travel.northeast.aaa.com Open in urlscan Pro
184.72.128.159 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://travel.northeast.aaa.com/trip/sKHVj7O3RAWhevDLVmXnGw/consumer/booking?tst_email=confirmation&utm_source=conf_email&utm_me...
Submission: On December 11 via api (December 11th 2022, 10:58:58 pm UTC) from CH — Scanned from DE

Summary HTTP 186 Redirects Links 3 Behaviour Indicators

Summary

This website contacted 65 IPs in 8 countries across 54 domains to perform 186 HTTP transactions. The main IP is 184.72.128.159, located in Ashburn, United States and belongs to AMAZON-AES, US. The main domain is travel.northeast.aaa.com. The Cisco Umbrella rank of the primary domain is 374887.
TLS certificate: Issued by Trustwave Organization Validation SHA... on June 6th 2022. Valid for: a year.

This is the only time travel.northeast.aaa.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
3 24	184.72.128.159 184.72.128.159	14618 (AMAZON-AES) (AMAZON-AES)
1	2a00:1450:400... 2a00:1450:4001:803::200a	15169 (GOOGLE) (GOOGLE)
5	52.217.199.16 52.217.199.16	16509 (AMAZON-02) (AMAZON-02)
10	2a02:26f0:350... 2a02:26f0:3500:587::1e80	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	45.60.154.98 45.60.154.98	19551 (INCAPSULA) (INCAPSULA)
3	34.232.6.3 34.232.6.3	14618 (AMAZON-AES) (AMAZON-AES)
2	13.224.189.127 13.224.189.127	16509 (AMAZON-02) (AMAZON-02)
1	13.225.84.99 13.225.84.99	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:806::2002	15169 (GOOGLE) (GOOGLE)
1	2a05:d014:275... 2a05:d014:275:cb01:2c5:838c:1ab7:a223	16509 (AMAZON-02) (AMAZON-02)
2	2a02:6ea0:c70... 2a02:6ea0:c700::19	60068 (CDN77 ^_^) (CDN77 ^_^)
3	2a00:1450:400... 2a00:1450:4001:82b::200e	15169 (GOOGLE) (GOOGLE)
11	2a00:1450:400... 2a00:1450:4001:827::2008	15169 (GOOGLE) (GOOGLE)
11	34.251.90.149 34.251.90.149	16509 (AMAZON-02) (AMAZON-02)
1	34.120.253.250 34.120.253.250	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	13.225.84.152 13.225.84.152	16509 (AMAZON-02) (AMAZON-02)
1	96.16.147.243 96.16.147.243	16625 (AKAMAI-AS) (AKAMAI-AS)
4	45.60.64.121 45.60.64.121	19551 (INCAPSULA) (INCAPSULA)
1	2001:4de0:ac1... 2001:4de0:ac18::1:a:2b	20446 (STACKPATH...) (STACKPATH-CDN)
4	2a00:1450:400... 2a00:1450:4001:808::2002	15169 (GOOGLE) (GOOGLE)
1	52.209.194.100 52.209.194.100	16509 (AMAZON-02) (AMAZON-02)
3	13.36.218.177 13.36.218.177	16509 (AMAZON-02) (AMAZON-02)
1 1	46.137.71.247 46.137.71.247	16509 (AMAZON-02) (AMAZON-02)
1	3.248.2.215 3.248.2.215	16509 (AMAZON-02) (AMAZON-02)
2	2600:1901:0:7... 2600:1901:0:7a0b::	15169 (GOOGLE) (GOOGLE)
8 9	151.101.130.49 151.101.130.49	54113 (FASTLY) (FASTLY)
2	2a00:1450:400... 2a00:1450:400c:c04::9c	15169 (GOOGLE) (GOOGLE)
4 13	2a00:1450:400... 2a00:1450:4001:829::2002	15169 (GOOGLE) (GOOGLE)
2	2606:4700:10:... 2606:4700:10::ac43:aac	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4 16	2a00:1450:400... 2a00:1450:4001:82f::2004	15169 (GOOGLE) (GOOGLE)
15	2a00:1450:400... 2a00:1450:4001:82b::2003	15169 (GOOGLE) (GOOGLE)
1	2001:4860:480... 2001:4860:4802:34::36	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80f::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:829::2001	15169 (GOOGLE) (GOOGLE)
2	2a03:2880:f01... 2a03:2880:f01c:216:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
1	142.250.186.98 142.250.186.98	15169 (GOOGLE) (GOOGLE)
1	2a02:26f0:350... 2a02:26f0:3500:16::215:14a0	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1 1	185.29.132.241 185.29.132.241	30419 (MEDIAMATH...) (MEDIAMATH-INC)
2	2600:9000:20e... 2600:9000:20eb:ee00:2:53b2:240:93a1	16509 (AMAZON-02) (AMAZON-02)
3 3	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	13.107.42.14 13.107.42.14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
5	34.98.72.95 34.98.72.95	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2 2	3.75.169.179 3.75.169.179	16509 (AMAZON-02) (AMAZON-02)
5	2620:1ec:c11:... 2620:1ec:c11::200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	13.224.189.4 13.224.189.4	16509 (AMAZON-02) (AMAZON-02)
3	2a03:2880:f11... 2a03:2880:f11c:8083:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1	34.117.96.210 34.117.96.210	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	34.149.149.159 34.149.149.159	15169 (GOOGLE) (GOOGLE)
1	35.190.127.230 35.190.127.230	15169 (GOOGLE) (GOOGLE)
2	35.244.174.68 35.244.174.68	15169 (GOOGLE) (GOOGLE)
1 1	2001:678:cb4:... 2001:678:cb4:bbbb::13	56396 (AMOBEE) (AMOBEE)
1	2606:4700:10:... 2606:4700:10::6816:38f5	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6812:16ea	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	52.223.40.198 52.223.40.198	16509 (AMAZON-02) (AMAZON-02)
1 1	3.127.178.105 3.127.178.105	16509 (AMAZON-02) (AMAZON-02)
1 1	212.82.100.182 212.82.100.182	34010 (YAHOO-IRD) (YAHOO-IRD)
4	2a00:1450:400... 2a00:1450:4001:82b::2002	15169 (GOOGLE) (GOOGLE)
2 3	23.44.78.119 23.44.78.119	16625 (AKAMAI-AS) (AKAMAI-AS)
3	2a00:1450:400... 2a00:1450:4001:806::2001	15169 (GOOGLE) (GOOGLE)
1	34.107.191.194 34.107.191.194	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	54.224.247.129 54.224.247.129	14618 (AMAZON-AES) (AMAZON-AES)
2 2	13.225.78.101 13.225.78.101	16509 (AMAZON-02) (AMAZON-02)
1	34.111.8.32 34.111.8.32	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	34.102.193.48 34.102.193.48	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	52.19.187.82 52.19.187.82	16509 (AMAZON-02) (AMAZON-02)
1	142.250.185.162 142.250.185.162	15169 (GOOGLE) (GOOGLE)
1	69.173.144.138 69.173.144.138	26667 (RUBICONPR...) (RUBICONPROJECT)
1 2	185.80.39.216 185.80.39.216	27381 (CASALE-MEDIA) (CASALE-MEDIA)
1 2	37.252.171.21 37.252.171.21	29990 (ASN-APPNEX) (ASN-APPNEX)
1	35.244.159.8 35.244.159.8	15169 (GOOGLE) (GOOGLE)
1	185.64.189.110 185.64.189.110	62713 (AS-PUBMATIC) (AS-PUBMATIC)
1 2	185.94.180.126 185.94.180.126	35220 (SPOTX-AMS) (SPOTX-AMS)
1 1	18.202.191.241 18.202.191.241	16509 (AMAZON-02) (AMAZON-02)
2 2	52.30.188.40 52.30.188.40	16509 (AMAZON-02) (AMAZON-02)
1 1	44.195.94.142 44.195.94.142	14618 (AMAZON-AES) (AMAZON-AES)
186	65

24 184.72.128.159 (Ashburn, United States) 3 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-184-72-128-159.compute-1.amazonaws.com

travel.northeast.aaa.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
assets.tstllc.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:803::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 52.217.199.16 (Ashburn, United States)

ASN16509 (AMAZON-02, US)
PTR: s3-1.amazonaws.com

s3.amazonaws.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a02:26f0:3500:587::1e80 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

assets.adobedtm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 45.60.154.98 (United States)

ASN19551 (INCAPSULA, US)

nm.northeast.aaa.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 34.232.6.3 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-232-6-3.compute-1.amazonaws.com

assets.blue.kube.tstllc.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.224.189.127 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-189-127.fra2.r.cloudfront.net

web-assets.tstllc.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.225.84.99 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-225-84-99.fra2.r.cloudfront.net

d1taxzywhomyrl.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:806::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a05:d014:275:cb01:2c5:838c:1ab7:a223 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)

www.fullstory.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:6ea0:c700::19 (Frankfurt am Main, Germany)

ASN60068 (CDN77 ^_^, GB)

rec.smartlook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:82b::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2a00:1450:4001:827::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 34.251.90.149 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-251-90-149.eu-west-1.compute.amazonaws.com

dpm.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.120.253.250 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 250.253.120.34.bc.googleusercontent.com

tag.wknd.ai	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.225.84.152 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-225-84-152.fra2.r.cloudfront.net

d2wy8f7a9ursnm.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 96.16.147.243 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a96-16-147-243.deploy.static.akamaitechnologies.com

www.everestjs.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 45.60.64.121 (United States)

ASN19551 (INCAPSULA, US)

www.aaa.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4de0:ac18::1:a:2b (Netherlands)

ASN20446 (STACKPATH-CDN, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:808::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.209.194.100 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-209-194-100.eu-west-1.compute.amazonaws.com

aaanortheast.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 13.36.218.177 (Paris, France)

ASN16509 (AMAZON-02, US)
PTR: ec2-13-36-218-177.eu-west-3.compute.amazonaws.com

mcdmetrics.aaa.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adobedc.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 46.137.71.247 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-46-137-71-247.eu-west-1.compute.amazonaws.com

cm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.248.2.215 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-248-2-215.eu-west-1.compute.amazonaws.com

mcdmetrics2.aaa.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:1901:0:7a0b:: (Kansas City, United States)

ASN15169 (GOOGLE, US)

sessions.bugsnag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 151.101.130.49 (United States) 8 redirects

ASN54113 (FASTLY, US)

lasteventf-tm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
sync-tm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400c:c04::9c (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 2a00:1450:4001:829::2002 (Frankfurt am Main, Germany) 4 redirects

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:10::ac43:aac (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.inspectlet.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
hn.inspectlet.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 2a00:1450:4001:82f::2004 (Frankfurt am Main, Germany) 4 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 2a00:1450:4001:82b::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:829::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

b0f1e222212d38141686220c8720529a.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f01c:216:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.186.98 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s06-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:3500:16::215:14a0 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.29.132.241 (United Kingdom) 1 redirects

ASN30419 (MEDIAMATH-INC, US)

sync.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:20eb:ee00:2:53b2:240:93a1 (United States)

ASN16509 (AMAZON-02, US)

cdn.linkedin.oribi.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:1ec:21::14 (United States) 3 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.107.42.14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px4.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 34.98.72.95 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 95.72.98.34.bc.googleusercontent.com

assets.bounceexchange.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.75.169.179 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-75-169-179.eu-central-1.compute.amazonaws.com

pm.w55c.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2620:1ec:c11::200 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.224.189.4 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-189-4.fra2.r.cloudfront.net

cdn.pbbl.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a03:2880:f11c:8083:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.117.96.210 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 210.96.117.34.bc.googleusercontent.com

data.cdnbasket.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.149.149.159 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 159.149.149.34.bc.googleusercontent.com

page.cdnbasket.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.190.127.230 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 230.127.190.35.bc.googleusercontent.com

view.cdnbasket.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.244.174.68 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 68.174.244.35.bc.googleusercontent.com

idsync.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:678:cb4:bbbb::13 (United Kingdom) 1 redirects

ASN56396 (AMOBEE, GB)

d.turn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:10::6816:38f5 (United States)

ASN13335 (CLOUDFLARENET, US)

hn.inspectlet.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:16ea (United States)

ASN13335 (CLOUDFLARENET, US)

idpix.media6degrees.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.223.40.198 (United States)

ASN16509 (AMAZON-02, US)
PTR: a6370ebea231e0c9a.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.127.178.105 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-127-178-105.eu-central-1.compute.amazonaws.com

ps.eyeota.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 212.82.100.182 (Dublin, Ireland) 1 redirects

ASN34010 (YAHOO-IRD, GB)
PTR: spcms.pbp.vip.ir2.yahoo.com

cms.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:82b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 23.44.78.119 (Frankfurt am Main, Germany) 2 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a23-44-78-119.deploy.static.akamaitechnologies.com

px.owneriq.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:806::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.107.191.194 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 194.191.107.34.bc.googleusercontent.com

ids.cdnwidget.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.224.247.129 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-224-247-129.compute-1.amazonaws.com

usersync.videoamp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.225.78.101 (United States) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: server-13-225-78-101.fra2.r.cloudfront.net

ads.scorecardresearch.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.111.8.32 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 32.8.111.34.bc.googleusercontent.com

api.bounceexchange.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.102.193.48 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 48.193.102.34.bc.googleusercontent.com

e.cdnwidget.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.19.187.82 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-19-187-82.eu-west-1.compute.amazonaws.com

sync.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.185.162 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s51-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.173.144.138 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.80.39.216 (Canada) 1 redirects

ASN27381 (CASALE-MEDIA, CA)

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 37.252.171.21 (Frankfurt am Main, Germany) 1 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.244.159.8 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 8.159.244.35.bc.googleusercontent.com

us-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.64.189.110 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)

image2.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.94.180.126 (Amsterdam, Netherlands) 1 redirects

ASN35220 (SPOTX-AMS, US)

sync.search.spotxchange.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.202.191.241 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-202-191-241.eu-west-1.compute.amazonaws.com

g2.gumgum.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.30.188.40 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-30-188-40.eu-west-1.compute.amazonaws.com

match.prod.bidr.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 44.195.94.142 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-44-195-94-142.compute-1.amazonaws.com

sync.srv.stackadapt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
32	aaa.com 2 redirects travel.northeast.aaa.com — Cisco Umbrella Rank: 374887 nm.northeast.aaa.com — Cisco Umbrella Rank: 335784 www.aaa.com — Cisco Umbrella Rank: 50726 mcdmetrics.aaa.com — Cisco Umbrella Rank: 248541 mcdmetrics2.aaa.com — Cisco Umbrella Rank: 239457	3 MB
19	doubleclick.net 4 redirects securepubads.g.doubleclick.net — Cisco Umbrella Rank: 193 stats.g.doubleclick.net — Cisco Umbrella Rank: 81 googleads.g.doubleclick.net — Cisco Umbrella Rank: 34 cm.g.doubleclick.net — Cisco Umbrella Rank: 215	141 KB
17	google.com 4 redirects www.google.com — Cisco Umbrella Rank: 2 adservice.google.com — Cisco Umbrella Rank: 72	2 KB
16	google.de www.google.de — Cisco Umbrella Rank: 7952 adservice.google.de — Cisco Umbrella Rank: 11832	2 KB
13	demdex.net dpm.demdex.net — Cisco Umbrella Rank: 206 aaanortheast.demdex.net — Cisco Umbrella Rank: 289379 adobedc.demdex.net — Cisco Umbrella Rank: 9738	18 KB
11	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 47	827 KB
10	everesttech.net 9 redirects cm.everesttech.net — Cisco Umbrella Rank: 1046 lasteventf-tm.everesttech.net — Cisco Umbrella Rank: 6789 sync-tm.everesttech.net — Cisco Umbrella Rank: 572	2 KB
10	adobedtm.com assets.adobedtm.com — Cisco Umbrella Rank: 487	173 KB
8	googlesyndication.com b0f1e222212d38141686220c8720529a.safeframe.googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 103 tpc.googlesyndication.com — Cisco Umbrella Rank: 139	42 KB
6	bounceexchange.com assets.bounceexchange.com — Cisco Umbrella Rank: 1902 api.bounceexchange.com — Cisco Umbrella Rank: 2158	143 KB
6	tstllc.net 1 redirects assets.tstllc.net assets.blue.kube.tstllc.net web-assets.tstllc.net — Cisco Umbrella Rank: 438857	56 KB
5	bing.com bat.bing.com — Cisco Umbrella Rank: 373	12 KB
5	amazonaws.com s3.amazonaws.com	513 KB
4	linkedin.com 3 redirects px.ads.linkedin.com — Cisco Umbrella Rank: 372 www.linkedin.com — Cisco Umbrella Rank: 643 px4.ads.linkedin.com — Cisco Umbrella Rank: 6944	3 KB
4	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 28 region1.google-analytics.com — Cisco Umbrella Rank: 3983	21 KB
3	owneriq.net 2 redirects px.owneriq.net — Cisco Umbrella Rank: 899	1 KB
3	cdnbasket.net data.cdnbasket.net — Cisco Umbrella Rank: 3819 page.cdnbasket.net — Cisco Umbrella Rank: 3821 view.cdnbasket.net — Cisco Umbrella Rank: 3823	1014 B
3	facebook.com www.facebook.com — Cisco Umbrella Rank: 113	273 B
3	inspectlet.com cdn.inspectlet.com — Cisco Umbrella Rank: 8373 hn.inspectlet.com — Cisco Umbrella Rank: 8420	63 KB
2	bidr.io 2 redirects match.prod.bidr.io — Cisco Umbrella Rank: 476	1 KB
2	spotxchange.com 1 redirects sync.search.spotxchange.com — Cisco Umbrella Rank: 592	1 KB
2	adnxs.com 1 redirects ib.adnxs.com — Cisco Umbrella Rank: 218	2 KB
2	casalemedia.com 1 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 507	1 KB
2	scorecardresearch.com 2 redirects ads.scorecardresearch.com — Cisco Umbrella Rank: 2253	600 B
2	cdnwidget.com ids.cdnwidget.com — Cisco Umbrella Rank: 2992 e.cdnwidget.com — Cisco Umbrella Rank: 9808	306 B
2	rlcdn.com idsync.rlcdn.com — Cisco Umbrella Rank: 335	107 B
2	w55c.net 2 redirects pm.w55c.net — Cisco Umbrella Rank: 718	1 KB
2	oribi.io cdn.linkedin.oribi.io — Cisco Umbrella Rank: 887	373 B
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 152	112 KB
2	bugsnag.com sessions.bugsnag.com — Cisco Umbrella Rank: 731	35 B
2	smartlook.com rec.smartlook.com — Cisco Umbrella Rank: 22088	17 KB
2	cloudfront.net d1taxzywhomyrl.cloudfront.net d2wy8f7a9ursnm.cloudfront.net	58 KB
1	stackadapt.com 1 redirects sync.srv.stackadapt.com — Cisco Umbrella Rank: 692	556 B
1	gumgum.com 1 redirects g2.gumgum.com — Cisco Umbrella Rank: 1310	260 B
1	pubmatic.com image2.pubmatic.com — Cisco Umbrella Rank: 882	452 B
1	openx.net us-u.openx.net — Cisco Umbrella Rank: 395	273 B
1	rubiconproject.com pixel.rubiconproject.com — Cisco Umbrella Rank: 321	239 B
1	crwdcntrl.net sync.crwdcntrl.net — Cisco Umbrella Rank: 752	265 B
1	videoamp.com usersync.videoamp.com — Cisco Umbrella Rank: 11060	79 B
1	yahoo.com 1 redirects cms.analytics.yahoo.com — Cisco Umbrella Rank: 869	677 B
1	eyeota.net 1 redirects ps.eyeota.net — Cisco Umbrella Rank: 949	418 B
1	adsrvr.org match.adsrvr.org — Cisco Umbrella Rank: 323	265 B
1	media6degrees.com idpix.media6degrees.com — Cisco Umbrella Rank: 1833	205 B
1	turn.com 1 redirects d.turn.com — Cisco Umbrella Rank: 1154	402 B
1	pbbl.co cdn.pbbl.co — Cisco Umbrella Rank: 7764
1	mathtag.com 1 redirects sync.mathtag.com — Cisco Umbrella Rank: 447	683 B
1	licdn.com snap.licdn.com — Cisco Umbrella Rank: 742	5 KB
1	googleadservices.com www.googleadservices.com — Cisco Umbrella Rank: 171	17 KB
1	jquery.com code.jquery.com — Cisco Umbrella Rank: 687	29 KB
1	everestjs.net www.everestjs.net — Cisco Umbrella Rank: 6130	3 KB
1	wknd.ai tag.wknd.ai — Cisco Umbrella Rank: 4714	4 KB
1	fullstory.com www.fullstory.com — Cisco Umbrella Rank: 24072
1	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 192	27 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 37	1 KB
186	54

	Domain	Requested by
23	travel.northeast.aaa.com	2 redirects travel.northeast.aaa.com d2wy8f7a9ursnm.cloudfront.net
16	www.google.com	4 redirects travel.northeast.aaa.com tpc.googlesyndication.com
15	www.google.de	travel.northeast.aaa.com
13	googleads.g.doubleclick.net	4 redirects www.googletagmanager.com www.googleadservices.com
11	dpm.demdex.net	assets.adobedtm.com travel.northeast.aaa.com
11	www.googletagmanager.com	travel.northeast.aaa.com assets.adobedtm.com www.googletagmanager.com
10	assets.adobedtm.com	travel.northeast.aaa.com assets.adobedtm.com
8	sync-tm.everesttech.net	8 redirects
5	bat.bing.com	www.googletagmanager.com bat.bing.com travel.northeast.aaa.com
5	assets.bounceexchange.com	tag.wknd.ai assets.bounceexchange.com
5	s3.amazonaws.com	travel.northeast.aaa.com s3.amazonaws.com
4	pagead2.googlesyndication.com	cdn.inspectlet.com tpc.googlesyndication.com
4	www.aaa.com	assets.adobedtm.com
3	tpc.googlesyndication.com	securepubads.g.doubleclick.net tpc.googlesyndication.com
3	px.owneriq.net	2 redirects
3	www.facebook.com	travel.northeast.aaa.com
3	securepubads.g.doubleclick.net	www.googletagservices.com securepubads.g.doubleclick.net
3	www.google-analytics.com	travel.northeast.aaa.com www.google-analytics.com
3	assets.blue.kube.tstllc.net	travel.northeast.aaa.com
2	match.prod.bidr.io	2 redirects
2	sync.search.spotxchange.com	1 redirects
2	ib.adnxs.com	1 redirects
2	dsum-sec.casalemedia.com	1 redirects
2	ads.scorecardresearch.com	2 redirects
2	idsync.rlcdn.com	travel.northeast.aaa.com
2	hn.inspectlet.com	cdn.inspectlet.com
2	pm.w55c.net	2 redirects
2	px.ads.linkedin.com	2 redirects
2	cdn.linkedin.oribi.io	snap.licdn.com
2	connect.facebook.net	travel.northeast.aaa.com connect.facebook.net
2	stats.g.doubleclick.net	www.google-analytics.com
2	sessions.bugsnag.com	d2wy8f7a9ursnm.cloudfront.net
2	mcdmetrics.aaa.com	assets.adobedtm.com
2	rec.smartlook.com	travel.northeast.aaa.com rec.smartlook.com
2	web-assets.tstllc.net	travel.northeast.aaa.com
2	nm.northeast.aaa.com	travel.northeast.aaa.com
1	sync.srv.stackadapt.com	1 redirects
1	g2.gumgum.com	1 redirects
1	image2.pubmatic.com
1	us-u.openx.net
1	pixel.rubiconproject.com
1	cm.g.doubleclick.net
1	sync.crwdcntrl.net
1	e.cdnwidget.com
1	api.bounceexchange.com	assets.bounceexchange.com
1	usersync.videoamp.com
1	ids.cdnwidget.com	cdn.inspectlet.com
1	cms.analytics.yahoo.com	1 redirects
1	ps.eyeota.net	1 redirects
1	match.adsrvr.org	travel.northeast.aaa.com
1	idpix.media6degrees.com	travel.northeast.aaa.com
1	d.turn.com	1 redirects
1	view.cdnbasket.net	cdn.inspectlet.com
1	page.cdnbasket.net	cdn.inspectlet.com
1	data.cdnbasket.net	cdn.inspectlet.com
1	cdn.pbbl.co	travel.northeast.aaa.com
1	adobedc.demdex.net	assets.adobedtm.com
1	px4.ads.linkedin.com	travel.northeast.aaa.com
1	www.linkedin.com	1 redirects
1	sync.mathtag.com	1 redirects
1	snap.licdn.com	travel.northeast.aaa.com
1	www.googleadservices.com	assets.adobedtm.com
1	b0f1e222212d38141686220c8720529a.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
1	adservice.google.com	securepubads.g.doubleclick.net
1	adservice.google.de	securepubads.g.doubleclick.net
1	region1.google-analytics.com	www.googletagmanager.com
1	cdn.inspectlet.com	travel.northeast.aaa.com
1	lasteventf-tm.everesttech.net	www.everestjs.net
1	mcdmetrics2.aaa.com	assets.adobedtm.com
1	cm.everesttech.net	1 redirects
1	aaanortheast.demdex.net	assets.adobedtm.com
1	code.jquery.com	assets.adobedtm.com
1	www.everestjs.net	assets.adobedtm.com
1	d2wy8f7a9ursnm.cloudfront.net	assets.adobedtm.com
1	tag.wknd.ai	travel.northeast.aaa.com
1	www.fullstory.com	travel.northeast.aaa.com
1	www.googletagservices.com	travel.northeast.aaa.com
1	d1taxzywhomyrl.cloudfront.net	travel.northeast.aaa.com
1	assets.tstllc.net	1 redirects
1	fonts.googleapis.com	travel.northeast.aaa.com
186	80

This site contains links to these domains. Also see Links.

Domain
northeast.aaa.com
api.arrivalguides.com
tourbook.aaa.com

Subject Issuer	Validity	Valid
cruises.northeast.aaa.com Trustwave Organization Validation SHA256 CA, Level 1	`2022-06-06` - `2023-07-05`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2022-11-07` - `2023-01-30`	3 months	crt.sh
s3.amazonaws.com Amazon	`2022-04-01` - `2023-03-30`	a year	crt.sh
assets.adobedtm.com DigiCert TLS RSA SHA256 2020 CA1	`2022-07-19` - `2023-08-19`	a year	crt.sh
*.northeast.aaa.com Trustwave Organization Validation SHA256 CA, Level 1	`2022-01-03` - `2023-01-27`	a year	crt.sh
*.tstllc.net Go Daddy Secure Certificate Authority - G2	`2022-06-29` - `2023-07-31`	a year	crt.sh
*.cloudfront.net Amazon	`2022-02-01` - `2023-01-31`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-11-07` - `2023-01-30`	3 months	crt.sh
bionic.fullstory.com R3	`2022-11-05` - `2023-02-03`	3 months	crt.sh
1610534878.rsc.cdn77.org R3	`2022-11-02` - `2023-01-31`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-11-07` - `2023-01-30`	3 months	crt.sh
*.demdex.com DigiCert TLS RSA SHA256 2020 CA1	`2022-09-26` - `2023-10-27`	a year	crt.sh
tag.wknd.ai R3	`2022-11-25` - `2023-02-23`	3 months	crt.sh
www.everestjs.net DigiCert TLS RSA SHA256 2020 CA1	`2022-08-09` - `2023-09-09`	a year	crt.sh
imperva.com GlobalSign Atlas R3 DV TLS CA 2022 Q4	`2022-11-14` - `2023-05-13`	6 months	crt.sh
*.jquery.com Sectigo RSA Domain Validation Secure Server CA	`2022-08-03` - `2023-07-14`	a year	crt.sh
mcdmetrics.aaa.com DigiCert TLS RSA SHA256 2020 CA1	`2022-03-01` - `2023-04-01`	a year	crt.sh
mcdmetrics2.aaa.com DigiCert TLS RSA SHA256 2020 CA1	`2022-03-02` - `2023-03-02`	a year	crt.sh
*.bugsnag.com Sectigo RSA Domain Validation Secure Server CA	`2022-04-26` - `2023-04-26`	a year	crt.sh
*.everesttech.net GlobalSign Atlas R3 DV TLS CA 2022 Q4	`2022-11-07` - `2023-12-09`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-06-17` - `2023-06-17`	a year	crt.sh
www.google.com GTS CA 1C3	`2022-11-07` - `2023-01-30`	3 months	crt.sh
www.google.de GTS CA 1C3	`2022-11-07` - `2023-01-30`	3 months	crt.sh
*.google.de GTS CA 1C3	`2022-11-07` - `2023-01-30`	3 months	crt.sh
*.google.com GTS CA 1C3	`2022-11-07` - `2023-01-30`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2022-09-20` - `2022-12-19`	3 months	crt.sh
www.googleadservices.com GTS CA 1C3	`2022-11-07` - `2023-01-30`	3 months	crt.sh
snap.licdn.com DigiCert SHA2 Secure Server CA	`2022-03-01` - `2023-03-01`	a year	crt.sh
linkedin.oribi.io Amazon	`2022-07-07` - `2023-08-06`	a year	crt.sh
adobedc.demdex.net DigiCert TLS RSA SHA256 2020 CA1	`2022-10-20` - `2023-11-20`	a year	crt.sh
assets.bounceexchange.com GTS CA 1D4	`2022-11-29` - `2023-02-27`	3 months	crt.sh
www.bing.com Microsoft RSA TLS CA 02	`2022-11-25` - `2023-05-25`	6 months	crt.sh
*.pbbl.co Amazon	`2022-10-04` - `2023-11-02`	a year	crt.sh
data.cdnbasket.net GTS CA 1D4	`2022-11-25` - `2023-02-23`	3 months	crt.sh
page.cdnbasket.net GTS CA 1D4	`2022-11-25` - `2023-02-23`	3 months	crt.sh
view.cdnbasket.net GTS CA 1D4	`2022-11-25` - `2023-02-23`	3 months	crt.sh
*.rlcdn.com Sectigo RSA Domain Validation Secure Server CA	`2022-02-03` - `2023-02-25`	a year	crt.sh
dstillery.com Sectigo RSA Domain Validation Secure Server CA	`2022-05-05` - `2023-04-28`	a year	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2022-03-31` - `2023-05-02`	a year	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2022-11-07` - `2023-01-30`	3 months	crt.sh
ids.cdnwidget.com R3	`2022-12-03` - `2023-03-03`	3 months	crt.sh
*.videoamp.com Amazon	`2022-09-06` - `2023-10-04`	a year	crt.sh
*.wunderkind.co R3	`2022-12-11` - `2023-03-11`	3 months	crt.sh
e.cdnwidget.com R3	`2022-11-10` - `2023-02-08`	3 months	crt.sh
*.crwdcntrl.net Go Daddy Secure Certificate Authority - G2	`2022-05-01` - `2023-06-02`	a year	crt.sh

This page contains 6 frames:

Primary Page: https://travel.northeast.aaa.com/trip/sKHVj7O3RAWhevDLVmXnGw/consumer/booking?tst_email=confirmation&utm_source=conf_email&utm_medium=email&utm_campaign=car_insurance
Frame ID: AE0CC2A02F70A06A98E7FD4C57503FA2
Requests: 157 HTTP requests in this frame

Frame: https://aaanortheast.demdex.net/dest5.html?d_nsid=0
Frame ID: 0BFE6B0768518F9A9C87E51902CFDF19
Requests: 25 HTTP requests in this frame

Frame: https://b0f1e222212d38141686220c8720529a.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: B4BD475AC310D445BCABAB8C58AACE1D
Requests: 1 HTTP requests in this frame

Frame: https://assets.bounceexchange.com/assets/bounce/local_storage_frame16.min.html
Frame ID: F33C524B8FC650299D2D1888D29560AE
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 0DD3622A57363AA7C69EF0E694AC0C81
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 3FB9263F20D1039C174C09D6075F7AA2
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Travel Booking

Detected technologies

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

BugSnag (Analytics) Expand

Overall confidence: 100%
Detected patterns

/bugsnag.*\.js

DoubleClick for Publishers (DFP) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googletagservices\.com/tag/js/gpt(?:_mobile)?\.js

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Inspectlet (Analytics) Expand

Overall confidence: 100%
Detected patterns

cdn\.inspectlet\.com

Linkedin Insight Tag (Analytics) Expand

Overall confidence: 100%
Detected patterns

snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

PubMatic (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.pubmatic\.com

Rubicon Project (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.rubiconproject\.com

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

186
Requests

85 %
HTTPS

39 %
IPv6

54
Domains

80
Subdomains

65
IPs

8
Countries

5287 kB
Transfer

15512 kB
Size

79
Cookies

3 Outgoing links

These are links going to different origins than the main page.

