urlscan.io logo urlscan.io
SecurityTrails logo

www.savingwellness.com Open in urlscan Pro
54.71.235.212  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://savingwellness.com/
Effective URL: https://www.savingwellness.com/
Submission: On February 07 via automatic, source certstream-suspicious — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 20 IPs in 5 countries across 12 domains to perform 83 HTTP transactions. The main IP is 54.71.235.212, located in Boardman, United States and belongs to AMAZON-02, US. The main domain is www.savingwellness.com.
TLS certificate: Issued by Amazon on August 4th 2022. Valid for: a year.
This is the only time www.savingwellness.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

2    54.71.235.212 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-71-235-212.us-west-2.compute.amazonaws.com
savingwellness.com
www.savingwellness.com
22    2600:9000:2171:d400:b:2003:1c00:21 (United States)

ASN16509 (AMAZON-02, US)
d16u4nxze4xw1c.cloudfront.net
5    2a00:1450:4001:80b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
securepubads.g.doubleclick.net
1    2600:9000:211e:2400:6:151d:f540:93a1 (United States)

ASN16509 (AMAZON-02, US)
dynamic.mediabuyanalytics.com
3    54.186.222.216 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-186-222-216.us-west-2.compute.amazonaws.com
api.mediabuyanalytics.com
1    2a00:1450:400d:807::2002 (Ireland)

ASN15169 (GOOGLE, US)
adservice.google.de
1    2a00:1450:4001:80e::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
adservice.google.com
5    2a00:1450:400d:80c::2002 (Ireland)

ASN15169 (GOOGLE, US)
pagead2.googlesyndication.com
2    2a00:1450:4001:812::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
58bf08f8517eb2adaf7af131d0606954.safeframe.googlesyndication.com
6    2a00:1450:400d:805::2001 (Ireland)

ASN15169 (GOOGLE, US)
tpc.googlesyndication.com
3    103.229.205.243 (Singapore)

ASN30419 (MEDIAMATH-INC, US)
tags.mathtag.com
1    2a00:1450:400d:80a::2002 (Ireland)

ASN15169 (GOOGLE, US)
www.googletagservices.com
1    2a00:1450:400d:808::2004 (Ireland)

ASN15169 (GOOGLE, US)
www.google.com
1    138.201.220.30 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.30.220.201.138.clients.your-server.de
hal9000.redintelligence.net
1    2.18.233.201 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-233-201.deploy.static.akamaitechnologies.com
pixel.mathtag.com
4    138.201.84.245 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.245.84.201.138.clients.your-server.de
hal900025.redintelligence.net
5    37.157.4.41 (Denmark)

ASN198622 (ADFORM, DK)
track.adform.net
17    37.157.6.234 (Denmark)

ASN198622 (ADFORM, DK)
s1.adform.net
3    2606:4700::6811:190e (United States)

