 0
0 53ms
8ms Script
text/html 45.60.154.98
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL: https://nm.northeast.aaa.com/assets/remote/js/remote_header.js
Requested by: Host: travel.northeast.aaa.com
URL: https://travel.northeast.aaa.com/trip/sKHVj7O3RAWhevDLVmXnGw/booking/W4AT5aogRY-bnf1SLkkj3w/terms?termsType=Cancellation&tst_email=confirmation&utm_source=conf_email&utm_medium=email&utm_campaign=car_insurance
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 45.60.154.98 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

GET
H2 403 remote_footer.js
nm.northeast.aaa.com/assets/remote/js/ 0
0 20ms
7ms Script
text/html 45.60.154.98
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL: https://nm.northeast.aaa.com/assets/remote/js/remote_footer.js
Requested by: Host: travel.northeast.aaa.com
URL: https://travel.northeast.aaa.com/trip/sKHVj7O3RAWhevDLVmXnGw/booking/W4AT5aogRY-bnf1SLkkj3w/terms?termsType=Cancellation&tst_email=confirmation&utm_source=conf_email&utm_medium=email&utm_campaign=car_insurance
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 45.60.154.98 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

GET
H2 200 0.css
travel.northeast.aaa.com/web-services/assets/resource/stylesheets/ 90 KB
44 KB 104ms
104ms Stylesheet
text/css 52.206.165.190
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://travel.northeast.aaa.com/web-services/assets/resource/stylesheets/0.css

Requested by

Host: travel.northeast.aaa.com
URL: https://travel.northeast.aaa.com/web-services/assets/resource/js/legacy-confirmation-page-bundle.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.206.165.190 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-206-165-190.compute-1.amazonaws.com

Software

/ Express

Resource Hash

901a3d923f29e1e5722d7978b88a487fe3e2b38f2870fb968a29f8df66e79122

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .tstllc.net .aaa.com ama.ab.ca .amatravel.ca .atlantic.caa.ca .caamanitoba.com .caaneo.ca .caask.ca .caaniagara.ca *.caascotravel.com
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/trip/sKHVj7O3RAWhevDLVmXnGw/booking/W4AT5aogRY-bnf1SLkkj3w/terms?termsType=Cancellation&tst_email=confirmation&utm_source=conf_email&utm_medium=email&utm_campaign=car_insurance
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 22:58:45 GMT
content-encoding: gzip
content-security-policy: frame-ancestors 'self' *.tstllc.net *.aaa.com ama.ab.ca *.amatravel.ca *.atlantic.caa.ca *.caamanitoba.com *.caaneo.ca *.caask.ca *.caaniagara.ca *.caascotravel.com
last-modified: Fri, 09 Dec 2022 16:56:45 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-powered-by: Express
etag: W/"1660c-184f7d163ed"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
cache-control: public, max-age=0
accept-ranges: bytes

GET
H2 200 0-chunk.js Show response
travel.northeast.aaa.com/web-services/assets/resource/js/chunk/ 4 MB
1 MB 104ms
104ms Script
application/javascript 52.206.165.190
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://travel.northeast.aaa.com/web-services/assets/resource/js/chunk/0-chunk.js

Requested by

Host: travel.northeast.aaa.com
URL: https://travel.northeast.aaa.com/web-services/assets/resource/js/legacy-confirmation-page-bundle.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.206.165.190 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-206-165-190.compute-1.amazonaws.com

Software

/ Express

Resource Hash

fe13408d11ff849139c4b0dc24d1d81714c47bdb2fe2a59f5b79d8c9c4052d6a

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .tstllc.net .aaa.com ama.ab.ca .amatravel.ca .atlantic.caa.ca .caamanitoba.com .caaneo.ca .caask.ca .caaniagara.ca *.caascotravel.com
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/trip/sKHVj7O3RAWhevDLVmXnGw/booking/W4AT5aogRY-bnf1SLkkj3w/terms?termsType=Cancellation&tst_email=confirmation&utm_source=conf_email&utm_medium=email&utm_campaign=car_insurance
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 22:58:45 GMT
content-encoding: gzip
content-security-policy: frame-ancestors 'self' *.tstllc.net *.aaa.com ama.ab.ca *.amatravel.ca *.atlantic.caa.ca *.caamanitoba.com *.caaneo.ca *.caask.ca *.caaniagara.ca *.caascotravel.com
last-modified: Fri, 09 Dec 2022 16:56:45 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-powered-by: Express
etag: W/"47602d-184f7d163dd"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=0
accept-ranges: bytes

GET
H2 404 fs.js
www.fullstory.com/s/ 0
0 91ms
8ms Script
text/html 2a05:d014:275:cb01:457d:6b8c:73fc:8f8f
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.fullstory.com/s/fs.js
Requested by: Host: travel.northeast.aaa.com
URL: https://travel.northeast.aaa.com/trip/sKHVj7O3RAWhevDLVmXnGw/booking/W4AT5aogRY-bnf1SLkkj3w/terms?termsType=Cancellation&tst_email=confirmation&utm_source=conf_email&utm_medium=email&utm_campaign=car_insurance
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a05:d014:275:cb01:457d:6b8c:73fc:8f8f Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

GET
H2 200 recorder.js Show response
rec.smartlook.com/ 3 KB
2 KB 52ms
6ms Script
application/javascript 2a02:6ea0:c700::10
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL

https://rec.smartlook.com/recorder.js

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6ea0:c700::10 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),

Reverse DNS

Software

CDN77-Turbo /

Resource Hash

bfb8e638fa9c13a763adec2844347c8e1d981ef2cfc6d4d8a87f63dc50164cb5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Sun, 11 Dec 2022 22:58:45 GMT
strict-transport-security: max-age=31536000
content-encoding: gzip
x-cache: HIT
x-77-cache: HIT
cross-origin-resource-policy: cross-origin
x-age: 59
x-77-nzt: Abk73BB1ZpX/OwAAAA
x-accel-expires: @1670800066
last-modified: Wed, 07 Dec 2022 08:57:17 GMT
server: CDN77-Turbo
etag: W/"6390556d-c4a"
x-77-nzt-ray: 90833930df67e5b9a5609663c6b67d1f
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=600

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 28ms
6ms Script
text/javascript 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

b42e4a056cb5b80c5a315040826866445ec9332f0749e184509ab2d9d3b86719

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Sun, 11 Dec 2022 21:15:46 GMT
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
server: Golfe2
age: 6179
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20039
expires: Sun, 11 Dec 2022 23:15:46 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 456 KB
102 KB 38ms
17ms Script
application/javascript 2a00:1450:4001:830::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-W79ZLQ

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

3ec7b84a1af39ad65429033a0cac2eecbaccaa0e26867bf872f30246cdd5b0ab

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 22:58:45 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 103496
x-xss-protection: 0
last-modified: Sun, 11 Dec 2022 21:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sun, 11 Dec 2022 22:58:45 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 515 KB
113 KB 43ms
22ms Script
application/javascript 2a00:1450:4001:830::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-T6BPC96

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

add125c2dcbd3b6ded8d012a410b6475da2ce9962ca7e380ac5a4f9effdcb954

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 22:58:45 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 115322
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sun, 11 Dec 2022 22:58:45 GMT

GET
H/1.1 200
OK id Show response
dpm.demdex.net/ 5 KB
2 KB 167ms
34ms XHR
application/json 52.19.242.51
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://dpm.demdex.net/id?d_visid_ver=5.5.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=F5237FF958248ED40A495E58%40AdobeOrg&d_nsid=0&ts=1670799525497

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/c0e73f44ef33452babf4efe81baa1b482ed0ca98/satelliteLib-eaeb14e639d9c16e6550a4be4dc38d49846c3e8f.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.19.242.51 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-19-242-51.eu-west-1.compute.amazonaws.com

Software

Resource Hash

1b3537a975f28b8b80f0cd1b3fe890c99b47d68c0505cdca652fd7f39de62231

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://travel.northeast.aaa.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

DCS: dcs-prod-irl1-2-v045-08dd6474c.edge-irl1.demdex.com 3 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-TID: 9mS25NyJSzw=
Vary: Origin
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin: https://travel.northeast.aaa.com
Content-Type: application/json;charset=utf-8
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 1674
Expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H2 200 AppMeasurement.min.js Show response
assets.adobedtm.com/extensions/EPbf7b42aa08bc4f10879b1484195e80d1/ 34 KB
12 KB 15ms
15ms Script
application/x-javascript 2a02:26f0:3500:587::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/extensions/EPbf7b42aa08bc4f10879b1484195e80d1/AppMeasurement.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/c0e73f44ef33452babf4efe81baa1b482ed0ca98/satelliteLib-eaeb14e639d9c16e6550a4be4dc38d49846c3e8f.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:587::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: d6d01246a30e9d483531c27721f73f266fa4af35effdb21683ac02a620ab8aaf

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 22:58:45 GMT
content-encoding: gzip
last-modified: Thu, 22 Sep 2022 16:16:49 GMT
server: AkamaiNetStorage
etag: "dfdd9e1f988805f0c2fbb10cd6b8f034:1663863409.614694"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://travel.northeast.aaa.com
cache-control: no-cache
accept-ranges: bytes
timing-allow-origin: *
content-length: 12384
expires: Sun, 11 Dec 2022 23:58:45 GMT

GET
H2 200 AppMeasurement_Module_ActivityMap.min.js Show response
assets.adobedtm.com/extensions/EPbf7b42aa08bc4f10879b1484195e80d1/ 3 KB
2 KB 16ms
16ms Script
application/x-javascript 2a02:26f0:3500:587::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/extensions/EPbf7b42aa08bc4f10879b1484195e80d1/AppMeasurement_Module_ActivityMap.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/c0e73f44ef33452babf4efe81baa1b482ed0ca98/satelliteLib-eaeb14e639d9c16e6550a4be4dc38d49846c3e8f.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:587::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 78c1c1baf0d964522f8afab09cfc754685c1648826a7f9967fd52b774b4ec5aa

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 22:58:45 GMT
content-encoding: gzip
last-modified: Thu, 22 Sep 2022 16:16:49 GMT
server: AkamaiNetStorage
etag: "b89fcb8870ac40eecb6d3cc844d35389:1663863409.92483"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://travel.northeast.aaa.com
cache-control: no-cache
accept-ranges: bytes
timing-allow-origin: *
content-length: 1598
expires: Sun, 11 Dec 2022 23:58:45 GMT

GET
H2 200 AppMeasurement_Module_AudienceManagement.min.js Show response
assets.adobedtm.com/extensions/EPbf7b42aa08bc4f10879b1484195e80d1/ 25 KB
9 KB 16ms
15ms Script
application/x-javascript 2a02:26f0:3500:587::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/extensions/EPbf7b42aa08bc4f10879b1484195e80d1/AppMeasurement_Module_AudienceManagement.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/c0e73f44ef33452babf4efe81baa1b482ed0ca98/satelliteLib-eaeb14e639d9c16e6550a4be4dc38d49846c3e8f.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:587::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: b01bd01687b15585b2740273c8c3c6674dd9f559cfe52eeffdf43b1f93a12d05

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 22:58:45 GMT
content-encoding: gzip
last-modified: Thu, 22 Sep 2022 16:16:50 GMT
server: AkamaiNetStorage
etag: "d220d501715e0484d0dddeac614f902c:1663863410.217006"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://travel.northeast.aaa.com
cache-control: no-cache
accept-ranges: bytes
timing-allow-origin: *
content-length: 8755
expires: Sun, 11 Dec 2022 23:58:45 GMT

GET
H2 200 i.js Show response
tag.wknd.ai/3328/ 10 KB
4 KB 59ms
8ms Script
text/plain 34.120.253.250
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://tag.wknd.ai/3328/i.js
Requested by: Host: travel.northeast.aaa.com
URL: https://travel.northeast.aaa.com/trip/sKHVj7O3RAWhevDLVmXnGw/booking/W4AT5aogRY-bnf1SLkkj3w/terms?termsType=Cancellation&tst_email=confirmation&utm_source=conf_email&utm_medium=email&utm_campaign=car_insurance
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.120.253.250 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 250.253.120.34.bc.googleusercontent.com
Software: istio-envoy /
Resource Hash: 2c08fa37317725e886f3c0e0107acd19ebd91ced8d186733927ebf82ae5a2cd8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 22:58:40 GMT
content-encoding: gzip
via: 1.1 google
age: 5
x-envoy-upstream-service-time: 0
x-region: us-central1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3730
server: istio-envoy
etag: 499df1550c4d8b
vary: Accept-Encoding
content-type: text/plain; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=60
timing-allow-origin: *
link: <https://assets.bounceexchange.com>; rel=dns-prefetch, <https://events.bouncex.net>; rel=dns-prefetch, <https://data.cdnbasket.net>; rel=dns-prefetch, <https://page.cdnbasket.net>; rel=dns-prefetch, <https://view.cdnbasket.net>; rel=dns-prefetch, <https://ids.cdnwidget.com>; rel=dns-prefetch, <https://u.cdnwidget.com>; rel=dns-prefetch, <https://pix.cdnwidget.com>; rel=dns-prefetch, <https://api.bounceexchange.com>; rel=preconnect, <https://pd.cdnwidget.com>; rel=preconnect

GET
H/1.1 200
OK bugsnag.min.js Show response
d2wy8f7a9ursnm.cloudfront.net/v7/ 42 KB
43 KB 56ms
16ms Script
application/javascript 65.9.84.142
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d2wy8f7a9ursnm.cloudfront.net/v7/bugsnag.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/c0e73f44ef33452babf4efe81baa1b482ed0ca98/satelliteLib-eaeb14e639d9c16e6550a4be4dc38d49846c3e8f.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.84.142 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-84-142.ams1.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 71a980fae18c2c5ab33f47cbac734ab86aaa815e0325ce68be34ccd55b04cfb9

Request headers

Referer: https://travel.northeast.aaa.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

Date: Fri, 09 Dec 2022 06:41:14 GMT
x-amz-version-id: null
Via: 1.1 254622ebfed5feb6e2d8380b3f9c4c10.cloudfront.net (CloudFront)
Last-Modified: Thu, 22 Sep 2022 18:32:16 GMT
Server: AmazonS3
X-Amz-Cf-Pop: AMS1-C1
Age: 231452
ETag: "b573ad919b015dde79c3274356ad9d47"
X-Cache: Hit from cloudfront
Content-Type: application/javascript; charset=UTF-8
Cache-Control: public, max-age=315360000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 43193
X-Amz-Cf-Id: Q5tMEq52a0eUH-wlvsUiVlILLY_MIbzhJaTwn-NzwSJ09LYrJuBLog==

GET
H/1.1 200
OK last-event-tag-latest.min.js Show response
www.everestjs.net/static/le/ 7 KB
3 KB 51ms
9ms Script
application/javascript 104.109.94.223
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://www.everestjs.net/static/le/last-event-tag-latest.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/c0e73f44ef33452babf4efe81baa1b482ed0ca98/satelliteLib-eaeb14e639d9c16e6550a4be4dc38d49846c3e8f.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.109.94.223 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-109-94-223.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: abb45ae4b3a896ae99132c1786a9676218c119ea552d3fbb5ab6d40d9e05e43c

Request headers

Referer: https://travel.northeast.aaa.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

x-amz-version-id: null
Content-Encoding: gzip
Date: Sun, 11 Dec 2022 22:58:45 GMT
Last-Modified: Wed, 16 Jun 2021 15:18:41 GMT
Server: AmazonS3
x-amz-request-id: 4G7M1MKPZ7WB9YZA
ETag: "d5991c18a0042eb33f92c6b5b44ffe8d"
Vary: Accept-Encoding
Content-Type: application/javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2663
x-amz-id-2: 7u2NvEB91DnFUCR7sY34mRpitTQultuYG86bxxgL9TQDTRcumKn5XPtP0ifoW99rcUWulzQdbXY=

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 179 KB
65 KB 21ms
20ms Script
application/javascript 2a00:1450:4001:830::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-1063159333

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/c0e73f44ef33452babf4efe81baa1b482ed0ca98/satelliteLib-eaeb14e639d9c16e6550a4be4dc38d49846c3e8f.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

e4b76461af43a57be9f4a7350190ee08ef3ffc8746c595fc4c233d921bb2dee0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 22:58:45 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 66886
x-xss-protection: 0
last-modified: Sun, 11 Dec 2022 21:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sun, 11 Dec 2022 22:58:45 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 110 KB
43 KB 22ms
20ms Script
application/javascript 2a00:1450:4001:830::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=DC-8520721

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/c0e73f44ef33452babf4efe81baa1b482ed0ca98/satelliteLib-eaeb14e639d9c16e6550a4be4dc38d49846c3e8f.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

80dbd4b85581d9ce9d4a46216870bb86cdb7ddb8f53e41e03a653467543e48ed

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 22:58:45 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44101
x-xss-protection: 0
last-modified: Sun, 11 Dec 2022 21:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sun, 11 Dec 2022 22:58:45 GMT

GET
DATA 200
OK truncated
/ 15 KB
15 KB Font
font/opentype

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bb2e1a97e3bc84334fa38904266d7ef01dc9407e17b3fcf54ea4a8ecbf494abf

Request headers

Referer
Origin: https://travel.northeast.aaa.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Content-Type: font/opentype

GET
H2 200 AAA_ForeSeeAPI.js Show response
www.aaa.com/configuration/ 5 KB
2 KB 49ms
9ms Script
application/x-javascript 45.60.64.121
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL: https://www.aaa.com/configuration/AAA_ForeSeeAPI.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/c0e73f44ef33452babf4efe81baa1b482ed0ca98/satelliteLib-eaeb14e639d9c16e6550a4be4dc38d49846c3e8f.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 45.60.64.121 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software: /
Resource Hash: 15f1fde7deb1f2cfecb62abe9d99d230384ecbb429e962bd449f4259e64fbec6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 22:58:45 GMT
content-encoding: gzip
last-modified: Thu, 31 Oct 2019 18:48:40 GMT
x-cdn: Imperva
etag: "c886fecf1b90d51:0"
content-type: application/x-javascript
x-iinfo: 5-395578755-0 0CNN RT(1670799525523 11) q(0 -1 -1 0) r(0 -1)
cache-control: max-age=3791, public
content-length: 2003
expires: Mon, 12 Dec 2022 00:01:56 GMT

GET
H2 200 AAA_ActionTags.js Show response
www.aaa.com/configuration/SEM/ 55 KB
14 KB 50ms
10ms Script
application/x-javascript 45.60.64.121
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL: https://www.aaa.com/configuration/SEM/AAA_ActionTags.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/c0e73f44ef33452babf4efe81baa1b482ed0ca98/satelliteLib-eaeb14e639d9c16e6550a4be4dc38d49846c3e8f.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 45.60.64.121 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software: /
Resource Hash: 7fde221486c3e05f825980fec689e0671182230722188921d256b58a7383d9cb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 22:58:45 GMT
content-encoding: gzip
last-modified: Tue, 09 Jul 2019 18:06:54 GMT
x-cdn: Imperva
etag: "facf8178136d51:0"
content-type: application/x-javascript
x-iinfo: 5-395578755-0 0CNN RT(1670799525523 12) q(0 -1 -1 3) r(0 -1)
cache-control: max-age=633, public
content-length: 14094
expires: Sun, 11 Dec 2022 23:09:18 GMT

GET
H2 200 dm_gtm.js Show response
www.aaa.com/aaa/common/javascripts/ 1 KB
1 KB 55ms
15ms Script
application/x-javascript 45.60.64.121
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL: https://www.aaa.com/aaa/common/javascripts/dm_gtm.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/c0e73f44ef33452babf4efe81baa1b482ed0ca98/satelliteLib-eaeb14e639d9c16e6550a4be4dc38d49846c3e8f.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 45.60.64.121 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software: /
Resource Hash: 059d3c257d61801506bdc30c1cfcc61fbdf4c5c94a4163bc0c62ee153253b609

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 22:58:45 GMT
content-encoding: gzip
last-modified: Mon, 07 Jan 2019 21:13:43 GMT
x-cdn: Imperva
etag: "585c9fdecda6d41:0"
content-type: application/x-javascript
x-iinfo: 5-395578755-0 0cNN RT(1670799525523 16) q(0 -1 -1 -1) r(0 -1)
cache-control: max-age=3600, public
content-length: 884
expires: Sun, 11 Dec 2022 23:58:45 GMT

GET
H2 200 dcs_partnerTag.js Show response
www.aaa.com/configuration/ 33 KB
11 KB 55ms
16ms Script
application/x-javascript 45.60.64.121
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL: https://www.aaa.com/configuration/dcs_partnerTag.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/c0e73f44ef33452babf4efe81baa1b482ed0ca98/satelliteLib-eaeb14e639d9c16e6550a4be4dc38d49846c3e8f.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 45.60.64.121 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software: /
Resource Hash: aaed9dc3a855f5067df7cde88c06ca9ed9de210dfadfaf3f4b49b58ca40df292

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 22:58:45 GMT
content-encoding: gzip
last-modified: Wed, 17 Mar 2021 22:06:38 GMT
x-cdn: Imperva
etag: "c0828bcd791bd71:0"
content-type: application/x-javascript
x-iinfo: 5-395578755-395575828 2CNN RT(1670799525523 15) q(0 0 0 -1) r(0 0)
cache-control: max-age=3791, public
content-length: 11113
expires: Mon, 12 Dec 2022 00:01:56 GMT

GET
H2 200 jquery-2.2.4.min.js Show response
code.jquery.com/ 84 KB
29 KB 62ms
22ms Script
application/javascript 2001:4de0:ac18::1:a:2b
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-2.2.4.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/c0e73f44ef33452babf4efe81baa1b482ed0ca98/satelliteLib-eaeb14e639d9c16e6550a4be4dc38d49846c3e8f.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4de0:ac18::1:a:2b , Netherlands, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software: nginx /
Resource Hash: 05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e

Request headers

Referer: https://travel.northeast.aaa.com/
Origin: https://travel.northeast.aaa.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date: Sun, 11 Dec 2022 22:58:45 GMT
content-encoding: gzip
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
server: nginx
etag: W/"28feccc0-14e4a"
vary: Accept-Encoding
x-hw: 1670799525.dop218.fr8.t,1670799525.cds264.fr8.hn,1670799525.cds140.fr8.c
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=315360000, public
accept-ranges: bytes
content-length: 29811

GET
H2 200 init.9f9eccdc0bb055a30c0f.js Show response
rec.smartlook.com/es6/ 53 KB
15 KB 28ms
9ms Script
application/javascript 2a02:6ea0:c700::10
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL

https://rec.smartlook.com/es6/init.9f9eccdc0bb055a30c0f.js

Requested by

Host: rec.smartlook.com
URL: https://rec.smartlook.com/recorder.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6ea0:c700::10 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),