URL: https://northeast.aaa.com/travel/plan-your-trip/travel-insurance.html
Title: Insurance

Search URL Search Domain Scan URL

URL: https://api.arrivalguides.com/EN/Dynamic/Download?dest=DENVER&partner=tst&lang=EN

Search URL Search Domain Scan URL

URL: https://tourbook.aaa.com/?utm_source=TST&utm_medium=Email&utm_term=Confirmation&utm_content=TST-Confirmation-Email&utm_campaign=DTB

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 10

https://assets.tstllc.net/resources/acp/images/wss-4CAAA.png HTTP 303
https://assets.blue.kube.tstllc.net/resources/acp/images/wss-4CAAA.png

Request Chain 11

https://travel.northeast.aaa.com/car/assets/images/vendorLogos/hertz.png HTTP 302
https://assets.blue.kube.tstllc.net/images/car/vendorLogos/hertz.png?url=null%3FcacheBuster%3D0.5256072769268187

Request Chain 12

https://travel.northeast.aaa.com/web-services/assets/images/bx_loader.gif HTTP 302
https://assets.blue.kube.tstllc.net/images/common/bx_loader.gif?url=null%3FcacheBuster%3D0.17608308291500707

Request Chain 48

https://cm.everesttech.net/cm/dd?d_uuid=91328979210809023573138061579162110992 HTTP 302
https://dpm.demdex.net/ibs:dpid=411&dpuuid=Y5ZgrAAAAKSJFwNx

Request Chain 90

https://sync.mathtag.com/sync/img?mt_exid=10004&mt_exuid=91328979210809023573138061579162110992&redir=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D269%26dpuuid%3D[MM_UUID]%26ddsuuid%3d91328979210809023573138061579162110992 HTTP 302
https://dpm.demdex.net/ibs:dpid=269&dpuuid=7ea36396-60ad-4c00-88ba-e5d5a93f14e2&ddsuuid=91328979210809023573138061579162110992

Request Chain 96

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=2021154&time=1670799533388&url=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FsKHVj7O3RAWhevDLVmXnGw%2Fconsumer%2Fbooking%3Ftst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dcar_insurance HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D2021154%26time%3D1670799533388%26url%3Dhttps%253A%252F%252Ftravel.northeast.aaa.com%252Ftrip%252FsKHVj7O3RAWhevDLVmXnGw%252Fconsumer%252Fbooking%253Ftst_email%253Dconfirmation%2526utm_source%253Dconf_email%2526utm_medium%253Demail%2526utm_campaign%253Dcar_insurance%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=2021154&time=1670799533388&url=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FsKHVj7O3RAWhevDLVmXnGw%2Fconsumer%2Fbooking%3Ftst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dcar_insurance&liSync=true HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=2021154&time=1670799533388&url=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FsKHVj7O3RAWhevDLVmXnGw%2Fconsumer%2Fbooking%3Ftst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dcar_insurance&liSync=true&e_ipv6=AQKFHpl9Zw17jwAAAYUDaadMz7H0zVAO9wBTpNPd9jkwBHCwIbaDjIbkMb2es1enhDWvVm4R1gnDjQ

Request Chain 109

https://pm.w55c.net/ping_match.gif?st=dmx&rurl=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D359%26dpuuid%3D_wfivefivec_ HTTP 302
https://pm.w55c.net/ping_match.gif?scc=1&st=dmx&rurl=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D359%26dpuuid%3D_wfivefivec_ HTTP 302
https://dpm.demdex.net/ibs:dpid=359&dpuuid=e5Kaf4RE1P4vhz5

Request Chain 118

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/768643034/?random=1670799533492&cv=11&fst=1670799533492&fmt=3&bg=ffffff&guid=ON&async=1&gtm=2wgbu0&u_w=1600&u_h=1200&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FsKHVj7O3RAWhevDLVmXnGw%2Fconsumer%2Fbooking%3Ftst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dcar_insurance&tiba=Travel%20Booking&auid=540394295.1670799532&uaw=0 HTTP 302
https://www.google.com/pagead/1p-user-list/768643034/?random=1670799533492&cv=11&fst=1670796000000&fmt=3&bg=ffffff&guid=ON&async=1&gtm=2wgbu0&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FsKHVj7O3RAWhevDLVmXnGw%2Fconsumer%2Fbooking%3Ftst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dcar_insurance&tiba=Travel%20Booking&is_vtc=1&random=1538700102 HTTP 302
https://www.google.de/pagead/1p-user-list/768643034/?random=1670799533492&cv=11&fst=1670796000000&fmt=3&bg=ffffff&guid=ON&async=1&gtm=2wgbu0&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FsKHVj7O3RAWhevDLVmXnGw%2Fconsumer%2Fbooking%3Ftst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dcar_insurance&tiba=Travel%20Booking&is_vtc=1&random=1538700102&ipr=y

Request Chain 119

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/969619756/?random=1670799533492&cv=11&fst=1670799533492&fmt=3&bg=ffffff&guid=ON&async=1&gtm=2wgbu0&u_w=1600&u_h=1200&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FsKHVj7O3RAWhevDLVmXnGw%2Fconsumer%2Fbooking%3Ftst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dcar_insurance&tiba=Travel%20Booking&auid=540394295.1670799532&uaw=0 HTTP 302
https://www.google.com/pagead/1p-user-list/969619756/?random=1670799533492&cv=11&fst=1670796000000&fmt=3&bg=ffffff&guid=ON&async=1&gtm=2wgbu0&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FsKHVj7O3RAWhevDLVmXnGw%2Fconsumer%2Fbooking%3Ftst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dcar_insurance&tiba=Travel%20Booking&is_vtc=1&random=525422975 HTTP 302
https://www.google.de/pagead/1p-user-list/969619756/?random=1670799533492&cv=11&fst=1670796000000&fmt=3&bg=ffffff&guid=ON&async=1&gtm=2wgbu0&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FsKHVj7O3RAWhevDLVmXnGw%2Fconsumer%2Fbooking%3Ftst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dcar_insurance&tiba=Travel%20Booking&is_vtc=1&random=525422975&ipr=y

Request Chain 120

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/836762974/?random=1670799533492&cv=11&fst=1670799533492&fmt=3&bg=ffffff&guid=ON&async=1&gtm=2wgbu0&u_w=1600&u_h=1200&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FsKHVj7O3RAWhevDLVmXnGw%2Fconsumer%2Fbooking%3Ftst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dcar_insurance&tiba=Travel%20Booking&auid=540394295.1670799532&uaw=0 HTTP 302
https://www.google.com/pagead/1p-user-list/836762974/?random=1670799533492&cv=11&fst=1670796000000&fmt=3&bg=ffffff&guid=ON&async=1&gtm=2wgbu0&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FsKHVj7O3RAWhevDLVmXnGw%2Fconsumer%2Fbooking%3Ftst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dcar_insurance&tiba=Travel%20Booking&is_vtc=1&random=4113221402 HTTP 302
https://www.google.de/pagead/1p-user-list/836762974/?random=1670799533492&cv=11&fst=1670796000000&fmt=3&bg=ffffff&guid=ON&async=1&gtm=2wgbu0&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FsKHVj7O3RAWhevDLVmXnGw%2Fconsumer%2Fbooking%3Ftst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dcar_insurance&tiba=Travel%20Booking&is_vtc=1&random=4113221402&ipr=y

Request Chain 121

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/933849799/?random=1670799533493&cv=11&fst=1670799533493&fmt=3&bg=ffffff&guid=ON&async=1&gtm=2wgbu0&u_w=1600&u_h=1200&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FsKHVj7O3RAWhevDLVmXnGw%2Fconsumer%2Fbooking%3Ftst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dcar_insurance&tiba=Travel%20Booking&auid=540394295.1670799532&uaw=0 HTTP 302
https://www.google.com/pagead/1p-user-list/933849799/?random=1670799533493&cv=11&fst=1670796000000&fmt=3&bg=ffffff&guid=ON&async=1&gtm=2wgbu0&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FsKHVj7O3RAWhevDLVmXnGw%2Fconsumer%2Fbooking%3Ftst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dcar_insurance&tiba=Travel%20Booking&is_vtc=1&random=1853226135 HTTP 302
https://www.google.de/pagead/1p-user-list/933849799/?random=1670799533493&cv=11&fst=1670796000000&fmt=3&bg=ffffff&guid=ON&async=1&gtm=2wgbu0&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FsKHVj7O3RAWhevDLVmXnGw%2Fconsumer%2Fbooking%3Ftst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dcar_insurance&tiba=Travel%20Booking&is_vtc=1&random=1853226135&ipr=y

Request Chain 152

https://d.turn.com/r/dd/id/L2NzaWQvMS9jaWQvMjM2NTYzMjkvdC8y/url/https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D470%26dpuuid%3D%24!%7BTURN_UUID%7D HTTP 302
https://dpm.demdex.net/ibs:dpid=470&dpuuid=8228637480146854199

Request Chain 159

https://ps.eyeota.net/match?bid=6j5b2cv&uid=91328979210809023573138061579162110992&r=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D30064%26dpuuid%3D%7BUUID_6j5b2cv%7D HTTP 302
https://dpm.demdex.net/ibs:dpid=30064&dpuuid=%7BUUID_6j5b2cv%7D

Request Chain 160

https://cms.analytics.yahoo.com/cms?partner_id=ADOBE&_hosted_id=91328979210809023573138061579162110992&gdpr=0&gdpr_consent= HTTP 302
https://dpm.demdex.net/ibs:dpid=30646?dpuuid=y-lpFKVrRE2pHRY3rGrybuXISWlICOApD3jf8-~A

Request Chain 164

https://px.owneriq.net/eucm/p/adpq?redir=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D53196%26dpuuid%3D(OIQ_UUID) HTTP 302
https://px.owneriq.net/ecc?redir=https%3a%2f%2fdpm.demdex.net%2fibs%3adpid%3d53196%26dpuuid%3dQ7240859341474259538&uid=Q7240859341474259538&ref=%2Feucm%2Fp%2Fadpq HTTP 302
https://px.owneriq.net/noop?ct=image%2Fgif

Request Chain 170

https://ads.scorecardresearch.com/p?c1=9&c2=6034944&c3=2&cs_xi=91328979210809023573138061579162110992&rn=1670799531942&r=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D73426%26dpuuid%3D91328979210809023573138061579162110992 HTTP 302
https://ads.scorecardresearch.com/p2?c1=9&c2=6034944&c3=2&cs_xi=91328979210809023573138061579162110992&rn=1670799531942&r=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D73426%26dpuuid%3D91328979210809023573138061579162110992 HTTP 302
https://dpm.demdex.net/ibs:dpid=73426&dpuuid=91328979210809023573138061579162110992

Request Chain 177

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_push%26google_sc%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_push&google_sc&google_hm=WTVaZ3JBQUFBS1NKRndOeA==

Request Chain 178

https://sync-tm.everesttech.net/upi/pid/btu4jd3a?redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D7941%26nid%3D2243%26put%3D%24%7BUSER_ID%7D%26expires%3D90 HTTP 302
https://pixel.rubiconproject.com/tap.php?v=7941&nid=2243&put=Y5ZgrAAAAKSJFwNx&expires=90

Request Chain 179

https://sync-tm.everesttech.net/upi/pid/ZMAwryCI?redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Frum%3Fcm_dsp_id%3D88%26external_user_id%3D%24%7BTM_USER_ID%7D HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=88&external_user_id=Y5ZgrAAAAKSJFwNx HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=88&external_user_id=Y5ZgrAAAAKSJFwNx&C=1

Request Chain 181

https://sync-tm.everesttech.net/upi/pid/UH6TUt9n?redir=https%3A%2F%2Fib.adnxs.com%2Fsetuid%3Fentity%3D158%26code%3D%24%7BTM_USER_ID%7D HTTP 302
https://ib.adnxs.com/setuid?entity=158&code=Y5ZgrAAAAKSJFwNx HTTP 307
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D158%26code%3DY5ZgrAAAAKSJFwNx

Request Chain 182

https://sync-tm.everesttech.net/upi/pid/ny75r2x0?redir=https%3A%2F%2Fus-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537148856%26val%3D%24%7BTM_USER_ID%7D HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537148856&val=Y5ZgrAAAAKSJFwNx

Request Chain 184

https://sync-tm.everesttech.net/upi/pid/b9pj45k4?redir=https%3A%2F%2Fimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER_ID%7D HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=Y5ZgrAAAAKSJFwNx

Request Chain 185

https://sync-tm.everesttech.net/upi/pid/h0r58thg?redir=https%3A%2F%2Fsync.search.spotxchange.com%2Fpartner%3Fadv_id%3D6409%26uid%3D%24%7BUSER_ID%7D%26img%3D1 HTTP 302
https://sync.search.spotxchange.com/partner?adv_id=6409&uid=Y5ZgrAAAAKSJFwNx&img=1 HTTP 302
https://sync.search.spotxchange.com/partner?adv_id=6409&uid=Y5ZgrAAAAKSJFwNx&img=1&__user_check__=1&sync_id=638d7c69-79a7-11ed-a38c-10ffbde80106

Request Chain 186

https://sync-tm.everesttech.net/upi/pid/r7ifn0SL?redir=https%3A%2F%2Fwww.facebook.com%2Ffr%2Fb.php%3Fp%3D1531105787105294%26e%3D%24%7BTM_USER_ID%7D%26t%3D2592000%26o%3D0 HTTP 302
https://www.facebook.com/fr/b.php?p=1531105787105294&e=Y5ZgrAAAAKSJFwNx&t=2592000&o=0

Request Chain 187

https://g2.gumgum.com/adobe/s2s HTTP 302
https://dpm.demdex.net/ibs:dpid=143525&dpuuid=e_d813c2d5-6979-4e96-81f9-abe69f8fa002

Request Chain 188

https://match.prod.bidr.io/cookie-sync/adobe?gdpr=0&gdpr_consent= HTTP 303
https://match.prod.bidr.io/cookie-sync/adobe?gdpr=0&gdpr_consent=&_bee_ppp=1 HTTP 303
https://dpm.demdex.net/ibs:dpid=275754&dpuuid=AAHltk7HLMEAAB-yDN_8fA?gdpr=0

Request Chain 189

https://sync.srv.stackadapt.com/sync?nid=adobe HTTP 302
https://dpm.demdex.net/ibs:dpid=390122&dpuuid=YBBSqq_FQDp24i9jHXaUxtly2hc

186 HTTP transactions
5 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request booking Show response
travel.northeast.aaa.com/trip/sKHVj7O3RAWhevDLVmXnGw/consumer/ 287 KB
288 KB 1026ms
761ms Document
text/html 184.72.128.159
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://travel.northeast.aaa.com/trip/sKHVj7O3RAWhevDLVmXnGw/consumer/booking?tst_email=confirmation&utm_source=conf_email&utm_medium=email&utm_campaign=car_insurance

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

184.72.128.159 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-184-72-128-159.compute-1.amazonaws.com

Software

Resource Hash

520577ecfa5eb160095893db1406200408b40f32718bc56cabc53ee5048d233d

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .tstllc.net .aaa.com ama.ab.ca .amatravel.ca .atlantic.caa.ca .caamanitoba.com .caaneo.ca .caask.ca .caaniagara.ca *.caascotravel.com
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-cache, max-age=0, must-revalidate, no-store
content-length: 293885
content-security-policy: frame-ancestors 'self' *.tstllc.net *.aaa.com ama.ab.ca *.amatravel.ca *.atlantic.caa.ca *.caamanitoba.com *.caaneo.ca *.caask.ca *.caaniagara.ca *.caascotravel.com
content-type: text/html; charset=UTF-8
date: Sun, 11 Dec 2022 22:58:50 GMT
referrer-policy: origin-when-cross-origin, strict-origin-when-cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
trace-id: 95726a237da02ae7

GET
H2 404 trip.css
travel.northeast.aaa.com/trip/assets/stylesheets/v1/ 0
0 328ms
326ms Stylesheet
text/html 184.72.128.159
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://travel.northeast.aaa.com/trip/assets/stylesheets/v1/trip.css

Requested by

Host: travel.northeast.aaa.com
URL: https://travel.northeast.aaa.com/trip/sKHVj7O3RAWhevDLVmXnGw/consumer/booking?tst_email=confirmation&utm_source=conf_email&utm_medium=email&utm_campaign=car_insurance

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

184.72.128.159 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-184-72-128-159.compute-1.amazonaws.com

Software

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .tstllc.net .aaa.com ama.ab.ca .amatravel.ca .atlantic.caa.ca .caamanitoba.com .caaneo.ca .caask.ca .caaniagara.ca *.caascotravel.com
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/trip/sKHVj7O3RAWhevDLVmXnGw/consumer/booking?tst_email=confirmation&utm_source=conf_email&utm_medium=email&utm_campaign=car_insurance
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 22:58:50 GMT
content-security-policy: frame-ancestors 'self' *.tstllc.net *.aaa.com ama.ab.ca *.amatravel.ca *.atlantic.caa.ca *.caamanitoba.com *.caaneo.ca *.caask.ca *.caaniagara.ca *.caascotravel.com
referrer-policy: origin-when-cross-origin, strict-origin-when-cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
trace-id: a1cf3557753a0ab5
content-length: 1150
content-type: text/html; charset=UTF-8

GET
H2 200 css
fonts.googleapis.com/ 10 KB
1 KB 83ms
31ms Stylesheet
text/css 2a00:1450:4001:803::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans:300,400,600,700&lang=en

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

6c4133ff5eff0f23ca2f6fdaceea1d4dd3a91e499a0b0aef688b0f31206b0328

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Sun, 11 Dec 2022 22:58:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Sun, 11 Dec 2022 22:13:52 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sun, 11 Dec 2022 22:58:50 GMT

GET
H/1.1 200
OK antd.min.css
s3.amazonaws.com/tstllc-assets/css/antd/dist/ 451 KB
451 KB 340ms
123ms Stylesheet
text/css 52.217.199.16
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s3.amazonaws.com/tstllc-assets/css/antd/dist/antd.min.css
Requested by: Host: travel.northeast.aaa.com
URL: https://travel.northeast.aaa.com/trip/sKHVj7O3RAWhevDLVmXnGw/consumer/booking?tst_email=confirmation&utm_source=conf_email&utm_medium=email&utm_campaign=car_insurance
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.217.199.16 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-1.amazonaws.com
Software: AmazonS3 /
Resource Hash: 897600b074c2a2e02b176f2d3e5caf964883dc5ea1c340c7576723e3932b9128

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Date: Sun, 11 Dec 2022 22:58:51 GMT
x-amz-version-id: null
Last-Modified: Mon, 07 Jan 2019 18:42:01 GMT
Server: AmazonS3
x-amz-request-id: 8FYWHDEMYP0BAM4T
ETag: "5178b4827ce4ac2d7f96ed9861b4cd6d"
Content-Type: text/css
Cache-Control: no-cache
Accept-Ranges: bytes
Content-Length: 461624
x-amz-id-2: L2sTw5+hatGJkvcN6Ard/C8U3kuz5zFQosgkEnr/wfMJ/g8ENYjO/Qikz5qyL20yiHmDuqWwi9g=

GET
H/1.1 200
OK proxima-nova.min.css
s3.amazonaws.com/tstllc-assets/fonts/proxima-nova/ 4 KB
4 KB 339ms
122ms Stylesheet
text/css 52.217.199.16
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s3.amazonaws.com/tstllc-assets/fonts/proxima-nova/proxima-nova.min.css
Requested by: Host: travel.northeast.aaa.com
URL: https://travel.northeast.aaa.com/trip/sKHVj7O3RAWhevDLVmXnGw/consumer/booking?tst_email=confirmation&utm_source=conf_email&utm_medium=email&utm_campaign=car_insurance
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.217.199.16 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-1.amazonaws.com
Software: AmazonS3 /
Resource Hash: d7de9b79990bb103408b06aacc98307309774f564e70ba905949e80b5ba47f14

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Date: Sun, 11 Dec 2022 22:58:51 GMT
x-amz-version-id: null
Last-Modified: Tue, 18 Sep 2018 14:07:09 GMT
Server: AmazonS3
x-amz-request-id: 8FYGWTC0HVRFHN3A
ETag: "371ff5a9f43f342812125d9e1497f068"
Content-Type: text/css
Accept-Ranges: bytes
Content-Length: 4191
x-amz-id-2: lllyJaJtkXRm6sTUtf6fhtP269zlbxp9w2t/9WXUOrc7YJwe2Lmi6rs9WhRuLdh0Vlu0G23NKtA=

GET
H/1.1 200
OK black-tie.min.css
s3.amazonaws.com/tstllc-assets/fonts/black-tie/css/ 22 KB
22 KB 341ms
124ms Stylesheet
text/css 52.217.199.16
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s3.amazonaws.com/tstllc-assets/fonts/black-tie/css/black-tie.min.css
Requested by: Host: travel.northeast.aaa.com
URL: https://travel.northeast.aaa.com/trip/sKHVj7O3RAWhevDLVmXnGw/consumer/booking?tst_email=confirmation&utm_source=conf_email&utm_medium=email&utm_campaign=car_insurance
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.217.199.16 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-1.amazonaws.com
Software: AmazonS3 /
Resource Hash: 3ff7b0b317b417d887b4d1b311ac5a390b85345337838d182296dad380682a87

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Date: Sun, 11 Dec 2022 22:58:51 GMT
x-amz-version-id: null
Last-Modified: Fri, 12 Oct 2018 23:42:34 GMT
Server: AmazonS3
x-amz-request-id: 8FYS66NXM3F1G0J3
ETag: "c9a2ca04d6ec76b7da644506f215fc4b"
Content-Type: text/css
Accept-Ranges: bytes
Content-Length: 22456
x-amz-id-2: PZQu4y6LgaYkoHNReSWYI2zcMf0/GZ5spWCC99NqEkKcuRUGWEDqWnXxZQuD5hEVea4BOjT1Dl4=

GET
H2 200 gtm-helper-script-bundle.js Show response
travel.northeast.aaa.com/web-services/assets/resource/js/ 31 KB
10 KB 328ms
326ms Script
application/javascript 184.72.128.159
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://travel.northeast.aaa.com/web-services/assets/resource/js/gtm-helper-script-bundle.js

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

184.72.128.159 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-184-72-128-159.compute-1.amazonaws.com

Software

/ Express

Resource Hash

ed2b9de8f36895ff8e5324067c9a27a15ba63337c2a3232bd757863585507ef9

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .tstllc.net .aaa.com ama.ab.ca .amatravel.ca .atlantic.caa.ca .caamanitoba.com .caaneo.ca .caask.ca .caaniagara.ca *.caascotravel.com
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/trip/sKHVj7O3RAWhevDLVmXnGw/consumer/booking?tst_email=confirmation&utm_source=conf_email&utm_medium=email&utm_campaign=car_insurance
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 22:58:50 GMT
content-encoding: gzip
content-security-policy: frame-ancestors 'self' *.tstllc.net *.aaa.com ama.ab.ca *.amatravel.ca *.atlantic.caa.ca *.caamanitoba.com *.caaneo.ca *.caask.ca *.caaniagara.ca *.caascotravel.com
last-modified: Fri, 09 Dec 2022 16:56:45 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-powered-by: Express
etag: W/"7a95-184f7d163e1"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=0
accept-ranges: bytes

GET
H2 200 legacy-confirmation-styles.css
travel.northeast.aaa.com/web-services/assets/resource/stylesheets/ 657 KB
329 KB 327ms
326ms Stylesheet
text/css 184.72.128.159
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://travel.northeast.aaa.com/web-services/assets/resource/stylesheets/legacy-confirmation-styles.css

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

184.72.128.159 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-184-72-128-159.compute-1.amazonaws.com

Software

/ Express

Resource Hash

1d32627006e0e63d706ca39ec8735807bc8f73946f38f4985740679edea22edd

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .tstllc.net .aaa.com ama.ab.ca .amatravel.ca .atlantic.caa.ca .caamanitoba.com .caaneo.ca .caask.ca .caaniagara.ca *.caascotravel.com
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/trip/sKHVj7O3RAWhevDLVmXnGw/consumer/booking?tst_email=confirmation&utm_source=conf_email&utm_medium=email&utm_campaign=car_insurance
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 22:58:50 GMT
content-encoding: gzip
content-security-policy: frame-ancestors 'self' *.tstllc.net *.aaa.com ama.ab.ca *.amatravel.ca *.atlantic.caa.ca *.caamanitoba.com *.caaneo.ca *.caask.ca *.caaniagara.ca *.caascotravel.com
last-modified: Fri, 09 Dec 2022 16:56:45 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-powered-by: Express
etag: W/"a4449-184f7d163fd"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
cache-control: public, max-age=0
accept-ranges: bytes

GET
H2 200 legacy-confirmation-page-bundle.js Show response
travel.northeast.aaa.com/web-services/assets/resource/js/ 3 MB
849 KB 328ms
326ms Script
application/javascript 184.72.128.159
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://travel.northeast.aaa.com/web-services/assets/resource/js/legacy-confirmation-page-bundle.js

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

184.72.128.159 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-184-72-128-159.compute-1.amazonaws.com

Software

/ Express

Resource Hash

de1271b75470960be5b33d00f9264602eab356f0b86045292a33713d79d21a89

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .tstllc.net .aaa.com ama.ab.ca .amatravel.ca .atlantic.caa.ca .caamanitoba.com .caaneo.ca .caask.ca .caaniagara.ca *.caascotravel.com
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/trip/sKHVj7O3RAWhevDLVmXnGw/consumer/booking?tst_email=confirmation&utm_source=conf_email&utm_medium=email&utm_campaign=car_insurance
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 22:58:50 GMT
content-encoding: gzip
content-security-policy: frame-ancestors 'self' *.tstllc.net *.aaa.com ama.ab.ca *.amatravel.ca *.atlantic.caa.ca *.caamanitoba.com *.caaneo.ca *.caask.ca *.caaniagara.ca *.caascotravel.com
last-modified: Fri, 09 Dec 2022 16:56:45 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-powered-by: Express
etag: W/"30b69e-184f7d163e1"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=0
accept-ranges: bytes

GET
H2 200 satelliteLib-eaeb14e639d9c16e6550a4be4dc38d49846c3e8f.js Show response
assets.adobedtm.com/c0e73f44ef33452babf4efe81baa1b482ed0ca98/ 609 KB
146 KB 107ms
21ms Script
application/x-javascript 2a02:26f0:3500:587::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/c0e73f44ef33452babf4efe81baa1b482ed0ca98/satelliteLib-eaeb14e639d9c16e6550a4be4dc38d49846c3e8f.js
Requested by: Host: travel.northeast.aaa.com
URL: https://travel.northeast.aaa.com/trip/sKHVj7O3RAWhevDLVmXnGw/consumer/booking?tst_email=confirmation&utm_source=conf_email&utm_medium=email&utm_campaign=car_insurance
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:587::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 20e3f4b611985bd51b4f1c21b8a0eae79f221c770d2020025835976ad06263bd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 22:58:50 GMT
content-encoding: gzip
last-modified: Thu, 08 Dec 2022 18:13:45 GMT
server: AkamaiNetStorage
etag: "5c5fa11709b9f4028f8cfd021ee82c82:1670523225.164357"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://travel.northeast.aaa.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 149335
expires: Sun, 11 Dec 2022 23:58:50 GMT

GET
H2 403 remote_header.js
nm.northeast.aaa.com/assets/remote/js/ 0
0 103ms
23ms Script
text/html 45.60.154.98
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL: https://nm.northeast.aaa.com/assets/remote/js/remote_header.js
Requested by: Host: travel.northeast.aaa.com
URL: https://travel.northeast.aaa.com/trip/sKHVj7O3RAWhevDLVmXnGw/consumer/booking?tst_email=confirmation&utm_source=conf_email&utm_medium=email&utm_campaign=car_insurance
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 45.60.154.98 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

GET
H2

200

wss-4CAAA.png
assets.blue.kube.tstllc.net/resources/acp/images/
Redirect Chain

https://assets.tstllc.net/resources/acp/images/wss-4CAAA.png
https://assets.blue.kube.tstllc.net/resources/acp/images/wss-4CAAA.png

7 KB
7 KB

397ms
227ms

Image
image/png

34.232.6.3
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://assets.blue.kube.tstllc.net/resources/acp/images/wss-4CAAA.png

Requested by

Protocol

Server

34.232.6.3 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-232-6-3.compute-1.amazonaws.com

Software

Resource Hash

96ec675a4fab3039503907507b779ba05af8716418a84dac63e308bfb9701d02

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .tstllc.net .aaa.com ama.ab.ca .amatravel.ca .atlantic.caa.ca .caamanitoba.com .caaneo.ca .caask.ca .caaniagara.ca *.caascotravel.com
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 22:58:52 GMT
content-encoding: gzip
content-security-policy: frame-ancestors 'self' *.tstllc.net *.aaa.com ama.ab.ca *.amatravel.ca *.atlantic.caa.ca *.caamanitoba.com *.caaneo.ca *.caask.ca *.caaniagara.ca *.caascotravel.com
last-modified: Tue, 12 May 2020 19:06:50 GMT
strict-transport-security: max-age=31536000; includeSubDomains
etag: W/"5ebaf3ca-1a79"
access-control-allow-methods: GET, POST, OPTIONS
content-type: image/png
access-control-allow-origin: *
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type

Redirect headers

location: https://assets.blue.kube.tstllc.net/resources/acp/images/wss-4CAAA.png
date: Sun, 11 Dec 2022 22:58:51 GMT
content-security-policy: frame-ancestors 'self' *.tstllc.net *.aaa.com ama.ab.ca *.amatravel.ca *.atlantic.caa.ca *.caamanitoba.com *.caaneo.ca *.caask.ca *.caaniagara.ca *.caascotravel.com
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 166
content-type: text/html

GET
H2

200

hertz.png
assets.blue.kube.tstllc.net/images/car/vendorLogos/
Redirect Chain

https://travel.northeast.aaa.com/car/assets/images/vendorLogos/hertz.png
https://assets.blue.kube.tstllc.net/images/car/vendorLogos/hertz.png?url=null%3FcacheBuster%3D0.5256072769268187

2 KB
3 KB

362ms
116ms

Image
image/png

34.232.6.3
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://assets.blue.kube.tstllc.net/images/car/vendorLogos/hertz.png?url=null%3FcacheBuster%3D0.5256072769268187

Requested by

Protocol

Server

34.232.6.3 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-232-6-3.compute-1.amazonaws.com

Software

Resource Hash

b1ec8cb1c972ffa0b6bc4db61c6a7420bee94ea93f39f530afb4a16dc3a9fb4e

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .tstllc.net .aaa.com ama.ab.ca .amatravel.ca .atlantic.caa.ca .caamanitoba.com .caaneo.ca .caask.ca .caaniagara.ca *.caascotravel.com
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 22:58:52 GMT
content-encoding: gzip
content-security-policy: frame-ancestors 'self' *.tstllc.net *.aaa.com ama.ab.ca *.amatravel.ca *.atlantic.caa.ca *.caamanitoba.com *.caaneo.ca *.caask.ca *.caaniagara.ca *.caascotravel.com
last-modified: Tue, 12 May 2020 19:06:47 GMT
strict-transport-security: max-age=31536000; includeSubDomains
etag: W/"5ebaf3c7-995"
access-control-allow-methods: GET, POST, OPTIONS
content-type: image/png
access-control-allow-origin: *
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type

Redirect headers

location: https://assets.blue.kube.tstllc.net/images/car/vendorLogos/hertz.png?url=null%3FcacheBuster%3D0.5256072769268187
date: Sun, 11 Dec 2022 22:58:51 GMT
cache-control: no-cache, no-store, must-revalidate
content-security-policy: frame-ancestors 'self' *.tstllc.net *.aaa.com ama.ab.ca *.amatravel.ca *.atlantic.caa.ca *.caamanitoba.com *.caaneo.ca *.caask.ca *.caaniagara.ca *.caascotravel.com
strict-transport-security: max-age=31536000; includeSubDomains
x-powered-by: Express

GET
H2

200

bx_loader.gif
assets.blue.kube.tstllc.net/images/common/
Redirect Chain

https://travel.northeast.aaa.com/web-services/assets/images/bx_loader.gif
https://assets.blue.kube.tstllc.net/images/common/bx_loader.gif?url=null%3FcacheBuster%3D0.17608308291500707

8 KB
9 KB

345ms
117ms

Image
image/gif

34.232.6.3
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://assets.blue.kube.tstllc.net/images/common/bx_loader.gif?url=null%3FcacheBuster%3D0.17608308291500707

Requested by

Protocol

Server

34.232.6.3 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-232-6-3.compute-1.amazonaws.com

Software

Resource Hash

6d46e2cf165a5a0584afba7bc9663da292ee08c97cfc7613de6013ed05be892a

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .tstllc.net .aaa.com ama.ab.ca .amatravel.ca .atlantic.caa.ca .caamanitoba.com .caaneo.ca .caask.ca .caaniagara.ca *.caascotravel.com
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 22:58:52 GMT
content-security-policy: frame-ancestors 'self' *.tstllc.net *.aaa.com ama.ab.ca *.amatravel.ca *.atlantic.caa.ca *.caamanitoba.com *.caaneo.ca *.caask.ca *.caaniagara.ca *.caascotravel.com
strict-transport-security: max-age=31536000; includeSubDomains
last-modified: Tue, 12 May 2020 19:06:48 GMT
etag: "5ebaf3c8-2185"
access-control-allow-methods: GET, POST, OPTIONS
content-type: image/gif
access-control-allow-origin: *
accept-ranges: bytes
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 8581

Redirect headers

location: https://assets.blue.kube.tstllc.net/images/common/bx_loader.gif?url=null%3FcacheBuster%3D0.17608308291500707
date: Sun, 11 Dec 2022 22:58:51 GMT
cache-control: no-cache, no-store, must-revalidate
content-security-policy: frame-ancestors 'self' *.tstllc.net *.aaa.com ama.ab.ca *.amatravel.ca *.atlantic.caa.ca *.caamanitoba.com *.caaneo.ca *.caask.ca *.caaniagara.ca *.caascotravel.com
strict-transport-security: max-age=31536000; includeSubDomains
x-powered-by: Express

GET
H2 200 ZEUSIFAR999.jpg
web-assets.tstllc.net/static-content/images/car/hertz/cars/ 8 KB
8 KB 210ms
147ms Image
image/jpeg 13.224.189.127
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://web-assets.tstllc.net/static-content/images/car/hertz/cars/ZEUSIFAR999.jpg
Requested by: Host: travel.northeast.aaa.com
URL: https://travel.northeast.aaa.com/trip/sKHVj7O3RAWhevDLVmXnGw/consumer/booking?tst_email=confirmation&utm_source=conf_email&utm_medium=email&utm_campaign=car_insurance
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.189.127 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-189-127.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 2adcf3ebc7edea2e5aefaee6ea433327a1326d172dced9359be54c84c16bb9d5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

x-amz-version-id: 8fgCv6478FCTU5loWPrGZXZgLX9kbX0M
date: Sun, 11 Dec 2022 22:58:52 GMT
via: 1.1 2ec3090d74e200e4acdb2780da3c3c44.cloudfront.net (CloudFront)
last-modified: Sun, 20 Nov 2022 21:37:32 GMT
server: AmazonS3
x-amz-cf-pop: FRA2-C1
etag: "1b0b69174820a3bde295e72b56c883b1"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
content-type: image/jpeg
content-length: 8073
x-amz-cf-id: 5BvnWu1wlQ5LiNAq234xfhkXvNoE_IcUbSboBnOFuly7SWdr9LuF5g==

GET
H2 200 2a210682c93e3d3bc33b0df5d27ffbdb.jpg
d1taxzywhomyrl.cloudfront.net/s3/ag-images-eu/02/ 15 KB
16 KB 88ms
24ms Image
image/jpeg 13.225.84.99
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d1taxzywhomyrl.cloudfront.net/s3/ag-images-eu/02/2a210682c93e3d3bc33b0df5d27ffbdb.jpg?width=220&height=180&mode=crop
Requested by: Host: travel.northeast.aaa.com
URL: https://travel.northeast.aaa.com/trip/sKHVj7O3RAWhevDLVmXnGw/consumer/booking?tst_email=confirmation&utm_source=conf_email&utm_medium=email&utm_campaign=car_insurance
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.84.99 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-84-99.fra2.r.cloudfront.net
Software: Microsoft-IIS/7.5 /
Resource Hash: 6e70b749d9e6d9e60f65643c72cde098daec8cff61d31bc96752385e38ab2822

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 01:37:48 GMT
via: 1.1 58b222ebbb6cc6c8c8c9a46127ae3a3e.cloudfront.net (CloudFront)
last-modified: Tue, 15 Jan 2019 18:22:54 GMT
server: Microsoft-IIS/7.5
x-amz-cf-pop: FRA2-C2
age: 163263
etag: "8c2d954ffacd41:0"
x-cache: Hit from cloudfront
content-type: image/jpeg
cache-control: public
accept-ranges: bytes
content-length: 15502
x-amz-cf-id: W6Ix1qHYQ2i3gYYUc6ep2WD9KMa6yVQBXuBg3ySnxh3u2vzyK5_1sQ==
expires: Sat, 17 Dec 2022 01:37:47 GMT

