chpromotion.com Open in urlscan Pro
146.20.84.216 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://uyijknhgtrfgv.tk/qs=r-abacafcfjfkfacaejfbdababacaihaddeaccackifadfgiakebfiacb
Effective URL:
https://chpromotion.com/a/a87/index.php?utm_source=spdlfm&utm_campaign=690430Rate&token=1265061381
Submission: On May 23 via manual (May 23rd 2022, 6:22:04 pm UTC) from US — Scanned from US

Summary HTTP 113 Redirects Links 3 Behaviour Indicators

Summary

This website contacted 32 IPs in 3 countries across 51 domains to perform 113 HTTP transactions. The main IP is 146.20.84.216, located in United States and belongs to RACKSPACE, US. The main domain is chpromotion.com.
TLS certificate: Issued by Go Daddy Secure Certificate Authority... on March 17th 2022. Valid for: a year.

This is the only time chpromotion.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Community Verdicts: Malicious — 6 votes Show Verdicts

Domain & IP information

	IP Address	AS Autonomous System
1 1	199.43.206.223 199.43.206.223	53340 (FIBERHUB) (FIBERHUB)
1	207.99.40.82 207.99.40.82	8001 (COLOGIX) (COLOGIX)
24	146.20.84.216 146.20.84.216	27357 (RACKSPACE) (RACKSPACE)
2	2607:f8b0:400... 2607:f8b0:4006:822::2008	15169 (GOOGLE) (GOOGLE)
1	2607:f8b0:400... 2607:f8b0:4006:817::200a	15169 (GOOGLE) (GOOGLE)
1	142.250.64.66 142.250.64.66	15169 (GOOGLE) (GOOGLE)
1	52.85.61.98 52.85.61.98	16509 (AMAZON-02) (AMAZON-02)
2	52.85.136.118 52.85.136.118	16509 (AMAZON-02) (AMAZON-02)
2	2607:f8b0:400... 2607:f8b0:4006:817::200e	15169 (GOOGLE) (GOOGLE)
5	2607:f8b0:400... 2607:f8b0:4006:81c::2004	15169 (GOOGLE) (GOOGLE)
2	2607:f8b0:400... 2607:f8b0:4006:80f::2003	15169 (GOOGLE) (GOOGLE)
2	2607:f8b0:400... 2607:f8b0:4006:816::2002	15169 (GOOGLE) (GOOGLE)
1 2	2607:f8b0:400... 2607:f8b0:4006:808::2008	15169 (GOOGLE) (GOOGLE)
1 2	2607:f8b0:400... 2607:f8b0:4004:c06::9b	15169 (GOOGLE) (GOOGLE)
2	2a03:2880:f01... 2a03:2880:f012:8:face:b00c:0:1	32934 (FACEBOOK) (FACEBOOK)
3	2620:1ec:c11:... 2620:1ec:c11::200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	99.84.43.9 99.84.43.9	16509 (AMAZON-02) (AMAZON-02)
1 4	35.227.244.1 35.227.244.1	15169 (GOOGLE) (GOOGLE)
3	18.67.76.108 18.67.76.108	16509 (AMAZON-02) (AMAZON-02)
1 33	52.46.154.242 52.46.154.242	16509 (AMAZON-02) (AMAZON-02)
6	104.18.7.244 104.18.7.244	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a03:2880:f11... 2a03:2880:f112:83:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1 1	52.85.61.80 52.85.61.80	16509 (AMAZON-02) (AMAZON-02)
4 4	104.112.13.64 104.112.13.64	16625 (AKAMAI-AS) (AKAMAI-AS)
2 2	35.211.178.172 35.211.178.172	15169 (GOOGLE) (GOOGLE)
1 1	104.76.100.229 104.76.100.229	16625 (AKAMAI-AS) (AKAMAI-AS)
3 3	54.175.87.114 54.175.87.114	14618 (AMAZON-AES) (AMAZON-AES)
2 2	54.152.83.91 54.152.83.91	14618 (AMAZON-AES) (AMAZON-AES)
2 2	34.202.51.59 34.202.51.59	14618 (AMAZON-AES) (AMAZON-AES)
1 1	2600:1f18:612... 2600:1f18:612b:4232:dec:f48c:c120:9a90	14618 (AMAZON-AES) (AMAZON-AES)
1 1	76.13.32.147 76.13.32.147	26101 (YAHOO-BF1) (YAHOO-BF1)
1	2606:4700:10:... 2606:4700:10::6816:1957	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 1	63.251.28.218 63.251.28.218	26558 (FREEWHEEL) (FREEWHEEL)
1 1	52.85.61.181 52.85.61.181	16509 (AMAZON-02) (AMAZON-02)
2	52.205.48.68 52.205.48.68	14618 (AMAZON-AES) (AMAZON-AES)
1	34.199.40.23 34.199.40.23	14618 (AMAZON-AES) (AMAZON-AES)
1 1	34.237.81.49 34.237.81.49	14618 (AMAZON-AES) (AMAZON-AES)
3 3	69.173.151.100 69.173.151.100	26667 (RUBICONPR...) (RUBICONPROJECT)
3 3	52.35.169.226 52.35.169.226	16509 (AMAZON-02) (AMAZON-02)
1 1	35.190.90.30 35.190.90.30	15169 (GOOGLE) (GOOGLE)
1 1	54.89.130.42 54.89.130.42	14618 (AMAZON-AES) (AMAZON-AES)
1 2	185.167.164.43 185.167.164.43	198622 (ADFORM) (ADFORM)
1 2	69.12.8.74 69.12.8.74	11742 (SPOTX-IAD) (SPOTX-IAD)
1 1	35.168.157.177 35.168.157.177	14618 (AMAZON-AES) (AMAZON-AES)
1 1	52.44.124.195 52.44.124.195	14618 (AMAZON-AES) (AMAZON-AES)
2 2	142.251.40.130 142.251.40.130	15169 (GOOGLE) (GOOGLE)
1 1	100.24.249.189 100.24.249.189	14618 (AMAZON-AES) (AMAZON-AES)
2 2	52.85.61.5 52.85.61.5	16509 (AMAZON-02) (AMAZON-02)
2 2	35.244.159.8 35.244.159.8	15169 (GOOGLE) (GOOGLE)
2 2	50.57.31.206 50.57.31.206	19994 (RACKSPACE) (RACKSPACE)
3 3	68.67.179.89 68.67.179.89	29990 (ASN-APPNEX) (ASN-APPNEX)
1 1	8.28.7.83 8.28.7.83	62713 (AS-PUBMATIC) (AS-PUBMATIC)
2 2	50.16.197.56 50.16.197.56	14618 (AMAZON-AES) (AMAZON-AES)
1 1	45.79.180.191 45.79.180.191	63949 (LINODE-AP...) (LINODE-AP Linode)
1 1	151.101.194.132 151.101.194.132	54113 (FASTLY) (FASTLY)
1 2	8.28.7.81 8.28.7.81	62713 (AS-PUBMATIC) (AS-PUBMATIC)
1 1	141.226.224.48 141.226.224.48	200478 (TABOOLA-AS) (TABOOLA-AS)
1	172.253.63.155 172.253.63.155	15169 (GOOGLE) (GOOGLE)
1 5	35.71.131.137 35.71.131.137	16509 (AMAZON-02) (AMAZON-02)
1	35.190.54.17 35.190.54.17	15169 (GOOGLE) (GOOGLE)
1 4	75.2.91.175 75.2.91.175	16509 (AMAZON-02) (AMAZON-02)
1	13.226.39.86 13.226.39.86	16509 (AMAZON-02) (AMAZON-02)
113	32

1 199.43.206.223 (Las Vegas, United States) 1 redirects

ASN53340 (FIBERHUB, US)
PTR: vps.devmq.com

uyijknhgtrfgv.tk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 207.99.40.82 (Parsippany, United States)

ASN8001 (COLOGIX, US)

reliefgiveaway.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

24 146.20.84.216 (United States)

ASN27357 (RACKSPACE, US)

chpromotion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.chwplan.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4006:822::2008 (Staten Island, United States)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:817::200a (Staten Island, United States)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.64.66 (United States)

ASN15169 (GOOGLE, US)
PTR: lga34s30-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.85.61.98 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-85-61-98.ewr53.r.cloudfront.net

cdn.datasteam.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.85.136.118 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-85-136-118.ewr53.r.cloudfront.net

js.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4006:817::200e (Staten Island, United States)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2607:f8b0:4006:81c::2004 (Staten Island, United States)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4006:80f::2003 (Staten Island, United States)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4006:816::2002 (Staten Island, United States)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4006:808::2008 (Staten Island, United States) 1 redirects

ASN15169 (GOOGLE, US)

ssl.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4004:c06::9b (Washington, United States) 1 redirects

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f012:8:face:b00c:0:1 (Secaucus, United States)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:1ec:c11::200 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 99.84.43.9 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-84-43-9.ewr52.r.cloudfront.net

cdn.listrakbi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 35.227.244.1 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 1.244.227.35.bc.googleusercontent.com

shop.pe	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 18.67.76.108 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-67-76-108.iad89.r.cloudfront.net

d3rr3d0n31t48m.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

33 52.46.154.242 (Ashburn, United States) 1 redirects

ASN16509 (AMAZON-02, US)

s.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 104.18.7.244 (None, )

ASN13335 (CLOUDFLARENET, US)

s1.listrakbi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
at1.listrakbi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
sca1.listrakbi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f112:83:face:b00c:0:25de (Secaucus, United States)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.85.61.80 (United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: server-52-85-61-80.ewr53.r.cloudfront.net

aa.agkn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 104.112.13.64 (New York, United States) 4 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a104-112-13-64.deploy.static.akamaitechnologies.com

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ssum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.211.178.172 (North Charleston, United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: 172.178.211.35.bc.googleusercontent.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.76.100.229 (New York, United States) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a104-76-100-229.deploy.static.akamaitechnologies.com

tags.bluekai.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 54.175.87.114 (Ashburn, United States) 3 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-175-87-114.compute-1.amazonaws.com

ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.152.83.91 (Ashburn, United States) 2 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-152-83-91.compute-1.amazonaws.com

pixel.advertising.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.202.51.59 (Ashburn, United States) 2 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-202-51-59.compute-1.amazonaws.com

t.myvisualiq.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:1f18:612b:4232:dec:f48c:c120:9a90 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)

amazon.partners.tremorhub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 76.13.32.147 (Lockport, United States) 1 redirects

ASN26101 (YAHOO-BF1, US)
PTR: spcms.pbp.vip.bf1.yahoo.com

cms.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:10::6816:1957 (United States)

ASN13335 (CLOUDFLARENET, US)

mwzeom.zeotap.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 63.251.28.218 (United States) 1 redirects

ASN26558 (FREEWHEEL, US)

ads.stickyadstv.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.85.61.181 (United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: server-52-85-61-181.ewr53.r.cloudfront.net

www.imdb.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.205.48.68 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-205-48-68.compute-1.amazonaws.com

beacon.krxd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.199.40.23 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-199-40-23.compute-1.amazonaws.com

usersync.samplicio.us	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.237.81.49 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-237-81-49.compute-1.amazonaws.com

ads.samba.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 69.173.151.100 (United States) 3 redirects

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
token.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 52.35.169.226 (Boardman, United States) 3 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-35-169-226.us-west-2.compute.amazonaws.com

dpm.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.190.90.30 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 30.90.190.35.bc.googleusercontent.com

odr.mookie1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.89.130.42 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-89-130-42.compute-1.amazonaws.com

px.surveywall-api.survata.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.167.164.43 (Denmark) 1 redirects

ASN198622 (ADFORM, DK)

c1.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 69.12.8.74 (Ashburn, United States) 1 redirects

ASN11742 (SPOTX-IAD, US)

sync.search.spotxchange.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.168.157.177 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-35-168-157-177.compute-1.amazonaws.com

bs.serving-sys.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.44.124.195 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-44-124-195.compute-1.amazonaws.com

lm.serving-sys.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.251.40.130 (United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: lga25s80-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 100.24.249.189 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-100-24-249-189.compute-1.amazonaws.com

usermatch.krxd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.85.61.5 (United States) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: server-52-85-61-5.ewr53.r.cloudfront.net

sb.scorecardresearch.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.244.159.8 (Kansas City, United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: 8.159.244.35.bc.googleusercontent.com

us-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 50.57.31.206 (United States) 2 redirects

ASN19994 (RACKSPACE, US)

uipglob.semasio.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 68.67.179.89 (Secaucus, United States) 3 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 565.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 8.28.7.83 (United States) 1 redirects

ASN62713 (AS-PUBMATIC, US)

image2.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 50.16.197.56 (Ashburn, United States) 2 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-50-16-197-56.compute-1.amazonaws.com

loadus.exelator.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 45.79.180.191 (Cedar Knolls, United States) 1 redirects

ASN63949 (LINODE-AP Linode, LLC, US)
PTR: lciapi-ewr-16.ninthdecimal.com

lciapi.ninthdecimal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.194.132 (United States) 1 redirects

ASN54113 (FASTLY, US)

pi.ispot.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 8.28.7.81 (United States) 1 redirects

ASN62713 (AS-PUBMATIC, US)

image6.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 141.226.224.48 (United States) 1 redirects

ASN200478 (TABOOLA-AS, IL)

sync.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.253.63.155 (United States)

ASN15169 (GOOGLE, US)
PTR: bi-in-f155.1e100.net

bid.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 35.71.131.137 (United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: a6370ebea231e0c9a.awsglobalaccelerator.com

insight.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.190.54.17 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 17.54.190.35.bc.googleusercontent.com

shopper.shop.pe	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 75.2.91.175 (United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: a954c1fc80b8251dc.awsglobalaccelerator.com

nytrng.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.226.39.86 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-226-39-86.ewr53.r.cloudfront.net

cdn.nytrng.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
33	amazon-adsystem.com 1 redirects s.amazon-adsystem.com — Cisco Umbrella Rank: 278	25 KB
23	chpromotion.com chpromotion.com	2 MB
7	listrakbi.com cdn.listrakbi.com — Cisco Umbrella Rank: 9796 s1.listrakbi.com — Cisco Umbrella Rank: 10131 at1.listrakbi.com — Cisco Umbrella Rank: 10913 sca1.listrakbi.com — Cisco Umbrella Rank: 36966	27 KB
7	doubleclick.net 3 redirects googleads.g.doubleclick.net — Cisco Umbrella Rank: 44 stats.g.doubleclick.net — Cisco Umbrella Rank: 92 cm.g.doubleclick.net — Cisco Umbrella Rank: 212 bid.g.doubleclick.net — Cisco Umbrella Rank: 503	4 KB
7	adsrvr.org 1 redirects js.adsrvr.org — Cisco Umbrella Rank: 1531 insight.adsrvr.org — Cisco Umbrella Rank: 625 match.adsrvr.org — Cisco Umbrella Rank: 338	7 KB
5	nytrng.com 1 redirects nytrng.com — Cisco Umbrella Rank: 5085 cdn.nytrng.com — Cisco Umbrella Rank: 24731	9 KB
5	shop.pe 1 redirects shop.pe — Cisco Umbrella Rank: 11329 shopper.shop.pe — Cisco Umbrella Rank: 13218	10 KB
5	google.com www.google.com — Cisco Umbrella Rank: 7	15 KB
4	yahoo.com 4 redirects ups.analytics.yahoo.com — Cisco Umbrella Rank: 297 cms.analytics.yahoo.com — Cisco Umbrella Rank: 880	2 KB
4	casalemedia.com 4 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 557 ssum-sec.casalemedia.com — Cisco Umbrella Rank: 530	2 KB
4	google-analytics.com 1 redirects www.google-analytics.com — Cisco Umbrella Rank: 37 ssl.google-analytics.com — Cisco Umbrella Rank: 285	37 KB
3	pubmatic.com 2 redirects image2.pubmatic.com — Cisco Umbrella Rank: 932 image6.pubmatic.com — Cisco Umbrella Rank: 612	772 B
3	adnxs.com 3 redirects ib.adnxs.com — Cisco Umbrella Rank: 240	3 KB
3	demdex.net 3 redirects dpm.demdex.net — Cisco Umbrella Rank: 214	3 KB
3	rubiconproject.com 3 redirects pixel.rubiconproject.com — Cisco Umbrella Rank: 354 token.rubiconproject.com — Cisco Umbrella Rank: 692	2 KB
3	krxd.net 1 redirects beacon.krxd.net — Cisco Umbrella Rank: 472 usermatch.krxd.net — Cisco Umbrella Rank: 1256	801 B
3	cloudfront.net d3rr3d0n31t48m.cloudfront.net	52 KB
3	bing.com bat.bing.com — Cisco Umbrella Rank: 375	12 KB
2	exelator.com 2 redirects loadus.exelator.com — Cisco Umbrella Rank: 1244	2 KB
2	semasio.net 2 redirects uipglob.semasio.net — Cisco Umbrella Rank: 1171	1 KB
2	openx.net 2 redirects us-u.openx.net — Cisco Umbrella Rank: 399	385 B
2	scorecardresearch.com 2 redirects sb.scorecardresearch.com — Cisco Umbrella Rank: 141	622 B
2	serving-sys.com 2 redirects bs.serving-sys.com — Cisco Umbrella Rank: 1201 lm.serving-sys.com — Cisco Umbrella Rank: 1981	777 B
2	spotxchange.com 1 redirects sync.search.spotxchange.com — Cisco Umbrella Rank: 518	1005 B
2	adform.net 1 redirects c1.adform.net — Cisco Umbrella Rank: 571	892 B
2	myvisualiq.net 2 redirects t.myvisualiq.net — Cisco Umbrella Rank: 1521	986 B
2	advertising.com 2 redirects pixel.advertising.com — Cisco Umbrella Rank: 435	659 B
2	bidswitch.net 2 redirects x.bidswitch.net — Cisco Umbrella Rank: 287	1 KB
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 146	37 KB
2	gstatic.com fonts.gstatic.com	64 KB
2	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 71	81 KB
1	taboola.com 1 redirects sync.taboola.com — Cisco Umbrella Rank: 977	299 B
1	ispot.tv 1 redirects pi.ispot.tv — Cisco Umbrella Rank: 2301	343 B
1	ninthdecimal.com 1 redirects lciapi.ninthdecimal.com — Cisco Umbrella Rank: 3055	612 B
1	survata.com 1 redirects px.surveywall-api.survata.com — Cisco Umbrella Rank: 3065	749 B
1	mookie1.com 1 redirects odr.mookie1.com — Cisco Umbrella Rank: 947	584 B
1	samba.tv 1 redirects ads.samba.tv — Cisco Umbrella Rank: 5574	292 B
1	samplicio.us usersync.samplicio.us — Cisco Umbrella Rank: 2708	263 B
1	imdb.com 1 redirects www.imdb.com — Cisco Umbrella Rank: 2546	912 B
1	stickyadstv.com 1 redirects ads.stickyadstv.com — Cisco Umbrella Rank: 675	618 B
1	zeotap.com mwzeom.zeotap.com — Cisco Umbrella Rank: 1486	170 B
1	tremorhub.com 1 redirects amazon.partners.tremorhub.com — Cisco Umbrella Rank: 5595	399 B
1	bluekai.com 1 redirects tags.bluekai.com — Cisco Umbrella Rank: 458	672 B
1	agkn.com 1 redirects aa.agkn.com — Cisco Umbrella Rank: 441	643 B
1	facebook.com www.facebook.com — Cisco Umbrella Rank: 102	397 B
1	datasteam.io cdn.datasteam.io — Cisco Umbrella Rank: 18670	22 KB
1	googleadservices.com www.googleadservices.com — Cisco Umbrella Rank: 110	17 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 46	1 KB
1	chwplan.com www.chwplan.com	63 KB
1	reliefgiveaway.com reliefgiveaway.com	475 B
1	uyijknhgtrfgv.tk 1 redirects uyijknhgtrfgv.tk	376 B
113	51

	Domain	Requested by
33	s.amazon-adsystem.com	1 redirects chpromotion.com s.amazon-adsystem.com
23	chpromotion.com	reliefgiveaway.com chpromotion.com
5	www.google.com	www.googletagmanager.com chpromotion.com
4	nytrng.com	1 redirects d3rr3d0n31t48m.cloudfront.net cdn.nytrng.com
4	match.adsrvr.org	js.adsrvr.org
4	at1.listrakbi.com	cdn.listrakbi.com
4	shop.pe	1 redirects d3rr3d0n31t48m.cloudfront.net shopper.shop.pe
3	ib.adnxs.com	3 redirects
3	dpm.demdex.net	3 redirects
3	ups.analytics.yahoo.com	3 redirects
3	d3rr3d0n31t48m.cloudfront.net	chpromotion.com shop.pe
3	bat.bing.com	chpromotion.com bat.bing.com
2	image6.pubmatic.com	1 redirects s.amazon-adsystem.com
2	loadus.exelator.com	2 redirects
2	uipglob.semasio.net	2 redirects
2	ssum-sec.casalemedia.com	2 redirects
2	us-u.openx.net	2 redirects
2	sb.scorecardresearch.com	2 redirects
2	cm.g.doubleclick.net	2 redirects
2	sync.search.spotxchange.com	1 redirects s.amazon-adsystem.com
2	c1.adform.net	1 redirects s.amazon-adsystem.com
2	pixel.rubiconproject.com	2 redirects
2	beacon.krxd.net	s.amazon-adsystem.com
2	t.myvisualiq.net	2 redirects
2	pixel.advertising.com	2 redirects
2	x.bidswitch.net	2 redirects
2	dsum-sec.casalemedia.com	2 redirects
2	connect.facebook.net	chpromotion.com connect.facebook.net
2	stats.g.doubleclick.net	1 redirects www.google-analytics.com
2	ssl.google-analytics.com	1 redirects chpromotion.com
2	googleads.g.doubleclick.net	www.googleadservices.com www.google.com
2	fonts.gstatic.com	fonts.googleapis.com
2	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
2	js.adsrvr.org	chpromotion.com match.adsrvr.org
2	www.googletagmanager.com	chpromotion.com
1	cdn.nytrng.com	nytrng.com
1	shopper.shop.pe	shop.pe
1	insight.adsrvr.org	1 redirects
1	bid.g.doubleclick.net	www.google.com
1	sync.taboola.com	1 redirects
1	pi.ispot.tv	1 redirects
1	lciapi.ninthdecimal.com	1 redirects
1	token.rubiconproject.com	1 redirects
1	image2.pubmatic.com	1 redirects
1	usermatch.krxd.net	1 redirects
1	lm.serving-sys.com	1 redirects
1	bs.serving-sys.com	1 redirects
1	px.surveywall-api.survata.com	1 redirects
1	odr.mookie1.com	1 redirects
1	ads.samba.tv	1 redirects
1	usersync.samplicio.us	s.amazon-adsystem.com
1	www.imdb.com	1 redirects
1	ads.stickyadstv.com	1 redirects
1	mwzeom.zeotap.com	s.amazon-adsystem.com
1	cms.analytics.yahoo.com	1 redirects
1	amazon.partners.tremorhub.com	1 redirects
1	tags.bluekai.com	1 redirects
1	aa.agkn.com	1 redirects
1	sca1.listrakbi.com	chpromotion.com
1	www.facebook.com	chpromotion.com
1	s1.listrakbi.com	cdn.listrakbi.com
1	cdn.listrakbi.com	chpromotion.com
1	cdn.datasteam.io	chpromotion.com
1	www.googleadservices.com	chpromotion.com
1	fonts.googleapis.com	chpromotion.com
1	www.chwplan.com	chpromotion.com
1	reliefgiveaway.com
1	uyijknhgtrfgv.tk	1 redirects
113	68

This site contains links to these domains. Also see Links.

Domain
www.choicehomewarranty.com

Subject Issuer	Validity	Valid
reliefgiveaway.com Sectigo RSA Domain Validation Secure Server CA	`2021-12-01` - `2022-12-21`	a year	crt.sh
chwplan.com Go Daddy Secure Certificate Authority - G2	`2022-03-17` - `2023-04-18`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-05-04` - `2022-07-27`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2022-05-04` - `2022-07-27`	3 months	crt.sh
www.googleadservices.com GTS CA 1C3	`2022-05-04` - `2022-07-27`	3 months	crt.sh
cdn.datasteam.io Amazon	`2021-10-20` - `2022-11-17`	a year	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2022-03-31` - `2023-05-02`	a year	crt.sh
www.google.com GTS CA 1C3	`2022-05-04` - `2022-07-27`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2022-05-04` - `2022-07-27`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-05-04` - `2022-07-27`	3 months	crt.sh
*.google.com GTS CA 1C3	`2022-05-04` - `2022-07-27`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2022-03-02` - `2022-05-31`	3 months	crt.sh
www.bing.com Microsoft RSA TLS CA 01	`2022-03-16` - `2022-09-16`	6 months	crt.sh
*.listrakbi.com Amazon	`2022-01-10` - `2023-02-06`	a year	crt.sh
s.amazon-adsystem.com Amazon	`2022-05-09` - `2023-04-21`	a year	crt.sh
listrakbi.com Cloudflare Inc ECC CA-3	`2021-08-09` - `2022-08-08`	a year	crt.sh
*.cloudfront.net Amazon	`2022-02-01` - `2023-01-31`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-07-05` - `2022-07-04`	a year	crt.sh
beacon.krxd.net DigiCert TLS RSA SHA256 2020 CA1	`2021-11-03` - `2022-11-02`	a year	crt.sh
*.samplicio.us Amazon	`2022-03-18` - `2023-04-16`	a year	crt.sh
*.shop.pe RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1	`2021-09-06` - `2022-09-06`	a year	crt.sh
nytrng.com Amazon	`2022-04-24` - `2023-05-23`	a year	crt.sh
*.nytrng.com Amazon	`2021-10-17` - `2022-11-14`	a year	crt.sh

This page contains 9 frames:

Primary Page: https://chpromotion.com/a/a87/index.php?utm_source=spdlfm&utm_campaign=690430Rate&token=1265061381
Frame ID: E65CA358704B8812044AD408312D7D47
Requests: 64 HTTP requests in this frame

Frame: https://s.amazon-adsystem.com/iu3?d=generic&ex-fargs=%3Fid%3D3b289a46-9b76-58a9-88f0-c89b1606534d%26type%3D82%26m%3D1&ex-fch=416613&ex-src=https://www.choicehomewarranty.com/&ex-hargs=v%3D1.0%3Bc%3D6293635390601%3Bp%3D3B289A46-9B76-58A9-88F0-C89B1606534D&cb=578329293306815000&dcc=t
Frame ID: 9C02B3CA0CE14A8421E4798F260DD4B6
Requests: 1 HTTP requests in this frame

Frame: https://s.amazon-adsystem.com/v3/pr?exlist=ns_n-ix-HMT_bsw_bk_n-y-HMT_aold_n-visualiq_n-telaria_gem_n-zeotap-4_fw_imdb_n-kr-new_n-lucid_n-samba.tv_n-rb-HMT3_adelphic_adb_mp_sv_af_sx_n-sk_g_kr_n-comscr.com_ox_index_n-semasio-ecm_an_n-pm-HMT_rb_n-g-hmt_nsln_nd_n-ispot_pm_tbl&fv=1.0&a=cm&ex-pl-n-kr-new=gN-z2jCMRXSqhhPDeYqymw&ex-pl-n-g-hmt=HA6JZHfhRgazLWCXb52diw&ep=mfS4I4Lxm4iN8M-0MyueFbUuWyzCyTWZfUyDmU44Rc0fu2eTrNMOcwLTep3WXrd2jzCjEifRo2MfTh-vwp2hbiIVr8fqhcKWCV0SD65sugRC8qbdtcNPPHeMiayAkg8p_LdijQqhpe7YRvHM5e-HA5aCbOF-jqARzX4Jg4KAxxBCkFZVUuvoBLwT4nCIrzUjwP5ANcZ2wD5tTshTyDCfOTbq86vASmx7R3Uj7YNmlgdVgAxo-PwlSiothrB1PjRlOvU1EWtDvQXH7A3g_fLCxR0xPO5gR8vV7SzKxDwa0Jgq184ktBCaiiE6ZFggrL7rqYWqujJiWrs6q8oIvEpzvA
Frame ID: 43F7F52E4C9A3AEE5AACEB30B45482C9
Requests: 38 HTTP requests in this frame

Frame: https://bid.g.doubleclick.net/xbbe/pixel?d=KAE
Frame ID: F944BC7D143E32E1B57641ED1B189A05
Requests: 1 HTTP requests in this frame

Frame: https://match.adsrvr.org/track/upb/?adv=zl9kfqh1&ref=https%3A%2F%2Fchpromotion.com%2Fa%2Fa87%2Findex.php%3Futm_source%3Dspdlfm%26utm_campaign%3D690430Rate%26token%3D1265061381&upid=7h0r1mr&upv=1.1.0
Frame ID: 7A691C1E453756F6E26EA0A5F4CBEDBA
Requests: 2 HTTP requests in this frame

Frame: https://nytrng.com/iframe?vcp=4dd5h0np&as_id=a5a79d16d6d144c198be81a35761fee9
Frame ID: 161ED289E10B1197EC72005850C9B2D1
Requests: 4 HTTP requests in this frame

Frame: https://match.adsrvr.org/track/cmf/generic?ttd_pid=aam
Frame ID: C038E1F86F4BB6FB2E2CC9B540405351
Requests: 1 HTTP requests in this frame

Frame: https://match.adsrvr.org/track/cmf/appnexus?ttd=1&anid=1906498781753493678&ttd_tdid=40d09c88-4f38-4ad6-bcd5-1fef784a52f8
Frame ID: 6853628BA5644ECAEF8E3C2125A69A7B
Requests: 1 HTTP requests in this frame

Frame: https://match.adsrvr.org/track/cmf/rubicon?gdpr=0
Frame ID: 126C3DA70E8D668BC070AA0489ED2049
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Choice Home Warranty

Page URL History Show full URLs

http://uyijknhgtrfgv.tk/qs=r-abacafcfjfkfacaejfbdababacaihaddeaccackifadfgiakebfiacb HTTP 302
https://reliefgiveaway.com/176486cce9ad6174000/38402_1_11/0_1_0_0_1_4148494_76_2457_93047_1_10_1974/76 Page URL
https://chpromotion.com/a/a87/index.php?utm_source=spdlfm&utm_campaign=690430Rate&token=1265061381 Page URL

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

PubMatic (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.pubmatic\.com

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

113
Requests

67 %
HTTPS

21 %
IPv6

51
Domains

68
Subdomains

32
IPs

3
Countries

2909 kB
Transfer

3490 kB
Size

60
Cookies

3 Outgoing links

These are links going to different origins than the main page.