Reverse DNS

Software

CDN77-Turbo /

Resource Hash

759ba85ad57a23f5988379b328676c38641d8565db9244f2a0c6856bf330c540

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://travel.northeast.aaa.com/
Origin: https://travel.northeast.aaa.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Sun, 11 Dec 2022 22:58:45 GMT
strict-transport-security: max-age=31536000
content-encoding: gzip
x-cache: HIT
x-77-cache: HIT
cross-origin-resource-policy: cross-origin
x-age: 382932
x-77-nzt: Abk73BAuZBv/1NcFAA
x-accel-expires: @1701952593
last-modified: Wed, 07 Dec 2022 08:57:17 GMT
server: CDN77-Turbo
etag: W/"6390556d-d4c1"
x-77-nzt-ray: 908339307769ffbaa5609663105c2224
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000, immutable

GET
H/1.1 200
OK ProximaNovaSemibold.woff2
s3.amazonaws.com/tstllc-assets/fonts/proxima-nova/ProximaNova-Semibold/ 17 KB
18 KB 326ms
125ms Font
binary/octet-stream 54.231.204.104
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s3.amazonaws.com/tstllc-assets/fonts/proxima-nova/ProximaNova-Semibold/ProximaNovaSemibold.woff2
Requested by: Host: s3.amazonaws.com
URL: https://s3.amazonaws.com/tstllc-assets/fonts/proxima-nova/proxima-nova.min.css
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.231.204.104 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-1.amazonaws.com
Software: AmazonS3 /
Resource Hash: f529cf4430e32ae0b07d7d606ca1043e8cd9ebb9476456589578a299bad459bd

Request headers

Referer: https://s3.amazonaws.com/tstllc-assets/fonts/proxima-nova/proxima-nova.min.css
Origin: https://travel.northeast.aaa.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Date: Sun, 11 Dec 2022 22:58:46 GMT
x-amz-version-id: null
Last-Modified: Tue, 18 Sep 2018 14:07:12 GMT
Server: AmazonS3
x-amz-request-id: 4P9H5GVM22P1JDND
ETag: "e0642ce0df568ffbe72cafaf526fea41"
Access-Control-Max-Age: 3000
Vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
Access-Control-Allow-Methods: GET, HEAD
Access-Control-Allow-Origin: *
Content-Type: binary/octet-stream
Accept-Ranges: bytes
Content-Length: 17512
x-amz-id-2: vtRSifW/xQSzTYhR8R8Zm9bapzHmZl8OQykVO3J6E5JAXms2EHWDv51mDdWRC2+JCz29EGfIHvs=

POST
H3 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 28ms
14ms XHR
text/plain 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j98&a=145269316&t=pageview&_s=1&dl=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FsKHVj7O3RAWhevDLVmXnGw%2Fbooking%2FW4AT5aogRY-bnf1SLkkj3w%2Fterms%3FtermsType%3DCancellation%26tst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dcar_insurance&dp=%2Ftrip%2FsKHVj7O3RAWhevDLVmXnGw%2Fbooking%2FW4AT5aogRY-bnf1SLkkj3w%2Fterms&ul=en-us&de=UTF-8&dt=Cancellation%20Terms&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aEDAAEABAAAAACAEK~&jid=711154242&gjid=12934123&cid=2015723410.1670799526&tid=UA-55392727-1&_gid=1384306846.1670799526&_r=1&gtm=2wgbu0W79ZLQ&cd1=customer&cd2=ea0e35fb-c52b-4c57-b9b5-78105f774e2d&cd11=2022-12-11T22%3A58%3A45%2B00%3A00&cd13=333512147.1670799525293&cd9=2015723410.1670799526&z=386150111

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://travel.northeast.aaa.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 22:58:45 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://travel.northeast.aaa.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 224 KB
77 KB 16ms
15ms Script
application/javascript 2a00:1450:4001:830::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-65YG7JM4M0&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-W79ZLQ

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

1d8e7da69538f691fd8b10d250d68a1bdea882a7010c1175233a26a0acd319af

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 22:58:45 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 78976
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sun, 11 Dec 2022 22:58:45 GMT

POST
H3 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 14ms
13ms XHR
text/plain 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j98&a=145269316&t=pageview&_s=1&dl=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FsKHVj7O3RAWhevDLVmXnGw%2Fbooking%2FW4AT5aogRY-bnf1SLkkj3w%2Fterms%3FtermsType%3DCancellation%26tst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dcar_insurance&ul=en-us&de=UTF-8&dt=Cancellation%20Terms&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aEHAAEABAAAAACAEK~&jid=773891103&gjid=397110452&cid=2015723410.1670799526&tid=UA-96133587-4&_gid=1384306846.1670799526&_r=1&gtm=2wgbu0T6BPC96&cd1=000&cd2=Travel&cd3=TST&cd108=travel.northeast.aaa.com%2Ftrip%2FsKHVj7O3RAWhevDLVmXnGw%2Fbooking%2FW4AT5aogRY-bnf1SLkkj3w%2Fterms&cd109=&cd111=&cd156=333512147.1670799525293&cd161=Not%20Collected&z=1521122574

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://travel.northeast.aaa.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 22:58:45 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://travel.northeast.aaa.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

OPTIONS
H2 200 /
sessions.bugsnag.com/ Frame 0
0 180ms
149ms Preflight 2600:1901:0:7a0b::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://sessions.bugsnag.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:1901:0:7a0b:: Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: bugsnag-api-key,bugsnag-payload-version,bugsnag-sent-at,content-type
Access-Control-Request-Method: POST
Origin: https://travel.northeast.aaa.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

access-control-allow-headers: Origin, Content-Type, Accept, Authorization, User-Agent, Referer, X-Forwarded-For, Bugsnag-Api-Key, Bugsnag-Payload-Version, Bugsnag-Sent-At
access-control-allow-methods: POST
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
date: Sun, 11 Dec 2022 22:58:45 GMT
via: 1.1 google

POST
H3 202 / Show response
sessions.bugsnag.com/ 21 B
35 B 164ms
148ms XHR
application/json 2600:1901:0:7a0b::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://sessions.bugsnag.com/
Requested by: Host: d2wy8f7a9ursnm.cloudfront.net
URL: https://d2wy8f7a9ursnm.cloudfront.net/v7/bugsnag.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2600:1901:0:7a0b:: Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: 0ba7c0356149946bf0642fab4ef85b95e7090f6f785d0fb84323d0c442e5190a

Request headers

Bugsnag-Payload-Version: 1
Referer: https://travel.northeast.aaa.com/
Bugsnag-Sent-At: 2022-12-11T22:58:45.708Z
accept-language: de-DE,de;q=0.9
Bugsnag-Api-Key: 36d1a525468562b55876a446329823be
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
Content-Type: application/json

Response headers

access-control-allow-origin: *
date: Sun, 11 Dec 2022 22:58:45 GMT
via: 1.1 google
bugsnag-session-uuid: 558eda3f-a036-4fd1-bd3f-909d72e6c49b
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 21
content-type: application/json

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 179 KB
65 KB 32ms
32ms Script
application/javascript 2a00:1450:4001:830::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-1063159333&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-W79ZLQ

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

049af8d4c9e915e067e240d1b9daa0d62fa5eb81b0cc6eda1232bdd9d6bb0fff

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 22:58:45 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 66896
x-xss-protection: 0
last-modified: Sun, 11 Dec 2022 21:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sun, 11 Dec 2022 22:58:45 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 179 KB
65 KB 17ms
16ms Script
application/javascript 2a00:1450:4001:830::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-748297981&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-W79ZLQ

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

454cca862a8d251fb362a81bef997a828e40f2111e70fee4d41d013e07bf0004

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 22:58:45 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 66916
x-xss-protection: 0
last-modified: Sun, 11 Dec 2022 21:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sun, 11 Dec 2022 22:58:45 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 111 KB
43 KB 25ms
25ms Script
application/javascript 2a00:1450:4001:830::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=DC-8520721&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-W79ZLQ

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

5f3299073a3b26f99e0bd20c96a305544ef493129597a19084c37b201960f913

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 22:58:45 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44116
x-xss-protection: 0
last-modified: Sun, 11 Dec 2022 21:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sun, 11 Dec 2022 22:58:45 GMT

GET
H/1.1 200
OK dest5.html Show response
aaanortheast.demdex.net/ Frame B7C0 7 KB
3 KB 149ms
31ms Document
text/html 52.30.252.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://aaanortheast.demdex.net/dest5.html?d_nsid=0

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/c0e73f44ef33452babf4efe81baa1b482ed0ca98/satelliteLib-eaeb14e639d9c16e6550a4be4dc38d49846c3e8f.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.30.252.118 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-30-252-118.eu-west-1.compute.amazonaws.com

Software

Resource Hash

7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://travel.northeast.aaa.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Type: text/html;charset=UTF-8
DCS: dcs-prod-irl1-2-v045-0a4852727.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: Sk4XCn/rTeI=
content-encoding: gzip
date: Sun, 11 Dec 2022 22:58:45 GMT
last-modified: Fri, 28 Oct 2022 11:22:24 GMT
transfer-encoding: chunked
vary: accept-encoding

GET
H2 200 id Show response
mcdmetrics.aaa.com/ 48 B
462 B 82ms
17ms XHR
application/x-javascript 15.188.95.229
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://mcdmetrics.aaa.com/id?d_visid_ver=5.5.0&d_fieldgroup=A&mcorgid=F5237FF958248ED40A495E58%40AdobeOrg&mid=47931785966569313703413226449334427480&ts=1670799525720

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/c0e73f44ef33452babf4efe81baa1b482ed0ca98/satelliteLib-eaeb14e639d9c16e6550a4be4dc38d49846c3e8f.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

15.188.95.229 Paris, France, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-15-188-95-229.eu-west-3.compute.amazonaws.com

Software

jag /

Resource Hash

b3110fc9df9dae061fac56de0ae388c60edb28ac3b5a17b32b85c96dbab235ec

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://travel.northeast.aaa.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Sun, 11 Dec 2022 22:58:45 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
server: jag
vary: Origin
content-type: application/x-javascript;charset=utf-8
access-control-allow-origin: https://travel.northeast.aaa.com
p3p: CP="This is not a P3P policy"
cache-control: no-cache, no-store, max-age=0, no-transform, private
access-control-allow-credentials: true
content-length: 48
x-xss-protection: 1; mode=block

GET
H2 200 / Show response
lasteventf-tm.everesttech.net/ 0
218 B 56ms
6ms XHR
text/plain 151.101.194.49
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://lasteventf-tm.everesttech.net/?_les_imsOrgId=F5237FF958248ED40A495E58@AdobeOrg&_les_sdid=0755E946199F4D1B-2620370947686BF7&_les_last_search_click=&_les_rsid=aaanortheastprod&_les_mid=47931785966569313703413226449334427480&_les_url=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FsKHVj7O3RAWhevDLVmXnGw%2Fbooking%2FW4AT5aogRY-bnf1SLkkj3w%2Fterms%3FtermsType%3DCancellation%26tst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dcar_insurance
Requested by: Host: www.everestjs.net
URL: https://www.everestjs.net/static/le/last-event-tag-latest.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.194.49 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: Varnish /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

x-cache-hits: 0
date: Sun, 11 Dec 2022 22:58:45 GMT
via: 1.1 varnish
server: Varnish
x-timer: S1670799526.772964,VS0,VE0
x-cache: MISS
content-type: text/plain
access-control-allow-origin: https://travel.northeast.aaa.com
access-control-allow-credentials: true
accept-ranges: bytes
content-length: 0
retry-after: 0
x-served-by: cache-hhn-etou8220075-HHN

GET
H/1.1

200
OK

ibs:dpid=411&dpuuid=Y5ZgpQAAABvXZgOJ
dpm.demdex.net/
Redirect Chain

https://cm.everesttech.net/cm/dd?d_uuid=47709484121795006523454029584194499358
https://dpm.demdex.net/ibs:dpid=411&dpuuid=Y5ZgpQAAABvXZgOJ

42 B
942 B

34ms
33ms

Image
image/gif

52.19.242.51
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=411&dpuuid=Y5ZgpQAAABvXZgOJ

Requested by

Protocol

HTTP/1.1

Server

52.19.242.51 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-19-242-51.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

DCS: dcs-prod-irl1-1-v045-0a888e68a.edge-irl1.demdex.com 2 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: ojGWwOnSRWE=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Content-Type: image/gif
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

Location: https://dpm.demdex.net/ibs:dpid=411&dpuuid=Y5ZgpQAAABvXZgOJ
Date: Sun, 11 Dec 2022 22:58:45 GMT
Cache-Control: no-cache
Server: AMO-cookiemap/1.1
Connection: keep-alive
Content-Length: 0
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"

GET
H2 200 json Show response
mcdmetrics2.aaa.com/m2/aaanortheast/mbox/ 96 B
750 B 144ms
52ms XHR
application/json 3.248.2.215
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://mcdmetrics2.aaa.com/m2/aaanortheast/mbox/json?mbox=target-global-mbox&mboxSession=1f946109cb714bea8f1ff72cedd00001&mboxPC=&mboxPage=f895cc92a3f84c0ea35f8d6d8c0a4d41&mboxRid=66f238fbe416420b8194c56521bfc490&mboxVersion=1.8.3&mboxCount=1&mboxTime=1670799525555&mboxHost=travel.northeast.aaa.com&mboxURL=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FsKHVj7O3RAWhevDLVmXnGw%2Fbooking%2FW4AT5aogRY-bnf1SLkkj3w%2Fterms%3FtermsType%3DCancellation%26tst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dcar_insurance&mboxReferrer=&mboxXDomain=enabled&browserHeight=1200&browserWidth=1600&browserTimeOffset=0&screenHeight=1200&screenWidth=1600&colorDepth=24&devicePixelRatio=1&screenOrientation=landscape&webGLRenderer=Intel%20Iris%20OpenGL%20Engine&mboxMCSDID=0755E946199F4D1B-2620370947686BF7&vst.trk=mcdmetric.aaa.com&vst.trks=mcdmetrics.aaa.com&mboxMCGVID=47931785966569313703413226449334427480&mboxAAMB=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&mboxMCGLH=6
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/c0e73f44ef33452babf4efe81baa1b482ed0ca98/satelliteLib-eaeb14e639d9c16e6550a4be4dc38d49846c3e8f.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.248.2.215 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-248-2-215.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 06a3a5c39a7e5da85d55747221d540e0650333d0fec26796d6c702bf9d2dc4ca

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 22:58:45 GMT
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
p3p: CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
access-control-allow-origin: https://travel.northeast.aaa.com
content-type: application/json;charset=UTF-8
cache-control: no-cache
access-control-allow-credentials: true
timing-allow-origin: *
content-length: 96
x-request-id: 66f238fbe416420b8194c56521bfc490

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
448 B 65ms
20ms XHR
text/plain 2a00:1450:400c:c00::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-55392727-1&cid=2015723410.1670799526&jid=711154242&gjid=12934123&_gid=1384306846.1670799526&_u=aEDAAEAAAAAAACAEK~&z=599420690

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c00::9c Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://travel.northeast.aaa.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Sun, 11 Dec 2022 22:58:45 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://travel.northeast.aaa.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK ProximaNovaRegular.woff2
s3.amazonaws.com/tstllc-assets/fonts/proxima-nova/ProximaNova-Regular/ 17 KB
18 KB 319ms
123ms Font
binary/octet-stream 54.231.204.104
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s3.amazonaws.com/tstllc-assets/fonts/proxima-nova/ProximaNova-Regular/ProximaNovaRegular.woff2
Requested by: Host: s3.amazonaws.com
URL: https://s3.amazonaws.com/tstllc-assets/fonts/proxima-nova/proxima-nova.min.css
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.231.204.104 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-1.amazonaws.com
Software: AmazonS3 /
Resource Hash: fd9044a309ef7d51ad98d6a471d5ba00af04478843631e0cf5e2bfc36b509c2c

Request headers

Referer: https://s3.amazonaws.com/tstllc-assets/fonts/proxima-nova/proxima-nova.min.css
Origin: https://travel.northeast.aaa.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Date: Sun, 11 Dec 2022 22:58:46 GMT
x-amz-version-id: null
Last-Modified: Tue, 18 Sep 2018 14:07:11 GMT
Server: AmazonS3
x-amz-request-id: 4P9NSHZXP6V1HPC7
ETag: "1c43f9c5378fbcf84333719c88c6b0e0"
Access-Control-Max-Age: 3000
Vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
Access-Control-Allow-Methods: GET, HEAD
Access-Control-Allow-Origin: *
Content-Type: binary/octet-stream
Accept-Ranges: bytes
Content-Length: 17728
x-amz-id-2: CYAjLvKV5r09qDKqyyns9v2NkXZDOlzPL+OaDD5GDj5WQRS3+/+OUgAVcX8KRdK51Ds/yRAxQFA=

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/1063159333/ 2 KB
2 KB 74ms
53ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1063159333/?random=1670799525770&cv=11&fst=1670799525770&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1600&u_h=1200&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FsKHVj7O3RAWhevDLVmXnGw%2Fbooking%2FW4AT5aogRY-bnf1SLkkj3w%2Fterms%3FtermsType%3DCancellation%26tst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dcar_insurance&tiba=Cancellation%20Terms&auid=1617345795.1670799526&uaw=0&data=event%3Dgtag.config&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-1063159333

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4192a43fdcfdaac2e7da9e0f05f75e5fbe7068288aa6f7fa515de9ad54fc16f1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 22:58:45 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 988
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 inspectlet.js Show response
cdn.inspectlet.com/ 188 KB
62 KB 705ms
677ms Script
text/javascript 2606:4700:10::ac43:aac
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.inspectlet.com/inspectlet.js?wid=801161170&r=464110
Requested by: Host: travel.northeast.aaa.com
URL: https://travel.northeast.aaa.com/trip/sKHVj7O3RAWhevDLVmXnGw/booking/W4AT5aogRY-bnf1SLkkj3w/terms?termsType=Cancellation&tst_email=confirmation&utm_source=conf_email&utm_medium=email&utm_campaign=car_insurance
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:aac , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5d554121551df68e414c85920b6541d2e92251a189ff19a4b1f8dffe97ce1cb5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 22:58:46 GMT
via: 1.1 vegur
content-encoding: gzip
cf-cache-status: EXPIRED
last-modified: Sun, 11 Dec 2022 22:26:48 GMT
server: cloudflare
vary: Accept-Encoding
content-type: text/javascript;charset=UTF-8
cache-control: s-maxage=60, max-age=14400
cf-ray: 7781d3ac69989bdd-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

POST
H3 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
25 B 59ms
20ms XHR
text/plain 2a00:1450:400c:c00::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-96133587-4&cid=2015723410.1670799526&jid=773891103&gjid=397110452&_gid=1384306846.1670799526&_u=aEHAAEABAAAAACAEK~&z=346579802

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400c:c00::9c Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://travel.northeast.aaa.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Sun, 11 Dec 2022 22:58:45 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://travel.northeast.aaa.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
501 B 41ms
18ms Image
image/gif 2a00:1450:4001:803::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-55392727-1&cid=2015723410.1670799526&jid=711154242&_u=aEDAAEAAAAAAACAEK~&z=1103239877

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 22:58:45 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
501 B 40ms
16ms Image
image/gif 2a00:1450:4001:806::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-55392727-1&cid=2015723410.1670799526&jid=711154242&_u=aEDAAEAAAAAAACAEK~&z=1103239877

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 22:58:45 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/748297981/ 2 KB
1 KB 24ms
24ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/748297981/?random=1670799525834&cv=11&fst=1670799525834&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1600&u_h=1200&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FsKHVj7O3RAWhevDLVmXnGw%2Fbooking%2FW4AT5aogRY-bnf1SLkkj3w%2Fterms%3FtermsType%3DCancellation%26tst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dcar_insurance&tiba=Cancellation%20Terms&auid=1617345795.1670799526&uaw=0&data=event%3Dgtag.config&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-748297981&l=dataLayer&cx=c

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0015720d31024135ff3d4bbd3ddcf3e876d1dc82f3aee89ce6b5232f8a99caef

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 22:58:45 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 986
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 103 KB
28 KB 30ms
9ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

737be8d2a2db4d729155190f62d3b1f656cdaec35b42b59eeeda3043246a50cd

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Sun, 11 Dec 2022 22:58:45 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 27317
x-fb-rlafr: 0
x-xss-protection: 0
pragma: public
x-fb-debug: ndq5rTdQMOvXCv+SXnvAmMbGj71WTpLTl0sKyPgmc8iGaD4kT//9UnuEvNzK3oySZzmrPbCYvTSQtdbW7JyQgw==
x-fb-trip-id: 917726464
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 conversion.js Show response
www.googleadservices.com/pagead/ 45 KB
17 KB 66ms
26ms Script
text/javascript 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion.js

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/c0e73f44ef33452babf4efe81baa1b482ed0ca98/satelliteLib-eaeb14e639d9c16e6550a4be4dc38d49846c3e8f.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

ebcd43274f956ef6d5c0f690695cc56c35a3a77180c9d1b80791febe4e27f601

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://travel.northeast.aaa.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date: Sun, 11 Dec 2022 22:58:45 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16823
x-xss-protection: 0
server: cafe
etag: 6351308751113588399
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Sun, 11 Dec 2022 22:58:45 GMT

GET
H3 200 gtm.js Show response
www.googletagmanager.com/ 390 KB
97 KB 17ms
17ms Script
application/javascript 2a00:1450:4001:830::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-TJ469T8&l=aaa_gtm_dm

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

97c2e6bd937d0f695db4aa90427d8fa7f672957f749bd96464a763e2cf86a361

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 22:58:45 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 99005
x-xss-protection: 0
last-modified: Sun, 11 Dec 2022 21:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sun, 11 Dec 2022 22:58:45 GMT

GET
H2 200 insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 13 KB
5 KB 111ms
32ms Script
application/x-javascript 2a02:26f0:780::5f65:3669
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by: Host: travel.northeast.aaa.com
URL: https://travel.northeast.aaa.com/trip/sKHVj7O3RAWhevDLVmXnGw/booking/W4AT5aogRY-bnf1SLkkj3w/terms?termsType=Cancellation&tst_email=confirmation&utm_source=conf_email&utm_medium=email&utm_campaign=car_insurance
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:780::5f65:3669 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 641153b2ad78e5d095645419060a4ea0854b1b3ec5ff27e99644c9f8d461610c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 22:58:45 GMT
content-encoding: gzip
last-modified: Thu, 17 Nov 2022 18:52:45 GMT
x-cdn: AKAM
vary: Accept-Encoding
content-type: application/x-javascript;charset=utf-8
cache-control: max-age=20497
accept-ranges: bytes
content-length: 4581