GET
H2 200 PPN_DTB_Banner.png
web-assets.tstllc.net/static-content/images/common/aaa_tour_book/ 28 KB
29 KB 94ms
32ms Image
image/png 13.224.189.127
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://web-assets.tstllc.net/static-content/images/common/aaa_tour_book/PPN_DTB_Banner.png
Requested by: Host: travel.northeast.aaa.com
URL: https://travel.northeast.aaa.com/trip/sKHVj7O3RAWhevDLVmXnGw/consumer/booking?tst_email=confirmation&utm_source=conf_email&utm_medium=email&utm_campaign=car_insurance
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.189.127 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-189-127.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 08bbcc64722e668378612103e52728e7d9ba0bedea0baddcd235269546b17878

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

x-amz-version-id: cF7oNZN6lC.Awbw2GkBLQa7PTu7tERr3
date: Sun, 11 Dec 2022 22:58:51 GMT
via: 1.1 2ec3090d74e200e4acdb2780da3c3c44.cloudfront.net (CloudFront)
last-modified: Sun, 20 Nov 2022 21:37:50 GMT
server: AmazonS3
x-amz-cf-pop: FRA2-C1
age: 89
etag: "3bb3ce6e22ea00e930938e94cb652d98"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/png
content-length: 29043
x-amz-cf-id: We65JucOQRnLtgsfphgIFr6Bn2FTHJZSTk7ttmBi51qCktt1h6TDCw==

GET
H2 200 gpt.js Show response
www.googletagservices.com/tag/js/ 80 KB
27 KB 88ms
31ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f0648dd60b72161450eb93d6fa81bb6ec46bb9dffb2d2d0c6f3b5d4ac1e01dda

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 22:58:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27542
x-xss-protection: 0
server: sffe
etag: "1419 / 850 of 1000 / last-modified: 1670587517"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Sun, 11 Dec 2022 22:58:51 GMT

GET
H2 403 remote_footer.js
nm.northeast.aaa.com/assets/remote/js/ 0
0 67ms
23ms Script
text/html 45.60.154.98
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL: https://nm.northeast.aaa.com/assets/remote/js/remote_footer.js
Requested by: Host: travel.northeast.aaa.com
URL: https://travel.northeast.aaa.com/trip/sKHVj7O3RAWhevDLVmXnGw/consumer/booking?tst_email=confirmation&utm_source=conf_email&utm_medium=email&utm_campaign=car_insurance
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 45.60.154.98 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

GET
H2 200 0.css
travel.northeast.aaa.com/web-services/assets/resource/stylesheets/ 90 KB
44 KB 118ms
118ms Stylesheet
text/css 184.72.128.159
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://travel.northeast.aaa.com/web-services/assets/resource/stylesheets/0.css

Requested by

Host: travel.northeast.aaa.com
URL: https://travel.northeast.aaa.com/web-services/assets/resource/js/legacy-confirmation-page-bundle.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

184.72.128.159 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-184-72-128-159.compute-1.amazonaws.com

Software

/ Express

Resource Hash

901a3d923f29e1e5722d7978b88a487fe3e2b38f2870fb968a29f8df66e79122

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .tstllc.net .aaa.com ama.ab.ca .amatravel.ca .atlantic.caa.ca .caamanitoba.com .caaneo.ca .caask.ca .caaniagara.ca *.caascotravel.com
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/trip/sKHVj7O3RAWhevDLVmXnGw/consumer/booking?tst_email=confirmation&utm_source=conf_email&utm_medium=email&utm_campaign=car_insurance
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 22:58:51 GMT
content-encoding: gzip
content-security-policy: frame-ancestors 'self' *.tstllc.net *.aaa.com ama.ab.ca *.amatravel.ca *.atlantic.caa.ca *.caamanitoba.com *.caaneo.ca *.caask.ca *.caaniagara.ca *.caascotravel.com
last-modified: Fri, 09 Dec 2022 16:56:45 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-powered-by: Express
etag: W/"1660c-184f7d163ed"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
cache-control: public, max-age=0
accept-ranges: bytes

GET
H2 200 0-chunk.js Show response
travel.northeast.aaa.com/web-services/assets/resource/js/chunk/ 4 MB
1 MB 121ms
118ms Script
application/javascript 184.72.128.159
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://travel.northeast.aaa.com/web-services/assets/resource/js/chunk/0-chunk.js

Requested by

Host: travel.northeast.aaa.com
URL: https://travel.northeast.aaa.com/web-services/assets/resource/js/legacy-confirmation-page-bundle.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

184.72.128.159 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-184-72-128-159.compute-1.amazonaws.com

Software

/ Express

Resource Hash

fe13408d11ff849139c4b0dc24d1d81714c47bdb2fe2a59f5b79d8c9c4052d6a

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .tstllc.net .aaa.com ama.ab.ca .amatravel.ca .atlantic.caa.ca .caamanitoba.com .caaneo.ca .caask.ca .caaniagara.ca *.caascotravel.com
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/trip/sKHVj7O3RAWhevDLVmXnGw/consumer/booking?tst_email=confirmation&utm_source=conf_email&utm_medium=email&utm_campaign=car_insurance
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 22:58:51 GMT
content-encoding: gzip
content-security-policy: frame-ancestors 'self' *.tstllc.net *.aaa.com ama.ab.ca *.amatravel.ca *.atlantic.caa.ca *.caamanitoba.com *.caaneo.ca *.caask.ca *.caaniagara.ca *.caascotravel.com
last-modified: Fri, 09 Dec 2022 16:56:45 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-powered-by: Express
etag: W/"47602d-184f7d163dd"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=0
accept-ranges: bytes

GET
H2 404 fs.js
www.fullstory.com/s/ 0
0 103ms
20ms Script
text/html 2a05:d014:275:cb01:2c5:838c:1ab7:a223
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.fullstory.com/s/fs.js
Requested by: Host: travel.northeast.aaa.com
URL: https://travel.northeast.aaa.com/trip/sKHVj7O3RAWhevDLVmXnGw/consumer/booking?tst_email=confirmation&utm_source=conf_email&utm_medium=email&utm_campaign=car_insurance
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a05:d014:275:cb01:2c5:838c:1ab7:a223 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

GET
H2 200 recorder.js Show response
rec.smartlook.com/ 3 KB
2 KB 133ms
30ms Script
application/javascript 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL

https://rec.smartlook.com/recorder.js

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),

Reverse DNS

Software

CDN77-Turbo /

Resource Hash

bfb8e638fa9c13a763adec2844347c8e1d981ef2cfc6d4d8a87f63dc50164cb5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Sun, 11 Dec 2022 22:58:51 GMT
strict-transport-security: max-age=31536000
content-encoding: gzip
x-cache: HIT
x-77-cache: HIT
cross-origin-resource-policy: cross-origin
x-age: 595
x-77-nzt: AcO1qhF22Qb/UwIAAA
x-accel-expires: @1670799536
last-modified: Wed, 07 Dec 2022 08:57:17 GMT
server: CDN77-Turbo
etag: W/"6390556d-c4a"
x-77-nzt-ray: 4c156224a749b5dbab609663e95f5e34
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=600

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 90ms
21ms Script
text/javascript 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

b42e4a056cb5b80c5a315040826866445ec9332f0749e184509ab2d9d3b86719

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Sun, 11 Dec 2022 21:15:46 GMT
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
server: Golfe2
age: 6185
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20039
expires: Sun, 11 Dec 2022 23:15:46 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 456 KB
101 KB 139ms
89ms Script
application/javascript 2a00:1450:4001:827::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-W79ZLQ

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

19a368e54d672abe395803f0e69f5ae639ae73353c06f36dad773b0c57e6a613

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 22:58:51 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 103496
x-xss-protection: 0
last-modified: Sun, 11 Dec 2022 21:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sun, 11 Dec 2022 22:58:51 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 515 KB
113 KB 149ms
99ms Script
application/javascript 2a00:1450:4001:827::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-T6BPC96

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

f5a24734d7e06b2592d9cb787aa3babc7a76bab48adb7d71d64b7ef8ba375329

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 22:58:51 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 115299
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sun, 11 Dec 2022 22:58:51 GMT

GET
H/1.1 200
OK id Show response
dpm.demdex.net/ 5 KB
2 KB 188ms
47ms XHR
application/json 34.251.90.149
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://dpm.demdex.net/id?d_visid_ver=5.5.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=F5237FF958248ED40A495E58%40AdobeOrg&d_nsid=0&ts=1670799531779

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/c0e73f44ef33452babf4efe81baa1b482ed0ca98/satelliteLib-eaeb14e639d9c16e6550a4be4dc38d49846c3e8f.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.251.90.149 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-251-90-149.eu-west-1.compute.amazonaws.com

Software

Resource Hash

bea76e255dbe1cfa07040c98488735093c759a4c649e103c721f8286a23b62cb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://travel.northeast.aaa.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

DCS: dcs-prod-irl1-2-v045-0f822ad5b.edge-irl1.demdex.com 2 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-TID: ggHXzNXNSX8=
Vary: Origin
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin: https://travel.northeast.aaa.com
Content-Type: application/json;charset=utf-8
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 1675
Expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H2 200 AppMeasurement.min.js Show response
assets.adobedtm.com/extensions/EPbf7b42aa08bc4f10879b1484195e80d1/ 34 KB
12 KB 23ms
22ms Script
application/x-javascript 2a02:26f0:3500:587::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/extensions/EPbf7b42aa08bc4f10879b1484195e80d1/AppMeasurement.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/c0e73f44ef33452babf4efe81baa1b482ed0ca98/satelliteLib-eaeb14e639d9c16e6550a4be4dc38d49846c3e8f.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:587::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: d6d01246a30e9d483531c27721f73f266fa4af35effdb21683ac02a620ab8aaf

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 22:58:51 GMT
content-encoding: gzip
last-modified: Thu, 22 Sep 2022 16:16:49 GMT
server: AkamaiNetStorage
etag: "dfdd9e1f988805f0c2fbb10cd6b8f034:1663863409.614694"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://travel.northeast.aaa.com
cache-control: no-cache
accept-ranges: bytes
timing-allow-origin: *
content-length: 12384
expires: Sun, 11 Dec 2022 23:58:51 GMT

GET
H2 200 AppMeasurement_Module_ActivityMap.min.js Show response
assets.adobedtm.com/extensions/EPbf7b42aa08bc4f10879b1484195e80d1/ 3 KB
2 KB 25ms
25ms Script
application/x-javascript 2a02:26f0:3500:587::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/extensions/EPbf7b42aa08bc4f10879b1484195e80d1/AppMeasurement_Module_ActivityMap.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/c0e73f44ef33452babf4efe81baa1b482ed0ca98/satelliteLib-eaeb14e639d9c16e6550a4be4dc38d49846c3e8f.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:587::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 78c1c1baf0d964522f8afab09cfc754685c1648826a7f9967fd52b774b4ec5aa

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 22:58:51 GMT
content-encoding: gzip
last-modified: Thu, 22 Sep 2022 16:16:49 GMT
server: AkamaiNetStorage
etag: "b89fcb8870ac40eecb6d3cc844d35389:1663863409.92483"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://travel.northeast.aaa.com
cache-control: no-cache
accept-ranges: bytes
timing-allow-origin: *
content-length: 1598
expires: Sun, 11 Dec 2022 23:58:51 GMT

GET
H2 200 AppMeasurement_Module_AudienceManagement.min.js Show response
assets.adobedtm.com/extensions/EPbf7b42aa08bc4f10879b1484195e80d1/ 25 KB
9 KB 24ms
24ms Script
application/x-javascript 2a02:26f0:3500:587::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/extensions/EPbf7b42aa08bc4f10879b1484195e80d1/AppMeasurement_Module_AudienceManagement.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/c0e73f44ef33452babf4efe81baa1b482ed0ca98/satelliteLib-eaeb14e639d9c16e6550a4be4dc38d49846c3e8f.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:587::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: b01bd01687b15585b2740273c8c3c6674dd9f559cfe52eeffdf43b1f93a12d05

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 22:58:51 GMT
content-encoding: gzip
last-modified: Thu, 22 Sep 2022 16:16:50 GMT
server: AkamaiNetStorage
etag: "d220d501715e0484d0dddeac614f902c:1663863410.217006"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://travel.northeast.aaa.com
cache-control: no-cache
accept-ranges: bytes
timing-allow-origin: *
content-length: 8755
expires: Sun, 11 Dec 2022 23:58:51 GMT

GET
H2 200 i.js Show response
tag.wknd.ai/3328/ 10 KB
4 KB 97ms
21ms Script
text/plain 34.120.253.250
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://tag.wknd.ai/3328/i.js
Requested by: Host: travel.northeast.aaa.com
URL: https://travel.northeast.aaa.com/trip/sKHVj7O3RAWhevDLVmXnGw/consumer/booking?tst_email=confirmation&utm_source=conf_email&utm_medium=email&utm_campaign=car_insurance
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.120.253.250 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 250.253.120.34.bc.googleusercontent.com
Software: istio-envoy /
Resource Hash: 2c08fa37317725e886f3c0e0107acd19ebd91ced8d186733927ebf82ae5a2cd8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 22:58:49 GMT
content-encoding: gzip
via: 1.1 google
age: 2
x-envoy-upstream-service-time: 1
x-region: us-central1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3730
server: istio-envoy
etag: 499df1550c4d8b
vary: Accept-Encoding
content-type: text/plain; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=60
timing-allow-origin: *
link: <https://assets.bounceexchange.com>; rel=dns-prefetch, <https://events.bouncex.net>; rel=dns-prefetch, <https://data.cdnbasket.net>; rel=dns-prefetch, <https://page.cdnbasket.net>; rel=dns-prefetch, <https://view.cdnbasket.net>; rel=dns-prefetch, <https://ids.cdnwidget.com>; rel=dns-prefetch, <https://u.cdnwidget.com>; rel=dns-prefetch, <https://pix.cdnwidget.com>; rel=dns-prefetch, <https://api.bounceexchange.com>; rel=preconnect, <https://pd.cdnwidget.com>; rel=preconnect

GET
H/1.1 200
OK bugsnag.min.js Show response
d2wy8f7a9ursnm.cloudfront.net/v7/ 42 KB
43 KB 101ms
25ms Script
application/javascript 13.225.84.152
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d2wy8f7a9ursnm.cloudfront.net/v7/bugsnag.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/c0e73f44ef33452babf4efe81baa1b482ed0ca98/satelliteLib-eaeb14e639d9c16e6550a4be4dc38d49846c3e8f.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.84.152 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-84-152.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 71a980fae18c2c5ab33f47cbac734ab86aaa815e0325ce68be34ccd55b04cfb9

Request headers

Referer: https://travel.northeast.aaa.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

Date: Fri, 09 Dec 2022 06:41:14 GMT
x-amz-version-id: null
Via: 1.1 d6b9c7bad28b271f1e800a50d49ab8a4.cloudfront.net (CloudFront)
Last-Modified: Thu, 22 Sep 2022 18:32:16 GMT
Server: AmazonS3
X-Amz-Cf-Pop: FRA2-C2
Age: 231458
ETag: "b573ad919b015dde79c3274356ad9d47"
X-Cache: Hit from cloudfront
Content-Type: application/javascript; charset=UTF-8
Cache-Control: public, max-age=315360000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 43193
X-Amz-Cf-Id: 9CGLF7tkzmC26sR1aaMjyDJf3I9HUg8yr78bPE5EGN-YWmdwANBrOA==

GET
H/1.1 200
OK last-event-tag-latest.min.js Show response
www.everestjs.net/static/le/ 7 KB
3 KB 93ms
27ms Script
application/javascript 96.16.147.243
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://www.everestjs.net/static/le/last-event-tag-latest.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/c0e73f44ef33452babf4efe81baa1b482ed0ca98/satelliteLib-eaeb14e639d9c16e6550a4be4dc38d49846c3e8f.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 96.16.147.243 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a96-16-147-243.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: abb45ae4b3a896ae99132c1786a9676218c119ea552d3fbb5ab6d40d9e05e43c

Request headers

Referer: https://travel.northeast.aaa.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

x-amz-version-id: null
Content-Encoding: gzip
Date: Sun, 11 Dec 2022 22:58:51 GMT
Last-Modified: Wed, 16 Jun 2021 15:18:41 GMT
Server: AmazonS3
x-amz-request-id: R6X1Z4GZMHQJ34R0
ETag: "d5991c18a0042eb33f92c6b5b44ffe8d"
Vary: Accept-Encoding
Content-Type: application/javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2663
x-amz-id-2: jm8UZxXlNwBRe5MV76nXmfeJxyOsHxAxlRqx4Yx6Lk22skfaD1o6r2gLlsQkG8CibRTuc9Pz10M=

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 179 KB
65 KB 60ms
59ms Script
application/javascript 2a00:1450:4001:827::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-1063159333

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/c0e73f44ef33452babf4efe81baa1b482ed0ca98/satelliteLib-eaeb14e639d9c16e6550a4be4dc38d49846c3e8f.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

c1a3262f45eaf8f7dc48684cd6744476461de714876967802077dc374fc5d097

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 22:58:51 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 66888
x-xss-protection: 0
last-modified: Sun, 11 Dec 2022 21:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sun, 11 Dec 2022 22:58:51 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 110 KB
44 KB 33ms
32ms Script
application/javascript 2a00:1450:4001:827::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=DC-8520721

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/c0e73f44ef33452babf4efe81baa1b482ed0ca98/satelliteLib-eaeb14e639d9c16e6550a4be4dc38d49846c3e8f.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

01510d59060f8556e0921e30092ec94b07722edca3e60b918b9f4ae94e0d2505

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 22:58:51 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44101
x-xss-protection: 0
last-modified: Sun, 11 Dec 2022 21:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sun, 11 Dec 2022 22:58:51 GMT

GET
DATA 200
OK truncated
/ 15 KB
15 KB Font
font/opentype

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bb2e1a97e3bc84334fa38904266d7ef01dc9407e17b3fcf54ea4a8ecbf494abf

Request headers

Referer
Origin: https://travel.northeast.aaa.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Content-Type: font/opentype

GET
H2 200 AAA_ForeSeeAPI.js Show response
www.aaa.com/configuration/ 5 KB
2 KB 109ms
23ms Script
application/x-javascript 45.60.64.121
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL: https://www.aaa.com/configuration/AAA_ForeSeeAPI.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/c0e73f44ef33452babf4efe81baa1b482ed0ca98/satelliteLib-eaeb14e639d9c16e6550a4be4dc38d49846c3e8f.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 45.60.64.121 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software: /
Resource Hash: 15f1fde7deb1f2cfecb62abe9d99d230384ecbb429e962bd449f4259e64fbec6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 22:58:50 GMT
content-encoding: gzip
last-modified: Thu, 31 Oct 2019 18:48:40 GMT
x-cdn: Imperva
etag: "c886fecf1b90d51:0"
content-type: application/x-javascript
x-iinfo: 13-381310259-0 0CNN RT(1670799530946 25) q(0 -1 -1 0) r(0 -1)
cache-control: max-age=3786, public
content-length: 2003
expires: Mon, 12 Dec 2022 00:01:56 GMT

GET
H2 200 AAA_ActionTags.js Show response
www.aaa.com/configuration/SEM/ 55 KB
14 KB 111ms
26ms Script
application/x-javascript 45.60.64.121
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL: https://www.aaa.com/configuration/SEM/AAA_ActionTags.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/c0e73f44ef33452babf4efe81baa1b482ed0ca98/satelliteLib-eaeb14e639d9c16e6550a4be4dc38d49846c3e8f.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 45.60.64.121 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software: /
Resource Hash: 7fde221486c3e05f825980fec689e0671182230722188921d256b58a7383d9cb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 22:58:50 GMT
content-encoding: gzip
last-modified: Tue, 09 Jul 2019 18:06:54 GMT
x-cdn: Imperva
etag: "facf8178136d51:0"
content-type: application/x-javascript
x-iinfo: 13-381310259-0 0CNN RT(1670799530946 26) q(0 -1 -1 4) r(0 -1)
cache-control: max-age=628, public
content-length: 14094
expires: Sun, 11 Dec 2022 23:09:18 GMT

GET
H2 200 dm_gtm.js Show response
www.aaa.com/aaa/common/javascripts/ 1 KB
1 KB 110ms
25ms Script
application/x-javascript 45.60.64.121
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL: https://www.aaa.com/aaa/common/javascripts/dm_gtm.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/c0e73f44ef33452babf4efe81baa1b482ed0ca98/satelliteLib-eaeb14e639d9c16e6550a4be4dc38d49846c3e8f.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 45.60.64.121 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software: /
Resource Hash: 059d3c257d61801506bdc30c1cfcc61fbdf4c5c94a4163bc0c62ee153253b609

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 22:58:50 GMT
content-encoding: gzip
last-modified: Mon, 07 Jan 2019 21:13:43 GMT
x-cdn: Imperva
etag: "585c9fdecda6d41:0"
content-type: application/x-javascript
x-iinfo: 13-381310259-0 0cNN RT(1670799530946 29) q(0 -1 -1 -1) r(0 -1)
cache-control: max-age=3600, public
content-length: 884
expires: Sun, 11 Dec 2022 23:58:50 GMT

GET
H2 200 dcs_partnerTag.js Show response
www.aaa.com/configuration/ 33 KB
11 KB 128ms
43ms Script
application/x-javascript 45.60.64.121
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL: https://www.aaa.com/configuration/dcs_partnerTag.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/c0e73f44ef33452babf4efe81baa1b482ed0ca98/satelliteLib-eaeb14e639d9c16e6550a4be4dc38d49846c3e8f.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 45.60.64.121 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software: /
Resource Hash: aaed9dc3a855f5067df7cde88c06ca9ed9de210dfadfaf3f4b49b58ca40df292

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 22:58:50 GMT
content-encoding: gzip
last-modified: Wed, 17 Mar 2021 22:06:38 GMT
x-cdn: Imperva
etag: "c0828bcd791bd71:0"
content-type: application/x-javascript
x-iinfo: 13-381310259-0 0CNN RT(1670799530946 31) q(0 -1 -1 -1) r(0 -1)
cache-control: max-age=3785, public
content-length: 11113
expires: Mon, 12 Dec 2022 00:01:55 GMT

GET
H2 200 jquery-2.2.4.min.js Show response
code.jquery.com/ 84 KB
29 KB 102ms
25ms Script
application/javascript 2001:4de0:ac18::1:a:2b
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-2.2.4.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/c0e73f44ef33452babf4efe81baa1b482ed0ca98/satelliteLib-eaeb14e639d9c16e6550a4be4dc38d49846c3e8f.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4de0:ac18::1:a:2b , Netherlands, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software: nginx /
Resource Hash: 05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e

Request headers

Referer: https://travel.northeast.aaa.com/
Origin: https://travel.northeast.aaa.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date: Sun, 11 Dec 2022 22:58:51 GMT
content-encoding: gzip
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
server: nginx
etag: W/"28feccc0-14e4a"
vary: Accept-Encoding
x-hw: 1670799531.dop126.fr8.t,1670799531.cds161.fr8.hn,1670799531.cds140.fr8.c
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=315360000, public
accept-ranges: bytes
content-length: 29811

GET
H2 200 pubads_impl_2022120501.js Show response
securepubads.g.doubleclick.net/gpt/ 380 KB
129 KB 113ms
21ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1e288c4dc57f72a69a497baef524f41c57e1c6a414b09a5bde22cd5b2f1b7cdf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 21:46:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 4340
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 131905
x-xss-protection: 0
last-modified: Mon, 05 Dec 2022 09:36:10 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Mon, 11 Dec 2023 21:46:31 GMT

GET
H2 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 301 B
769 B 119ms
29ms XHR
application/json 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=travel.northeast.aaa.com

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1c7fe750bd3616100f1d7384cf830625c9efc81391e3abd51b47bfe2a344afb4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 22:58:51 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 133
x-xss-protection: 0
expires: Sun, 11 Dec 2022 22:58:51 GMT

GET
H/1.1 200
OK ProximaNovaSemibold.woff2
s3.amazonaws.com/tstllc-assets/fonts/proxima-nova/ProximaNova-Semibold/ 17 KB
18 KB 335ms
128ms Font
binary/octet-stream 52.217.199.16
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s3.amazonaws.com/tstllc-assets/fonts/proxima-nova/ProximaNova-Semibold/ProximaNovaSemibold.woff2
Requested by: Host: s3.amazonaws.com
URL: https://s3.amazonaws.com/tstllc-assets/fonts/proxima-nova/proxima-nova.min.css
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.217.199.16 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-1.amazonaws.com
Software: AmazonS3 /
Resource Hash: f529cf4430e32ae0b07d7d606ca1043e8cd9ebb9476456589578a299bad459bd

Request headers

Referer: https://s3.amazonaws.com/tstllc-assets/fonts/proxima-nova/proxima-nova.min.css
Origin: https://travel.northeast.aaa.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Date: Sun, 11 Dec 2022 22:58:53 GMT
x-amz-version-id: null
Last-Modified: Tue, 18 Sep 2018 14:07:12 GMT
Server: AmazonS3
x-amz-request-id: H27A31EQDTVQT9SS
ETag: "e0642ce0df568ffbe72cafaf526fea41"
Access-Control-Max-Age: 3000
Vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
Access-Control-Allow-Methods: GET, HEAD
Access-Control-Allow-Origin: *
Content-Type: binary/octet-stream
Accept-Ranges: bytes
Content-Length: 17512
x-amz-id-2: VC6uf7dFa11ulNUQHLVl/VDNlQ+aL7v841kHcxwQbp/fjKaDaYPxI0twxXW9ZGU1AOGsOWQZmA0=

GET
H2 200 init.9f9eccdc0bb055a30c0f.js Show response
rec.smartlook.com/es6/ 53 KB
15 KB 86ms
27ms Script
application/javascript 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL

https://rec.smartlook.com/es6/init.9f9eccdc0bb055a30c0f.js

Requested by

Host: rec.smartlook.com
URL: https://rec.smartlook.com/recorder.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),

Reverse DNS

Software

CDN77-Turbo /

Resource Hash

759ba85ad57a23f5988379b328676c38641d8565db9244f2a0c6856bf330c540

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://travel.northeast.aaa.com/
Origin: https://travel.northeast.aaa.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Sun, 11 Dec 2022 22:58:51 GMT
strict-transport-security: max-age=31536000
content-encoding: gzip
x-cache: HIT
x-77-cache: HIT
cross-origin-resource-policy: cross-origin
x-age: 382959
x-77-nzt: AcO1qhG60a//79cFAA
x-accel-expires: @1701952572
last-modified: Wed, 07 Dec 2022 08:57:17 GMT
server: CDN77-Turbo
etag: W/"6390556d-d4c1"
x-77-nzt-ray: 4c156224064c03ddab60966382d8bb39
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000, immutable

POST
H2 200 collect Show response
www.google-analytics.com/j/ 2 B
213 B 29ms
28ms XHR
text/plain 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j98&a=1590830776&t=pageview&_s=1&dl=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FsKHVj7O3RAWhevDLVmXnGw%2Fconsumer%2Fbooking%3Ftst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dcar_insurance&dp=%2Ftrip%2FsKHVj7O3RAWhevDLVmXnGw%2Fconsumer%2Fbooking&ul=en-us&de=UTF-8&dt=Travel%20Booking&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aEDAAEABAAAAACAEK~&jid=1999845315&gjid=1656586987&cid=1978167713.1670799532&tid=UA-55392727-1&_gid=1998948539.1670799532&_r=1&gtm=2wgbu0W79ZLQ&cd1=customer&cd2=742b8eed-42ec-4432-8b2c-5f6aebecd9e0&cd11=2022-12-11T22%3A58%3A51%2B00%3A00&cd13=531752876.1670799531594&cd9=1978167713.1670799532&z=1132341101

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://travel.northeast.aaa.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 22:58:51 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://travel.northeast.aaa.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 224 KB
77 KB 43ms
43ms Script
application/javascript 2a00:1450:4001:827::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-65YG7JM4M0&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-W79ZLQ

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

379597d2a5cbc0c08a248a2ee054642d934c8e21ec369f779c59ee510453db59

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 22:58:51 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 78977
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sun, 11 Dec 2022 22:58:51 GMT

GET
H/1.1 200
OK dest5.html Show response
aaanortheast.demdex.net/ Frame 0BFE 7 KB
3 KB 187ms
44ms Document
text/html 52.209.194.100
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://aaanortheast.demdex.net/dest5.html?d_nsid=0

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/c0e73f44ef33452babf4efe81baa1b482ed0ca98/satelliteLib-eaeb14e639d9c16e6550a4be4dc38d49846c3e8f.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.209.194.100 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-209-194-100.eu-west-1.compute.amazonaws.com

Software

Resource Hash

7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://travel.northeast.aaa.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 2791
Content-Type: text/html;charset=UTF-8
DCS: dcs-prod-irl1-1-v045-0ed41892e.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: BKGoQUQlQlQ=
content-encoding: gzip
date: Sun, 11 Dec 2022 22:58:52 GMT
last-modified: Fri, 28 Oct 2022 11:02:57 GMT
vary: accept-encoding

GET
H2 200 id Show response
mcdmetrics.aaa.com/ 48 B
461 B 118ms
33ms XHR
application/x-javascript 13.36.218.177
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://mcdmetrics.aaa.com/id?d_visid_ver=5.5.0&d_fieldgroup=A&mcorgid=F5237FF958248ED40A495E58%40AdobeOrg&mid=90836290612127289793115849536662397014&ts=1670799531996

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/c0e73f44ef33452babf4efe81baa1b482ed0ca98/satelliteLib-eaeb14e639d9c16e6550a4be4dc38d49846c3e8f.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.36.218.177 Paris, France, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-13-36-218-177.eu-west-3.compute.amazonaws.com

Software

jag /

Resource Hash

addfb6cc8049b942d00890f6029abfbd486bc37fab0f3c3b2a73a16b2f8ace6f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://travel.northeast.aaa.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Sun, 11 Dec 2022 22:58:52 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
server: jag
vary: Origin
content-type: application/x-javascript;charset=utf-8
access-control-allow-origin: https://travel.northeast.aaa.com
p3p: CP="This is not a P3P policy"
cache-control: no-cache, no-store, max-age=0, no-transform, private
access-control-allow-credentials: true
content-length: 48
x-xss-protection: 1; mode=block

GET
H/1.1

200
OK

ibs:dpid=411&dpuuid=Y5ZgrAAAAKSJFwNx
dpm.demdex.net/
Redirect Chain

https://cm.everesttech.net/cm/dd?d_uuid=91328979210809023573138061579162110992
https://dpm.demdex.net/ibs:dpid=411&dpuuid=Y5ZgrAAAAKSJFwNx

42 B
942 B

48ms
47ms

Image
image/gif

34.251.90.149
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=411&dpuuid=Y5ZgrAAAAKSJFwNx

Requested by

Protocol

HTTP/1.1

Server

34.251.90.149 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-251-90-149.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

DCS: dcs-prod-irl1-2-v045-0f822ad5b.edge-irl1.demdex.com 2 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: 8+Md2bP4Q8I=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Content-Type: image/gif
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

Location: https://dpm.demdex.net/ibs:dpid=411&dpuuid=Y5ZgrAAAAKSJFwNx
Date: Sun, 11 Dec 2022 22:58:52 GMT
Cache-Control: no-cache
Server: AMO-cookiemap/1.1
Connection: keep-alive
Content-Length: 0
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"

GET
H2 200 json Show response
mcdmetrics2.aaa.com/m2/aaanortheast/mbox/ 96 B
750 B 191ms
63ms XHR
application/json 3.248.2.215
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://mcdmetrics2.aaa.com/m2/aaanortheast/mbox/json?mbox=target-global-mbox&mboxSession=a65df53ebf1a4195ac9c6ce0eb132d39&mboxPC=&mboxPage=aaf186ec86ef4ca09b618689e2742a47&mboxRid=79475cc0e3494e63b7a4f34d0cece068&mboxVersion=1.8.3&mboxCount=1&mboxTime=1670799531836&mboxHost=travel.northeast.aaa.com&mboxURL=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FsKHVj7O3RAWhevDLVmXnGw%2Fconsumer%2Fbooking%3Ftst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dcar_insurance&mboxReferrer=&mboxXDomain=enabled&browserHeight=1200&browserWidth=1600&browserTimeOffset=0&screenHeight=1200&screenWidth=1600&colorDepth=24&devicePixelRatio=1&screenOrientation=landscape&webGLRenderer=Intel%20Iris%20OpenGL%20Engine&mboxMCSDID=0481339BC0A30F49-14DBDCA032495C10&vst.trk=mcdmetric.aaa.com&vst.trks=mcdmetrics.aaa.com&mboxMCGVID=90836290612127289793115849536662397014&mboxAAMB=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&mboxMCGLH=6
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/c0e73f44ef33452babf4efe81baa1b482ed0ca98/satelliteLib-eaeb14e639d9c16e6550a4be4dc38d49846c3e8f.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.248.2.215 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-248-2-215.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 8957ac4c6b017a9018a7cdbc5df93e3e66d8f2716603895b12965329066a4a9c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 22:58:52 GMT
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
p3p: CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
access-control-allow-origin: https://travel.northeast.aaa.com
content-type: application/json;charset=UTF-8
cache-control: no-cache
access-control-allow-credentials: true
timing-allow-origin: *
content-length: 96
x-request-id: 79475cc0e3494e63b7a4f34d0cece068

POST
H3 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 28ms
28ms XHR
text/plain 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j98&a=1590830776&t=pageview&_s=1&dl=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FsKHVj7O3RAWhevDLVmXnGw%2Fconsumer%2Fbooking%3Ftst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dcar_insurance&ul=en-us&de=UTF-8&dt=Travel%20Booking&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aEHAAEABAAAAACAEK~&jid=1575802704&gjid=2043256583&cid=1978167713.1670799532&tid=UA-96133587-4&_gid=1998948539.1670799532&_r=1&gtm=2wgbu0T6BPC96&cd1=000&cd2=Travel&cd3=TST&cd108=travel.northeast.aaa.com%2Ftrip%2FsKHVj7O3RAWhevDLVmXnGw%2Fconsumer%2Fbooking&cd109=&cd111=&cd156=531752876.1670799531594&cd161=Not%20Collected&z=100541711

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://travel.northeast.aaa.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 22:58:52 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://travel.northeast.aaa.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

OPTIONS
H2 200 /
sessions.bugsnag.com/ Frame 0
0 220ms
169ms Preflight 2600:1901:0:7a0b::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://sessions.bugsnag.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:1901:0:7a0b:: Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: bugsnag-api-key,bugsnag-payload-version,bugsnag-sent-at,content-type
Access-Control-Request-Method: POST
Origin: https://travel.northeast.aaa.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

access-control-allow-headers: Origin, Content-Type, Accept, Authorization, User-Agent, Referer, X-Forwarded-For, Bugsnag-Api-Key, Bugsnag-Payload-Version, Bugsnag-Sent-At
access-control-allow-methods: POST
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
date: Sun, 11 Dec 2022 22:58:52 GMT
via: 1.1 google