URL: https://www.choicehomewarranty.com/user_agreement.php
Title: Click Here

Search URL Search Domain Scan URL

URL: https://www.choicehomewarranty.com/privacy_policy.php
Title: Privacy Policy

Search URL Search Domain Scan URL

URL: https://www.choicehomewarranty.com/homeowners/california-residents/
Title: Click Here

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://uyijknhgtrfgv.tk/qs=r-abacafcfjfkfacaejfbdababacaihaddeaccackifadfgiakebfiacb HTTP 302
https://reliefgiveaway.com/176486cce9ad6174000/38402_1_11/0_1_0_0_1_4148494_76_2457_93047_1_10_1974/76 Page URL
https://chpromotion.com/a/a87/index.php?utm_source=spdlfm&utm_campaign=690430Rate&token=1265061381 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

http://uyijknhgtrfgv.tk/qs=r-abacafcfjfkfacaejfbdababacaihaddeaccackifadfgiakebfiacb HTTP 302
https://reliefgiveaway.com/176486cce9ad6174000/38402_1_11/0_1_0_0_1_4148494_76_2457_93047_1_10_1974/76

Request Chain 40

https://ssl.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=1&utmn=76703642&utmhn=chpromotion.com&utmcs=UTF-8&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=Choice%20Home%20Warranty&utmhid=390998508&utmr=https%3A%2F%2Freliefgiveaway.com%2F&utmp=%2Fa%2Fa87%2Findex.php%3Futm_source%3Dspdlfm%26utm_campaign%3D690430Rate%26token%3D1265061381&utmht=1653330117707&utmac=UA-6898183-1&utmcc=__utma%3D212881990.1246858029.1653330118.1653330118.1653330118.1%3B%2B__utmz%3D212881990.1653330118.1.1.utmcsr%3Dspdlfm%7Cutmccn%3D690430Rate%7Cutmcmd%3D(not%2520set)%3B&utmjid=282085501&utmredir=1&utmu=DAAAAAAAAAAAAAAAAAABAAAE~ HTTP 302
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-6898183-1&cid=1246858029.1653330118&jid=282085501&_v=5.7.2&z=76703642 HTTP 302
https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-6898183-1&cid=1246858029.1653330118&jid=282085501&_v=5.7.2&z=76703642

Request Chain 44

https://shop.pe/widget/widget_async.js HTTP 301
https://d3rr3d0n31t48m.cloudfront.net/widget/widget_async.js

Request Chain 45

https://s.amazon-adsystem.com/iu3?d=generic&ex-fargs=%3Fid%3D3b289a46-9b76-58a9-88f0-c89b1606534d%26type%3D82%26m%3D1&ex-fch=416613&ex-src=https://www.choicehomewarranty.com/&ex-hargs=v%3D1.0%3Bc%3D6293635390601%3Bp%3D3B289A46-9B76-58A9-88F0-C89B1606534D&cb=578329293306815000 HTTP 302
https://s.amazon-adsystem.com/iu3?d=generic&ex-fargs=%3Fid%3D3b289a46-9b76-58a9-88f0-c89b1606534d%26type%3D82%26m%3D1&ex-fch=416613&ex-src=https://www.choicehomewarranty.com/&ex-hargs=v%3D1.0%3Bc%3D6293635390601%3Bp%3D3B289A46-9B76-58A9-88F0-C89B1606534D&cb=578329293306815000&dcc=t

Request Chain 58

https://aa.agkn.com/adscores/g.pixel?sid=9212284268 HTTP 302
https://s.amazon-adsystem.com/ecm3?id=212610604160011328700&ex=neustar.biz

Request Chain 59

https://dsum-sec.casalemedia.com/rrum?cm_dsp_id=198&external_user_id=sN7SdgpUS5K3Z_jAhXkw3Q&cb=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3DindexHMT%26id%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3DindexHMT%26id%3D&cm_dsp_id=198&external_user_id=sN7SdgpUS5K3Z_jAhXkw3Q&C=1 HTTP 302
https://s.amazon-adsystem.com/ecm3?ex=indexHMT&id=

Request Chain 60

https://x.bidswitch.net/sync_a9/https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dbidswitch.com%26id%3D%24%7BUUID%7D HTTP 302
https://x.bidswitch.net/ul_cb/sync_a9/https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dbidswitch.com%26id%3D%24%7BUUID%7D HTTP 302
https://s.amazon-adsystem.com/ecm3?ex=bidswitch.com&id=ebe70b73e4adff5eae68c0393363470f

Request Chain 61

https://tags.bluekai.com/site/36840?redir=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dbluekai.com%26id%3D%24_BK_UUID HTTP 302
https://s.amazon-adsystem.com/ecm3?ex=bluekai.com&id=$_BK_UUID

Request Chain 62

https://ups.analytics.yahoo.com/ups/58516/sync?_origin=1&redir=true&uid=QICKuqj2QgigtEnjGzIlGQ HTTP 302
https://ups.analytics.yahoo.com/ups/58516/sync?_origin=1&redir=true&uid=QICKuqj2QgigtEnjGzIlGQ&verify=true HTTP 302
https://s.amazon-adsystem.com/ecm3?ex=yahooHMT&id=QICKuqj2QgigtEnjGzIlGQ

Request Chain 63

https://pixel.advertising.com/ups/56466/sync?redir=true&_origin=1 HTTP 302
https://pixel.advertising.com/ups/56466/sync?redir=true&_origin=1&verify=true HTTP 302
https://ups.analytics.yahoo.com/ups/56466/sync?redir=true&_origin=1&apid=UP3b4961f3-dac5-11ec-b133-02869fbfb009 HTTP 302
https://s.amazon-adsystem.com/ecm3?id=634bb0095188f60ff6358688aba977550baeb167&ex=aoldisplay.com

Request Chain 64

https://t.myvisualiq.net/sync?prid=AMZNPNR1&ao=0&red=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dvisualiq%26id%3D%24%7BUUID%7D HTTP 302
https://t.myvisualiq.net/ul_cb/sync?prid=AMZNPNR1&ao=0&red=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dvisualiq%26id%3D%24%7BUUID%7D HTTP 302
https://s.amazon-adsystem.com/ecm3?ex=visualiq&id=0-cc449bc7-b403-4db3-b8a5-1deb5ac626a4

Request Chain 65

https://amazon.partners.tremorhub.com/sync?UIAM&redir=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dtelaria.com%26id%3D%5BPARTNER_ID%5D HTTP 302
https://s.amazon-adsystem.com/ecm3?ex=telaria.com&id=f037713f533f4b46bc388bb5f8ff4325

Request Chain 66

https://cms.analytics.yahoo.com/cms?partner_id=AMAZON&ex=gemini HTTP 302
https://s.amazon-adsystem.com/ecm3?id=y-DLFXZZNE2pH7y8SuAsPmART.n9j6e6WsLsKT~A&status=NOT_FOUND&ex=gemini

Request Chain 68

https://ads.stickyadstv.com/user-matching?id=2545 HTTP 302
https://s.amazon-adsystem.com/ecm3?id=db27c6fccd0cef96e99a113e8ebbee&ex=freewheel.tv&gdpr=0&gdpr_consent=

Request Chain 69

https://www.imdb.com/ads/idsync?cid=a706a6beb&ex=imdb.com HTTP 302
https://s.amazon-adsystem.com/ecm3?rcode=1&ex=imdb.com

Request Chain 72

https://ads.samba.tv/cookie_sync?https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dsamba.tv%26id%3D HTTP 302
https://s.amazon-adsystem.com/ecm3?ex=samba.tv&id=f69c38079d25a04c

Request Chain 73

https://pixel.rubiconproject.com/token?pid=2179&pt=n&puid=-pSKeXBLQnq5ZdKM4zsg9Q&rk=usync-na HTTP 302
https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=-pSKeXBLQnq5ZdKM4zsg9Q

Request Chain 74

https://dpm.demdex.net/ibs:dpid=139200&dpuuid=3n1YAKOcT9CLLLLW6YMt0g&redir=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dadobe.com%26id%3D%24%7BDD_UUID%7D HTTP 302
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=139200&dpuuid=3n1YAKOcT9CLLLLW6YMt0g&redir=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dadobe.com%26id%3D%24%7BDD_UUID%7D HTTP 302
https://s.amazon-adsystem.com/ecm3?ex=adobe.com&id=31603385221609099573570862640923504705

Request Chain 75

https://odr.mookie1.com/t/v2?tagid=V2_393725&AMAZON_REGION_SPECIFIC_ENDPOINT=s.amazon-adsystem.com&src.visitorID=Oy8CC6baQHSW60ZQzu3EtQ HTTP 302
https://s.amazon-adsystem.com/ecm3?ex=mplatform.com&id=10594366283498790848&gdpr=&gdpr_consent=

Request Chain 76

https://px.surveywall-api.survata.com/z?l=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dsurvata.com%26id%3D HTTP 302
https://s.amazon-adsystem.com/ecm3?ex=survata.com&id=

Request Chain 77

https://c1.adform.net/serving/cookie/match?party=1153&redirect_url=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dadform.net%26id%3D%24%7BUUID%7D HTTP 302
https://c1.adform.net/serving/cookie/match?CC=1&party=1153&redirect_url=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dadform.net%26id%3D%24%7BUUID%7D

Request Chain 78

https://sync.search.spotxchange.com/partner?adv_id=7922&redir=https://s.amazon-adsystem.com/ecm3?ex%3Dspotx.com%26id%3D%24SPOTX_USER_ID HTTP 302
https://sync.search.spotxchange.com/partner?adv_id=7922&redir=https://s.amazon-adsystem.com/ecm3?ex%3Dspotx.com%26id%3D%24SPOTX_USER_ID&__user_check__=1&sync_id=3b6be94e-dac5-11ec-af68-162fe7890403

Request Chain 79

https://bs.serving-sys.com/Serving?cn=cs&rtu=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dsizmek%26id%3D%5B%25tp_UserID%25%5D HTTP 302
https://lm.serving-sys.com/lm/acs?json={%22GUID%22:%22574b7f98-09d2-413c-89a0-1a3c2f501312%22,%22Time%22:%2220220523T182158.199510%22}&rtu=https://s.amazon-adsystem.com/ecm3?ex=sizmek&id=[%tp_UserID%] HTTP 302
https://s.amazon-adsystem.com/ecm3?ex=sizmek&id=574b7f98-09d2-413c-89a0-1a3c2f501312

Request Chain 80

https://cm.g.doubleclick.net/pixel?google_nid=a9&google_cm&ex=doubleclick.net HTTP 302
https://s.amazon-adsystem.com/ecm3?ex=doubleclick.net&google_gid=CAESEFWmT2MS_Kogj9wU2wnrqcg&google_cver=1

Request Chain 81

https://usermatch.krxd.net/um/v2?partner=amzn HTTP 302
https://beacon.krxd.net/usermatch.gif?kuid_status=new&partner=amzn

Request Chain 82

https://sb.scorecardresearch.com/p?c1=9&c2=27552257&r=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dcomscore.com%26id%3D%25AX_UUID%25 HTTP 302
https://sb.scorecardresearch.com/p2?c1=9&c2=27552257&r=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dcomscore.com%26id%3D%25AX_UUID%25 HTTP 302
https://s.amazon-adsystem.com/ecm3?ex=comscore.com&id=918fa180b9661135eb98441f7af9d2c0

Request Chain 83

https://us-u.openx.net/w/1.0/cm?id=e818ca1e-0c23-caa8-0dd3-096b0ada08b7&r=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dopenx.com%26id%3D%7BOPENX_ID%7D HTTP 302
https://us-u.openx.net/w/1.0/cm?cc=1&id=e818ca1e-0c23-caa8-0dd3-096b0ada08b7&r=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dopenx.com%26id%3D%7BOPENX_ID%7D HTTP 302
https://s.amazon-adsystem.com/ecm3?ex=openx.com&id=c87a14c7-ef6a-c80f-2592-987048bd7b39

Request Chain 84

https://ssum-sec.casalemedia.com/usermatchredir?s=184155&cb=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dindex%26id%3D__UID__ HTTP 302
https://ssum-sec.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dindex%26id%3D__UID__&s=184155&C=1 HTTP 302
https://s.amazon-adsystem.com/ecm3?ex=index&id=0

Request Chain 85

https://uipglob.semasio.net/amazon/1/get?_url=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dsemasio%26id%3D%24%7BUIPID%28%29%7D HTTP 302
https://uipglob.semasio.net/amazon/1/get2?_url=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dsemasio%26id%3D%24%7BUIPID%28%29%7D HTTP 302
https://s.amazon-adsystem.com/ecm3?ex=semasio&id=522A929774DCC135

Request Chain 86

https://ib.adnxs.com/getuid?https://s.amazon-adsystem.com/ecm3?id=$UID&ex=appnexus.com HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fid%3D%24UID%26ex%3Dappnexus.com HTTP 302
https://s.amazon-adsystem.com/ecm3?id=1906498781753493678&ex=appnexus.com

Request Chain 87

https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzgmdGw9MTI5NjAw&piggybackCookie=4UqsgSa8QIq6o4-c5L5mSA&rd=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3DpubmaticHMT%26id%3D%24%7BDSP_UID%7D HTTP 302
https://s.amazon-adsystem.com/ecm3?ex=pubmaticHMT&id=4UqsgSa8QIq6o4-c5L5mSA

Request Chain 88

https://token.rubiconproject.com/token?pid=2179&pt=n HTTP 302
https://s.amazon-adsystem.com/ecm3?id=I3PMeIIeizowby0ANmfVY8WWwYjZzChgQG1x_JmYjWc&ex=rubiconproject.com&status=ok

Request Chain 89

https://cm.g.doubleclick.net/pixel?google_nid=a9&google_hm=HA6JZHfhRgazLWCXb52diw& HTTP 302
https://s.amazon-adsystem.com/ecm3?ex=googleHMT

Request Chain 90

https://loadus.exelator.com/load/?p=204&g=8888&j=0 HTTP 302
https://loadus.exelator.com/load/?p=204&g=8888&j=0&xl8blockcheck=1 HTTP 302
https://s.amazon-adsystem.com/ecm3?&ex=nielsen&id=18e51fec6601ed89b49c2364af5847c4

Request Chain 91

https://lciapi.ninthdecimal.com/v1/lci/sync/adv-amzn/c-23445/?rdr=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3F%26ex%3Dninthdecimal.com%26id%3D%24%7BND_UID%7D HTTP 302
https://s.amazon-adsystem.com/ecm3?&ex=ninthdecimal.com&id=BFB44F2DC6D08B624707CB8C02DC9013

Request Chain 92

https://pi.ispot.tv/v2/TC-3673-1.gif?redir=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dispot.tv%26id%3D%7BISID%7D HTTP 302
https://s.amazon-adsystem.com/ecm3?ex=ispot.tv&id=c3074ebe6db31f8c9cbda89be74002a5167fc48d4ca9db59222f65d281c50519

Request Chain 93

https://image6.pubmatic.com/AdServer/UCookieSetPug?rd=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dpubmatic.com%26id%3D%23PM_USER_ID HTTP 302
https://image6.pubmatic.com/AdServer/UCookieSetPug?rd=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dpubmatic.com%26id%3D%23PM_USER_ID&rdf=1

Request Chain 94

https://sync.taboola.com/sg/amazon-a9-network/1/rtb HTTP 302
https://s.amazon-adsystem.com/ecm3?ex=taboola.com&id=e6a45e01-b886-4a8c-b042-2420a4d82f6b-tuct9855646

Request Chain 99

https://insight.adsrvr.org/track/up?adv=zl9kfqh1&ref=https%3A%2F%2Fchpromotion.com%2Fa%2Fa87%2Findex.php%3Futm_source%3Dspdlfm%26utm_campaign%3D690430Rate%26token%3D1265061381&upid=7h0r1mr&upv=1.1.0 HTTP 302
https://match.adsrvr.org/track/upb/?adv=zl9kfqh1&ref=https%3A%2F%2Fchpromotion.com%2Fa%2Fa87%2Findex.php%3Futm_source%3Dspdlfm%26utm_campaign%3D690430Rate%26token%3D1265061381&upid=7h0r1mr&upv=1.1.0

Request Chain 105

https://dpm.demdex.net/ibs:dpid=903&dpuuid=40d09c88-4f38-4ad6-bcd5-1fef784a52f8&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fmatch.adsrvr.org%2Ftrack%2Fcmf%2Fgeneric%3Fttd_pid%3Daam HTTP 302
https://match.adsrvr.org/track/cmf/generic?ttd_pid=aam

Request Chain 106

https://ib.adnxs.com/getuid?https%3a%2f%2fmatch.adsrvr.org%2ftrack%2fcmf%2fappnexus%3fttd%3d1%26anid%3d%24UID&ttd_tdid=40d09c88-4f38-4ad6-bcd5-1fef784a52f8 HTTP 302
https://match.adsrvr.org/track/cmf/appnexus?ttd=1&anid=1906498781753493678&ttd_tdid=40d09c88-4f38-4ad6-bcd5-1fef784a52f8

Request Chain 107

https://pixel.rubiconproject.com/tap.php?v=8981&nid=2307&put=40d09c88-4f38-4ad6-bcd5-1fef784a52f8&gdpr=0&gdpr_consent=&expires=30&next=https%3A%2F%2Fmatch.adsrvr.org%2Ftrack%2Fcmf%2Frubicon HTTP 302
https://match.adsrvr.org/track/cmf/rubicon?gdpr=0

Request Chain 110

https://nytrng.com/mper HTTP 301
https://nytrng.com/mper/a01984e413da7259757b2dbb2a5d3502

113 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

76
reliefgiveaway.com/176486cce9ad6174000/38402_1_11/0_1_0_0_1_4148494_76_2457_93047_1_10_1974/
Redirect Chain

http://uyijknhgtrfgv.tk/qs=r-abacafcfjfkfacaejfbdababacaihaddeaccackifadfgiakebfiacb
https://reliefgiveaway.com/176486cce9ad6174000/38402_1_11/0_1_0_0_1_4148494_76_2457_93047_1_10_1974/76

161 B
475 B

748ms
254ms

Document
text/html

207.99.40.82
COLOGIX

General

Check archive.org

Show headers Download Go to

Full URL: https://reliefgiveaway.com/176486cce9ad6174000/38402_1_11/0_1_0_0_1_4148494_76_2457_93047_1_10_1974/76
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 207.99.40.82 Parsippany, United States, ASN8001 (COLOGIX, US),
Reverse DNS
Software: Apache /
Resource Hash

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:90.0) Gecko/20100101 Firefox/90.0
accept-language: en-US,en;q=0.9
referer: https://mail.google.com/mail/u/0/#spam/WhctKKXXHvzjSctLbMzQxKlcSFjJHwljWccPgCLgfNWLXNDCpcpNwZSMhglWkTRhxWRXtRB

Response headers

Connection: close
Content-Length: 161
Content-Type: text/html; charset=UTF-8
Date: Mon, 23 May 2022 18:21:57 GMT
Server: Apache

Redirect headers

Connection: Keep-Alive
Content-Length: 0
Content-Type: text/html; charset=UTF-8
Date: Mon, 23 May 2022 18:21:15 GMT
Keep-Alive: timeout=5, max=100
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16
X-Powered-By: PHP/5.4.16
location: https://reliefgiveaway.com/176486cce9ad6174000/38402_1_11/0_1_0_0_1_4148494_76_2457_93047_1_10_1974/76

GET
H/1.1 200
OK Primary Request index.php Show response
chpromotion.com/a/a87/ 51 KB
51 KB 68ms
20ms Document
text/html 146.20.84.216
RACKSPACE

General

Check archive.org

Show headers Download Go to

Full URL: https://chpromotion.com/a/a87/index.php?utm_source=spdlfm&utm_campaign=690430Rate&token=1265061381
Requested by: Host: reliefgiveaway.com
URL: https://reliefgiveaway.com/176486cce9ad6174000/38402_1_11/0_1_0_0_1_4148494_76_2457_93047_1_10_1974/76
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 146.20.84.216 , United States, ASN27357 (RACKSPACE, US),
Reverse DNS
Software: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.6.40 / PHP/5.6.40
Resource Hash: 105a51defb00f2c0ee11596279532e30d9d7ddd15c8e10d9fe9c067f6488e180

Request headers

Referer: https://reliefgiveaway.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:90.0) Gecko/20100101 Firefox/90.0
accept-language: en-US,en;q=0.9
referer: https://mail.google.com/mail/u/0/#spam/WhctKKXXHvzjSctLbMzQxKlcSFjJHwljWccPgCLgfNWLXNDCpcpNwZSMhglWkTRhxWRXtRB

Response headers

Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Date: Mon, 23 May 2022 18:21:57 GMT
Keep-Alive: timeout=5, max=61
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.6.40
Transfer-Encoding: chunked
X-Powered-By: PHP/5.6.40

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 99 KB
38 KB 38ms
20ms Script
application/javascript 2607:f8b0:4006:822::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-6898183-1

Requested by

Host: chpromotion.com
URL: https://chpromotion.com/a/a87/index.php?utm_source=spdlfm&utm_campaign=690430Rate&token=1265061381

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:822::2008 Staten Island, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

7d054245a4320f88475d232901aa17263f6dbbc65b0acf4775a67f3f31cb7d08

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://mail.google.com/mail/u/0/#spam/WhctKKXXHvzjSctLbMzQxKlcSFjJHwljWccPgCLgfNWLXNDCpcpNwZSMhglWkTRhxWRXtRB
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:90.0) Gecko/20100101 Firefox/90.0

Response headers

date: Mon, 23 May 2022 18:21:57 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 39172
x-xss-protection: 0
last-modified: Mon, 23 May 2022 18:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 23 May 2022 18:21:57 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 106 KB
42 KB 37ms
19ms Script
application/javascript 2607:f8b0:4006:822::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-1038983633

Requested by

Host: chpromotion.com
URL: https://chpromotion.com/a/a87/index.php?utm_source=spdlfm&utm_campaign=690430Rate&token=1265061381

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:822::2008 Staten Island, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

7b6c943590df9e461e2adfe68415516a830f5852f730b64c98df61e4a3c044ea

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://mail.google.com/mail/u/0/#spam/WhctKKXXHvzjSctLbMzQxKlcSFjJHwljWccPgCLgfNWLXNDCpcpNwZSMhglWkTRhxWRXtRB
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:90.0) Gecko/20100101 Firefox/90.0

Response headers

date: Mon, 23 May 2022 18:21:57 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42806
x-xss-protection: 0
last-modified: Mon, 23 May 2022 18:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 23 May 2022 18:21:57 GMT

GET
H/1.1 200
OK bootstrap.min.css
chpromotion.com/a/a87/bootstrap/css/ 119 KB
119 KB 15ms
13ms Stylesheet
text/css 146.20.84.216
RACKSPACE

General

Check archive.org

Show headers Download Go to

Full URL: https://chpromotion.com/a/a87/bootstrap/css/bootstrap.min.css
Requested by: Host: chpromotion.com
URL: https://chpromotion.com/a/a87/index.php?utm_source=spdlfm&utm_campaign=690430Rate&token=1265061381
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 146.20.84.216 , United States, ASN27357 (RACKSPACE, US),
Reverse DNS
Software: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.6.40 /
Resource Hash: edd03ab3a1f8f4fee1f13400764eaa7de9b4ec3da31a2de7f2a5a40e2ea181a7

Request headers

accept-language: en-US,en;q=0.9
Referer: https://mail.google.com/mail/u/0/#spam/WhctKKXXHvzjSctLbMzQxKlcSFjJHwljWccPgCLgfNWLXNDCpcpNwZSMhglWkTRhxWRXtRB
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:90.0) Gecko/20100101 Firefox/90.0

Response headers

Date: Mon, 23 May 2022 18:21:57 GMT
Last-Modified: Thu, 05 Apr 2018 19:01:38 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.6.40
ETag: "1da10-5691e91c349de"
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 121360

GET
H/1.1 200
OK font-awesome.css
chpromotion.com/a/a87/bootstrap/css/ 22 KB
22 KB 35ms
14ms Stylesheet
text/css 146.20.84.216
RACKSPACE

General

Check archive.org

Show headers Download Go to

Full URL: https://chpromotion.com/a/a87/bootstrap/css/font-awesome.css
Requested by: Host: chpromotion.com
URL: https://chpromotion.com/a/a87/index.php?utm_source=spdlfm&utm_campaign=690430Rate&token=1265061381
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 146.20.84.216 , United States, ASN27357 (RACKSPACE, US),
Reverse DNS
Software: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.6.40 /
Resource Hash: 52b860bf171d4c3ddb8c50fe9b1cf48cd6337c07f0b111788d7ba34aad733299

Request headers

accept-language: en-US,en;q=0.9
Referer: https://mail.google.com/mail/u/0/#spam/WhctKKXXHvzjSctLbMzQxKlcSFjJHwljWccPgCLgfNWLXNDCpcpNwZSMhglWkTRhxWRXtRB
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:90.0) Gecko/20100101 Firefox/90.0

Response headers

Date: Mon, 23 May 2022 18:21:57 GMT
Last-Modified: Thu, 05 Apr 2018 19:01:39 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.6.40
ETag: "58b3-5691e91c47a8f"
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 22707

GET
H/1.1 200
OK style.css
chpromotion.com/a/a87/css/ 3 KB
3 KB 37ms
14ms Stylesheet
text/css 146.20.84.216
RACKSPACE

General

Check archive.org

Show headers Download Go to

Full URL: https://chpromotion.com/a/a87/css/style.css?1653330117
Requested by: Host: chpromotion.com
URL: https://chpromotion.com/a/a87/index.php?utm_source=spdlfm&utm_campaign=690430Rate&token=1265061381
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 146.20.84.216 , United States, ASN27357 (RACKSPACE, US),
Reverse DNS
Software: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.6.40 /
Resource Hash: f3a974df6314eccf6bafadf8a8008e1b9c5e4686688f862c6a4e866f20725d72

Request headers

accept-language: en-US,en;q=0.9
Referer: https://mail.google.com/mail/u/0/#spam/WhctKKXXHvzjSctLbMzQxKlcSFjJHwljWccPgCLgfNWLXNDCpcpNwZSMhglWkTRhxWRXtRB
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:90.0) Gecko/20100101 Firefox/90.0

Response headers

Date: Mon, 23 May 2022 18:21:57 GMT
Last-Modified: Thu, 05 Apr 2018 19:01:43 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.6.40
ETag: "a2b-5691e92078ad7"
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=60
Content-Length: 2603

GET
H/1.1 200
OK jquery-1.11.1.min.js Show response
chpromotion.com/a/a87/bootstrap/js/ 94 KB
94 KB 40ms
16ms Script
application/javascript 146.20.84.216
RACKSPACE

General

Check archive.org

Show headers Download Go to

Full URL: https://chpromotion.com/a/a87/bootstrap/js/jquery-1.11.1.min.js
Requested by: Host: chpromotion.com
URL: https://chpromotion.com/a/a87/index.php?utm_source=spdlfm&utm_campaign=690430Rate&token=1265061381
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 146.20.84.216 , United States, ASN27357 (RACKSPACE, US),
Reverse DNS
Software: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.6.40 /
Resource Hash: 540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441

Request headers

accept-language: en-US,en;q=0.9
Referer: https://mail.google.com/mail/u/0/#spam/WhctKKXXHvzjSctLbMzQxKlcSFjJHwljWccPgCLgfNWLXNDCpcpNwZSMhglWkTRhxWRXtRB
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:90.0) Gecko/20100101 Firefox/90.0

Response headers

Date: Mon, 23 May 2022 18:21:57 GMT
Last-Modified: Thu, 05 Apr 2018 19:01:39 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.6.40
ETag: "1762a-5691e91d080bd"
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=57
Content-Length: 95786

GET
H/1.1 200
OK masked.min.js Show response
www.chwplan.com/jsinc/ 62 KB
63 KB 109ms
13ms Script
application/javascript 146.20.84.216
RACKSPACE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.chwplan.com/jsinc/masked.min.js
Requested by: Host: chpromotion.com
URL: https://chpromotion.com/a/a87/index.php?utm_source=spdlfm&utm_campaign=690430Rate&token=1265061381
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 146.20.84.216 , United States, ASN27357 (RACKSPACE, US),
Reverse DNS
Software: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.6.40 /
Resource Hash: ee5e6f24e63a934667e065cf35fa4cdb9a1ec3391da17621c3994fdb63bb82ea

Request headers

accept-language: en-US,en;q=0.9
Referer: https://mail.google.com/mail/u/0/#spam/WhctKKXXHvzjSctLbMzQxKlcSFjJHwljWccPgCLgfNWLXNDCpcpNwZSMhglWkTRhxWRXtRB
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:90.0) Gecko/20100101 Firefox/90.0

Response headers

Date: Mon, 23 May 2022 18:21:57 GMT
Last-Modified: Mon, 02 Apr 2018 18:08:00 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.6.40
ETag: "f85d-568e1785f6000"
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=30
Content-Length: 63581

GET
H2 200 css
fonts.googleapis.com/ 7 KB
1 KB 41ms
22ms Stylesheet
text/css 2607:f8b0:4006:817::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Ubuntu:400,500,700,300

Requested by

Host: chpromotion.com
URL: https://chpromotion.com/a/a87/index.php?utm_source=spdlfm&utm_campaign=690430Rate&token=1265061381