POST
H2 204 collect
region1.google-analytics.com/g/ 0
353 B 35ms
14ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-65YG7JM4M0&gtm=2oebu0&_p=145269316&cid=2015723410.1670799526&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1670799525&sct=1&seg=0&dl=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FsKHVj7O3RAWhevDLVmXnGw%2Fbooking%2FW4AT5aogRY-bnf1SLkkj3w%2Fterms%3FtermsType%3DCancellation%26tst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dcar_insurance&dt=Cancellation%20Terms&en=page_view&_fv=1&_ss=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-65YG7JM4M0&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 22:58:45 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://travel.northeast.aaa.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ga-audiences
www.google.com/ads/ 42 B
63 B 37ms
18ms Image
image/gif 2a00:1450:4001:803::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-96133587-4&cid=2015723410.1670799526&jid=773891103&_u=aEHAAEABAAAAACAEK~&z=2102729980

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 22:58:45 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ga-audiences
www.google.de/ads/ 42 B
63 B 36ms
18ms Image
image/gif 2a00:1450:4001:806::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-96133587-4&cid=2015723410.1670799526&jid=773891103&_u=aEHAAEABAAAAACAEK~&z=2102729980

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 22:58:45 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 jsonp Show response
travel.northeast.aaa.com/web-services/assets/featureToggles/ld/ 119 B
475 B 106ms
105ms XHR
text/javascript 52.206.165.190
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://travel.northeast.aaa.com/web-services/assets/featureToggles/ld/jsonp?key=ItineraryAccessPoint&anonymous=false&callback=jQuery36004537315162512474_1670799525358&_=1670799525359

Requested by

Host: travel.northeast.aaa.com
URL: https://travel.northeast.aaa.com/web-services/assets/resource/js/legacy-confirmation-page-bundle.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.206.165.190 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-206-165-190.compute-1.amazonaws.com

Software

/ Express

Resource Hash

3e7f451f42220207d2f2ceb07d7dd2c5a09858859ee037c14cdc0734b0913f73

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .tstllc.net .aaa.com ama.ab.ca .amatravel.ca .atlantic.caa.ca .caamanitoba.com .caaneo.ca .caask.ca .caaniagara.ca *.caascotravel.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept: text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Referer: https://travel.northeast.aaa.com/trip/sKHVj7O3RAWhevDLVmXnGw/booking/W4AT5aogRY-bnf1SLkkj3w/terms?termsType=Cancellation&tst_email=confirmation&utm_source=conf_email&utm_medium=email&utm_campaign=car_insurance
X-Requested-With: XMLHttpRequest
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 22:58:46 GMT
content-security-policy: frame-ancestors 'self' *.tstllc.net *.aaa.com ama.ab.ca *.amatravel.ca *.atlantic.caa.ca *.caamanitoba.com *.caaneo.ca *.caask.ca *.caaniagara.ca *.caascotravel.com
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
x-powered-by: Express
etag: W/"77-DwkNGEwzojusOo1iPPtIs4hKJgQ"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
content-length: 119

GET
DATA 200
OK truncated
/ 38 B
0 Image
image/webp

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 05632bd17ae6013db11864ba86f363756e305cd5a56ee788fe20774ed6c750f9

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Content-Type: image/webp

GET
H3 200 /
www.google.com/pagead/1p-user-list/1063159333/ 42 B
64 B 24ms
24ms Image
image/gif 2a00:1450:4001:803::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/1063159333/?random=1670799525770&cv=11&fst=1670796000000&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FsKHVj7O3RAWhevDLVmXnGw%2Fbooking%2FW4AT5aogRY-bnf1SLkkj3w%2Fterms%3FtermsType%3DCancellation%26tst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dcar_insurance&tiba=Cancellation%20Terms&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=2068197474&rmt_tld=0&ipr=y

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 22:58:46 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.de/pagead/1p-user-list/1063159333/ 42 B
64 B 22ms
22ms Image
image/gif 2a00:1450:4001:806::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/1063159333/?random=1670799525770&cv=11&fst=1670796000000&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FsKHVj7O3RAWhevDLVmXnGw%2Fbooking%2FW4AT5aogRY-bnf1SLkkj3w%2Fterms%3FtermsType%3DCancellation%26tst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dcar_insurance&tiba=Cancellation%20Terms&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=2068197474&rmt_tld=1&ipr=y

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 22:58:46 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/995747453/ 2 KB
1 KB 74ms
53ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/995747453/?random=1670799526386&cv=9&fst=1670799526386&num=1&guid=ON&resp=GooglemKTybQhCsO&eid=375603260&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&sendb=1&ig=1&frm=0&url=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FsKHVj7O3RAWhevDLVmXnGw%2Fbooking%2FW4AT5aogRY-bnf1SLkkj3w%2Fterms%3FtermsType%3DCancellation%26tst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dcar_insurance&tiba=Cancellation%20Terms&hn=www.googleadservices.com&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

667c44273d953af694bf766337738c7f556e011f7a8c9ef2eba37bb4b335edec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 22:58:46 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1031
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 / Show response
www.googleadservices.com/pagead/conversion/1063159333/ 2 KB
1 KB 35ms
18ms Script
text/javascript 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion/1063159333/?random=1670799526411&cv=11&fst=1670799526411&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1600&u_h=1200&label=UMmeCJj6xIIBEKWM-voD&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FsKHVj7O3RAWhevDLVmXnGw%2Fbooking%2FW4AT5aogRY-bnf1SLkkj3w%2Fterms%3FtermsType%3DCancellation%26tst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dcar_insurance&tiba=Cancellation%20Terms&gtm_ee=1&auid=1617345795.1670799526&uaw=0&data=event%3Dconversion&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-1063159333

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

d122d8a3e0d148d731d8b5d69c9f7ff451a8d7c0fdb9edecb1d23405c65f6c5e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 22:58:46 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1295
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

ibs:dpid=269&dpuuid=9fc36396-60a7-4e00-9c95-470e468d200d&ddsuuid=47709484121795006523454029584194499358
dpm.demdex.net/ Frame B7C0
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=10004&mt_exuid=47709484121795006523454029584194499358&redir=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D269%26dpuuid%3D[MM_UUID]%26ddsuuid%3d47709484121795...
https://dpm.demdex.net/ibs:dpid=269&dpuuid=9fc36396-60a7-4e00-9c95-470e468d200d&ddsuuid=47709484121795006523454029584194499358

42 B
942 B

34ms
33ms

Image
image/gif

52.19.242.51
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=269&dpuuid=9fc36396-60a7-4e00-9c95-470e468d200d&ddsuuid=47709484121795006523454029584194499358

Requested by

Protocol

HTTP/1.1

Server

52.19.242.51 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-19-242-51.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aaanortheast.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

DCS: dcs-prod-irl1-2-v045-0314701ba.edge-irl1.demdex.com 2 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: xoXZx1ChQ0Y=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Content-Type: image/gif
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

Date: Sun, 11 Dec 2022 22:58:46 GMT
Server: MT3 180 1fd3e2d master zrh-pixel-x30 config:1.0.0
Content-Type: image/gif
Access-Control-Allow-Origin: *
location: https://dpm.demdex.net/ibs:dpid=269&dpuuid=9fc36396-60a7-4e00-9c95-470e468d200d&ddsuuid=47709484121795006523454029584194499358
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache
Connection: keep-alive
Keep-Alive: timeout=360
Content-Length: 0
Expires: Sun, 11 Dec 2022 22:58:45 GMT

OPTIONS
H2 200 token
cdn.linkedin.oribi.io/partner/2021154/domain/travel.northeast.aaa.com/ Frame 0
0 59ms
20ms Preflight 2600:9000:223d:2a00:2:53b2:240:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.linkedin.oribi.io/partner/2021154/domain/travel.northeast.aaa.com/token
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223d:2a00:2:53b2:240:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: GET
Origin: https://travel.northeast.aaa.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

access-control-allow-headers: content-type
access-control-allow-methods: GET
access-control-allow-origin: *
access-control-max-age: 1800
age: 37891
allow: GET, HEAD, POST, PUT, DELETE, OPTIONS, PATCH
content-length: 0
date: Sun, 11 Dec 2022 12:27:15 GMT
via: 1.1 68eb499493257a6d0620a0f6abdc78ca.cloudfront.net (CloudFront)
x-amz-cf-id: F3UiyyNCNOg01xWqLP4qDoyOOu0cpNix81goTw3zuLPwFucddwxYFQ==
x-amz-cf-pop: FRA56-P3
x-cache: Hit from cloudfront

GET
H2 200 token Show response
cdn.linkedin.oribi.io/partner/2021154/domain/travel.northeast.aaa.com/ 36 B
375 B 12ms
10ms XHR
application/json 2600:9000:223d:2a00:2:53b2:240:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.linkedin.oribi.io/partner/2021154/domain/travel.northeast.aaa.com/token
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223d:2a00:2:53b2:240:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 7b1eaaaf180a13c29b6dddc3b0ae23333b4397e0f3c065b4c86da2f2530a5f89

Request headers

Accept: *
Referer: https://travel.northeast.aaa.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
Content-Type: application/json

Response headers

date: Sun, 11 Dec 2022 22:58:35 GMT
content-encoding: gzip
via: 1.1 68eb499493257a6d0620a0f6abdc78ca.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P3
age: 11
vary: accept-encoding
x-cache: Hit from cloudfront
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=3600
x-amz-cf-id: UTMiNmbLho2AnTLSe6PvuOfwIXiCB7LXECT_RvlEsVBUNcedQ1DQfQ==

GET
H2

200

collect
px4.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=2021154&time=1670799526421&url=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FsKHVj7O3RAWhevDLVmXnGw%2Fbooking%2FW4AT5aogRY-bnf1SLkkj3w%2Fterms%3...
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D2021154%26time%3D1670799526421%26url%3Dhttps%253A%252F%252Ftravel.northeast.aaa.c...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=2021154&time=1670799526421&url=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FsKHVj7O3RAWhevDLVmXnGw%2Fbooking%2FW4AT5aogRY-bnf1SLkkj3w%2Fterms%3...
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=2021154&time=1670799526421&url=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FsKHVj7O3RAWhevDLVmXnGw%2Fbooking%2FW4AT5aogRY-bnf1SLkkj3w%2Fterms%...

0
480 B

224ms
182ms

Image
application/javascript

13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=2021154&time=1670799526421&url=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FsKHVj7O3RAWhevDLVmXnGw%2Fbooking%2FW4AT5aogRY-bnf1SLkkj3w%2Fterms%3FtermsType%3DCancellation%26tst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dcar_insurance&liSync=true&e_ipv6=AQKxA4QgTKP42wAAAYUDaYwbgmts4tXwtKBLe5c-Pcox0JkgGtlSNfSmKhbgcAe42BsquWs
Requested by: Host: travel.northeast.aaa.com
URL: https://travel.northeast.aaa.com/trip/sKHVj7O3RAWhevDLVmXnGw/booking/W4AT5aogRY-bnf1SLkkj3w/terms?termsType=Cancellation&tst_email=confirmation&utm_source=conf_email&utm_medium=email&utm_campaign=car_insurance
Protocol: H2
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 22:58:47 GMT
nel: {"report_to":"network-errors","max_age":1296000,"success_fraction":0.00066,"failure_fraction":1,"include_subdomains":true}
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: E714AC56D57F466AB0E44F5E929BC78D Ref B: FRAEDGE1506 Ref C: 2022-12-11T22:58:47Z
linkedin-action: 1
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://www.linkedin.com/li/rep"}],"include_subdomains":true}
content-type: application/javascript
x-li-fabric: prod-lor1
x-cache: CONFIG_NOCACHE
x-li-proto: http/2
content-length: 0
x-li-uuid: AAXvlVROiw50rcul1psRNg==

Redirect headers

date: Sun, 11 Dec 2022 22:58:46 GMT
nel: {"report_to":"network-errors","max_age":1296000,"success_fraction":0.00066,"failure_fraction":1,"include_subdomains":true}
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: 22F8E74F2B7B44A49E6FF109BDC7693E Ref B: FRAEDGE2005 Ref C: 2022-12-11T22:58:46Z
linkedin-action: 1
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://www.linkedin.com/li/rep"}],"include_subdomains":true}
x-li-fabric: prod-lor1
location: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=2021154&time=1670799526421&url=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FsKHVj7O3RAWhevDLVmXnGw%2Fbooking%2FW4AT5aogRY-bnf1SLkkj3w%2Fterms%3FtermsType%3DCancellation%26tst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dcar_insurance&liSync=true&e_ipv6=AQKxA4QgTKP42wAAAYUDaYwbgmts4tXwtKBLe5c-Pcox0JkgGtlSNfSmKhbgcAe42BsquWs
x-cache: CONFIG_NOCACHE
x-li-proto: http/2
content-length: 0
x-li-uuid: AAXvlVRLJ6+Rmlz4TwVyQQ==

GET
H3 200 /
www.google.com/pagead/1p-user-list/748297981/ 42 B
64 B 25ms
23ms Image
image/gif 2a00:1450:4001:803::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/748297981/?random=1670799525834&cv=11&fst=1670796000000&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FsKHVj7O3RAWhevDLVmXnGw%2Fbooking%2FW4AT5aogRY-bnf1SLkkj3w%2Fterms%3FtermsType%3DCancellation%26tst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dcar_insurance&tiba=Cancellation%20Terms&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=2772717234&rmt_tld=0&ipr=y

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 22:58:46 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.de/pagead/1p-user-list/748297981/ 42 B
64 B 24ms
22ms Image
image/gif 2a00:1450:4001:806::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/748297981/?random=1670799525834&cv=11&fst=1670796000000&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FsKHVj7O3RAWhevDLVmXnGw%2Fbooking%2FW4AT5aogRY-bnf1SLkkj3w%2Fterms%3FtermsType%3DCancellation%26tst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dcar_insurance&tiba=Cancellation%20Terms&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=2772717234&rmt_tld=1&ipr=y

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 22:58:46 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 136696297006053 Show response
connect.facebook.net/signals/config/ 294 KB
84 KB 22ms
8ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/136696297006053?v=2.9.89&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

d789477acfadf97e5798506acc8e55d7f11a9a51807d3edc13e1ac592997d487

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Sun, 11 Dec 2022 22:58:46 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 86334
x-fb-rlafr: 0
x-xss-protection: 0
pragma: public
x-fb-debug: WXThHS22XROVwj1gizVFesicuok/YyXc/zsy1FrG+qOW1+Vqsq42saaS/DQM2UOdGMatFMnNPk9tllKjPluhbg==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=1200
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 RC2e88a81f2a034f11adad3cd878b22242-source.min.js Show response
assets.adobedtm.com/5ddcd7778a26/f8fc72cd597d/89ed724d5d88/ 580 B
629 B 17ms
15ms Script
application/x-javascript 2a02:26f0:3500:587::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/5ddcd7778a26/f8fc72cd597d/89ed724d5d88/RC2e88a81f2a034f11adad3cd878b22242-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/c0e73f44ef33452babf4efe81baa1b482ed0ca98/satelliteLib-eaeb14e639d9c16e6550a4be4dc38d49846c3e8f.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:587::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 425149f776ce3188f504a799706d51cb75e7b4b811ea4e9d5e981aa5080865ec

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 22:58:46 GMT
content-encoding: gzip
last-modified: Thu, 08 Dec 2022 18:13:46 GMT
server: AkamaiNetStorage
etag: "fcad905560ab06c0aa86aebad4f379e5:1670523226.102259"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://travel.northeast.aaa.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 358
expires: Sun, 11 Dec 2022 23:58:46 GMT

GET
H2 200 RCe50f3c3740444528b1f414e8d2232900-source.min.js Show response
assets.adobedtm.com/5ddcd7778a26/f8fc72cd597d/89ed724d5d88/ 447 B
562 B 16ms
15ms Script
application/x-javascript 2a02:26f0:3500:587::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/5ddcd7778a26/f8fc72cd597d/89ed724d5d88/RCe50f3c3740444528b1f414e8d2232900-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/c0e73f44ef33452babf4efe81baa1b482ed0ca98/satelliteLib-eaeb14e639d9c16e6550a4be4dc38d49846c3e8f.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:587::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 5fa87130a1e4ff5306f760e2125a2e91e48c628a84fc4c84d0180be950829080

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 22:58:46 GMT
content-encoding: gzip
last-modified: Thu, 08 Dec 2022 18:13:46 GMT
server: AkamaiNetStorage
etag: "fcad905560ab06c0aa86aebad4f379e5:1670523226.102259"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://travel.northeast.aaa.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 292
expires: Sun, 11 Dec 2022 23:58:46 GMT

GET
H2 200 RC05a8fa05392c426a929661d6b3dc0dbd-source.min.js Show response
assets.adobedtm.com/5ddcd7778a26/f8fc72cd597d/89ed724d5d88/ 404 B
535 B 17ms
16ms Script
application/x-javascript 2a02:26f0:3500:587::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/5ddcd7778a26/f8fc72cd597d/89ed724d5d88/RC05a8fa05392c426a929661d6b3dc0dbd-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/c0e73f44ef33452babf4efe81baa1b482ed0ca98/satelliteLib-eaeb14e639d9c16e6550a4be4dc38d49846c3e8f.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:587::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 98860e376b483292b9d55b6930a5e5514ee8e422ac36c40e9ea1ceb041860e9b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 22:58:46 GMT
content-encoding: gzip
last-modified: Thu, 08 Dec 2022 18:13:46 GMT
server: AkamaiNetStorage
etag: "fcad905560ab06c0aa86aebad4f379e5:1670523226.102259"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://travel.northeast.aaa.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 264
expires: Sun, 11 Dec 2022 23:58:46 GMT

GET
H2 200 RC8ebc475ac1be40528ce64ff1ecd6490e-source.min.js Show response
assets.adobedtm.com/5ddcd7778a26/f8fc72cd597d/89ed724d5d88/ 676 B
669 B 17ms
16ms Script
application/x-javascript 2a02:26f0:3500:587::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/5ddcd7778a26/f8fc72cd597d/89ed724d5d88/RC8ebc475ac1be40528ce64ff1ecd6490e-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/c0e73f44ef33452babf4efe81baa1b482ed0ca98/satelliteLib-eaeb14e639d9c16e6550a4be4dc38d49846c3e8f.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:587::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: c646bcb4225cd7654a1bcc52efdbca4265ae892fa5791a6bc0ebcc330f358ff4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 22:58:46 GMT
content-encoding: gzip
last-modified: Thu, 08 Dec 2022 18:13:46 GMT
server: AkamaiNetStorage
etag: "fcad905560ab06c0aa86aebad4f379e5:1670523226.102259"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://travel.northeast.aaa.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 398
expires: Sun, 11 Dec 2022 23:58:46 GMT

GET
H2 200 RCfe4a7062cc9544f78e7517e23c93c4a3-source.min.js Show response
assets.adobedtm.com/5ddcd7778a26/f8fc72cd597d/89ed724d5d88/ 642 B
630 B 15ms
15ms Script
application/x-javascript 2a02:26f0:3500:587::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/5ddcd7778a26/f8fc72cd597d/89ed724d5d88/RCfe4a7062cc9544f78e7517e23c93c4a3-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/c0e73f44ef33452babf4efe81baa1b482ed0ca98/satelliteLib-eaeb14e639d9c16e6550a4be4dc38d49846c3e8f.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:587::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 4a4f0777bfb9572cb278aca310fe904b5726ae60cfbde4ace23255d18c7bf0fc

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 22:58:46 GMT
content-encoding: gzip
last-modified: Thu, 08 Dec 2022 18:13:46 GMT
server: AkamaiNetStorage
etag: "fcad905560ab06c0aa86aebad4f379e5:1670523226.102259"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://travel.northeast.aaa.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 359
expires: Sun, 11 Dec 2022 23:58:46 GMT

POST
H2 200 interact Show response
adobedc.demdex.net/ee/v1/ 8 KB
3 KB 102ms
48ms Fetch
application/json 15.188.95.229
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://adobedc.demdex.net/ee/v1/interact?configId=0c320b08-f1d1-4a2f-b47d-889410ccd7a3&requestId=f52a6773-3138-4076-866e-2ddc052ef656

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/c0e73f44ef33452babf4efe81baa1b482ed0ca98/satelliteLib-eaeb14e639d9c16e6550a4be4dc38d49846c3e8f.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

15.188.95.229 Paris, France, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-15-188-95-229.eu-west-3.compute.amazonaws.com

Software

jag /

Resource Hash

49aba8ddbbeafdc25509323dbf2be2065f3ffab50bb1c1acb6390181e41a0ff0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://travel.northeast.aaa.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
Content-Type: text/plain; charset=UTF-8

Response headers

date: Sun, 11 Dec 2022 22:58:45 GMT
content-encoding: deflate
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
x-rate-limit-remaining: 599
x-adobe-edge: IRL1;6
x-xss-protection: 1; mode=block
x-request-id: f52a6773-3138-4076-866e-2ddc052ef656
server: jag
vary: Origin
content-type: application/json;charset=utf-8
access-control-allow-origin: https://travel.northeast.aaa.com
access-control-expose-headers: Retry-After, X-Adobe-Edge, X-Request-ID
cache-control: no-cache, no-store, max-age=0, no-transform, private
access-control-allow-credentials: true
x-konductor: 22.11.2:836cd9b5

GET
H2 200 main_37f93cebd6888daeae25442881204685.br.js Show response
assets.bounceexchange.com/assets/smart-tag/versioned/ 377 KB
73 KB 92ms
13ms Script
text/javascript 34.98.72.95
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.bounceexchange.com/assets/smart-tag/versioned/main_37f93cebd6888daeae25442881204685.br.js
Requested by: Host: tag.wknd.ai
URL: https://tag.wknd.ai/3328/i.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 95.72.98.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: a796e91dc42aef7823610e7b41f1effdcd4f6f8bd06ce3380e24d5d30cfc1919

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 19:46:07 GMT
content-encoding: br
age: 357159
x-guploader-uploadid: ADPycdvV7jJ6FKTbeXGCNpSAKqpCgA7mJVKw2RvxvD_rF2CeVJSnkqug6ckcUTYPjI7rW6L9Ql0eGm6Q85yfPtTOkWBH6A
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: br
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 74683
last-modified: Wed, 07 Dec 2022 19:45:50 GMT
server: UploadServer
etag: "24de2a33288bb795c686bbe8a091aa2d"
x-goog-generation: 1670442350591913
x-goog-hash: crc32c=ux3Ydg==, md5=JN4qMyiLt5XGhrvooJGqLQ==
access-control-allow-origin: *
access-control-expose-headers: etag, Content-Type
cache-control: public,max-age=31536000
x-goog-stored-content-length: 74683
accept-ranges: bytes
content-type: text/javascript
expires: Thu, 07 Dec 2023 19:46:07 GMT

GET
H2 200 cjs_min_62f4846d97d6cffa05fd709123de3ea8.js Show response
assets.bounceexchange.com/assets/smart-tag/versioned/ 46 KB
15 KB 90ms
12ms Script
text/javascript 34.98.72.95
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.bounceexchange.com/assets/smart-tag/versioned/cjs_min_62f4846d97d6cffa05fd709123de3ea8.js
Requested by: Host: tag.wknd.ai
URL: https://tag.wknd.ai/3328/i.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 95.72.98.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 9366be9dc7f0c13655e2a45ce1df32f55b937efc0878b30954969c88151f1482