POST
H3 202 / Show response
sessions.bugsnag.com/ 21 B
35 B 228ms
184ms XHR
application/json 2600:1901:0:7a0b::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://sessions.bugsnag.com/
Requested by: Host: d2wy8f7a9ursnm.cloudfront.net
URL: https://d2wy8f7a9ursnm.cloudfront.net/v7/bugsnag.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2600:1901:0:7a0b:: Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: 0ba7c0356149946bf0642fab4ef85b95e7090f6f785d0fb84323d0c442e5190a

Request headers

Bugsnag-Payload-Version: 1
Referer: https://travel.northeast.aaa.com/
Bugsnag-Sent-At: 2022-12-11T22:58:52.045Z
accept-language: de-DE,de;q=0.9
Bugsnag-Api-Key: 36d1a525468562b55876a446329823be
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
Content-Type: application/json

Response headers

access-control-allow-origin: *
date: Sun, 11 Dec 2022 22:58:52 GMT
via: 1.1 google
bugsnag-session-uuid: 33dd8a33-6b3c-4467-a333-861cae273861
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 21
content-type: application/json

GET
H2 200 / Show response
lasteventf-tm.everesttech.net/ 0
218 B 91ms
20ms XHR
text/plain 151.101.130.49
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://lasteventf-tm.everesttech.net/?_les_imsOrgId=F5237FF958248ED40A495E58@AdobeOrg&_les_sdid=0481339BC0A30F49-14DBDCA032495C10&_les_last_search_click=&_les_rsid=aaanortheastprod&_les_mid=90836290612127289793115849536662397014&_les_url=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FsKHVj7O3RAWhevDLVmXnGw%2Fconsumer%2Fbooking%3Ftst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dcar_insurance
Requested by: Host: www.everestjs.net
URL: https://www.everestjs.net/static/le/last-event-tag-latest.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.130.49 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: Varnish /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

x-cache-hits: 0
date: Sun, 11 Dec 2022 22:58:52 GMT
via: 1.1 varnish
server: Varnish
x-timer: S1670799532.126350,VS0,VE0
x-cache: MISS
content-type: text/plain
access-control-allow-origin: https://travel.northeast.aaa.com
access-control-allow-credentials: true
accept-ranges: bytes
content-length: 0
retry-after: 0
x-served-by: cache-hhn-etou8220046-HHN

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 179 KB
65 KB 44ms
44ms Script
application/javascript 2a00:1450:4001:827::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-1063159333&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-W79ZLQ

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

2bd376c8680d10b5e90728b05cbeff2a06e7e78e716e1e9a88c7f28e961a83d8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 22:58:52 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 66900
x-xss-protection: 0
last-modified: Sun, 11 Dec 2022 21:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sun, 11 Dec 2022 22:58:52 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 179 KB
65 KB 53ms
52ms Script
application/javascript 2a00:1450:4001:827::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-748297981&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-W79ZLQ

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

21529ace5e017a1a5845e389580655e46303449dabf8c782a748f60396142207

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 22:58:52 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 66916
x-xss-protection: 0
last-modified: Sun, 11 Dec 2022 21:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sun, 11 Dec 2022 22:58:52 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 111 KB
43 KB 33ms
33ms Script
application/javascript 2a00:1450:4001:827::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=DC-8520721&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-W79ZLQ

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

2911aa3b401cbda8e461b964ddf87d0a9657b52bea06af815275c5f992b7d613

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 22:58:52 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44117
x-xss-protection: 0
last-modified: Sun, 11 Dec 2022 21:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sun, 11 Dec 2022 22:58:52 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
448 B 84ms
27ms XHR
text/plain 2a00:1450:400c:c04::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-55392727-1&cid=1978167713.1670799532&jid=1999845315&gjid=1656586987&_gid=1998948539.1670799532&_u=aEDAAEAAAAAAACAEK~&z=1120206766

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c04::9c Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://travel.northeast.aaa.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Sun, 11 Dec 2022 22:58:52 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://travel.northeast.aaa.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/1063159333/ 2 KB
2 KB 116ms
67ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1063159333/?random=1670799532086&cv=11&fst=1670799532086&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1600&u_h=1200&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FsKHVj7O3RAWhevDLVmXnGw%2Fconsumer%2Fbooking%3Ftst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dcar_insurance&tiba=Travel%20Booking&auid=540394295.1670799532&uaw=0&data=event%3Dgtag.config&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-1063159333

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

26d53a78b9b713f13ed8cbeac11c0bb2c54d6c54e8b064d78d45ba0824c8156c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 22:58:52 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 961
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 404 TST-Icon-Font.woff
travel.northeast.aaa.com/home/jenkins/agent/workspace/ui-tsttravel/ui-tsttravel-single-manual/ui-tsttravel-webservices/src/client/webservices/app/stylesheets/fonts/ 0
0 115ms
114ms Font
text/html 184.72.128.159
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://travel.northeast.aaa.com/home/jenkins/agent/workspace/ui-tsttravel/ui-tsttravel-single-manual/ui-tsttravel-webservices/src/client/webservices/app/stylesheets/fonts/TST-Icon-Font.woff

Requested by

Host: travel.northeast.aaa.com
URL: https://travel.northeast.aaa.com/web-services/assets/resource/stylesheets/legacy-confirmation-styles.css

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

184.72.128.159 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-184-72-128-159.compute-1.amazonaws.com

Software

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .tstllc.net .aaa.com ama.ab.ca .amatravel.ca .atlantic.caa.ca .caamanitoba.com .caaneo.ca .caask.ca .caaniagara.ca *.caascotravel.com
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://travel.northeast.aaa.com/web-services/assets/resource/stylesheets/legacy-confirmation-styles.css
Origin: https://travel.northeast.aaa.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 22:58:52 GMT
content-encoding: gzip
content-security-policy: frame-ancestors 'self' *.tstllc.net *.aaa.com ama.ab.ca *.amatravel.ca *.atlantic.caa.ca *.caamanitoba.com *.caaneo.ca *.caask.ca *.caaniagara.ca *.caascotravel.com
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/html

GET
H/1.1 200
OK ProximaNovaRegular.woff2
s3.amazonaws.com/tstllc-assets/fonts/proxima-nova/ProximaNova-Regular/ 17 KB
18 KB 306ms
137ms Font
binary/octet-stream 52.217.199.16
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s3.amazonaws.com/tstllc-assets/fonts/proxima-nova/ProximaNova-Regular/ProximaNovaRegular.woff2
Requested by: Host: s3.amazonaws.com
URL: https://s3.amazonaws.com/tstllc-assets/fonts/proxima-nova/proxima-nova.min.css
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.217.199.16 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-1.amazonaws.com
Software: AmazonS3 /
Resource Hash: fd9044a309ef7d51ad98d6a471d5ba00af04478843631e0cf5e2bfc36b509c2c

Request headers

Referer: https://s3.amazonaws.com/tstllc-assets/fonts/proxima-nova/proxima-nova.min.css
Origin: https://travel.northeast.aaa.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Date: Sun, 11 Dec 2022 22:58:53 GMT
x-amz-version-id: null
Last-Modified: Tue, 18 Sep 2018 14:07:11 GMT
Server: AmazonS3
x-amz-request-id: H27FCFFSXYNPS291
ETag: "1c43f9c5378fbcf84333719c88c6b0e0"
Access-Control-Max-Age: 3000
Vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
Access-Control-Allow-Methods: GET, HEAD
Access-Control-Allow-Origin: *
Content-Type: binary/octet-stream
Accept-Ranges: bytes
Content-Length: 17728
x-amz-id-2: neYIGTS5Sd/48IWWleqOkJRDn/eV9LjCPUjJ1Cmp72w5CKf1NaR80clPzYD0DDCje9c9R0hRsAA=

GET
DATA 200
OK truncated
/ 34 KB
34 KB Font
application/x-font-woff

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8aa5efde86c226b1c6daaa9e29be64ba62beb170ec6329bde6927f77c9292b02

Request headers

Referer
Origin: https://travel.northeast.aaa.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Content-Type: application/x-font-woff;charset=utf-8

GET
H2 200 inspectlet.js Show response
cdn.inspectlet.com/ 188 KB
62 KB 91ms
35ms Script
text/javascript 2606:4700:10::ac43:aac
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.inspectlet.com/inspectlet.js?wid=801161170&r=464110
Requested by: Host: travel.northeast.aaa.com
URL: https://travel.northeast.aaa.com/trip/sKHVj7O3RAWhevDLVmXnGw/consumer/booking?tst_email=confirmation&utm_source=conf_email&utm_medium=email&utm_campaign=car_insurance
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:aac , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5d554121551df68e414c85920b6541d2e92251a189ff19a4b1f8dffe97ce1cb5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 22:58:52 GMT
via: 1.1 vegur
content-encoding: gzip
cf-cache-status: HIT
last-modified: Sun, 11 Dec 2022 22:58:40 GMT
server: cloudflare
age: 12
vary: Accept-Encoding
content-type: text/javascript;charset=UTF-8
cache-control: s-maxage=60, max-age=14400
cf-ray: 7781d3d459d09957-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

POST
H3 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
25 B 86ms
28ms XHR
text/plain 2a00:1450:400c:c04::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-96133587-4&cid=1978167713.1670799532&jid=1575802704&gjid=2043256583&_gid=1998948539.1670799532&_u=aEHAAEABAAAAACAEK~&z=68446528

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400c:c04::9c Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://travel.northeast.aaa.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Sun, 11 Dec 2022 22:58:52 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://travel.northeast.aaa.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
501 B 85ms
34ms Image
image/gif 2a00:1450:4001:82f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-55392727-1&cid=1978167713.1670799532&jid=1999845315&_u=aEDAAEAAAAAAACAEK~&z=408854128

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 22:58:52 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
501 B 86ms
34ms Image
image/gif 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-55392727-1&cid=1978167713.1670799532&jid=1999845315&_u=aEDAAEAAAAAAACAEK~&z=408854128

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 22:58:52 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
region1.google-analytics.com/g/ 0
353 B 80ms
28ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-65YG7JM4M0&gtm=2oebu0&_p=1590830776&cid=1978167713.1670799532&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1670799532&sct=1&seg=0&dl=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FsKHVj7O3RAWhevDLVmXnGw%2Fconsumer%2Fbooking%3Ftst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dcar_insurance&dt=Travel%20Booking&en=page_view&_fv=1&_ss=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-65YG7JM4M0&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 22:58:52 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://travel.northeast.aaa.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 smiley-ratings.png
travel.northeast.aaa.com/web-services/assets/images/ 88 KB
89 KB 116ms
116ms Image
image/png 184.72.128.159
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://travel.northeast.aaa.com/web-services/assets/images/smiley-ratings.png

Requested by

Host: travel.northeast.aaa.com
URL: https://travel.northeast.aaa.com/web-services/assets/resource/stylesheets/legacy-confirmation-styles.css

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

184.72.128.159 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-184-72-128-159.compute-1.amazonaws.com

Software

/ Express

Resource Hash

b3f085bdbf23c973cba5bf8877b0ec61659a40b65e853515674c9f3be383def6

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .tstllc.net .aaa.com ama.ab.ca .amatravel.ca .atlantic.caa.ca .caamanitoba.com .caaneo.ca .caask.ca .caaniagara.ca *.caascotravel.com
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/web-services/assets/resource/stylesheets/legacy-confirmation-styles.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 22:58:52 GMT
content-security-policy: frame-ancestors 'self' *.tstllc.net *.aaa.com ama.ab.ca *.amatravel.ca *.atlantic.caa.ca *.caamanitoba.com *.caaneo.ca *.caask.ca *.caaniagara.ca *.caascotravel.com
strict-transport-security: max-age=31536000; includeSubDomains
last-modified: Fri, 09 Dec 2022 16:56:45 GMT
x-powered-by: Express
etag: W/"161dc-184f7d163b9"
content-type: image/png
cache-control: public, max-age=0
accept-ranges: bytes
content-length: 90588

GET
DATA 200
OK truncated
/ 20 KB
20 KB Font
font/opentype

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8b3e8e10db2f90bdb8710b478c200588b2396146e4b07b22a795ad79e062360f

Request headers

Referer
Origin: https://travel.northeast.aaa.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Content-Type: font/opentype

GET
H2 404 fontawesome-webfont.woff2
travel.northeast.aaa.com/home/jenkins/agent/workspace/ui-tsttravel/ui-tsttravel-single-manual/lib/font-awesome/fonts/ 0
0 117ms
116ms Font
text/html 184.72.128.159
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://travel.northeast.aaa.com/home/jenkins/agent/workspace/ui-tsttravel/ui-tsttravel-single-manual/lib/font-awesome/fonts/fontawesome-webfont.woff2?v=4.7.0

Requested by

Host: travel.northeast.aaa.com
URL: https://travel.northeast.aaa.com/web-services/assets/resource/stylesheets/legacy-confirmation-styles.css

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

184.72.128.159 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-184-72-128-159.compute-1.amazonaws.com

Software

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .tstllc.net .aaa.com ama.ab.ca .amatravel.ca .atlantic.caa.ca .caamanitoba.com .caaneo.ca .caask.ca .caaniagara.ca *.caascotravel.com
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://travel.northeast.aaa.com/web-services/assets/resource/stylesheets/legacy-confirmation-styles.css
Origin: https://travel.northeast.aaa.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 22:58:52 GMT
content-encoding: gzip
content-security-policy: frame-ancestors 'self' *.tstllc.net *.aaa.com ama.ab.ca *.amatravel.ca *.atlantic.caa.ca *.caamanitoba.com *.caaneo.ca *.caask.ca *.caaniagara.ca *.caascotravel.com
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/html

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/748297981/ 2 KB
986 B 110ms
68ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/748297981/?random=1670799532253&cv=11&fst=1670799532253&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1600&u_h=1200&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FsKHVj7O3RAWhevDLVmXnGw%2Fconsumer%2Fbooking%3Ftst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dcar_insurance&tiba=Travel%20Booking&auid=540394295.1670799532&uaw=0&data=event%3Dgtag.config&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-748297981&l=dataLayer&cx=c

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

896dc606e60744d210d3cf5adcd413273fa7033bd99a94955193f20554b29fdd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 22:58:52 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 960
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
DATA 200
OK truncated
/ 22 KB
22 KB Font
font/opentype

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8f5f43c8df2ecc31862880c3645d2d0a6d067467e9de9a302d683d92e78af63a

Request headers

Referer
Origin: https://travel.northeast.aaa.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Content-Type: font/opentype

GET
H2 404 TST-Icon-Font.ttf
travel.northeast.aaa.com/home/jenkins/agent/workspace/ui-tsttravel/ui-tsttravel-single-manual/ui-tsttravel-webservices/src/client/webservices/app/stylesheets/fonts/ 0
0 156ms
156ms Font
text/html 184.72.128.159
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://travel.northeast.aaa.com/home/jenkins/agent/workspace/ui-tsttravel/ui-tsttravel-single-manual/ui-tsttravel-webservices/src/client/webservices/app/stylesheets/fonts/TST-Icon-Font.ttf

Requested by

Host: travel.northeast.aaa.com
URL: https://travel.northeast.aaa.com/web-services/assets/resource/stylesheets/legacy-confirmation-styles.css

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

184.72.128.159 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-184-72-128-159.compute-1.amazonaws.com

Software

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .tstllc.net .aaa.com ama.ab.ca .amatravel.ca .atlantic.caa.ca .caamanitoba.com .caaneo.ca .caask.ca .caaniagara.ca *.caascotravel.com
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://travel.northeast.aaa.com/web-services/assets/resource/stylesheets/legacy-confirmation-styles.css
Origin: https://travel.northeast.aaa.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 22:58:52 GMT
content-encoding: gzip
content-security-policy: frame-ancestors 'self' *.tstllc.net *.aaa.com ama.ab.ca *.amatravel.ca *.atlantic.caa.ca *.caamanitoba.com *.caaneo.ca *.caask.ca *.caaniagara.ca *.caascotravel.com
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/html

GET
H2 200 AAANationalAdInfo Show response
travel.northeast.aaa.com/trip/api/trips/sKHVj7O3RAWhevDLVmXnGw/ 79 B
404 B 149ms
148ms XHR
application/json 184.72.128.159
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://travel.northeast.aaa.com/trip/api/trips/sKHVj7O3RAWhevDLVmXnGw/AAANationalAdInfo

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

184.72.128.159 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-184-72-128-159.compute-1.amazonaws.com

Software

Resource Hash

3bf32ec3a0fda567c36a8b061e6eb736d5c75348a9f789dcbeeb0cb7c5eb724c

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .tstllc.net .aaa.com ama.ab.ca .amatravel.ca .atlantic.caa.ca .caamanitoba.com .caaneo.ca .caask.ca .caaniagara.ca *.caascotravel.com
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/trip/sKHVj7O3RAWhevDLVmXnGw/consumer/booking?tst_email=confirmation&utm_source=conf_email&utm_medium=email&utm_campaign=car_insurance
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 22:58:52 GMT
content-security-policy: frame-ancestors 'self' *.tstllc.net *.aaa.com ama.ab.ca *.amatravel.ca *.atlantic.caa.ca *.caamanitoba.com *.caaneo.ca *.caask.ca *.caaniagara.ca *.caascotravel.com
referrer-policy: origin-when-cross-origin, strict-origin-when-cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
trace-id: 3a3f4e556d6d81c7
content-length: 79
content-type: application/json

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
792 B 682ms
31ms Script
application/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=travel.northeast.aaa.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 22:58:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
549 B 672ms
28ms Script
application/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=travel.northeast.aaa.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 22:58:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 859 B
528 B 146ms
98ms XHR
text/plain 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=4015206837985073&correlator=1199848389208494&eid=31070872%2C44761477&output=ldjh&gdfp_req=1&vrg=2022120501&ptt=17&impl=fifs&iu_parts=307753755%2CAAA_Confirmation_Page&enc_prev_ius=%2F0%2F1&prev_iu_szs=160x600&ifi=1&adks=1883487226&sfv=1-0-40&sc=1&cookie_enabled=1&abxe=1&dt=1670799532387&lmt=1670799532&dlt=1670799530711&idt=1362&adxs=1420&adys=280&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=1&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FsKHVj7O3RAWhevDLVmXnGw%2Fconsumer%2Fbooking%3Ftst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dcar_insurance&frm=20&vis=1&psz=1600x1200&msz=160x600&fws=0&ohw=0&ga_vid=1978167713.1670799532&ga_sid=1670799532&ga_hid=1590830776&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c68974caa3b56591634bdbc73bdfbbdefddd42caddee99cecb72f4f264116575

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 22:58:52 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 499
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://travel.northeast.aaa.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
b0f1e222212d38141686220c8720529a.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame B4BD 6 KB
3 KB 106ms
28ms Document
text/html 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://b0f1e222212d38141686220c8720529a.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://travel.northeast.aaa.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Sun, 11 Dec 2022 22:58:53 GMT
expires: Mon, 11 Dec 2023 22:58:53 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 103 KB
28 KB 654ms
25ms Script
application/x-javascript 2a03:2880:f01c:216:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:216:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

737be8d2a2db4d729155190f62d3b1f656cdaec35b42b59eeeda3043246a50cd

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Sun, 11 Dec 2022 22:58:53 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 27317
x-fb-rlafr: 0
x-xss-protection: 0
pragma: public
x-fb-debug: ZTkIe7UBwvxLikrt8idQg/tANp7xnqUCiawN4vhy6qJaxUmvZOL6ecD8UE+xtKEJqwhwbXIfL5kFpTz0YO71zQ==
x-fb-trip-id: 686109401
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=1200
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 conversion.js Show response
www.googleadservices.com/pagead/ 45 KB
17 KB 700ms
70ms Script
text/javascript 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion.js

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/c0e73f44ef33452babf4efe81baa1b482ed0ca98/satelliteLib-eaeb14e639d9c16e6550a4be4dc38d49846c3e8f.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

ebcd43274f956ef6d5c0f690695cc56c35a3a77180c9d1b80791febe4e27f601

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://travel.northeast.aaa.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date: Sun, 11 Dec 2022 22:58:53 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16823
x-xss-protection: 0
server: cafe
etag: 6351308751113588399
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Sun, 11 Dec 2022 22:58:53 GMT

GET
H3 200 gtm.js Show response
www.googletagmanager.com/ 390 KB
97 KB 87ms
86ms Script
application/javascript 2a00:1450:4001:827::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-TJ469T8&l=aaa_gtm_dm

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

f886c98604a1761d6c24ee2f0b66274b64e169eee9e5c45f009937a1e60f08de

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 22:58:52 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 99005
x-xss-protection: 0
last-modified: Sun, 11 Dec 2022 21:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sun, 11 Dec 2022 22:58:52 GMT

GET
H2 200 insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 13 KB
5 KB 642ms
24ms Script
application/x-javascript 2a02:26f0:3500:16::215:14a0
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by: Host: travel.northeast.aaa.com
URL: https://travel.northeast.aaa.com/trip/sKHVj7O3RAWhevDLVmXnGw/consumer/booking?tst_email=confirmation&utm_source=conf_email&utm_medium=email&utm_campaign=car_insurance
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:16::215:14a0 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 641153b2ad78e5d095645419060a4ea0854b1b3ec5ff27e99644c9f8d461610c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 22:58:53 GMT
content-encoding: gzip
last-modified: Thu, 17 Nov 2022 18:52:45 GMT
x-cdn: AKAM
vary: Accept-Encoding
content-type: application/x-javascript;charset=utf-8
cache-control: max-age=54708
accept-ranges: bytes
content-length: 4581

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
107 B 334ms
33ms Image
image/gif 2a00:1450:4001:82f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-96133587-4&cid=1978167713.1670799532&jid=1575802704&_u=aEHAAEABAAAAACAEK~&z=243198695

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 22:58:52 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
107 B 353ms
52ms Image
image/gif 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-96133587-4&cid=1978167713.1670799532&jid=1575802704&_u=aEHAAEABAAAAACAEK~&z=243198695

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 22:58:52 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 404 fontawesome-webfont.woff
travel.northeast.aaa.com/home/jenkins/agent/workspace/ui-tsttravel/ui-tsttravel-single-manual/lib/font-awesome/fonts/ 0
0 145ms
144ms Font
text/html 184.72.128.159
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://travel.northeast.aaa.com/home/jenkins/agent/workspace/ui-tsttravel/ui-tsttravel-single-manual/lib/font-awesome/fonts/fontawesome-webfont.woff?v=4.7.0

Requested by

Host: travel.northeast.aaa.com
URL: https://travel.northeast.aaa.com/web-services/assets/resource/stylesheets/legacy-confirmation-styles.css

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

184.72.128.159 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-184-72-128-159.compute-1.amazonaws.com

Software

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .tstllc.net .aaa.com ama.ab.ca .amatravel.ca .atlantic.caa.ca .caamanitoba.com .caaneo.ca .caask.ca .caaniagara.ca *.caascotravel.com
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://travel.northeast.aaa.com/web-services/assets/resource/stylesheets/legacy-confirmation-styles.css
Origin: https://travel.northeast.aaa.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 22:58:52 GMT
content-encoding: gzip
content-security-policy: frame-ancestors 'self' *.tstllc.net *.aaa.com ama.ab.ca *.amatravel.ca *.atlantic.caa.ca *.caamanitoba.com *.caaneo.ca *.caask.ca *.caaniagara.ca *.caascotravel.com
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/html

GET
H2 200 jsonp Show response
travel.northeast.aaa.com/web-services/assets/featureToggles/ld/ 115 B
471 B 118ms
118ms XHR
text/javascript 184.72.128.159
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://travel.northeast.aaa.com/web-services/assets/featureToggles/ld/jsonp?key=ItineraryAccessPoint&anonymous=false&callback=jQuery360086212632638671_1670799531645&_=1670799531646

Requested by

Host: travel.northeast.aaa.com
URL: https://travel.northeast.aaa.com/web-services/assets/resource/js/legacy-confirmation-page-bundle.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

184.72.128.159 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-184-72-128-159.compute-1.amazonaws.com

Software

/ Express

Resource Hash

07d8d7373422a00853059ed4c210787aa2dd23e9fcc9a8da9f5ad72db5eb38cb

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .tstllc.net .aaa.com ama.ab.ca .amatravel.ca .atlantic.caa.ca .caamanitoba.com .caaneo.ca .caask.ca .caaniagara.ca *.caascotravel.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept: text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Referer: https://travel.northeast.aaa.com/trip/sKHVj7O3RAWhevDLVmXnGw/consumer/booking?tst_email=confirmation&utm_source=conf_email&utm_medium=email&utm_campaign=car_insurance
X-Requested-With: XMLHttpRequest
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 22:58:53 GMT
content-security-policy: frame-ancestors 'self' *.tstllc.net *.aaa.com ama.ab.ca *.amatravel.ca *.atlantic.caa.ca *.caamanitoba.com *.caaneo.ca *.caask.ca *.caaniagara.ca *.caascotravel.com
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
x-powered-by: Express
etag: W/"73-5f8k0AIell1W6piY3Zv7IhtfxUs"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
content-length: 115

GET
DATA 200
OK truncated
/ 38 B
0 Image
image/webp

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 05632bd17ae6013db11864ba86f363756e305cd5a56ee788fe20774ed6c750f9

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Content-Type: image/webp

GET
H3 200 /
www.google.com/pagead/1p-user-list/1063159333/ 42 B
64 B 33ms
33ms Image
image/gif 2a00:1450:4001:82f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/1063159333/?random=1670799532086&cv=11&fst=1670796000000&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FsKHVj7O3RAWhevDLVmXnGw%2Fconsumer%2Fbooking%3Ftst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dcar_insurance&tiba=Travel%20Booking&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=957491326&rmt_tld=0&ipr=y

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 22:58:53 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.de/pagead/1p-user-list/1063159333/ 42 B
64 B 36ms
35ms Image
image/gif 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/1063159333/?random=1670799532086&cv=11&fst=1670796000000&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FsKHVj7O3RAWhevDLVmXnGw%2Fconsumer%2Fbooking%3Ftst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dcar_insurance&tiba=Travel%20Booking&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=957491326&rmt_tld=1&ipr=y

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 22:58:53 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 404 fontawesome-webfont.ttf
travel.northeast.aaa.com/home/jenkins/agent/workspace/ui-tsttravel/ui-tsttravel-single-manual/lib/font-awesome/fonts/ 0
0 115ms
115ms Font
text/html 184.72.128.159
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://travel.northeast.aaa.com/home/jenkins/agent/workspace/ui-tsttravel/ui-tsttravel-single-manual/lib/font-awesome/fonts/fontawesome-webfont.ttf?v=4.7.0

Requested by

Host: travel.northeast.aaa.com
URL: https://travel.northeast.aaa.com/web-services/assets/resource/stylesheets/legacy-confirmation-styles.css

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

184.72.128.159 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-184-72-128-159.compute-1.amazonaws.com

Software

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .tstllc.net .aaa.com ama.ab.ca .amatravel.ca .atlantic.caa.ca .caamanitoba.com .caaneo.ca .caask.ca .caaniagara.ca *.caascotravel.com
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://travel.northeast.aaa.com/web-services/assets/resource/stylesheets/legacy-confirmation-styles.css
Origin: https://travel.northeast.aaa.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 22:58:53 GMT
content-encoding: gzip
content-security-policy: frame-ancestors 'self' *.tstllc.net *.aaa.com ama.ab.ca *.amatravel.ca *.atlantic.caa.ca *.caamanitoba.com *.caaneo.ca *.caask.ca *.caaniagara.ca *.caascotravel.com
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/html

GET
H/1.1

200
OK

ibs:dpid=269&dpuuid=7ea36396-60ad-4c00-88ba-e5d5a93f14e2&ddsuuid=91328979210809023573138061579162110992
dpm.demdex.net/ Frame 0BFE
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=10004&mt_exuid=91328979210809023573138061579162110992&redir=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D269%26dpuuid%3D[MM_UUID]%26ddsuuid%3d91328979210809...
https://dpm.demdex.net/ibs:dpid=269&dpuuid=7ea36396-60ad-4c00-88ba-e5d5a93f14e2&ddsuuid=91328979210809023573138061579162110992

42 B
942 B

47ms
46ms

Image
image/gif

34.251.90.149
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=269&dpuuid=7ea36396-60ad-4c00-88ba-e5d5a93f14e2&ddsuuid=91328979210809023573138061579162110992

Requested by

Protocol

HTTP/1.1

Server

34.251.90.149 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-251-90-149.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aaanortheast.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

DCS: dcs-prod-irl1-2-v045-03da2f349.edge-irl1.demdex.com 1 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: hTgBeMdbSuI=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Content-Type: image/gif
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

Date: Sun, 11 Dec 2022 22:58:53 GMT
Server: MT3 180 1fd3e2d master zrh-pixel-x2 config:1.0.0
Content-Type: image/gif
Access-Control-Allow-Origin: *
location: https://dpm.demdex.net/ibs:dpid=269&dpuuid=7ea36396-60ad-4c00-88ba-e5d5a93f14e2&ddsuuid=91328979210809023573138061579162110992
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache
Connection: keep-alive
Keep-Alive: timeout=360
Content-Length: 0
Expires: Sun, 11 Dec 2022 22:58:52 GMT

GET
H2 200 TST-Icon-Font.woff
travel.northeast.aaa.com/web-services/assets/stylesheets/fonts/ 33 KB
34 KB 117ms
117ms Font
font/woff 184.72.128.159
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://travel.northeast.aaa.com/web-services/assets/stylesheets/fonts/TST-Icon-Font.woff

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

184.72.128.159 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-184-72-128-159.compute-1.amazonaws.com

Software

/ Express

Resource Hash

13e3f896db6fea2e223e274e381af0e81c016292b4e3ee0be3dd5cfdd07af88f

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .tstllc.net .aaa.com ama.ab.ca .amatravel.ca .atlantic.caa.ca .caamanitoba.com .caaneo.ca .caask.ca .caaniagara.ca *.caascotravel.com
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://travel.northeast.aaa.com/trip/sKHVj7O3RAWhevDLVmXnGw/consumer/booking?tst_email=confirmation&utm_source=conf_email&utm_medium=email&utm_campaign=car_insurance
Origin: https://travel.northeast.aaa.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 22:58:53 GMT
content-security-policy: frame-ancestors 'self' *.tstllc.net *.aaa.com ama.ab.ca *.amatravel.ca *.atlantic.caa.ca *.caamanitoba.com *.caaneo.ca *.caask.ca *.caaniagara.ca *.caascotravel.com
strict-transport-security: max-age=31536000; includeSubDomains
last-modified: Fri, 09 Dec 2022 16:56:45 GMT
x-powered-by: Express
etag: W/"84ec-184f7d16409"
content-type: font/woff
cache-control: public, max-age=0
accept-ranges: bytes
content-length: 34028

GET
H3 200 /
www.google.com/pagead/1p-user-list/748297981/ 42 B
64 B 35ms
35ms Image
image/gif 2a00:1450:4001:82f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/748297981/?random=1670799532253&cv=11&fst=1670796000000&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FsKHVj7O3RAWhevDLVmXnGw%2Fconsumer%2Fbooking%3Ftst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dcar_insurance&tiba=Travel%20Booking&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=1697584337&rmt_tld=0&ipr=y

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 22:58:53 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.de/pagead/1p-user-list/748297981/ 42 B
64 B 34ms
34ms Image
image/gif 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/748297981/?random=1670799532253&cv=11&fst=1670796000000&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FsKHVj7O3RAWhevDLVmXnGw%2Fconsumer%2Fbooking%3Ftst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dcar_insurance&tiba=Travel%20Booking&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=1697584337&rmt_tld=1&ipr=y

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 22:58:53 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/995747453/ 2 KB
1 KB 67ms
66ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/995747453/?random=1670799533382&cv=9&fst=1670799533382&num=1&guid=ON&resp=GooglemKTybQhCsO&eid=375603261&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&sendb=1&ig=1&frm=0&url=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FsKHVj7O3RAWhevDLVmXnGw%2Fconsumer%2Fbooking%3Ftst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dcar_insurance&tiba=Travel%20Booking&hn=www.googleadservices.com&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

518899507a58ef7dc4db56241feb800578ea5f2ec55b59c56dca110f936274cd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 22:58:53 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1008
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 token Show response
cdn.linkedin.oribi.io/partner/2021154/domain/travel.northeast.aaa.com/ 36 B
373 B 24ms
23ms XHR
application/json 2600:9000:20eb:ee00:2:53b2:240:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.linkedin.oribi.io/partner/2021154/domain/travel.northeast.aaa.com/token
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20eb:ee00:2:53b2:240:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 7b1eaaaf180a13c29b6dddc3b0ae23333b4397e0f3c065b4c86da2f2530a5f89

Request headers

Accept: *
Referer: https://travel.northeast.aaa.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
Content-Type: application/json

Response headers

date: Sun, 11 Dec 2022 22:58:35 GMT
content-encoding: gzip
via: 1.1 1d67a4c00b06651cb6daa95ec3f21f9a.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C1
age: 18
vary: accept-encoding
x-cache: Hit from cloudfront
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=3600
x-amz-cf-id: j9uS0BdY5ZQnwpAoZrjrBEpONj3KyKCrLUxkcVrwBKwind6el-hgSA==

GET
H2

200

collect
px4.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=2021154&time=1670799533388&url=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FsKHVj7O3RAWhevDLVmXnGw%2Fconsumer%2Fbooking%3Ftst_email%3Dconfirmat...
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D2021154%26time%3D1670799533388%26url%3Dhttps%253A%252F%252Ftravel.northeast.aaa.c...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=2021154&time=1670799533388&url=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FsKHVj7O3RAWhevDLVmXnGw%2Fconsumer%2Fbooking%3Ftst_email%3Dconfirmat...
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=2021154&time=1670799533388&url=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FsKHVj7O3RAWhevDLVmXnGw%2Fconsumer%2Fbooking%3Ftst_email%3Dconfirma...