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:817::200a Staten Island, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

0e87a1cbe106e401c305a8a3a20573b43fd9af49b2ab7cb18fab46727c854cf5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://mail.google.com/mail/u/0/#spam/WhctKKXXHvzjSctLbMzQxKlcSFjJHwljWccPgCLgfNWLXNDCpcpNwZSMhglWkTRhxWRXtRB
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:90.0) Gecko/20100101 Firefox/90.0

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Mon, 23 May 2022 18:21:57 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 23 May 2022 18:21:57 GMT

GET
H/1.1 200
OK logo2.png
chpromotion.com/a/a87/images/ 15 KB
15 KB 15ms
15ms Image
image/png 146.20.84.216
RACKSPACE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://chpromotion.com/a/a87/images/logo2.png
Requested by: Host: chpromotion.com
URL: https://chpromotion.com/a/a87/index.php?utm_source=spdlfm&utm_campaign=690430Rate&token=1265061381
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 146.20.84.216 , United States, ASN27357 (RACKSPACE, US),
Reverse DNS
Software: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.6.40 /
Resource Hash: 79270dfeec80a9831db892c6afa6203afcfcbe58fb78d76c6b610b9b79a45739

Request headers

accept-language: en-US,en;q=0.9
Referer: https://mail.google.com/mail/u/0/#spam/WhctKKXXHvzjSctLbMzQxKlcSFjJHwljWccPgCLgfNWLXNDCpcpNwZSMhglWkTRhxWRXtRB
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:90.0) Gecko/20100101 Firefox/90.0

Response headers

Date: Mon, 23 May 2022 18:21:57 GMT
Last-Modified: Fri, 11 Mar 2022 19:40:51 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.6.40
ETag: "3a67-5d9f682207e1b"
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=56
Content-Length: 14951

GET
H/1.1 404
Not Found spinner.gif
chpromotion.com/a/a87/ 215 B
215 B 13ms
12ms Image
text/html 146.20.84.216
RACKSPACE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://chpromotion.com/a/a87/spinner.gif
Requested by: Host: chpromotion.com
URL: https://chpromotion.com/a/a87/index.php?utm_source=spdlfm&utm_campaign=690430Rate&token=1265061381
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 146.20.84.216 , United States, ASN27357 (RACKSPACE, US),
Reverse DNS
Software: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.6.40 /
Resource Hash: a4394c795c4144177ff8bb4d0cedfd77bdd7a05d49f5546838010e795d5caf77

Request headers

accept-language: en-US,en;q=0.9
Referer: https://mail.google.com/mail/u/0/#spam/WhctKKXXHvzjSctLbMzQxKlcSFjJHwljWccPgCLgfNWLXNDCpcpNwZSMhglWkTRhxWRXtRB
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:90.0) Gecko/20100101 Firefox/90.0

Response headers

Date: Mon, 23 May 2022 18:21:57 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.6.40
Connection: Keep-Alive
Keep-Alive: timeout=5, max=59
Content-Length: 215
Content-Type: text/html; charset=iso-8859-1

GET
H/1.1 200
OK icon1.png
chpromotion.com/a/a87/images/ 15 KB
16 KB 16ms
14ms Image
image/png 146.20.84.216
RACKSPACE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://chpromotion.com/a/a87/images/icon1.png
Requested by: Host: chpromotion.com
URL: https://chpromotion.com/a/a87/index.php?utm_source=spdlfm&utm_campaign=690430Rate&token=1265061381
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 146.20.84.216 , United States, ASN27357 (RACKSPACE, US),
Reverse DNS
Software: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.6.40 /
Resource Hash: 4540fe3d85b175ac7c0272025c164aee14f38b34d5515d35591fe752eeab7780

Request headers

accept-language: en-US,en;q=0.9
Referer: https://mail.google.com/mail/u/0/#spam/WhctKKXXHvzjSctLbMzQxKlcSFjJHwljWccPgCLgfNWLXNDCpcpNwZSMhglWkTRhxWRXtRB
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:90.0) Gecko/20100101 Firefox/90.0

Response headers

Date: Mon, 23 May 2022 18:21:57 GMT
Last-Modified: Fri, 08 Oct 2021 21:02:20 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.6.40
ETag: "3cf8-5cdddb1ebd312"
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=96
Content-Length: 15608

GET
H/1.1 200
OK icon2.png
chpromotion.com/a/a87/images/ 15 KB
15 KB 14ms
12ms Image
image/png 146.20.84.216
RACKSPACE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://chpromotion.com/a/a87/images/icon2.png
Requested by: Host: chpromotion.com
URL: https://chpromotion.com/a/a87/index.php?utm_source=spdlfm&utm_campaign=690430Rate&token=1265061381
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 146.20.84.216 , United States, ASN27357 (RACKSPACE, US),
Reverse DNS
Software: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.6.40 /
Resource Hash: 688aa4443fd103dd4eba9512fbd4a0ff2c47b8ebbd4b8c8d4aaef45f4e4f48b0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://mail.google.com/mail/u/0/#spam/WhctKKXXHvzjSctLbMzQxKlcSFjJHwljWccPgCLgfNWLXNDCpcpNwZSMhglWkTRhxWRXtRB
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:90.0) Gecko/20100101 Firefox/90.0

Response headers

Date: Mon, 23 May 2022 18:21:57 GMT
Last-Modified: Fri, 10 Apr 2020 00:35:32 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.6.40
ETag: "3a92-5a2e4e93da218"
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=96
Content-Length: 14994

GET
H/1.1 200
OK icon3.png
chpromotion.com/a/a87/images/ 21 KB
21 KB 31ms
14ms Image
image/png 146.20.84.216
RACKSPACE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://chpromotion.com/a/a87/images/icon3.png
Requested by: Host: chpromotion.com
URL: https://chpromotion.com/a/a87/index.php?utm_source=spdlfm&utm_campaign=690430Rate&token=1265061381
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 146.20.84.216 , United States, ASN27357 (RACKSPACE, US),
Reverse DNS
Software: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.6.40 /
Resource Hash: f30bf2284e7872587d6aa890cc2611f01e4be6a2fcfdc0003d63c6fa137745c7

Request headers

accept-language: en-US,en;q=0.9
Referer: https://mail.google.com/mail/u/0/#spam/WhctKKXXHvzjSctLbMzQxKlcSFjJHwljWccPgCLgfNWLXNDCpcpNwZSMhglWkTRhxWRXtRB
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:90.0) Gecko/20100101 Firefox/90.0

Response headers

Date: Mon, 23 May 2022 18:21:57 GMT
Last-Modified: Fri, 10 Apr 2020 00:35:33 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.6.40
ETag: "5233-5a2e4e93ef9d8"
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=95
Content-Length: 21043

GET
H/1.1 200
OK repair_b.png
chpromotion.com/a/a87/images/ 28 KB
28 KB 30ms
13ms Image
image/png 146.20.84.216
RACKSPACE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://chpromotion.com/a/a87/images/repair_b.png
Requested by: Host: chpromotion.com
URL: https://chpromotion.com/a/a87/index.php?utm_source=spdlfm&utm_campaign=690430Rate&token=1265061381
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 146.20.84.216 , United States, ASN27357 (RACKSPACE, US),
Reverse DNS
Software: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.6.40 /
Resource Hash: 342f64eee8020ed8ccd8c957c7c3442acc3fd585a200470edfcd199549a1eae9

Request headers

accept-language: en-US,en;q=0.9
Referer: https://mail.google.com/mail/u/0/#spam/WhctKKXXHvzjSctLbMzQxKlcSFjJHwljWccPgCLgfNWLXNDCpcpNwZSMhglWkTRhxWRXtRB
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:90.0) Gecko/20100101 Firefox/90.0

Response headers

Date: Mon, 23 May 2022 18:21:57 GMT
Last-Modified: Thu, 05 Apr 2018 19:01:34 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.6.40
ETag: "6e3f-5691e9182b651"
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=95
Content-Length: 28223

GET
H/1.1 200
OK replace_b.png
chpromotion.com/a/a87/images/ 145 KB
145 KB 17ms
14ms Image
image/png 146.20.84.216
RACKSPACE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://chpromotion.com/a/a87/images/replace_b.png
Requested by: Host: chpromotion.com
URL: https://chpromotion.com/a/a87/index.php?utm_source=spdlfm&utm_campaign=690430Rate&token=1265061381
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 146.20.84.216 , United States, ASN27357 (RACKSPACE, US),
Reverse DNS
Software: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.6.40 /
Resource Hash: 81a3487cf49a66c946a642f19c8f0a0d0484c49958d22f13d803f148f635039d

Request headers

accept-language: en-US,en;q=0.9
Referer: https://mail.google.com/mail/u/0/#spam/WhctKKXXHvzjSctLbMzQxKlcSFjJHwljWccPgCLgfNWLXNDCpcpNwZSMhglWkTRhxWRXtRB
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:90.0) Gecko/20100101 Firefox/90.0

Response headers

Date: Mon, 23 May 2022 18:21:57 GMT
Last-Modified: Thu, 05 Apr 2018 19:01:34 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.6.40
ETag: "243ad-5691e91836a02"
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=54
Content-Length: 148397

GET
H/1.1 200
OK 24_b.png
chpromotion.com/a/a87/images/ 30 KB
30 KB 20ms
14ms Image
image/png 146.20.84.216
RACKSPACE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://chpromotion.com/a/a87/images/24_b.png
Requested by: Host: chpromotion.com
URL: https://chpromotion.com/a/a87/index.php?utm_source=spdlfm&utm_campaign=690430Rate&token=1265061381
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 146.20.84.216 , United States, ASN27357 (RACKSPACE, US),
Reverse DNS
Software: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.6.40 /
Resource Hash: 55b90523aabe14478d4e85de11038ffe927f92a520b2ff59907f5a6755f0df8f

Request headers

accept-language: en-US,en;q=0.9
Referer: https://mail.google.com/mail/u/0/#spam/WhctKKXXHvzjSctLbMzQxKlcSFjJHwljWccPgCLgfNWLXNDCpcpNwZSMhglWkTRhxWRXtRB
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:90.0) Gecko/20100101 Firefox/90.0

Response headers

Date: Mon, 23 May 2022 18:21:57 GMT
Last-Modified: Thu, 05 Apr 2018 19:01:34 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.6.40
ETag: "78c2-5691e9178a425"
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=94
Content-Length: 30914

GET
H/1.1 200
OK jquery.validate.js Show response
chpromotion.com/a/a87/ 38 KB
39 KB 15ms
15ms Script
application/javascript 146.20.84.216
RACKSPACE

General

Check archive.org

Show headers Download Go to

Full URL: https://chpromotion.com/a/a87/jquery.validate.js
Requested by: Host: chpromotion.com
URL: https://chpromotion.com/a/a87/index.php?utm_source=spdlfm&utm_campaign=690430Rate&token=1265061381
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 146.20.84.216 , United States, ASN27357 (RACKSPACE, US),
Reverse DNS
Software: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.6.40 /
Resource Hash: 93f6ce56be9b5d1cc8f0462801eebf1f4612ed1c5e9e0a389072c7b3fabee5b7

Request headers

accept-language: en-US,en;q=0.9
Referer: https://mail.google.com/mail/u/0/#spam/WhctKKXXHvzjSctLbMzQxKlcSFjJHwljWccPgCLgfNWLXNDCpcpNwZSMhglWkTRhxWRXtRB
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:90.0) Gecko/20100101 Firefox/90.0

Response headers

Date: Mon, 23 May 2022 18:21:57 GMT
Last-Modified: Mon, 02 Apr 2018 18:07:59 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.6.40
ETag: "999b-568e178501dc0"
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=97
Content-Length: 39323

GET
H2 200 conversion.js Show response
www.googleadservices.com/pagead/ 43 KB
17 KB 79ms
56ms Script
text/javascript 142.250.64.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion.js

Requested by

Host: chpromotion.com
URL: https://chpromotion.com/a/a87/index.php?utm_source=spdlfm&utm_campaign=690430Rate&token=1265061381

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.64.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s30-in-f2.1e100.net

Software

cafe /

Resource Hash

f9e67f3474ec0a002f4aebf1ea2b7e97d23e4c60f7266283b78a17483d0fa8c3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://mail.google.com/mail/u/0/#spam/WhctKKXXHvzjSctLbMzQxKlcSFjJHwljWccPgCLgfNWLXNDCpcpNwZSMhglWkTRhxWRXtRB
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:90.0) Gecko/20100101 Firefox/90.0

Response headers

date: Mon, 23 May 2022 18:21:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16860
x-xss-protection: 0
server: cafe
etag: 9149805066609370068
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Mon, 23 May 2022 18:21:57 GMT

GET
H2 200 D24328ECFA2D48.js Show response
cdn.datasteam.io/js/ 66 KB
22 KB 48ms
6ms Script
application/x-javascript 52.85.61.98
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.datasteam.io/js/D24328ECFA2D48.js
Requested by: Host: chpromotion.com
URL: https://chpromotion.com/a/a87/index.php?utm_source=spdlfm&utm_campaign=690430Rate&token=1265061381
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.85.61.98 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-85-61-98.ewr53.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 28b08132faf772ccb6b98ecfb02a099582c5823b27e13c5c663e0142de89d634

Request headers

accept-language: en-US,en;q=0.9
Referer: https://mail.google.com/mail/u/0/#spam/WhctKKXXHvzjSctLbMzQxKlcSFjJHwljWccPgCLgfNWLXNDCpcpNwZSMhglWkTRhxWRXtRB
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:90.0) Gecko/20100101 Firefox/90.0

Response headers

date: Sun, 22 May 2022 22:32:21 GMT
content-encoding: gzip
last-modified: Thu, 20 Jan 2022 21:45:54 GMT
server: AmazonS3
age: 71377
etag: W/"d89d22e28d4dcdcffb56f904f07766fa"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/x-javascript
via: 1.1 19e58616339f974c22a3a07f8f637718.cloudfront.net (CloudFront)
cache-control: max-age=600,s-maxage=86400
x-amz-cf-pop: EWR53-P1
x-amz-cf-id: S4p4nXIM0Ax4woxpwMJUnL-w2cOjDMAmO1bJvCkJCQZydENzs31vEA==

GET
H/1.1 200
OK up_loader.1.1.0.js Show response
js.adsrvr.org/ 4 KB
2 KB 22ms
6ms Script
application/x-javascript 52.85.136.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://js.adsrvr.org/up_loader.1.1.0.js
Requested by: Host: chpromotion.com
URL: https://chpromotion.com/a/a87/index.php?utm_source=spdlfm&utm_campaign=690430Rate&token=1265061381
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 52.85.136.118 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-85-136-118.ewr53.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: ee3a7301fe1e0c0f6bf6acff0d7a8d107f5cb3f62a2566740c0416d8e61f00b9

Request headers

accept-language: en-US,en;q=0.9
Referer: https://mail.google.com/mail/u/0/#spam/WhctKKXXHvzjSctLbMzQxKlcSFjJHwljWccPgCLgfNWLXNDCpcpNwZSMhglWkTRhxWRXtRB
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:90.0) Gecko/20100101 Firefox/90.0

Response headers

Date: Mon, 23 May 2022 00:40:51 GMT
Content-Encoding: gzip
Last-Modified: Thu, 24 Sep 2020 15:15:34 GMT
Server: AmazonS3
Age: 63667
ETag: W/"98d98b3499058b76d58073cf8ede2f10"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Content-Type: application/x-javascript
Via: 1.1 b8d8693cc4ac05b6a9cebe2651a2c8b8.cloudfront.net (CloudFront)
Connection: keep-alive
Transfer-Encoding: chunked
X-Amz-Cf-Pop: EWR53-P1
X-Amz-Cf-Id: 9_gcbPiZlbDsARisgAeW8cva0HwPuUplWieja3RkLcOIs0rHxBdKVA==

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 44ms
3ms Script
text/javascript 2607:f8b0:4006:817::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-6898183-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:817::200e Staten Island, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://mail.google.com/mail/u/0/#spam/WhctKKXXHvzjSctLbMzQxKlcSFjJHwljWccPgCLgfNWLXNDCpcpNwZSMhglWkTRhxWRXtRB
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:90.0) Gecko/20100101 Firefox/90.0

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 13 Apr 2022 21:02:38 GMT
server: Golfe2
age: 5883
date: Mon, 23 May 2022 16:43:54 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Mon, 23 May 2022 18:43:54 GMT

GET
H2 200 conversion_async.js Show response
www.google.com/pagead/ 39 KB
15 KB 61ms
31ms Script
text/javascript 2607:f8b0:4006:81c::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/pagead/conversion_async.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-1038983633

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81c::2004 Staten Island, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5b9d29659c696ec7851223b2443432b062936dce25c3676114cf6122e226fdca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://mail.google.com/mail/u/0/#spam/WhctKKXXHvzjSctLbMzQxKlcSFjJHwljWccPgCLgfNWLXNDCpcpNwZSMhglWkTRhxWRXtRB
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:90.0) Gecko/20100101 Firefox/90.0

Response headers

date: Mon, 23 May 2022 18:21:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14850
x-xss-protection: 0
server: cafe
etag: 17314558370413635497
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Mon, 23 May 2022 18:21:57 GMT

GET
H/1.1 200
OK promo_header.png
chpromotion.com/a/a87/images/ 18 KB
18 KB 21ms
15ms Image
image/png 146.20.84.216
RACKSPACE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://chpromotion.com/a/a87/images/promo_header.png
Requested by: Host: chpromotion.com
URL: https://chpromotion.com/a/a87/index.php?utm_source=spdlfm&utm_campaign=690430Rate&token=1265061381
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 146.20.84.216 , United States, ASN27357 (RACKSPACE, US),
Reverse DNS
Software: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.6.40 /
Resource Hash: f48f72962227d5462b26af6047aa112b3640126b6d1c49c72d672d315189100c

Request headers

accept-language: en-US,en;q=0.9
Referer: https://mail.google.com/mail/u/0/#spam/WhctKKXXHvzjSctLbMzQxKlcSFjJHwljWccPgCLgfNWLXNDCpcpNwZSMhglWkTRhxWRXtRB
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:90.0) Gecko/20100101 Firefox/90.0

Response headers

Date: Mon, 23 May 2022 18:21:57 GMT
Last-Modified: Tue, 10 May 2022 17:26:48 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.6.40
ETag: "4877-5deaba12913db"
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=94
Content-Length: 18551

GET
H/1.1 200
OK bg2.jpg
chpromotion.com/a/a87/images/ 1 MB
1 MB 24ms
15ms Image
image/jpeg 146.20.84.216
RACKSPACE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://chpromotion.com/a/a87/images/bg2.jpg
Requested by: Host: chpromotion.com
URL: https://chpromotion.com/a/a87/index.php?utm_source=spdlfm&utm_campaign=690430Rate&token=1265061381
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 146.20.84.216 , United States, ASN27357 (RACKSPACE, US),
Reverse DNS
Software: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.6.40 /
Resource Hash: 56bd13291e337ee24a5d6120a2d69b291a03ff19253f5b68e52f383fc3f94196

Request headers

accept-language: en-US,en;q=0.9
Referer: https://mail.google.com/mail/u/0/#spam/WhctKKXXHvzjSctLbMzQxKlcSFjJHwljWccPgCLgfNWLXNDCpcpNwZSMhglWkTRhxWRXtRB
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:90.0) Gecko/20100101 Firefox/90.0

Response headers

Date: Mon, 23 May 2022 18:21:57 GMT
Last-Modified: Wed, 30 Jun 2021 15:54:37 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.6.40
ETag: "179392-5c5fdbd51c239"
Content-Type: image/jpeg
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=93
Content-Length: 1545106

GET
H/1.1 200
OK fam.png
chpromotion.com/a/a87/images/ 166 KB
166 KB 22ms
13ms Image
image/png 146.20.84.216
RACKSPACE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://chpromotion.com/a/a87/images/fam.png
Requested by: Host: chpromotion.com
URL: https://chpromotion.com/a/a87/index.php?utm_source=spdlfm&utm_campaign=690430Rate&token=1265061381
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 146.20.84.216 , United States, ASN27357 (RACKSPACE, US),
Reverse DNS
Software: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.6.40 /
Resource Hash: f3ba765abecf7206d73b8a9df910a3447c542b54008bd11c69e87b698da4bc9f

Request headers

accept-language: en-US,en;q=0.9
Referer: https://mail.google.com/mail/u/0/#spam/WhctKKXXHvzjSctLbMzQxKlcSFjJHwljWccPgCLgfNWLXNDCpcpNwZSMhglWkTRhxWRXtRB
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:90.0) Gecko/20100101 Firefox/90.0

Response headers

Date: Mon, 23 May 2022 18:21:57 GMT
Last-Modified: Thu, 05 Apr 2018 19:01:34 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.6.40
ETag: "2968d-5691e917cab6a"
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=53
Content-Length: 169613

GET
H2 200 4iCv6KVjbNBYlgoCxCvjsGyN.woff2
fonts.gstatic.com/s/ubuntu/v20/ 29 KB
29 KB 30ms
11ms Font
font/woff2 2607:f8b0:4006:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/ubuntu/v20/4iCv6KVjbNBYlgoCxCvjsGyN.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Ubuntu:400,500,700,300

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80f::2003 Staten Island, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7c00752ce82d6abaed0b9766d35b906b16675facdbe24115b410d1fab975effa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://mail.google.com/mail/u/0/#spam/WhctKKXXHvzjSctLbMzQxKlcSFjJHwljWccPgCLgfNWLXNDCpcpNwZSMhglWkTRhxWRXtRB
Origin: https://chpromotion.com
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:90.0) Gecko/20100101 Firefox/90.0

Response headers

date: Tue, 17 May 2022 08:26:03 GMT
x-content-type-options: nosniff
age: 554154
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29752
x-xss-protection: 0
last-modified: Wed, 27 Apr 2022 17:05:11 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 17 May 2023 08:26:03 GMT

GET
H2 200 4iCs6KVjbNBYlgoKfw72.woff2
fonts.gstatic.com/s/ubuntu/v20/ 34 KB
35 KB 25ms
6ms Font
font/woff2 2607:f8b0:4006:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/ubuntu/v20/4iCs6KVjbNBYlgoKfw72.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Ubuntu:400,500,700,300

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80f::2003 Staten Island, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7f653b3ce9d3277457fc6da4edb246ae2f6c913f088c42dcb8cd2e96267aa21a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://mail.google.com/mail/u/0/#spam/WhctKKXXHvzjSctLbMzQxKlcSFjJHwljWccPgCLgfNWLXNDCpcpNwZSMhglWkTRhxWRXtRB
Origin: https://chpromotion.com
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:90.0) Gecko/20100101 Firefox/90.0

Response headers

date: Tue, 17 May 2022 04:14:16 GMT
x-content-type-options: nosniff
age: 569261
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 34852
x-xss-protection: 0
last-modified: Wed, 27 Apr 2022 16:31:23 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 17 May 2023 04:14:16 GMT

GET
H/1.1 200
OK fontawesome-webfont.woff
chpromotion.com/a/a87/bootstrap/fonts/ 43 KB
44 KB 21ms
14ms Font
font/woff 146.20.84.216
RACKSPACE

General

Check archive.org

Show headers Download Go to

Full URL: https://chpromotion.com/a/a87/bootstrap/fonts/fontawesome-webfont.woff?v=4.0.1
Requested by: Host: chpromotion.com
URL: https://chpromotion.com/a/a87/bootstrap/css/font-awesome.css
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 146.20.84.216 , United States, ASN27357 (RACKSPACE, US),
Reverse DNS
Software: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.6.40 /
Resource Hash: c151a7e68aedc7bd4d84cb2096e92ee2f055c16be01c2ba027acd38b6cc9d52a

Request headers

Referer: https://mail.google.com/mail/u/0/#spam/WhctKKXXHvzjSctLbMzQxKlcSFjJHwljWccPgCLgfNWLXNDCpcpNwZSMhglWkTRhxWRXtRB
Origin: https://chpromotion.com
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:90.0) Gecko/20100101 Firefox/90.0

Response headers

Date: Mon, 23 May 2022 18:21:57 GMT
Last-Modified: Thu, 05 Apr 2018 19:01:39 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.6.40
ETag: "adbc-5691e91c950dd"
Content-Type: font/woff
Cache-Control: max-age=31536000
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=55
Content-Length: 44476
Expires: Tue, 23 May 2023 18:21:57 GMT

GET
H/1.1 200
OK espn.png
chpromotion.com/a/a87/images/ 17 KB
18 KB 16ms
14ms Image
image/png 146.20.84.216
RACKSPACE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://chpromotion.com/a/a87/images/espn.png
Requested by: Host: chpromotion.com
URL: https://chpromotion.com/a/a87/index.php?utm_source=spdlfm&utm_campaign=690430Rate&token=1265061381
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 146.20.84.216 , United States, ASN27357 (RACKSPACE, US),
Reverse DNS
Software: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.6.40 /
Resource Hash: 90dc1edaca43e2e886e6e556485fa4f2d9bbb86193f9d8d6b3b1b5b087bb140c

Request headers

accept-language: en-US,en;q=0.9
Referer: https://mail.google.com/mail/u/0/#spam/WhctKKXXHvzjSctLbMzQxKlcSFjJHwljWccPgCLgfNWLXNDCpcpNwZSMhglWkTRhxWRXtRB
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:90.0) Gecko/20100101 Firefox/90.0

Response headers

Date: Mon, 23 May 2022 18:21:57 GMT
Last-Modified: Wed, 30 Jun 2021 15:54:37 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.6.40
ETag: "4586-5c5fdbd59ec11"
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=93
Content-Length: 17798

GET
H/1.1 200
OK fox.png
chpromotion.com/a/a87/images/ 18 KB
19 KB 18ms
16ms Image
image/png 146.20.84.216
RACKSPACE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://chpromotion.com/a/a87/images/fox.png
Requested by: Host: chpromotion.com
URL: https://chpromotion.com/a/a87/index.php?utm_source=spdlfm&utm_campaign=690430Rate&token=1265061381
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 146.20.84.216 , United States, ASN27357 (RACKSPACE, US),
Reverse DNS
Software: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.6.40 /
Resource Hash: d3573cda52041247cfe2bec3dd48b363196a581a5aa0686f6cd74a5f96bb090f

Request headers

accept-language: en-US,en;q=0.9
Referer: https://mail.google.com/mail/u/0/#spam/WhctKKXXHvzjSctLbMzQxKlcSFjJHwljWccPgCLgfNWLXNDCpcpNwZSMhglWkTRhxWRXtRB
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:90.0) Gecko/20100101 Firefox/90.0

Response headers

Date: Mon, 23 May 2022 18:21:57 GMT
Last-Modified: Wed, 30 Jun 2021 15:54:37 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.6.40
ETag: "49cc-5c5fdbd5ae9f9"
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=52
Content-Length: 18892

GET
H/1.1 200
OK tvland.png
chpromotion.com/a/a87/images/ 18 KB
18 KB 16ms
15ms Image
image/png 146.20.84.216
RACKSPACE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://chpromotion.com/a/a87/images/tvland.png
Requested by: Host: chpromotion.com
URL: https://chpromotion.com/a/a87/index.php?utm_source=spdlfm&utm_campaign=690430Rate&token=1265061381
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 146.20.84.216 , United States, ASN27357 (RACKSPACE, US),
Reverse DNS
Software: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.6.40 /
Resource Hash: 10bef3f85822237893d33ac7eed079f59191bf1457d08309401afc43a1902d50

Request headers

accept-language: en-US,en;q=0.9
Referer: https://mail.google.com/mail/u/0/#spam/WhctKKXXHvzjSctLbMzQxKlcSFjJHwljWccPgCLgfNWLXNDCpcpNwZSMhglWkTRhxWRXtRB
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:90.0) Gecko/20100101 Firefox/90.0

Response headers

Date: Mon, 23 May 2022 18:21:57 GMT
Last-Modified: Wed, 30 Jun 2021 15:54:37 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.6.40
ETag: "47a3-5c5fdbd5cddf9"
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=92
Content-Length: 18339

GET
H/1.1 200
OK lifetime.png
chpromotion.com/a/a87/images/ 16 KB
17 KB 21ms
13ms Image
image/png 146.20.84.216
RACKSPACE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://chpromotion.com/a/a87/images/lifetime.png
Requested by: Host: chpromotion.com
URL: https://chpromotion.com/a/a87/index.php?utm_source=spdlfm&utm_campaign=690430Rate&token=1265061381
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 146.20.84.216 , United States, ASN27357 (RACKSPACE, US),
Reverse DNS
Software: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.6.40 /
Resource Hash: 6d97fccd01135ed97a465ce2d65e3d5993c7b240b06a7638b3fec90424f6252a

Request headers

accept-language: en-US,en;q=0.9
Referer: https://mail.google.com/mail/u/0/#spam/WhctKKXXHvzjSctLbMzQxKlcSFjJHwljWccPgCLgfNWLXNDCpcpNwZSMhglWkTRhxWRXtRB
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:90.0) Gecko/20100101 Firefox/90.0

Response headers

Date: Mon, 23 May 2022 18:21:57 GMT
Last-Modified: Wed, 30 Jun 2021 15:54:37 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.6.40
ETag: "41bd-5c5fdbd5be7e1"
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=91
Content-Length: 16829

GET
H/1.1 200
OK universalhd.png
chpromotion.com/a/a87/images/ 18 KB
19 KB 17ms
13ms Image
image/png 146.20.84.216
RACKSPACE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://chpromotion.com/a/a87/images/universalhd.png
Requested by: Host: chpromotion.com
URL: https://chpromotion.com/a/a87/index.php?utm_source=spdlfm&utm_campaign=690430Rate&token=1265061381
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 146.20.84.216 , United States, ASN27357 (RACKSPACE, US),
Reverse DNS
Software: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.6.40 /
Resource Hash: ec286d9204d650f3688680ab7df9b05406c4baddb997cf762d2fedd7b5084365