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 21:25:03 GMT
content-encoding: gzip
age: 264823
x-guploader-uploadid: ADPycdspR83unVlNrLq6bv0OnRnCEJ2aUuMhoNtjq_rQu0icjTD7sOJt0HgHQ44GWytVaY6Jxv6fCeHJ84X4qR54Mbo0Ew
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15082
last-modified: Thu, 08 Dec 2022 21:24:53 GMT
server: UploadServer
etag: "02aa3508d07729296f81673e76733b97"
x-goog-generation: 1670534693607850
x-goog-hash: crc32c=NV2AHw==, md5=Aqo1CNB3KSlvgWc+dnM7lw==
access-control-allow-origin: *
access-control-expose-headers: etag, Content-Type
cache-control: public,max-age=31536000,no-transform
x-goog-stored-content-length: 15082
accept-ranges: bytes
content-type: text/javascript; charset=utf-8
expires: Fri, 08 Dec 2023 21:25:03 GMT

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/997673764/ 2 KB
994 B 28ms
26ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/997673764/?random=1670799526526&cv=11&fst=1670799526526&bg=ffffff&guid=ON&async=1&gtm=2wgbu0&u_w=1600&u_h=1200&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FsKHVj7O3RAWhevDLVmXnGw%2Fbooking%2FW4AT5aogRY-bnf1SLkkj3w%2Fterms%3FtermsType%3DCancellation%26tst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dcar_insurance&tiba=Cancellation%20Terms&auid=1617345795.1670799526&uaw=0&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TJ469T8&l=aaa_gtm_dm

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

056704ecc2474e74dd4dce93d2e9be703b9ba20d42f6e7a45469abfdb0005560

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 22:58:46 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 970
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/994591697/ 2 KB
993 B 90ms
88ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/994591697/?random=1670799526532&cv=11&fst=1670799526532&bg=ffffff&guid=ON&async=1&gtm=2wgbu0&u_w=1600&u_h=1200&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FsKHVj7O3RAWhevDLVmXnGw%2Fbooking%2FW4AT5aogRY-bnf1SLkkj3w%2Fterms%3FtermsType%3DCancellation%26tst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dcar_insurance&tiba=Cancellation%20Terms&auid=1617345795.1670799526&uaw=0&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TJ469T8&l=aaa_gtm_dm

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8029785ba7ba47b450abdfc5f63052bb6ff45b21729a8b6a5382ad9c5471b4fb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 22:58:46 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 969
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/956500681/ 2 KB
992 B 64ms
62ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/956500681/?random=1670799526533&cv=11&fst=1670799526533&bg=ffffff&guid=ON&async=1&gtm=2wgbu0&u_w=1600&u_h=1200&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FsKHVj7O3RAWhevDLVmXnGw%2Fbooking%2FW4AT5aogRY-bnf1SLkkj3w%2Fterms%3FtermsType%3DCancellation%26tst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dcar_insurance&tiba=Cancellation%20Terms&auid=1617345795.1670799526&uaw=0&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TJ469T8&l=aaa_gtm_dm

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7623e516af47a91a2a86c005f33c4b850a7e2f17752bc073518cb9af5c6cdccd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 22:58:46 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 968
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/995747453/ 2 KB
993 B 66ms
64ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/995747453/?random=1670799526534&cv=11&fst=1670799526534&bg=ffffff&guid=ON&async=1&gtm=2wgbu0&u_w=1600&u_h=1200&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FsKHVj7O3RAWhevDLVmXnGw%2Fbooking%2FW4AT5aogRY-bnf1SLkkj3w%2Fterms%3FtermsType%3DCancellation%26tst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dcar_insurance&tiba=Cancellation%20Terms&auid=1617345795.1670799526&uaw=0&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TJ469T8&l=aaa_gtm_dm

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c88fb96d07c021871775926d57d42f7cadedeb38cb32a01ad9be2529ff53a2fd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 22:58:46 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 969
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/768643034/ 2 KB
992 B 88ms
86ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/768643034/?random=1670799526535&cv=11&fst=1670799526535&bg=ffffff&guid=ON&async=1&gtm=2wgbu0&u_w=1600&u_h=1200&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FsKHVj7O3RAWhevDLVmXnGw%2Fbooking%2FW4AT5aogRY-bnf1SLkkj3w%2Fterms%3FtermsType%3DCancellation%26tst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dcar_insurance&tiba=Cancellation%20Terms&auid=1617345795.1670799526&uaw=0&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TJ469T8&l=aaa_gtm_dm

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d52bb838e14ec713e9fde7998aa9c5e802ef7799925381082ec63a62c632582b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 22:58:46 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 968
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/969619756/ 2 KB
994 B 87ms
85ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/969619756/?random=1670799526536&cv=11&fst=1670799526536&bg=ffffff&guid=ON&async=1&gtm=2wgbu0&u_w=1600&u_h=1200&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FsKHVj7O3RAWhevDLVmXnGw%2Fbooking%2FW4AT5aogRY-bnf1SLkkj3w%2Fterms%3FtermsType%3DCancellation%26tst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dcar_insurance&tiba=Cancellation%20Terms&auid=1617345795.1670799526&uaw=0&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TJ469T8&l=aaa_gtm_dm

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6537bc70fac0198bb364b2438646688b8c5167700de682b865f25c47c8aaf4ab

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 22:58:46 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 970
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/836762974/ 2 KB
994 B 61ms
60ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/836762974/?random=1670799526537&cv=11&fst=1670799526537&bg=ffffff&guid=ON&async=1&gtm=2wgbu0&u_w=1600&u_h=1200&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FsKHVj7O3RAWhevDLVmXnGw%2Fbooking%2FW4AT5aogRY-bnf1SLkkj3w%2Fterms%3FtermsType%3DCancellation%26tst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dcar_insurance&tiba=Cancellation%20Terms&auid=1617345795.1670799526&uaw=0&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TJ469T8&l=aaa_gtm_dm

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

440241c3470b27e2847cd12f83e4fc13bdcb16155c467c9f1abafb72f6c384ab

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 22:58:46 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 970
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/962827280/ 2 KB
993 B 88ms
88ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/962827280/?random=1670799526538&cv=11&fst=1670799526538&bg=ffffff&guid=ON&async=1&gtm=2wgbu0&u_w=1600&u_h=1200&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FsKHVj7O3RAWhevDLVmXnGw%2Fbooking%2FW4AT5aogRY-bnf1SLkkj3w%2Fterms%3FtermsType%3DCancellation%26tst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dcar_insurance&tiba=Cancellation%20Terms&auid=1617345795.1670799526&uaw=0&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TJ469T8&l=aaa_gtm_dm

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0a1ec5ad75598faccf42de4d5b7f22edc6d21940c64070fcb2ead7943e93bc7a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 22:58:46 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 969
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/933849799/ 2 KB
991 B 88ms
88ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/933849799/?random=1670799526539&cv=11&fst=1670799526539&bg=ffffff&guid=ON&async=1&gtm=2wgbu0&u_w=1600&u_h=1200&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FsKHVj7O3RAWhevDLVmXnGw%2Fbooking%2FW4AT5aogRY-bnf1SLkkj3w%2Fterms%3FtermsType%3DCancellation%26tst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dcar_insurance&tiba=Cancellation%20Terms&auid=1617345795.1670799526&uaw=0&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TJ469T8&l=aaa_gtm_dm

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5ee5c9b1b7ae2bd8b86b2cfff12fe8a7ee7caff6141c45ecdaf6d97cd2378dce

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 22:58:46 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 967
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/994252266/ 2 KB
993 B 123ms
123ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/994252266/?random=1670799526541&cv=11&fst=1670799526541&bg=ffffff&guid=ON&async=1&gtm=2wgbu0&u_w=1600&u_h=1200&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FsKHVj7O3RAWhevDLVmXnGw%2Fbooking%2FW4AT5aogRY-bnf1SLkkj3w%2Fterms%3FtermsType%3DCancellation%26tst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dcar_insurance&tiba=Cancellation%20Terms&auid=1617345795.1670799526&uaw=0&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TJ469T8&l=aaa_gtm_dm

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5588ebfc655485abe49c6c6bb6a659d6424765ab594e043dd98d8016083049bb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 22:58:46 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 969
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 bat.js Show response
bat.bing.com/ 38 KB
12 KB 101ms
33ms Script
application/javascript 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/bat.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TJ469T8&l=aaa_gtm_dm

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

f2c4b7d20ff42a433d0c76631c460cd75128f8f0436d052ce2cf79dc4fa6a244

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
date: Sun, 11 Dec 2022 22:58:46 GMT
last-modified: Mon, 05 Dec 2022 17:15:50 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: ABF671D380684CDDA23CD5D4ED04C121 Ref B: FRAEDGE1922 Ref C: 2022-12-11T22:58:46Z
etag: "027e538cd8d91:0"
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript
access-control-allow-origin: *
cache-control: private,max-age=1800
accept-ranges: bytes
content-length: 11460

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 110 KB
43 KB 17ms
16ms Script
application/javascript 2a00:1450:4001:830::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=DC-10010677

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TJ469T8&l=aaa_gtm_dm

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

f5fbbe87ba57e8862a9a85af9f3ce1d86a54feabee2e4b395e3931b6c6713333

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 22:58:46 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44136
x-xss-protection: 0
last-modified: Sun, 11 Dec 2022 21:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sun, 11 Dec 2022 22:58:46 GMT

GET
H2 200 jsonp Show response
travel.northeast.aaa.com/web-services/assets/featureToggles/ld/ 119 B
475 B 104ms
103ms XHR
text/javascript 52.206.165.190
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://travel.northeast.aaa.com/web-services/assets/featureToggles/ld/jsonp?key=CruiseSuccessfulSyncMessaging&anonymous=false&callback=jQuery36004537315162512474_1670799525358&_=1670799525360

Requested by

Host: travel.northeast.aaa.com
URL: https://travel.northeast.aaa.com/web-services/assets/resource/js/legacy-confirmation-page-bundle.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.206.165.190 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-206-165-190.compute-1.amazonaws.com

Software

/ Express

Resource Hash

3e7f451f42220207d2f2ceb07d7dd2c5a09858859ee037c14cdc0734b0913f73

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .tstllc.net .aaa.com ama.ab.ca .amatravel.ca .atlantic.caa.ca .caamanitoba.com .caaneo.ca .caask.ca .caaniagara.ca *.caascotravel.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept: text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Referer: https://travel.northeast.aaa.com/trip/sKHVj7O3RAWhevDLVmXnGw/booking/W4AT5aogRY-bnf1SLkkj3w/terms?termsType=Cancellation&tst_email=confirmation&utm_source=conf_email&utm_medium=email&utm_campaign=car_insurance
X-Requested-With: XMLHttpRequest
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 22:58:46 GMT
content-security-policy: frame-ancestors 'self' *.tstllc.net *.aaa.com ama.ab.ca *.amatravel.ca *.atlantic.caa.ca *.caamanitoba.com *.caaneo.ca *.caask.ca *.caaniagara.ca *.caascotravel.com
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
x-powered-by: Express
etag: W/"77-DwkNGEwzojusOo1iPPtIs4hKJgQ"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
content-length: 119

GET
H2 403 licensee Show response
travel.northeast.aaa.com/v1/prepack/ 570 B
837 B 104ms
104ms Fetch
application/json 52.206.165.190
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://travel.northeast.aaa.com/v1/prepack/licensee

Requested by

Host: d2wy8f7a9ursnm.cloudfront.net
URL: https://d2wy8f7a9ursnm.cloudfront.net/v7/bugsnag.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.206.165.190 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-206-165-190.compute-1.amazonaws.com

Software

Resource Hash

beb0512234a9e452ac5202c6919ea871ae8f78cec6e14e800e5fc0204d90009f

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .tstllc.net .aaa.com ama.ab.ca .amatravel.ca .atlantic.caa.ca .caamanitoba.com .caaneo.ca .caask.ca .caaniagara.ca *.caascotravel.com
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/trip/sKHVj7O3RAWhevDLVmXnGw/booking/W4AT5aogRY-bnf1SLkkj3w/terms?termsType=Cancellation&tst_email=confirmation&utm_source=conf_email&utm_medium=email&utm_campaign=car_insurance
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 22:58:46 GMT
content-security-policy: frame-ancestors 'self' *.tstllc.net *.aaa.com ama.ab.ca *.amatravel.ca *.atlantic.caa.ca *.caamanitoba.com *.caaneo.ca *.caask.ca *.caaniagara.ca *.caascotravel.com
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 570
vary: Origin
content-type: application/json

GET
H/1.1

200
OK

ibs:dpid=359&dpuuid=MM2b1pxy1P4vhs5
dpm.demdex.net/ Frame B7C0
Redirect Chain

https://pm.w55c.net/ping_match.gif?st=dmx&rurl=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D359%26dpuuid%3D_wfivefivec_
https://pm.w55c.net/ping_match.gif?scc=1&st=dmx&rurl=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D359%26dpuuid%3D_wfivefivec_
https://dpm.demdex.net/ibs:dpid=359&dpuuid=MM2b1pxy1P4vhs5

42 B
942 B

33ms
32ms

Image
image/gif

52.19.242.51
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=359&dpuuid=MM2b1pxy1P4vhs5

Requested by

Protocol

HTTP/1.1

Server

52.19.242.51 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-19-242-51.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aaanortheast.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

DCS: dcs-prod-irl1-2-v045-0492369ce.edge-irl1.demdex.com 2 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: HKQ83TgUTvc=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Content-Type: image/gif
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

Pragma: no-cache
Date: Sun, 11 Dec 2022 22:58:45 GMT
Strict-Transport-Security: max-age=2592000; includeSubDomains
Server: PingMatch/595ea14#595ea1444a96c0bdac4aa333a73d7028cf966fc7 i-0c6774dcbd8510e59@eu-central-1a@dxedge-app-eu-central-1-prod-asg
Location: https://dpm.demdex.net/ibs:dpid=359&dpuuid=MM2b1pxy1P4vhs5
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.com/pagead/1p-user-list/995747453/ 42 B
64 B 28ms
28ms Image
image/gif 2a00:1450:4001:803::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/995747453/?random=1670799526386&cv=9&fst=1670796000000&num=1&guid=ON&eid=375603260&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&sendb=1&frm=0&url=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FsKHVj7O3RAWhevDLVmXnGw%2Fbooking%2FW4AT5aogRY-bnf1SLkkj3w%2Fterms%3FtermsType%3DCancellation%26tst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dcar_insurance&tiba=Cancellation%20Terms&fmt=3&is_vtc=1&random=2204137755&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 22:58:46 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.de/pagead/1p-user-list/995747453/ 42 B
64 B 26ms
25ms Image
image/gif 2a00:1450:4001:806::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/995747453/?random=1670799526386&cv=9&fst=1670796000000&num=1&guid=ON&eid=375603260&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&sendb=1&frm=0&url=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FsKHVj7O3RAWhevDLVmXnGw%2Fbooking%2FW4AT5aogRY-bnf1SLkkj3w%2Fterms%3FtermsType%3DCancellation%26tst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dcar_insurance&tiba=Cancellation%20Terms&fmt=3&is_vtc=1&random=2204137755&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 22:58:46 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

/
www.google.de/pagead/1p-conversion/1063159333/
Redirect Chain

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1063159333/?random=1171539469&cv=11&fst=1670799526411&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1600&u_h=1200&label=UMmeCJj6xIIBEKWM-...
https://www.google.com/pagead/1p-conversion/1063159333/?random=1171539469&cv=11&fst=1670799526411&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1600&u_h=1200&label=UMmeCJj6xIIBEKWM-voD&hn=www.googleadse...
https://www.google.de/pagead/1p-conversion/1063159333/?random=1171539469&cv=11&fst=1670799526411&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1600&u_h=1200&label=UMmeCJj6xIIBEKWM-voD&hn=www.googleadser...

42 B
64 B

24ms
23ms

Image
image/gif

2a00:1450:4001:806::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-conversion/1063159333/?random=1171539469&cv=11&fst=1670799526411&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1600&u_h=1200&label=UMmeCJj6xIIBEKWM-voD&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FsKHVj7O3RAWhevDLVmXnGw%2Fbooking%2FW4AT5aogRY-bnf1SLkkj3w%2Fterms%3FtermsType%3DCancellation%26tst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dcar_insurance&tiba=Cancellation%20Terms&gtm_ee=1&auid=1617345795.1670799526&uaw=0&data=event%3Dconversion&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&pscrd=Ek9DaEVJZ0p6V25BWVFwZFhONmV5Ung5T2JBUkltQU51S0pZakkyNms0X2pTaTFzX3piNHVaYVFKZG5Qc0JrSy1VcHBoV0hETGcxRHhfZi13GlpDaEVJZ0p6V25BWVEtUHYyNXFLdHpQM1NBUkl1QUE4Y2d5eFUzbU01T2pSYlJzS2c3cGNIRVZiNVVMTGtPNjgyelYyTHhFXzVnY1dLblV1NFBqU2xxcG44aVE&is_vtc=1&ocp_id=pmCWY73JGpmP9fgPsMexkAg&cid=CAQSKQDq26N9xTTGfurbPhJfksLxNhNvoEG-9lOK_1Syr8-ZyebZT6dVEnJNIBM&random=770229435&ipr=y&prhg=0

Requested by

Protocol

Server

2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 22:58:46 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 11 Dec 2022 22:58:46 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
location: https://www.google.de/pagead/1p-conversion/1063159333/?random=1171539469&cv=11&fst=1670799526411&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1600&u_h=1200&label=UMmeCJj6xIIBEKWM-voD&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FsKHVj7O3RAWhevDLVmXnGw%2Fbooking%2FW4AT5aogRY-bnf1SLkkj3w%2Fterms%3FtermsType%3DCancellation%26tst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dcar_insurance&tiba=Cancellation%20Terms&gtm_ee=1&auid=1617345795.1670799526&uaw=0&data=event%3Dconversion&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&pscrd=Ek9DaEVJZ0p6V25BWVFwZFhONmV5Ung5T2JBUkltQU51S0pZakkyNms0X2pTaTFzX3piNHVaYVFKZG5Qc0JrSy1VcHBoV0hETGcxRHhfZi13GlpDaEVJZ0p6V25BWVEtUHYyNXFLdHpQM1NBUkl1QUE4Y2d5eFUzbU01T2pSYlJzS2c3cGNIRVZiNVVMTGtPNjgyelYyTHhFXzVnY1dLblV1NFBqU2xxcG44aVE&is_vtc=1&ocp_id=pmCWY73JGpmP9fgPsMexkAg&cid=CAQSKQDq26N9xTTGfurbPhJfksLxNhNvoEG-9lOK_1Syr8-ZyebZT6dVEnJNIBM&random=770229435&ipr=y&prhg=0
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 403 2512.js
cdn.pbbl.co/r/ 0
0 74ms
12ms Script
text/html 108.156.60.33
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.pbbl.co/r/2512.js
Requested by: Host: travel.northeast.aaa.com
URL: https://travel.northeast.aaa.com/trip/sKHVj7O3RAWhevDLVmXnGw/booking/W4AT5aogRY-bnf1SLkkj3w/terms?termsType=Cancellation&tst_email=confirmation&utm_source=conf_email&utm_medium=email&utm_campaign=car_insurance
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.156.60.33 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-156-60-33.ams1.r.cloudfront.net
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

GET
H3 200 /
www.google.com/pagead/1p-user-list/997673764/ 42 B
64 B 21ms
21ms Image
image/gif 2a00:1450:4001:803::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/997673764/?random=1670799526526&cv=11&fst=1670796000000&bg=ffffff&guid=ON&async=1&gtm=2wgbu0&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FsKHVj7O3RAWhevDLVmXnGw%2Fbooking%2FW4AT5aogRY-bnf1SLkkj3w%2Fterms%3FtermsType%3DCancellation%26tst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dcar_insurance&tiba=Cancellation%20Terms&fmt=3&is_vtc=1&random=3642683793&rmt_tld=0&ipr=y

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 22:58:46 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.de/pagead/1p-user-list/997673764/ 42 B
64 B 21ms
21ms Image
image/gif 2a00:1450:4001:806::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/997673764/?random=1670799526526&cv=11&fst=1670796000000&bg=ffffff&guid=ON&async=1&gtm=2wgbu0&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FsKHVj7O3RAWhevDLVmXnGw%2Fbooking%2FW4AT5aogRY-bnf1SLkkj3w%2Fterms%3FtermsType%3DCancellation%26tst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dcar_insurance&tiba=Cancellation%20Terms&fmt=3&is_vtc=1&random=3642683793&rmt_tld=1&ipr=y

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 22:58:46 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.facebook.com/tr/ 0
185 B 24ms
8ms Image
text/plain 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=136696297006053&ev=PageView&dl=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FsKHVj7O3RAWhevDLVmXnGw%2Fbooking%2FW4AT5aogRY-bnf1SLkkj3w%2Fterms%3FtermsType%3DCancellation%26tst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dcar_insurance&rl=&if=false&ts=1670799526616&sw=1600&sh=1200&v=2.9.89&r=stable&ec=0&o=30&fbp=fb.1.1670799526614.832979254&it=1670799526475&coo=false&rqm=GET

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Sun, 11 Dec 2022 22:58:46 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H3 200 /
www.google.com/pagead/1p-user-list/836762974/ 42 B
64 B 22ms
19ms Image
image/gif 2a00:1450:4001:803::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/836762974/?random=1670799526537&cv=11&fst=1670796000000&bg=ffffff&guid=ON&async=1&gtm=2wgbu0&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FsKHVj7O3RAWhevDLVmXnGw%2Fbooking%2FW4AT5aogRY-bnf1SLkkj3w%2Fterms%3FtermsType%3DCancellation%26tst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dcar_insurance&tiba=Cancellation%20Terms&fmt=3&is_vtc=1&random=68338573&rmt_tld=0&ipr=y

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 22:58:46 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.de/pagead/1p-user-list/836762974/ 42 B
64 B 27ms
23ms Image
image/gif 2a00:1450:4001:806::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/836762974/?random=1670799526537&cv=11&fst=1670796000000&bg=ffffff&guid=ON&async=1&gtm=2wgbu0&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FsKHVj7O3RAWhevDLVmXnGw%2Fbooking%2FW4AT5aogRY-bnf1SLkkj3w%2Fterms%3FtermsType%3DCancellation%26tst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dcar_insurance&tiba=Cancellation%20Terms&fmt=3&is_vtc=1&random=68338573&rmt_tld=1&ipr=y