0
265 B

241ms
168ms

Image
application/javascript

13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=2021154&time=1670799533388&url=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FsKHVj7O3RAWhevDLVmXnGw%2Fconsumer%2Fbooking%3Ftst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dcar_insurance&liSync=true&e_ipv6=AQKFHpl9Zw17jwAAAYUDaadMz7H0zVAO9wBTpNPd9jkwBHCwIbaDjIbkMb2es1enhDWvVm4R1gnDjQ
Requested by: Host: travel.northeast.aaa.com
URL: https://travel.northeast.aaa.com/trip/sKHVj7O3RAWhevDLVmXnGw/consumer/booking?tst_email=confirmation&utm_source=conf_email&utm_medium=email&utm_campaign=car_insurance
Protocol: H2
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 22:58:53 GMT
x-li-pop: afd-prod-ltx1-x
x-msedge-ref: Ref A: EDCDFC6C54754209B4C257395EB274D7 Ref B: FRAEDGE1709 Ref C: 2022-12-11T22:58:54Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
content-type: application/javascript
x-li-fabric: prod-ltx1
x-li-proto: http/2
content-length: 0
x-li-uuid: AAXvlVS5CiWOBsDKZK4wXg==

Redirect headers

date: Sun, 11 Dec 2022 22:58:53 GMT
x-li-pop: afd-prod-ltx1-x
x-msedge-ref: Ref A: 887F08F3D4D247F2ABE0831005FAF8E0 Ref B: FRAEDGE2018 Ref C: 2022-12-11T22:58:53Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-ltx1
location: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=2021154&time=1670799533388&url=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FsKHVj7O3RAWhevDLVmXnGw%2Fconsumer%2Fbooking%3Ftst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dcar_insurance&liSync=true&e_ipv6=AQKFHpl9Zw17jwAAAYUDaadMz7H0zVAO9wBTpNPd9jkwBHCwIbaDjIbkMb2es1enhDWvVm4R1gnDjQ
x-li-proto: http/2
content-length: 0
x-li-uuid: AAXvlVS1TOILftYfRjZyaw==

GET
H3 200 136696297006053 Show response
connect.facebook.net/signals/config/ 294 KB
84 KB 45ms
21ms Script
application/x-javascript 2a03:2880:f01c:216:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/136696297006053?v=2.9.89&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f01c:216:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

d789477acfadf97e5798506acc8e55d7f11a9a51807d3edc13e1ac592997d487

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Sun, 11 Dec 2022 22:58:53 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 86334
x-fb-rlafr: 0
x-xss-protection: 0
pragma: public
x-fb-debug: LMgaInyZ8mEb5YaT9HwPnyNqVP5aPIHkfUUbewAMIxESK7WEvP+xgpqpXu0oB1/PLC7LNk149doY4kkyrv+/RA==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=1200
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 RC2e88a81f2a034f11adad3cd878b22242-source.min.js Show response
assets.adobedtm.com/5ddcd7778a26/f8fc72cd597d/89ed724d5d88/ 580 B
629 B 21ms
21ms Script
application/x-javascript 2a02:26f0:3500:587::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/5ddcd7778a26/f8fc72cd597d/89ed724d5d88/RC2e88a81f2a034f11adad3cd878b22242-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/c0e73f44ef33452babf4efe81baa1b482ed0ca98/satelliteLib-eaeb14e639d9c16e6550a4be4dc38d49846c3e8f.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:587::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 425149f776ce3188f504a799706d51cb75e7b4b811ea4e9d5e981aa5080865ec

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 22:58:53 GMT
content-encoding: gzip
last-modified: Thu, 08 Dec 2022 18:13:46 GMT
server: AkamaiNetStorage
etag: "fcad905560ab06c0aa86aebad4f379e5:1670523226.102259"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://travel.northeast.aaa.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 358
expires: Sun, 11 Dec 2022 23:58:53 GMT

GET
H2 200 RCe50f3c3740444528b1f414e8d2232900-source.min.js Show response
assets.adobedtm.com/5ddcd7778a26/f8fc72cd597d/89ed724d5d88/ 447 B
562 B 23ms
23ms Script
application/x-javascript 2a02:26f0:3500:587::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/5ddcd7778a26/f8fc72cd597d/89ed724d5d88/RCe50f3c3740444528b1f414e8d2232900-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/c0e73f44ef33452babf4efe81baa1b482ed0ca98/satelliteLib-eaeb14e639d9c16e6550a4be4dc38d49846c3e8f.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:587::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 5fa87130a1e4ff5306f760e2125a2e91e48c628a84fc4c84d0180be950829080

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 22:58:53 GMT
content-encoding: gzip
last-modified: Thu, 08 Dec 2022 18:13:46 GMT
server: AkamaiNetStorage
etag: "fcad905560ab06c0aa86aebad4f379e5:1670523226.102259"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://travel.northeast.aaa.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 292
expires: Sun, 11 Dec 2022 23:58:53 GMT

GET
H2 200 RC05a8fa05392c426a929661d6b3dc0dbd-source.min.js Show response
assets.adobedtm.com/5ddcd7778a26/f8fc72cd597d/89ed724d5d88/ 404 B
535 B 23ms
23ms Script
application/x-javascript 2a02:26f0:3500:587::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/5ddcd7778a26/f8fc72cd597d/89ed724d5d88/RC05a8fa05392c426a929661d6b3dc0dbd-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/c0e73f44ef33452babf4efe81baa1b482ed0ca98/satelliteLib-eaeb14e639d9c16e6550a4be4dc38d49846c3e8f.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:587::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 98860e376b483292b9d55b6930a5e5514ee8e422ac36c40e9ea1ceb041860e9b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 22:58:53 GMT
content-encoding: gzip
last-modified: Thu, 08 Dec 2022 18:13:46 GMT
server: AkamaiNetStorage
etag: "fcad905560ab06c0aa86aebad4f379e5:1670523226.102259"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://travel.northeast.aaa.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 264
expires: Sun, 11 Dec 2022 23:58:53 GMT

GET
H2 200 RC8ebc475ac1be40528ce64ff1ecd6490e-source.min.js Show response
assets.adobedtm.com/5ddcd7778a26/f8fc72cd597d/89ed724d5d88/ 676 B
669 B 21ms
21ms Script
application/x-javascript 2a02:26f0:3500:587::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/5ddcd7778a26/f8fc72cd597d/89ed724d5d88/RC8ebc475ac1be40528ce64ff1ecd6490e-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/c0e73f44ef33452babf4efe81baa1b482ed0ca98/satelliteLib-eaeb14e639d9c16e6550a4be4dc38d49846c3e8f.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:587::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: c646bcb4225cd7654a1bcc52efdbca4265ae892fa5791a6bc0ebcc330f358ff4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 22:58:53 GMT
content-encoding: gzip
last-modified: Thu, 08 Dec 2022 18:13:46 GMT
server: AkamaiNetStorage
etag: "fcad905560ab06c0aa86aebad4f379e5:1670523226.102259"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://travel.northeast.aaa.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 398
expires: Sun, 11 Dec 2022 23:58:53 GMT

GET
H2 200 RCfe4a7062cc9544f78e7517e23c93c4a3-source.min.js Show response
assets.adobedtm.com/5ddcd7778a26/f8fc72cd597d/89ed724d5d88/ 642 B
630 B 21ms
21ms Script
application/x-javascript 2a02:26f0:3500:587::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/5ddcd7778a26/f8fc72cd597d/89ed724d5d88/RCfe4a7062cc9544f78e7517e23c93c4a3-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/c0e73f44ef33452babf4efe81baa1b482ed0ca98/satelliteLib-eaeb14e639d9c16e6550a4be4dc38d49846c3e8f.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:587::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 4a4f0777bfb9572cb278aca310fe904b5726ae60cfbde4ace23255d18c7bf0fc

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 22:58:53 GMT
content-encoding: gzip
last-modified: Thu, 08 Dec 2022 18:13:46 GMT
server: AkamaiNetStorage
etag: "fcad905560ab06c0aa86aebad4f379e5:1670523226.102259"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://travel.northeast.aaa.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 359
expires: Sun, 11 Dec 2022 23:58:53 GMT

POST
H2 200 interact Show response
adobedc.demdex.net/ee/v1/ 8 KB
3 KB 154ms
71ms Fetch
application/json 13.36.218.177
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://adobedc.demdex.net/ee/v1/interact?configId=0c320b08-f1d1-4a2f-b47d-889410ccd7a3&requestId=7244e2cf-4c6f-4784-9d5a-92d0d94ee573

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/c0e73f44ef33452babf4efe81baa1b482ed0ca98/satelliteLib-eaeb14e639d9c16e6550a4be4dc38d49846c3e8f.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.36.218.177 Paris, France, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-13-36-218-177.eu-west-3.compute.amazonaws.com

Software

jag /

Resource Hash

8b603d0a4b1759b08582cbf53d885cabda4bccfe304f916c1b64ad363b84fa0d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://travel.northeast.aaa.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
Content-Type: text/plain; charset=UTF-8

Response headers

date: Sun, 11 Dec 2022 22:58:52 GMT
content-encoding: deflate
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
x-rate-limit-remaining: 599
x-adobe-edge: IRL1;6
x-xss-protection: 1; mode=block
x-request-id: 7244e2cf-4c6f-4784-9d5a-92d0d94ee573
server: jag
vary: Origin
content-type: application/json;charset=utf-8
access-control-allow-origin: https://travel.northeast.aaa.com
access-control-expose-headers: Retry-After, X-Adobe-Edge, X-Request-ID
cache-control: no-cache, no-store, max-age=0, no-transform, private
access-control-allow-credentials: true
x-konductor: 22.11.2:836cd9b5

GET
H2 200 main_37f93cebd6888daeae25442881204685.br.js Show response
assets.bounceexchange.com/assets/smart-tag/versioned/ 377 KB
73 KB 84ms
20ms Script
text/javascript 34.98.72.95
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.bounceexchange.com/assets/smart-tag/versioned/main_37f93cebd6888daeae25442881204685.br.js
Requested by: Host: tag.wknd.ai
URL: https://tag.wknd.ai/3328/i.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 95.72.98.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: a796e91dc42aef7823610e7b41f1effdcd4f6f8bd06ce3380e24d5d30cfc1919

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 19:46:00 GMT
content-encoding: br
age: 357173
x-guploader-uploadid: ADPycdsH4M5alf13uQiNwvwB3bM1OiBrgmsi95h68kxDoFbPtoGbPhtzR_67k7ZZ-RHu_74946PSXTbrAKFKIktWtMwUFg
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: br
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 74683
last-modified: Wed, 07 Dec 2022 19:45:50 GMT
server: UploadServer
etag: "24de2a33288bb795c686bbe8a091aa2d"
x-goog-generation: 1670442350591913
x-goog-hash: crc32c=ux3Ydg==, md5=JN4qMyiLt5XGhrvooJGqLQ==
access-control-allow-origin: *
access-control-expose-headers: etag, Content-Type
cache-control: public,max-age=31536000
x-goog-stored-content-length: 74683
accept-ranges: bytes
content-type: text/javascript
expires: Thu, 07 Dec 2023 19:46:00 GMT

GET
H2 200 cjs_min_62f4846d97d6cffa05fd709123de3ea8.js Show response
assets.bounceexchange.com/assets/smart-tag/versioned/ 46 KB
15 KB 104ms
41ms Script
text/javascript 34.98.72.95
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.bounceexchange.com/assets/smart-tag/versioned/cjs_min_62f4846d97d6cffa05fd709123de3ea8.js
Requested by: Host: tag.wknd.ai
URL: https://tag.wknd.ai/3328/i.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 95.72.98.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 9366be9dc7f0c13655e2a45ce1df32f55b937efc0878b30954969c88151f1482

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 21:25:12 GMT
content-encoding: gzip
age: 264821
x-guploader-uploadid: ADPycdvrEw7682aYqx6lqn_ZTS4u8op-nW_OIw0D-nwA74GuwiJPKFScuDehH5hYE2d0jkYUs2PsCDSJMSPf6WvsrR-Fog
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15082
last-modified: Thu, 08 Dec 2022 21:24:53 GMT
server: UploadServer
etag: "02aa3508d07729296f81673e76733b97"
x-goog-generation: 1670534693607850
x-goog-hash: crc32c=NV2AHw==, md5=Aqo1CNB3KSlvgWc+dnM7lw==
access-control-allow-origin: *
access-control-expose-headers: etag, Content-Type
cache-control: public,max-age=31536000,no-transform
x-goog-stored-content-length: 15082
accept-ranges: bytes
content-type: text/javascript; charset=utf-8
expires: Fri, 08 Dec 2023 21:25:12 GMT

OPTIONS
H2 200 token
cdn.linkedin.oribi.io/partner/2021154/domain/travel.northeast.aaa.com/ Frame 0
0 98ms
20ms Preflight 2600:9000:20eb:ee00:2:53b2:240:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.linkedin.oribi.io/partner/2021154/domain/travel.northeast.aaa.com/token
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20eb:ee00:2:53b2:240:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: GET
Origin: https://travel.northeast.aaa.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

access-control-allow-headers: content-type
access-control-allow-methods: GET
access-control-allow-origin: *
access-control-max-age: 1800
age: 37898
allow: GET, HEAD, POST, PUT, DELETE, OPTIONS, PATCH
content-length: 0
date: Sun, 11 Dec 2022 12:27:15 GMT
via: 1.1 1d67a4c00b06651cb6daa95ec3f21f9a.cloudfront.net (CloudFront)
x-amz-cf-id: Xd2TXGxtJ5T-FFk8N_SiIaO1a21iQebvXqc6IOjIXrqLNcU1-He1Tg==
x-amz-cf-pop: FRA2-C1
x-cache: Hit from cloudfront

GET
H2 200 jsonp Show response
travel.northeast.aaa.com/web-services/assets/featureToggles/ld/ 115 B
471 B 119ms
118ms XHR
text/javascript 184.72.128.159
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://travel.northeast.aaa.com/web-services/assets/featureToggles/ld/jsonp?key=CruiseSuccessfulSyncMessaging&anonymous=false&callback=jQuery360086212632638671_1670799531645&_=1670799531647

Requested by

Host: travel.northeast.aaa.com
URL: https://travel.northeast.aaa.com/web-services/assets/resource/js/legacy-confirmation-page-bundle.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

184.72.128.159 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-184-72-128-159.compute-1.amazonaws.com

Software

/ Express

Resource Hash

07d8d7373422a00853059ed4c210787aa2dd23e9fcc9a8da9f5ad72db5eb38cb

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .tstllc.net .aaa.com ama.ab.ca .amatravel.ca .atlantic.caa.ca .caamanitoba.com .caaneo.ca .caask.ca .caaniagara.ca *.caascotravel.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept: text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Referer: https://travel.northeast.aaa.com/trip/sKHVj7O3RAWhevDLVmXnGw/consumer/booking?tst_email=confirmation&utm_source=conf_email&utm_medium=email&utm_campaign=car_insurance
X-Requested-With: XMLHttpRequest
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 22:58:53 GMT
content-security-policy: frame-ancestors 'self' *.tstllc.net *.aaa.com ama.ab.ca *.amatravel.ca *.atlantic.caa.ca *.caamanitoba.com *.caaneo.ca *.caask.ca *.caaniagara.ca *.caascotravel.com
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
x-powered-by: Express
etag: W/"73-5f8k0AIell1W6piY3Zv7IhtfxUs"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
content-length: 115

GET
H2 403 licensee Show response
travel.northeast.aaa.com/v1/prepack/ 570 B
837 B 119ms
118ms Fetch
application/json 184.72.128.159
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://travel.northeast.aaa.com/v1/prepack/licensee

Requested by

Host: d2wy8f7a9ursnm.cloudfront.net
URL: https://d2wy8f7a9ursnm.cloudfront.net/v7/bugsnag.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

184.72.128.159 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-184-72-128-159.compute-1.amazonaws.com

Software

Resource Hash

beb0512234a9e452ac5202c6919ea871ae8f78cec6e14e800e5fc0204d90009f

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .tstllc.net .aaa.com ama.ab.ca .amatravel.ca .atlantic.caa.ca .caamanitoba.com .caaneo.ca .caask.ca .caaniagara.ca *.caascotravel.com
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/trip/sKHVj7O3RAWhevDLVmXnGw/consumer/booking?tst_email=confirmation&utm_source=conf_email&utm_medium=email&utm_campaign=car_insurance
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 22:58:53 GMT
content-security-policy: frame-ancestors 'self' *.tstllc.net *.aaa.com ama.ab.ca *.amatravel.ca *.atlantic.caa.ca *.caamanitoba.com *.caaneo.ca *.caask.ca *.caaniagara.ca *.caascotravel.com
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 570
vary: Origin
content-type: application/json

GET
H/1.1

200
OK

ibs:dpid=359&dpuuid=e5Kaf4RE1P4vhz5
dpm.demdex.net/ Frame 0BFE
Redirect Chain

https://pm.w55c.net/ping_match.gif?st=dmx&rurl=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D359%26dpuuid%3D_wfivefivec_
https://pm.w55c.net/ping_match.gif?scc=1&st=dmx&rurl=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D359%26dpuuid%3D_wfivefivec_
https://dpm.demdex.net/ibs:dpid=359&dpuuid=e5Kaf4RE1P4vhz5

42 B
942 B

47ms
47ms

Image
image/gif

34.251.90.149
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=359&dpuuid=e5Kaf4RE1P4vhz5

Requested by

Protocol

HTTP/1.1

Server

34.251.90.149 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-251-90-149.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aaanortheast.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

DCS: dcs-prod-irl1-2-v045-0fb9f79b9.edge-irl1.demdex.com 1 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: kvTLnut/TWs=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Content-Type: image/gif
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

Pragma: no-cache
Date: Sun, 11 Dec 2022 22:58:52 GMT
Strict-Transport-Security: max-age=2592000; includeSubDomains
Server: PingMatch/595ea14#595ea1444a96c0bdac4aa333a73d7028cf966fc7 i-001aff4bca77297e8@eu-central-1b@dxedge-app-eu-central-1-prod-asg
Location: https://dpm.demdex.net/ibs:dpid=359&dpuuid=e5Kaf4RE1P4vhz5
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/997673764/ 2 KB
968 B 99ms
99ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/997673764/?random=1670799533487&cv=11&fst=1670799533487&bg=ffffff&guid=ON&async=1&gtm=2wgbu0&u_w=1600&u_h=1200&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FsKHVj7O3RAWhevDLVmXnGw%2Fconsumer%2Fbooking%3Ftst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dcar_insurance&tiba=Travel%20Booking&auid=540394295.1670799532&uaw=0&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TJ469T8&l=aaa_gtm_dm

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

cc38549498881477498ba5a0f2a85a88df4f2c1e461fa8f152a7fa44289b0df5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 22:58:53 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 944
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/994591697/ 2 KB
969 B 69ms
69ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/994591697/?random=1670799533490&cv=11&fst=1670799533490&bg=ffffff&guid=ON&async=1&gtm=2wgbu0&u_w=1600&u_h=1200&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FsKHVj7O3RAWhevDLVmXnGw%2Fconsumer%2Fbooking%3Ftst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dcar_insurance&tiba=Travel%20Booking&auid=540394295.1670799532&uaw=0&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TJ469T8&l=aaa_gtm_dm

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

cbf31c46d7e5115896c60f30663172023e7b53cdb5e248a23195d4175aeb0219

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 22:58:53 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 945
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/956500681/ 2 KB
967 B 67ms
67ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/956500681/?random=1670799533491&cv=11&fst=1670799533491&bg=ffffff&guid=ON&async=1&gtm=2wgbu0&u_w=1600&u_h=1200&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FsKHVj7O3RAWhevDLVmXnGw%2Fconsumer%2Fbooking%3Ftst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dcar_insurance&tiba=Travel%20Booking&auid=540394295.1670799532&uaw=0&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TJ469T8&l=aaa_gtm_dm

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

51250d44520b41cd820c338af8c1a64bd31144fcc1f5d67fb4bac9727cf59db1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 22:58:53 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 943
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/995747453/ 2 KB
968 B 67ms
67ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/995747453/?random=1670799533492&cv=11&fst=1670799533492&bg=ffffff&guid=ON&async=1&gtm=2wgbu0&u_w=1600&u_h=1200&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FsKHVj7O3RAWhevDLVmXnGw%2Fconsumer%2Fbooking%3Ftst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dcar_insurance&tiba=Travel%20Booking&auid=540394295.1670799532&uaw=0&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TJ469T8&l=aaa_gtm_dm

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

30ccb7969d43ec4a016a7a11920784bb62e7fecf6fd2a85f33592dd6f40e5320

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 22:58:53 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 944
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/962827280/ 2 KB
967 B 68ms
68ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/962827280/?random=1670799533493&cv=11&fst=1670799533493&bg=ffffff&guid=ON&async=1&gtm=2wgbu0&u_w=1600&u_h=1200&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FsKHVj7O3RAWhevDLVmXnGw%2Fconsumer%2Fbooking%3Ftst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dcar_insurance&tiba=Travel%20Booking&auid=540394295.1670799532&uaw=0&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TJ469T8&l=aaa_gtm_dm

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

25ccfc857a24966c640e4ea9c44f31aa1471e7d83d056bad5ca1369cff3d4ecc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 22:58:53 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 943
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/994252266/ 2 KB
968 B 99ms
99ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/994252266/?random=1670799533494&cv=11&fst=1670799533494&bg=ffffff&guid=ON&async=1&gtm=2wgbu0&u_w=1600&u_h=1200&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FsKHVj7O3RAWhevDLVmXnGw%2Fconsumer%2Fbooking%3Ftst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dcar_insurance&tiba=Travel%20Booking&auid=540394295.1670799532&uaw=0&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TJ469T8&l=aaa_gtm_dm

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

49864210648870e225231dfcc7c5272679ac1cd0f53392b9cd26281eaa6c247d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 22:58:53 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 944
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 bat.js Show response
bat.bing.com/ 38 KB
12 KB 102ms
44ms Script
application/javascript 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/bat.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TJ469T8&l=aaa_gtm_dm

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

f2c4b7d20ff42a433d0c76631c460cd75128f8f0436d052ce2cf79dc4fa6a244

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
date: Sun, 11 Dec 2022 22:58:53 GMT
last-modified: Mon, 05 Dec 2022 17:15:50 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 7B50D5D1B8FA4A5EB86AD1A5FF0AF34F Ref B: FRA31EDGE0706 Ref C: 2022-12-11T22:58:53Z
etag: "027e538cd8d91:0"
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript
access-control-allow-origin: *
cache-control: private,max-age=1800
accept-ranges: bytes
content-length: 11460

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 110 KB
43 KB 33ms
33ms Script
application/javascript 2a00:1450:4001:827::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=DC-10010677

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TJ469T8&l=aaa_gtm_dm

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

0e09c0eda1b65c1b9c5ef830608b43572ce302b8496a18e2f4792ca2c9cb809c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 22:58:53 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44136
x-xss-protection: 0
last-modified: Sun, 11 Dec 2022 21:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sun, 11 Dec 2022 22:58:53 GMT

GET
H3

200

/
www.google.de/pagead/1p-user-list/768643034/
Redirect Chain

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/768643034/?random=1670799533492&cv=11&fst=1670799533492&fmt=3&bg=ffffff&guid=ON&async=1&gtm=2wgbu0&u_w=1600&u_h=1200&hn=www.googlead...
https://www.google.com/pagead/1p-user-list/768643034/?random=1670799533492&cv=11&fst=1670796000000&fmt=3&bg=ffffff&guid=ON&async=1&gtm=2wgbu0&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Ftravel.northe...
https://www.google.de/pagead/1p-user-list/768643034/?random=1670799533492&cv=11&fst=1670796000000&fmt=3&bg=ffffff&guid=ON&async=1&gtm=2wgbu0&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Ftravel.northea...

42 B
64 B

35ms
34ms

Image
image/gif

2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/768643034/?random=1670799533492&cv=11&fst=1670796000000&fmt=3&bg=ffffff&guid=ON&async=1&gtm=2wgbu0&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FsKHVj7O3RAWhevDLVmXnGw%2Fconsumer%2Fbooking%3Ftst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dcar_insurance&tiba=Travel%20Booking&is_vtc=1&random=1538700102&ipr=y

Requested by

Protocol

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 22:58:53 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 11 Dec 2022 22:58:53 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
location: https://www.google.de/pagead/1p-user-list/768643034/?random=1670799533492&cv=11&fst=1670796000000&fmt=3&bg=ffffff&guid=ON&async=1&gtm=2wgbu0&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FsKHVj7O3RAWhevDLVmXnGw%2Fconsumer%2Fbooking%3Ftst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dcar_insurance&tiba=Travel%20Booking&is_vtc=1&random=1538700102&ipr=y
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

/
www.google.de/pagead/1p-user-list/969619756/
Redirect Chain

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/969619756/?random=1670799533492&cv=11&fst=1670799533492&fmt=3&bg=ffffff&guid=ON&async=1&gtm=2wgbu0&u_w=1600&u_h=1200&hn=www.googlead...
https://www.google.com/pagead/1p-user-list/969619756/?random=1670799533492&cv=11&fst=1670796000000&fmt=3&bg=ffffff&guid=ON&async=1&gtm=2wgbu0&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Ftravel.northe...
https://www.google.de/pagead/1p-user-list/969619756/?random=1670799533492&cv=11&fst=1670796000000&fmt=3&bg=ffffff&guid=ON&async=1&gtm=2wgbu0&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Ftravel.northea...

42 B
64 B

41ms
39ms

Image
image/gif

2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/969619756/?random=1670799533492&cv=11&fst=1670796000000&fmt=3&bg=ffffff&guid=ON&async=1&gtm=2wgbu0&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FsKHVj7O3RAWhevDLVmXnGw%2Fconsumer%2Fbooking%3Ftst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dcar_insurance&tiba=Travel%20Booking&is_vtc=1&random=525422975&ipr=y

Requested by

Protocol

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 22:58:53 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 11 Dec 2022 22:58:53 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
location: https://www.google.de/pagead/1p-user-list/969619756/?random=1670799533492&cv=11&fst=1670796000000&fmt=3&bg=ffffff&guid=ON&async=1&gtm=2wgbu0&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FsKHVj7O3RAWhevDLVmXnGw%2Fconsumer%2Fbooking%3Ftst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dcar_insurance&tiba=Travel%20Booking&is_vtc=1&random=525422975&ipr=y
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

/
www.google.de/pagead/1p-user-list/836762974/
Redirect Chain

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/836762974/?random=1670799533492&cv=11&fst=1670799533492&fmt=3&bg=ffffff&guid=ON&async=1&gtm=2wgbu0&u_w=1600&u_h=1200&hn=www.googlead...
https://www.google.com/pagead/1p-user-list/836762974/?random=1670799533492&cv=11&fst=1670796000000&fmt=3&bg=ffffff&guid=ON&async=1&gtm=2wgbu0&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Ftravel.northe...
https://www.google.de/pagead/1p-user-list/836762974/?random=1670799533492&cv=11&fst=1670796000000&fmt=3&bg=ffffff&guid=ON&async=1&gtm=2wgbu0&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Ftravel.northea...

42 B
64 B

40ms
38ms

Image
image/gif

2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/836762974/?random=1670799533492&cv=11&fst=1670796000000&fmt=3&bg=ffffff&guid=ON&async=1&gtm=2wgbu0&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FsKHVj7O3RAWhevDLVmXnGw%2Fconsumer%2Fbooking%3Ftst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dcar_insurance&tiba=Travel%20Booking&is_vtc=1&random=4113221402&ipr=y

Requested by

Protocol

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 22:58:53 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 11 Dec 2022 22:58:53 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
location: https://www.google.de/pagead/1p-user-list/836762974/?random=1670799533492&cv=11&fst=1670796000000&fmt=3&bg=ffffff&guid=ON&async=1&gtm=2wgbu0&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FsKHVj7O3RAWhevDLVmXnGw%2Fconsumer%2Fbooking%3Ftst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dcar_insurance&tiba=Travel%20Booking&is_vtc=1&random=4113221402&ipr=y
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

/
www.google.de/pagead/1p-user-list/933849799/
Redirect Chain

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/933849799/?random=1670799533493&cv=11&fst=1670799533493&fmt=3&bg=ffffff&guid=ON&async=1&gtm=2wgbu0&u_w=1600&u_h=1200&hn=www.googlead...
https://www.google.com/pagead/1p-user-list/933849799/?random=1670799533493&cv=11&fst=1670796000000&fmt=3&bg=ffffff&guid=ON&async=1&gtm=2wgbu0&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Ftravel.northe...
https://www.google.de/pagead/1p-user-list/933849799/?random=1670799533493&cv=11&fst=1670796000000&fmt=3&bg=ffffff&guid=ON&async=1&gtm=2wgbu0&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Ftravel.northea...

42 B
64 B

40ms
39ms

Image
image/gif

2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/933849799/?random=1670799533493&cv=11&fst=1670796000000&fmt=3&bg=ffffff&guid=ON&async=1&gtm=2wgbu0&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FsKHVj7O3RAWhevDLVmXnGw%2Fconsumer%2Fbooking%3Ftst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dcar_insurance&tiba=Travel%20Booking&is_vtc=1&random=1853226135&ipr=y

Requested by

Protocol

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 22:58:53 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 11 Dec 2022 22:58:53 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
location: https://www.google.de/pagead/1p-user-list/933849799/?random=1670799533493&cv=11&fst=1670796000000&fmt=3&bg=ffffff&guid=ON&async=1&gtm=2wgbu0&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FsKHVj7O3RAWhevDLVmXnGw%2Fconsumer%2Fbooking%3Ftst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dcar_insurance&tiba=Travel%20Booking&is_vtc=1&random=1853226135&ipr=y
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 fontawesome-webfont.woff
travel.northeast.aaa.com/web-services/assets/stylesheets/fonts/ 34 KB
34 KB 119ms
118ms Font
font/woff 184.72.128.159
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://travel.northeast.aaa.com/web-services/assets/stylesheets/fonts/fontawesome-webfont.woff

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

184.72.128.159 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-184-72-128-159.compute-1.amazonaws.com

Software

/ Express

Resource Hash

4e58b78b5844a988d67532b4683a6e8b3235b3d56d319727e65f460805bbdec4

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .tstllc.net .aaa.com ama.ab.ca .amatravel.ca .atlantic.caa.ca .caamanitoba.com .caaneo.ca .caask.ca .caaniagara.ca *.caascotravel.com
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://travel.northeast.aaa.com/trip/sKHVj7O3RAWhevDLVmXnGw/consumer/booking?tst_email=confirmation&utm_source=conf_email&utm_medium=email&utm_campaign=car_insurance
Origin: https://travel.northeast.aaa.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 22:58:53 GMT
content-security-policy: frame-ancestors 'self' *.tstllc.net *.aaa.com ama.ab.ca *.amatravel.ca *.atlantic.caa.ca *.caamanitoba.com *.caaneo.ca *.caask.ca *.caaniagara.ca *.caascotravel.com
strict-transport-security: max-age=31536000; includeSubDomains
last-modified: Fri, 09 Dec 2022 16:56:45 GMT
x-powered-by: Express
etag: W/"8674-184f7d16419"
content-type: font/woff
cache-control: public, max-age=0
accept-ranges: bytes
content-length: 34420

GET
H3 200 /
www.google.com/pagead/1p-user-list/995747453/ 42 B
64 B 33ms
32ms Image
image/gif 2a00:1450:4001:82f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/995747453/?random=1670799533382&cv=9&fst=1670796000000&num=1&guid=ON&eid=375603261&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&sendb=1&frm=0&url=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FsKHVj7O3RAWhevDLVmXnGw%2Fconsumer%2Fbooking%3Ftst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dcar_insurance&tiba=Travel%20Booking&fmt=3&is_vtc=1&random=2318043788&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 22:58:53 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.de/pagead/1p-user-list/995747453/ 42 B
64 B 35ms
34ms Image
image/gif 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/995747453/?random=1670799533382&cv=9&fst=1670796000000&num=1&guid=ON&eid=375603261&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&sendb=1&frm=0&url=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FsKHVj7O3RAWhevDLVmXnGw%2Fconsumer%2Fbooking%3Ftst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dcar_insurance&tiba=Travel%20Booking&fmt=3&is_vtc=1&random=2318043788&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 22:58:53 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 403 2512.js
cdn.pbbl.co/r/ 0
0 96ms
19ms Script
text/html 13.224.189.4
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.pbbl.co/r/2512.js
Requested by: Host: travel.northeast.aaa.com
URL: https://travel.northeast.aaa.com/trip/sKHVj7O3RAWhevDLVmXnGw/consumer/booking?tst_email=confirmation&utm_source=conf_email&utm_medium=email&utm_campaign=car_insurance
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.189.4 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-189-4.fra2.r.cloudfront.net
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

GET
H2 200 /
www.facebook.com/tr/ 0
185 B 76ms
22ms Image
text/plain 2a03:2880:f11c:8083:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=136696297006053&ev=PageView&dl=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FsKHVj7O3RAWhevDLVmXnGw%2Fconsumer%2Fbooking%3Ftst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dcar_insurance&rl=&if=false&ts=1670799533536&sw=1600&sh=1200&v=2.9.89&r=stable&ec=0&o=30&fbp=fb.1.1670799533533.1767295109&it=1670799533399&coo=false&rqm=GET

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Sun, 11 Dec 2022 22:58:53 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

POST
H2 200 801161170 Show response
hn.inspectlet.com/ginit/ 214 B
466 B 250ms
241ms XHR
application/json 2606:4700:10::ac43:aac
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://hn.inspectlet.com/ginit/801161170
Requested by: Host: cdn.inspectlet.com
URL: https://cdn.inspectlet.com/inspectlet.js?wid=801161170&r=464110
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:aac , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: 47aac4d4133f05ce70bc2ffe8d0c542921150a9e6f67146b97a1884494141fc0

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://travel.northeast.aaa.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

date: Sun, 11 Dec 2022 22:58:53 GMT
via: 1.1 vegur
content-encoding: gzip
cf-cache-status: DYNAMIC
server: cloudflare
x-powered-by: Express
etag: W/"d6-t+O3D/C4TxcZ1N0wC6WJXg"
access-control-allow-methods: GET, POST
content-type: application/json; charset=utf-8
access-control-allow-origin: https://travel.northeast.aaa.com
cache-control: no-cache
access-control-allow-credentials: true
cf-ray: 7781d3dcc9d99957-FRA
access-control-allow-headers: X-Requested-With, Content-Type
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 inbox_dbcafa82ba21334528d547ee82a14869.br.js Show response
assets.bounceexchange.com/assets/smart-tag/versioned/ 73 KB
19 KB 65ms
22ms Script
text/javascript 34.98.72.95
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.bounceexchange.com/assets/smart-tag/versioned/inbox_dbcafa82ba21334528d547ee82a14869.br.js
Requested by: Host: assets.bounceexchange.com
URL: https://assets.bounceexchange.com/assets/smart-tag/versioned/main_37f93cebd6888daeae25442881204685.br.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 95.72.98.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: c56617b3dabcfa00d7b20aa2b2e76ff3f4483fb67abb4bdcef754d617617d537

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Thu, 01 Dec 2022 21:04:58 GMT
content-encoding: br
age: 870835
x-guploader-uploadid: ADPycdusp1xU4yBXhebRbVL-u30uw9QlcZ9Ugu5vQN-ndE5UQcKY7arDyIcCP-Ax6nGpO97SFicLLwJiHhkdd024jHLV_w
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: br
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 19212
last-modified: Thu, 01 Dec 2022 21:04:45 GMT
server: UploadServer
etag: "b3024b00232fa083e1e1ad8aee0aef0b"
x-goog-generation: 1669928685364358
x-goog-hash: crc32c=QpYP6Q==, md5=swJLACMvoIPh4a2K7grvCw==
access-control-allow-origin: *
access-control-expose-headers: etag, Content-Type
cache-control: public,max-age=31536000
x-goog-stored-content-length: 19212
accept-ranges: bytes
content-type: text/javascript
expires: Fri, 01 Dec 2023 21:04:58 GMT