ASN13335 (CLOUDFLARENET, US)
cdnjs.cloudflare.com
Apex Domain
Subdomains		 Transfer
22 adform.net
track.adform.net — Cisco Umbrella Rank: 3696
s1.adform.net — Cisco Umbrella Rank: 8046
188 KB
22 cloudfront.net
d16u4nxze4xw1c.cloudfront.net
3 MB
13 googlesyndication.com
pagead2.googlesyndication.com — Cisco Umbrella Rank: 104
58bf08f8517eb2adaf7af131d0606954.safeframe.googlesyndication.com
tpc.googlesyndication.com — Cisco Umbrella Rank: 149
59 KB
5 redintelligence.net
hal9000.redintelligence.net — Cisco Umbrella Rank: 31195
hal900025.redintelligence.net — Cisco Umbrella Rank: 205364
6 KB
5 doubleclick.net
securepubads.g.doubleclick.net — Cisco Umbrella Rank: 190
168 KB
4 mathtag.com
tags.mathtag.com — Cisco Umbrella Rank: 4453
pixel.mathtag.com — Cisco Umbrella Rank: 975
3 KB
4 mediabuyanalytics.com
dynamic.mediabuyanalytics.com
api.mediabuyanalytics.com
97 KB
3 cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 198
25 KB
2 google.com
adservice.google.com — Cisco Umbrella Rank: 70
www.google.com — Cisco Umbrella Rank: 2
2 KB
2 savingwellness.com
savingwellness.com
www.savingwellness.com
5 KB
1 googletagservices.com
www.googletagservices.com — Cisco Umbrella Rank: 186
49 KB
1 google.de
adservice.google.de — Cisco Umbrella Rank: 8741
531 B
83 12
Domain Requested by
22 d16u4nxze4xw1c.cloudfront.net www.savingwellness.com
d16u4nxze4xw1c.cloudfront.net
17 s1.adform.net track.adform.net
s1.adform.net
www.savingwellness.com
6 tpc.googlesyndication.com securepubads.g.doubleclick.net
58bf08f8517eb2adaf7af131d0606954.safeframe.googlesyndication.com
tpc.googlesyndication.com
5 track.adform.net hal900025.redintelligence.net
s1.adform.net
5 pagead2.googlesyndication.com securepubads.g.doubleclick.net
tpc.googlesyndication.com
www.googletagservices.com
5 securepubads.g.doubleclick.net www.savingwellness.com
securepubads.g.doubleclick.net
4 hal900025.redintelligence.net hal9000.redintelligence.net
hal900025.redintelligence.net
3 cdnjs.cloudflare.com s1.adform.net
3 tags.mathtag.com 58bf08f8517eb2adaf7af131d0606954.safeframe.googlesyndication.com
tags.mathtag.com
3 api.mediabuyanalytics.com dynamic.mediabuyanalytics.com
2 58bf08f8517eb2adaf7af131d0606954.safeframe.googlesyndication.com securepubads.g.doubleclick.net
1 pixel.mathtag.com tags.mathtag.com
1 hal9000.redintelligence.net www.savingwellness.com
1 www.google.com tpc.googlesyndication.com
1 www.googletagservices.com 58bf08f8517eb2adaf7af131d0606954.safeframe.googlesyndication.com
1 adservice.google.com securepubads.g.doubleclick.net
1 adservice.google.de securepubads.g.doubleclick.net
1 dynamic.mediabuyanalytics.com www.savingwellness.com
1 www.savingwellness.com
1 savingwellness.com 1 redirects
83 20

This site contains no links.

Subject Issuer Validity Valid
savingwellness.com
Amazon		 2022-08-04 -
2023-09-02		 a year crt.sh
*.cloudfront.net
Amazon RSA 2048 M01		 2022-12-08 -
2023-12-07		 a year crt.sh
*.g.doubleclick.net
GTS CA 1C3		 2023-01-09 -
2023-04-03		 3 months crt.sh
dynamic.mediabuyanalytics.com
Amazon		 2022-08-02 -
2023-08-31		 a year crt.sh
*.mediabuyanalytics.com
Amazon		 2022-05-20 -
2023-06-18		 a year crt.sh
*.google.de
GTS CA 1C3		 2023-01-09 -
2023-04-03		 3 months crt.sh
*.google.com
GTS CA 1C3		 2023-01-09 -
2023-04-03		 3 months crt.sh
tpc.googlesyndication.com
GTS CA 1C3		 2023-01-09 -
2023-04-03		 3 months crt.sh
*.mathtag.com
DigiCert TLS RSA SHA256 2020 CA1		 2022-04-18 -
2023-04-25		 a year crt.sh
www.google.com
GTS CA 1C3		 2023-01-09 -
2023-04-03		 3 months crt.sh
redintelligence.net
R3		 2022-12-05 -
2023-03-05		 3 months crt.sh
pixel.mathtag.com
DigiCert TLS RSA SHA256 2020 CA1		 2022-07-05 -
2023-07-05		 a year crt.sh
track.adform.net
DigiCert TLS RSA SHA256 2020 CA1		 2022-09-20 -
2023-09-20		 a year crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2022-08-03 -
2023-08-02		 a year crt.sh

This page contains 7 frames:

Primary Page: https://www.savingwellness.com/
Frame ID: 9365A9B473DECCA606D3162BA995EB36
Requests: 36 HTTP requests in this frame

Frame: https://58bf08f8517eb2adaf7af131d0606954.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 51CBD3A24C292C163BC07D173B3A86CE
Requests: 1 HTTP requests in this frame

Frame: https://58bf08f8517eb2adaf7af131d0606954.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 63783190A4FBDBC455D1C13E47B02F7E
Requests: 14 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: B6C62C3C8C43855B4C037D5A8FB3F308
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 0B16CDFC8120AE39A3C663CA5EC45DCB
Requests: 2 HTTP requests in this frame