Request headers

accept-language: en-US,en;q=0.9
Referer: https://mail.google.com/mail/u/0/#spam/WhctKKXXHvzjSctLbMzQxKlcSFjJHwljWccPgCLgfNWLXNDCpcpNwZSMhglWkTRhxWRXtRB
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:90.0) Gecko/20100101 Firefox/90.0

Response headers

Date: Mon, 23 May 2022 18:21:57 GMT
Last-Modified: Wed, 30 Jun 2021 15:54:38 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.6.40
ETag: "49b3-5c5fdbd5df351"
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=51
Content-Length: 18867

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/1038983633/ 2 KB
2 KB 49ms
29ms Script
text/javascript 2607:f8b0:4006:816::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1038983633/?random=1653330117607&cv=9&fst=1653330117607&num=1&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fchpromotion.com%2Fa%2Fa87%2Findex.php%3Futm_source%3Dspdlfm%26utm_campaign%3D690430Rate%26token%3D1265061381&ref=https%3A%2F%2Freliefgiveaway.com%2F&tiba=Choice%20Home%20Warranty&hn=www.googleadservices.com&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:816::2002 Staten Island, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

970bcddca2dbc2f985da2a8cc8b5a5e2a475bf09c5e6ae9489924fbd890c7b05

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://mail.google.com/mail/u/0/#spam/WhctKKXXHvzjSctLbMzQxKlcSFjJHwljWccPgCLgfNWLXNDCpcpNwZSMhglWkTRhxWRXtRB
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:90.0) Gecko/20100101 Firefox/90.0

Response headers

pragma: no-cache
date: Mon, 23 May 2022 18:21:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1051
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
www.google-analytics.com/j/ 2 B
206 B 20ms
19ms XHR
text/plain 2607:f8b0:4006:817::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j96&a=390998508&t=pageview&_s=1&dl=https%3A%2F%2Fchpromotion.com%2Fa%2Fa87%2Findex.php%3Futm_source%3Dspdlfm%26utm_campaign%3D690430Rate%26token%3D1265061381&dr=https%3A%2F%2Freliefgiveaway.com%2F&ul=en-us&de=UTF-8&dt=Choice%20Home%20Warranty&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAUABAAAAAC~&jid=1959698837&gjid=1898714916&cid=1246858029.1653330118&tid=UA-6898183-1&_gid=722949797.1653330118&_r=1&gtm=2ou5b0&z=1017209632

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:817::200e Staten Island, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://mail.google.com/mail/u/0/#spam/WhctKKXXHvzjSctLbMzQxKlcSFjJHwljWccPgCLgfNWLXNDCpcpNwZSMhglWkTRhxWRXtRB
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:90.0) Gecko/20100101 Firefox/90.0
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 23 May 2022 18:21:57 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://chpromotion.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga.js Show response
ssl.google-analytics.com/ 45 KB
17 KB 27ms
5ms Script
text/javascript 2607:f8b0:4006:808::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ssl.google-analytics.com/ga.js

Requested by

Host: chpromotion.com
URL: https://chpromotion.com/a/a87/index.php?utm_source=spdlfm&utm_campaign=690430Rate&token=1265061381

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:808::2008 Staten Island, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://mail.google.com/mail/u/0/#spam/WhctKKXXHvzjSctLbMzQxKlcSFjJHwljWccPgCLgfNWLXNDCpcpNwZSMhglWkTRhxWRXtRB
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:90.0) Gecko/20100101 Firefox/90.0
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 13 Apr 2022 21:02:38 GMT
server: Golfe2
age: 6447
date: Mon, 23 May 2022 16:34:30 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17168
expires: Mon, 23 May 2022 18:34:30 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/1038983633/ 2 KB
1 KB 29ms
28ms Script
text/javascript 2607:f8b0:4006:816::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1038983633/?random=1653330117660&cv=9&fst=1653330117660&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&eid=376635471&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa5b0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fchpromotion.com%2Fa%2Fa87%2Findex.php%3Futm_source%3Dspdlfm%26utm_campaign%3D690430Rate%26token%3D1265061381&ref=https%3A%2F%2Freliefgiveaway.com%2F&tiba=Choice%20Home%20Warranty&hn=www.google.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.google.com
URL: https://www.google.com/pagead/conversion_async.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:816::2002 Staten Island, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d3f142b7489acd6e7edbf1ebee7c225919ce5195aa3417dbd7addf0b5fc1efe4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://mail.google.com/mail/u/0/#spam/WhctKKXXHvzjSctLbMzQxKlcSFjJHwljWccPgCLgfNWLXNDCpcpNwZSMhglWkTRhxWRXtRB
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:90.0) Gecko/20100101 Firefox/90.0

Response headers

pragma: no-cache
date: Mon, 23 May 2022 18:21:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1101
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.com/pagead/1p-user-list/1038983633/ 42 B
64 B 39ms
25ms Image
image/gif 2607:f8b0:4006:81c::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/1038983633/?random=1653330117607&cv=9&fst=1653328800000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&sendb=1&frm=0&url=https%3A%2F%2Fchpromotion.com%2Fa%2Fa87%2Findex.php%3Futm_source%3Dspdlfm%26utm_campaign%3D690430Rate%26token%3D1265061381&ref=https%3A%2F%2Freliefgiveaway.com%2F&tiba=Choice%20Home%20Warranty&fmt=3&is_vtc=1&random=962833174&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: chpromotion.com
URL: https://chpromotion.com/a/a87/index.php?utm_source=spdlfm&utm_campaign=690430Rate&token=1265061381

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81c::2004 Staten Island, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://mail.google.com/mail/u/0/#spam/WhctKKXXHvzjSctLbMzQxKlcSFjJHwljWccPgCLgfNWLXNDCpcpNwZSMhglWkTRhxWRXtRB
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:90.0) Gecko/20100101 Firefox/90.0

Response headers

pragma: no-cache
date: Mon, 23 May 2022 18:21:57 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 2 B
439 B 46ms
19ms XHR
text/plain 2607:f8b0:4004:c06::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-6898183-1&cid=1246858029.1653330118&jid=1959698837&gjid=1898714916&_gid=722949797.1653330118&_u=YEBAAUAAAAAAAC~&z=6076427

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c06::9b Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6068f86ff5e6d3a3e100e95fd0ab03a5fb9ebfca9386b2c0ee131361a62526c2

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://mail.google.com/mail/u/0/#spam/WhctKKXXHvzjSctLbMzQxKlcSFjJHwljWccPgCLgfNWLXNDCpcpNwZSMhglWkTRhxWRXtRB
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:90.0) Gecko/20100101 Firefox/90.0
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Mon, 23 May 2022 18:21:57 GMT
content-type: text/plain
access-control-allow-origin: https://chpromotion.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

ga-audiences
www.google.com/ads/
Redirect Chain

https://ssl.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=1&utmn=76703642&utmhn=chpromotion.com&utmcs=UTF-8&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=Choice...
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-6898183-1&cid=1246858029.1653330118&jid=282085501&_v=5.7.2&z=76703642
https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-6898183-1&cid=1246858029.1653330118&jid=282085501&_v=5.7.2&z=76703642

42 B
63 B

30ms
30ms

Image
image/gif

2607:f8b0:4006:81c::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-6898183-1&cid=1246858029.1653330118&jid=282085501&_v=5.7.2&z=76703642

Requested by

Host: chpromotion.com
URL: https://chpromotion.com/a/a87/index.php?utm_source=spdlfm&utm_campaign=690430Rate&token=1265061381

Protocol

Server

2607:f8b0:4006:81c::2004 Staten Island, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://mail.google.com/mail/u/0/#spam/WhctKKXXHvzjSctLbMzQxKlcSFjJHwljWccPgCLgfNWLXNDCpcpNwZSMhglWkTRhxWRXtRB
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:90.0) Gecko/20100101 Firefox/90.0

Response headers

pragma: no-cache
date: Mon, 23 May 2022 18:21:57 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Mon, 23 May 2022 18:21:57 GMT
location: https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-6898183-1&cid=1246858029.1653330118&jid=282085501&_v=5.7.2&z=76703642
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 365
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 99 KB
27 KB 18ms
4ms Script
application/x-javascript 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: chpromotion.com
URL: https://chpromotion.com/a/a87/index.php?utm_source=spdlfm&utm_campaign=690430Rate&token=1265061381

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

acbe6770b0fc8b621a9d4f7068b241fb403fe999ea33270931ee59ec4cfdf3f1

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://mail.google.com/mail/u/0/#spam/WhctKKXXHvzjSctLbMzQxKlcSFjJHwljWccPgCLgfNWLXNDCpcpNwZSMhglWkTRhxWRXtRB
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:90.0) Gecko/20100101 Firefox/90.0

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding: gzip
x-content-type-options: nosniff
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length: 26310
x-xss-protection: 0
pragma: public
x-fb-debug: qR5yPd/hOZgekeKLAsDBQGO0iqvtUB+B/tEQpFvWnPC07U6CCSvaHxoFX+53F667HDIgtITIMTq2e8sTnFbRPw==
x-fb-trip-id: 1512268381
x-frame-options: DENY
date: Mon, 23 May 2022 18:21:57 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 bat.js Show response
bat.bing.com/ 38 KB
12 KB 47ms
22ms Script
application/javascript 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/bat.js

Requested by

Host: chpromotion.com
URL: https://chpromotion.com/a/a87/index.php?utm_source=spdlfm&utm_campaign=690430Rate&token=1265061381

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

8540c5e2d2e85cc6c5d46b1b06b7f6642dce39e0314299a08976cfe6053c7c52

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: en-US,en;q=0.9
Referer: https://mail.google.com/mail/u/0/#spam/WhctKKXXHvzjSctLbMzQxKlcSFjJHwljWccPgCLgfNWLXNDCpcpNwZSMhglWkTRhxWRXtRB
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:90.0) Gecko/20100101 Firefox/90.0

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
last-modified: Wed, 09 Feb 2022 23:54:49 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 064F594395C649C0B433F1444401BB96 Ref B: EWR30EDGE1613 Ref C: 2022-05-23T18:21:57Z
etag: "806a236c101ed81:0"
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript
access-control-allow-origin: *
cache-control: private,max-age=1800
date: Mon, 23 May 2022 18:21:56 GMT
accept-ranges: bytes
content-length: 11333

GET
H/1.1 200
OK script.js Show response
cdn.listrakbi.com/scripts/ 70 KB
24 KB 58ms
16ms Script
text/javascript 99.84.43.9
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.listrakbi.com/scripts/script.js?m=3QgckfkNYGiq&v=1
Requested by: Host: chpromotion.com
URL: https://chpromotion.com/a/a87/index.php?utm_source=spdlfm&utm_campaign=690430Rate&token=1265061381
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 99.84.43.9 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-84-43-9.ewr52.r.cloudfront.net
Software: cloudflare / ASP.NET
Resource Hash: a870f4251ca8eac5e4015c340d7403488b20d47e12127b928b8c2e4420c5abd6

Request headers

accept-language: en-US,en;q=0.9
Referer: https://mail.google.com/mail/u/0/#spam/WhctKKXXHvzjSctLbMzQxKlcSFjJHwljWccPgCLgfNWLXNDCpcpNwZSMhglWkTRhxWRXtRB
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:90.0) Gecko/20100101 Firefox/90.0

Response headers

Date: Mon, 23 May 2022 18:18:32 GMT
Content-Encoding: gzip
CF-Cache-Status: DYNAMIC
X-AspNet-Version: 4.0.30319
Age: 227
X-Powered-By: ASP.NET
X-Cache: Hit from cloudfront
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa TAIa OUR BUS IND PHY ONL UNI COM NAV INT DEM CNT PRE LOC"
Connection: keep-alive
Content-Length: 23225
Last-Modified: Mon, 23 May 2022 16:03:29 GMT
Server: cloudflare
X-ltk: 5/23/2022 1:58:07 PM
ETag: "obEGWa5nrmQDI46DBz5pGA=="
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary: Accept-encoding
Content-Type: text/javascript; charset=utf-8
Via: 1.1 b4f17bdba953bc99ed49dfb95ccb934c.cloudfront.net (CloudFront)
Cache-Control: public, no-transform, max-age=3600, s-maxage=600
X-Amz-Cf-Pop: EWR52-C4
Accept-Ranges: bytes
CF-RAY: 70ffad890bcb7ffa-IAD
X-Amz-Cf-Id: HpjrSd5nVBKhM2_ljW4_-yreeq6Pi7OxMHIXeUkQdSrpCeGLSvfSmA==
Expires: Mon, 23 May 2022 19:18:10 GMT

GET
H2

200

widget_async.js Show response
d3rr3d0n31t48m.cloudfront.net/widget/
Redirect Chain

https://shop.pe/widget/widget_async.js
https://d3rr3d0n31t48m.cloudfront.net/widget/widget_async.js

2 KB
1 KB

52ms
11ms

Script
application/javascript

18.67.76.108
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d3rr3d0n31t48m.cloudfront.net/widget/widget_async.js
Requested by: Host: chpromotion.com
URL: https://chpromotion.com/a/a87/index.php?utm_source=spdlfm&utm_campaign=690430Rate&token=1265061381
Protocol: H2
Server: 18.67.76.108 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-67-76-108.iad89.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 38592f817b8253b51a6d5af2e13899c300fe3f63b2ff48c232b69a5f266a5bab

Request headers

accept-language: en-US,en;q=0.9
Referer: https://mail.google.com/mail/u/0/#spam/WhctKKXXHvzjSctLbMzQxKlcSFjJHwljWccPgCLgfNWLXNDCpcpNwZSMhglWkTRhxWRXtRB
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:90.0) Gecko/20100101 Firefox/90.0

Response headers

date: Mon, 23 May 2022 18:00:25 GMT
content-encoding: gzip
last-modified: Thu, 05 May 2022 13:39:27 GMT
server: AmazonS3
age: 1293
etag: "7bf07d993b056288a6f4427d012f17ed"
x-cache: Hit from cloudfront
content-type: application/javascript; charset=utf-8
via: 1.1 624a1750702d82319b25f17c35c73d04.cloudfront.net (CloudFront)
cache-control: max-age=3600, public
x-amz-cf-pop: IAD89-P2
accept-ranges: bytes
content-length: 920
x-amz-cf-id: S-JbuHlcpxra5k1p7OfKI1z_jhEoVhauDza0yraYqvCA50MiWDM5QA==
x-amz-meta-mtime: 1651757965.48

Redirect headers

content-security-policy: frame-ancestors none;
via: 1.1 google
referrer-policy: no-referrer-when-downgrade
server: nginx
date: Mon, 23 May 2022 18:21:57 GMT
x-frame-options: deny
content-type: text/html
location: https://d3rr3d0n31t48m.cloudfront.net/widget/widget_async.js
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 178

GET
H/1.1

200
OK

iu3 Show response
s.amazon-adsystem.com/ Frame 9C02
Redirect Chain

https://s.amazon-adsystem.com/iu3?d=generic&ex-fargs=%3Fid%3D3b289a46-9b76-58a9-88f0-c89b1606534d%26type%3D82%26m%3D1&ex-fch=416613&ex-src=https://www.choicehomewarranty.com/&ex-hargs=v%3D1.0%3Bc%3...
https://s.amazon-adsystem.com/iu3?d=generic&ex-fargs=%3Fid%3D3b289a46-9b76-58a9-88f0-c89b1606534d%26type%3D82%26m%3D1&ex-fch=416613&ex-src=https://www.choicehomewarranty.com/&ex-hargs=v%3D1.0%3Bc%3...

883 B
2 KB

35ms
35ms

Document
text/html

52.46.154.242
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://s.amazon-adsystem.com/iu3?d=generic&ex-fargs=%3Fid%3D3b289a46-9b76-58a9-88f0-c89b1606534d%26type%3D82%26m%3D1&ex-fch=416613&ex-src=https://www.choicehomewarranty.com/&ex-hargs=v%3D1.0%3Bc%3D6293635390601%3Bp%3D3B289A46-9B76-58A9-88F0-C89B1606534D&cb=578329293306815000&dcc=t

Requested by

Host: chpromotion.com
URL: https://chpromotion.com/a/a87/index.php?utm_source=spdlfm&utm_campaign=690430Rate&token=1265061381

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.46.154.242 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

2f1845bbfae329f2324f1e1488afd5546eea7973e543028a6a9c1da6634edad3

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Referer: https://chpromotion.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:90.0) Gecko/20100101 Firefox/90.0
accept-language: en-US,en;q=0.9
referer: https://mail.google.com/mail/u/0/#spam/WhctKKXXHvzjSctLbMzQxKlcSFjJHwljWccPgCLgfNWLXNDCpcpNwZSMhglWkTRhxWRXtRB

Response headers

Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 883
Content-Type: text/html;charset=ISO-8859-1
Date: Mon, 23 May 2022 18:21:57 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Permissions-Policy: interest-cohort=()
Pragma: no-cache
Server: Server
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
x-amz-rid: MKAYXGJJXY9VZ8G3DXZ0

Redirect headers

Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 0
Date: Mon, 23 May 2022 18:21:57 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Location: https://s.amazon-adsystem.com/iu3?d=generic&ex-fargs=%3Fid%3D3b289a46-9b76-58a9-88f0-c89b1606534d%26type%3D82%26m%3D1&ex-fch=416613&ex-src=https://www.choicehomewarranty.com/&ex-hargs=v%3D1.0%3Bc%3D6293635390601%3Bp%3D3B289A46-9B76-58A9-88F0-C89B1606534D&cb=578329293306815000&dcc=t
Permissions-Policy: interest-cohort=()
Pragma: no-cache
Server: Server
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
x-amz-rid: 6TQE8ECBAN2MZVHDW98H

GET
H3 200 ga-audiences
www.google.com/ads/ 42 B
63 B 31ms
30ms Image
image/gif 2607:f8b0:4006:81c::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-6898183-1&cid=1246858029.1653330118&jid=1959698837&_u=YEBAAUAAAAAAAC~&z=507930590

Requested by

Host: chpromotion.com
URL: https://chpromotion.com/a/a87/index.php?utm_source=spdlfm&utm_campaign=690430Rate&token=1265061381

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81c::2004 Staten Island, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://mail.google.com/mail/u/0/#spam/WhctKKXXHvzjSctLbMzQxKlcSFjJHwljWccPgCLgfNWLXNDCpcpNwZSMhglWkTRhxWRXtRB
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:90.0) Gecko/20100101 Firefox/90.0

Response headers

pragma: no-cache
date: Mon, 23 May 2022 18:21:57 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.com/pagead/1p-user-list/1038983633/ 42 B
64 B 23ms
23ms Image
image/gif 2607:f8b0:4006:81c::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/1038983633/?random=1653330117660&cv=9&fst=1653328800000&num=1&bg=ffffff&guid=ON&eid=376635471&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa5b0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fchpromotion.com%2Fa%2Fa87%2Findex.php%3Futm_source%3Dspdlfm%26utm_campaign%3D690430Rate%26token%3D1265061381&ref=https%3A%2F%2Freliefgiveaway.com%2F&tiba=Choice%20Home%20Warranty&async=1&fmt=3&is_vtc=1&random=578388639&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: chpromotion.com
URL: https://chpromotion.com/a/a87/index.php?utm_source=spdlfm&utm_campaign=690430Rate&token=1265061381

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81c::2004 Staten Island, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://mail.google.com/mail/u/0/#spam/WhctKKXXHvzjSctLbMzQxKlcSFjJHwljWccPgCLgfNWLXNDCpcpNwZSMhglWkTRhxWRXtRB
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:90.0) Gecko/20100101 Firefox/90.0

Response headers

pragma: no-cache
date: Mon, 23 May 2022 18:21:57 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 1374492936214348 Show response
connect.facebook.net/signals/config/ 39 KB
10 KB 59ms
53ms Script
application/x-javascript 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/1374492936214348?v=2.9.60&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

6a3e8569cdb67ea0a9b9d936f6abe68a0a2c70e893de739bcf7d0c85348c7793

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://mail.google.com/mail/u/0/#spam/WhctKKXXHvzjSctLbMzQxKlcSFjJHwljWccPgCLgfNWLXNDCpcpNwZSMhglWkTRhxWRXtRB
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:90.0) Gecko/20100101 Firefox/90.0

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding: gzip
x-content-type-options: nosniff
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
x-xss-protection: 0
pragma: public
x-fb-debug: qZdG26oqO2ESMPBfMVrGBRdfXSaAwiQaSTJYyu8g4yA47UmS7HTzBX30woNYTjlAu1FBrAaTknAd2M1Lwo0n1Q==
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Mon, 23 May 2022 18:21:57 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
x-content-cdn-origin-ts: 1653330117810
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 204 5223598.js Show response
bat.bing.com/p/action/ 0
120 B 144ms
144ms Script
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/p/action/5223598.js

Requested by

Host: bat.bing.com
URL: https://bat.bing.com/bat.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: en-US,en;q=0.9
Referer: https://mail.google.com/mail/u/0/#spam/WhctKKXXHvzjSctLbMzQxKlcSFjJHwljWccPgCLgfNWLXNDCpcpNwZSMhglWkTRhxWRXtRB
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:90.0) Gecko/20100101 Firefox/90.0

Response headers

access-control-allow-origin: *
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: private,max-age=1800
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: A44C85F7C80F452F855234249AAE85CC Ref B: EWR30EDGE1613 Ref C: 2022-05-23T18:21:57Z
date: Mon, 23 May 2022 18:21:57 GMT
x-cache: CONFIG_NOCACHE

GET
H2 204 0
bat.bing.com/action/ 0
176 B 20ms
18ms Image
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bat.bing.com/action/0?ti=5223598&Ver=2&mid=5cb1d103-9f4f-4c7d-806d-55dd3ed30611&sid=3b2b3fb0dac511ec87f091dbd1a7b965&vid=3b2b5e40dac511ec9e87bb968149117c&vids=1&pi=1200101525&lg=en-US&sw=1600&sh=1200&sc=24&tl=Choice%20Home%20Warranty&p=https%3A%2F%2Fchpromotion.com%2Fa%2Fa87%2Findex.php%3Futm_source%3Dspdlfm%26utm_campaign%3D690430Rate%26token%3D1265061381&r=https%3A%2F%2Freliefgiveaway.com%2F&lt=441&evt=pageLoad&msclkid=N&sv=1&rn=27339

Requested by

Host: chpromotion.com
URL: https://chpromotion.com/a/a87/index.php?utm_source=spdlfm&utm_campaign=690430Rate&token=1265061381

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: en-US,en;q=0.9
Referer: https://mail.google.com/mail/u/0/#spam/WhctKKXXHvzjSctLbMzQxKlcSFjJHwljWccPgCLgfNWLXNDCpcpNwZSMhglWkTRhxWRXtRB
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:90.0) Gecko/20100101 Firefox/90.0

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains; preload
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 60B886B12764479E8E1C4151564931E5 Ref B: EWR30EDGE1613 Ref C: 2022-05-23T18:21:57Z
date: Mon, 23 May 2022 18:21:57 GMT
x-cache: CONFIG_NOCACHE
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 getIds Show response
s1.listrakbi.com/3QgckfkNYGiq/session/ 175 B
1 KB 63ms
40ms Script
application/x-javascript 104.18.7.244
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://s1.listrakbi.com/3QgckfkNYGiq/session/getIds?callback=ltkCallback1486&gsid=&_sid=&_tid=564543&ps=null&dps=true
Requested by: Host: cdn.listrakbi.com
URL: https://cdn.listrakbi.com/scripts/script.js?m=3QgckfkNYGiq&v=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.7.244 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 7ae6c41aba04348beec4616896c1ec70818ff4ef07de46269894e1a4b61b9697

Request headers

accept-language: en-US,en;q=0.9
Referer: https://mail.google.com/mail/u/0/#spam/WhctKKXXHvzjSctLbMzQxKlcSFjJHwljWccPgCLgfNWLXNDCpcpNwZSMhglWkTRhxWRXtRB
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:90.0) Gecko/20100101 Firefox/90.0

Response headers

pragma: no-cache
date: Mon, 23 May 2022 18:21:57 GMT
content-encoding: gzip
cf-cache-status: DYNAMIC
server: cloudflare
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa TAIa OUR BUS IND PHY ONL UNI COM NAV INT DEM CNT PRE LOC"
content-type: application/x-javascript; charset=utf-8
cache-control: no-cache
cf-ray: 70ffd07459198c2a-EWR
expires: -1

GET
H2 200 /
www.facebook.com/tr/ 44 B
397 B 16ms
5ms Image
image/gif 2a03:2880:f112:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1374492936214348&ev=PageView&dl=https%3A%2F%2Fchpromotion.com%2Fa%2Fa87%2Findex.php%3Futm_source%3Dspdlfm%26utm_campaign%3D690430Rate%26token%3D1265061381&rl=https%3A%2F%2Freliefgiveaway.com%2F&if=false&ts=1653330117842&sw=1600&sh=1200&v=2.9.60&r=stable&ec=0&o=28&fbp=fb.1.1653330117840.1332309774&it=1653330117752&coo=false&exp=p1&rqm=GET

Requested by

Host: chpromotion.com
URL: https://chpromotion.com/a/a87/index.php?utm_source=spdlfm&utm_campaign=690430Rate&token=1265061381

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f112:83:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-US,en;q=0.9
Referer: https://mail.google.com/mail/u/0/#spam/WhctKKXXHvzjSctLbMzQxKlcSFjJHwljWccPgCLgfNWLXNDCpcpNwZSMhglWkTRhxWRXtRB
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:90.0) Gecko/20100101 Firefox/90.0

Response headers

date: Mon, 23 May 2022 18:21:57 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 44
expires: Mon, 23 May 2022 18:21:57 GMT

GET
H2 200 triggerRunner.js Show response
d3rr3d0n31t48m.cloudfront.net/widget/ 10 KB
4 KB 10ms
10ms Script
application/javascript 18.67.76.108
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d3rr3d0n31t48m.cloudfront.net/widget/triggerRunner.js?v=c2be5aa
Requested by: Host: shop.pe
URL: https://shop.pe/widget/widget_async.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.67.76.108 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-67-76-108.iad89.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 380ef284cc9c44f82f786f246a822011a779932c9cd2ee34c451182ec2952468

Request headers

accept-language: en-US,en;q=0.9
Referer: https://mail.google.com/mail/u/0/#spam/WhctKKXXHvzjSctLbMzQxKlcSFjJHwljWccPgCLgfNWLXNDCpcpNwZSMhglWkTRhxWRXtRB
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:90.0) Gecko/20100101 Firefox/90.0

Response headers

date: Thu, 05 May 2022 13:40:30 GMT
content-encoding: gzip
last-modified: Thu, 05 May 2022 13:39:28 GMT
server: AmazonS3
age: 1572088
etag: "44854b0a25378de7169f209679944df9"
x-cache: Hit from cloudfront
content-type: application/javascript; charset=utf-8
via: 1.1 624a1750702d82319b25f17c35c73d04.cloudfront.net (CloudFront)
cache-control: max-age=2592000, public
x-amz-cf-pop: IAD89-P2
accept-ranges: bytes
content-length: 3759
x-amz-cf-id: YgJmEQj-3wEqdro5gm2sKM1s6A5PONnPAf6kBuVF4U820xbLPq7wwg==
x-amz-meta-mtime: 1651757965.45

GET
H/1.1 200
OK pr Show response
s.amazon-adsystem.com/v3/ Frame 43F7 5 KB
6 KB 17ms
17ms Document
text/html 52.46.154.242
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://s.amazon-adsystem.com/v3/pr?exlist=ns_n-ix-HMT_bsw_bk_n-y-HMT_aold_n-visualiq_n-telaria_gem_n-zeotap-4_fw_imdb_n-kr-new_n-lucid_n-samba.tv_n-rb-HMT3_adelphic_adb_mp_sv_af_sx_n-sk_g_kr_n-comscr.com_ox_index_n-semasio-ecm_an_n-pm-HMT_rb_n-g-hmt_nsln_nd_n-ispot_pm_tbl&fv=1.0&a=cm&ex-pl-n-kr-new=gN-z2jCMRXSqhhPDeYqymw&ex-pl-n-g-hmt=HA6JZHfhRgazLWCXb52diw&ep=mfS4I4Lxm4iN8M-0MyueFbUuWyzCyTWZfUyDmU44Rc0fu2eTrNMOcwLTep3WXrd2jzCjEifRo2MfTh-vwp2hbiIVr8fqhcKWCV0SD65sugRC8qbdtcNPPHeMiayAkg8p_LdijQqhpe7YRvHM5e-HA5aCbOF-jqARzX4Jg4KAxxBCkFZVUuvoBLwT4nCIrzUjwP5ANcZ2wD5tTshTyDCfOTbq86vASmx7R3Uj7YNmlgdVgAxo-PwlSiothrB1PjRlOvU1EWtDvQXH7A3g_fLCxR0xPO5gR8vV7SzKxDwa0Jgq184ktBCaiiE6ZFggrL7rqYWqujJiWrs6q8oIvEpzvA

Requested by

Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/iu3?d=generic&ex-fargs=%3Fid%3D3b289a46-9b76-58a9-88f0-c89b1606534d%26type%3D82%26m%3D1&ex-fch=416613&ex-src=https://www.choicehomewarranty.com/&ex-hargs=v%3D1.0%3Bc%3D6293635390601%3Bp%3D3B289A46-9B76-58A9-88F0-C89B1606534D&cb=578329293306815000&dcc=t

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.46.154.242 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

86e18cf3981b72fe61a6a8282aeeaf3bb837533e73e155fd83806950f02aa05c

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Referer: https://s.amazon-adsystem.com/iu3?d=generic&ex-fargs=%3Fid%3D3b289a46-9b76-58a9-88f0-c89b1606534d%26type%3D82%26m%3D1&ex-fch=416613&ex-src=https://www.choicehomewarranty.com/&ex-hargs=v%3D1.0%3Bc%3D6293635390601%3Bp%3D3B289A46-9B76-58A9-88F0-C89B1606534D&cb=578329293306815000&dcc=t
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:90.0) Gecko/20100101 Firefox/90.0
accept-language: en-US,en;q=0.9
referer: https://mail.google.com/mail/u/0/#spam/WhctKKXXHvzjSctLbMzQxKlcSFjJHwljWccPgCLgfNWLXNDCpcpNwZSMhglWkTRhxWRXtRB