GET
H3 200 onsite_31d1be90b0e321456f3b3cf5a3139526.br.js Show response
assets.bounceexchange.com/assets/smart-tag/versioned/ 161 KB
34 KB 68ms
26ms Script
text/javascript 34.98.72.95
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.bounceexchange.com/assets/smart-tag/versioned/onsite_31d1be90b0e321456f3b3cf5a3139526.br.js
Requested by: Host: assets.bounceexchange.com
URL: https://assets.bounceexchange.com/assets/smart-tag/versioned/main_37f93cebd6888daeae25442881204685.br.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 95.72.98.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 2c9b2486941b18c4e3485fd402acc4f226d5431ae18e3596e8b97d9c9e3dd943

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 19:46:07 GMT
content-encoding: br
age: 357166
x-guploader-uploadid: ADPycdsoc9SVUCmH2V9rujRJ4RVjsx_-mUxhJCmwtgeV7qfA3PH0-qbVCPTJwUZ3aArTrsTp7r0a5K1S-92gy5FflP1a
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: br
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 34896
last-modified: Wed, 07 Dec 2022 19:45:55 GMT
server: UploadServer
etag: "66d13690db2542bee2878ce9364dd099"
x-goog-generation: 1670442355554780
x-goog-hash: crc32c=cvatHg==, md5=ZtE2kNslQr7ih4zpNk3QmQ==
access-control-allow-origin: *
access-control-expose-headers: etag, Content-Type
cache-control: public,max-age=31536000
x-goog-stored-content-length: 34896
accept-ranges: bytes
content-type: text/javascript
expires: Thu, 07 Dec 2023 19:46:07 GMT

GET
H/1.1 200
OK / Show response
data.cdnbasket.net/ 14 B
338 B 846ms
132ms XHR
application/json 34.117.96.210
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://data.cdnbasket.net/
Requested by: Host: cdn.inspectlet.com
URL: https://cdn.inspectlet.com/inspectlet.js?wid=801161170&r=464110
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 34.117.96.210 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 210.96.117.34.bc.googleusercontent.com
Software: /
Resource Hash: d5559d3b0cee55783bedf2468ef7d7e02f60eca4bb91ccd8ec0fbbba1644b8bf

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 11 Dec 2022 22:58:54 GMT
Transfer-Encoding: chunked
Content-Type: application/json
Access-Control-Allow-Origin: *
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Access-Control-Allow-Headers: Origin, Content-Type, Accept
Expires: 0

GET
H/1.1 200
OK / Show response
page.cdnbasket.net/ 14 B
338 B 739ms
133ms XHR
application/json 34.149.149.159
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://page.cdnbasket.net/
Requested by: Host: cdn.inspectlet.com
URL: https://cdn.inspectlet.com/inspectlet.js?wid=801161170&r=464110
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 34.149.149.159 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 159.149.149.34.bc.googleusercontent.com
Software: /
Resource Hash: af8951f96634a1462e19eb386714db196ef60a3318f640e1eef5a381026b495a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 11 Dec 2022 22:58:54 GMT
Transfer-Encoding: chunked
Content-Type: application/json
Access-Control-Allow-Origin: *
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Access-Control-Allow-Headers: Origin, Content-Type, Accept
Expires: 0

GET
H/1.1 200
OK / Show response
view.cdnbasket.net/ 14 B
338 B 544ms
142ms XHR
application/json 35.190.127.230
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://view.cdnbasket.net/
Requested by: Host: cdn.inspectlet.com
URL: https://cdn.inspectlet.com/inspectlet.js?wid=801161170&r=464110
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 35.190.127.230 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 230.127.190.35.bc.googleusercontent.com
Software: /
Resource Hash: 6449ca02be1be4d67e5103959e6b80c38ec1d12909a2f0560b76f48d1d452b68

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 11 Dec 2022 22:58:54 GMT
Transfer-Encoding: chunked
Content-Type: application/json
Access-Control-Allow-Origin: *
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Access-Control-Allow-Headers: Origin, Content-Type, Accept
Expires: 0

GET
H2 451 365868.gif
idsync.rlcdn.com/ Frame 0BFE 0
98 B 84ms
31ms Image
text/plain 35.244.174.68
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://idsync.rlcdn.com/365868.gif?partner_uid=91328979210809023573138061579162110992
Requested by: Host: travel.northeast.aaa.com
URL: https://travel.northeast.aaa.com/trip/sKHVj7O3RAWhevDLVmXnGw/consumer/booking?tst_email=confirmation&utm_source=conf_email&utm_medium=email&utm_campaign=car_insurance
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.174.68 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 68.174.244.35.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aaanortheast.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 22:58:53 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3 200 /
www.google.com/pagead/1p-user-list/956500681/ 42 B
64 B 33ms
33ms Image
image/gif 2a00:1450:4001:82f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/956500681/?random=1670799533491&cv=11&fst=1670796000000&bg=ffffff&guid=ON&async=1&gtm=2wgbu0&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FsKHVj7O3RAWhevDLVmXnGw%2Fconsumer%2Fbooking%3Ftst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dcar_insurance&tiba=Travel%20Booking&fmt=3&is_vtc=1&random=3057313475&rmt_tld=0&ipr=y

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 22:58:53 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.de/pagead/1p-user-list/956500681/ 42 B
64 B 35ms
35ms Image
image/gif 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/956500681/?random=1670799533491&cv=11&fst=1670796000000&bg=ffffff&guid=ON&async=1&gtm=2wgbu0&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FsKHVj7O3RAWhevDLVmXnGw%2Fconsumer%2Fbooking%3Ftst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dcar_insurance&tiba=Travel%20Booking&fmt=3&is_vtc=1&random=3057313475&rmt_tld=1&ipr=y

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 22:58:53 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.com/pagead/1p-user-list/995747453/ 42 B
64 B 34ms
34ms Image
image/gif 2a00:1450:4001:82f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/995747453/?random=1670799533492&cv=11&fst=1670796000000&bg=ffffff&guid=ON&async=1&gtm=2wgbu0&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FsKHVj7O3RAWhevDLVmXnGw%2Fconsumer%2Fbooking%3Ftst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dcar_insurance&tiba=Travel%20Booking&fmt=3&is_vtc=1&random=1992118891&rmt_tld=0&ipr=y

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 22:58:53 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.de/pagead/1p-user-list/995747453/ 42 B
64 B 34ms
34ms Image
image/gif 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/995747453/?random=1670799533492&cv=11&fst=1670796000000&bg=ffffff&guid=ON&async=1&gtm=2wgbu0&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FsKHVj7O3RAWhevDLVmXnGw%2Fconsumer%2Fbooking%3Ftst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dcar_insurance&tiba=Travel%20Booking&fmt=3&is_vtc=1&random=1992118891&rmt_tld=1&ipr=y

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 22:58:53 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.com/pagead/1p-user-list/994591697/ 42 B
64 B 36ms
35ms Image
image/gif 2a00:1450:4001:82f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/994591697/?random=1670799533490&cv=11&fst=1670796000000&bg=ffffff&guid=ON&async=1&gtm=2wgbu0&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FsKHVj7O3RAWhevDLVmXnGw%2Fconsumer%2Fbooking%3Ftst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dcar_insurance&tiba=Travel%20Booking&fmt=3&is_vtc=1&random=463617323&rmt_tld=0&ipr=y

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 22:58:53 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.de/pagead/1p-user-list/994591697/ 42 B
64 B 35ms
34ms Image
image/gif 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/994591697/?random=1670799533490&cv=11&fst=1670796000000&bg=ffffff&guid=ON&async=1&gtm=2wgbu0&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FsKHVj7O3RAWhevDLVmXnGw%2Fconsumer%2Fbooking%3Ftst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dcar_insurance&tiba=Travel%20Booking&fmt=3&is_vtc=1&random=463617323&rmt_tld=1&ipr=y

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 22:58:53 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.com/pagead/1p-user-list/962827280/ 42 B
64 B 37ms
35ms Image
image/gif 2a00:1450:4001:82f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/962827280/?random=1670799533493&cv=11&fst=1670796000000&bg=ffffff&guid=ON&async=1&gtm=2wgbu0&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FsKHVj7O3RAWhevDLVmXnGw%2Fconsumer%2Fbooking%3Ftst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dcar_insurance&tiba=Travel%20Booking&fmt=3&is_vtc=1&random=3996429601&rmt_tld=0&ipr=y

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 22:58:53 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.de/pagead/1p-user-list/962827280/ 42 B
64 B 36ms
35ms Image
image/gif 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/962827280/?random=1670799533493&cv=11&fst=1670796000000&bg=ffffff&guid=ON&async=1&gtm=2wgbu0&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FsKHVj7O3RAWhevDLVmXnGw%2Fconsumer%2Fbooking%3Ftst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dcar_insurance&tiba=Travel%20Booking&fmt=3&is_vtc=1&random=3996429601&rmt_tld=1&ipr=y

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 22:58:53 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 bookedTripSummary Show response
travel.northeast.aaa.com/trip/v1/trips/sKHVj7O3RAWhevDLVmXnGw/ 5 KB
5 KB 160ms
159ms Fetch
application/json 184.72.128.159
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://travel.northeast.aaa.com/trip/v1/trips/sKHVj7O3RAWhevDLVmXnGw/bookedTripSummary

Requested by

Host: d2wy8f7a9ursnm.cloudfront.net
URL: https://d2wy8f7a9ursnm.cloudfront.net/v7/bugsnag.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

184.72.128.159 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-184-72-128-159.compute-1.amazonaws.com

Software

Resource Hash

4c22fe391b6d67ac76003078df327e1a28fbc8738c9ca3242c12707146d792d6

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .tstllc.net .aaa.com ama.ab.ca .amatravel.ca .atlantic.caa.ca .caamanitoba.com .caaneo.ca .caask.ca .caaniagara.ca *.caascotravel.com
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/trip/sKHVj7O3RAWhevDLVmXnGw/consumer/booking?tst_email=confirmation&utm_source=conf_email&utm_medium=email&utm_campaign=car_insurance
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 22:58:53 GMT
content-security-policy: frame-ancestors 'self' *.tstllc.net *.aaa.com ama.ab.ca *.amatravel.ca *.atlantic.caa.ca *.caamanitoba.com *.caaneo.ca *.caask.ca *.caaniagara.ca *.caascotravel.com
referrer-policy: origin-when-cross-origin, strict-origin-when-cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
trace-id: 4961274ffa2e8795
content-length: 4866
content-type: application/json

GET
H3 200 /
www.google.com/pagead/1p-user-list/997673764/ 42 B
64 B 34ms
33ms Image
image/gif 2a00:1450:4001:82f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/997673764/?random=1670799533487&cv=11&fst=1670796000000&bg=ffffff&guid=ON&async=1&gtm=2wgbu0&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FsKHVj7O3RAWhevDLVmXnGw%2Fconsumer%2Fbooking%3Ftst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dcar_insurance&tiba=Travel%20Booking&fmt=3&is_vtc=1&random=217283821&rmt_tld=0&ipr=y

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 22:58:53 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.de/pagead/1p-user-list/997673764/ 42 B
64 B 32ms
32ms Image
image/gif 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/997673764/?random=1670799533487&cv=11&fst=1670796000000&bg=ffffff&guid=ON&async=1&gtm=2wgbu0&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FsKHVj7O3RAWhevDLVmXnGw%2Fconsumer%2Fbooking%3Ftst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dcar_insurance&tiba=Travel%20Booking&fmt=3&is_vtc=1&random=217283821&rmt_tld=1&ipr=y

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 22:58:53 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.com/pagead/1p-user-list/994252266/ 42 B
64 B 36ms
35ms Image
image/gif 2a00:1450:4001:82f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/994252266/?random=1670799533494&cv=11&fst=1670796000000&bg=ffffff&guid=ON&async=1&gtm=2wgbu0&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FsKHVj7O3RAWhevDLVmXnGw%2Fconsumer%2Fbooking%3Ftst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dcar_insurance&tiba=Travel%20Booking&fmt=3&is_vtc=1&random=3276421201&rmt_tld=0&ipr=y

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 22:58:53 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.de/pagead/1p-user-list/994252266/ 42 B
64 B 35ms
35ms Image
image/gif 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/994252266/?random=1670799533494&cv=11&fst=1670796000000&bg=ffffff&guid=ON&async=1&gtm=2wgbu0&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FsKHVj7O3RAWhevDLVmXnGw%2Fconsumer%2Fbooking%3Ftst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dcar_insurance&tiba=Travel%20Booking&fmt=3&is_vtc=1&random=3276421201&rmt_tld=1&ipr=y

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 22:58:53 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 5950377.js Show response
bat.bing.com/p/action/ 0
137 B 124ms
124ms Script
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/p/action/5950377.js

Requested by

Host: bat.bing.com
URL: https://bat.bing.com/bat.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

/ ARR/3.0

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Sun, 11 Dec 2022 22:58:53 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 4B2BBBBA94D64B0085DAB055742433C6 Ref B: FRA31EDGE0706 Ref C: 2022-12-11T22:58:53Z
x-powered-by: ARR/3.0
x-cache: CONFIG_NOCACHE
access-control-allow-origin: *
cache-control: private,max-age=1800

GET
H2 204 0
bat.bing.com/action/ 0
177 B 44ms
43ms Image
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bat.bing.com/action/0?ti=5950377&tm=gtm002&Ver=2&mid=02b9be53-e4df-45c9-a8db-f94b5a082643&sid=626be73079a711ed8672b5a7b566127d&vid=626bf54079a711edbe533d96b53bc4ac&vids=1&msclkid=N&pi=1200101525&lg=en-US&sw=1600&sh=1200&sc=24&tl=Travel%20Booking&p=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FsKHVj7O3RAWhevDLVmXnGw%2Fconsumer%2Fbooking%3Ftst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dcar_insurance&r=&lt=3748&evt=pageLoad&sv=1&rn=556424

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Sun, 11 Dec 2022 22:58:53 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: D696EAF66B024672BAECF57391A3D0DE Ref B: FRA31EDGE0706 Ref C: 2022-12-11T22:58:53Z
x-cache: CONFIG_NOCACHE
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 16002467.js Show response
bat.bing.com/p/action/ 0
120 B 139ms
135ms Script
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/p/action/16002467.js

Requested by

Host: bat.bing.com
URL: https://bat.bing.com/bat.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

access-control-allow-origin: *
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: private,max-age=1800
date: Sun, 11 Dec 2022 22:58:53 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: B7889C273AE144DCBD6047CAF4949F3C Ref B: FRA31EDGE0706 Ref C: 2022-12-11T22:58:53Z
x-cache: CONFIG_NOCACHE

GET
H2 204 0
bat.bing.com/action/ 0
122 B 97ms
96ms Image
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bat.bing.com/action/0?ti=16002467&tm=gtm002&Ver=2&mid=0fb78d05-48ab-4be6-a8e0-a0fa0c4befa8&sid=626be73079a711ed8672b5a7b566127d&vid=626bf54079a711edbe533d96b53bc4ac&vids=0&msclkid=N&gtm_tag_source=1&pi=1200101525&lg=en-US&sw=1600&sh=1200&sc=24&tl=Travel%20Booking&p=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FsKHVj7O3RAWhevDLVmXnGw%2Fconsumer%2Fbooking%3Ftst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dcar_insurance&r=&lt=3748&evt=pageLoad&sv=1&rn=639238

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Sun, 11 Dec 2022 22:58:53 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 6FD5837D3954436C84FD48BE77F096E1 Ref B: FRA31EDGE0706 Ref C: 2022-12-11T22:58:53Z
x-cache: CONFIG_NOCACHE
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 local_storage_frame16.min.html Show response
assets.bounceexchange.com/assets/bounce/ Frame F33C 2 KB
1 KB 22ms
22ms Document
text/html 34.98.72.95
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.bounceexchange.com/assets/bounce/local_storage_frame16.min.html
Requested by: Host: assets.bounceexchange.com
URL: https://assets.bounceexchange.com/assets/smart-tag/versioned/main_37f93cebd6888daeae25442881204685.br.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 95.72.98.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: f2f11e4d45030f1f21ec7d3ae67a65b83c4c67016fe861fbebdff04ca0c8cd60

Request headers

Referer: https://travel.northeast.aaa.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
access-control-expose-headers: etag Content-Type
age: 869151
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public,max-age=31536000
content-encoding: gzip
content-length: 1055
content-type: text/html; charset=UTF-8
date: Thu, 01 Dec 2022 21:33:02 GMT
etag: "9d305af98d35a890fd3ca85cfeefc819"
expires: Fri, 01 Dec 2023 21:33:02 GMT
last-modified: Thu, 01 Dec 2022 21:04:32 GMT
server: UploadServer
vary: Accept-Encoding
x-goog-generation: 1669928672588542
x-goog-hash: crc32c=xHfr5g== md5=nTBa+Y01qJD9PKhc/u/IGQ==
x-goog-metageneration: 1
x-goog-storage-class: MULTI_REGIONAL
x-goog-stored-content-encoding: gzip
x-goog-stored-content-length: 1055
x-guploader-uploadid: ADPycdt8UX9d3T0ZuPdDgMC0-gYiB2_0GNoV1UnxQsYHa-QDSY3xyS5a1meGRrs35sUqNJhlzG267_aNOy4GJNparlis8w

GET
H/1.1

200
OK

ibs:dpid=470&dpuuid=8228637480146854199
dpm.demdex.net/ Frame 0BFE
Redirect Chain

https://d.turn.com/r/dd/id/L2NzaWQvMS9jaWQvMjM2NTYzMjkvdC8y/url/https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D470%26dpuuid%3D%24!%7BTURN_UUID%7D
https://dpm.demdex.net/ibs:dpid=470&dpuuid=8228637480146854199

42 B
942 B

49ms
49ms

Image
image/gif

34.251.90.149
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=470&dpuuid=8228637480146854199

Requested by

Protocol

HTTP/1.1

Server

34.251.90.149 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-251-90-149.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aaanortheast.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

DCS: dcs-prod-irl1-2-v045-07bcfe959.edge-irl1.demdex.com 4 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: wBE4Us4VQOo=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Content-Type: image/gif
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

location: https://dpm.demdex.net/ibs:dpid=470&dpuuid=8228637480146854199
pragma: no-cache
date: Sun, 11 Dec 2022 22:58:53 GMT
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length: 0
p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

GET
H2 200 RC2eeb97d4f2ef46e9b05f577d78f44027-source.min.js Show response
assets.adobedtm.com/5ddcd7778a26/f8fc72cd597d/89ed724d5d88/ 373 B
506 B 21ms
21ms Script
application/x-javascript 2a02:26f0:3500:587::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/5ddcd7778a26/f8fc72cd597d/89ed724d5d88/RC2eeb97d4f2ef46e9b05f577d78f44027-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/c0e73f44ef33452babf4efe81baa1b482ed0ca98/satelliteLib-eaeb14e639d9c16e6550a4be4dc38d49846c3e8f.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:587::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: e37006087cb6a7068f51492170dd9a2541651a9ec213778d91b42e040679d3b1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 22:58:53 GMT
content-encoding: gzip
last-modified: Thu, 08 Dec 2022 18:13:46 GMT
server: AkamaiNetStorage
etag: "fcad905560ab06c0aa86aebad4f379e5:1670523226.102259"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://travel.northeast.aaa.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 235
expires: Sun, 11 Dec 2022 23:58:53 GMT

GET
H3 451 365868.gif
idsync.rlcdn.com/ Frame 0BFE 0
9 B 75ms
31ms Image
text/plain 35.244.174.68
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://idsync.rlcdn.com/365868.gif?partner_uid=91328979210809023573138061579162110992
Requested by: Host: travel.northeast.aaa.com
URL: https://travel.northeast.aaa.com/trip/sKHVj7O3RAWhevDLVmXnGw/consumer/booking?tst_email=confirmation&utm_source=conf_email&utm_medium=email&utm_campaign=car_insurance
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.244.174.68 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 68.174.244.35.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aaanortheast.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 22:58:53 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

POST
H3 200 tag Show response
hn.inspectlet.com/ 4 B
262 B 330ms
303ms XHR
text/html 2606:4700:10::6816:38f5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://hn.inspectlet.com/tag
Requested by: Host: cdn.inspectlet.com
URL: https://cdn.inspectlet.com/inspectlet.js?wid=801161170&r=464110
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:10::6816:38f5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: 9795c5ff8937f23526ccb207a5684c1fc94a7854e19c021b39d944e51f5baef2

Request headers

Accept: */*
Referer: https://travel.northeast.aaa.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

date: Sun, 11 Dec 2022 22:58:54 GMT
via: 1.1 vegur
cf-cache-status: DYNAMIC
server: cloudflare
x-powered-by: Express
etag: W/"4-b9sIeqP7+8uCh6WToJGeYQ"
access-control-allow-methods: GET, POST
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-cache
cf-ray: 7781d3dec981695d-FRA
access-control-allow-headers: X-Requested-With, Content-Type
content-length: 4
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 s33885010781799 Show response
mcdmetrics.aaa.com/b/ss/aaanortheastprod/10/JS-2.23.0-LCXS/ 5 KB
6 KB 59ms
59ms Script
application/x-javascript 13.36.218.177
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://mcdmetrics.aaa.com/b/ss/aaanortheastprod/10/JS-2.23.0-LCXS/s33885010781799?AQB=1&ndh=1&pf=1&callback=s_c_il[1].doPostbacks&et=1&t=11%2F11%2F2022%2022%3A58%3A53%200%200&d.&nsid=0&jsonv=1&coop_safe=1&.d&sdid=0481339BC0A30F49-14DBDCA032495C10&mid=90836290612127289793115849536662397014&aamlh=6&ce=UTF-8&pageName=Travel%20Booking&g=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FsKHVj7O3RAWhevDLVmXnGw%2Fconsumer%2Fbooking%3Ftst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dcar_insurance&cc=USD&ch=Travel%20-%20TST&events=event4&aamb=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&c1=travel.northeast.aaa.com%2Ftrip%2FsKHVj7O3RAWhevDLVmXnGw%2Fconsumer%2Fbooking&v5=Travel%20Booking&v6=travel.northeast.aaa.com%2Ftrip%2FsKHVj7O3RAWhevDLVmXnGw%2Fconsumer%2Fbooking&c9=%3Ftst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dcar_insurance&c12=D%3DUser-Agent&c15=travel.northeast.aaa.com&c17=customer&v37=90836290612127289793115849536662397014&v47=%3Ftst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dcar_insurance&v55=Light&v69=false&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&mcorgid=F5237FF958248ED40A495E58%40AdobeOrg&AQE=1

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/extensions/EPbf7b42aa08bc4f10879b1484195e80d1/AppMeasurement.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.36.218.177 Paris, France, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-13-36-218-177.eu-west-3.compute.amazonaws.com

Software

jag /

Resource Hash

3daefae61ca209ebd22d9b1603c340b4319992114996c80a9429bc895d726d06

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

x-aam-tid: Yudh8/JETm4=
date: Sun, 11 Dec 2022 22:58:53 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
p3p: CP="This is not a P3P policy"
content-length: 5504
x-xss-protection: 1; mode=block
dcs: dcs-prod-irl1-2-v045-001bf2e72.edge-irl1.demdex.com 5 ms
pragma: no-cache
last-modified: Mon, 12 Dec 2022 22:58:53 GMT
server: jag
etag: 3588014677409660928-4619730818020889658
vary: *
content-type: application/x-javascript;charset=utf-8
access-control-allow-origin: *
cache-control: no-cache, no-store, max-age=0, no-transform, private
expires: Sat, 10 Dec 2022 22:58:53 GMT

GET
H2 200 hbpix
idpix.media6degrees.com/orbserv/ Frame 0BFE 43 B
205 B 290ms
207ms Image
image/gif 2606:4700::6812:16ea
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://idpix.media6degrees.com/orbserv/hbpix?pixId=16873&pcv=70&ptid=66&tpuv=01&tpu=91328979210809023573138061579162110992
Requested by: Host: travel.northeast.aaa.com
URL: https://travel.northeast.aaa.com/trip/sKHVj7O3RAWhevDLVmXnGw/consumer/booking?tst_email=confirmation&utm_source=conf_email&utm_medium=email&utm_campaign=car_insurance
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2606:4700::6812:16ea , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4abdc5bae3773141e85e6bed6c09953d57aded7ef98b1d304c42807f2229474f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aaanortheast.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 22:58:54 GMT
cf-cache-status: DYNAMIC
last-modified: Fri, 08 Sep 2017 18:54:25 GMT
server: cloudflare
etag: "59b2e761-2b"
content-type: image/gif
accept-ranges: bytes
cf-ray: 7781d3df6d73bbe5-FRA
content-length: 43

GET
H2 200 generic
match.adsrvr.org/track/cmf/ Frame 0BFE 70 B
265 B 153ms
47ms Image
image/gif 52.223.40.198
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/generic?ttd_pid=aam&gdpr=0&gdpr_consent=&domain=travel.northeast.aaa.com&ttd_tpi=1
Requested by: Host: travel.northeast.aaa.com
URL: https://travel.northeast.aaa.com/trip/sKHVj7O3RAWhevDLVmXnGw/consumer/booking?tst_email=confirmation&utm_source=conf_email&utm_medium=email&utm_campaign=car_insurance
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.223.40.198 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aaanortheast.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Sun, 11 Dec 2022 22:58:54 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H/1.1

200
OK

ibs:dpid=30064&dpuuid=%7BUUID_6j5b2cv%7D
dpm.demdex.net/ Frame 0BFE
Redirect Chain

https://ps.eyeota.net/match?bid=6j5b2cv&uid=91328979210809023573138061579162110992&r=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D30064%26dpuuid%3D%7BUUID_6j5b2cv%7D
https://dpm.demdex.net/ibs:dpid=30064&dpuuid=%7BUUID_6j5b2cv%7D

42 B
960 B

55ms
55ms

Image
image/gif

34.251.90.149
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=30064&dpuuid=%7BUUID_6j5b2cv%7D

Requested by

Protocol

HTTP/1.1

Server

34.251.90.149 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-251-90-149.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aaanortheast.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

DCS: dcs-prod-irl1-2-v045-0ebeee8d5.edge-irl1.demdex.com 0 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: ecEYoG2qTWI=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Content-Type: image/gif
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
X-Error: 303,104
Connection: keep-alive
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

Location: https://dpm.demdex.net/ibs:dpid=30064&dpuuid={UUID_6j5b2cv}
Date: Sun, 11 Dec 2022 22:58:54 GMT
Content-Length: 0
P3P: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR SAMo BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR", policyref="http://ps.eyeota.net/w3c/p3p.xml"

GET
H/1.1

200
OK

ibs:dpid=30646
dpm.demdex.net/ Frame 0BFE
Redirect Chain

https://cms.analytics.yahoo.com/cms?partner_id=ADOBE&_hosted_id=91328979210809023573138061579162110992&gdpr=0&gdpr_consent=
https://dpm.demdex.net/ibs:dpid=30646?dpuuid=y-lpFKVrRE2pHRY3rGrybuXISWlICOApD3jf8-~A

42 B
942 B

47ms
46ms

Image
image/gif

34.251.90.149
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=30646?dpuuid=y-lpFKVrRE2pHRY3rGrybuXISWlICOApD3jf8-~A

Protocol

HTTP/1.1

Server

34.251.90.149 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-251-90-149.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aaanortheast.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

DCS: dcs-prod-irl1-1-v045-073c16f88.edge-irl1.demdex.com 1 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: r3hjNuexRss=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Content-Type: image/gif
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

date: Sun, 11 Dec 2022 22:58:54 GMT
strict-transport-security: max-age=31536000
via: http/1.1 spdc0103.pbp.ir2.yahoo.com (ApacheTrafficServer)
server: ATS
age: 0
content-type: text/html;charset=utf-8
location: https://dpm.demdex.net/ibs:dpid=30646?dpuuid=y-lpFKVrRE2pHRY3rGrybuXISWlICOApD3jf8-~A
content-length: 0

GET
H3 200 gtm.js Show response
www.googletagmanager.com/ 515 KB
113 KB 76ms
75ms Script
application/javascript 2a00:1450:4001:827::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-T6BPC96&l=aaa_gtm_prod

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

9c970a630bb143071d81a8418fbd2b8c46087e996bb132b94ab4b5833a93b9d6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 22:58:54 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 115339
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sun, 11 Dec 2022 22:58:54 GMT

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 14 KB
11 KB 140ms
74ms XHR
application/json 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022120501&st=env

Requested by

Host: cdn.inspectlet.com
URL: https://cdn.inspectlet.com/inspectlet.js?wid=801161170&r=464110

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

df28cad7e31e9a93b565605beaf4ccd25e04b2fa62d8faf2e939ceffad151931

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 22:58:54 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11179
x-xss-protection: 0

GET
H2 200 sKHVj7O3RAWhevDLVmXnGw Show response
travel.northeast.aaa.com/upsell/v2/trips/ 2 B
463 B 209ms
208ms Fetch
application/json 184.72.128.159
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://travel.northeast.aaa.com/upsell/v2/trips/sKHVj7O3RAWhevDLVmXnGw

Requested by

Host: d2wy8f7a9ursnm.cloudfront.net
URL: https://d2wy8f7a9ursnm.cloudfront.net/v7/bugsnag.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

184.72.128.159 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-184-72-128-159.compute-1.amazonaws.com

Software

Resource Hash

4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .tstllc.net .aaa.com ama.ab.ca .amatravel.ca .atlantic.caa.ca .caamanitoba.com .caaneo.ca .caask.ca .caaniagara.ca *.caascotravel.com
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/trip/sKHVj7O3RAWhevDLVmXnGw/consumer/booking?tst_email=confirmation&utm_source=conf_email&utm_medium=email&utm_campaign=car_insurance
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 22:58:54 GMT
cache-control: no-cache, max-age=0, must-revalidate, no-store
content-security-policy: frame-ancestors 'self' *.tstllc.net *.aaa.com ama.ab.ca *.amatravel.ca *.atlantic.caa.ca *.caamanitoba.com *.caaneo.ca *.caask.ca *.caaniagara.ca *.caascotravel.com
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 2
content-type: application/json

GET
H/1.1

200
OK

noop
px.owneriq.net/ Frame 0BFE
Redirect Chain

https://px.owneriq.net/eucm/p/adpq?redir=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D53196%26dpuuid%3D(OIQ_UUID)
https://px.owneriq.net/ecc?redir=https%3a%2f%2fdpm.demdex.net%2fibs%3adpid%3d53196%26dpuuid%3dQ7240859341474259538&uid=Q7240859341474259538&ref=%2Feucm%2Fp%2Fadpq
https://px.owneriq.net/noop?ct=image%2Fgif

0
287 B

27ms
27ms

Image
image/gif

23.44.78.119
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.owneriq.net/noop?ct=image%2Fgif
Protocol: HTTP/1.1
Server: 23.44.78.119 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-44-78-119.deploy.static.akamaitechnologies.com
Software: Apache/2.4.6 (CentOS) / PHP/7.3.33
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aaanortheast.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Date: Sun, 11 Dec 2022 22:58:54 GMT
Server: Apache/2.4.6 (CentOS)
Connection: keep-alive
X-Powered-By: PHP/7.3.33
Content-Length: 0
Content-Type: image/gif

Redirect headers

Location: https://px.owneriq.net/noop?ct=image%2Fgif
Date: Sun, 11 Dec 2022 22:58:54 GMT
Server: AkamaiGHost
Connection: keep-alive
Content-Length: 0

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
7 KB 98ms
34ms Script
text/javascript 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 22:58:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sun, 11 Dec 2022 22:58:54 GMT

GET
H2 200 c Show response
ids.cdnwidget.com/ 31 B
206 B 190ms
135ms XHR
application/json 34.107.191.194
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://ids.cdnwidget.com/c?cookieID=&deviceID=&iv=&v=&GCH1=&SCH1=&GCS1=056104190&GCS2=MzhmNWM0OGEtMTNkMy00YWE0LWJjOWYtZDM5YThlNWJiYmZmLmxvY2Fs&pe=false&wsid=3328&varID=&varData=undefined&log=%7B%22config%22%3A%7B%22gmEN%22%3Atrue%2C%22pixEN%22%3Atrue%7D%2C%22apikey%22%3A%222%5EHIykD%22%2C%22cjsversion%22%3A%221.5.9%22%2C%22wsid%22%3A3328%2C%22loadID%22%3A%223aCmWzbcCpwthP4%22%2C%22timing%22%3A%7B%22sessionStorageLoad%22%3A27%2C%22IDStageStart%22%3A27%2C%22netComplete%22%3A173%2C%22obsReqview%22%3A573%2C%22obsReqpage%22%3A784%2C%22obsReqdata%22%3A875%2C%22IDStagePrefire%22%3A875%7D%2C%22matches%22%3A%7B%22cookie%22%3Afalse%2C%22LS%22%3Afalse%7D%2C%22info%22%3A%7B%22isSpoofed%22%3Afalse%2C%22PM%22%3Afalse%2C%22DNT%22%3Afalse%2C%22deviceTimezone%22%3A0%2C%22extensionID%22%3Anull%2C%22externalID%22%3Anull%2C%22agent%22%3A%7B%22device%22%3Anull%7D%2C%22firstLoad%22%3Atrue%7D%7D
Requested by: Host: cdn.inspectlet.com
URL: https://cdn.inspectlet.com/inspectlet.js?wid=801161170&r=464110
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.107.191.194 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 194.191.107.34.bc.googleusercontent.com
Software: /
Resource Hash: 6627c5ab36fa407f18fc9b6987e359eccef005ae6d35b370d2142b7daa770324

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

access-control-allow-origin: https://travel.northeast.aaa.com
date: Sun, 11 Dec 2022 22:58:54 GMT
via: 1.1 google
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-type: application/json

GET
H2 404 usersync
usersync.videoamp.com/ Frame 0BFE 0
79 B 353ms
117ms Image
text/plain 54.224.247.129
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://usersync.videoamp.com/usersync?partner_id=6667929&partner_user_id=91328979210809023573138061579162110992&redirect=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D70962%26dpuuid%3D%7Bvamp_user_id%7D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.224.247.129 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-224-247-129.compute-1.amazonaws.com
Software: istio-envoy /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aaanortheast.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 22:58:54 GMT
x-envoy-upstream-service-time: 1
server: istio-envoy
content-length: 0

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 0DD3 13 KB
5 KB 65ms
20ms Document
text/html 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://travel.northeast.aaa.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 9547
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sun, 11 Dec 2022 20:19:47 GMT
expires: Mon, 11 Dec 2023 20:19:47 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 3FB9 783 B
534 B 31ms
30ms Document
text/html 2a00:1450:4001:82f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

410bef249350308a4b2142d7e38b80f9c3b33ce822622473a8744c9ffa72ddbc

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-4bwiaguQGbMgB_GGWvefOA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://travel.northeast.aaa.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=300
content-encoding: gzip
content-length: 512
content-security-policy: script-src 'report-sample' 'nonce-4bwiaguQGbMgB_GGWvefOA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Sun, 11 Dec 2022 22:58:54 GMT
expires: Sun, 11 Dec 2022 22:58:54 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H/1.1