Frame: https://hal900025.redintelligence.net/request_content.php?s=52523600011418206783193012228025&a=f5ecf1ed
Frame ID: E7D49A3C55E193D5A5770C29E2951291
Requests: 11 HTTP requests in this frame

Frame: https://s1.adform.net/Banners/Elements/Files/160090/12320355/12320355.js?ADFassetID=12320355&bv=258
Frame ID: 44376FE1317AA28B2CD8669EFDB14BDD
Requests: 18 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Saving Wellness

Page URL History Show full URLs

  1. https://savingwellness.com/ HTTP 302
    https://www.savingwellness.com/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • tpc\.googlesyndication\.com/safeframe
Overall confidence: 100%
Detected patterns
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Overall confidence: 100%
Detected patterns
  • googlesyndication\.com/

Page Statistics

83
Requests

100 %
HTTPS

58 %
IPv6

12
Domains

20
Subdomains

20
IPs

5
Countries

3582 kB
Transfer

4961 kB
Size

7
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://savingwellness.com/ HTTP 302
    https://www.savingwellness.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

83 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
www.savingwellness.com/
Redirect Chain
  • https://savingwellness.com/
  • https://www.savingwellness.com/
15 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.savingwellness.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.71.235.212 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-71-235-212.us-west-2.compute.amazonaws.com
Software
nginx /
Resource Hash
73c018b90c0e70a6434d20ab04162ddd956a280988f9cfd4d8d285735e2faa70
Security Headers
Name Value
X-Frame-Options DENY

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-store, no-cache, must-revalidate, max-age=0 post-check=0, pre-check=0
content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Tue, 07 Feb 2023 03:37:33 GMT
pragma
no-cache
referrer-policy
origin-when-cross-origin
server
nginx
x-frame-options
DENY

Redirect headers

cache-control
no-store, no-cache, must-revalidate, max-age=0 post-check=0, pre-check=0
content-type
text/html; charset=UTF-8
date
Tue, 07 Feb 2023 03:37:33 GMT
location
https://www.savingwellness.com/
pragma
no-cache
referrer-policy
origin-when-cross-origin
server
nginx
x-frame-options
DENY
frontend.min.css
d16u4nxze4xw1c.cloudfront.net/frontend/production/ 		413 KB
49 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://d16u4nxze4xw1c.cloudfront.net/frontend/production/frontend.min.css?v=f3793c54-3dea-081b-c2d0-7e5f3bf4ad7a
Requested by
Host: www.savingwellness.com
URL: https://www.savingwellness.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2171:d400:b:2003:1c00:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
f54b1c4b1607e005935a6bb211a68a7c853fc43e8d702e1793e718a500b5c4af

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.savingwellness.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date
Tue, 07 Feb 2023 03:37:34 GMT
content-encoding
gzip
via
1.1 ef76486b8b2194781e7708296c3d455c.cloudfront.net (CloudFront)
last-modified
Tue, 24 Jan 2023 16:00:31 GMT
server
AmazonS3
x-amz-cf-pop
CDG53-C1
etag
W/"c26b4a54aef55c513a4833fb8247f4d5"
vary
Accept-Encoding
x-cache
RefreshHit from cloudfront
content-type
text/css
x-amz-cf-id
uN3aZjJFduRocQAlnlakwes_C21JxfbTu-Tylc_rM9lbqDiRuDC-2g==
gpt.js
securepubads.g.doubleclick.net/tag/js/ 		79 KB
27 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/tag/js/gpt.js
Requested by
Host: www.savingwellness.com
URL: https://www.savingwellness.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
899bb79fb90f7fca237cd294cff599ccc90a2388fedc115198d9b35cfed82f53
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.savingwellness.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date
Tue, 07 Feb 2023 03:37:33 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
27225
x-xss-protection
0
server
sffe
etag
"1475 / 790 of 1000 / last-modified: 1675724802"
vary
Accept-Encoding
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type
text/javascript
cache-control
private, max-age=900, stale-while-revalidate=3600
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
expires
Tue, 07 Feb 2023 03:37:33 GMT
472d3438-8644-09c6-abda-2cad64514ba9.js
dynamic.mediabuyanalytics.com/auction/ 		312 KB
97 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://dynamic.mediabuyanalytics.com/auction/472d3438-8644-09c6-abda-2cad64514ba9.js
Requested by
Host: www.savingwellness.com
URL: https://www.savingwellness.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:211e:2400:6:151d:f540:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
ef69db0fe9fea6f98fbc069da25726d05ccdc8389190ce4daeef8d5229bd3924