Response headers

Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 5548
Content-Type: text/html;charset=ISO-8859-1
Date: Mon, 23 May 2022 18:21:57 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Permissions-Policy: interest-cohort=()
Pragma: no-cache
Server: Server
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
x-amz-rid: AVE32SNT1EST54BS1XZ8

GET
H2 200 widget.js Show response
d3rr3d0n31t48m.cloudfront.net/widget/ 181 KB
47 KB 11ms
10ms Script
application/javascript 18.67.76.108
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d3rr3d0n31t48m.cloudfront.net/widget/widget.js?v=8f4ab4d
Requested by: Host: shop.pe
URL: https://shop.pe/widget/widget_async.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.67.76.108 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-67-76-108.iad89.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: bd656b0911458566cbd5a9dc5966626bcb9e5b4c89f8b9b6ae57dc166a5e0e14

Request headers

accept-language: en-US,en;q=0.9
Referer: https://mail.google.com/mail/u/0/#spam/WhctKKXXHvzjSctLbMzQxKlcSFjJHwljWccPgCLgfNWLXNDCpcpNwZSMhglWkTRhxWRXtRB
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:90.0) Gecko/20100101 Firefox/90.0

Response headers

date: Thu, 05 May 2022 13:40:30 GMT
content-encoding: gzip
last-modified: Thu, 05 May 2022 13:39:28 GMT
server: AmazonS3
age: 1572088
etag: "a4bdf9a3993b685d01bd56ca5b08aa6d"
x-cache: Hit from cloudfront
content-type: application/javascript; charset=utf-8
via: 1.1 624a1750702d82319b25f17c35c73d04.cloudfront.net (CloudFront)
cache-control: max-age=2592000, public
x-amz-cf-pop: IAD89-P2
accept-ranges: bytes
content-length: 47344
x-amz-cf-id: 4bthxgzGasTa4ltUANBxAb8yR9l_etRMNKAvDFoAYOx-cn6bMq0mfg==
x-amz-meta-mtime: 1651757962.82

GET
H2 200 3QgckfkNYGiq Show response
at1.listrakbi.com/activity/ 111 B
622 B 52ms
30ms Script
text/javascript 104.18.7.244
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://at1.listrakbi.com/activity/3QgckfkNYGiq
Requested by: Host: cdn.listrakbi.com
URL: https://cdn.listrakbi.com/scripts/script.js?m=3QgckfkNYGiq&v=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.7.244 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 074c500fe2cd7dd99663264980f39d9e8782798ea7d72941575c1c6b8f2da441

Request headers

accept-language: en-US,en;q=0.9
Referer: https://mail.google.com/mail/u/0/#spam/WhctKKXXHvzjSctLbMzQxKlcSFjJHwljWccPgCLgfNWLXNDCpcpNwZSMhglWkTRhxWRXtRB
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:90.0) Gecko/20100101 Firefox/90.0

Response headers

date: Mon, 23 May 2022 18:21:57 GMT
content-encoding: gzip
cf-cache-status: DYNAMIC
server: cloudflare
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-type: text/javascript; charset=utf-8
cache-control: private
cf-ray: 70ffd0750abe8c2a-EWR

GET
H2 200 update
sca1.listrakbi.com/3QgckfkNYGiq/cart/ 44 B
420 B 102ms
63ms Image
image/gif 104.18.7.244
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sca1.listrakbi.com/3QgckfkNYGiq/cart/update?gsid=1c806f9c-0239-4063-8e54-766abe452bba&_sid=5ad0a231-d042-4df1-bf6f-c0871021c594&_tid=564543&_uid=F441D6A4-1C09-4C8E-AA7F-78C944CDE113&s_0=warranty-quote&q_0=1&p_0=1.00&n_0=Warranty%20Quote
Requested by: Host: chpromotion.com
URL: https://chpromotion.com/a/a87/index.php?utm_source=spdlfm&utm_campaign=690430Rate&token=1265061381
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.7.244 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: d1c4aa4fc27ca65d42b693b60f19546c4a50c002394c364dbbef45710858df7a

Request headers

accept-language: en-US,en;q=0.9
Referer: https://mail.google.com/mail/u/0/#spam/WhctKKXXHvzjSctLbMzQxKlcSFjJHwljWccPgCLgfNWLXNDCpcpNwZSMhglWkTRhxWRXtRB
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:90.0) Gecko/20100101 Firefox/90.0

Response headers

date: Mon, 23 May 2022 18:21:57 GMT
cf-cache-status: DYNAMIC
server: cloudflare
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa TAIa OUR BUS IND PHY ONL UNI COM NAV INT DEM CNT PRE LOC"
content-type: image/gif
cache-control: no-cache
cf-ray: 70ffd0752b048c2a-EWR
content-length: 44

GET
H/1.1

200
OK

ecm3
s.amazon-adsystem.com/ Frame 43F7
Redirect Chain

https://aa.agkn.com/adscores/g.pixel?sid=9212284268
https://s.amazon-adsystem.com/ecm3?id=212610604160011328700&ex=neustar.biz

43 B
556 B

28ms
28ms

Image
image/gif

52.46.154.242
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/ecm3?id=212610604160011328700&ex=neustar.biz

Requested by

Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=ns_n-ix-HMT_bsw_bk_n-y-HMT_aold_n-visualiq_n-telaria_gem_n-zeotap-4_fw_imdb_n-kr-new_n-lucid_n-samba.tv_n-rb-HMT3_adelphic_adb_mp_sv_af_sx_n-sk_g_kr_n-comscr.com_ox_index_n-semasio-ecm_an_n-pm-HMT_rb_n-g-hmt_nsln_nd_n-ispot_pm_tbl&fv=1.0&a=cm&ex-pl-n-kr-new=gN-z2jCMRXSqhhPDeYqymw&ex-pl-n-g-hmt=HA6JZHfhRgazLWCXb52diw&ep=mfS4I4Lxm4iN8M-0MyueFbUuWyzCyTWZfUyDmU44Rc0fu2eTrNMOcwLTep3WXrd2jzCjEifRo2MfTh-vwp2hbiIVr8fqhcKWCV0SD65sugRC8qbdtcNPPHeMiayAkg8p_LdijQqhpe7YRvHM5e-HA5aCbOF-jqARzX4Jg4KAxxBCkFZVUuvoBLwT4nCIrzUjwP5ANcZ2wD5tTshTyDCfOTbq86vASmx7R3Uj7YNmlgdVgAxo-PwlSiothrB1PjRlOvU1EWtDvQXH7A3g_fLCxR0xPO5gR8vV7SzKxDwa0Jgq184ktBCaiiE6ZFggrL7rqYWqujJiWrs6q8oIvEpzvA

Protocol

HTTP/1.1

Server

52.46.154.242 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: en-US,en;q=0.9
Referer: https://mail.google.com/mail/u/0/#spam/WhctKKXXHvzjSctLbMzQxKlcSFjJHwljWccPgCLgfNWLXNDCpcpNwZSMhglWkTRhxWRXtRB
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:90.0) Gecko/20100101 Firefox/90.0

Response headers

Pragma: no-cache
Date: Mon, 23 May 2022 18:21:57 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: 31E1RNKQPDYYWDWZ2S55
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 23 May 2022 18:21:57 GMT
via: 1.1 acbc1e922360be31edf0371abdc7a3a4.cloudfront.net (CloudFront)
server: AAWebServer
x-amz-cf-pop: EWR53-P1
location: https://s.amazon-adsystem.com/ecm3?id=212610604160011328700&ex=neustar.biz
access-control-allow-methods: GET, POST, OPTIONS
p3p: policyref="https://www.agkn.com/p3p/p3p.xml",CP="NOI NID"
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
x-cache: Miss from cloudfront
access-control-allow-headers: accept, cache-control, origin, x-requested-with, x-file-name, content-type
x-amz-cf-id: G4F8fjgo1QL4ZVbcuzoVECaEDCtNFCJ7qYzqQL29-UZxK7fPC0EYTg==
expires: 0

GET
H/1.1

200
OK

ecm3
s.amazon-adsystem.com/ Frame 43F7
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?cm_dsp_id=198&external_user_id=sN7SdgpUS5K3Z_jAhXkw3Q&cb=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3DindexHMT%26id%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3DindexHMT%26id%3D&cm_dsp_id=198&external_user_id=sN7SdgpUS5K3Z_jAhXkw3Q&C=1
https://s.amazon-adsystem.com/ecm3?ex=indexHMT&id=

43 B
556 B

18ms
18ms

Image
image/gif

52.46.154.242
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/ecm3?ex=indexHMT&id=

Requested by

Protocol

HTTP/1.1

Server

52.46.154.242 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: en-US,en;q=0.9
Referer: https://mail.google.com/mail/u/0/#spam/WhctKKXXHvzjSctLbMzQxKlcSFjJHwljWccPgCLgfNWLXNDCpcpNwZSMhglWkTRhxWRXtRB
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:90.0) Gecko/20100101 Firefox/90.0

Response headers

Pragma: no-cache
Date: Mon, 23 May 2022 18:21:58 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: WVMW0RBXGYWMJ4AY3FRJ
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Mon, 23 May 2022 18:21:58 GMT
Server: Apache
Content-Type: text/html; charset=iso-8859-1
Location: https://s.amazon-adsystem.com/ecm3?ex=indexHMT&id=
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 238
Expires: Mon, 23 May 2022 18:21:58 GMT

GET
H/1.1

200
OK

ecm3
s.amazon-adsystem.com/ Frame 43F7
Redirect Chain

https://x.bidswitch.net/sync_a9/https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dbidswitch.com%26id%3D%24%7BUUID%7D
https://x.bidswitch.net/ul_cb/sync_a9/https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dbidswitch.com%26id%3D%24%7BUUID%7D
https://s.amazon-adsystem.com/ecm3?ex=bidswitch.com&id=ebe70b73e4adff5eae68c0393363470f

43 B
556 B

19ms
19ms

Image
image/gif

52.46.154.242
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/ecm3?ex=bidswitch.com&id=ebe70b73e4adff5eae68c0393363470f

Requested by

Protocol

HTTP/1.1

Server

52.46.154.242 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: en-US,en;q=0.9
Referer: https://mail.google.com/mail/u/0/#spam/WhctKKXXHvzjSctLbMzQxKlcSFjJHwljWccPgCLgfNWLXNDCpcpNwZSMhglWkTRhxWRXtRB
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:90.0) Gecko/20100101 Firefox/90.0

Response headers

Pragma: no-cache
Date: Mon, 23 May 2022 18:21:58 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: QR4EZ1HAHG3SMWJ1CPZ5
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Location: https://s.amazon-adsystem.com/ecm3?ex=bidswitch.com&id=ebe70b73e4adff5eae68c0393363470f
Date: Mon, 23 May 2022 18:21:58 GMT
Cache-Control: no-cache, no-store, must-revalidate
Server: nginx
Connection: keep-alive
Content-Length: 0

GET
H/1.1

200
OK

ecm3
s.amazon-adsystem.com/ Frame 43F7
Redirect Chain

https://tags.bluekai.com/site/36840?redir=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dbluekai.com%26id%3D%24_BK_UUID
https://s.amazon-adsystem.com/ecm3?ex=bluekai.com&id=$_BK_UUID

43 B
556 B

39ms
18ms

Image
image/gif

52.46.154.242
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/ecm3?ex=bluekai.com&id=$_BK_UUID

Requested by

Protocol

HTTP/1.1

Server

52.46.154.242 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: en-US,en;q=0.9
Referer: https://mail.google.com/mail/u/0/#spam/WhctKKXXHvzjSctLbMzQxKlcSFjJHwljWccPgCLgfNWLXNDCpcpNwZSMhglWkTRhxWRXtRB
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:90.0) Gecko/20100101 Firefox/90.0

Response headers

Pragma: no-cache
Date: Mon, 23 May 2022 18:21:58 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: FS5G0M91WGABZ8BVAFVA
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Location: https://s.amazon-adsystem.com/ecm3?ex=bluekai.com&id=$_BK_UUID
Date: Mon, 23 May 2022 18:21:58 GMT
Connection: keep-alive
Content-Length: 0
P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"

GET
H/1.1

200
OK

ecm3
s.amazon-adsystem.com/ Frame 43F7
Redirect Chain

https://ups.analytics.yahoo.com/ups/58516/sync?_origin=1&redir=true&uid=QICKuqj2QgigtEnjGzIlGQ
https://ups.analytics.yahoo.com/ups/58516/sync?_origin=1&redir=true&uid=QICKuqj2QgigtEnjGzIlGQ&verify=true
https://s.amazon-adsystem.com/ecm3?ex=yahooHMT&id=QICKuqj2QgigtEnjGzIlGQ

43 B
556 B

25ms
19ms

Image
image/gif

52.46.154.242
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/ecm3?ex=yahooHMT&id=QICKuqj2QgigtEnjGzIlGQ

Requested by

Protocol

HTTP/1.1

Server

52.46.154.242 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: en-US,en;q=0.9
Referer: https://mail.google.com/mail/u/0/#spam/WhctKKXXHvzjSctLbMzQxKlcSFjJHwljWccPgCLgfNWLXNDCpcpNwZSMhglWkTRhxWRXtRB
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:90.0) Gecko/20100101 Firefox/90.0

Response headers

Pragma: no-cache
Date: Mon, 23 May 2022 18:21:58 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: M1SN3TJE3BTX4VPEFF8V
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

location: https://s.amazon-adsystem.com/ecm3?ex=yahooHMT&id=QICKuqj2QgigtEnjGzIlGQ
date: Mon, 23 May 2022 18:21:58 GMT
server: ATS/9.1.0.46
age: 0
content-length: 0
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H/1.1

200
OK

ecm3
s.amazon-adsystem.com/ Frame 43F7
Redirect Chain

https://pixel.advertising.com/ups/56466/sync?redir=true&_origin=1
https://pixel.advertising.com/ups/56466/sync?redir=true&_origin=1&verify=true
https://ups.analytics.yahoo.com/ups/56466/sync?redir=true&_origin=1&apid=UP3b4961f3-dac5-11ec-b133-02869fbfb009
https://s.amazon-adsystem.com/ecm3?id=634bb0095188f60ff6358688aba977550baeb167&ex=aoldisplay.com

43 B
556 B

27ms
18ms

Image
image/gif

52.46.154.242
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/ecm3?id=634bb0095188f60ff6358688aba977550baeb167&ex=aoldisplay.com

Requested by

Protocol

HTTP/1.1

Server

52.46.154.242 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: en-US,en;q=0.9
Referer: https://mail.google.com/mail/u/0/#spam/WhctKKXXHvzjSctLbMzQxKlcSFjJHwljWccPgCLgfNWLXNDCpcpNwZSMhglWkTRhxWRXtRB
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:90.0) Gecko/20100101 Firefox/90.0

Response headers

Pragma: no-cache
Date: Mon, 23 May 2022 18:21:58 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: 963RRJD50GR5V8TJPW24
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

location: https://s.amazon-adsystem.com/ecm3?id=634bb0095188f60ff6358688aba977550baeb167&ex=aoldisplay.com
date: Mon, 23 May 2022 18:21:58 GMT
server: ATS/9.1.0.46
age: 0
content-length: 0
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H/1.1

200
OK

ecm3
s.amazon-adsystem.com/ Frame 43F7
Redirect Chain

https://t.myvisualiq.net/sync?prid=AMZNPNR1&ao=0&red=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dvisualiq%26id%3D%24%7BUUID%7D
https://t.myvisualiq.net/ul_cb/sync?prid=AMZNPNR1&ao=0&red=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dvisualiq%26id%3D%24%7BUUID%7D
https://s.amazon-adsystem.com/ecm3?ex=visualiq&id=0-cc449bc7-b403-4db3-b8a5-1deb5ac626a4

43 B
556 B

18ms
18ms

Image
image/gif

52.46.154.242
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/ecm3?ex=visualiq&id=0-cc449bc7-b403-4db3-b8a5-1deb5ac626a4

Requested by

Protocol

HTTP/1.1

Server

52.46.154.242 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: en-US,en;q=0.9
Referer: https://mail.google.com/mail/u/0/#spam/WhctKKXXHvzjSctLbMzQxKlcSFjJHwljWccPgCLgfNWLXNDCpcpNwZSMhglWkTRhxWRXtRB
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:90.0) Gecko/20100101 Firefox/90.0

Response headers

Pragma: no-cache
Date: Mon, 23 May 2022 18:21:58 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: GQZ9FG0N9K7DT95338K6
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

access-control-allow-origin: *
Date: Mon, 23 May 2022 18:21:58 GMT
Cache-Control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
Connection: keep-alive
Content-Length: 0
Location: https://s.amazon-adsystem.com/ecm3?ex=visualiq&id=0-cc449bc7-b403-4db3-b8a5-1deb5ac626a4

GET
H/1.1

200
OK

ecm3
s.amazon-adsystem.com/ Frame 43F7
Redirect Chain

https://amazon.partners.tremorhub.com/sync?UIAM&redir=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dtelaria.com%26id%3D%5BPARTNER_ID%5D
https://s.amazon-adsystem.com/ecm3?ex=telaria.com&id=f037713f533f4b46bc388bb5f8ff4325

43 B
556 B

36ms
19ms

Image
image/gif

52.46.154.242
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/ecm3?ex=telaria.com&id=f037713f533f4b46bc388bb5f8ff4325

Requested by

Protocol

HTTP/1.1

Server

52.46.154.242 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: en-US,en;q=0.9
Referer: https://mail.google.com/mail/u/0/#spam/WhctKKXXHvzjSctLbMzQxKlcSFjJHwljWccPgCLgfNWLXNDCpcpNwZSMhglWkTRhxWRXtRB
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:90.0) Gecko/20100101 Firefox/90.0

Response headers

Pragma: no-cache
Date: Mon, 23 May 2022 18:21:58 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: G10TJMCK9JR0FHA55P8N
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

location: https://s.amazon-adsystem.com/ecm3?ex=telaria.com&id=f037713f533f4b46bc388bb5f8ff4325
date: Mon, 23 May 2022 18:21:58 GMT
server: Apache-Coyote/1.1
content-length: 0
p3p: CP='This is not a P3P policy. See https://telaria.com/privacy-policy/'

GET
H/1.1

200
OK

ecm3
s.amazon-adsystem.com/ Frame 43F7
Redirect Chain

https://cms.analytics.yahoo.com/cms?partner_id=AMAZON&ex=gemini
https://s.amazon-adsystem.com/ecm3?id=y-DLFXZZNE2pH7y8SuAsPmART.n9j6e6WsLsKT~A&status=NOT_FOUND&ex=gemini

43 B
556 B

19ms
19ms

Image
image/gif

52.46.154.242
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/ecm3?id=y-DLFXZZNE2pH7y8SuAsPmART.n9j6e6WsLsKT~A&status=NOT_FOUND&ex=gemini

Requested by

Protocol

HTTP/1.1

Server

52.46.154.242 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: en-US,en;q=0.9
Referer: https://mail.google.com/mail/u/0/#spam/WhctKKXXHvzjSctLbMzQxKlcSFjJHwljWccPgCLgfNWLXNDCpcpNwZSMhglWkTRhxWRXtRB
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:90.0) Gecko/20100101 Firefox/90.0

Response headers

Pragma: no-cache
Date: Mon, 23 May 2022 18:21:58 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: 59458T1BH9ZQT8RGGTSB
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

date: Mon, 23 May 2022 18:21:57 GMT
via: http/1.1 spdc0110.pbp.bf1.yahoo.com (ApacheTrafficServer)
server: ATS
age: 0
strict-transport-security: max-age=31536000
content-type: text/html;charset=utf-8
location: https://s.amazon-adsystem.com/ecm3?id=y-DLFXZZNE2pH7y8SuAsPmART.n9j6e6WsLsKT~A&status=NOT_FOUND&ex=gemini
content-length: 0

GET
H2 204 mw
mwzeom.zeotap.com/ Frame 43F7 0
170 B 80ms
53ms Image
text/plain 2606:4700:10::6816:1957
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwzeom.zeotap.com/mw?zpartnerid=1353&zurl=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dzeotap%26id%3D%7BZCOOKIE%7D
Requested by: Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=ns_n-ix-HMT_bsw_bk_n-y-HMT_aold_n-visualiq_n-telaria_gem_n-zeotap-4_fw_imdb_n-kr-new_n-lucid_n-samba.tv_n-rb-HMT3_adelphic_adb_mp_sv_af_sx_n-sk_g_kr_n-comscr.com_ox_index_n-semasio-ecm_an_n-pm-HMT_rb_n-g-hmt_nsln_nd_n-ispot_pm_tbl&fv=1.0&a=cm&ex-pl-n-kr-new=gN-z2jCMRXSqhhPDeYqymw&ex-pl-n-g-hmt=HA6JZHfhRgazLWCXb52diw&ep=mfS4I4Lxm4iN8M-0MyueFbUuWyzCyTWZfUyDmU44Rc0fu2eTrNMOcwLTep3WXrd2jzCjEifRo2MfTh-vwp2hbiIVr8fqhcKWCV0SD65sugRC8qbdtcNPPHeMiayAkg8p_LdijQqhpe7YRvHM5e-HA5aCbOF-jqARzX4Jg4KAxxBCkFZVUuvoBLwT4nCIrzUjwP5ANcZ2wD5tTshTyDCfOTbq86vASmx7R3Uj7YNmlgdVgAxo-PwlSiothrB1PjRlOvU1EWtDvQXH7A3g_fLCxR0xPO5gR8vV7SzKxDwa0Jgq184ktBCaiiE6ZFggrL7rqYWqujJiWrs6q8oIvEpzvA
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:1957 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://mail.google.com/mail/u/0/#spam/WhctKKXXHvzjSctLbMzQxKlcSFjJHwljWccPgCLgfNWLXNDCpcpNwZSMhglWkTRhxWRXtRB
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:90.0) Gecko/20100101 Firefox/90.0

Response headers

date: Mon, 23 May 2022 18:21:58 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 70ffd07538f28c3f-EWR
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"

GET
H/1.1

200
OK

ecm3
s.amazon-adsystem.com/ Frame 43F7
Redirect Chain

https://ads.stickyadstv.com/user-matching?id=2545
https://s.amazon-adsystem.com/ecm3?id=db27c6fccd0cef96e99a113e8ebbee&ex=freewheel.tv&gdpr=0&gdpr_consent=

43 B
556 B

19ms
19ms

Image
image/gif

52.46.154.242
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/ecm3?id=db27c6fccd0cef96e99a113e8ebbee&ex=freewheel.tv&gdpr=0&gdpr_consent=

Requested by

Protocol

HTTP/1.1

Server

52.46.154.242 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: en-US,en;q=0.9
Referer: https://mail.google.com/mail/u/0/#spam/WhctKKXXHvzjSctLbMzQxKlcSFjJHwljWccPgCLgfNWLXNDCpcpNwZSMhglWkTRhxWRXtRB
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:90.0) Gecko/20100101 Firefox/90.0

Response headers

Pragma: no-cache
Date: Mon, 23 May 2022 18:21:58 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: YJHNDE1QDHN3XQ1Y7SZY
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Mon, 23 May 2022 18:21:58 GMT
Server: nginx
Access-Control-Allow-Origin: *
Location: https://s.amazon-adsystem.com/ecm3?id=db27c6fccd0cef96e99a113e8ebbee&ex=freewheel.tv&gdpr=0&gdpr_consent=
Cache-Control: no-cache
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 0
x-sticky-vk: 1653330118148024-140

GET
H/1.1

200
OK

ecm3
s.amazon-adsystem.com/ Frame 43F7
Redirect Chain

https://www.imdb.com/ads/idsync?cid=a706a6beb&ex=imdb.com
https://s.amazon-adsystem.com/ecm3?rcode=1&ex=imdb.com

43 B
556 B

17ms
16ms

Image
image/gif

52.46.154.242
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/ecm3?rcode=1&ex=imdb.com

Requested by

Protocol

HTTP/1.1

Server

52.46.154.242 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: en-US,en;q=0.9
Referer: https://mail.google.com/mail/u/0/#spam/WhctKKXXHvzjSctLbMzQxKlcSFjJHwljWccPgCLgfNWLXNDCpcpNwZSMhglWkTRhxWRXtRB
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:90.0) Gecko/20100101 Firefox/90.0

Response headers

Pragma: no-cache
Date: Mon, 23 May 2022 18:21:58 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: 6JGFD4YRJYDNXPMNZCV5
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

date: Mon, 23 May 2022 18:21:58 GMT
via: 1.1 960b27f23df49cd65e51133bf80b9878.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: EWR53-P1
content-security-policy-report-only: default-src https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com; script-src https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com 'unsafe-inline' 'unsafe-eval'; style-src https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com 'unsafe-inline'; report-uri /1/batch/2/OE/mid=ATVPDKIKX0DER:sid=:rid=AA7WHQHVTTYX71MSJSHW:sn=www.imdb.com
x-cache: Miss from cloudfront
vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
content-length: 0
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
server: Server
x-amz-rid: AA7WHQHVTTYX71MSJSHW
strict-transport-security: max-age=31536000; includeSubDomains
location: https://s.amazon-adsystem.com/ecm3?rcode=1&ex=imdb.com
permissions-policy: interest-cohort=()
x-robots-tag: noindex, nofollow
x-amz-cf-id: 8v8uc6rsG3iXack0urJli4YQPIwb38RxrekaQ4LeODUV9LqxL2-trw==

GET
H2 204 usermatch.gif
beacon.krxd.net/ Frame 43F7 0
321 B 94ms
11ms Image
text/plain 52.205.48.68
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://beacon.krxd.net/usermatch.gif?partner=amzn&partner_uid=gN-z2jCMRXSqhhPDeYqymw&redir=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dkrux.com%26id%3D
Requested by: Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=ns_n-ix-HMT_bsw_bk_n-y-HMT_aold_n-visualiq_n-telaria_gem_n-zeotap-4_fw_imdb_n-kr-new_n-lucid_n-samba.tv_n-rb-HMT3_adelphic_adb_mp_sv_af_sx_n-sk_g_kr_n-comscr.com_ox_index_n-semasio-ecm_an_n-pm-HMT_rb_n-g-hmt_nsln_nd_n-ispot_pm_tbl&fv=1.0&a=cm&ex-pl-n-kr-new=gN-z2jCMRXSqhhPDeYqymw&ex-pl-n-g-hmt=HA6JZHfhRgazLWCXb52diw&ep=mfS4I4Lxm4iN8M-0MyueFbUuWyzCyTWZfUyDmU44Rc0fu2eTrNMOcwLTep3WXrd2jzCjEifRo2MfTh-vwp2hbiIVr8fqhcKWCV0SD65sugRC8qbdtcNPPHeMiayAkg8p_LdijQqhpe7YRvHM5e-HA5aCbOF-jqARzX4Jg4KAxxBCkFZVUuvoBLwT4nCIrzUjwP5ANcZ2wD5tTshTyDCfOTbq86vASmx7R3Uj7YNmlgdVgAxo-PwlSiothrB1PjRlOvU1EWtDvQXH7A3g_fLCxR0xPO5gR8vV7SzKxDwa0Jgq184ktBCaiiE6ZFggrL7rqYWqujJiWrs6q8oIvEpzvA
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.205.48.68 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-205-48-68.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://mail.google.com/mail/u/0/#spam/WhctKKXXHvzjSctLbMzQxKlcSFjJHwljWccPgCLgfNWLXNDCpcpNwZSMhglWkTRhxWRXtRB
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:90.0) Gecko/20100101 Firefox/90.0

Response headers

date: Mon, 23 May 2022 18:21:58 GMT
cache-control: private, no-cache, no-store
x-request-time: D=53 t=1653330118
x-served-by: beacon-n010-ash-prod.krxd.net
p3p: policyref="https://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H/1.1 200
OK pixel.gif
usersync.samplicio.us/amazon/ Frame 43F7 0
263 B 70ms
11ms Image
text/plain 34.199.40.23
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://usersync.samplicio.us/amazon/pixel.gif?https://s.amazon-adsystem.com/ecm3?ex=luc.id&id=
Requested by: Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=ns_n-ix-HMT_bsw_bk_n-y-HMT_aold_n-visualiq_n-telaria_gem_n-zeotap-4_fw_imdb_n-kr-new_n-lucid_n-samba.tv_n-rb-HMT3_adelphic_adb_mp_sv_af_sx_n-sk_g_kr_n-comscr.com_ox_index_n-semasio-ecm_an_n-pm-HMT_rb_n-g-hmt_nsln_nd_n-ispot_pm_tbl&fv=1.0&a=cm&ex-pl-n-kr-new=gN-z2jCMRXSqhhPDeYqymw&ex-pl-n-g-hmt=HA6JZHfhRgazLWCXb52diw&ep=mfS4I4Lxm4iN8M-0MyueFbUuWyzCyTWZfUyDmU44Rc0fu2eTrNMOcwLTep3WXrd2jzCjEifRo2MfTh-vwp2hbiIVr8fqhcKWCV0SD65sugRC8qbdtcNPPHeMiayAkg8p_LdijQqhpe7YRvHM5e-HA5aCbOF-jqARzX4Jg4KAxxBCkFZVUuvoBLwT4nCIrzUjwP5ANcZ2wD5tTshTyDCfOTbq86vASmx7R3Uj7YNmlgdVgAxo-PwlSiothrB1PjRlOvU1EWtDvQXH7A3g_fLCxR0xPO5gR8vV7SzKxDwa0Jgq184ktBCaiiE6ZFggrL7rqYWqujJiWrs6q8oIvEpzvA
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.199.40.23 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-199-40-23.compute-1.amazonaws.com
Software: nginx/1.20.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://mail.google.com/mail/u/0/#spam/WhctKKXXHvzjSctLbMzQxKlcSFjJHwljWccPgCLgfNWLXNDCpcpNwZSMhglWkTRhxWRXtRB
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:90.0) Gecko/20100101 Firefox/90.0