200
OK

ibs:dpid=73426&dpuuid=91328979210809023573138061579162110992
dpm.demdex.net/ Frame 0BFE
Redirect Chain

https://ads.scorecardresearch.com/p?c1=9&c2=6034944&c3=2&cs_xi=91328979210809023573138061579162110992&rn=1670799531942&r=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D73426%26dpuuid%3D913289792108090...
https://ads.scorecardresearch.com/p2?c1=9&c2=6034944&c3=2&cs_xi=91328979210809023573138061579162110992&rn=1670799531942&r=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D73426%26dpuuid%3D91328979210809...
https://dpm.demdex.net/ibs:dpid=73426&dpuuid=91328979210809023573138061579162110992

42 B
942 B

47ms
47ms

Image
image/gif

34.251.90.149
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=73426&dpuuid=91328979210809023573138061579162110992

Protocol

HTTP/1.1

Server

34.251.90.149 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-251-90-149.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aaanortheast.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

DCS: dcs-prod-irl1-2-v045-0f3ed56cf.edge-irl1.demdex.com 2 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: ZQjC6GViQ3M=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Content-Type: image/gif
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

location: https://dpm.demdex.net/ibs:dpid=73426&dpuuid=91328979210809023573138061579162110992
date: Sun, 11 Dec 2022 22:58:54 GMT
via: 1.1 a32f966fc5896281eb3de44fd8f57d40.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C2
content-length: 0
x-amz-cf-id: sk4xRRrWDhsURy1TDsD09bJnqP1Ud-SyAHsksDUvdDCVikg_gn3gTQ==
x-cache: Miss from cloudfront

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 3FB9 0
0 100ms
56ms Image
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2022120501&jk=4015206837985073&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

GET
H3 200 QDrzY6hqzGh0aYGUuTA1ex70oaN1LFGaXyg_pTqcRvs.js Show response
pagead2.googlesyndication.com/bg/ Frame 0DD3 36 KB
16 KB 30ms
21ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/QDrzY6hqzGh0aYGUuTA1ex70oaN1LFGaXyg_pTqcRvs.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

403af363a86acc6874698194b930357b1ef4a1a3752c519a5f283fa53a9c46fb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 22:27:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 88266
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15878
x-xss-protection: 0
last-modified: Mon, 05 Dec 2022 17:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 10 Dec 2023 22:27:48 GMT

GET
H2 200 init1.js Show response
api.bounceexchange.com/bounce/ 36 B
342 B 110ms
54ms Script
text/html 34.111.8.32
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://api.bounceexchange.com/bounce/init1.js?wklzs=1232&wklz=C4ewVgigvAZgrgOwMbAJYgQMhQZygRgDYB2ABmIE4KBWAZgBZCAmADk2AC8QpTMB3AKYAjHKmACA+qgAmUWrVaYATgJwgANnDQYChUqQAe+JvuUCYApSqVRsAQ3XrUCAOYS4S9VAAWwYAAccAFJaAEEgpgAxCMjgJTsANwF1ADoEECVgbwE7HGAUu0KUpBAAWxi41H8YnABpAAkANTBiAHlaACVQgHVshIARABlG0oANBABxPhiShBw4UssYoRAQAGtnFxDYvIkBUrtUdRD+2ZhUJQPtBAjCLVKJNQ8kAROzvYOj2-uJRelUBYnfaHY5MO7AB5IOylfyHFw3WinOxKKRzDx2ZACTAJVCiYASErrVACKBBYgAIQiTHU1SYTBC4TpvgCwSYdEZ1CiEU5sXiSVS6Uy2Vy+UKdmKZW5UUqtJ5dSaLXaXV6AgGwzGk2mbKis3miyUUsiKyJrm5tB2+OBXzZiLOFyu6Bu2vBDyeSheZtOGBgHxBUpdvwE-0BNv6VtBnIDUJhcKddCRKOc83imKpEQAwlSDXSGWmc8R+thVhsSWTKXSEmmwmWqUhskg1iAtIHSkJLDhvFUJMAAJ7+V45sIwBw4AeZumLVvtzv+CT+JSoD2DxlMfD0Jgpej4BhMYgpJi0YyETekQj0FKkaj0PdkY-0ajH-Cci-UUgX0hrjdbnd7g9Hzdni+14pMQd4PikT4bpeKSbru+6HmCm7UHQKSELQl4oWhyG0KhtB5uOTCTm2Sgdl2CDQgO9JDiOY5UriLbEVWoTDuoo4ZlSqqWBI6ggC4LhBqiTEsWxBbsXS0guJEFx5IMIB2NITFxHArwFtiyI4AA2osCBwBIID9ggAC6sA0WpJEaXWAgNk2+JEdOXa9v2xnCViCTqRpHBdi4djiHOKijggwDOaZbnmZ5s4lNIAjBaxrnuXZJEzn5i7RQQ66btu66-ghd6nuel7AbeSGPs+l5vvon4ZT+8H-ow+VXjeYElVB1AwVlNWIfemHodhuG9WhZmaQlpGzuRiwxaOg0afRCUTXF5k8XxAnOHNU2cSii38dIqKraFmmwvxjxwEIpRiOI0i7VFMAWfWjbNsNSWOalLnYldWn7MRI0SGNz2mYSJbdqs3HIvxJmxZgQj+DwmACAEUAaQARFC4guBkPYIwANEjt02ZjCPeGUAh4-OIDSHAKB46OyJ1gjhmYP4wB4EWMJOBiLwSDA6h2C4tgJN4dhQEAA
Requested by: Host: assets.bounceexchange.com
URL: https://assets.bounceexchange.com/assets/smart-tag/versioned/main_37f93cebd6888daeae25442881204685.br.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.111.8.32 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 32.8.111.34.bc.googleusercontent.com
Software: /
Resource Hash: fe3fcb884394be745dbd11141b6d780028a4d86106b6292d7502db096f582218

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

p3p: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
date: Sun, 11 Dec 2022 22:58:54 GMT
content-encoding: gzip
x-envoy-upstream-service-time: 17
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-type: text/html; charset=UTF-8

GET
H2 204 cjs-logger
e.cdnwidget.com/ 0
100 B 184ms
132ms Image
image/png 34.102.193.48
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://e.cdnwidget.com/cjs-logger?source=ID%20generation%20error&severity=Warning&error=Country%2520not%2520allowed&cookieID=&deviceID=&BXWID=3328&warpspeed=2%5EHIykD&loadID=3aCmWzbcCpwthP4&version=1.5.9
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.102.193.48 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 48.193.102.34.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 22:58:54 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-type: image/png

GET
H2 404 tpid=91328979210809023573138061579162110992
sync.crwdcntrl.net/map/c=9828/tp=ADBE/gdpr=0/gdpr_consent=/ Frame 0BFE 49 B
265 B 140ms
43ms Image
image/gif 52.19.187.82
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.crwdcntrl.net/map/c=9828/tp=ADBE/gdpr=0/gdpr_consent=/tpid=91328979210809023573138061579162110992?https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D121998%26dpuuid%3D${profile_id}
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.19.187.82 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-19-187-82.eu-west-1.compute.amazonaws.com
Software: Jetty(9.4.38.v20210224) /
Resource Hash: 2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aaanortheast.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 22:58:54 GMT
server: Jetty(9.4.38.v20210224)
content-type: image/gif
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin: *
cache-control: no-cache
x-server: 10.45.5.104
content-length: 49
expires: 0

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 0DD3 0
10 B 20ms
19ms Image
text/plain 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?SV6AQQ
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 22:58:54 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 0BFE
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_push%26google_sc%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_...
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_push&google_sc&google_hm=WTVaZ3JBQUFBS1NKRndOeA==

170 B
502 B

102ms
33ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_push&google_sc&google_hm=WTVaZ3JBQUFBS1NKRndOeA==

Protocol

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aaanortheast.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 22:58:54 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

x-served-by: cache-hhn-etou8220046-HHN
pragma: no-cache
date: Sun, 11 Dec 2022 22:58:54 GMT
via: 1.1 varnish
server: Varnish
x-timer: S1670799535.780854,VS0,VE0
x-cache: HIT
location: https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_push&google_sc&google_hm=WTVaZ3JBQUFBS1NKRndOeA==
cache-control: no-cache
accept-ranges: bytes
content-length: 0
retry-after: 0
x-cache-hits: 0

GET
H/1.1

204
No Content

tap.php
pixel.rubiconproject.com/ Frame 0BFE
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/btu4jd3a?redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D7941%26nid%3D2243%26put%3D%24%7BUSER_ID%7D%26expires%3D90
https://pixel.rubiconproject.com/tap.php?v=7941&nid=2243&put=Y5ZgrAAAAKSJFwNx&expires=90

0
239 B

115ms
25ms

Image
image/gif

69.173.144.138
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=7941&nid=2243&put=Y5ZgrAAAAKSJFwNx&expires=90
Protocol: HTTP/1.1
Server: 69.173.144.138 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aaanortheast.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Content-Type: image/gif
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
X-RPHost: 66ef90d06496cfd000aab8206f2b6221
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

Redirect headers

x-served-by: cache-hhn-etou8220046-HHN
pragma: no-cache
date: Sun, 11 Dec 2022 22:58:54 GMT
via: 1.1 varnish
server: Varnish
x-timer: S1670799535.874184,VS0,VE0
x-cache: HIT
location: https://pixel.rubiconproject.com/tap.php?v=7941&nid=2243&put=Y5ZgrAAAAKSJFwNx&expires=90
cache-control: no-cache
accept-ranges: bytes
content-length: 0
retry-after: 0
x-cache-hits: 0

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 0BFE
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/ZMAwryCI?redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Frum%3Fcm_dsp_id%3D88%26external_user_id%3D%24%7BTM_USER_ID%7D
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=88&external_user_id=Y5ZgrAAAAKSJFwNx
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=88&external_user_id=Y5ZgrAAAAKSJFwNx&C=1

43 B
766 B

51ms
51ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=88&external_user_id=Y5ZgrAAAAKSJFwNx&C=1
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aaanortheast.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 11 Dec 2022 22:58:55 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=499
Content-Length: 43
Expires: 0

Redirect headers

Pragma: no-cache
Date: Sun, 11 Dec 2022 22:58:55 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: /rum?cm_dsp_id=88&external_user_id=Y5ZgrAAAAKSJFwNx&C=1
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=500
Content-Length: 0
Expires: 0

GET
H3 200 /
www.facebook.com/tr/ 0
18 B 44ms
20ms Image
text/plain 2a03:2880:f11c:8083:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=136696297006053&ev=Microdata&dl=https%3A%2F%2Ftravel.northeast.aaa.com%2Ftrip%2FsKHVj7O3RAWhevDLVmXnGw%2Fconsumer%2Fbooking%3Ftst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dcar_insurance&rl=&if=false&ts=1670799535040&cd[DataLayer]=%5B%5D&cd[Meta]=%7B%22title%22%3A%22Travel%20Booking%22%2C%22meta%3Adescription%22%3A%22Find%20inspiration%2C%20travel%20deals%20and%20reviews%20to%20help%20you%20make%20the%20most%20of%20your%20travel%20destination.%22%7D&cd[OpenGraph]=%7B%7D&cd[Schema.org]=%5B%5D&cd[JSON-LD]=%5B%5D&sw=1600&sh=1200&v=2.9.89&r=stable&ec=1&o=30&fbp=fb.1.1670799533533.1767295109&it=1670799533399&coo=false&es=automatic&tm=3&rqm=GET

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Sun, 11 Dec 2022 22:58:55 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0
priority: u=3,i

GET
H/1.1

200
OK

bounce
ib.adnxs.com/ Frame 0BFE
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/UH6TUt9n?redir=https%3A%2F%2Fib.adnxs.com%2Fsetuid%3Fentity%3D158%26code%3D%24%7BTM_USER_ID%7D
https://ib.adnxs.com/setuid?entity=158&code=Y5ZgrAAAAKSJFwNx
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D158%26code%3DY5ZgrAAAAKSJFwNx

43 B
1 KB

21ms
21ms

Image
image/gif

37.252.171.21
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D158%26code%3DY5ZgrAAAAKSJFwNx

Protocol

HTTP/1.1

Server

37.252.171.21 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aaanortheast.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 11 Dec 2022 22:58:55 GMT
AN-X-Request-Uuid: c990c7e9-9bca-4a0d-9598-c6f7dc6de964
Server: nginx/1.21.3
Content-Type: image/gif
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 217.114.218.23; 217.114.218.23; 1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Sun, 11 Dec 2022 22:58:55 GMT
AN-X-Request-Uuid: 01f44e40-15f1-4798-8ccd-93078af7e51d
Server: nginx/1.21.3
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D158%26code%3DY5ZgrAAAAKSJFwNx
Cache-Control: no-store, no-cache, private
Connection: keep-alive
X-Proxy-Origin: 217.114.218.23; 217.114.218.23; 1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

sd
us-u.openx.net/w/1.0/ Frame 0BFE
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/ny75r2x0?redir=https%3A%2F%2Fus-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537148856%26val%3D%24%7BTM_USER_ID%7D
https://us-u.openx.net/w/1.0/sd?id=537148856&val=Y5ZgrAAAAKSJFwNx

43 B
273 B

83ms
31ms

Image
image/gif

35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537148856&val=Y5ZgrAAAAKSJFwNx
Protocol: H2
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aaanortheast.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 22:58:55 GMT
via: 1.1 google
server: OXGW/0.0.0
vary: Accept
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

x-served-by: cache-hhn-etou8220046-HHN
pragma: no-cache
date: Sun, 11 Dec 2022 22:58:55 GMT
via: 1.1 varnish
server: Varnish
x-timer: S1670799535.176246,VS0,VE0
x-cache: HIT
location: https://us-u.openx.net/w/1.0/sd?id=537148856&val=Y5ZgrAAAAKSJFwNx
cache-control: no-cache
accept-ranges: bytes
content-length: 0
retry-after: 0
x-cache-hits: 0

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 59ms
58ms Image
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_2022120501&jk=4015206837985073&bg=!PzylPHjNAAYgquz3AKo7ACkAdvg8WmEz87VtRaCBvB82WCxAlBoVGwOrJFf0y-NCvYKd_ESBoZt1FAIAAABSUgAAAANoAQcKANFoOAJP134KVGvtL3EUze_CYD4gzZnAobGNjtks18tFnJOMn35cbH1-nVkCSdMovMWqpP0vGIF6m65us0CLaPr9e4yN7CmcKnBQDTiMAgeYieVw84I0z4r1YUTgnHSJn62B9zIAPHM_Y3w03d5TK3yhKyhsizUDUm0DJRFp7RJ2sGX9hn8mr9XAp0OSoFjlydru9pIcwQfCDOrIFMAYI368-YBspBbWSoqQQSkZslk3XrhXOrIE9ss3m8tHcDGxmOaNRjqsOAM82J_y2nJ8LoWFsZkCs82pbjNdJyEQXASaWXlxm9JT76vV0v2Yeq_XV1HwFJNpAhxxcYo69y1D8uyGymVDj9s8QKxfzv7U5iEdPapFvji8jIZ8EXVrPVHbBW6TYfoLguwz1cbzAc3xdnOqzoQlwoHjzMPAtQgvDOP9FM-nCpr-JJYaB4_5xnMdl9tRp49pT6CQXSt9hoNYGCjzHQHHxqbaWo0VcBFx6po40vItV0-7RrVMaru2dMtwT3pWW2cTfyZBa57biVf-83-5BHTr_deCMCrwqklowW_REn2ZXF6Mc6OjHQtEbtO-_kGyhDD00oQPnKceB-as3DFP3jlwha6yHH78dfe9-pjZYoORfkGNlFvUfuyUhI5X4Py6udtH1J7N-7QFKJTrCNezwy7FzCC7x-V7gek0p5w8DqUsEM3U0yGbcEuM6WA6QuOa170nDhlQ8LzN3lLaIecezt1V1Ki_b1si-eSVXvrzoXlPSO7BXzs0qbCl0sZ_qDYcVPmToxyOErUZPzb1qioeyyfVa-Fr3CZCQVcZWJGMRVkZdLh4P7ZzsMyAeMSVWLKeGkJGvGN7IK6oZFm4gPkBrCmhuhRZfF1-yZcpAHxx51wL4EJ1NEJxkNBLWjO6dpSb3dB_GXCanjGl5_c2eEV2KaPbJN14OJIntAYq4MkOPyQwuUVS8ikdhsysWLGU23f-XhGZvmfP47FflglmemKO1cn_ZDaRI_rqUCxwSWcVDigyjeDPh7Pb6_XM7Doc9dnIodDUQZrzWpjUUF-44PmBDH3I6tt-128yBYP_Taez7WSP7F90ypynrX82iOe22Ye0iOUmpTSGwOR_YbKl4NMiHyI7HTX8WPNiJX8AdFrowCBHg5pp7s73VUz6UBKlsVXeGcwXrdQnpW9-yvdaQUJhoqqdLRzbFy6XbanB35b_F8pQuvBRTWs
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://travel.northeast.aaa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

GET
H2

200

Pug
image2.pubmatic.com/AdServer/ Frame 0BFE
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/b9pj45k4?redir=https%3A%2F%2Fimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER...
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=Y5ZgrAAAAKSJFwNx

1 B
452 B

102ms
27ms

Image
text/html

185.64.189.110
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=Y5ZgrAAAAKSJFwNx
Protocol: H2
Server: 185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aaanortheast.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

content-type: text/html; charset=utf-8
date: Sun, 11 Dec 2022 22:58:54 GMT
cache-control: no-store, no-cache, private
server: nginx
content-length: 1
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

x-served-by: cache-hhn-etou8220046-HHN
pragma: no-cache
date: Sun, 11 Dec 2022 22:58:55 GMT
via: 1.1 varnish
server: Varnish
x-timer: S1670799535.276541,VS0,VE0
x-cache: HIT
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=Y5ZgrAAAAKSJFwNx
cache-control: no-cache
accept-ranges: bytes
content-length: 0
retry-after: 0
x-cache-hits: 0

GET
H/1.1

200

partner
sync.search.spotxchange.com/ Frame 0BFE
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/h0r58thg?redir=https%3A%2F%2Fsync.search.spotxchange.com%2Fpartner%3Fadv_id%3D6409%26uid%3D%24%7BUSER_ID%7D%26img%3D1
https://sync.search.spotxchange.com/partner?adv_id=6409&uid=Y5ZgrAAAAKSJFwNx&img=1
https://sync.search.spotxchange.com/partner?adv_id=6409&uid=Y5ZgrAAAAKSJFwNx&img=1&__user_check__=1&sync_id=638d7c69-79a7-11ed-a38c-10ffbde80106

43 B
548 B

30ms
30ms

Image
image/gif

185.94.180.126
SPOTX-AMS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.search.spotxchange.com/partner?adv_id=6409&uid=Y5ZgrAAAAKSJFwNx&img=1&__user_check__=1&sync_id=638d7c69-79a7-11ed-a38c-10ffbde80106
Protocol: HTTP/1.1
Server: 185.94.180.126 Amsterdam, Netherlands, ASN35220 (SPOTX-AMS, US),
Reverse DNS
Software: nginx /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aaanortheast.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Date: Sun, 11 Dec 2022 22:58:55 GMT
Server: nginx
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: image/gif
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials: false
X-fe: 74
Connection: keep-alive
Content-Length: 43

Redirect headers

Date: Sun, 11 Dec 2022 22:58:55 GMT
Server: nginx
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/plain
Location: /partner?adv_id=6409&uid=Y5ZgrAAAAKSJFwNx&img=1&__user_check__=1&sync_id=638d7c69-79a7-11ed-a38c-10ffbde80106
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials: false
X-fe: 12
Connection: keep-alive
Content-Length: 0

GET
H3

200

b.php
www.facebook.com/fr/ Frame 0BFE
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/r7ifn0SL?redir=https%3A%2F%2Fwww.facebook.com%2Ffr%2Fb.php%3Fp%3D1531105787105294%26e%3D%24%7BTM_USER_ID%7D%26t%3D2592000%26o%3D0
https://www.facebook.com/fr/b.php?p=1531105787105294&e=Y5ZgrAAAAKSJFwNx&t=2592000&o=0

43 B
70 B

42ms
41ms

Image
image/gif

2a03:2880:f11c:8083:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/fr/b.php?p=1531105787105294&e=Y5ZgrAAAAKSJFwNx&t=2592000&o=0

Protocol

Server

2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aaanortheast.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 14:58:55 PST
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; preload
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-fb-rlafr: 0
pragma: public
x-fb-debug: xK3HIkV08S2JaXqJnoNf0Rk09o241C5SjnXa1/3V0O8SPP3Wi2+hFZhONZQw8M003mT8dqkmVd/ldNDnl8FIww==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
content-type: image/gif
cache-control: public, max-age=0
priority: u=3,i
expires: Sun, 11 Dec 2022 14:58:55 PST

Redirect headers

x-served-by: cache-hhn-etou8220046-HHN
pragma: no-cache
date: Sun, 11 Dec 2022 22:58:55 GMT
via: 1.1 varnish
server: Varnish
x-timer: S1670799535.478429,VS0,VE0
x-cache: HIT
location: https://www.facebook.com/fr/b.php?p=1531105787105294&e=Y5ZgrAAAAKSJFwNx&t=2592000&o=0
cache-control: no-cache
accept-ranges: bytes
content-length: 0
retry-after: 0
x-cache-hits: 0

GET
H/1.1

200
OK

ibs:dpid=143525&dpuuid=e_d813c2d5-6979-4e96-81f9-abe69f8fa002
dpm.demdex.net/ Frame 0BFE
Redirect Chain

https://g2.gumgum.com/adobe/s2s
https://dpm.demdex.net/ibs:dpid=143525&dpuuid=e_d813c2d5-6979-4e96-81f9-abe69f8fa002

42 B
942 B

47ms
47ms

Image
image/gif

34.251.90.149
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=143525&dpuuid=e_d813c2d5-6979-4e96-81f9-abe69f8fa002

Protocol

HTTP/1.1

Server

34.251.90.149 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-251-90-149.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aaanortheast.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

DCS: dcs-prod-irl1-1-v045-0327f6936.edge-irl1.demdex.com 2 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: XUnh/2NoR7A=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Content-Type: image/gif
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

location: https://dpm.demdex.net/ibs:dpid=143525&dpuuid=e_d813c2d5-6979-4e96-81f9-abe69f8fa002
date: Sun, 11 Dec 2022 22:58:55 GMT
server: nginx
timing-allow-origin: *
content-length: 0
content-language: de-DE

GET
H/1.1

200
OK

ibs:dpid=275754&dpuuid=AAHltk7HLMEAAB-yDN_8fA
dpm.demdex.net/ Frame 0BFE
Redirect Chain

https://match.prod.bidr.io/cookie-sync/adobe?gdpr=0&gdpr_consent=
https://match.prod.bidr.io/cookie-sync/adobe?gdpr=0&gdpr_consent=&_bee_ppp=1
https://dpm.demdex.net/ibs:dpid=275754&dpuuid=AAHltk7HLMEAAB-yDN_8fA?gdpr=0

42 B
942 B

47ms
47ms

Image
image/gif

34.251.90.149
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=275754&dpuuid=AAHltk7HLMEAAB-yDN_8fA?gdpr=0

Protocol

HTTP/1.1

Server

34.251.90.149 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-251-90-149.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aaanortheast.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

DCS: dcs-prod-irl1-2-v045-01a6f2a00.edge-irl1.demdex.com 2 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: jqz+e/VUS6M=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Content-Type: image/gif
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

location: https://dpm.demdex.net/ibs:dpid=275754&dpuuid=AAHltk7HLMEAAB-yDN_8fA?gdpr=0
Date: Sun, 11 Dec 2022 22:58:55 GMT
strict-transport-security: max-age=2592000; includeSubDomains
Server: gunicorn
Connection: keep-alive
Content-Length: 0

GET
H/1.1

200
OK

ibs:dpid=390122&dpuuid=YBBSqq_FQDp24i9jHXaUxtly2hc
dpm.demdex.net/ Frame 0BFE
Redirect Chain

https://sync.srv.stackadapt.com/sync?nid=adobe
https://dpm.demdex.net/ibs:dpid=390122&dpuuid=YBBSqq_FQDp24i9jHXaUxtly2hc

42 B
942 B

47ms
47ms

Image
image/gif

34.251.90.149
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=390122&dpuuid=YBBSqq_FQDp24i9jHXaUxtly2hc

Protocol

HTTP/1.1

Server

34.251.90.149 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-251-90-149.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aaanortheast.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

DCS: dcs-prod-irl1-1-v045-0a888e68a.edge-irl1.demdex.com 2 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: W6OYZjYHSRY=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Content-Type: image/gif
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

Location: https://dpm.demdex.net/ibs:dpid=390122&dpuuid=YBBSqq_FQDp24i9jHXaUxtly2hc
Date: Sun, 11 Dec 2022 22:58:56 GMT
Connection: keep-alive
Content-Length: 100
Content-Type: text/html; charset=utf-8

Verdicts & Comments Add Verdict or Comment

336 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

79 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.northeast.aaa.com/	1970-01-20 16:52:13	Name: visid_incap_1817652 Value: SSH43ZjPTLqtqvZ+A5iv36pglmMAAAAAQUIPAAAAAABjhLpp5NtqMnP8lZmJcVpm
.northeast.aaa.com/	1969-12-31 23:59:59	Name: incap_ses_9197_1817652 Value: +I3WD0P/mkvHNJU7T0+if6pglmMAAAAAPzy9JlMePcg813+fc9q6KQ==
travel.northeast.aaa.com/	1970-01-20 17:42:39	Name: tst_user_session_id Value: 742b8eed-42ec-4432-8b2c-5f6aebecd9e0
travel.northeast.aaa.com/	1969-12-31 23:59:59	Name: tst_analytics_session_id Value: 531752876.1670799531594
.aaa.com/	1969-12-31 23:59:59	Name: at_check Value: true
.aaa.com/	1970-01-20 08:08:05	Name: _gid Value: GA1.2.1998948539.1670799532
.travel.northeast.aaa.com/	1970-01-20 17:42:39	Name: _ga Value: GA1.4.1978167713.1670799532
.travel.northeast.aaa.com/	1970-01-20 08:08:05	Name: _gid Value: GA1.4.1998948539.1670799532
.travel.northeast.aaa.com/	1970-01-20 08:06:39	Name: _gat_UA-55392727-1 Value: 1
.demdex.net/	1970-01-20 12:25:51	Name: demdex Value: 91328979210809023573138061579162110992
.aaa.com/	1970-01-20 16:52:13	Name: visid_incap_2629635 Value: 1MRGOQZgRTSmMWwebqcopqpglmMAAAAAQUIPAAAAAAAd49Q8gzLzDBO2BgJ6tEXo
.aaa.com/	1969-12-31 23:59:59	Name: incap_ses_727_2629635 Value: QjDXUK8Wdxa3kRNsZ9MWCqpglmMAAAAAl9Z9UUwUniFzWK2wF+t3Bg==
.aaa.com/	1969-12-31 23:59:59	Name: AMCVS_F5237FF958248ED40A495E58%40AdobeOrg Value: 1
.aaa.com/	1970-01-20 10:16:15	Name: _gcl_au Value: 1.1.540394295.1670799532
.aaa.com/	1970-01-20 08:06:39	Name: _gat_UA-96133587-4 Value: 1
.aaa.com/	1970-01-20 17:42:39	Name: s_ecid Value: MCMID%7C90836290612127289793115849536662397014
.aaa.com/	1970-01-20 17:42:39	Name: adcloud Value: {%22_les_v%22:%22y%2Caaa.com%2C1670801332%22}
.everesttech.net/	1970-01-20 16:52:15	Name: everest_g_v2 Value: g_surferid~Y5ZgrAAAAKSJFwNx
.mcdmetrics2.aaa.com/	1970-01-20 08:06:41	Name: aaanortheast!mboxSession Value: a65df53ebf1a4195ac9c6ce0eb132d39
.mcdmetrics2.aaa.com/	1970-01-20 17:42:39	Name: aaanortheast!mboxPC Value: a65df53ebf1a4195ac9c6ce0eb132d39.37_0
.aaa.com/	1970-01-20 17:42:39	Name: _ga_65YG7JM4M0 Value: GS1.1.1670799532.1.0.1670799532.0.0.0
.aaa.com/	1970-01-20 17:42:39	Name: _ga Value: GA1.1.1978167713.1670799532
.aaa.com/	1970-01-20 17:42:39	Name: mbox Value: session#a65df53ebf1a4195ac9c6ce0eb132d39#1670801393\|PC#a65df53ebf1a4195ac9c6ce0eb132d39.37_0#1734044333
.dpm.demdex.net/	1970-01-20 12:25:51	Name: dpm Value: 91328979210809023573138061579162110992
.doubleclick.net/	1970-01-20 17:28:15	Name: IDE Value: AHWqTUl1tNiSjZGUXv9GcHXgo0o_-I2fx3SNxKCVW0xNmpmA-USmgpsPFShM9PLZ
.aaa.com/	1970-01-20 08:06:41	Name: gpv_e5 Value: Travel%20Booking
.aaa.com/	1970-01-20 08:06:41	Name: gpv_e10 Value: travel.northeast.aaa.com%2Ftrip%2FsKHVj7O3RAWhevDLVmXnGw%2Fconsumer%2Fbooking
.aaa.com/	1970-01-20 17:42:39	Name: AMCV_F5237FF958248ED40A495E58%40AdobeOrg Value: 179643557%7CMCIDTS%7C19338%7CMCMID%7C90836290612127289793115849536662397014%7CMCAAMLH-1671404331%7C6%7CMCAAMB-1671404331%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1670806732s%7CNONE%7CMCAID%7CNONE%7CMCSYNCSOP%7C411-19345%7CvVersion%7C5.5.0
.aaa.com/	1970-01-20 17:28:15	Name: __gads Value: ID=e712c371fff68de9:T=1670799532:S=ALNI_Ma9zvZcJM9DOQgTpLLRpGfInJcKHA
.aaa.com/	1970-01-20 17:28:15	Name: __gpi Value: UID=00000b91668e8404:T=1670799532:RT=1670799532:S=ALNI_MbweMTyEyGDEPcrnUUciCEEgqtYCg
.mathtag.com/	1970-01-20 17:32:34	Name: uuid Value: 7ea36396-60ad-4c00-88ba-e5d5a93f14e2
.travel.northeast.aaa.com/	1970-01-20 08:08:05	Name: ln_or Value: d
.aaa.com/	1970-01-20 10:16:15	Name: _fbp Value: fb.1.1670799533533.1767295109
.aaa.com/	1970-01-20 16:52:15	Name: __insp_wid Value: 801161170
.aaa.com/	1970-01-20 16:52:15	Name: __insp_slim Value: 1670799533547
.aaa.com/	1970-01-20 16:52:15	Name: __insp_nv Value: true
.aaa.com/	1970-01-20 16:52:15	Name: __insp_targlpu Value: aHR0cHM6Ly90cmF2ZWwubm9ydGhlYXN0LmFhYS5jb20vdHJpcC9zS0hWajdPM1JBV2hldkRMVm1Ybkd3L2NvbnN1bWVyL2Jvb2tpbmc%2FdHN0X2VtYWlsPWNvbmZpcm1hdGlvbiZ1dG1fc291cmNlPWNvbmZfZW1haWwmdXRtX21lZGl1bT1lbWFpbCZ1dG1fY2FtcGFpZ249Y2FyX2luc3VyYW5jZQ%3D%3D
.aaa.com/	1970-01-20 16:52:15	Name: __insp_targlpt Value: VHJhdmVsIEJvb2tpbmc%3D
.w55c.net/	1970-01-20 17:36:53	Name: wfivefivec Value: e5Kaf4RE1P4vhz5
.bing.com/	1970-01-20 17:28:15	Name: MUID Value: 0B6375EAF7386FCC3E32679DF6946E38
.aaa.com/	1970-01-20 17:35:27	Name: kndctr_F5237FF958248ED40A495E58_AdobeOrg_identity Value: CiY5MDgzNjI5MDYxMjEyNzI4OTc5MzExNTg0OTUzNjY2MjM5NzAxNFIPCNvLppvQMBgBKgRJUkwx8AHby6ab0DA=
.aaa.com/	1970-01-20 08:06:41	Name: kndctr_F5237FF958248ED40A495E58_AdobeOrg_cluster Value: irl1
.aaa.com/	1970-01-20 08:08:05	Name: _uetsid Value: 626be73079a711ed8672b5a7b566127d
.aaa.com/	1970-01-20 17:28:15	Name: _uetvid Value: 626bf54079a711edbe533d96b53bc4ac
.w55c.net/	1970-01-20 08:49:51	Name: matchdmx Value: 5
.linkedin.com/	1970-01-20 08:49:51	Name: UserMatchHistory Value: AQIJhhSB26jHLQAAAYUDaaXreIM1aJAgeYCqjWLWEpkTqOFfIV3-jQVbXHqgvXnQfx0YFxWWFZUzEQ
.linkedin.com/	1970-01-20 08:49:51	Name: AnalyticsSyncHistory Value: AQJQI4UdoGDx5QAAAYUDaaXrksHrZpaQnrEX5msmbc568oXHLeimq_n1xjo2PmkYCgzn34uOK1-NlQSslKevfQ
.ads.linkedin.com/	1969-12-31 23:59:59	Name: lang Value: v=2&lang=en-us
.linkedin.com/	1970-01-20 16:52:15	Name: bcookie Value: "v=2&47b3a3ed-5568-41a2-899a-ef24eb2fe313"
.linkedin.com/	1970-01-20 08:08:05	Name: lidc Value: "b=TGST02:s=T:r=T:a=T:p=T:g=2924:u=1:x=1:i=1670799533:t=1670885933:v=2:sig=AQHRsIogavze1zmKfXdllocApNj5Z9pf"
.aaa.com/	1970-01-20 16:52:15	Name: __insp_pad Value: 1
.aaa.com/	1970-01-20 16:52:15	Name: __insp_sid Value: 1420217193
.aaa.com/	1970-01-20 16:52:15	Name: __insp_uid Value: 1055068566
.linkedin.com/	1969-12-31 23:59:59	Name: lang Value: v=2&lang=de-de
.www.linkedin.com/	1970-01-20 16:52:15	Name: bscookie Value: "v=1&202212112258537747ab1c-a204-40ab-87ec-1c0d022a521eAQE507TX_DjJro0ycdJ40Kl27YFmjC1R"
.linkedin.com/	1970-01-20 12:25:51	Name: li_gc Value: MTswOzE2NzA3OTk1MzM7MjswMjEgQSQeElHaKAQnUdV8nej3fRpwsvELPrLuolRfByYy+A==
.turn.com/	1970-01-20 12:25:51	Name: uid Value: 8228637480146854199
.aaa.com/	1969-12-31 23:59:59	Name: s_cc Value: true
.travel.northeast.aaa.com/	1970-01-20 16:52:15	Name: aam_uuid Value: 91328979210809023573138061579162110992
.eyeota.net/	1970-01-20 08:06:40	Name: SERVERID Value: 19415~DM
.yahoo.com/	1970-01-20 16:52:37	Name: A3 Value: d=AQABBK5glmMCEBfjSUmk_Pub7fShe9vmqOQ&S=AQAAAhCC2KLlLC4F8zF_ZbxaFaU
.owneriq.net/	1970-01-20 17:42:39	Name: si Value: Q7240859341474259538
.owneriq.net/	1970-01-20 08:21:03	Name: p2 Value: adpq
travel.northeast.aaa.com/	1969-12-31 23:59:59	Name: PLAY_SESSION Value: b01cde1ad643246fa8c07d54f168a81728155881-mdc-id=%5Ba9b56d31-0ee9-4bc1-a46e-a9295cd191e0%5D&session_expires=1670828334417
travel.northeast.aaa.com/	1969-12-31 23:59:59	Name: rememberMe Value: true
.adnxs.com/	1970-01-20 10:16:15	Name: uuid2 Value: 346568983354566241
.adnxs.com/	1970-01-20 10:16:15	Name: anj Value: dTM7k!M4.FErk#WF']wIg2E?)G'KD!@wnfH)iR8PMp-v=0H^B1d[s<$j^k)lwkVJ#T.`06NYAa.g4dkXm)zyobcmx5FjFT#nrM<eETX+*LM)fteK(
.casalemedia.com/	1970-01-20 16:52:15	Name: CMID Value: Y5ZgryHgBlSMfiEhnAwLugAA
.casalemedia.com/	1970-01-20 10:16:15	Name: CMPS Value: 5129
.casalemedia.com/	1970-01-20 10:16:15	Name: CMPRO Value: 5129
.pubmatic.com/	1970-01-20 10:16:15	Name: KRTBCOOKIE_218 Value: 4056-Y5ZgrAAAAKSJFwNx&KRTB&22978-Y5ZgrAAAAKSJFwNx&KRTB&23194-Y5ZgrAAAAKSJFwNx&KRTB&23209-Y5ZgrAAAAKSJFwNx
.pubmatic.com/	1970-01-20 08:49:51	Name: PugT Value: 1670799534
.spotxchange.com/	1970-01-20 08:46:58	Name: audience Value: 638d7c23-79a7-11ed-a38c-10ffbde80106
.gumgum.com/	1970-01-20 16:52:15	Name: vst Value: e_d813c2d5-6979-4e96-81f9-abe69f8fa002
.demdex.net/	1970-01-20 12:25:51	Name: dextp Value: 269-1-1670799533347\|359-1-1670799533475\|60-1-1670799533594\|470-1-1670799533695\|477-1-1670799533796\|992-1-1670799533896\|903-1-1670799533997\|30064-1-1670799534098\|30646-1-1670799534221\|53196-1-1670799534362\|70962-1-1670799534462\|73426-1-1670799534563\|121998-1-1670799534665\|144230-1-1670799534765\|144231-1-1670799534866\|144232-1-1670799534967\|144233-1-1670799535067\|144234-1-1670799535168\|144235-1-1670799535269\|144236-1-1670799535369\|144237-1-1670799535470\|143525-1-1670799535571\|275754-1-1670799535672\|390122-1-1670799535772
.bidr.io/	1970-01-20 17:35:09	Name: bito Value: AAHltk7HLMEAAB-yDN_8fA
.bidr.io/	1970-01-20 17:35:09	Name: bitoIsSecure Value: ok
sync.srv.stackadapt.com/	1970-01-20 16:52:15	Name: sa-user-id Value: s%3A0-601052aa-afc5-403a-76e2-2f631d7694c6.8cGLFDmU920FT%2FMctDyHiPxD%2BEwvwrLkIGHj3XsZPTI
.srv.stackadapt.com/	1970-01-20 16:52:15	Name: sa-user-id-v2 Value: s%3AYBBSqq_FQDp24i9jHXaUxtly2hc.IXeyAnAuBFKyFFhSmPXLLXRAeB2um5kKS59DU3sodyw