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.savingwellness.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date
Tue, 07 Feb 2023 03:37:34 GMT
content-encoding
gzip
via
1.1 07fbd2276304c86925071791c7032950.cloudfront.net (CloudFront)
server
nginx
x-amz-cf-pop
FRA56-C2
x-cache
Miss from cloudfront
content-type
application/javascript
cache-control
max-age=60, s-maxage=600
x-amz-cf-id
QUjtNwvhI7fw7XTuKsmxAokBYMMa2WRYTsn23OCLJVhVC-lVb0QeWw==
2b9be027-7f55-15c3-9713-c5bdf9846cda.png
d16u4nxze4xw1c.cloudfront.net/image-resize/autox15x0/image/ 		511 B
828 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d16u4nxze4xw1c.cloudfront.net/image-resize/autox15x0/image/2b9be027-7f55-15c3-9713-c5bdf9846cda.png
Requested by
Host: www.savingwellness.com
URL: https://www.savingwellness.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2171:d400:b:2003:1c00:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
d685f5ec2f690fa991cecbb9bd74cc220624bb3919f547d901726e3003a229fd

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.savingwellness.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date
Tue, 07 Feb 2023 03:37:35 GMT
via
1.1 ef76486b8b2194781e7708296c3d455c.cloudfront.net (CloudFront)
last-modified
Fri, 12 Feb 2021 16:21:34 GMT
server
AmazonS3
x-amz-cf-pop
CDG53-C1
etag
"9c04929a72411602ffb963b0ba13343e"
x-cache
Miss from cloudfront
content-type
image/png
accept-ranges
bytes
content-length
511
x-amz-cf-id
eIo8GXzbB50WSyyjpflSmWN-qtSQ7qBvOSa9qviLKfT-QinF52m1hQ==
0d5355b9-4823-b995-8879-8d286889c486.png
d16u4nxze4xw1c.cloudfront.net/image-resize/autox25x0/image/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d16u4nxze4xw1c.cloudfront.net/image-resize/autox25x0/image/0d5355b9-4823-b995-8879-8d286889c486.png
Requested by
Host: www.savingwellness.com
URL: https://www.savingwellness.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2171:d400:b:2003:1c00:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
62388e7f083cafef3c250acf59b6a00e9b21fe7392389714d7464ff4c1dcc35a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.savingwellness.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date
Tue, 07 Feb 2023 03:37:35 GMT
via
1.1 ef76486b8b2194781e7708296c3d455c.cloudfront.net (CloudFront)
last-modified
Fri, 12 Feb 2021 16:19:10 GMT
server
AmazonS3
x-amz-cf-pop
CDG53-C1
etag
"b267f2413f5a00ba2720b8b47c4b364c"
x-cache
Miss from cloudfront
content-type
image/png
accept-ranges
bytes
content-length
1864
x-amz-cf-id
LXL_bBwHKQz54noFezqZiF5XBMEF9y1mO836UCPtwhFvR75w11y_Kw==
frontend.min.js
d16u4nxze4xw1c.cloudfront.net/frontend/production/ 		224 KB
73 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://d16u4nxze4xw1c.cloudfront.net/frontend/production/frontend.min.js?v=fbc862cc-69c8-33a6-4a9a-85895948cc0c
Requested by
Host: www.savingwellness.com
URL: https://www.savingwellness.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2171:d400:b:2003:1c00:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
8720f78a171a381c61f373c5b7f3431bf5e89f931532bf2d0a6d284ccf2f864f

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.savingwellness.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date
Tue, 07 Feb 2023 03:37:34 GMT
content-encoding
gzip
via
1.1 ef76486b8b2194781e7708296c3d455c.cloudfront.net (CloudFront)
last-modified
Tue, 24 Jan 2023 16:00:31 GMT
server
AmazonS3
x-amz-cf-pop
CDG53-C1
etag
W/"f5bde267a7182590d42f80ab96f68b82"
vary
Accept-Encoding
x-cache
RefreshHit from cloudfront
content-type
application/javascript
x-amz-cf-id
_R-fzh_61MDk8b_WagbvhgYmPglYPupoV1J6yC4pP_0R6IHqzYd2_g==
e86abe97-04d1-2f8c-6f1d-8133c0f11562.jpg
d16u4nxze4xw1c.cloudfront.net/image/ 		328 KB
329 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d16u4nxze4xw1c.cloudfront.net/image/e86abe97-04d1-2f8c-6f1d-8133c0f11562.jpg
Requested by
Host: www.savingwellness.com
URL: https://www.savingwellness.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2171:d400:b:2003:1c00:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
f94771bb01feaa3620782028715818e29cbed59eac3497059e4ef1886c88e887