Response headers

Pragma: no-cache
Date: Mon, 23 May 2022 18:21:58 GMT
Server: nginx/1.20.0
Location: https://s.amazon-adsystem.com/ecm3?ex=luc.id&id=
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: 0

GET
H/1.1

200
OK

ecm3
s.amazon-adsystem.com/ Frame 43F7
Redirect Chain

https://ads.samba.tv/cookie_sync?https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dsamba.tv%26id%3D
https://s.amazon-adsystem.com/ecm3?ex=samba.tv&id=f69c38079d25a04c

43 B
556 B

18ms
18ms

Image
image/gif

52.46.154.242
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/ecm3?ex=samba.tv&id=f69c38079d25a04c

Requested by

Protocol

HTTP/1.1

Server

52.46.154.242 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: en-US,en;q=0.9
Referer: https://mail.google.com/mail/u/0/#spam/WhctKKXXHvzjSctLbMzQxKlcSFjJHwljWccPgCLgfNWLXNDCpcpNwZSMhglWkTRhxWRXtRB
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:90.0) Gecko/20100101 Firefox/90.0

Response headers

Pragma: no-cache
Date: Mon, 23 May 2022 18:21:58 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: ZRN3VCJN4NXM5J67TVY9
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

location: https://s.amazon-adsystem.com/ecm3?ex=samba.tv&id=f69c38079d25a04c
date: Mon, 23 May 2022 18:21:58 GMT
access-control-allow-origin: *
access-control-allow-headers: Content-Type, Authorization
content-length: 93
access-control-allow-methods: HEAD,OPTIONS,GET
content-type: text/html; charset=utf-8

GET
H/1.1

200
OK

ecm3
s.amazon-adsystem.com/ Frame 43F7
Redirect Chain

https://pixel.rubiconproject.com/token?pid=2179&pt=n&puid=-pSKeXBLQnq5ZdKM4zsg9Q&rk=usync-na
https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=-pSKeXBLQnq5ZdKM4zsg9Q

43 B
556 B

19ms
19ms

Image
image/gif

52.46.154.242
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=-pSKeXBLQnq5ZdKM4zsg9Q

Requested by

Protocol

HTTP/1.1

Server

52.46.154.242 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: en-US,en;q=0.9
Referer: https://mail.google.com/mail/u/0/#spam/WhctKKXXHvzjSctLbMzQxKlcSFjJHwljWccPgCLgfNWLXNDCpcpNwZSMhglWkTRhxWRXtRB
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:90.0) Gecko/20100101 Firefox/90.0

Response headers

Pragma: no-cache
Date: Mon, 23 May 2022 18:21:58 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: 19ZXYYTBX5NYK863A7X2
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Location: https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=-pSKeXBLQnq5ZdKM4zsg9Q
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: f69a50991384d09413b97a37bb74928b
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H/1.1

200
OK

ecm3
s.amazon-adsystem.com/ Frame 43F7
Redirect Chain

https://dpm.demdex.net/ibs:dpid=139200&dpuuid=3n1YAKOcT9CLLLLW6YMt0g&redir=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dadobe.com%26id%3D%24%7BDD_UUID%7D
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=139200&dpuuid=3n1YAKOcT9CLLLLW6YMt0g&redir=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dadobe.com%26id%3D%24%7BDD_UUID%7D
https://s.amazon-adsystem.com/ecm3?ex=adobe.com&id=31603385221609099573570862640923504705

43 B
556 B

25ms
25ms

Image
image/gif

52.46.154.242
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/ecm3?ex=adobe.com&id=31603385221609099573570862640923504705

Requested by

Protocol

HTTP/1.1

Server

52.46.154.242 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: en-US,en;q=0.9
Referer: https://mail.google.com/mail/u/0/#spam/WhctKKXXHvzjSctLbMzQxKlcSFjJHwljWccPgCLgfNWLXNDCpcpNwZSMhglWkTRhxWRXtRB
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:90.0) Gecko/20100101 Firefox/90.0

Response headers

Pragma: no-cache
Date: Mon, 23 May 2022 18:21:58 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: FJ252V6DJG4PN58W7S1F
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

DCS: dcs-prod-usw2-1-v028-066577c94.edge-usw2.demdex.com UNKNOWN
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: OVkVSAWWRbU=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Location: https://s.amazon-adsystem.com/ecm3?ex=adobe.com&id=31603385221609099573570862640923504705
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H/1.1

200
OK

ecm3
s.amazon-adsystem.com/ Frame 43F7
Redirect Chain

https://odr.mookie1.com/t/v2?tagid=V2_393725&AMAZON_REGION_SPECIFIC_ENDPOINT=s.amazon-adsystem.com&src.visitorID=Oy8CC6baQHSW60ZQzu3EtQ
https://s.amazon-adsystem.com/ecm3?ex=mplatform.com&id=10594366283498790848&gdpr=&gdpr_consent=

43 B
556 B

19ms
19ms

Image
image/gif

52.46.154.242
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/ecm3?ex=mplatform.com&id=10594366283498790848&gdpr=&gdpr_consent=

Requested by

Protocol

HTTP/1.1

Server

52.46.154.242 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: en-US,en;q=0.9
Referer: https://mail.google.com/mail/u/0/#spam/WhctKKXXHvzjSctLbMzQxKlcSFjJHwljWccPgCLgfNWLXNDCpcpNwZSMhglWkTRhxWRXtRB
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:90.0) Gecko/20100101 Firefox/90.0

Response headers

Pragma: no-cache
Date: Mon, 23 May 2022 18:21:58 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: HQXXQEYJP6A2CMGT5DKH
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 23 May 2022 18:21:58 GMT
via: 1.1 google
server: Apache
p3p: CP="NON DSP COR NID CURa PSAa PSDa OUR STP UNI COM NAV STA LOC OTC",policyref="/w3c/p3p.xml"
location: https://s.amazon-adsystem.com/ecm3?ex=mplatform.com&id=10594366283498790848&gdpr=&gdpr_consent=
cache-control: no-cache, no-store, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-application-context: application
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1

200
OK

ecm3
s.amazon-adsystem.com/ Frame 43F7
Redirect Chain

https://px.surveywall-api.survata.com/z?l=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dsurvata.com%26id%3D
https://s.amazon-adsystem.com/ecm3?ex=survata.com&id=

43 B
556 B

19ms
19ms

Image
image/gif

52.46.154.242
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/ecm3?ex=survata.com&id=

Requested by

Protocol

HTTP/1.1

Server

52.46.154.242 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: en-US,en;q=0.9
Referer: https://mail.google.com/mail/u/0/#spam/WhctKKXXHvzjSctLbMzQxKlcSFjJHwljWccPgCLgfNWLXNDCpcpNwZSMhglWkTRhxWRXtRB
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:90.0) Gecko/20100101 Firefox/90.0

Response headers

Pragma: no-cache
Date: Mon, 23 May 2022 18:21:58 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: GPNC9CBHFVFENEPHQWRR
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Date: Mon, 23 May 2022 18:21:58 GMT
ETag: W/"0-2jmj7l5rSw0yVb/vlWAYkK/YBwk"
Server: nginx/1.19.2
X-Powered-By: Express
Content-Type: image/gif; charset=utf-8
Location: https://s.amazon-adsystem.com/ecm3?ex=survata.com&id=
Referer: px.surveywall-api.survata.com, px.surveywall-api.survata.com, px.surveywall-api.survata.com
Connection: keep-alive
Content-Length: 0

GET
H2

200

match
c1.adform.net/serving/cookie/ Frame 43F7
Redirect Chain

https://c1.adform.net/serving/cookie/match?party=1153&redirect_url=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dadform.net%26id%3D%24%7BUUID%7D
https://c1.adform.net/serving/cookie/match?CC=1&party=1153&redirect_url=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dadform.net%26id%3D%24%7BUUID%7D

35 B
385 B

6ms
6ms

Image
image/gif

185.167.164.43
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c1.adform.net/serving/cookie/match?CC=1&party=1153&redirect_url=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dadform.net%26id%3D%24%7BUUID%7D

Requested by

Protocol

Server

185.167.164.43 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-US,en;q=0.9
Referer: https://mail.google.com/mail/u/0/#spam/WhctKKXXHvzjSctLbMzQxKlcSFjJHwljWccPgCLgfNWLXNDCpcpNwZSMhglWkTRhxWRXtRB
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:90.0) Gecko/20100101 Firefox/90.0

Response headers

pragma: no-cache
date: Mon, 23 May 2022 18:21:58 GMT
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
expires: -1

Redirect headers

pragma: no-cache
date: Mon, 23 May 2022 18:21:58 GMT
server: nginx
location: https://c1.adform.net/serving/cookie/match?CC=1&party=1153&redirect_url=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dadform.net%26id%3D%24%7BUUID%7D
access-control-max-age: 86400
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H2

200

partner
sync.search.spotxchange.com/ Frame 43F7
Redirect Chain

https://sync.search.spotxchange.com/partner?adv_id=7922&redir=https://s.amazon-adsystem.com/ecm3?ex%3Dspotx.com%26id%3D%24SPOTX_USER_ID
https://sync.search.spotxchange.com/partner?adv_id=7922&redir=https://s.amazon-adsystem.com/ecm3?ex%3Dspotx.com%26id%3D%24SPOTX_USER_ID&__user_check__=1&sync_id=3b6be94e-dac5-11ec-af68-162fe7890403

43 B
476 B

12ms
11ms

Image
image/gif

69.12.8.74
SPOTX-IAD

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.search.spotxchange.com/partner?adv_id=7922&redir=https://s.amazon-adsystem.com/ecm3?ex%3Dspotx.com%26id%3D%24SPOTX_USER_ID&__user_check__=1&sync_id=3b6be94e-dac5-11ec-af68-162fe7890403
Requested by: Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=ns_n-ix-HMT_bsw_bk_n-y-HMT_aold_n-visualiq_n-telaria_gem_n-zeotap-4_fw_imdb_n-kr-new_n-lucid_n-samba.tv_n-rb-HMT3_adelphic_adb_mp_sv_af_sx_n-sk_g_kr_n-comscr.com_ox_index_n-semasio-ecm_an_n-pm-HMT_rb_n-g-hmt_nsln_nd_n-ispot_pm_tbl&fv=1.0&a=cm&ex-pl-n-kr-new=gN-z2jCMRXSqhhPDeYqymw&ex-pl-n-g-hmt=HA6JZHfhRgazLWCXb52diw&ep=mfS4I4Lxm4iN8M-0MyueFbUuWyzCyTWZfUyDmU44Rc0fu2eTrNMOcwLTep3WXrd2jzCjEifRo2MfTh-vwp2hbiIVr8fqhcKWCV0SD65sugRC8qbdtcNPPHeMiayAkg8p_LdijQqhpe7YRvHM5e-HA5aCbOF-jqARzX4Jg4KAxxBCkFZVUuvoBLwT4nCIrzUjwP5ANcZ2wD5tTshTyDCfOTbq86vASmx7R3Uj7YNmlgdVgAxo-PwlSiothrB1PjRlOvU1EWtDvQXH7A3g_fLCxR0xPO5gR8vV7SzKxDwa0Jgq184ktBCaiiE6ZFggrL7rqYWqujJiWrs6q8oIvEpzvA
Protocol: H2
Server: 69.12.8.74 Ashburn, United States, ASN11742 (SPOTX-IAD, US),
Reverse DNS
Software: /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

accept-language: en-US,en;q=0.9
Referer: https://mail.google.com/mail/u/0/#spam/WhctKKXXHvzjSctLbMzQxKlcSFjJHwljWccPgCLgfNWLXNDCpcpNwZSMhglWkTRhxWRXtRB
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:90.0) Gecko/20100101 Firefox/90.0

Response headers

x-spotx-halt-type: Audience DSP sync endpoint was unable to cookie the audience.
date: Mon, 23 May 2022 18:21:58 GMT
access-control-allow-methods: GET, POST, OPTIONS
content-type: image/gif
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials: false
x-fe: 296
content-length: 43

Redirect headers

date: Mon, 23 May 2022 18:21:58 GMT
location: /partner?adv_id=7922&redir=https://s.amazon-adsystem.com/ecm3?ex%3Dspotx.com%26id%3D%24SPOTX_USER_ID&__user_check__=1&sync_id=3b6be94e-dac5-11ec-af68-162fe7890403
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/plain
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials: false
x-fe: 369
content-length: 0

GET
H/1.1

200
OK

ecm3
s.amazon-adsystem.com/ Frame 43F7
Redirect Chain

https://bs.serving-sys.com/Serving?cn=cs&rtu=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dsizmek%26id%3D%5B%25tp_UserID%25%5D
https://lm.serving-sys.com/lm/acs?json={%22GUID%22:%22574b7f98-09d2-413c-89a0-1a3c2f501312%22,%22Time%22:%2220220523T182158.199510%22}&rtu=https://s.amazon-adsystem.com/ecm3?ex=sizmek&id=[%tp_UserID%]
https://s.amazon-adsystem.com/ecm3?ex=sizmek&id=574b7f98-09d2-413c-89a0-1a3c2f501312

43 B
556 B

19ms
19ms

Image
image/gif

52.46.154.242
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/ecm3?ex=sizmek&id=574b7f98-09d2-413c-89a0-1a3c2f501312

Requested by

Protocol

HTTP/1.1

Server

52.46.154.242 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: en-US,en;q=0.9
Referer: https://mail.google.com/mail/u/0/#spam/WhctKKXXHvzjSctLbMzQxKlcSFjJHwljWccPgCLgfNWLXNDCpcpNwZSMhglWkTRhxWRXtRB
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:90.0) Gecko/20100101 Firefox/90.0

Response headers

Pragma: no-cache
Date: Mon, 23 May 2022 18:21:58 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: 6K4KANSKBSCZQTD0C7E9
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Location: https://s.amazon-adsystem.com/ecm3?ex=sizmek&id=574b7f98-09d2-413c-89a0-1a3c2f501312
Server: LogModule 0.4
Content-Length: 204
Content-Type: text/html; charset=UTF-8

GET
H/1.1

200
OK

ecm3
s.amazon-adsystem.com/ Frame 43F7
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=a9&google_cm&ex=doubleclick.net
https://s.amazon-adsystem.com/ecm3?ex=doubleclick.net&google_gid=CAESEFWmT2MS_Kogj9wU2wnrqcg&google_cver=1

43 B
556 B

18ms
17ms

Image
image/gif

52.46.154.242
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/ecm3?ex=doubleclick.net&google_gid=CAESEFWmT2MS_Kogj9wU2wnrqcg&google_cver=1

Requested by

Protocol

HTTP/1.1

Server

52.46.154.242 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: en-US,en;q=0.9
Referer: https://mail.google.com/mail/u/0/#spam/WhctKKXXHvzjSctLbMzQxKlcSFjJHwljWccPgCLgfNWLXNDCpcpNwZSMhglWkTRhxWRXtRB
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:90.0) Gecko/20100101 Firefox/90.0

Response headers

Pragma: no-cache
Date: Mon, 23 May 2022 18:21:58 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: 7YBQPYB4S1PMCQ97EPQ4
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 23 May 2022 18:21:58 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://s.amazon-adsystem.com/ecm3?ex=doubleclick.net&google_gid=CAESEFWmT2MS_Kogj9wU2wnrqcg&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 311
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

204

usermatch.gif
beacon.krxd.net/ Frame 43F7
Redirect Chain

https://usermatch.krxd.net/um/v2?partner=amzn
https://beacon.krxd.net/usermatch.gif?kuid_status=new&partner=amzn

0
320 B

11ms
10ms

Image
text/plain

52.205.48.68
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://beacon.krxd.net/usermatch.gif?kuid_status=new&partner=amzn
Requested by: Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=ns_n-ix-HMT_bsw_bk_n-y-HMT_aold_n-visualiq_n-telaria_gem_n-zeotap-4_fw_imdb_n-kr-new_n-lucid_n-samba.tv_n-rb-HMT3_adelphic_adb_mp_sv_af_sx_n-sk_g_kr_n-comscr.com_ox_index_n-semasio-ecm_an_n-pm-HMT_rb_n-g-hmt_nsln_nd_n-ispot_pm_tbl&fv=1.0&a=cm&ex-pl-n-kr-new=gN-z2jCMRXSqhhPDeYqymw&ex-pl-n-g-hmt=HA6JZHfhRgazLWCXb52diw&ep=mfS4I4Lxm4iN8M-0MyueFbUuWyzCyTWZfUyDmU44Rc0fu2eTrNMOcwLTep3WXrd2jzCjEifRo2MfTh-vwp2hbiIVr8fqhcKWCV0SD65sugRC8qbdtcNPPHeMiayAkg8p_LdijQqhpe7YRvHM5e-HA5aCbOF-jqARzX4Jg4KAxxBCkFZVUuvoBLwT4nCIrzUjwP5ANcZ2wD5tTshTyDCfOTbq86vASmx7R3Uj7YNmlgdVgAxo-PwlSiothrB1PjRlOvU1EWtDvQXH7A3g_fLCxR0xPO5gR8vV7SzKxDwa0Jgq184ktBCaiiE6ZFggrL7rqYWqujJiWrs6q8oIvEpzvA
Protocol: H2
Server: 52.205.48.68 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-205-48-68.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://mail.google.com/mail/u/0/#spam/WhctKKXXHvzjSctLbMzQxKlcSFjJHwljWccPgCLgfNWLXNDCpcpNwZSMhglWkTRhxWRXtRB
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:90.0) Gecko/20100101 Firefox/90.0

Response headers

date: Mon, 23 May 2022 18:21:58 GMT
cache-control: private, no-cache, no-store
x-request-time: D=36 t=1653330118
x-served-by: beacon-n027-ash-prod.krxd.net
p3p: policyref="https://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

location: https://beacon.krxd.net/usermatch.gif?kuid_status=new&partner=amzn
date: Mon, 23 May 2022 18:21:58 GMT
x-cache-hits: 0
x-age: 0
content-length: 0
x-cache: MISS
x-served-by: usermatch-a013-ash-prod.krxd.net

GET
H/1.1

200
OK

ecm3
s.amazon-adsystem.com/ Frame 43F7
Redirect Chain

https://sb.scorecardresearch.com/p?c1=9&c2=27552257&r=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dcomscore.com%26id%3D%25AX_UUID%25
https://sb.scorecardresearch.com/p2?c1=9&c2=27552257&r=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dcomscore.com%26id%3D%25AX_UUID%25
https://s.amazon-adsystem.com/ecm3?ex=comscore.com&id=918fa180b9661135eb98441f7af9d2c0

43 B
556 B

19ms
19ms

Image
image/gif

52.46.154.242
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/ecm3?ex=comscore.com&id=918fa180b9661135eb98441f7af9d2c0

Requested by

Protocol

HTTP/1.1

Server

52.46.154.242 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: en-US,en;q=0.9
Referer: https://mail.google.com/mail/u/0/#spam/WhctKKXXHvzjSctLbMzQxKlcSFjJHwljWccPgCLgfNWLXNDCpcpNwZSMhglWkTRhxWRXtRB
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:90.0) Gecko/20100101 Firefox/90.0

Response headers

Pragma: no-cache
Date: Mon, 23 May 2022 18:21:58 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: BRJ88VNXD0KK0SYTHRH7
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

location: https://s.amazon-adsystem.com/ecm3?ex=comscore.com&id=918fa180b9661135eb98441f7af9d2c0
date: Mon, 23 May 2022 18:21:58 GMT
via: 1.1 6e01480ef7aa01c23bf600698a613304.cloudfront.net (CloudFront)
x-amz-cf-pop: EWR53-P1
content-length: 0
x-amz-cf-id: vAgYTzqvk7ughSOaMhVMbfaZEGB4RZYJZD8DTXzzOO8jvyGMkmnU_Q==
x-cache: Miss from cloudfront

GET
H/1.1

200
OK

ecm3
s.amazon-adsystem.com/ Frame 43F7
Redirect Chain

https://us-u.openx.net/w/1.0/cm?id=e818ca1e-0c23-caa8-0dd3-096b0ada08b7&r=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dopenx.com%26id%3D%7BOPENX_ID%7D
https://us-u.openx.net/w/1.0/cm?cc=1&id=e818ca1e-0c23-caa8-0dd3-096b0ada08b7&r=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dopenx.com%26id%3D%7BOPENX_ID%7D
https://s.amazon-adsystem.com/ecm3?ex=openx.com&id=c87a14c7-ef6a-c80f-2592-987048bd7b39

43 B
556 B

18ms
18ms

Image
image/gif

52.46.154.242
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/ecm3?ex=openx.com&id=c87a14c7-ef6a-c80f-2592-987048bd7b39

Requested by

Protocol

HTTP/1.1

Server

52.46.154.242 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: en-US,en;q=0.9
Referer: https://mail.google.com/mail/u/0/#spam/WhctKKXXHvzjSctLbMzQxKlcSFjJHwljWccPgCLgfNWLXNDCpcpNwZSMhglWkTRhxWRXtRB
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:90.0) Gecko/20100101 Firefox/90.0

Response headers

Pragma: no-cache
Date: Mon, 23 May 2022 18:21:58 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: YMPM6DSRCVFEYYR4YP1X
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

date: Mon, 23 May 2022 18:21:58 GMT
content-encoding: gzip
server: OXGW/1a2bd40
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
location: https://s.amazon-adsystem.com/ecm3?ex=openx.com&id=c87a14c7-ef6a-c80f-2592-987048bd7b39
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
via: 1.1 google

GET
H/1.1

200
OK

ecm3
s.amazon-adsystem.com/ Frame 43F7
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184155&cb=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dindex%26id%3D__UID__
https://ssum-sec.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dindex%26id%3D__UID__&s=184155&C=1
https://s.amazon-adsystem.com/ecm3?ex=index&id=0

43 B
556 B

20ms
19ms

Image
image/gif

52.46.154.242
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/ecm3?ex=index&id=0

Requested by

Protocol

HTTP/1.1

Server

52.46.154.242 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: en-US,en;q=0.9
Referer: https://mail.google.com/mail/u/0/#spam/WhctKKXXHvzjSctLbMzQxKlcSFjJHwljWccPgCLgfNWLXNDCpcpNwZSMhglWkTRhxWRXtRB
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:90.0) Gecko/20100101 Firefox/90.0

Response headers

Pragma: no-cache
Date: Mon, 23 May 2022 18:21:58 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: 7JHZS1QYVF4DYAYYHRG4
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Mon, 23 May 2022 18:21:58 GMT
Server: Apache
Content-Type: text/html; charset=iso-8859-1
Location: https://s.amazon-adsystem.com/ecm3?ex=index&id=0
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 236
Expires: Mon, 23 May 2022 18:21:58 GMT

GET
H/1.1

200
OK

ecm3
s.amazon-adsystem.com/ Frame 43F7
Redirect Chain

https://uipglob.semasio.net/amazon/1/get?_url=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dsemasio%26id%3D%24%7BUIPID%28%29%7D
https://uipglob.semasio.net/amazon/1/get2?_url=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dsemasio%26id%3D%24%7BUIPID%28%29%7D
https://s.amazon-adsystem.com/ecm3?ex=semasio&id=522A929774DCC135

43 B
556 B

20ms
20ms

Image
image/gif

52.46.154.242
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/ecm3?ex=semasio&id=522A929774DCC135

Requested by

Protocol

HTTP/1.1

Server

52.46.154.242 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: en-US,en;q=0.9
Referer: https://mail.google.com/mail/u/0/#spam/WhctKKXXHvzjSctLbMzQxKlcSFjJHwljWccPgCLgfNWLXNDCpcpNwZSMhglWkTRhxWRXtRB
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:90.0) Gecko/20100101 Firefox/90.0

Response headers

Pragma: no-cache
Date: Mon, 23 May 2022 18:21:58 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: EDQMBDMHR5FX9V0HJP8C
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Mon, 23 May 2022 18:21:58 GMT
Frontend-ID: 5
Location: https://s.amazon-adsystem.com/ecm3?ex=semasio&id=522A929774DCC135
P3P: policyref="http://uip.semasio.net/w3c/p3p.xml", CP="NOI PSAa PSDa OUR IND UNI CNT"
Access-Control-Allow-Origin: *
UIP-Response-Status: Ok
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: Keep-Alive
Content-Length: 0
Routing-Server-ID: -1
Expires: Sat, 01 Jan 2011 12:00:00 GMT

GET
H/1.1

200
OK

ecm3
s.amazon-adsystem.com/ Frame 43F7
Redirect Chain

https://ib.adnxs.com/getuid?https://s.amazon-adsystem.com/ecm3?id=$UID&ex=appnexus.com
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fid%3D%24UID%26ex%3Dappnexus.com
https://s.amazon-adsystem.com/ecm3?id=1906498781753493678&ex=appnexus.com

43 B
556 B

18ms
18ms

Image
image/gif

52.46.154.242
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/ecm3?id=1906498781753493678&ex=appnexus.com

Requested by

Protocol

HTTP/1.1

Server

52.46.154.242 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: en-US,en;q=0.9
Referer: https://mail.google.com/mail/u/0/#spam/WhctKKXXHvzjSctLbMzQxKlcSFjJHwljWccPgCLgfNWLXNDCpcpNwZSMhglWkTRhxWRXtRB
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:90.0) Gecko/20100101 Firefox/90.0

Response headers

Pragma: no-cache
Date: Mon, 23 May 2022 18:21:58 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: 8FVJB0ZJY2V1HW9NZ18X
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Mon, 23 May 2022 18:21:58 GMT
X-Proxy-Origin: 5.181.234.132; 5.181.234.132; 565.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
AN-X-Request-Uuid: d67347db-82fc-4d56-954b-b18597b791a6
Server: nginx/1.21.3
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://s.amazon-adsystem.com/ecm3?id=1906498781753493678&ex=appnexus.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1

200
OK

ecm3
s.amazon-adsystem.com/ Frame 43F7
Redirect Chain

https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzgmdGw9MTI5NjAw&piggybackCookie=4UqsgSa8QIq6o4-c5L5mSA&rd=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3DpubmaticHMT%26id%...
https://s.amazon-adsystem.com/ecm3?ex=pubmaticHMT&id=4UqsgSa8QIq6o4-c5L5mSA

43 B
556 B

18ms
18ms

Image
image/gif

52.46.154.242
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/ecm3?ex=pubmaticHMT&id=4UqsgSa8QIq6o4-c5L5mSA

Requested by

Protocol

HTTP/1.1

Server

52.46.154.242 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: en-US,en;q=0.9
Referer: https://mail.google.com/mail/u/0/#spam/WhctKKXXHvzjSctLbMzQxKlcSFjJHwljWccPgCLgfNWLXNDCpcpNwZSMhglWkTRhxWRXtRB
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:90.0) Gecko/20100101 Firefox/90.0

Response headers

Pragma: no-cache
Date: Mon, 23 May 2022 18:21:58 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: WYGGF23PCP3FM59E862M
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

location: https://s.amazon-adsystem.com/ecm3?ex=pubmaticHMT&id=4UqsgSa8QIq6o4-c5L5mSA
date: Mon, 23 May 2022 05:34:46 GMT
cache-control: no-store, no-cache, private
server: nginx
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

GET
H/1.1

200
OK

ecm3
s.amazon-adsystem.com/ Frame 43F7
Redirect Chain

https://token.rubiconproject.com/token?pid=2179&pt=n
https://s.amazon-adsystem.com/ecm3?id=I3PMeIIeizowby0ANmfVY8WWwYjZzChgQG1x_JmYjWc&ex=rubiconproject.com&status=ok

43 B
556 B

24ms
18ms

Image
image/gif

52.46.154.242
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/ecm3?id=I3PMeIIeizowby0ANmfVY8WWwYjZzChgQG1x_JmYjWc&ex=rubiconproject.com&status=ok

Requested by

Protocol

HTTP/1.1

Server

52.46.154.242 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: en-US,en;q=0.9
Referer: https://mail.google.com/mail/u/0/#spam/WhctKKXXHvzjSctLbMzQxKlcSFjJHwljWccPgCLgfNWLXNDCpcpNwZSMhglWkTRhxWRXtRB
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:90.0) Gecko/20100101 Firefox/90.0

Response headers

Pragma: no-cache
Date: Mon, 23 May 2022 18:21:58 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: DN7N9X6V608YSVZWMQ00
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Location: https://s.amazon-adsystem.com/ecm3?id=I3PMeIIeizowby0ANmfVY8WWwYjZzChgQG1x_JmYjWc&ex=rubiconproject.com&status=ok
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 29af2665c43893332e84c235bac366c1
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H/1.1

200
OK

ecm3
s.amazon-adsystem.com/ Frame 43F7
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=a9&google_hm=HA6JZHfhRgazLWCXb52diw&
https://s.amazon-adsystem.com/ecm3?ex=googleHMT

43 B
556 B

16ms
15ms

Image
image/gif

52.46.154.242
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/ecm3?ex=googleHMT

Requested by

Protocol

HTTP/1.1

Server

52.46.154.242 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: en-US,en;q=0.9
Referer: https://mail.google.com/mail/u/0/#spam/WhctKKXXHvzjSctLbMzQxKlcSFjJHwljWccPgCLgfNWLXNDCpcpNwZSMhglWkTRhxWRXtRB
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:90.0) Gecko/20100101 Firefox/90.0

Response headers

Pragma: no-cache
Date: Mon, 23 May 2022 18:21:58 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: BE9ZFRM53W6GQBY83KY5
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 23 May 2022 18:21:58 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://s.amazon-adsystem.com/ecm3?ex=googleHMT
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 244
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

ecm3
s.amazon-adsystem.com/ Frame 43F7
Redirect Chain

https://loadus.exelator.com/load/?p=204&g=8888&j=0
https://loadus.exelator.com/load/?p=204&g=8888&j=0&xl8blockcheck=1
https://s.amazon-adsystem.com/ecm3?&ex=nielsen&id=18e51fec6601ed89b49c2364af5847c4