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 22:58:46 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.com/pagead/1p-user-list/956500681/ 42 B
64 B 24ms
21ms Image
image/gif 2a00:1450:4001:803::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/956500681/?random=1670799526533&cv=11&fst=1670796000000&bg=ffffff&guid=ON&async=1&gtm=2wgbu0&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FsKHVj7O3RAWhevDLVmXnGw%2Fbooking%2FW4AT5aogRY-bnf1SLkkj3w%2Fterms%3FtermsType%3DCancellation%26tst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dcar_insurance&tiba=Cancellation%20Terms&fmt=3&is_vtc=1&random=3713259796&rmt_tld=0&ipr=y

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 22:58:46 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.de/pagead/1p-user-list/956500681/ 42 B
64 B 27ms
24ms Image
image/gif 2a00:1450:4001:806::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/956500681/?random=1670799526533&cv=11&fst=1670796000000&bg=ffffff&guid=ON&async=1&gtm=2wgbu0&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FsKHVj7O3RAWhevDLVmXnGw%2Fbooking%2FW4AT5aogRY-bnf1SLkkj3w%2Fterms%3FtermsType%3DCancellation%26tst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dcar_insurance&tiba=Cancellation%20Terms&fmt=3&is_vtc=1&random=3713259796&rmt_tld=1&ipr=y

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 22:58:46 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.com/pagead/1p-user-list/995747453/ 42 B
64 B 24ms
22ms Image
image/gif 2a00:1450:4001:803::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/995747453/?random=1670799526534&cv=11&fst=1670796000000&bg=ffffff&guid=ON&async=1&gtm=2wgbu0&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FsKHVj7O3RAWhevDLVmXnGw%2Fbooking%2FW4AT5aogRY-bnf1SLkkj3w%2Fterms%3FtermsType%3DCancellation%26tst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dcar_insurance&tiba=Cancellation%20Terms&fmt=3&is_vtc=1&random=2734022086&rmt_tld=0&ipr=y

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 22:58:46 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.de/pagead/1p-user-list/995747453/ 42 B
64 B 26ms
24ms Image
image/gif 2a00:1450:4001:806::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/995747453/?random=1670799526534&cv=11&fst=1670796000000&bg=ffffff&guid=ON&async=1&gtm=2wgbu0&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FsKHVj7O3RAWhevDLVmXnGw%2Fbooking%2FW4AT5aogRY-bnf1SLkkj3w%2Fterms%3FtermsType%3DCancellation%26tst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dcar_insurance&tiba=Cancellation%20Terms&fmt=3&is_vtc=1&random=2734022086&rmt_tld=1&ipr=y

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 22:58:46 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK / Show response
data.cdnbasket.net/ 14 B
338 B 243ms
117ms XHR
application/json 34.117.96.210
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://data.cdnbasket.net/
Requested by: Host: assets.bounceexchange.com
URL: https://assets.bounceexchange.com/assets/smart-tag/versioned/cjs_min_62f4846d97d6cffa05fd709123de3ea8.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 34.117.96.210 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 210.96.117.34.bc.googleusercontent.com
Software: /
Resource Hash: d5559d3b0cee55783bedf2468ef7d7e02f60eca4bb91ccd8ec0fbbba1644b8bf

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 11 Dec 2022 22:58:46 GMT
Transfer-Encoding: chunked
Content-Type: application/json
Access-Control-Allow-Origin: *
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Access-Control-Allow-Headers: Origin, Content-Type, Accept
Expires: 0

GET
H/1.1 200
OK / Show response
page.cdnbasket.net/ 14 B
338 B 466ms
124ms XHR
application/json 35.244.234.129
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://page.cdnbasket.net/
Requested by: Host: assets.bounceexchange.com
URL: https://assets.bounceexchange.com/assets/smart-tag/versioned/cjs_min_62f4846d97d6cffa05fd709123de3ea8.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.234.129 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 129.234.244.35.bc.googleusercontent.com
Software: /
Resource Hash: d149a1034a8ce482c5ec3fde61340e2451abab6530274fe558343e6808487ae3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 11 Dec 2022 22:58:47 GMT
Transfer-Encoding: chunked
Content-Type: application/json
Access-Control-Allow-Origin: *
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Access-Control-Allow-Headers: Origin, Content-Type, Accept
Expires: 0

GET
H/1.1 200
OK / Show response
view.cdnbasket.net/ 14 B
338 B 346ms
118ms XHR
application/json 34.120.126.172
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://view.cdnbasket.net/
Requested by: Host: assets.bounceexchange.com
URL: https://assets.bounceexchange.com/assets/smart-tag/versioned/cjs_min_62f4846d97d6cffa05fd709123de3ea8.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 34.120.126.172 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 172.126.120.34.bc.googleusercontent.com
Software: /
Resource Hash: 19bba2072525e746a5bf5bfc23d985f91eacfd203af7ed0aa224497768d28bb0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 11 Dec 2022 22:58:46 GMT
Transfer-Encoding: chunked
Content-Type: application/json
Access-Control-Allow-Origin: *
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Access-Control-Allow-Headers: Origin, Content-Type, Accept
Expires: 0

GET
H3 200 inbox_dbcafa82ba21334528d547ee82a14869.br.js Show response
assets.bounceexchange.com/assets/smart-tag/versioned/ 73 KB
19 KB 30ms
15ms Script
text/javascript 34.98.72.95
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.bounceexchange.com/assets/smart-tag/versioned/inbox_dbcafa82ba21334528d547ee82a14869.br.js
Requested by: Host: assets.bounceexchange.com
URL: https://assets.bounceexchange.com/assets/smart-tag/versioned/main_37f93cebd6888daeae25442881204685.br.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 95.72.98.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: c56617b3dabcfa00d7b20aa2b2e76ff3f4483fb67abb4bdcef754d617617d537

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Thu, 01 Dec 2022 21:04:53 GMT
content-encoding: br
age: 870833
x-guploader-uploadid: ADPycdsfx3fUhGZR3FtL_5gSO90HjzpJFDRjluonGvM0762M8aKru4xhd5BbI5yhieWZPS0po4M0Nu2gMljq4fNMeT4yMS7djjCW
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: br
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 19212
last-modified: Thu, 01 Dec 2022 21:04:45 GMT
server: UploadServer
etag: "b3024b00232fa083e1e1ad8aee0aef0b"
x-goog-generation: 1669928685364358
x-goog-hash: crc32c=QpYP6Q==, md5=swJLACMvoIPh4a2K7grvCw==
access-control-allow-origin: *
access-control-expose-headers: etag, Content-Type
cache-control: public,max-age=31536000
x-goog-stored-content-length: 19212
accept-ranges: bytes
content-type: text/javascript
expires: Fri, 01 Dec 2023 21:04:53 GMT

GET
H3 200 onsite_31d1be90b0e321456f3b3cf5a3139526.br.js Show response
assets.bounceexchange.com/assets/smart-tag/versioned/ 161 KB
34 KB 24ms
10ms Script
text/javascript 34.98.72.95
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.bounceexchange.com/assets/smart-tag/versioned/onsite_31d1be90b0e321456f3b3cf5a3139526.br.js
Requested by: Host: assets.bounceexchange.com
URL: https://assets.bounceexchange.com/assets/smart-tag/versioned/main_37f93cebd6888daeae25442881204685.br.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 95.72.98.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 2c9b2486941b18c4e3485fd402acc4f226d5431ae18e3596e8b97d9c9e3dd943

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 19:46:07 GMT
content-encoding: br
age: 357159
x-guploader-uploadid: ADPycdumYpjsT_VBemSGPsOU4tlQJIFD3Zl9xJjjo520tQQ5cEaLg9f5LYubwpffvrctaoSW-8UGDo3Ha5IOoY6WxBJeBwjKzhyI
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: br
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 34896
last-modified: Wed, 07 Dec 2022 19:45:55 GMT
server: UploadServer
etag: "66d13690db2542bee2878ce9364dd099"
x-goog-generation: 1670442355554780
x-goog-hash: crc32c=cvatHg==, md5=ZtE2kNslQr7ih4zpNk3QmQ==
access-control-allow-origin: *
access-control-expose-headers: etag, Content-Type
cache-control: public,max-age=31536000
x-goog-stored-content-length: 34896
accept-ranges: bytes
content-type: text/javascript
expires: Thu, 07 Dec 2023 19:46:07 GMT

GET
H3 200 /
www.google.com/pagead/1p-user-list/969619756/ 42 B
64 B 23ms
23ms Image
image/gif 2a00:1450:4001:803::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/969619756/?random=1670799526536&cv=11&fst=1670796000000&bg=ffffff&guid=ON&async=1&gtm=2wgbu0&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FsKHVj7O3RAWhevDLVmXnGw%2Fbooking%2FW4AT5aogRY-bnf1SLkkj3w%2Fterms%3FtermsType%3DCancellation%26tst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dcar_insurance&tiba=Cancellation%20Terms&fmt=3&is_vtc=1&random=3500137856&rmt_tld=0&ipr=y

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 22:58:46 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.de/pagead/1p-user-list/969619756/ 42 B
64 B 26ms
25ms Image
image/gif 2a00:1450:4001:806::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/969619756/?random=1670799526536&cv=11&fst=1670796000000&bg=ffffff&guid=ON&async=1&gtm=2wgbu0&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FsKHVj7O3RAWhevDLVmXnGw%2Fbooking%2FW4AT5aogRY-bnf1SLkkj3w%2Fterms%3FtermsType%3DCancellation%26tst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dcar_insurance&tiba=Cancellation%20Terms&fmt=3&is_vtc=1&random=3500137856&rmt_tld=1&ipr=y

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 22:58:46 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.com/pagead/1p-user-list/768643034/ 42 B
64 B 22ms
22ms Image
image/gif 2a00:1450:4001:803::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/768643034/?random=1670799526535&cv=11&fst=1670796000000&bg=ffffff&guid=ON&async=1&gtm=2wgbu0&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FsKHVj7O3RAWhevDLVmXnGw%2Fbooking%2FW4AT5aogRY-bnf1SLkkj3w%2Fterms%3FtermsType%3DCancellation%26tst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dcar_insurance&tiba=Cancellation%20Terms&fmt=3&is_vtc=1&random=1779541667&rmt_tld=0&ipr=y

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 22:58:46 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.de/pagead/1p-user-list/768643034/ 42 B
64 B 20ms
19ms Image
image/gif 2a00:1450:4001:806::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/768643034/?random=1670799526535&cv=11&fst=1670796000000&bg=ffffff&guid=ON&async=1&gtm=2wgbu0&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FsKHVj7O3RAWhevDLVmXnGw%2Fbooking%2FW4AT5aogRY-bnf1SLkkj3w%2Fterms%3FtermsType%3DCancellation%26tst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dcar_insurance&tiba=Cancellation%20Terms&fmt=3&is_vtc=1&random=1779541667&rmt_tld=1&ipr=y

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 22:58:46 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.com/pagead/1p-user-list/994591697/ 42 B
64 B 25ms
25ms Image
image/gif 2a00:1450:4001:803::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/994591697/?random=1670799526532&cv=11&fst=1670796000000&bg=ffffff&guid=ON&async=1&gtm=2wgbu0&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FsKHVj7O3RAWhevDLVmXnGw%2Fbooking%2FW4AT5aogRY-bnf1SLkkj3w%2Fterms%3FtermsType%3DCancellation%26tst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dcar_insurance&tiba=Cancellation%20Terms&fmt=3&is_vtc=1&random=1458196012&rmt_tld=0&ipr=y

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 22:58:46 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.de/pagead/1p-user-list/994591697/ 42 B
64 B 18ms
17ms Image
image/gif 2a00:1450:4001:806::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/994591697/?random=1670799526532&cv=11&fst=1670796000000&bg=ffffff&guid=ON&async=1&gtm=2wgbu0&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FsKHVj7O3RAWhevDLVmXnGw%2Fbooking%2FW4AT5aogRY-bnf1SLkkj3w%2Fterms%3FtermsType%3DCancellation%26tst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dcar_insurance&tiba=Cancellation%20Terms&fmt=3&is_vtc=1&random=1458196012&rmt_tld=1&ipr=y

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 22:58:46 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.com/pagead/1p-user-list/962827280/ 42 B
64 B 20ms
20ms Image
image/gif 2a00:1450:4001:803::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/962827280/?random=1670799526538&cv=11&fst=1670796000000&bg=ffffff&guid=ON&async=1&gtm=2wgbu0&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FsKHVj7O3RAWhevDLVmXnGw%2Fbooking%2FW4AT5aogRY-bnf1SLkkj3w%2Fterms%3FtermsType%3DCancellation%26tst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dcar_insurance&tiba=Cancellation%20Terms&fmt=3&is_vtc=1&random=926346256&rmt_tld=0&ipr=y

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 22:58:46 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.de/pagead/1p-user-list/962827280/ 42 B
64 B 25ms
25ms Image
image/gif 2a00:1450:4001:806::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/962827280/?random=1670799526538&cv=11&fst=1670796000000&bg=ffffff&guid=ON&async=1&gtm=2wgbu0&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FsKHVj7O3RAWhevDLVmXnGw%2Fbooking%2FW4AT5aogRY-bnf1SLkkj3w%2Fterms%3FtermsType%3DCancellation%26tst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dcar_insurance&tiba=Cancellation%20Terms&fmt=3&is_vtc=1&random=926346256&rmt_tld=1&ipr=y

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 22:58:46 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.com/pagead/1p-user-list/933849799/ 42 B
64 B 24ms
24ms Image
image/gif 2a00:1450:4001:803::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/933849799/?random=1670799526539&cv=11&fst=1670796000000&bg=ffffff&guid=ON&async=1&gtm=2wgbu0&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FsKHVj7O3RAWhevDLVmXnGw%2Fbooking%2FW4AT5aogRY-bnf1SLkkj3w%2Fterms%3FtermsType%3DCancellation%26tst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dcar_insurance&tiba=Cancellation%20Terms&fmt=3&is_vtc=1&random=13239700&rmt_tld=0&ipr=y

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 22:58:46 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.de/pagead/1p-user-list/933849799/ 42 B
64 B 25ms
25ms Image
image/gif 2a00:1450:4001:806::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/933849799/?random=1670799526539&cv=11&fst=1670796000000&bg=ffffff&guid=ON&async=1&gtm=2wgbu0&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FsKHVj7O3RAWhevDLVmXnGw%2Fbooking%2FW4AT5aogRY-bnf1SLkkj3w%2Fterms%3FtermsType%3DCancellation%26tst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dcar_insurance&tiba=Cancellation%20Terms&fmt=3&is_vtc=1&random=13239700&rmt_tld=1&ipr=y

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 22:58:46 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 451 365868.gif
idsync.rlcdn.com/ Frame B7C0 0
98 B 52ms
16ms Image
text/plain 35.244.174.68
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://idsync.rlcdn.com/365868.gif?partner_uid=47709484121795006523454029584194499358
Requested by: Host: travel.northeast.aaa.com
URL: https://travel.northeast.aaa.com/trip/sKHVj7O3RAWhevDLVmXnGw/booking/W4AT5aogRY-bnf1SLkkj3w/terms?termsType=Cancellation&tst_email=confirmation&utm_source=conf_email&utm_medium=email&utm_campaign=car_insurance
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.174.68 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 68.174.244.35.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aaanortheast.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 22:58:46 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H2 204 5950377.js Show response
bat.bing.com/p/action/ 0
118 B 106ms
106ms Script
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/p/action/5950377.js

Requested by

Host: bat.bing.com
URL: https://bat.bing.com/bat.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

access-control-allow-origin: *
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: private,max-age=1800
date: Sun, 11 Dec 2022 22:58:46 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 88D3528EFCED4872B10E9022F587BA8C Ref B: FRAEDGE1922 Ref C: 2022-12-11T22:58:46Z
x-cache: CONFIG_NOCACHE

GET
H2 204 0
bat.bing.com/action/ 0
175 B 30ms
30ms Image
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bat.bing.com/action/0?ti=5950377&tm=gtm002&Ver=2&mid=60529d6f-8360-4001-84bc-eb605fe72868&sid=5e4b4d1079a711edbfaf8d20631a4373&vid=5e4b718079a711edac03f3c4dd36c7d9&vids=1&msclkid=N&pi=1200101525&lg=en-US&sw=1600&sh=1200&sc=24&tl=Cancellation%20Terms&p=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FsKHVj7O3RAWhevDLVmXnGw%2Fbooking%2FW4AT5aogRY-bnf1SLkkj3w%2Fterms%3FtermsType%3DCancellation%26tst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dcar_insurance&r=&lt=3255&evt=pageLoad&sv=1&rn=564359

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Sun, 11 Dec 2022 22:58:46 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: A4B43E2361A34515BC688C39B3CF06CE Ref B: FRAEDGE1922 Ref C: 2022-12-11T22:58:46Z
x-cache: CONFIG_NOCACHE
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 16002467.js Show response
bat.bing.com/p/action/ 0
118 B 128ms
128ms Script
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/p/action/16002467.js

Requested by

Host: bat.bing.com
URL: https://bat.bing.com/bat.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

access-control-allow-origin: *
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: private,max-age=1800
date: Sun, 11 Dec 2022 22:58:46 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 970F8AE9250C4D2BAED436439FBFD762 Ref B: FRAEDGE1922 Ref C: 2022-12-11T22:58:46Z
x-cache: CONFIG_NOCACHE

GET
H2 204 0
bat.bing.com/action/ 0
119 B 72ms
63ms Image
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bat.bing.com/action/0?ti=16002467&tm=gtm002&Ver=2&mid=9543f3f8-da19-43e6-9623-70bdddfdbc6a&sid=5e4b4d1079a711edbfaf8d20631a4373&vid=5e4b718079a711edac03f3c4dd36c7d9&vids=0&msclkid=N&gtm_tag_source=1&pi=1200101525&lg=en-US&sw=1600&sh=1200&sc=24&tl=Cancellation%20Terms&p=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FsKHVj7O3RAWhevDLVmXnGw%2Fbooking%2FW4AT5aogRY-bnf1SLkkj3w%2Fterms%3FtermsType%3DCancellation%26tst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dcar_insurance&r=&lt=3255&evt=pageLoad&sv=1&rn=559933

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Sun, 11 Dec 2022 22:58:46 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 0E1F1C377385419FB6189F20967787B5 Ref B: FRAEDGE1922 Ref C: 2022-12-11T22:58:46Z
x-cache: CONFIG_NOCACHE
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 bookedTripSummary Show response
travel.northeast.aaa.com/trip/v1/trips/sKHVj7O3RAWhevDLVmXnGw/ 5 KB
5 KB 165ms
158ms Fetch
application/json 52.206.165.190
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://travel.northeast.aaa.com/trip/v1/trips/sKHVj7O3RAWhevDLVmXnGw/bookedTripSummary

Requested by

Host: d2wy8f7a9ursnm.cloudfront.net
URL: https://d2wy8f7a9ursnm.cloudfront.net/v7/bugsnag.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.206.165.190 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-206-165-190.compute-1.amazonaws.com

Software

Resource Hash

4c22fe391b6d67ac76003078df327e1a28fbc8738c9ca3242c12707146d792d6

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .tstllc.net .aaa.com ama.ab.ca .amatravel.ca .atlantic.caa.ca .caamanitoba.com .caaneo.ca .caask.ca .caaniagara.ca *.caascotravel.com
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/trip/sKHVj7O3RAWhevDLVmXnGw/booking/W4AT5aogRY-bnf1SLkkj3w/terms?termsType=Cancellation&tst_email=confirmation&utm_source=conf_email&utm_medium=email&utm_campaign=car_insurance
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 22:58:46 GMT
content-security-policy: frame-ancestors 'self' *.tstllc.net *.aaa.com ama.ab.ca *.amatravel.ca *.atlantic.caa.ca *.caamanitoba.com *.caaneo.ca *.caask.ca *.caaniagara.ca *.caascotravel.com
referrer-policy: origin-when-cross-origin, strict-origin-when-cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
trace-id: 7dbe39ba9f327bba
content-length: 4866
content-type: application/json

GET
H3 200 /
www.google.com/pagead/1p-user-list/994252266/ 42 B
64 B 25ms
18ms Image
image/gif 2a00:1450:4001:803::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/994252266/?random=1670799526541&cv=11&fst=1670796000000&bg=ffffff&guid=ON&async=1&gtm=2wgbu0&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FsKHVj7O3RAWhevDLVmXnGw%2Fbooking%2FW4AT5aogRY-bnf1SLkkj3w%2Fterms%3FtermsType%3DCancellation%26tst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dcar_insurance&tiba=Cancellation%20Terms&fmt=3&is_vtc=1&random=3480172393&rmt_tld=0&ipr=y

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 22:58:46 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.de/pagead/1p-user-list/994252266/ 42 B
64 B 26ms
19ms Image
image/gif 2a00:1450:4001:806::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/994252266/?random=1670799526541&cv=11&fst=1670796000000&bg=ffffff&guid=ON&async=1&gtm=2wgbu0&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FsKHVj7O3RAWhevDLVmXnGw%2Fbooking%2FW4AT5aogRY-bnf1SLkkj3w%2Fterms%3FtermsType%3DCancellation%26tst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dcar_insurance&tiba=Cancellation%20Terms&fmt=3&is_vtc=1&random=3480172393&rmt_tld=1&ipr=y

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 22:58:46 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 local_storage_frame16.min.html Show response
assets.bounceexchange.com/assets/bounce/ Frame 83E4 2 KB
1 KB 7ms
7ms Document
text/html 34.98.72.95
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.bounceexchange.com/assets/bounce/local_storage_frame16.min.html
Requested by: Host: assets.bounceexchange.com
URL: https://assets.bounceexchange.com/assets/smart-tag/versioned/main_37f93cebd6888daeae25442881204685.br.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 95.72.98.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: f2f11e4d45030f1f21ec7d3ae67a65b83c4c67016fe861fbebdff04ca0c8cd60

Request headers

Referer: https://travel.northeast.aaa.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
access-control-expose-headers: etag Content-Type
age: 1049985
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public,max-age=31536000
content-encoding: gzip
content-length: 1055
content-type: text/html; charset=UTF-8
date: Tue, 29 Nov 2022 19:19:01 GMT
etag: "1e3df60bfd36f99a4182437f3b822486"
expires: Wed, 29 Nov 2023 19:19:01 GMT
last-modified: Mon, 21 Nov 2022 14:55:31 GMT
server: UploadServer
vary: Accept-Encoding
x-goog-generation: 1669042531298951
x-goog-hash: crc32c=S/72Hg== md5=Hj32C/02+ZpBgkN/O4Ikhg==
x-goog-metageneration: 1
x-goog-storage-class: MULTI_REGIONAL
x-goog-stored-content-encoding: gzip
x-goog-stored-content-length: 1055
x-guploader-uploadid: ADPycds_D_8dbD4xFBbO02AQwtoZEID9cF9ucKfJ1V3i77pC1LOpR6KF3V0yqPXkoCTDLietKaSMo_scBROdvRnswd7QvA