28 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://nm.northeast.aaa.com/assets/remote/js/remote_header.js Message: Failed to load resource: the server responded with a status of 403 ()
network	error	URL: https://travel.northeast.aaa.com/trip/assets/stylesheets/v1/trip.css Message: Failed to load resource: the server responded with a status of 404 ()
javascript	warning	URL: https://assets.adobedtm.com/c0e73f44ef33452babf4efe81baa1b482ed0ca98/satelliteLib-eaeb14e639d9c16e6550a4be4dc38d49846c3e8f.js(Line 1) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://d2wy8f7a9ursnm.cloudfront.net/v7/bugsnag.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://assets.adobedtm.com/c0e73f44ef33452babf4efe81baa1b482ed0ca98/satelliteLib-eaeb14e639d9c16e6550a4be4dc38d49846c3e8f.js(Line 1) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://d2wy8f7a9ursnm.cloudfront.net/v7/bugsnag.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://assets.adobedtm.com/c0e73f44ef33452babf4efe81baa1b482ed0ca98/satelliteLib-eaeb14e639d9c16e6550a4be4dc38d49846c3e8f.js(Line 1) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://www.everestjs.net/static/le/last-event-tag-latest.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://assets.adobedtm.com/c0e73f44ef33452babf4efe81baa1b482ed0ca98/satelliteLib-eaeb14e639d9c16e6550a4be4dc38d49846c3e8f.js(Line 1) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://code.jquery.com/jquery-2.2.4.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
network	error	URL: https://nm.northeast.aaa.com/assets/remote/js/remote_footer.js Message: Failed to load resource: the server responded with a status of 403 ()
network	error	URL: https://www.fullstory.com/s/fs.js Message: Failed to load resource: the server responded with a status of 404 ()
other	warning	URL: https://travel.northeast.aaa.com/trip/sKHVj7O3RAWhevDLVmXnGw/consumer/booking?tst_email=confirmation&utm_source=conf_email&utm_medium=email&utm_campaign=car_insurance(Line 669) Message: Failed to decode downloaded font: data:application/x-font-woff;charset=utf-8;base64,d09GRgABAAAAAIZ0AA4AAAAA/cAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAABGRlRNAAABRAAAABwAAAAcZUS2EEdERUYAAAFgAAAAHwAAACABeAAET1MvMgAAAYAAAAA+AAAAYIsCehJjbWFwAAABwAAAAQ0AAAJKA53KoGdhc3AAAALQAAAACAAAAAgAAAAQZ2x5ZgAAAtgAAHVEAADgpFx6RtBoZWFkAAB4HAAAAC8AAAA2AgZrX2hoZWEAAHhMAAAAHwAAACQNgwenaG10eAAAeGwAAAF6AAAFKofmCy5sb2NhAAB56AAAAnsAAAKY8IYntG1heHAAAHxkAAAAHwAAACABoQKZbmFtZQAAfIQAAAFlAAACuDwOZY5wb3N0AAB97AAACH0AAA4/HuhBCXdlYmYAAIZsAAAABgAAAAbgklGMAAAAAQAAAADMPaLPAAAAAMtUgjAAA...1yHWwDvU0jFnqbhgh6m2x9pd6h9f0NC73Jit6hqZ1QVGPqFG7KCy0MRtQgk0N9JVOIgwbaBmq9g7VUzdZWtSmm2+Y5XcbObVPDT1d7DQtQYLZsZD09MLuB+bTdEyuFLkCbWMpdYee1q4wcaUdUVflUJuLOiOit4KFHzGYg4enPBz1zxiiGVQjIoUcxpobFU0d/JHSNQzQtnV2nuoZ7iEdsfzCl6wREYF29RHfIseYZAqTjL+zZ19/QTPpVTcVIlZsUhOh6aDWatndxUNRrazp2iQgE9Uy9oQ7jzCHVN99ZcSLScGbSW6w3c7or+cSshKE6qWKKaEk8J3SvWQlC4qamwVST75Stm0Yabto4pLlpo224KVZZussJqmrRJWwSW/YsoTYgJlKihriNoJ4UVVJt6EFz62OTPuX4i/OLXfO1p/d3aZD8nTn0sWA6tGV7M+ilgupdw9AqBrH2vflyMIxuSsJf3LHQs11+Yu/8H/BE1cYAAAAAAVGM4JEAAA==
other	warning	URL: https://travel.northeast.aaa.com/trip/sKHVj7O3RAWhevDLVmXnGw/consumer/booking?tst_email=confirmation&utm_source=conf_email&utm_medium=email&utm_campaign=car_insurance(Line 669) Message: OTS parsing error: hmtx: Failed to parse table
network	error	URL: https://travel.northeast.aaa.com/home/jenkins/agent/workspace/ui-tsttravel/ui-tsttravel-single-manual/ui-tsttravel-webservices/src/client/webservices/app/stylesheets/fonts/TST-Icon-Font.woff Message: Failed to load resource: the server responded with a status of 404 ()
javascript	warning	URL: https://assets.adobedtm.com/c0e73f44ef33452babf4efe81baa1b482ed0ca98/satelliteLib-eaeb14e639d9c16e6550a4be4dc38d49846c3e8f.js(Line 1) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://www.googleadservices.com/pagead/conversion.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
network	error	URL: https://travel.northeast.aaa.com/home/jenkins/agent/workspace/ui-tsttravel/ui-tsttravel-single-manual/lib/font-awesome/fonts/fontawesome-webfont.woff2?v=4.7.0 Message: Failed to load resource: the server responded with a status of 404 ()
other	warning	URL: https://travel.northeast.aaa.com/web-services/assets/resource/js/chunk/0-chunk.js(Line 84) Message: Failed to decode downloaded font: data:application/x-font-woff;charset=utf-8;base64,d09GRgABAAAAAIZ0AA4AAAAA/cAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAABGRlRNAAABRAAAABwAAAAcZUS2EEdERUYAAAFgAAAAHwAAACABeAAET1MvMgAAAYAAAAA+AAAAYIsCehJjbWFwAAABwAAAAQ0AAAJKA53KoGdhc3AAAALQAAAACAAAAAgAAAAQZ2x5ZgAAAtgAAHVEAADgpFx6RtBoZWFkAAB4HAAAAC8AAAA2AgZrX2hoZWEAAHhMAAAAHwAAACQNgwenaG10eAAAeGwAAAF6AAAFKofmCy5sb2NhAAB56AAAAnsAAAKY8IYntG1heHAAAHxkAAAAHwAAACABoQKZbmFtZQAAfIQAAAFlAAACuDwOZY5wb3N0AAB97AAACH0AAA4/HuhBCXdlYmYAAIZsAAAABgAAAAbgklGMAAAAAQAAAADMPaLPAAAAAMtUgjAAA...1yHWwDvU0jFnqbhgh6m2x9pd6h9f0NC73Jit6hqZ1QVGPqFG7KCy0MRtQgk0N9JVOIgwbaBmq9g7VUzdZWtSmm2+Y5XcbObVPDT1d7DQtQYLZsZD09MLuB+bTdEyuFLkCbWMpdYee1q4wcaUdUVflUJuLOiOit4KFHzGYg4enPBz1zxiiGVQjIoUcxpobFU0d/JHSNQzQtnV2nuoZ7iEdsfzCl6wREYF29RHfIseYZAqTjL+zZ19/QTPpVTcVIlZsUhOh6aDWatndxUNRrazp2iQgE9Uy9oQ7jzCHVN99ZcSLScGbSW6w3c7or+cSshKE6qWKKaEk8J3SvWQlC4qamwVST75Stm0Yabto4pLlpo224KVZZussJqmrRJWwSW/YsoTYgJlKihriNoJ4UVVJt6EFz62OTPuX4i/OLXfO1p/d3aZD8nTn0sWA6tGV7M+ilgupdw9AqBrH2vflyMIxuSsJf3LHQs11+Yu/8H/BE1cYAAAAAAVGM4JEAAA==
other	warning	URL: https://travel.northeast.aaa.com/web-services/assets/resource/js/chunk/0-chunk.js(Line 84) Message: OTS parsing error: hmtx: Failed to parse table
other	warning	URL: https://travel.northeast.aaa.com/trip/sKHVj7O3RAWhevDLVmXnGw/consumer/booking?tst_email=confirmation&utm_source=conf_email&utm_medium=email&utm_campaign=car_insurance Message: Failed to decode downloaded font: data:application/x-font-woff;charset=utf-8;base64,d09GRgABAAAAAIZ0AA4AAAAA/cAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAABGRlRNAAABRAAAABwAAAAcZUS2EEdERUYAAAFgAAAAHwAAACABeAAET1MvMgAAAYAAAAA+AAAAYIsCehJjbWFwAAABwAAAAQ0AAAJKA53KoGdhc3AAAALQAAAACAAAAAgAAAAQZ2x5ZgAAAtgAAHVEAADgpFx6RtBoZWFkAAB4HAAAAC8AAAA2AgZrX2hoZWEAAHhMAAAAHwAAACQNgwenaG10eAAAeGwAAAF6AAAFKofmCy5sb2NhAAB56AAAAnsAAAKY8IYntG1heHAAAHxkAAAAHwAAACABoQKZbmFtZQAAfIQAAAFlAAACuDwOZY5wb3N0AAB97AAACH0AAA4/HuhBCXdlYmYAAIZsAAAABgAAAAbgklGMAAAAAQAAAADMPaLPAAAAAMtUgjAAA...1yHWwDvU0jFnqbhgh6m2x9pd6h9f0NC73Jit6hqZ1QVGPqFG7KCy0MRtQgk0N9JVOIgwbaBmq9g7VUzdZWtSmm2+Y5XcbObVPDT1d7DQtQYLZsZD09MLuB+bTdEyuFLkCbWMpdYee1q4wcaUdUVflUJuLOiOit4KFHzGYg4enPBz1zxiiGVQjIoUcxpobFU0d/JHSNQzQtnV2nuoZ7iEdsfzCl6wREYF29RHfIseYZAqTjL+zZ19/QTPpVTcVIlZsUhOh6aDWatndxUNRrazp2iQgE9Uy9oQ7jzCHVN99ZcSLScGbSW6w3c7or+cSshKE6qWKKaEk8J3SvWQlC4qamwVST75Stm0Yabto4pLlpo224KVZZussJqmrRJWwSW/YsoTYgJlKihriNoJ4UVVJt6EFz62OTPuX4i/OLXfO1p/d3aZD8nTn0sWA6tGV7M+ilgupdw9AqBrH2vflyMIxuSsJf3LHQs11+Yu/8H/BE1cYAAAAAAVGM4JEAAA==
other	warning	URL: https://travel.northeast.aaa.com/trip/sKHVj7O3RAWhevDLVmXnGw/consumer/booking?tst_email=confirmation&utm_source=conf_email&utm_medium=email&utm_campaign=car_insurance Message: OTS parsing error: hmtx: Failed to parse table
network	error	URL: https://travel.northeast.aaa.com/home/jenkins/agent/workspace/ui-tsttravel/ui-tsttravel-single-manual/ui-tsttravel-webservices/src/client/webservices/app/stylesheets/fonts/TST-Icon-Font.ttf Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://travel.northeast.aaa.com/home/jenkins/agent/workspace/ui-tsttravel/ui-tsttravel-single-manual/lib/font-awesome/fonts/fontawesome-webfont.woff?v=4.7.0 Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://travel.northeast.aaa.com/home/jenkins/agent/workspace/ui-tsttravel/ui-tsttravel-single-manual/lib/font-awesome/fonts/fontawesome-webfont.ttf?v=4.7.0 Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://travel.northeast.aaa.com/v1/prepack/licensee Message: Failed to load resource: the server responded with a status of 403 ()
network	error	URL: https://cdn.pbbl.co/r/2512.js Message: Failed to load resource: the server responded with a status of 403 ()
network	error	URL: https://idsync.rlcdn.com/365868.gif?partner_uid=91328979210809023573138061579162110992 Message: Failed to load resource: the server responded with a status of 451 ()
other	warning	URL: https://travel.northeast.aaa.com/trip/sKHVj7O3RAWhevDLVmXnGw/consumer/booking?tst_email=confirmation&utm_source=conf_email&utm_medium=email&utm_campaign=car_insurance Message: Failed to decode downloaded font: data:application/x-font-woff;charset=utf-8;base64,d09GRgABAAAAAIZ0AA4AAAAA/cAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAABGRlRNAAABRAAAABwAAAAcZUS2EEdERUYAAAFgAAAAHwAAACABeAAET1MvMgAAAYAAAAA+AAAAYIsCehJjbWFwAAABwAAAAQ0AAAJKA53KoGdhc3AAAALQAAAACAAAAAgAAAAQZ2x5ZgAAAtgAAHVEAADgpFx6RtBoZWFkAAB4HAAAAC8AAAA2AgZrX2hoZWEAAHhMAAAAHwAAACQNgwenaG10eAAAeGwAAAF6AAAFKofmCy5sb2NhAAB56AAAAnsAAAKY8IYntG1heHAAAHxkAAAAHwAAACABoQKZbmFtZQAAfIQAAAFlAAACuDwOZY5wb3N0AAB97AAACH0AAA4/HuhBCXdlYmYAAIZsAAAABgAAAAbgklGMAAAAAQAAAADMPaLPAAAAAMtUgjAAA...1yHWwDvU0jFnqbhgh6m2x9pd6h9f0NC73Jit6hqZ1QVGPqFG7KCy0MRtQgk0N9JVOIgwbaBmq9g7VUzdZWtSmm2+Y5XcbObVPDT1d7DQtQYLZsZD09MLuB+bTdEyuFLkCbWMpdYee1q4wcaUdUVflUJuLOiOit4KFHzGYg4enPBz1zxiiGVQjIoUcxpobFU0d/JHSNQzQtnV2nuoZ7iEdsfzCl6wREYF29RHfIseYZAqTjL+zZ19/QTPpVTcVIlZsUhOh6aDWatndxUNRrazp2iQgE9Uy9oQ7jzCHVN99ZcSLScGbSW6w3c7or+cSshKE6qWKKaEk8J3SvWQlC4qamwVST75Stm0Yabto4pLlpo224KVZZussJqmrRJWwSW/YsoTYgJlKihriNoJ4UVVJt6EFz62OTPuX4i/OLXfO1p/d3aZD8nTn0sWA6tGV7M+ilgupdw9AqBrH2vflyMIxuSsJf3LHQs11+Yu/8H/BE1cYAAAAAAVGM4JEAAA==
other	warning	URL: https://travel.northeast.aaa.com/trip/sKHVj7O3RAWhevDLVmXnGw/consumer/booking?tst_email=confirmation&utm_source=conf_email&utm_medium=email&utm_campaign=car_insurance Message: OTS parsing error: hmtx: Failed to parse table
network	error	URL: https://idsync.rlcdn.com/365868.gif?partner_uid=91328979210809023573138061579162110992 Message: Failed to load resource: the server responded with a status of 451 ()
network	error	URL: https://sync.crwdcntrl.net/map/c=9828/tp=ADBE/gdpr=0/gdpr_consent=/tpid=91328979210809023573138061579162110992?https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D121998%26dpuuid%3D${profile_id} Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://usersync.videoamp.com/usersync?partner_id=6667929&partner_user_id=91328979210809023573138061579162110992&redirect=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D70962%26dpuuid%3D%7Bvamp_user_id%7D Message: Failed to load resource: the server responded with a status of 404 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	frame-ancestors 'self' .tstllc.net .aaa.com ama.ab.ca .amatravel.ca .atlantic.caa.ca .caamanitoba.com .caaneo.ca .caask.ca .caaniagara.ca *.caascotravel.com
Strict-Transport-Security	max-age=31536000; includeSubDomains

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

aaanortheast.demdex.net
adobedc.demdex.net
ads.scorecardresearch.com
adservice.google.com
adservice.google.de
api.bounceexchange.com
assets.adobedtm.com
assets.blue.kube.tstllc.net
assets.bounceexchange.com
assets.tstllc.net
b0f1e222212d38141686220c8720529a.safeframe.googlesyndication.com
bat.bing.com
cdn.inspectlet.com
cdn.linkedin.oribi.io
cdn.pbbl.co
cm.everesttech.net
cm.g.doubleclick.net
cms.analytics.yahoo.com
code.jquery.com
connect.facebook.net
d.turn.com
d1taxzywhomyrl.cloudfront.net
d2wy8f7a9ursnm.cloudfront.net
data.cdnbasket.net
dpm.demdex.net
dsum-sec.casalemedia.com
e.cdnwidget.com
fonts.googleapis.com
g2.gumgum.com
googleads.g.doubleclick.net
hn.inspectlet.com
ib.adnxs.com
idpix.media6degrees.com
ids.cdnwidget.com
idsync.rlcdn.com
image2.pubmatic.com
lasteventf-tm.everesttech.net
match.adsrvr.org
match.prod.bidr.io
mcdmetrics.aaa.com
mcdmetrics2.aaa.com
nm.northeast.aaa.com
page.cdnbasket.net
pagead2.googlesyndication.com
pixel.rubiconproject.com
pm.w55c.net
ps.eyeota.net
px.ads.linkedin.com
px.owneriq.net
px4.ads.linkedin.com
rec.smartlook.com
region1.google-analytics.com
s3.amazonaws.com
securepubads.g.doubleclick.net
sessions.bugsnag.com
snap.licdn.com
stats.g.doubleclick.net
sync-tm.everesttech.net
sync.crwdcntrl.net
sync.mathtag.com
sync.search.spotxchange.com
sync.srv.stackadapt.com
tag.wknd.ai
tpc.googlesyndication.com
travel.northeast.aaa.com
us-u.openx.net
usersync.videoamp.com
view.cdnbasket.net
web-assets.tstllc.net
www.aaa.com
www.everestjs.net
www.facebook.com
www.fullstory.com
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.googletagservices.com
www.linkedin.com
13.107.42.14
13.224.189.127
13.224.189.4
13.225.78.101
13.225.84.152
13.225.84.99
13.36.218.177
142.250.185.162
142.250.186.98
151.101.130.49
18.202.191.241
184.72.128.159
185.29.132.241
185.64.189.110
185.80.39.216
185.94.180.126
2001:4860:4802:34::36
2001:4de0:ac18::1:a:2b
2001:678:cb4:bbbb::13
212.82.100.182
23.44.78.119
2600:1901:0:7a0b::
2600:9000:20eb:ee00:2:53b2:240:93a1
2606:4700:10::6816:38f5
2606:4700:10::ac43:aac
2606:4700::6812:16ea
2620:1ec:21::14
2620:1ec:c11::200
2a00:1450:4001:803::200a
2a00:1450:4001:806::2001
2a00:1450:4001:806::2002
2a00:1450:4001:808::2002
2a00:1450:4001:80f::2002
2a00:1450:4001:827::2008
2a00:1450:4001:829::2001
2a00:1450:4001:829::2002
2a00:1450:4001:82b::2002
2a00:1450:4001:82b::2003
2a00:1450:4001:82b::200e
2a00:1450:4001:82f::2004
2a00:1450:400c:c04::9c
2a02:26f0:3500:16::215:14a0
2a02:26f0:3500:587::1e80
2a02:6ea0:c700::19
2a03:2880:f01c:216:face:b00c:0:3
2a03:2880:f11c:8083:face:b00c:0:25de
2a05:d014:275:cb01:2c5:838c:1ab7:a223
3.127.178.105
3.248.2.215
3.75.169.179
34.102.193.48
34.107.191.194
34.111.8.32
34.117.96.210
34.120.253.250
34.149.149.159
34.232.6.3
34.251.90.149
34.98.72.95
35.190.127.230
35.244.159.8
35.244.174.68
37.252.171.21
44.195.94.142
45.60.154.98
45.60.64.121
46.137.71.247
52.19.187.82
52.209.194.100
52.217.199.16
52.223.40.198
52.30.188.40
54.224.247.129
69.173.144.138
96.16.147.243
01510d59060f8556e0921e30092ec94b07722edca3e60b918b9f4ae94e0d2505
05632bd17ae6013db11864ba86f363756e305cd5a56ee788fe20774ed6c750f9
059d3c257d61801506bdc30c1cfcc61fbdf4c5c94a4163bc0c62ee153253b609
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e
07d8d7373422a00853059ed4c210787aa2dd23e9fcc9a8da9f5ad72db5eb38cb
08bbcc64722e668378612103e52728e7d9ba0bedea0baddcd235269546b17878
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0ba7c0356149946bf0642fab4ef85b95e7090f6f785d0fb84323d0c442e5190a
0e09c0eda1b65c1b9c5ef830608b43572ce302b8496a18e2f4792ca2c9cb809c
13e3f896db6fea2e223e274e381af0e81c016292b4e3ee0be3dd5cfdd07af88f
15f1fde7deb1f2cfecb62abe9d99d230384ecbb429e962bd449f4259e64fbec6
19a368e54d672abe395803f0e69f5ae639ae73353c06f36dad773b0c57e6a613
1c7fe750bd3616100f1d7384cf830625c9efc81391e3abd51b47bfe2a344afb4
1d32627006e0e63d706ca39ec8735807bc8f73946f38f4985740679edea22edd
1e288c4dc57f72a69a497baef524f41c57e1c6a414b09a5bde22cd5b2f1b7cdf
20e3f4b611985bd51b4f1c21b8a0eae79f221c770d2020025835976ad06263bd
21529ace5e017a1a5845e389580655e46303449dabf8c782a748f60396142207
25ccfc857a24966c640e4ea9c44f31aa1471e7d83d056bad5ca1369cff3d4ecc
26d53a78b9b713f13ed8cbeac11c0bb2c54d6c54e8b064d78d45ba0824c8156c
2911aa3b401cbda8e461b964ddf87d0a9657b52bea06af815275c5f992b7d613
2adcf3ebc7edea2e5aefaee6ea433327a1326d172dced9359be54c84c16bb9d5
2bd376c8680d10b5e90728b05cbeff2a06e7e78e716e1e9a88c7f28e961a83d8
2c08fa37317725e886f3c0e0107acd19ebd91ced8d186733927ebf82ae5a2cd8
2c9b2486941b18c4e3485fd402acc4f226d5431ae18e3596e8b97d9c9e3dd943
2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef
30ccb7969d43ec4a016a7a11920784bb62e7fecf6fd2a85f33592dd6f40e5320
379597d2a5cbc0c08a248a2ee054642d934c8e21ec369f779c59ee510453db59
3bf32ec3a0fda567c36a8b061e6eb736d5c75348a9f789dcbeeb0cb7c5eb724c
3daefae61ca209ebd22d9b1603c340b4319992114996c80a9429bc895d726d06
3ff7b0b317b417d887b4d1b311ac5a390b85345337838d182296dad380682a87
403af363a86acc6874698194b930357b1ef4a1a3752c519a5f283fa53a9c46fb
410bef249350308a4b2142d7e38b80f9c3b33ce822622473a8744c9ffa72ddbc
425149f776ce3188f504a799706d51cb75e7b4b811ea4e9d5e981aa5080865ec
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
47aac4d4133f05ce70bc2ffe8d0c542921150a9e6f67146b97a1884494141fc0
49864210648870e225231dfcc7c5272679ac1cd0f53392b9cd26281eaa6c247d
4a4f0777bfb9572cb278aca310fe904b5726ae60cfbde4ace23255d18c7bf0fc
4abdc5bae3773141e85e6bed6c09953d57aded7ef98b1d304c42807f2229474f
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4c22fe391b6d67ac76003078df327e1a28fbc8738c9ca3242c12707146d792d6
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4e58b78b5844a988d67532b4683a6e8b3235b3d56d319727e65f460805bbdec4
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
51250d44520b41cd820c338af8c1a64bd31144fcc1f5d67fb4bac9727cf59db1
518899507a58ef7dc4db56241feb800578ea5f2ec55b59c56dca110f936274cd
520577ecfa5eb160095893db1406200408b40f32718bc56cabc53ee5048d233d
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
5d554121551df68e414c85920b6541d2e92251a189ff19a4b1f8dffe97ce1cb5
5fa87130a1e4ff5306f760e2125a2e91e48c628a84fc4c84d0180be950829080
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
641153b2ad78e5d095645419060a4ea0854b1b3ec5ff27e99644c9f8d461610c
6449ca02be1be4d67e5103959e6b80c38ec1d12909a2f0560b76f48d1d452b68
6627c5ab36fa407f18fc9b6987e359eccef005ae6d35b370d2142b7daa770324
6c4133ff5eff0f23ca2f6fdaceea1d4dd3a91e499a0b0aef688b0f31206b0328
6d46e2cf165a5a0584afba7bc9663da292ee08c97cfc7613de6013ed05be892a
6e70b749d9e6d9e60f65643c72cde098daec8cff61d31bc96752385e38ab2822
71a980fae18c2c5ab33f47cbac734ab86aaa815e0325ce68be34ccd55b04cfb9
737be8d2a2db4d729155190f62d3b1f656cdaec35b42b59eeeda3043246a50cd
759ba85ad57a23f5988379b328676c38641d8565db9244f2a0c6856bf330c540
78c1c1baf0d964522f8afab09cfc754685c1648826a7f9967fd52b774b4ec5aa
7b1eaaaf180a13c29b6dddc3b0ae23333b4397e0f3c065b4c86da2f2530a5f89
7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8
7fde221486c3e05f825980fec689e0671182230722188921d256b58a7383d9cb
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
8957ac4c6b017a9018a7cdbc5df93e3e66d8f2716603895b12965329066a4a9c
896dc606e60744d210d3cf5adcd413273fa7033bd99a94955193f20554b29fdd
897600b074c2a2e02b176f2d3e5caf964883dc5ea1c340c7576723e3932b9128
8aa5efde86c226b1c6daaa9e29be64ba62beb170ec6329bde6927f77c9292b02
8b3e8e10db2f90bdb8710b478c200588b2396146e4b07b22a795ad79e062360f
8b603d0a4b1759b08582cbf53d885cabda4bccfe304f916c1b64ad363b84fa0d
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8f5f43c8df2ecc31862880c3645d2d0a6d067467e9de9a302d683d92e78af63a
901a3d923f29e1e5722d7978b88a487fe3e2b38f2870fb968a29f8df66e79122
9366be9dc7f0c13655e2a45ce1df32f55b937efc0878b30954969c88151f1482
96ec675a4fab3039503907507b779ba05af8716418a84dac63e308bfb9701d02
9795c5ff8937f23526ccb207a5684c1fc94a7854e19c021b39d944e51f5baef2
98860e376b483292b9d55b6930a5e5514ee8e422ac36c40e9ea1ceb041860e9b
9c970a630bb143071d81a8418fbd2b8c46087e996bb132b94ab4b5833a93b9d6
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a796e91dc42aef7823610e7b41f1effdcd4f6f8bd06ce3380e24d5d30cfc1919
aaed9dc3a855f5067df7cde88c06ca9ed9de210dfadfaf3f4b49b58ca40df292
abb45ae4b3a896ae99132c1786a9676218c119ea552d3fbb5ab6d40d9e05e43c
addfb6cc8049b942d00890f6029abfbd486bc37fab0f3c3b2a73a16b2f8ace6f
af8951f96634a1462e19eb386714db196ef60a3318f640e1eef5a381026b495a
b01bd01687b15585b2740273c8c3c6674dd9f559cfe52eeffdf43b1f93a12d05
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b1ec8cb1c972ffa0b6bc4db61c6a7420bee94ea93f39f530afb4a16dc3a9fb4e
b3f085bdbf23c973cba5bf8877b0ec61659a40b65e853515674c9f3be383def6
b42e4a056cb5b80c5a315040826866445ec9332f0749e184509ab2d9d3b86719
bb2e1a97e3bc84334fa38904266d7ef01dc9407e17b3fcf54ea4a8ecbf494abf
bea76e255dbe1cfa07040c98488735093c759a4c649e103c721f8286a23b62cb
beb0512234a9e452ac5202c6919ea871ae8f78cec6e14e800e5fc0204d90009f
bfb8e638fa9c13a763adec2844347c8e1d981ef2cfc6d4d8a87f63dc50164cb5
c1a3262f45eaf8f7dc48684cd6744476461de714876967802077dc374fc5d097
c56617b3dabcfa00d7b20aa2b2e76ff3f4483fb67abb4bdcef754d617617d537
c646bcb4225cd7654a1bcc52efdbca4265ae892fa5791a6bc0ebcc330f358ff4
c68974caa3b56591634bdbc73bdfbbdefddd42caddee99cecb72f4f264116575
cbf31c46d7e5115896c60f30663172023e7b53cdb5e248a23195d4175aeb0219
cc38549498881477498ba5a0f2a85a88df4f2c1e461fa8f152a7fa44289b0df5
d5559d3b0cee55783bedf2468ef7d7e02f60eca4bb91ccd8ec0fbbba1644b8bf
d6d01246a30e9d483531c27721f73f266fa4af35effdb21683ac02a620ab8aaf
d789477acfadf97e5798506acc8e55d7f11a9a51807d3edc13e1ac592997d487
d7de9b79990bb103408b06aacc98307309774f564e70ba905949e80b5ba47f14
de1271b75470960be5b33d00f9264602eab356f0b86045292a33713d79d21a89
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
df28cad7e31e9a93b565605beaf4ccd25e04b2fa62d8faf2e939ceffad151931
e37006087cb6a7068f51492170dd9a2541651a9ec213778d91b42e040679d3b1
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e
ebcd43274f956ef6d5c0f690695cc56c35a3a77180c9d1b80791febe4e27f601
ed2b9de8f36895ff8e5324067c9a27a15ba63337c2a3232bd757863585507ef9
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f0648dd60b72161450eb93d6fa81bb6ec46bb9dffb2d2d0c6f3b5d4ac1e01dda
f2c4b7d20ff42a433d0c76631c460cd75128f8f0436d052ce2cf79dc4fa6a244
f2f11e4d45030f1f21ec7d3ae67a65b83c4c67016fe861fbebdff04ca0c8cd60
f529cf4430e32ae0b07d7d606ca1043e8cd9ebb9476456589578a299bad459bd
f5a24734d7e06b2592d9cb787aa3babc7a76bab48adb7d71d64b7ef8ba375329
f886c98604a1761d6c24ee2f0b66274b64e169eee9e5c45f009937a1e60f08de
fd9044a309ef7d51ad98d6a471d5ba00af04478843631e0cf5e2bfc36b509c2c
fe13408d11ff849139c4b0dc24d1d81714c47bdb2fe2a59f5b79d8c9c4052d6a
fe3fcb884394be745dbd11141b6d780028a4d86106b6292d7502db096f582218

travel.northeast.aaa.com Open in urlscan Pro 184.72.128.159 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

186 Requests

85 %HTTPS

39 %IPv6

54 Domains

80 Subdomains

65 IPs

8 Countries

5287 kBTransfer

15512 kBSize

79 Cookies

3 Outgoing links

Redirected requests

186 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 5 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

travel.northeast.aaa.com Open in urlscan Pro
184.72.128.159 Public Scan

Screenshot
Live screenshot

Full Image

186
Requests

85 %
HTTPS

39 %
IPv6

54
Domains

80
Subdomains

65
IPs

8
Countries

5287 kB
Transfer

15512 kB
Size

79
Cookies

186 HTTP transactions
5 data transactions