43 B
556 B

20ms
20ms

Image
image/gif

52.46.154.242
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/ecm3?&ex=nielsen&id=18e51fec6601ed89b49c2364af5847c4

Requested by

Protocol

HTTP/1.1

Server

52.46.154.242 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: en-US,en;q=0.9
Referer: https://mail.google.com/mail/u/0/#spam/WhctKKXXHvzjSctLbMzQxKlcSFjJHwljWccPgCLgfNWLXNDCpcpNwZSMhglWkTRhxWRXtRB
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:90.0) Gecko/20100101 Firefox/90.0

Response headers

Pragma: no-cache
Date: Mon, 23 May 2022 18:21:58 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: 2GCS68YNP3E11WQTMTXG
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

date: Mon, 23 May 2022 18:21:58 GMT
server: nginx
x-powered-by: Undertow/1
p3p: policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA, policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA
location: https://s.amazon-adsystem.com/ecm3?&ex=nielsen&id=18e51fec6601ed89b49c2364af5847c4
cache-control: no-cache
access-control-allow-credentials: true
content-type: image/gif
content-length: 0

GET
H/1.1

200
OK

ecm3
s.amazon-adsystem.com/ Frame 43F7
Redirect Chain

https://lciapi.ninthdecimal.com/v1/lci/sync/adv-amzn/c-23445/?rdr=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3F%26ex%3Dninthdecimal.com%26id%3D%24%7BND_UID%7D
https://s.amazon-adsystem.com/ecm3?&ex=ninthdecimal.com&id=BFB44F2DC6D08B624707CB8C02DC9013

43 B
556 B

20ms
20ms

Image
image/gif

52.46.154.242
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/ecm3?&ex=ninthdecimal.com&id=BFB44F2DC6D08B624707CB8C02DC9013

Requested by

Protocol

HTTP/1.1

Server

52.46.154.242 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: en-US,en;q=0.9
Referer: https://mail.google.com/mail/u/0/#spam/WhctKKXXHvzjSctLbMzQxKlcSFjJHwljWccPgCLgfNWLXNDCpcpNwZSMhglWkTRhxWRXtRB
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:90.0) Gecko/20100101 Firefox/90.0

Response headers

Pragma: no-cache
Date: Mon, 23 May 2022 18:21:58 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: M5NR49HJZBRSPBPXWEH2
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Date: Mon, 23 May 2022 18:21:58 GMT
Server: openresty/1.15.8.2
P3P: CP="This is not a P3P policy! See http://www.ninthdecimal.com/privacy-policy-terms-of-service for more info."
Location: https://s.amazon-adsystem.com/ecm3?&ex=ninthdecimal.com&id=BFB44F2DC6D08B624707CB8C02DC9013
Cache-Control: no-cache, private
Connection: keep-alive
Content-Type: text/html
Content-Length: 151
Expires: Mon, 23 May 2022 18:21:57 GMT

GET
H/1.1

200
OK

ecm3
s.amazon-adsystem.com/ Frame 43F7
Redirect Chain

https://pi.ispot.tv/v2/TC-3673-1.gif?redir=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dispot.tv%26id%3D%7BISID%7D
https://s.amazon-adsystem.com/ecm3?ex=ispot.tv&id=c3074ebe6db31f8c9cbda89be74002a5167fc48d4ca9db59222f65d281c50519

43 B
556 B

18ms
17ms

Image
image/gif

52.46.154.242
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/ecm3?ex=ispot.tv&id=c3074ebe6db31f8c9cbda89be74002a5167fc48d4ca9db59222f65d281c50519

Requested by

Protocol

HTTP/1.1

Server

52.46.154.242 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: en-US,en;q=0.9
Referer: https://mail.google.com/mail/u/0/#spam/WhctKKXXHvzjSctLbMzQxKlcSFjJHwljWccPgCLgfNWLXNDCpcpNwZSMhglWkTRhxWRXtRB
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:90.0) Gecko/20100101 Firefox/90.0

Response headers

Pragma: no-cache
Date: Mon, 23 May 2022 18:21:58 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: 4E7QQBRZB4N7ND7D71VG
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 23 May 2022 18:21:58 GMT
location: https://s.amazon-adsystem.com/ecm3?ex=ispot.tv&id=c3074ebe6db31f8c9cbda89be74002a5167fc48d4ca9db59222f65d281c50519
cache-control: no-cache, no-store, must-revalidate
accept-ranges: bytes
content-length: 0
retry-after: 0
expires: 0

GET
H2

200

UCookieSetPug
image6.pubmatic.com/AdServer/ Frame 43F7
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?rd=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dpubmatic.com%26id%3D%23PM_USER_ID
https://image6.pubmatic.com/AdServer/UCookieSetPug?rd=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dpubmatic.com%26id%3D%23PM_USER_ID&rdf=1

0
41 B

11ms
11ms

Image
text/html

8.28.7.81
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image6.pubmatic.com/AdServer/UCookieSetPug?rd=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dpubmatic.com%26id%3D%23PM_USER_ID&rdf=1
Requested by: Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=ns_n-ix-HMT_bsw_bk_n-y-HMT_aold_n-visualiq_n-telaria_gem_n-zeotap-4_fw_imdb_n-kr-new_n-lucid_n-samba.tv_n-rb-HMT3_adelphic_adb_mp_sv_af_sx_n-sk_g_kr_n-comscr.com_ox_index_n-semasio-ecm_an_n-pm-HMT_rb_n-g-hmt_nsln_nd_n-ispot_pm_tbl&fv=1.0&a=cm&ex-pl-n-kr-new=gN-z2jCMRXSqhhPDeYqymw&ex-pl-n-g-hmt=HA6JZHfhRgazLWCXb52diw&ep=mfS4I4Lxm4iN8M-0MyueFbUuWyzCyTWZfUyDmU44Rc0fu2eTrNMOcwLTep3WXrd2jzCjEifRo2MfTh-vwp2hbiIVr8fqhcKWCV0SD65sugRC8qbdtcNPPHeMiayAkg8p_LdijQqhpe7YRvHM5e-HA5aCbOF-jqARzX4Jg4KAxxBCkFZVUuvoBLwT4nCIrzUjwP5ANcZ2wD5tTshTyDCfOTbq86vASmx7R3Uj7YNmlgdVgAxo-PwlSiothrB1PjRlOvU1EWtDvQXH7A3g_fLCxR0xPO5gR8vV7SzKxDwa0Jgq184ktBCaiiE6ZFggrL7rqYWqujJiWrs6q8oIvEpzvA
Protocol: H2
Server: 8.28.7.81 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://mail.google.com/mail/u/0/#spam/WhctKKXXHvzjSctLbMzQxKlcSFjJHwljWccPgCLgfNWLXNDCpcpNwZSMhglWkTRhxWRXtRB
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:90.0) Gecko/20100101 Firefox/90.0

Response headers

date: Mon, 23 May 2022 18:21:57 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

Redirect headers

location: /AdServer/UCookieSetPug?rd=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dpubmatic.com%26id%3D%23PM_USER_ID&rdf=1
date: Mon, 23 May 2022 18:21:57 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H/1.1

200
OK

ecm3
s.amazon-adsystem.com/ Frame 43F7
Redirect Chain

https://sync.taboola.com/sg/amazon-a9-network/1/rtb
https://s.amazon-adsystem.com/ecm3?ex=taboola.com&id=e6a45e01-b886-4a8c-b042-2420a4d82f6b-tuct9855646

43 B
556 B

19ms
19ms

Image
image/gif

52.46.154.242
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/ecm3?ex=taboola.com&id=e6a45e01-b886-4a8c-b042-2420a4d82f6b-tuct9855646

Requested by

Protocol

HTTP/1.1

Server

52.46.154.242 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: en-US,en;q=0.9
Referer: https://mail.google.com/mail/u/0/#spam/WhctKKXXHvzjSctLbMzQxKlcSFjJHwljWccPgCLgfNWLXNDCpcpNwZSMhglWkTRhxWRXtRB
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:90.0) Gecko/20100101 Firefox/90.0

Response headers

Pragma: no-cache
Date: Mon, 23 May 2022 18:21:58 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: KSXVMK9H7BF20TWNTQ54
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

location: https://s.amazon-adsystem.com/ecm3?ex=taboola.com&id=e6a45e01-b886-4a8c-b042-2420a4d82f6b-tuct9855646
date: Mon, 23 May 2022 18:21:58 GMT
access-control-allow-credentials: true
server: nginx
x-fastly-to-nlb-rtt: 3262

GET
H2 200 3QgckfkNYGiq Show response
at1.listrakbi.com/activity/ 111 B
492 B 33ms
32ms Script
text/javascript 104.18.7.244
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://at1.listrakbi.com/activity/3QgckfkNYGiq?vuid=5635ac3f-ccf7-4164-a680-fdc5c57dfd96&uid=E015568F-4C5F-4444-AB55-E5A926B10B64&gsid=1c806f9c-0239-4063-8e54-766abe452bba&sid=5ad0a231-d042-4df1-bf6f-c0871021c594&_t_0=at&t_0=ProductBrowse&k_0=warranty-quote
Requested by: Host: cdn.listrakbi.com
URL: https://cdn.listrakbi.com/scripts/script.js?m=3QgckfkNYGiq&v=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.7.244 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 074c500fe2cd7dd99663264980f39d9e8782798ea7d72941575c1c6b8f2da441

Request headers

accept-language: en-US,en;q=0.9
Referer: https://mail.google.com/mail/u/0/#spam/WhctKKXXHvzjSctLbMzQxKlcSFjJHwljWccPgCLgfNWLXNDCpcpNwZSMhglWkTRhxWRXtRB
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:90.0) Gecko/20100101 Firefox/90.0

Response headers

date: Mon, 23 May 2022 18:21:57 GMT
content-encoding: gzip
cf-cache-status: DYNAMIC
server: cloudflare
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-type: text/javascript; charset=utf-8
cache-control: private
cf-ray: 70ffd0754b4c8c2a-EWR

GET
H2 200 3QgckfkNYGiq Show response
at1.listrakbi.com/activity/ 111 B
497 B 31ms
30ms Script
text/javascript 104.18.7.244
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://at1.listrakbi.com/activity/3QgckfkNYGiq?vuid=5635ac3f-ccf7-4164-a680-fdc5c57dfd96&uid=3771EB84-CC9B-4A05-8D73-D8526F8AB743&gsid=1c806f9c-0239-4063-8e54-766abe452bba&sid=5ad0a231-d042-4df1-bf6f-c0871021c594&_t_0=at&t_0=Identification&k_0=3&_t_1=at&t_1=Identification&k_1=4&_t_2=at&t_2=Identification&k_2=5
Requested by: Host: cdn.listrakbi.com
URL: https://cdn.listrakbi.com/scripts/script.js?m=3QgckfkNYGiq&v=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.7.244 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 074c500fe2cd7dd99663264980f39d9e8782798ea7d72941575c1c6b8f2da441

Request headers

accept-language: en-US,en;q=0.9
Referer: https://mail.google.com/mail/u/0/#spam/WhctKKXXHvzjSctLbMzQxKlcSFjJHwljWccPgCLgfNWLXNDCpcpNwZSMhglWkTRhxWRXtRB
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:90.0) Gecko/20100101 Firefox/90.0

Response headers

date: Mon, 23 May 2022 18:21:57 GMT
content-encoding: gzip
cf-cache-status: DYNAMIC
server: cloudflare
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-type: text/javascript; charset=utf-8
cache-control: private
cf-ray: 70ffd0754b538c2a-EWR

GET
H2 200 3QgckfkNYGiq Show response
at1.listrakbi.com/activity/ 111 B
517 B 33ms
33ms Script
text/javascript 104.18.7.244
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://at1.listrakbi.com/activity/3QgckfkNYGiq?vuid=5635ac3f-ccf7-4164-a680-fdc5c57dfd96&uid=6CA3BEC6-F9D0-4B4B-A129-72FD5D73A4DE&gsid=1c806f9c-0239-4063-8e54-766abe452bba&sid=5ad0a231-d042-4df1-bf6f-c0871021c594&_t_0=at&t_0=PageBrowse&k_0=https%3A%2F%2Fchpromotion.com%2Fa%2Fa87%2Findex.php%3Futm_source%3Dspdlfm%26utm_campaign%3D690430Rate%26token%3D1265061381
Requested by: Host: cdn.listrakbi.com
URL: https://cdn.listrakbi.com/scripts/script.js?m=3QgckfkNYGiq&v=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.7.244 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 074c500fe2cd7dd99663264980f39d9e8782798ea7d72941575c1c6b8f2da441

Request headers

accept-language: en-US,en;q=0.9
Referer: https://mail.google.com/mail/u/0/#spam/WhctKKXXHvzjSctLbMzQxKlcSFjJHwljWccPgCLgfNWLXNDCpcpNwZSMhglWkTRhxWRXtRB
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:90.0) Gecko/20100101 Firefox/90.0

Response headers

date: Mon, 23 May 2022 18:21:58 GMT
content-encoding: gzip
cf-cache-status: DYNAMIC
server: cloudflare
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-type: text/javascript; charset=utf-8
cache-control: private
cf-ray: 70ffd077693f8c2a-EWR

GET
H2 200 pixel Show response
bid.g.doubleclick.net/xbbe/ Frame F944 0
434 B 65ms
36ms Document
text/html 172.253.63.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://bid.g.doubleclick.net/xbbe/pixel?d=KAE

Requested by

Host: www.google.com
URL: https://www.google.com/pagead/conversion_async.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.63.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bi-in-f155.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://chpromotion.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:90.0) Gecko/20100101 Firefox/90.0
accept-language: en-US,en;q=0.9
referer: https://mail.google.com/mail/u/0/#spam/WhctKKXXHvzjSctLbMzQxKlcSFjJHwljWccPgCLgfNWLXNDCpcpNwZSMhglWkTRhxWRXtRB

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 23 May 2022 18:21:58 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2

200

/ Show response
match.adsrvr.org/track/upb/ Frame 7A69
Redirect Chain

https://insight.adsrvr.org/track/up?adv=zl9kfqh1&ref=https%3A%2F%2Fchpromotion.com%2Fa%2Fa87%2Findex.php%3Futm_source%3Dspdlfm%26utm_campaign%3D690430Rate%26token%3D1265061381&upid=7h0r1mr&upv=1.1.0
https://match.adsrvr.org/track/upb/?adv=zl9kfqh1&ref=https%3A%2F%2Fchpromotion.com%2Fa%2Fa87%2Findex.php%3Futm_source%3Dspdlfm%26utm_campaign%3D690430Rate%26token%3D1265061381&upid=7h0r1mr&upv=1.1.0

926 B
1 KB

24ms
13ms

Document
text/html

35.71.131.137
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://match.adsrvr.org/track/upb/?adv=zl9kfqh1&ref=https%3A%2F%2Fchpromotion.com%2Fa%2Fa87%2Findex.php%3Futm_source%3Dspdlfm%26utm_campaign%3D690430Rate%26token%3D1265061381&upid=7h0r1mr&upv=1.1.0
Requested by: Host: js.adsrvr.org
URL: https://js.adsrvr.org/up_loader.1.1.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.71.131.137 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: /
Resource Hash: 46379eb0bd80c92e018c5b62bea3b9d44696ea903fae48189c547d751b11531d

Request headers

Referer: https://chpromotion.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:90.0) Gecko/20100101 Firefox/90.0
accept-language: en-US,en;q=0.9
referer: https://mail.google.com/mail/u/0/#spam/WhctKKXXHvzjSctLbMzQxKlcSFjJHwljWccPgCLgfNWLXNDCpcpNwZSMhglWkTRhxWRXtRB

Response headers

cache-control: private,no-cache, must-revalidate
content-type: text/html; charset=utf-8
date: Mon, 23 May 2022 18:21:58 GMT
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
pragma: no-cache
x-aspnet-version: 4.0.30319

Redirect headers

cache-control: private,no-cache, must-revalidate
content-type: text/html; charset=utf-8
date: Mon, 23 May 2022 18:21:58 GMT
location: https://match.adsrvr.org/track/upb/?adv=zl9kfqh1&ref=https%3A%2F%2Fchpromotion.com%2Fa%2Fa87%2Findex.php%3Futm_source%3Dspdlfm%26utm_campaign%3D690430Rate%26token%3D1265061381&upid=7h0r1mr&upv=1.1.0
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
pragma: no-cache
x-aspnet-version: 4.0.30319

GET
H3 200 params Show response
shop.pe/widget/main/init/ 260 B
247 B 43ms
35ms Script
text/javascript 35.227.244.1
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://shop.pe/widget/main/init/params?siteid=5db99fcfbbddbd09cdf02f85&product=Choice%20Home%20Warranty&product_url=https%3A%2F%2Fchpromotion.com%2Fa%2Fa87%2Findex.php&image=&price=&currency=undefined&rating=0&rating_count=0&review_count=0&stock_status=&description=&update_product=true&subcategory=&url=https%3A%2F%2Fchpromotion.com%2Fa%2Fa87%2Findex.php%3Futm_source%3Dspdlfm%26utm_campaign%3D690430Rate%26token%3D1265061381&external_referer=https%3A%2F%2Freliefgiveaway.com%2F&callback=AddShoppersWidget.load_widget&no_cookie_callback=AddShoppersWidget.load_no_cookie&rand=54922&cookie=&referer=https%3A%2F%2Freliefgiveaway.com%2F

Requested by

Host: d3rr3d0n31t48m.cloudfront.net
URL: https://d3rr3d0n31t48m.cloudfront.net/widget/widget.js?v=8f4ab4d

Protocol

Security

QUIC, , AES_128_GCM

Server

35.227.244.1 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

1.244.227.35.bc.googleusercontent.com

Software

nginx /

Resource Hash

2e90140bd140068c2e28826d099fefe3bc2e6846f5cb8815adb432ae69c24db8

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors none;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Frame-Options	deny

Request headers

accept-language: en-US,en;q=0.9
Referer: https://mail.google.com/mail/u/0/#spam/WhctKKXXHvzjSctLbMzQxKlcSFjJHwljWccPgCLgfNWLXNDCpcpNwZSMhglWkTRhxWRXtRB
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:90.0) Gecko/20100101 Firefox/90.0

Response headers

date: Mon, 23 May 2022 18:21:58 GMT
content-encoding: gzip
access-control-allow-origin: https://my.addshoppers.com
p3p: policyref="/w3c/p3p.xml", CP="CAO PSA OUR"
backend-version: 47
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
data-regulation-gdpr-enforced: false
referrer-policy: no-referrer-when-downgrade
server: nginx
x-frame-options: deny
etag: W/"7031689e1d3ce3b39875046b0392d770caa7de51"
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-methods: POST, GET, OPTIONS, DELETE, PATCH
content-type: text/javascript
via: 1.1 google
access-control-allow-credentials: true
content-security-policy: frame-ancestors none;
access-control-allow-headers: X-Requested-With, Content-Type, X-XSRFToken

GET
H3 200 params Show response
shop.pe/widget/main/init/ 892 B
528 B 41ms
41ms Script
text/javascript 35.227.244.1
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://shop.pe/widget/main/init/params?siteid=5db99fcfbbddbd09cdf02f85&product=Choice%20Home%20Warranty&product_url=https%3A%2F%2Fchpromotion.com%2Fa%2Fa87%2Findex.php&image=&price=&currency=undefined&rating=0&rating_count=0&review_count=0&stock_status=&description=&update_product=true&subcategory=&url=https%3A%2F%2Fchpromotion.com%2Fa%2Fa87%2Findex.php%3Futm_source%3Dspdlfm%26utm_campaign%3D690430Rate%26token%3D1265061381&external_referer=https%3A%2F%2Freliefgiveaway.com%2F&callback=AddShoppersWidget.load_widget&rand=27798&cookie=2%7C1%3A0%7C10%3A1653330118%7C15%3Aaddshoppers.com%7C44%3AYTVhNzlkMTZkNmQxNDRjMTk4YmU4MWEzNTc2MWZlZTk%3D%7Cb73c3cf8142d2682fe5250ca90b4779e60bf5a3e82d64126fbb74975f18202ee&referer=https%3A%2F%2Freliefgiveaway.com%2F

Requested by

Host: d3rr3d0n31t48m.cloudfront.net
URL: https://d3rr3d0n31t48m.cloudfront.net/widget/widget.js?v=8f4ab4d

Protocol

Security

QUIC, , AES_128_GCM

Server

35.227.244.1 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

1.244.227.35.bc.googleusercontent.com

Software

nginx /

Resource Hash

4232bfc361428db2b41388110226fc1ff5e49ae6969c13e4cb288ef3e67f51fa

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors none;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Frame-Options	deny

Request headers

accept-language: en-US,en;q=0.9
Referer: https://mail.google.com/mail/u/0/#spam/WhctKKXXHvzjSctLbMzQxKlcSFjJHwljWccPgCLgfNWLXNDCpcpNwZSMhglWkTRhxWRXtRB
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:90.0) Gecko/20100101 Firefox/90.0

Response headers

date: Mon, 23 May 2022 18:21:58 GMT
content-encoding: gzip
access-control-allow-origin: https://my.addshoppers.com
p3p: policyref="/w3c/p3p.xml", CP="CAO PSA OUR"
backend-version: 47
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
data-regulation-gdpr-enforced: false
referrer-policy: no-referrer-when-downgrade
server: nginx
x-frame-options: deny
etag: W/"7bcf901b3fac8f8582819929904c610268ddc89b"
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-methods: POST, GET, OPTIONS, DELETE, PATCH
content-type: text/javascript
via: 1.1 google
access-control-allow-credentials: true
content-security-policy: frame-ancestors none;
access-control-allow-headers: X-Requested-With, Content-Type, X-XSRFToken

GET
H/1.1 200
OK universal_pixel.1.1.0.js Show response
js.adsrvr.org/ Frame 7A69 487 B
964 B 5ms
5ms Script
application/x-javascript 52.85.136.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://js.adsrvr.org/universal_pixel.1.1.0.js
Requested by: Host: match.adsrvr.org
URL: https://match.adsrvr.org/track/upb/?adv=zl9kfqh1&ref=https%3A%2F%2Fchpromotion.com%2Fa%2Fa87%2Findex.php%3Futm_source%3Dspdlfm%26utm_campaign%3D690430Rate%26token%3D1265061381&upid=7h0r1mr&upv=1.1.0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 52.85.136.118 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-85-136-118.ewr53.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: f6d7e9dafd1ec463ecd0c6b20f170400dd15afe81c71dea50771550df2f83ffc

Request headers

accept-language: en-US,en;q=0.9
Referer: https://mail.google.com/mail/u/0/#spam/WhctKKXXHvzjSctLbMzQxKlcSFjJHwljWccPgCLgfNWLXNDCpcpNwZSMhglWkTRhxWRXtRB
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:90.0) Gecko/20100101 Firefox/90.0

Response headers

Date: Mon, 23 May 2022 10:54:22 GMT
Via: 1.1 b8d8693cc4ac05b6a9cebe2651a2c8b8.cloudfront.net (CloudFront)
Last-Modified: Thu, 24 Sep 2020 15:15:32 GMT
Server: AmazonS3
Age: 26857
ETag: "f0a7a3296da7382ce6bc1a3b6769e927"
X-Cache: Hit from cloudfront
Content-Type: application/x-javascript
Connection: keep-alive
X-Amz-Cf-Pop: EWR53-P1
Accept-Ranges: bytes
Content-Length: 487
X-Amz-Cf-Id: vVSdZe3MxRn8prfbrXiuI_KTbysb2zITIiG9VwxkV9LYHck7KvfKWQ==

GET
H2 200 input.js Show response
shopper.shop.pe/ 26 KB
9 KB 23ms
5ms Script
application/javascript 35.190.54.17
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://shopper.shop.pe/input.js
Requested by: Host: shop.pe
URL: https://shop.pe/widget/widget_async.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.190.54.17 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 17.54.190.35.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: bc1f719ad8a9fb36c5f164463ae53ad79a27e84143b027da42c6ee08021ff399

Request headers

accept-language: en-US,en;q=0.9
Referer: https://mail.google.com/mail/u/0/#spam/WhctKKXXHvzjSctLbMzQxKlcSFjJHwljWccPgCLgfNWLXNDCpcpNwZSMhglWkTRhxWRXtRB
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:90.0) Gecko/20100101 Firefox/90.0

Response headers

date: Mon, 23 May 2022 15:34:40 GMT
content-encoding: gzip
age: 10038
x-guploader-uploadid: ADPycdtuw78RL_e4i_NJz4hv8CExN4cTLlXdy7XWm-MWk_W7pql62jf5xjpGbKmkMi4Y7zLjquqno0CTMnv4G7ReItt6dyRRZ5V9
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8883
last-modified: Thu, 21 Apr 2022 13:54:28 GMT
server: UploadServer
etag: "59ca2c390b4a140196dd06ead7968dd5"
vary: Accept-Encoding
x-goog-hash: crc32c=BLS7fA==, md5=WcosOQtKFAGW3Qbq15aN1Q==
x-goog-generation: 1650549267910243
access-control-allow-origin: *
access-control-expose-headers: Access-Control-Allow-Origin
cache-control: public, max-age=14400
x-goog-stored-content-length: 8883
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
expires: Mon, 23 May 2022 19:34:40 GMT

GET
H2 200 iframe Show response
nytrng.com/ Frame 161E 414 B
506 B 236ms
81ms Document
text/html 75.2.91.175
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nytrng.com/iframe?vcp=4dd5h0np&as_id=a5a79d16d6d144c198be81a35761fee9
Requested by: Host: d3rr3d0n31t48m.cloudfront.net
URL: https://d3rr3d0n31t48m.cloudfront.net/widget/widget.js?v=8f4ab4d
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 75.2.91.175 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a954c1fc80b8251dc.awsglobalaccelerator.com
Software: gunicorn /
Resource Hash: 0102972fe8f1a8b32988dd127323e542ea30dd78ecb227d66b2babd03ae05d2d

Request headers

Referer: https://chpromotion.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:90.0) Gecko/20100101 Firefox/90.0
accept-language: en-US,en;q=0.9
referer: https://mail.google.com/mail/u/0/#spam/WhctKKXXHvzjSctLbMzQxKlcSFjJHwljWccPgCLgfNWLXNDCpcpNwZSMhglWkTRhxWRXtRB

Response headers

content-length: 414
content-type: text/html; charset=utf-8
date: Mon, 23 May 2022 18:21:58 GMT
server: gunicorn

GET
H2

200

generic Show response
match.adsrvr.org/track/cmf/ Frame C038
Redirect Chain

https://dpm.demdex.net/ibs:dpid=903&dpuuid=40d09c88-4f38-4ad6-bcd5-1fef784a52f8&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fmatch.adsrvr.org%2Ftrack%2Fcmf%2Fgeneric%3Fttd_pid%3Daam
https://match.adsrvr.org/track/cmf/generic?ttd_pid=aam

70 B
574 B

12ms
12ms

Document
image/gif

35.71.131.137
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://match.adsrvr.org/track/cmf/generic?ttd_pid=aam
Requested by: Host: js.adsrvr.org
URL: https://js.adsrvr.org/universal_pixel.1.1.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.71.131.137 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Referer: https://match.adsrvr.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:90.0) Gecko/20100101 Firefox/90.0
accept-language: en-US,en;q=0.9
referer: https://mail.google.com/mail/u/0/#spam/WhctKKXXHvzjSctLbMzQxKlcSFjJHwljWccPgCLgfNWLXNDCpcpNwZSMhglWkTRhxWRXtRB

Response headers

cache-control: private,no-cache, must-revalidate
content-length: 70
content-type: image/gif
date: Mon, 23 May 2022 18:21:58 GMT
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
pragma: no-cache
x-aspnet-version: 4.0.30319

Redirect headers

Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 0
DCS: dcs-prod-usw2-2-v028-0accd0272.edge-usw2.demdex.com UNKNOWN
Expires: Thu, 01 Jan 1970 00:00:00 UTC
Location: https://match.adsrvr.org/track/cmf/generic?ttd_pid=aam
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: bbjszbHgQQ4=

GET
H2

200

appnexus Show response
match.adsrvr.org/track/cmf/ Frame 6853
Redirect Chain

https://ib.adnxs.com/getuid?https%3a%2f%2fmatch.adsrvr.org%2ftrack%2fcmf%2fappnexus%3fttd%3d1%26anid%3d%24UID&ttd_tdid=40d09c88-4f38-4ad6-bcd5-1fef784a52f8
https://match.adsrvr.org/track/cmf/appnexus?ttd=1&anid=1906498781753493678&ttd_tdid=40d09c88-4f38-4ad6-bcd5-1fef784a52f8

70 B
574 B

12ms
11ms

Document
image/gif

35.71.131.137
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://match.adsrvr.org/track/cmf/appnexus?ttd=1&anid=1906498781753493678&ttd_tdid=40d09c88-4f38-4ad6-bcd5-1fef784a52f8
Requested by: Host: js.adsrvr.org
URL: https://js.adsrvr.org/universal_pixel.1.1.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.71.131.137 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Referer: https://match.adsrvr.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:90.0) Gecko/20100101 Firefox/90.0
accept-language: en-US,en;q=0.9
referer: https://mail.google.com/mail/u/0/#spam/WhctKKXXHvzjSctLbMzQxKlcSFjJHwljWccPgCLgfNWLXNDCpcpNwZSMhglWkTRhxWRXtRB

Response headers

cache-control: private,no-cache, must-revalidate
content-length: 70
content-type: image/gif
date: Mon, 23 May 2022 18:21:58 GMT
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
pragma: no-cache
x-aspnet-version: 4.0.30319