GET
H/1.1

200
OK

ibs:dpid=470&dpuuid=4145369225822972429
dpm.demdex.net/ Frame B7C0
Redirect Chain

https://d.turn.com/r/dd/id/L2NzaWQvMS9jaWQvMjM2NTYzMjkvdC8y/url/https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D470%26dpuuid%3D%24!%7BTURN_UUID%7D
https://dpm.demdex.net/ibs:dpid=470&dpuuid=4145369225822972429

42 B
942 B

33ms
33ms

Image
image/gif

52.19.242.51
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=470&dpuuid=4145369225822972429

Requested by

Protocol

HTTP/1.1

Server

52.19.242.51 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-19-242-51.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aaanortheast.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

DCS: dcs-prod-irl1-1-v045-0e1730cee.edge-irl1.demdex.com 2 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: zmfdzcv9Tr4=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Content-Type: image/gif
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

location: https://dpm.demdex.net/ibs:dpid=470&dpuuid=4145369225822972429
pragma: no-cache
date: Sun, 11 Dec 2022 22:58:46 GMT
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length: 0
p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

GET
H2 200 RC2eeb97d4f2ef46e9b05f577d78f44027-source.min.js Show response
assets.adobedtm.com/5ddcd7778a26/f8fc72cd597d/89ed724d5d88/ 373 B
506 B 14ms
14ms Script
application/x-javascript 2a02:26f0:3500:587::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/5ddcd7778a26/f8fc72cd597d/89ed724d5d88/RC2eeb97d4f2ef46e9b05f577d78f44027-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/c0e73f44ef33452babf4efe81baa1b482ed0ca98/satelliteLib-eaeb14e639d9c16e6550a4be4dc38d49846c3e8f.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:587::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: e37006087cb6a7068f51492170dd9a2541651a9ec213778d91b42e040679d3b1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 22:58:46 GMT
content-encoding: gzip
last-modified: Thu, 08 Dec 2022 18:13:46 GMT
server: AkamaiNetStorage
etag: "fcad905560ab06c0aa86aebad4f379e5:1670523226.102259"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://travel.northeast.aaa.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 235
expires: Sun, 11 Dec 2022 23:58:46 GMT

GET
H3 451 365868.gif
idsync.rlcdn.com/ Frame B7C0 0
9 B 30ms
16ms Image
text/plain 35.244.174.68
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://idsync.rlcdn.com/365868.gif?partner_uid=47709484121795006523454029584194499358
Requested by: Host: travel.northeast.aaa.com
URL: https://travel.northeast.aaa.com/trip/sKHVj7O3RAWhevDLVmXnGw/booking/W4AT5aogRY-bnf1SLkkj3w/terms?termsType=Cancellation&tst_email=confirmation&utm_source=conf_email&utm_medium=email&utm_campaign=car_insurance
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.244.174.68 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 68.174.244.35.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aaanortheast.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 22:58:46 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H2 200 s38904231098932 Show response
mcdmetrics.aaa.com/b/ss/aaanortheastprod/10/JS-2.23.0-LCXS/ 5 KB
6 KB 43ms
43ms Script
application/x-javascript 15.188.95.229
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://mcdmetrics.aaa.com/b/ss/aaanortheastprod/10/JS-2.23.0-LCXS/s38904231098932?AQB=1&ndh=1&pf=1&callback=s_c_il[1].doPostbacks&et=1&t=11%2F11%2F2022%2022%3A58%3A46%200%200&d.&nsid=0&jsonv=1&coop_safe=1&.d&sdid=0755E946199F4D1B-2620370947686BF7&mid=47931785966569313703413226449334427480&aamlh=6&ce=UTF-8&pageName=Cancellation%20Terms&g=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FsKHVj7O3RAWhevDLVmXnGw%2Fbooking%2FW4AT5aogRY-bnf1SLkkj3w%2Fterms%3FtermsType%3DCancellation%26tst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dcar_insurance&cc=USD&ch=Travel%20-%20TST&events=event4&aamb=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&c1=travel.northeast.aaa.com%2Ftrip%2FsKHVj7O3RAWhevDLVmXnGw%2Fbooking%2FW4AT5aogRY-bnf1SLkkj3w%2Fterms&v5=Cancellation%20Terms&v6=travel.northeast.aaa.com%2Ftrip%2FsKHVj7O3RAWhevDLVmXnGw%2Fbooking%2FW4AT5aogRY-bnf1SLkkj3w%2Fterms&c9=%3FtermsType%3DCancellation%26tst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dcar_insurance&c12=D%3DUser-Agent&c15=travel.northeast.aaa.com&c17=customer&v37=47931785966569313703413226449334427480&v47=%3FtermsType%3DCancellation%26tst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dcar_insurance&v55=Light&v69=false&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&mcorgid=F5237FF958248ED40A495E58%40AdobeOrg&AQE=1

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/extensions/EPbf7b42aa08bc4f10879b1484195e80d1/AppMeasurement.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

15.188.95.229 Paris, France, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-15-188-95-229.eu-west-3.compute.amazonaws.com

Software

jag /

Resource Hash

8950998ca4b394bfefc913b763a06aeb938401114277539690aa9c829094e954

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

x-aam-tid: xehAlts0Tmc=
date: Sun, 11 Dec 2022 22:58:47 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
p3p: CP="This is not a P3P policy"
content-length: 5504
x-xss-protection: 1; mode=block
dcs: dcs-prod-irl1-1-v045-03c381005.edge-irl1.demdex.com 5 ms
pragma: no-cache
last-modified: Mon, 12 Dec 2022 22:58:46 GMT
server: jag
etag: 3588014661739446272-4619773282320312714
vary: *
content-type: application/x-javascript;charset=utf-8
access-control-allow-origin: *
cache-control: no-cache, no-store, max-age=0, no-transform, private
expires: Sat, 10 Dec 2022 22:58:46 GMT

GET
H2 200 hbpix
idpix.media6degrees.com/orbserv/ Frame B7C0 43 B
205 B 277ms
135ms Image
image/gif 2606:4700::6812:17ea
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://idpix.media6degrees.com/orbserv/hbpix?pixId=16873&pcv=70&ptid=66&tpuv=01&tpu=47709484121795006523454029584194499358
Requested by: Host: travel.northeast.aaa.com
URL: https://travel.northeast.aaa.com/trip/sKHVj7O3RAWhevDLVmXnGw/booking/W4AT5aogRY-bnf1SLkkj3w/terms?termsType=Cancellation&tst_email=confirmation&utm_source=conf_email&utm_medium=email&utm_campaign=car_insurance
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2606:4700::6812:17ea , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4abdc5bae3773141e85e6bed6c09953d57aded7ef98b1d304c42807f2229474f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aaanortheast.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 22:58:47 GMT
cf-cache-status: DYNAMIC
last-modified: Fri, 08 Sep 2017 18:54:25 GMT
server: cloudflare
etag: "59b2e761-2b"
content-type: image/gif
accept-ranges: bytes
cf-ray: 7781d3b49ea0bc04-FRA
content-length: 43

POST
H2 200 801161170 Show response
hn.inspectlet.com/ginit/ 214 B
467 B 260ms
250ms XHR
application/json 2606:4700:10::ac43:aac
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://hn.inspectlet.com/ginit/801161170
Requested by: Host: cdn.inspectlet.com
URL: https://cdn.inspectlet.com/inspectlet.js?wid=801161170&r=464110
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:aac , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: cf8919c63dd92ee1068201a9919c6670eb2259dff4bfb0413236c18ebbf3e3f4

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://travel.northeast.aaa.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

date: Sun, 11 Dec 2022 22:58:47 GMT
via: 1.1 vegur
content-encoding: gzip
cf-cache-status: DYNAMIC
server: cloudflare
x-powered-by: Express
etag: W/"d6-uCN9Gb51sTDRMXr6be+lDQ"
access-control-allow-methods: GET, POST
content-type: application/json; charset=utf-8
access-control-allow-origin: https://travel.northeast.aaa.com
cache-control: no-cache
access-control-allow-credentials: true
cf-ray: 7781d3b3ddb29bdd-FRA
access-control-allow-headers: X-Requested-With, Content-Type
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 generic
match.adsrvr.org/track/cmf/ Frame B7C0 70 B
265 B 223ms
34ms Image
image/gif 52.223.40.198
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/generic?ttd_pid=aam&gdpr=0&gdpr_consent=&domain=travel.northeast.aaa.com&ttd_tpi=1
Requested by: Host: travel.northeast.aaa.com
URL: https://travel.northeast.aaa.com/trip/sKHVj7O3RAWhevDLVmXnGw/booking/W4AT5aogRY-bnf1SLkkj3w/terms?termsType=Cancellation&tst_email=confirmation&utm_source=conf_email&utm_medium=email&utm_campaign=car_insurance
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.223.40.198 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aaanortheast.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Sun, 11 Dec 2022 22:58:47 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H2 200 c Show response
ids.cdnwidget.com/ 31 B
206 B 144ms
121ms XHR
application/json 34.107.191.194
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://ids.cdnwidget.com/c?cookieID=&deviceID=&iv=&v=&GCH1=&SCH1=&GCS1=056206162&GCS2=ODhmY2M2OWMtZDhhNi00Y2VmLWFlZjMtZjFmZGQ5YWNiNWNiLmxvY2Fs&pe=false&wsid=3328&varID=&varData=undefined&log=%7B%22config%22%3A%7B%22gmEN%22%3Atrue%2C%22pixEN%22%3Atrue%7D%2C%22apikey%22%3A%222%5EHIykD%22%2C%22cjsversion%22%3A%221.5.9%22%2C%22wsid%22%3A3328%2C%22loadID%22%3A%221hzbRATACcKUAip%22%2C%22timing%22%3A%7B%22sessionStorageLoad%22%3A8%2C%22IDStageStart%22%3A8%2C%22netComplete%22%3A173%2C%22obsReqdata%22%3A254%2C%22obsReqview%22%3A364%2C%22obsReqpage%22%3A477%2C%22IDStagePrefire%22%3A477%7D%2C%22matches%22%3A%7B%22cookie%22%3Afalse%2C%22LS%22%3Afalse%7D%2C%22info%22%3A%7B%22isSpoofed%22%3Afalse%2C%22PM%22%3Afalse%2C%22DNT%22%3Afalse%2C%22deviceTimezone%22%3A0%2C%22extensionID%22%3Anull%2C%22externalID%22%3Anull%2C%22agent%22%3A%7B%22device%22%3Anull%7D%2C%22firstLoad%22%3Atrue%7D%7D
Requested by: Host: cdn.inspectlet.com
URL: https://cdn.inspectlet.com/inspectlet.js?wid=801161170&r=464110
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.107.191.194 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 194.191.107.34.bc.googleusercontent.com
Software: /
Resource Hash: 6627c5ab36fa407f18fc9b6987e359eccef005ae6d35b370d2142b7daa770324

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

access-control-allow-origin: https://travel.northeast.aaa.com
date: Sun, 11 Dec 2022 22:58:47 GMT
via: 1.1 google
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-type: application/json

GET
H/1.1

200
OK

ibs:dpid=30064&dpuuid=%7BUUID_6j5b2cv%7D
dpm.demdex.net/ Frame B7C0
Redirect Chain

https://ps.eyeota.net/match?bid=6j5b2cv&uid=47709484121795006523454029584194499358&r=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D30064%26dpuuid%3D%7BUUID_6j5b2cv%7D
https://dpm.demdex.net/ibs:dpid=30064&dpuuid=%7BUUID_6j5b2cv%7D

42 B
960 B

32ms
31ms

Image
image/gif

52.19.242.51
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=30064&dpuuid=%7BUUID_6j5b2cv%7D

Requested by

Protocol

HTTP/1.1

Server

52.19.242.51 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-19-242-51.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aaanortheast.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

DCS: dcs-prod-irl1-2-v045-071cdea73.edge-irl1.demdex.com 0 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: oFRtyIuTTt0=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Content-Type: image/gif
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
X-Error: 104,303
Connection: keep-alive
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

Location: https://dpm.demdex.net/ibs:dpid=30064&dpuuid={UUID_6j5b2cv}
Date: Sun, 11 Dec 2022 22:58:47 GMT
Content-Length: 0
P3P: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR SAMo BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR", policyref="http://ps.eyeota.net/w3c/p3p.xml"

GET
H2 200 init1.js Show response
api.bounceexchange.com/bounce/ 36 B
342 B 146ms
45ms Script
text/html 34.111.8.32
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://api.bounceexchange.com/bounce/init1.js?wklzs=1152&wklz=C4ewVgigvAZgrgOwMbAJYgQMhQZygRgDYB2ABmIE4KBWAJmNutM2AC8QpmB3AUwCMcqYDwD6qACZQAzFNoAOTACceOEABs4aDAUKlSAD3y09SnjB6LliqNgCGatagQBzEXEVqoAC2DAADjgApFIAgoG0AGLhEcCKtgBuPGoAdAggisBePLY4wMm2BclIIAC20bGoftE4ANIAEgBqYMQA8lIASiEA6lnxACIAMg0lABoIAOJc0XwgIADWTs7RXQAsIQAq1LYgzu0AmgC0fAgw+ADKA3NzYFJTkcKKJUFSMRZP6wCefjzBfQDCtmQSTUti0CHChGAuREPBKtlQal+xROqEeoPQ4NohE0JREqncSB+Uj6yJgMLhCIhOJEJR44lQcDKxNh8MRWOpSFsJT88Oc4OJnMUYgQOHcgMJmHiqEEwBExXmqB4UECxAAQuFaGoqrRaMEwjqfP4goxQuE6FFGPc4okUmkMlkcnkCrYiqUzVbKu6IrVGs02p0ejx+kNRhM7uaZgqXF7Vhstjt9kcTudLtdbl6Hk8zS9MzhPt9s-9xcD0Rh3ZDoSzKSaSRgYKi4WDy9T8YpCYXSeTWc3gLjafTGYWq2y6Nje3KuTzUHyO7YhU5RXEgRrwn8NYoV6adSviH1sLMFkqVeqdfFN2E1RqkFkkHMQJoabC+BYcF5KiJgF8ftvQjB7DhvzXHVaRKZ9FFfd8-EUVB2x-EI-zUADVw1ECwIgvwRAQLlv11X9-0AjVpUfUCLHPBCkNoIDaCDCwRDUHZnDpYUyPwlU+mQnVxGcCJUVyAYQFscRz1iOAfl3SU5xwABtWkEDgEQQG+BAAF1YHwiTwKk68eFve9ZVQl83wwz9vlU8ieA06TWHfZxQVEKCVB4BBgDM9T4kkqTrIw4pxB4VzEIs9zNIM8CjJEKCYL8tSAssmSn0M98sNpfyANioiQpSwKPPo5xGPEYVMtimihRyvKCui1KguknlGLxOA+BKIRhHEQr4l8mAtJvO8HxC9CPy-Vr2rikjQsg6DCUGsxhrQsKkqi8z9wVURQBAOi50YiqLL4PxOEwHh-CgKSACJOWEZx0g+I6ABoTq6vTrqOrxSh4B6oJAcQ4BQB6ALna8juUzA-ChGxim5RxixEGAQWcGx4i8WwoCAA
Requested by: Host: assets.bounceexchange.com
URL: https://assets.bounceexchange.com/assets/smart-tag/versioned/main_37f93cebd6888daeae25442881204685.br.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.111.8.32 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 32.8.111.34.bc.googleusercontent.com
Software: /
Resource Hash: fe3fcb884394be745dbd11141b6d780028a4d86106b6292d7502db096f582218

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

p3p: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
date: Sun, 11 Dec 2022 22:58:47 GMT
content-encoding: gzip
x-envoy-upstream-service-time: 23
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-type: text/html; charset=UTF-8

GET
H2 204 cjs-logger
e.cdnwidget.com/ 0
100 B 151ms
119ms Image
image/png 34.102.193.48
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://e.cdnwidget.com/cjs-logger?source=ID%20generation%20error&severity=Warning&error=Country%2520not%2520allowed&cookieID=&deviceID=&BXWID=3328&warpspeed=2%5EHIykD&loadID=1hzbRATACcKUAip&version=1.5.9
Requested by: Host: travel.northeast.aaa.com
URL: https://travel.northeast.aaa.com/trip/sKHVj7O3RAWhevDLVmXnGw/booking/W4AT5aogRY-bnf1SLkkj3w/terms?termsType=Cancellation&tst_email=confirmation&utm_source=conf_email&utm_medium=email&utm_campaign=car_insurance
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.102.193.48 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 48.193.102.34.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 22:58:47 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-type: image/png

POST
H3 200 tag Show response
hn.inspectlet.com/ 4 B
262 B 219ms
205ms XHR
text/html 2606:4700:10::6816:39f5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://hn.inspectlet.com/tag
Requested by: Host: cdn.inspectlet.com
URL: https://cdn.inspectlet.com/inspectlet.js?wid=801161170&r=464110
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:10::6816:39f5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: 9795c5ff8937f23526ccb207a5684c1fc94a7854e19c021b39d944e51f5baef2

Request headers

Accept: */*
Referer: https://travel.northeast.aaa.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

date: Sun, 11 Dec 2022 22:58:47 GMT
via: 1.1 vegur
cf-cache-status: DYNAMIC
server: cloudflare
x-powered-by: Express
etag: W/"4-b9sIeqP7+8uCh6WToJGeYQ"
access-control-allow-methods: GET, POST
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-cache
cf-ray: 7781d3b5ce0f9b2e-FRA
access-control-allow-headers: X-Requested-With, Content-Type
content-length: 4
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H/1.1

200
OK

ibs:dpid=30646
dpm.demdex.net/ Frame B7C0
Redirect Chain

https://cms.analytics.yahoo.com/cms?partner_id=ADOBE&_hosted_id=47709484121795006523454029584194499358&gdpr=0&gdpr_consent=
https://dpm.demdex.net/ibs:dpid=30646?dpuuid=y-PygnBo9E2pFz5UoEsaIcZVr2Z6kdVX1j3Hs-~A

42 B
942 B

33ms
33ms

Image
image/gif

52.19.242.51
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=30646?dpuuid=y-PygnBo9E2pFz5UoEsaIcZVr2Z6kdVX1j3Hs-~A

Protocol

HTTP/1.1

Server

52.19.242.51 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-19-242-51.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aaanortheast.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

DCS: dcs-prod-irl1-2-v045-0e1f48b6d.edge-irl1.demdex.com 2 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: YI4m7EQmTQE=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Content-Type: image/gif
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

date: Sun, 11 Dec 2022 22:58:47 GMT
strict-transport-security: max-age=31536000
via: http/1.1 spdc0106.pbp.ir2.yahoo.com (ApacheTrafficServer)
server: ATS
age: 0
content-type: text/html;charset=utf-8
location: https://dpm.demdex.net/ibs:dpid=30646?dpuuid=y-PygnBo9E2pFz5UoEsaIcZVr2Z6kdVX1j3Hs-~A
content-length: 0

GET
H3 200 gtm.js Show response
www.googletagmanager.com/ 515 KB
113 KB 16ms
16ms Script
application/javascript 2a00:1450:4001:830::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-T6BPC96&l=aaa_gtm_prod

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

a0f583b1d9fc9517d659839cd6f0ee25895d5a7b89d29cf06c7877418a0ffff9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 22:58:47 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 115339
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sun, 11 Dec 2022 22:58:47 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 7ms
7ms Image
image/gif 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j98&a=145269316&t=event&ni=0&_s=1&dl=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FsKHVj7O3RAWhevDLVmXnGw%2Fbooking%2FW4AT5aogRY-bnf1SLkkj3w%2Fterms%3FtermsType%3DCancellation%26tst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dcar_insurance&ul=en-us&de=UTF-8&dt=Cancellation%20Terms&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=Site%20Error&ea=JS%20Error%3A%20Uncaught%20TypeError%3A%20Cannot%20read%20properties%20of%20null%20(reading%20%27value%27)&el=2022-12-11T22%3A58%3A47%2B00%3A00&_u=aEHAAEABAAAAACAEK~&jid=&gjid=&cid=2015723410.1670799526&tid=UA-55392727-1&_gid=1384306846.1670799526&gtm=2wgbu0W79ZLQ&z=28094297

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 00:43:41 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 80106
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

noop
px.owneriq.net/ Frame B7C0
Redirect Chain

https://px.owneriq.net/eucm/p/adpq?redir=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D53196%26dpuuid%3D(OIQ_UUID)
https://px.owneriq.net/ecc?redir=https%3a%2f%2fdpm.demdex.net%2fibs%3adpid%3d53196%26dpuuid%3dQ7240859271140296342&uid=Q7240859271140296342&ref=%2Feucm%2Fp%2Fadpq
https://px.owneriq.net/noop?ct=image%2Fgif

0
287 B

7ms
7ms

Image
image/gif

184.24.11.75
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.owneriq.net/noop?ct=image%2Fgif
Protocol: HTTP/1.1
Server: 184.24.11.75 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-24-11-75.deploy.static.akamaitechnologies.com
Software: Apache/2.4.6 (CentOS) / PHP/7.3.33
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aaanortheast.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Date: Sun, 11 Dec 2022 22:58:47 GMT
Server: Apache/2.4.6 (CentOS)
Connection: keep-alive
X-Powered-By: PHP/7.3.33
Content-Length: 0
Content-Type: image/gif

Redirect headers

Location: https://px.owneriq.net/noop?ct=image%2Fgif
Date: Sun, 11 Dec 2022 22:58:47 GMT
Server: AkamaiGHost
Connection: keep-alive
Content-Length: 0

GET
H2 404 usersync
usersync.videoamp.com/ Frame B7C0 0
79 B 324ms
104ms Image
text/plain 35.175.70.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://usersync.videoamp.com/usersync?partner_id=6667929&partner_user_id=47709484121795006523454029584194499358&redirect=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D70962%26dpuuid%3D%7Bvamp_user_id%7D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.175.70.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-175-70-135.compute-1.amazonaws.com
Software: istio-envoy /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aaanortheast.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 22:58:47 GMT
x-envoy-upstream-service-time: 0
server: istio-envoy
content-length: 0

GET
H/1.1

200
OK

ibs:dpid=73426&dpuuid=47709484121795006523454029584194499358
dpm.demdex.net/ Frame B7C0
Redirect Chain

https://ads.scorecardresearch.com/p?c1=9&c2=6034944&c3=2&cs_xi=47709484121795006523454029584194499358&rn=1670799525648&r=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D73426%26dpuuid%3D477094841217950...
https://ads.scorecardresearch.com/p2?c1=9&c2=6034944&c3=2&cs_xi=47709484121795006523454029584194499358&rn=1670799525648&r=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D73426%26dpuuid%3D47709484121795...
https://dpm.demdex.net/ibs:dpid=73426&dpuuid=47709484121795006523454029584194499358

42 B
942 B

34ms
33ms

Image
image/gif

52.19.242.51
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=73426&dpuuid=47709484121795006523454029584194499358

Protocol

HTTP/1.1

Server

52.19.242.51 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-19-242-51.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aaanortheast.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

DCS: dcs-prod-irl1-2-v045-0f2a7c28b.edge-irl1.demdex.com 1 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: L6sKUr9uR6k=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Content-Type: image/gif
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

location: https://dpm.demdex.net/ibs:dpid=73426&dpuuid=47709484121795006523454029584194499358
date: Sun, 11 Dec 2022 22:58:47 GMT
via: 1.1 d262e104d5d9dd6a4a52f090bdf9395c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P3
content-length: 0
x-amz-cf-id: v7Jf-4aTjq2NknpU15Cpp9fWo9mf73Adb7YfsZW5P5kVqIQuP5WvZw==
x-cache: Miss from cloudfront

GET
H2 404 tpid=47709484121795006523454029584194499358
sync.crwdcntrl.net/map/c=9828/tp=ADBE/gdpr=0/gdpr_consent=/ Frame B7C0 49 B
266 B 101ms
29ms Image
image/gif 52.19.187.82
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.crwdcntrl.net/map/c=9828/tp=ADBE/gdpr=0/gdpr_consent=/tpid=47709484121795006523454029584194499358?https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D121998%26dpuuid%3D${profile_id}
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.19.187.82 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-19-187-82.eu-west-1.compute.amazonaws.com
Software: Jetty(9.4.38.v20210224) /
Resource Hash: 2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aaanortheast.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 22:58:47 GMT
server: Jetty(9.4.38.v20210224)
content-type: image/gif
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin: *
cache-control: no-cache
x-server: 10.45.17.198
content-length: 49
expires: 0

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame B7C0
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_push%26google_sc%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_...
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_push&google_sc&google_hm=WTVaZ3BRQUFBQnZYWmdPSg==

170 B
502 B

52ms
17ms

Image
image/png

142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_push&google_sc&google_hm=WTVaZ3BRQUFBQnZYWmdPSg==

Protocol

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aaanortheast.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 22:58:47 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

x-served-by: cache-hhn-etou8220075-HHN
pragma: no-cache
date: Sun, 11 Dec 2022 22:58:47 GMT
via: 1.1 varnish
server: Varnish
x-timer: S1670799528.895055,VS0,VE0
x-cache: HIT
location: https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_push&google_sc&google_hm=WTVaZ3BRQUFBQnZYWmdPSg==
cache-control: no-cache
accept-ranges: bytes
content-length: 0
retry-after: 0
x-cache-hits: 0

GET
H/1.1

204
No Content

tap.php
pixel.rubiconproject.com/ Frame B7C0
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/btu4jd3a?redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D7941%26nid%3D2243%26put%3D%24%7BUSER_ID%7D%26expires%3D90
https://pixel.rubiconproject.com/tap.php?v=7941&nid=2243&put=Y5ZgpQAAABvXZgOJ&expires=90

0
239 B

70ms
7ms

Image
image/gif

69.173.144.138
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=7941&nid=2243&put=Y5ZgpQAAABvXZgOJ&expires=90
Protocol: HTTP/1.1
Server: 69.173.144.138 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aaanortheast.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Content-Type: image/gif
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
X-RPHost: 8f052d4f888ae4e0626c5f819879cacd
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

Redirect headers

x-served-by: cache-hhn-etou8220075-HHN
pragma: no-cache
date: Sun, 11 Dec 2022 22:58:47 GMT
via: 1.1 varnish
server: Varnish
x-timer: S1670799528.980464,VS0,VE0
x-cache: HIT
location: https://pixel.rubiconproject.com/tap.php?v=7941&nid=2243&put=Y5ZgpQAAABvXZgOJ&expires=90
cache-control: no-cache
accept-ranges: bytes
content-length: 0
retry-after: 0
x-cache-hits: 0

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame B7C0
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/ZMAwryCI?redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Frum%3Fcm_dsp_id%3D88%26external_user_id%3D%24%7BTM_USER_ID%7D
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=88&external_user_id=Y5ZgpQAAABvXZgOJ
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=88&external_user_id=Y5ZgpQAAABvXZgOJ&C=1

43 B
766 B

7ms
7ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=88&external_user_id=Y5ZgpQAAABvXZgOJ&C=1
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aaanortheast.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 11 Dec 2022 22:58:48 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=499
Content-Length: 43
Expires: 0

Redirect headers

Pragma: no-cache
Date: Sun, 11 Dec 2022 22:58:48 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: /rum?cm_dsp_id=88&external_user_id=Y5ZgpQAAABvXZgOJ&C=1
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=500
Content-Length: 0
Expires: 0

GET
H3 200 /
www.facebook.com/tr/ 0
18 B 16ms
7ms Image
text/plain 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=136696297006053&ev=Microdata&dl=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FsKHVj7O3RAWhevDLVmXnGw%2Fbooking%2FW4AT5aogRY-bnf1SLkkj3w%2Fterms%3FtermsType%3DCancellation%26tst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dcar_insurance&rl=&if=false&ts=1670799528119&cd[DataLayer]=%5B%5D&cd[Meta]=%7B%22title%22%3A%22Cancellation%20Terms%22%2C%22meta%3Adescription%22%3A%22Find%20inspiration%2C%20travel%20deals%20and%20reviews%20to%20help%20you%20make%20the%20most%20of%20your%20travel%20destination.%22%7D&cd[OpenGraph]=%7B%7D&cd[Schema.org]=%5B%5D&cd[JSON-LD]=%5B%5D&sw=1600&sh=1200&v=2.9.89&r=stable&ec=1&o=30&fbp=fb.1.1670799526614.832979254&it=1670799526475&coo=false&es=automatic&tm=3&rqm=GET

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Sun, 11 Dec 2022 22:58:48 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0
priority: u=3,i

GET

setuid
ib.adnxs.com/ Frame B7C0
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/UH6TUt9n?redir=https%3A%2F%2Fib.adnxs.com%2Fsetuid%3Fentity%3D158%26code%3D%24%7BTM_USER_ID%7D
https://ib.adnxs.com/setuid?entity=158&code=Y5ZgpQAAABvXZgOJ

0
0

GET
H2

200

sd
us-u.openx.net/w/1.0/ Frame B7C0
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/ny75r2x0?redir=https%3A%2F%2Fus-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537148856%26val%3D%24%7BTM_USER_ID%7D
https://us-u.openx.net/w/1.0/sd?id=537148856&val=Y5ZgpQAAABvXZgOJ

43 B
273 B

54ms
15ms

Image
image/gif

35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537148856&val=Y5ZgpQAAABvXZgOJ
Protocol: H2
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aaanortheast.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 22:58:48 GMT
via: 1.1 google
server: OXGW/0.0.0
vary: Accept
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

x-served-by: cache-hhn-etou8220075-HHN
pragma: no-cache
date: Sun, 11 Dec 2022 22:58:48 GMT
via: 1.1 varnish
server: Varnish
x-timer: S1670799528.284072,VS0,VE0
x-cache: HIT
location: https://us-u.openx.net/w/1.0/sd?id=537148856&val=Y5ZgpQAAABvXZgOJ
cache-control: no-cache
accept-ranges: bytes
content-length: 0
retry-after: 0
x-cache-hits: 0

GET
H2

200

Pug
image2.pubmatic.com/AdServer/ Frame B7C0
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/b9pj45k4?redir=https%3A%2F%2Fimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER...
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=Y5ZgpQAAABvXZgOJ

1 B
453 B

185ms
14ms

Image
text/html

185.64.189.110
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=Y5ZgpQAAABvXZgOJ
Protocol: H2
Server: 185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aaanortheast.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

content-type: text/html; charset=utf-8
date: Sun, 11 Dec 2022 22:58:47 GMT
cache-control: no-store, no-cache, private
server: nginx
content-length: 1
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

x-served-by: cache-hhn-etou8220075-HHN
pragma: no-cache
date: Sun, 11 Dec 2022 22:58:48 GMT
via: 1.1 varnish
server: Varnish
x-timer: S1670799528.384855,VS0,VE0
x-cache: HIT
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=Y5ZgpQAAABvXZgOJ
cache-control: no-cache
accept-ranges: bytes
content-length: 0
retry-after: 0
x-cache-hits: 0

GET
H/1.1

200

partner
sync.search.spotxchange.com/ Frame B7C0
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/h0r58thg?redir=https%3A%2F%2Fsync.search.spotxchange.com%2Fpartner%3Fadv_id%3D6409%26uid%3D%24%7BUSER_ID%7D%26img%3D1
https://sync.search.spotxchange.com/partner?adv_id=6409&uid=Y5ZgpQAAABvXZgOJ&img=1
https://sync.search.spotxchange.com/partner?adv_id=6409&uid=Y5ZgpQAAABvXZgOJ&img=1&__user_check__=1&sync_id=5f6d26a7-79a7-11ed-bcea-1586fee60306

43 B
548 B

15ms
15ms

Image
image/gif

185.94.180.126
SPOTX-AMS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.search.spotxchange.com/partner?adv_id=6409&uid=Y5ZgpQAAABvXZgOJ&img=1&__user_check__=1&sync_id=5f6d26a7-79a7-11ed-bcea-1586fee60306
Protocol: HTTP/1.1
Server: 185.94.180.126 Amsterdam, Netherlands, ASN35220 (SPOTX-AMS, US),
Reverse DNS
Software: nginx /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aaanortheast.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Date: Sun, 11 Dec 2022 22:58:48 GMT
Server: nginx
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: image/gif
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials: false
X-fe: 39
Connection: keep-alive
Content-Length: 43

Redirect headers

Date: Sun, 11 Dec 2022 22:58:48 GMT
Server: nginx
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/plain
Location: /partner?adv_id=6409&uid=Y5ZgpQAAABvXZgOJ&img=1&__user_check__=1&sync_id=5f6d26a7-79a7-11ed-bcea-1586fee60306
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials: false
X-fe: 44
Connection: keep-alive
Content-Length: 0

GET
H3

200

b.php
www.facebook.com/fr/ Frame B7C0
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/r7ifn0SL?redir=https%3A%2F%2Fwww.facebook.com%2Ffr%2Fb.php%3Fp%3D1531105787105294%26e%3D%24%7BTM_USER_ID%7D%26t%3D2592000%26o%3D0
https://www.facebook.com/fr/b.php?p=1531105787105294&e=Y5ZgpQAAABvXZgOJ&t=2592000&o=0

43 B
68 B

110ms
109ms

Image
image/gif

2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/fr/b.php?p=1531105787105294&e=Y5ZgpQAAABvXZgOJ&t=2592000&o=0

Protocol

Server

2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aaanortheast.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 14:58:48 PST
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; preload
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-fb-rlafr: 0
pragma: public
x-fb-debug: Uva0iBQ7y14jtViJL6lSifPgMv/synZTN6pbz6tP7Eo21z1OS702maRZh8Kn6herEP1jKTp0VEIB2jBJNgToLQ==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
content-type: image/gif
cache-control: public, max-age=0
priority: u=3,i
expires: Sun, 11 Dec 2022 14:58:48 PST

Redirect headers

x-served-by: cache-hhn-etou8220075-HHN
pragma: no-cache
date: Sun, 11 Dec 2022 22:58:48 GMT
via: 1.1 varnish
server: Varnish
x-timer: S1670799529.587216,VS0,VE0
x-cache: HIT
location: https://www.facebook.com/fr/b.php?p=1531105787105294&e=Y5ZgpQAAABvXZgOJ&t=2592000&o=0
cache-control: no-cache
accept-ranges: bytes
content-length: 0
retry-after: 0
x-cache-hits: 0

GET
H/1.1

200
OK

ibs:dpid=143525&dpuuid=e_977536c3-ca35-4183-bfaa-33264bae7cf2
dpm.demdex.net/ Frame B7C0
Redirect Chain

https://g2.gumgum.com/adobe/s2s
https://dpm.demdex.net/ibs:dpid=143525&dpuuid=e_977536c3-ca35-4183-bfaa-33264bae7cf2

42 B
942 B

33ms
33ms

Image
image/gif

52.19.242.51
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=143525&dpuuid=e_977536c3-ca35-4183-bfaa-33264bae7cf2

Protocol

HTTP/1.1

Server

52.19.242.51 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-19-242-51.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aaanortheast.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

DCS: dcs-prod-irl1-2-v045-071cdea73.edge-irl1.demdex.com 1 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: np9iuxWxTqw=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Content-Type: image/gif
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

location: https://dpm.demdex.net/ibs:dpid=143525&dpuuid=e_977536c3-ca35-4183-bfaa-33264bae7cf2
date: Sun, 11 Dec 2022 22:58:48 GMT
server: nginx
timing-allow-origin: *
content-length: 0
content-language: de-DE

GET
H/1.1

200
OK

ibs:dpid=275754&dpuuid=AAHKuE7HLMEAACC0dReYLg
dpm.demdex.net/ Frame B7C0
Redirect Chain

https://match.prod.bidr.io/cookie-sync/adobe?gdpr=0&gdpr_consent=
https://match.prod.bidr.io/cookie-sync/adobe?gdpr=0&gdpr_consent=&_bee_ppp=1
https://dpm.demdex.net/ibs:dpid=275754&dpuuid=AAHKuE7HLMEAACC0dReYLg?gdpr=0

42 B
942 B

33ms
33ms

Image
image/gif

52.19.242.51
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=275754&dpuuid=AAHKuE7HLMEAACC0dReYLg?gdpr=0

Protocol

HTTP/1.1

Server

52.19.242.51 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-19-242-51.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aaanortheast.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

DCS: dcs-prod-irl1-2-v045-000256d3c.edge-irl1.demdex.com 1 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: WOYHG6/cQCM=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Content-Type: image/gif
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

location: https://dpm.demdex.net/ibs:dpid=275754&dpuuid=AAHKuE7HLMEAACC0dReYLg?gdpr=0
Date: Sun, 11 Dec 2022 22:58:48 GMT
strict-transport-security: max-age=2592000; includeSubDomains
Server: gunicorn
Connection: keep-alive
Content-Length: 0

GET
H/1.1

200
OK

ibs:dpid=390122&dpuuid=YEUvWDbVSMVftIfJB5q-fpJGdW4
dpm.demdex.net/ Frame B7C0
Redirect Chain

https://sync.srv.stackadapt.com/sync?nid=adobe
https://dpm.demdex.net/ibs:dpid=390122&dpuuid=YEUvWDbVSMVftIfJB5q-fpJGdW4

42 B
942 B

33ms
33ms

Image
image/gif

52.19.242.51
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=390122&dpuuid=YEUvWDbVSMVftIfJB5q-fpJGdW4

Protocol

HTTP/1.1

Server

52.19.242.51 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-19-242-51.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aaanortheast.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

DCS: dcs-prod-irl1-2-v045-0f3ed56cf.edge-irl1.demdex.com 2 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: 0igdH4nnTkM=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Content-Type: image/gif
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

Location: https://dpm.demdex.net/ibs:dpid=390122&dpuuid=YEUvWDbVSMVftIfJB5q-fpJGdW4
Date: Sun, 11 Dec 2022 22:58:49 GMT
Connection: keep-alive
Content-Length: 100
Content-Type: text/html; charset=utf-8

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: ib.adnxs.com
URL: https://ib.adnxs.com/setuid?entity=158&code=Y5ZgpQAAABvXZgOJ

Verdicts & Comments Add Verdict or Comment

322 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

74 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
travel.northeast.aaa.com/	1969-12-31 23:59:59	Name: PLAY_SESSION Value: 3a916b86e44b053bc061366f5da570b95faa95c1-mdc-id=%5Bd5541e1a-4b19-4007-9ed5-4dfd20707a32%5D
.northeast.aaa.com/	1970-01-20 16:52:13	Name: visid_incap_1817652 Value: dtIwvALLQGuU0T61XqildqRglmMAAAAAQUIPAAAAAAD8+54V+OIPEksaAcfuSWg0
.northeast.aaa.com/	1969-12-31 23:59:59	Name: incap_ses_1368_1817652 Value: SCmsDAhp/As3CN1nTB38EqRglmMAAAAAsg6PHVuswSGFOu9l60B7rA==
travel.northeast.aaa.com/	1970-01-20 17:42:39	Name: tst_user_session_id Value: ea0e35fb-c52b-4c57-b9b5-78105f774e2d
travel.northeast.aaa.com/	1969-12-31 23:59:59	Name: tst_analytics_session_id Value: 333512147.1670799525293
.aaa.com/	1969-12-31 23:59:59	Name: at_check Value: true
.aaa.com/	1970-01-20 08:08:05	Name: _gid Value: GA1.2.1384306846.1670799526
.aaa.com/	1970-01-20 16:52:15	Name: visid_incap_2629635 Value: VG0j6dmbREuzPvG6GeFzcaVglmMAAAAAQUIPAAAAAAA2JigPQ6C+sO0MC+2ZuJOD
.aaa.com/	1969-12-31 23:59:59	Name: incap_ses_473_2629635 Value: 8bO7KSjtMSHxdGmHxG+QBqVglmMAAAAAhtMZMOVJqbKHm8embX/VLA==
.travel.northeast.aaa.com/	1970-01-20 17:42:39	Name: _ga Value: GA1.4.2015723410.1670799526
.travel.northeast.aaa.com/	1970-01-20 08:08:05	Name: _gid Value: GA1.4.1384306846.1670799526
.demdex.net/	1970-01-20 12:25:51	Name: demdex Value: 47709484121795006523454029584194499358
.travel.northeast.aaa.com/	1970-01-20 08:06:39	Name: _gat_UA-55392727-1 Value: 1
.aaa.com/	1970-01-20 10:16:15	Name: _gcl_au Value: 1.1.1617345795.1670799526
.aaa.com/	1970-01-20 08:06:39	Name: _gat_UA-96133587-4 Value: 1
.aaa.com/	1969-12-31 23:59:59	Name: AMCVS_F5237FF958248ED40A495E58%40AdobeOrg Value: 1
.aaa.com/	1970-01-20 17:42:39	Name: s_ecid Value: MCMID%7C47931785966569313703413226449334427480
.aaa.com/	1970-01-20 17:42:39	Name: adcloud Value: {%22_les_v%22:%22y%2Caaa.com%2C1670801325%22}
.everesttech.net/	1970-01-20 16:52:15	Name: everest_g_v2 Value: g_surferid~Y5ZgpQAAABvXZgOJ
.mcdmetrics2.aaa.com/	1970-01-20 08:06:41	Name: aaanortheast!mboxSession Value: 1f946109cb714bea8f1ff72cedd00001
.mcdmetrics2.aaa.com/	1970-01-20 17:42:39	Name: aaanortheast!mboxPC Value: 1f946109cb714bea8f1ff72cedd00001.37_0
.aaa.com/	1970-01-20 17:42:39	Name: _ga_65YG7JM4M0 Value: GS1.1.1670799525.1.0.1670799525.0.0.0
.aaa.com/	1970-01-20 17:42:39	Name: mbox Value: session#1f946109cb714bea8f1ff72cedd00001#1670801386\|PC#1f946109cb714bea8f1ff72cedd00001.37_0#1734044326
.aaa.com/	1970-01-20 08:06:41	Name: gpv_e5 Value: Cancellation%20Terms
.aaa.com/	1970-01-20 08:06:41	Name: gpv_e10 Value: travel.northeast.aaa.com%2Ftrip%2FsKHVj7O3RAWhevDLVmXnGw%2Fbooking%2FW4AT5aogRY-bnf1SLkkj3w%2Fterms
.dpm.demdex.net/	1970-01-20 12:25:51	Name: dpm Value: 47709484121795006523454029584194499358
.aaa.com/	1970-01-20 17:42:39	Name: AMCV_F5237FF958248ED40A495E58%40AdobeOrg Value: 179643557%7CMCIDTS%7C19338%7CMCMID%7C47931785966569313703413226449334427480%7CMCAAMLH-1671404325%7C6%7CMCAAMB-1671404325%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1670806725s%7CNONE%7CMCAID%7CNONE%7CMCSYNCSOP%7C411-19345%7CvVersion%7C5.5.0
.doubleclick.net/	1970-01-20 17:28:15	Name: IDE Value: AHWqTUmMKBbUGomp-AaZSQ_XhigRS0ynIVNtWF0rybVZ8BC4xCbk2RJpwI-3wVqN
.mathtag.com/	1970-01-20 17:32:34	Name: uuid Value: 9fc36396-60a7-4e00-9c95-470e468d200d
.travel.northeast.aaa.com/	1970-01-20 08:08:05	Name: ln_or Value: d
.aaa.com/	1970-01-20 10:16:15	Name: _fbp Value: fb.1.1670799526614.832979254
.w55c.net/	1970-01-20 17:36:53	Name: wfivefivec Value: MM2b1pxy1P4vhs5
.aaa.com/	1970-01-20 17:35:27	Name: kndctr_F5237FF958248ED40A495E58_AdobeOrg_identity Value: CiY0NzkzMTc4NTk2NjU2OTMxMzcwMzQxMzIyNjQ0OTMzNDQyNzQ4MFIPCK2VppvQMBgBKgRJUkwx8AGtlaab0DA=
.aaa.com/	1970-01-20 08:06:41	Name: kndctr_F5237FF958248ED40A495E58_AdobeOrg_cluster Value: irl1
.w55c.net/	1970-01-20 08:49:51	Name: matchdmx Value: 5
.bing.com/	1970-01-20 17:28:15	Name: MUID Value: 0F0AADE2C7EC61791DD5BF95C6EC60C8
.linkedin.com/	1970-01-20 08:49:51	Name: UserMatchHistory Value: AQImFyeExxUSXQAAAYUDaYqel4zeO3R5Ovpj8TaMhGXG7hkoJmTcZEH161Gc1P8IONAsyybmfy4rWA
.linkedin.com/	1970-01-20 08:49:51	Name: AnalyticsSyncHistory Value: AQICra4oAbdrPAAAAYUDaYqeljHqo8LW0B6K704AFflmCwCRG97E35j7SHTWHdm_xLj2WatDT49Xohuxcw_7Qw
.ads.linkedin.com/	1969-12-31 23:59:59	Name: lang Value: v=2&lang=en-us
.linkedin.com/	1970-01-20 16:52:15	Name: bcookie Value: "v=2&a9dce112-8d11-4656-8bdf-0827df126df1"
.linkedin.com/	1970-01-20 08:08:05	Name: lidc Value: "b=OGST07:s=O:r=O:a=O:p=O:g=2438:u=1:x=1:i=1670799526:t=1670885926:v=2:sig=AQGDbmXMUFb3CBcte1FbtVyF3FXtFEit"
.aaa.com/	1970-01-20 08:08:05	Name: _uetsid Value: 5e4b4d1079a711edbfaf8d20631a4373
.aaa.com/	1970-01-20 17:28:15	Name: _uetvid Value: 5e4b718079a711edac03f3c4dd36c7d9
.linkedin.com/	1969-12-31 23:59:59	Name: lang Value: v=2&lang=de-de
.www.linkedin.com/	1970-01-20 16:52:15	Name: bscookie Value: "v=1&202212112258469d6dce45-336d-47f8-89ea-557f27475290AQHlbj241twV78wXSQ-DCwSBz0zgKxuH"
.linkedin.com/	1970-01-20 12:25:51	Name: li_gc Value: MTswOzE2NzA3OTk1MjY7MjswMjFBb7AZWYhIyQOmUvzIZjhDj4oh4GMR005+USZQ10pR9Q==
.turn.com/	1970-01-20 12:25:51	Name: uid Value: 4145369225822972429
.aaa.com/	1969-12-31 23:59:59	Name: s_cc Value: true
.aaa.com/	1970-01-20 16:52:15	Name: __insp_wid Value: 801161170
.aaa.com/	1970-01-20 16:52:15	Name: __insp_slim Value: 1670799527003
.aaa.com/	1970-01-20 16:52:15	Name: __insp_nv Value: true
.aaa.com/	1970-01-20 16:52:15	Name: __insp_targlpu Value: aHR0cHM6Ly90cmF2ZWwubm9ydGhlYXN0LmFhYS5jb20vdHJpcC9zS0hWajdPM1JBV2hldkRMVm1Ybkd3L2Jvb2tpbmcvVzRBVDVhb2dSWS1ibmYxU0xra2ozdy90ZXJtcz90ZXJtc1R5cGU9Q2FuY2VsbGF0aW9uJnRzdF9lbWFpbD1jb25maXJtYXRpb24mdXRtX3NvdXJjZT1jb25mX2VtYWlsJnV0bV9tZWRpdW09ZW1haWwmdXRtX2NhbXBhaWduPWNhcl9pbnN1cmFuY2U%3D
.aaa.com/	1970-01-20 16:52:15	Name: __insp_targlpt Value: Q2FuY2VsbGF0aW9uIFRlcm1z
.travel.northeast.aaa.com/	1970-01-20 16:52:15	Name: aam_uuid Value: 47709484121795006523454029584194499358
.aaa.com/	1970-01-20 16:52:15	Name: __insp_pad Value: 1
.aaa.com/	1970-01-20 16:52:15	Name: __insp_sid Value: 1846603353
.aaa.com/	1970-01-20 16:52:15	Name: __insp_uid Value: 1983256554
.eyeota.net/	1970-01-20 08:06:40	Name: SERVERID Value: 17829~DM
.aaa.com/	1970-01-20 17:42:39	Name: _ga Value: GA1.2.2015723410.1670799526
.owneriq.net/	1970-01-20 17:42:39	Name: si Value: Q7240859271140296342
.owneriq.net/	1970-01-20 08:21:03	Name: p2 Value: adpq
.yahoo.com/	1970-01-20 16:52:37	Name: A3 Value: d=AQABBKdglmMCEOuO9VRQqE6lSTnfPxEY8oo&S=AQAAAtMPx_rByIF-Pjwe8ZZ9PAw
.casalemedia.com/	1970-01-20 16:52:15	Name: CMID Value: Y5ZgqAaRmcntQpjB0gUw8gAA
.casalemedia.com/	1970-01-20 10:16:15	Name: CMPS Value: 3277
.casalemedia.com/	1970-01-20 10:16:15	Name: CMPRO Value: 3277
.pubmatic.com/	1970-01-20 10:16:15	Name: KRTBCOOKIE_218 Value: 4056-Y5ZgpQAAABvXZgOJ&KRTB&22978-Y5ZgpQAAABvXZgOJ&KRTB&23194-Y5ZgpQAAABvXZgOJ&KRTB&23209-Y5ZgpQAAABvXZgOJ
.pubmatic.com/	1970-01-20 08:49:51	Name: PugT Value: 1670799527
.spotxchange.com/	1970-01-20 08:46:58	Name: audience Value: 5f6d2649-79a7-11ed-bcea-1586fee60306
.gumgum.com/	1970-01-20 16:52:15	Name: vst Value: e_977536c3-ca35-4183-bfaa-33264bae7cf2
.demdex.net/	1970-01-20 12:25:51	Name: dextp Value: 269-1-1670799526418\|359-1-1670799526567\|60-1-1670799526678\|470-1-1670799526779\|477-1-1670799526879\|992-1-1670799526993\|903-1-1670799527094\|30064-1-1670799527195\|30646-1-1670799527312\|53196-1-1670799527444\|70962-1-1670799527544\|73426-1-1670799527676\|121998-1-1670799527777\|144230-1-1670799527878\|144231-1-1670799527979\|144232-1-1670799528080\|144233-1-1670799528182\|144234-1-1670799528282\|144235-1-1670799528383\|144236-1-1670799528484\|144237-1-1670799528585\|143525-1-1670799528686\|275754-1-1670799528787\|390122-1-1670799528888
.bidr.io/	1970-01-20 17:35:09	Name: bito Value: AAHKuE7HLMEAACC0dReYLg
.bidr.io/	1970-01-20 17:35:09	Name: bitoIsSecure Value: ok
sync.srv.stackadapt.com/	1970-01-20 16:52:15	Name: sa-user-id Value: s%3A0-60452f58-36d5-48c5-5fb4-87c9079abe7e.G%2ByWvcGaesokjAOaBCZzZQMG16uvVXfjfvNlajWot6E
.srv.stackadapt.com/	1970-01-20 16:52:15	Name: sa-user-id-v2 Value: s%3AYEUvWDbVSMVftIfJB5q-fpJGdW4.u%2FqLRHgp5XhN2%2F0r8LHp0O2xg0yq6PYQ6zjSvsRAb%2Bk