Redirect headers

AN-X-Request-Uuid: 3b5ed51b-901c-478d-9358-aaad16fb077f
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Length: 0
Content-Type: text/html; charset=utf-8
Date: Mon, 23 May 2022 18:21:58 GMT
Expires: Sat, 15 Nov 2008 16:00:00 GMT
Location: https://match.adsrvr.org/track/cmf/appnexus?ttd=1&anid=1906498781753493678&ttd_tdid=40d09c88-4f38-4ad6-bcd5-1fef784a52f8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Pragma: no-cache
Server: nginx/1.21.3
X-Proxy-Origin: 5.181.234.132; 5.181.234.132; 565.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
X-XSS-Protection: 0

GET
H2

200

rubicon Show response
match.adsrvr.org/track/cmf/ Frame 126C
Redirect Chain

https://pixel.rubiconproject.com/tap.php?v=8981&nid=2307&put=40d09c88-4f38-4ad6-bcd5-1fef784a52f8&gdpr=0&gdpr_consent=&expires=30&next=https%3A%2F%2Fmatch.adsrvr.org%2Ftrack%2Fcmf%2Frubicon
https://match.adsrvr.org/track/cmf/rubicon?gdpr=0

70 B
574 B

12ms
12ms

Document
image/gif

35.71.131.137
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://match.adsrvr.org/track/cmf/rubicon?gdpr=0
Requested by: Host: js.adsrvr.org
URL: https://js.adsrvr.org/universal_pixel.1.1.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.71.131.137 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Referer: https://match.adsrvr.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:90.0) Gecko/20100101 Firefox/90.0
accept-language: en-US,en;q=0.9
referer: https://mail.google.com/mail/u/0/#spam/WhctKKXXHvzjSctLbMzQxKlcSFjJHwljWccPgCLgfNWLXNDCpcpNwZSMhglWkTRhxWRXtRB

Response headers

cache-control: private,no-cache, must-revalidate
content-length: 70
content-type: image/gif
date: Mon, 23 May 2022 18:21:58 GMT
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
pragma: no-cache
x-aspnet-version: 4.0.30319

Redirect headers

Cache-Control: no-cache,no-store,must-revalidate
Content-Type: text/html
Expires: 0
Location: https://match.adsrvr.org/track/cmf/rubicon?gdpr=0
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Pragma: no-cache
X-RPHost: 20e8391fc78a9019eb67dba4b22f0ac2
content-length: 0

HEAD
H3 200 consent Show response
shop.pe/query/datareg/ 0
25 B 42ms
35ms XHR
text/html 35.227.244.1
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://shop.pe/query/datareg/consent

Requested by

Host: shopper.shop.pe
URL: https://shopper.shop.pe/input.js

Protocol

Security

QUIC, , AES_128_GCM

Server

35.227.244.1 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

1.244.227.35.bc.googleusercontent.com

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors none;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Frame-Options	deny

Request headers

accept-language: en-US,en;q=0.9
Referer: https://mail.google.com/mail/u/0/#spam/WhctKKXXHvzjSctLbMzQxKlcSFjJHwljWccPgCLgfNWLXNDCpcpNwZSMhglWkTRhxWRXtRB
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:90.0) Gecko/20100101 Firefox/90.0

Response headers

date: Mon, 23 May 2022 18:21:58 GMT
via: 1.1 google
p3p: policyref="/w3c/p3p.xml", CP="CAO PSA OUR"
backend-version: 47
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
data-regulation-gdpr-enforced: false
referrer-policy: no-referrer-when-downgrade
server: nginx
x-frame-options: deny
etag: "da39a3ee5e6b4b0d3255bfef95601890afd80709"
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-methods: HEAD, GET, POST
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
access-control-expose-headers: Data-Regulation-Gdpr-Enforced
content-security-policy: frame-ancestors none;
access-control-allow-headers: X-Requested-With, Content-Type, Data-Regulation-Gdpr-Enforced

GET
H2 200 pl.2.2.min.js Show response
cdn.nytrng.com/ Frame 161E 7 KB
8 KB 87ms
5ms Script
application/javascript 13.226.39.86
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.nytrng.com/pl.2.2.min.js
Requested by: Host: nytrng.com
URL: https://nytrng.com/iframe?vcp=4dd5h0np&as_id=a5a79d16d6d144c198be81a35761fee9
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.226.39.86 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-226-39-86.ewr53.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: d49d2a6dc89c60b16d37b5c050c401a95e54b48865c33518d11aa49f4aef01aa

Request headers

accept-language: en-US,en;q=0.9
Referer: https://mail.google.com/mail/u/0/#spam/WhctKKXXHvzjSctLbMzQxKlcSFjJHwljWccPgCLgfNWLXNDCpcpNwZSMhglWkTRhxWRXtRB
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:90.0) Gecko/20100101 Firefox/90.0

Response headers

date: Thu, 28 Apr 2022 06:49:56 GMT
via: 1.1 4b5889b0a8c8c6a870b430f05a4e162c.cloudfront.net (CloudFront)
last-modified: Thu, 01 Jul 2021 10:09:45 GMT
server: AmazonS3
age: 2201524
etag: "1ba5d1971ac96b0ca46300a7cb63b363"
x-cache: Hit from cloudfront
x-amz-version-id: 8orrD9zEZlFOFms3PR7pDugsAN7irKg0
x-amz-cf-pop: EWR53-C2
accept-ranges: bytes
content-type: application/javascript
content-length: 7518
x-amz-cf-id: KxgX_7bpncH6Oa9Sh5X9qqk-uMAIOGweaeFcI7HCJ6qMV4O0DqjCYw==

GET
H2

200

a01984e413da7259757b2dbb2a5d3502 Show response
nytrng.com/mper/ Frame 161E
Redirect Chain

https://nytrng.com/mper
https://nytrng.com/mper/a01984e413da7259757b2dbb2a5d3502

58 B
141 B

74ms
73ms

XHR
application/json

75.2.91.175
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nytrng.com/mper/a01984e413da7259757b2dbb2a5d3502
Protocol: H2
Server: 75.2.91.175 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a954c1fc80b8251dc.awsglobalaccelerator.com
Software: gunicorn /
Resource Hash: dea7e272d1cfdbc2c75c1ba73701423481ad035448bdcff0020490df1a486f18

Request headers

accept-language: en-US,en;q=0.9
Referer: https://mail.google.com/mail/u/0/#spam/WhctKKXXHvzjSctLbMzQxKlcSFjJHwljWccPgCLgfNWLXNDCpcpNwZSMhglWkTRhxWRXtRB
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:90.0) Gecko/20100101 Firefox/90.0

Response headers

date: Mon, 23 May 2022 18:21:59 GMT
server: gunicorn
content-length: 58
content-type: application/json

Redirect headers

location: https://nytrng.com/mper/a01984e413da7259757b2dbb2a5d3502
date: Mon, 23 May 2022 18:21:59 GMT
server: gunicorn
content-length: 318
content-type: text/html; charset=utf-8

POST
H2 200 lst Show response
nytrng.com/ Frame 161E 206 B
701 B 94ms
93ms XHR
application/json 75.2.91.175
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nytrng.com/lst
Requested by: Host: cdn.nytrng.com
URL: https://cdn.nytrng.com/pl.2.2.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 75.2.91.175 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a954c1fc80b8251dc.awsglobalaccelerator.com
Software: gunicorn /
Resource Hash: 14f448c6f86d6fcdc59350fe3800e85ecc2433fad4349810c5769ae83f5d7b73

Request headers

Referer: https://mail.google.com/mail/u/0/#spam/WhctKKXXHvzjSctLbMzQxKlcSFjJHwljWccPgCLgfNWLXNDCpcpNwZSMhglWkTRhxWRXtRB
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:90.0) Gecko/20100101 Firefox/90.0
Content-Type: text/plain;charset=UTF-8

Response headers

date: Mon, 23 May 2022 18:21:59 GMT
server: gunicorn
vary: Origin
p3p: CP="NOI OUR BUS UNI COM NAV"
access-control-allow-origin: https://nytrng.com
cache-control: no-cache
access-control-allow-credentials: true
content-type: application/json
content-length: 206
expires: Mon, 23 May 2022 18:22:00 GMT

Verdicts & Comments Add Verdict or Comment

Malicious page.url
Submitted on May 23rd 2022, 6:23:30 pm UTC — From United States

Threats: Social Engineering Scam
Comment: Known Generic Scam

Malicious page.url
Submitted on May 23rd 2022, 6:22:55 pm UTC — From United States

Threats: Misc
Comment: Known Spam: URL sent to spam trap

Malicious task.url
Submitted on May 23rd 2022, 6:22:32 pm UTC — From United States

Threats: Misc
Comment: Malicious 3xx redirect

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

170 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

60 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.at1.listrakbi.com/activity/3QgckfkNYGiq	1970-01-20 03:15:33	Name: _vuid Value: 5635ac3f-ccf7-4164-a680-fdc5c57dfd96
.listrakbi.com/3QgckfkNYGiq	1970-01-23 18:55:49	Name: gsid Value: iPswu14crVhtEcIDAoLYtiDQoQoGtTazAD2dF6k4jjcKFPAGdclSkMB8T8%2bXQVe4rz5vW79SjHI%3d
.listrakbi.com/3QgckfkNYGiq	1970-01-20 12:01:06	Name: scasid Value: 5ad0a231-d042-4df1-bf6f-c0871021c594
chpromotion.com/a/a87	1970-01-20 03:15:33	Name: _vuid Value: 5635ac3f-ccf7-4164-a680-fdc5c57dfd96
reliefgiveaway.com/	1970-01-20 03:58:42	Name: uid10568 Value: 1265061381-20220523142157-ca34279d69664664b4d98366b920ba09-0
chpromotion.com/	1969-12-31 23:59:59	Name: COOKIE Value: !hBBJ7IrkJ0MEdabuUVyM9dLmp2wyxLSs7NGAmRuellvIdORVRID1mqvf8sCgpDd8GfwzJWZPLnlvLw==
.chpromotion.com/	1970-01-20 05:25:06	Name: _gcl_au Value: 1.1.838976602.1653330117
.chpromotion.com/	1970-01-20 20:46:42	Name: _ga Value: GA1.2.1246858029.1653330118
.chpromotion.com/	1970-01-20 03:16:56	Name: _gid Value: GA1.2.722949797.1653330118
.chpromotion.com/	1970-01-20 03:15:30	Name: _gat_gtag_UA_6898183_1 Value: 1
.doubleclick.net/	1970-01-20 20:46:42	Name: IDE Value: AHWqTUnmZx36Mo09FFgryK9Mrf6yXh9ARxntOPMYF9Zu9PSQkm_onxnr4zwPd9D7
.chpromotion.com/	1970-01-20 20:46:42	Name: __utma Value: 212881990.1246858029.1653330118.1653330118.1653330118.1
.chpromotion.com/	1969-12-31 23:59:59	Name: __utmc Value: 212881990
.chpromotion.com/	1970-01-20 07:38:18	Name: __utmz Value: 212881990.1653330118.1.1.utmcsr=spdlfm\|utmccn=690430Rate\|utmcmd=(not%20set)
.chpromotion.com/	1970-01-20 03:15:30	Name: __utmt Value: 1
.chpromotion.com/	1970-01-20 03:15:31	Name: __utmb Value: 212881990.1.10.1653330118
.bing.com/	1970-01-20 12:37:06	Name: MUID Value: 375BEAC431E363D00400FB69304B62AD
.bat.bing.com/	1970-01-20 03:25:34	Name: MR Value: 0
.chpromotion.com/	1970-01-20 03:16:56	Name: _uetsid Value: 3b2b3fb0dac511ec87f091dbd1a7b965
.chpromotion.com/	1970-01-20 12:37:06	Name: _uetvid Value: 3b2b5e40dac511ec9e87bb968149117c
chpromotion.com/	1970-01-20 03:16:56	Name: _ltkpdtb Value: 1
.amazon-adsystem.com/	1970-01-20 08:36:37	Name: ad-id Value: A5lO7E8VL0LXnhms5mi8OGM
.amazon-adsystem.com/	1970-01-22 00:01:06	Name: ad-privacy Value: 0
.chpromotion.com/	1970-01-20 05:25:06	Name: _fbp Value: fb.1.1653330117840.1332309774
s1.listrakbi.com/	1970-01-20 03:25:34	Name: AWSALBCORS Value: o/zeTdnV1lYq1l8bKPyulPjaLZemKZLADBxfWRBvJuI5dtfHhWKQKEbrLSSX4zvpQ4Fkk2jvunkofO76vNiKeqxYpeDCVRi+3zzK6k1ZsnrMWwwvi+aPGIFTimsK
.listrakbi.com/	1970-01-20 05:25:06	Name: usid Value: 9b0fe81cd7f745938bb2e59deb48d831
.chpromotion.com/	1970-01-23 18:55:49	Name: GSID3QgckfkNYGiq Value: 1c806f9c-0239-4063-8e54-766abe452bba
.chpromotion.com/	1970-01-20 12:01:06	Name: STSID564543 Value: 5ad0a231-d042-4df1-bf6f-c0871021c594
.agkn.com/	1970-01-20 12:01:06	Name: ab Value: 0001%3AAg%2B2XzD9IIXVthyJHRZWX%2FBcPKe7cPF6
.advertising.com/	1970-01-20 12:02:32	Name: APID Value: UP3b4961f3-dac5-11ec-b133-02869fbfb009
sca1.listrakbi.com/	1970-01-20 03:25:34	Name: AWSALBCORS Value: TZE5llvMW9ngZvqpjsuygoocg70JKcHh/zLLLs3msZz1eiuYZwrokNnEBQeuR+H7/N2D9A7uPhb/KGvSiOH7NsrxAbumUbTTpN6JRL8RMRXajEwhH3U9dI5nscvz
.tremorhub.com/	1970-01-20 12:01:27	Name: tvid Value: 43e87f075ba143f2ab0a1ec13d82ad2f
.tremorhub.com/	1970-01-20 20:47:23	Name: tv_UIAM Value: f037713f533f4b46bc388bb5f8ff4325
.yahoo.com/	1970-01-20 12:01:27	Name: A3 Value: d=AQABBMbQi2ICENcAzMOE8PXT33F2kikyJxcFEgEBAQEijWKVYgAAAAAA_eMAAA&S=AQAAAtKX2w_DBOXteJvwTzLWdWc
.analytics.yahoo.com/	1970-01-20 12:01:06	Name: IDSYNC Value: 17ki~251u
ads.samba.tv/	1970-01-20 12:45:44	Name: sambapxid Value: f69c38079d25a04c
.rubiconproject.com/	1970-01-20 12:01:06	Name: khaos Value: L3J22BQM-1V-EVE5
.bidswitch.net/	1970-01-20 12:01:06	Name: tuuid Value: 631727b1-16fc-4f9e-a87a-6085b0da3ffd
.bidswitch.net/	1970-01-20 12:01:06	Name: c Value: 1653330118
.bidswitch.net/	1970-01-20 12:01:06	Name: tuuid_lu Value: 1653330118
.surveywall-api.survata.com/	1970-01-20 07:40:27	Name: svResp Value: 466ddffb-b061-8bae-9e19-0d644582d681
bs.serving-sys.com/	1969-12-31 23:59:59	Name: r1 Value: 1653330118_1
.serving-sys.com/	1970-01-20 05:25:06	Name: u2 Value: 574b7f98-09d2-413c-89a0-1a3c2f5013124G.090
.adnxs.com/	1970-01-20 05:25:06	Name: uuid2 Value: 1906498781753493678
.semasio.net/	1970-01-20 12:01:06	Name: SEUNCY Value: 522A929774DCC135
at1.listrakbi.com/	1970-01-20 03:25:34	Name: AWSALBCORS Value: q9dH0HanIl9xTeFM4QsrKYz+wV09q/ycCLXaBJlVlYHLW+Lh6D9KyHb9QmLbtH7MlOB2MqGuUFDnMB9x3W3fAQ8wYnOd56dpv3WQK1yJdIfhY2nXcvNaQ8JC4J3x
.taboola.com/	1970-01-20 12:01:06	Name: t_gid Value: e6a45e01-b886-4a8c-b042-2420a4d82f6b-tuct9855646
.ninthdecimal.com/	1970-01-20 07:34:42	Name: ndat Value: LU+0v2KL0MaMywdHE5DcAg==
.exelator.com/	1970-01-20 06:08:18	Name: EE Value: "18e51fec6601ed89b49c2364af5847c4"
.ispot.tv/	1970-01-20 20:46:42	Name: pt Value: v2:c3074ebe6db31f8c9cbda89be74002a5167fc48d4ca9db59222f65d281c50519\|463457fd78a134a043949efc22d963d58124d381635fdb272e86c43a735407fc
.exelator.com/	1970-01-20 06:08:18	Name: ud Value: "eJxrXxzq6XKLQcHQItXUMC012czMwDA1xcIyycQy2cjYzCQxzdTCxDzZZHFZatGCpaXFqSlJh5ZU5JTkNK0uiw91jHdz9PX0iVzullmUmpZfsQIsFuYatMjSYEl%252BUWb6otDgxUUpaQyLSopPBR%252BoFAEAoUwqJw%253D%253D"
.demdex.net/	1970-01-20 07:34:42	Name: demdex Value: 31603385221609099573570862640923504705
.dpm.demdex.net/	1970-01-20 07:34:42	Name: dpm Value: 31603385221609099573570862640923504705
.adsrvr.org/	1970-01-20 12:01:06	Name: TDID Value: 40d09c88-4f38-4ad6-bcd5-1fef784a52f8
shop.pe/	1970-01-21 03:15:30	Name: addshoppers Value: "2\|1:0\|10:1653330118\|11:addshoppers\|44:YTVhNzlkMTZkNmQxNDRjMTk4YmU4MWEzNTc2MWZlZTk=\|e1884f755f77fa9157f9adf5d0b545ff351df698170c54e3648a11350e21c78b"
chpromotion.com/	1970-01-21 03:15:30	Name: addshoppers.com Value: 2%7C1%3A0%7C10%3A1653330118%7C15%3Aaddshoppers.com%7C44%3AYTVhNzlkMTZkNmQxNDRjMTk4YmU4MWEzNTc2MWZlZTk%3D%7Cb73c3cf8142d2682fe5250ca90b4779e60bf5a3e82d64126fbb74975f18202ee
.rubiconproject.com/	1970-01-20 12:01:06	Name: audit Value: 1\|kGINiRnI481FX00UEKBZw22cHD4yyBdpBodZpBPVcYjRuZ+dvyOZuIW0V96/O5PHEedujVHVzcBCbuL7wqM7W1b7+lYqTGSeQS7q4WQ6vbUIA1H+4oqygc0hHeRGPasNJ+FM4dvRTHd/pOe1CWJEfoSn0+I4giw+qF7VFZLzNs+yqVI1k5poNA==
.adsrvr.org/	1970-01-20 12:01:06	Name: TDCPM Value: CAESEgoDYWFtEgsI6M7kg-W83joQBRIXCghhcHBuZXh1cxILCLzt5YPlvN46EAUSFgoHcnViaWNvbhILCLzt5YPlvN46EAUYBSACKAMyCwjoxuew-7zeOhAFOAFCBCICCAFaCHpsOWtmcWgxYAE.
nytrng.com/	1970-01-20 12:01:06	Name: vcnpxid Value: a01984e413da7259757b2dbb2a5d3502
nytrng.com/	1970-01-20 12:01:06	Name: vcnpxst Value: w5p4w5XDlcOmw4HDk8Kfw5LCu8OUw5rClsKIf3HClcKLwqLCn8KnfsKQccKYwoLCj8KOw6LDg8OMwqLDhMOIw47Dm8Oawq3DksKlw4TDhMKRwqbClH_DnA

5 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://chpromotion.com/a/a87/spinner.gif Message: Failed to load resource: the server responded with a status of 404 (Not Found)
javascript	warning	URL: https://chpromotion.com/a/a87/index.php?utm_source=spdlfm&utm_campaign=690430Rate&token=1265061381(Line 938) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://ssl.google-analytics.com/ga.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://chpromotion.com/a/a87/index.php?utm_source=spdlfm&utm_campaign=690430Rate&token=1265061381(Line 938) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://ssl.google-analytics.com/ga.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
security	warning	Message: Error with Permissions-Policy header: Origin trial controlled feature not enabled: 'interest-cohort'.
security	warning	Message: Error with Permissions-Policy header: Origin trial controlled feature not enabled: 'interest-cohort'.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

aa.agkn.com
ads.samba.tv
ads.stickyadstv.com
amazon.partners.tremorhub.com
at1.listrakbi.com
bat.bing.com
beacon.krxd.net
bid.g.doubleclick.net
bs.serving-sys.com
c1.adform.net
cdn.datasteam.io
cdn.listrakbi.com
cdn.nytrng.com
chpromotion.com
cm.g.doubleclick.net
cms.analytics.yahoo.com
connect.facebook.net
d3rr3d0n31t48m.cloudfront.net
dpm.demdex.net
dsum-sec.casalemedia.com
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
ib.adnxs.com
image2.pubmatic.com
image6.pubmatic.com
insight.adsrvr.org
js.adsrvr.org
lciapi.ninthdecimal.com
lm.serving-sys.com
loadus.exelator.com
match.adsrvr.org
mwzeom.zeotap.com
nytrng.com
odr.mookie1.com
pi.ispot.tv
pixel.advertising.com
pixel.rubiconproject.com
px.surveywall-api.survata.com
reliefgiveaway.com
s.amazon-adsystem.com
s1.listrakbi.com
sb.scorecardresearch.com
sca1.listrakbi.com
shop.pe
shopper.shop.pe
ssl.google-analytics.com
ssum-sec.casalemedia.com
stats.g.doubleclick.net
sync.search.spotxchange.com
sync.taboola.com
t.myvisualiq.net
tags.bluekai.com
token.rubiconproject.com
uipglob.semasio.net
ups.analytics.yahoo.com
us-u.openx.net
usermatch.krxd.net
usersync.samplicio.us
uyijknhgtrfgv.tk
www.chwplan.com
www.facebook.com
www.google-analytics.com
www.google.com
www.googleadservices.com
www.googletagmanager.com
www.imdb.com
x.bidswitch.net
100.24.249.189
104.112.13.64
104.18.7.244
104.76.100.229
13.226.39.86
141.226.224.48
142.250.64.66
142.251.40.130
146.20.84.216
151.101.194.132
172.253.63.155
18.67.76.108
185.167.164.43
199.43.206.223
207.99.40.82
2600:1f18:612b:4232:dec:f48c:c120:9a90
2606:4700:10::6816:1957
2607:f8b0:4004:c06::9b
2607:f8b0:4006:808::2008
2607:f8b0:4006:80f::2003
2607:f8b0:4006:816::2002
2607:f8b0:4006:817::200a
2607:f8b0:4006:817::200e
2607:f8b0:4006:81c::2004
2607:f8b0:4006:822::2008
2620:1ec:c11::200
2a03:2880:f012:8:face:b00c:0:1
2a03:2880:f112:83:face:b00c:0:25de
34.199.40.23
34.202.51.59
34.237.81.49
35.168.157.177
35.190.54.17
35.190.90.30
35.211.178.172
35.227.244.1
35.244.159.8
35.71.131.137
45.79.180.191
50.16.197.56
50.57.31.206
52.205.48.68
52.35.169.226
52.44.124.195
52.46.154.242
52.85.136.118
52.85.61.181
52.85.61.5
52.85.61.80
52.85.61.98
54.152.83.91
54.175.87.114
54.89.130.42
63.251.28.218
68.67.179.89
69.12.8.74
69.173.151.100
75.2.91.175
76.13.32.147
8.28.7.81
8.28.7.83
99.84.43.9
0102972fe8f1a8b32988dd127323e542ea30dd78ecb227d66b2babd03ae05d2d
074c500fe2cd7dd99663264980f39d9e8782798ea7d72941575c1c6b8f2da441
0e87a1cbe106e401c305a8a3a20573b43fd9af49b2ab7cb18fab46727c854cf5
105a51defb00f2c0ee11596279532e30d9d7ddd15c8e10d9fe9c067f6488e180
10bef3f85822237893d33ac7eed079f59191bf1457d08309401afc43a1902d50
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f
14f448c6f86d6fcdc59350fe3800e85ecc2433fad4349810c5769ae83f5d7b73
28b08132faf772ccb6b98ecfb02a099582c5823b27e13c5c663e0142de89d634
2e90140bd140068c2e28826d099fefe3bc2e6846f5cb8815adb432ae69c24db8
2f1845bbfae329f2324f1e1488afd5546eea7973e543028a6a9c1da6634edad3
342f64eee8020ed8ccd8c957c7c3442acc3fd585a200470edfcd199549a1eae9
380ef284cc9c44f82f786f246a822011a779932c9cd2ee34c451182ec2952468
38592f817b8253b51a6d5af2e13899c300fe3f63b2ff48c232b69a5f266a5bab
4232bfc361428db2b41388110226fc1ff5e49ae6969c13e4cb288ef3e67f51fa
4540fe3d85b175ac7c0272025c164aee14f38b34d5515d35591fe752eeab7780
46379eb0bd80c92e018c5b62bea3b9d44696ea903fae48189c547d751b11531d
52b860bf171d4c3ddb8c50fe9b1cf48cd6337c07f0b111788d7ba34aad733299
540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441
55b90523aabe14478d4e85de11038ffe927f92a520b2ff59907f5a6755f0df8f
56bd13291e337ee24a5d6120a2d69b291a03ff19253f5b68e52f383fc3f94196
5b9d29659c696ec7851223b2443432b062936dce25c3676114cf6122e226fdca
6068f86ff5e6d3a3e100e95fd0ab03a5fb9ebfca9386b2c0ee131361a62526c2
688aa4443fd103dd4eba9512fbd4a0ff2c47b8ebbd4b8c8d4aaef45f4e4f48b0
6a3e8569cdb67ea0a9b9d936f6abe68a0a2c70e893de739bcf7d0c85348c7793
6d97fccd01135ed97a465ce2d65e3d5993c7b240b06a7638b3fec90424f6252a
79270dfeec80a9831db892c6afa6203afcfcbe58fb78d76c6b610b9b79a45739
7ae6c41aba04348beec4616896c1ec70818ff4ef07de46269894e1a4b61b9697
7b6c943590df9e461e2adfe68415516a830f5852f730b64c98df61e4a3c044ea
7c00752ce82d6abaed0b9766d35b906b16675facdbe24115b410d1fab975effa
7d054245a4320f88475d232901aa17263f6dbbc65b0acf4775a67f3f31cb7d08
7f653b3ce9d3277457fc6da4edb246ae2f6c913f088c42dcb8cd2e96267aa21a
81a3487cf49a66c946a642f19c8f0a0d0484c49958d22f13d803f148f635039d
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
8540c5e2d2e85cc6c5d46b1b06b7f6642dce39e0314299a08976cfe6053c7c52
86e18cf3981b72fe61a6a8282aeeaf3bb837533e73e155fd83806950f02aa05c
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
90dc1edaca43e2e886e6e556485fa4f2d9bbb86193f9d8d6b3b1b5b087bb140c
93f6ce56be9b5d1cc8f0462801eebf1f4612ed1c5e9e0a389072c7b3fabee5b7
970bcddca2dbc2f985da2a8cc8b5a5e2a475bf09c5e6ae9489924fbd890c7b05
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a4394c795c4144177ff8bb4d0cedfd77bdd7a05d49f5546838010e795d5caf77
a870f4251ca8eac5e4015c340d7403488b20d47e12127b928b8c2e4420c5abd6
acbe6770b0fc8b621a9d4f7068b241fb403fe999ea33270931ee59ec4cfdf3f1
bc1f719ad8a9fb36c5f164463ae53ad79a27e84143b027da42c6ee08021ff399
bd656b0911458566cbd5a9dc5966626bcb9e5b4c89f8b9b6ae57dc166a5e0e14
c151a7e68aedc7bd4d84cb2096e92ee2f055c16be01c2ba027acd38b6cc9d52a
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
d1c4aa4fc27ca65d42b693b60f19546c4a50c002394c364dbbef45710858df7a
d3573cda52041247cfe2bec3dd48b363196a581a5aa0686f6cd74a5f96bb090f
d3f142b7489acd6e7edbf1ebee7c225919ce5195aa3417dbd7addf0b5fc1efe4
d49d2a6dc89c60b16d37b5c050c401a95e54b48865c33518d11aa49f4aef01aa
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
dea7e272d1cfdbc2c75c1ba73701423481ad035448bdcff0020490df1a486f18
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e
ec286d9204d650f3688680ab7df9b05406c4baddb997cf762d2fedd7b5084365
edd03ab3a1f8f4fee1f13400764eaa7de9b4ec3da31a2de7f2a5a40e2ea181a7
ee3a7301fe1e0c0f6bf6acff0d7a8d107f5cb3f62a2566740c0416d8e61f00b9
ee5e6f24e63a934667e065cf35fa4cdb9a1ec3391da17621c3994fdb63bb82ea
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f30bf2284e7872587d6aa890cc2611f01e4be6a2fcfdc0003d63c6fa137745c7
f3a974df6314eccf6bafadf8a8008e1b9c5e4686688f862c6a4e866f20725d72
f3ba765abecf7206d73b8a9df910a3447c542b54008bd11c69e87b698da4bc9f
f48f72962227d5462b26af6047aa112b3640126b6d1c49c72d672d315189100c
f6d7e9dafd1ec463ecd0c6b20f170400dd15afe81c71dea50771550df2f83ffc
f9e67f3474ec0a002f4aebf1ea2b7e97d23e4c60f7266283b78a17483d0fa8c3

chpromotion.com Open in urlscan Pro 146.20.84.216 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Community Verdicts: Malicious — 6 votes Show Verdicts

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

113 Requests

67 %HTTPS

21 %IPv6

51 Domains

68 Subdomains

32 IPs

3 Countries

2909 kBTransfer

3490 kBSize

60 Cookies

3 Outgoing links

Page URL History

Redirected requests

113 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

chpromotion.com Open in urlscan Pro
146.20.84.216 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

113
Requests

67 %
HTTPS

21 %
IPv6

51
Domains

68
Subdomains

32
IPs

3
Countries

2909 kB
Transfer

3490 kB
Size

60
Cookies

113 HTTP transactions
0 data transactions