16 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://nm.northeast.aaa.com/assets/remote/js/remote_header.js Message: Failed to load resource: the server responded with a status of 403 ()
network	error	URL: https://travel.northeast.aaa.com/trip/assets/stylesheets/v1/trip.css Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://nm.northeast.aaa.com/assets/remote/js/remote_footer.js Message: Failed to load resource: the server responded with a status of 403 ()
javascript	warning	URL: https://assets.adobedtm.com/c0e73f44ef33452babf4efe81baa1b482ed0ca98/satelliteLib-eaeb14e639d9c16e6550a4be4dc38d49846c3e8f.js(Line 1) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://d2wy8f7a9ursnm.cloudfront.net/v7/bugsnag.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://assets.adobedtm.com/c0e73f44ef33452babf4efe81baa1b482ed0ca98/satelliteLib-eaeb14e639d9c16e6550a4be4dc38d49846c3e8f.js(Line 1) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://d2wy8f7a9ursnm.cloudfront.net/v7/bugsnag.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://assets.adobedtm.com/c0e73f44ef33452babf4efe81baa1b482ed0ca98/satelliteLib-eaeb14e639d9c16e6550a4be4dc38d49846c3e8f.js(Line 1) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://www.everestjs.net/static/le/last-event-tag-latest.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://assets.adobedtm.com/c0e73f44ef33452babf4efe81baa1b482ed0ca98/satelliteLib-eaeb14e639d9c16e6550a4be4dc38d49846c3e8f.js(Line 1) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://code.jquery.com/jquery-2.2.4.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
network	error	URL: https://www.fullstory.com/s/fs.js Message: Failed to load resource: the server responded with a status of 404 ()
javascript	warning	URL: https://assets.adobedtm.com/c0e73f44ef33452babf4efe81baa1b482ed0ca98/satelliteLib-eaeb14e639d9c16e6550a4be4dc38d49846c3e8f.js(Line 1) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://www.googleadservices.com/pagead/conversion.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
network	error	URL: https://cdn.pbbl.co/r/2512.js Message: Failed to load resource: the server responded with a status of 403 ()
network	error	URL: https://travel.northeast.aaa.com/v1/prepack/licensee Message: Failed to load resource: the server responded with a status of 403 ()
network	error	URL: https://idsync.rlcdn.com/365868.gif?partner_uid=47709484121795006523454029584194499358 Message: Failed to load resource: the server responded with a status of 451 ()
network	error	URL: https://idsync.rlcdn.com/365868.gif?partner_uid=47709484121795006523454029584194499358 Message: Failed to load resource: the server responded with a status of 451 ()
network	error	URL: https://usersync.videoamp.com/usersync?partner_id=6667929&partner_user_id=47709484121795006523454029584194499358&redirect=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D70962%26dpuuid%3D%7Bvamp_user_id%7D Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://sync.crwdcntrl.net/map/c=9828/tp=ADBE/gdpr=0/gdpr_consent=/tpid=47709484121795006523454029584194499358?https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D121998%26dpuuid%3D${profile_id} Message: Failed to load resource: the server responded with a status of 404 ()
javascript	warning	URL: https://travel.northeast.aaa.com/trip/sKHVj7O3RAWhevDLVmXnGw/booking/W4AT5aogRY-bnf1SLkkj3w/terms?termsType=Cancellation&tst_email=confirmation&utm_source=conf_email&utm_medium=email&utm_campaign=car_insurance Message: The resource https://www.aaa.com/configuration/dcs_partnerTag.js was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	frame-ancestors 'self' .tstllc.net .aaa.com ama.ab.ca .amatravel.ca .atlantic.caa.ca .caamanitoba.com .caaneo.ca .caask.ca .caaniagara.ca *.caascotravel.com
Strict-Transport-Security	max-age=31536000; includeSubDomains

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

aaanortheast.demdex.net
adobedc.demdex.net
ads.scorecardresearch.com
api.bounceexchange.com
assets.adobedtm.com
assets.bounceexchange.com
bat.bing.com
cdn.inspectlet.com
cdn.linkedin.oribi.io
cdn.pbbl.co
cm.everesttech.net
cm.g.doubleclick.net
cms.analytics.yahoo.com
code.jquery.com
connect.facebook.net
d.turn.com
d2wy8f7a9ursnm.cloudfront.net
data.cdnbasket.net
dpm.demdex.net
dsum-sec.casalemedia.com
e.cdnwidget.com
fonts.googleapis.com
g2.gumgum.com
googleads.g.doubleclick.net
hn.inspectlet.com
ib.adnxs.com
idpix.media6degrees.com
ids.cdnwidget.com
idsync.rlcdn.com
image2.pubmatic.com
lasteventf-tm.everesttech.net
match.adsrvr.org
match.prod.bidr.io
mcdmetrics.aaa.com
mcdmetrics2.aaa.com
nm.northeast.aaa.com
page.cdnbasket.net
pixel.rubiconproject.com
pm.w55c.net
ps.eyeota.net
px.ads.linkedin.com
px.owneriq.net
px4.ads.linkedin.com
rec.smartlook.com
region1.google-analytics.com
s3.amazonaws.com
sessions.bugsnag.com
snap.licdn.com
stats.g.doubleclick.net
sync-tm.everesttech.net
sync.crwdcntrl.net
sync.mathtag.com
sync.search.spotxchange.com
sync.srv.stackadapt.com
tag.wknd.ai
travel.northeast.aaa.com
us-u.openx.net
usersync.videoamp.com
view.cdnbasket.net
www.aaa.com
www.everestjs.net
www.facebook.com
www.fullstory.com
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.linkedin.com
ib.adnxs.com
104.109.94.223
108.156.60.33
13.107.42.14
13.32.99.21
142.250.185.226
142.250.186.130
15.188.95.229
151.101.194.49
184.24.11.75
184.72.128.159
185.29.132.245
185.64.189.110
185.80.39.216
185.94.180.126
2001:4860:4802:34::36
2001:4de0:ac18::1:a:2b
2001:678:cb4:bbbb::13
212.82.100.182
2600:1901:0:7a0b::
2600:9000:223d:2a00:2:53b2:240:93a1
2606:4700:10::6816:39f5
2606:4700:10::ac43:aac
2606:4700::6812:17ea
2620:1ec:21::14
2620:1ec:c11::200
2a00:1450:4001:803::2004
2a00:1450:4001:806::2003
2a00:1450:4001:828::200e
2a00:1450:4001:82b::2002
2a00:1450:4001:830::2008
2a00:1450:4001:831::200a
2a00:1450:400c:c00::9c
2a02:26f0:3500:587::1e80
2a02:26f0:780::5f65:3669
2a02:6ea0:c700::10
2a03:2880:f02d:12:face:b00c:0:3
2a03:2880:f12d:83:face:b00c:0:25de
2a05:d014:275:cb01:457d:6b8c:73fc:8f8f
3.248.2.215
34.102.193.48
34.107.191.194
34.111.8.32
34.117.96.210
34.120.126.172
34.120.253.250
34.98.72.95
35.175.70.135
35.244.159.8
35.244.174.68
35.244.234.129
44.195.94.142
45.60.154.98
45.60.64.121
52.19.187.82
52.19.242.51
52.206.165.190
52.223.40.198
52.30.134.174
52.30.252.118
52.57.150.20
52.57.83.94
54.154.250.204
54.171.1.252
54.231.204.104
65.9.84.142
69.173.144.138
0015720d31024135ff3d4bbd3ddcf3e876d1dc82f3aee89ce6b5232f8a99caef
049af8d4c9e915e067e240d1b9daa0d62fa5eb81b0cc6eda1232bdd9d6bb0fff
05632bd17ae6013db11864ba86f363756e305cd5a56ee788fe20774ed6c750f9
056704ecc2474e74dd4dce93d2e9be703b9ba20d42f6e7a45469abfdb0005560
059d3c257d61801506bdc30c1cfcc61fbdf4c5c94a4163bc0c62ee153253b609
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e
06a3a5c39a7e5da85d55747221d540e0650333d0fec26796d6c702bf9d2dc4ca
0a1ec5ad75598faccf42de4d5b7f22edc6d21940c64070fcb2ead7943e93bc7a
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0ba7c0356149946bf0642fab4ef85b95e7090f6f785d0fb84323d0c442e5190a
15f1fde7deb1f2cfecb62abe9d99d230384ecbb429e962bd449f4259e64fbec6
19bba2072525e746a5bf5bfc23d985f91eacfd203af7ed0aa224497768d28bb0
1b3537a975f28b8b80f0cd1b3fe890c99b47d68c0505cdca652fd7f39de62231
1d32627006e0e63d706ca39ec8735807bc8f73946f38f4985740679edea22edd
1d8e7da69538f691fd8b10d250d68a1bdea882a7010c1175233a26a0acd319af
20e3f4b611985bd51b4f1c21b8a0eae79f221c770d2020025835976ad06263bd
2c08fa37317725e886f3c0e0107acd19ebd91ced8d186733927ebf82ae5a2cd8
2c9b2486941b18c4e3485fd402acc4f226d5431ae18e3596e8b97d9c9e3dd943
2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef
3e7f451f42220207d2f2ceb07d7dd2c5a09858859ee037c14cdc0734b0913f73
3ec7b84a1af39ad65429033a0cac2eecbaccaa0e26867bf872f30246cdd5b0ab
3ff7b0b317b417d887b4d1b311ac5a390b85345337838d182296dad380682a87
4192a43fdcfdaac2e7da9e0f05f75e5fbe7068288aa6f7fa515de9ad54fc16f1
425149f776ce3188f504a799706d51cb75e7b4b811ea4e9d5e981aa5080865ec
440241c3470b27e2847cd12f83e4fc13bdcb16155c467c9f1abafb72f6c384ab
454cca862a8d251fb362a81bef997a828e40f2111e70fee4d41d013e07bf0004
49aba8ddbbeafdc25509323dbf2be2065f3ffab50bb1c1acb6390181e41a0ff0
4a4f0777bfb9572cb278aca310fe904b5726ae60cfbde4ace23255d18c7bf0fc
4abdc5bae3773141e85e6bed6c09953d57aded7ef98b1d304c42807f2229474f
4c22fe391b6d67ac76003078df327e1a28fbc8738c9ca3242c12707146d792d6
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
5588ebfc655485abe49c6c6bb6a659d6424765ab594e043dd98d8016083049bb
5d554121551df68e414c85920b6541d2e92251a189ff19a4b1f8dffe97ce1cb5
5ee5c9b1b7ae2bd8b86b2cfff12fe8a7ee7caff6141c45ecdaf6d97cd2378dce
5f3299073a3b26f99e0bd20c96a305544ef493129597a19084c37b201960f913
5fa87130a1e4ff5306f760e2125a2e91e48c628a84fc4c84d0180be950829080
641153b2ad78e5d095645419060a4ea0854b1b3ec5ff27e99644c9f8d461610c
6537bc70fac0198bb364b2438646688b8c5167700de682b865f25c47c8aaf4ab
6627c5ab36fa407f18fc9b6987e359eccef005ae6d35b370d2142b7daa770324
667c44273d953af694bf766337738c7f556e011f7a8c9ef2eba37bb4b335edec
6c4133ff5eff0f23ca2f6fdaceea1d4dd3a91e499a0b0aef688b0f31206b0328
71a980fae18c2c5ab33f47cbac734ab86aaa815e0325ce68be34ccd55b04cfb9
737be8d2a2db4d729155190f62d3b1f656cdaec35b42b59eeeda3043246a50cd
759ba85ad57a23f5988379b328676c38641d8565db9244f2a0c6856bf330c540
7623e516af47a91a2a86c005f33c4b850a7e2f17752bc073518cb9af5c6cdccd
78c1c1baf0d964522f8afab09cfc754685c1648826a7f9967fd52b774b4ec5aa
7b1eaaaf180a13c29b6dddc3b0ae23333b4397e0f3c065b4c86da2f2530a5f89
7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8
7fde221486c3e05f825980fec689e0671182230722188921d256b58a7383d9cb
8029785ba7ba47b450abdfc5f63052bb6ff45b21729a8b6a5382ad9c5471b4fb
80dbd4b85581d9ce9d4a46216870bb86cdb7ddb8f53e41e03a653467543e48ed
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
8950998ca4b394bfefc913b763a06aeb938401114277539690aa9c829094e954
897600b074c2a2e02b176f2d3e5caf964883dc5ea1c340c7576723e3932b9128
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
901a3d923f29e1e5722d7978b88a487fe3e2b38f2870fb968a29f8df66e79122
9366be9dc7f0c13655e2a45ce1df32f55b937efc0878b30954969c88151f1482
9795c5ff8937f23526ccb207a5684c1fc94a7854e19c021b39d944e51f5baef2
97c2e6bd937d0f695db4aa90427d8fa7f672957f749bd96464a763e2cf86a361
98860e376b483292b9d55b6930a5e5514ee8e422ac36c40e9ea1ceb041860e9b
a0f583b1d9fc9517d659839cd6f0ee25895d5a7b89d29cf06c7877418a0ffff9
a2f911b401d743ecfd4cef614c1aa4f30f121c9f6da07cf3389bffa865274505
a796e91dc42aef7823610e7b41f1effdcd4f6f8bd06ce3380e24d5d30cfc1919
aaed9dc3a855f5067df7cde88c06ca9ed9de210dfadfaf3f4b49b58ca40df292
abb45ae4b3a896ae99132c1786a9676218c119ea552d3fbb5ab6d40d9e05e43c
add125c2dcbd3b6ded8d012a410b6475da2ce9962ca7e380ac5a4f9effdcb954
b01bd01687b15585b2740273c8c3c6674dd9f559cfe52eeffdf43b1f93a12d05
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b3110fc9df9dae061fac56de0ae388c60edb28ac3b5a17b32b85c96dbab235ec
b42e4a056cb5b80c5a315040826866445ec9332f0749e184509ab2d9d3b86719
bb2e1a97e3bc84334fa38904266d7ef01dc9407e17b3fcf54ea4a8ecbf494abf
beb0512234a9e452ac5202c6919ea871ae8f78cec6e14e800e5fc0204d90009f
bfb8e638fa9c13a763adec2844347c8e1d981ef2cfc6d4d8a87f63dc50164cb5
c56617b3dabcfa00d7b20aa2b2e76ff3f4483fb67abb4bdcef754d617617d537
c646bcb4225cd7654a1bcc52efdbca4265ae892fa5791a6bc0ebcc330f358ff4
c88fb96d07c021871775926d57d42f7cadedeb38cb32a01ad9be2529ff53a2fd
cf8919c63dd92ee1068201a9919c6670eb2259dff4bfb0413236c18ebbf3e3f4
d122d8a3e0d148d731d8b5d69c9f7ff451a8d7c0fdb9edecb1d23405c65f6c5e
d149a1034a8ce482c5ec3fde61340e2451abab6530274fe558343e6808487ae3
d52bb838e14ec713e9fde7998aa9c5e802ef7799925381082ec63a62c632582b
d5559d3b0cee55783bedf2468ef7d7e02f60eca4bb91ccd8ec0fbbba1644b8bf
d6d01246a30e9d483531c27721f73f266fa4af35effdb21683ac02a620ab8aaf
d789477acfadf97e5798506acc8e55d7f11a9a51807d3edc13e1ac592997d487
d7de9b79990bb103408b06aacc98307309774f564e70ba905949e80b5ba47f14
de1271b75470960be5b33d00f9264602eab356f0b86045292a33713d79d21a89
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
e37006087cb6a7068f51492170dd9a2541651a9ec213778d91b42e040679d3b1
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4b76461af43a57be9f4a7350190ee08ef3ffc8746c595fc4c233d921bb2dee0
e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e
ebcd43274f956ef6d5c0f690695cc56c35a3a77180c9d1b80791febe4e27f601
ed2b9de8f36895ff8e5324067c9a27a15ba63337c2a3232bd757863585507ef9
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f2c4b7d20ff42a433d0c76631c460cd75128f8f0436d052ce2cf79dc4fa6a244
f2f11e4d45030f1f21ec7d3ae67a65b83c4c67016fe861fbebdff04ca0c8cd60
f529cf4430e32ae0b07d7d606ca1043e8cd9ebb9476456589578a299bad459bd
f5fbbe87ba57e8862a9a85af9f3ce1d86a54feabee2e4b395e3931b6c6713333
fd9044a309ef7d51ad98d6a471d5ba00af04478843631e0cf5e2bfc36b509c2c
fe13408d11ff849139c4b0dc24d1d81714c47bdb2fe2a59f5b79d8c9c4052d6a
fe3fcb884394be745dbd11141b6d780028a4d86106b6292d7502db096f582218

travel.northeast.aaa.com Open in urlscan Pro 52.206.165.190 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

166 Requests

87 %HTTPS

35 %IPv6

51 Domains

69 Subdomains

55 IPs

8 Countries

4624 kBTransfer

14515 kBSize

74 Cookies

1 Outgoing links

Page URL History

Redirected requests

166 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

travel.northeast.aaa.com Open in urlscan Pro
52.206.165.190 Public Scan

Screenshot
Live screenshot

Full Image

166
Requests

87 %
HTTPS

35 %
IPv6

51
Domains

69
Subdomains

55
IPs

8
Countries

4624 kB
Transfer

14515 kB
Size

74
Cookies

166 HTTP transactions
2 data transactions