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.savingwellness.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date
Tue, 07 Feb 2023 03:37:35 GMT
via
1.1 ef76486b8b2194781e7708296c3d455c.cloudfront.net (CloudFront)
last-modified
Wed, 27 Jan 2021 18:42:58 GMT
server
AmazonS3
x-amz-cf-pop
CDG53-C1
etag
"db4eecb43c30533e177dfb207b4a25ed"
vary
Accept-Encoding
x-cache
RefreshHit from cloudfront
content-type
image/jpeg
accept-ranges
bytes
content-length
336003
x-amz-cf-id
LC2L6wD5-9MRWhA5-2dGanIxx1qZCLXZ-2HCHI9ho6_awYyoPBCiQQ==
68ee2859-96b9-9220-484d-dd84e5a1919c.jpg
d16u4nxze4xw1c.cloudfront.net/image/ 		26 KB
26 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d16u4nxze4xw1c.cloudfront.net/image/68ee2859-96b9-9220-484d-dd84e5a1919c.jpg
Requested by
Host: www.savingwellness.com
URL: https://www.savingwellness.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2171:d400:b:2003:1c00:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
f601bdf6a0e38acffe39761cff97e0f4a8334536d27bc96ef3dbd6a1f4e38e2d

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.savingwellness.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date
Tue, 07 Feb 2023 03:37:35 GMT
via
1.1 ef76486b8b2194781e7708296c3d455c.cloudfront.net (CloudFront)
last-modified
Wed, 27 Jan 2021 18:43:19 GMT
server
AmazonS3
x-amz-cf-pop
CDG53-C1
etag
"12ab30dd8675fbab1e5b29b56e739e6c"
x-cache
Miss from cloudfront
content-type
image/jpeg
accept-ranges
bytes
content-length
26179
x-amz-cf-id
i7Hk_KhS-m6TuaG-_wmD6wHWcocHjYtgRH9aEyPLz4nzWQcc4zBu6w==
580ebf69-1faa-36a0-4cc8-50e23d66c0a1.jpg
d16u4nxze4xw1c.cloudfront.net/image/ 		87 KB
88 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d16u4nxze4xw1c.cloudfront.net/image/580ebf69-1faa-36a0-4cc8-50e23d66c0a1.jpg
Requested by
Host: www.savingwellness.com
URL: https://www.savingwellness.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2171:d400:b:2003:1c00:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
0470b794b7d1e85778a269e8514a405f91f8e57502a138c6cbfb43bf3d4ace3f

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.savingwellness.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date
Tue, 07 Feb 2023 03:37:35 GMT
via
1.1 ef76486b8b2194781e7708296c3d455c.cloudfront.net (CloudFront)
last-modified
Wed, 27 Jan 2021 18:43:08 GMT
server
AmazonS3
x-amz-cf-pop
CDG53-C1
etag
"bf23c83da1feaaf9a74b904836c9a8f1"
x-cache
Miss from cloudfront
content-type
image/jpeg
accept-ranges
bytes
content-length
89189
x-amz-cf-id
CewrLK-Ae5dWyy6W1yVcw3u8z_-FqLClogqgTYj2R2A4rLf2-Gum8A==
969110ba-d02e-a164-f5b6-b46eb0ce40e1.jpg
d16u4nxze4xw1c.cloudfront.net/image/ 		98 KB
98 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d16u4nxze4xw1c.cloudfront.net/image/969110ba-d02e-a164-f5b6-b46eb0ce40e1.jpg
Requested by
Host: www.savingwellness.com
URL: https://www.savingwellness.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2171:d400:b:2003:1c00:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
734c9230c763d4277ba60da6ad2795b01b9e170f76c94a477f714080dbb3e7a5

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.savingwellness.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date
Tue, 07 Feb 2023 03:37:35 GMT
via
1.1 ef76486b8b2194781e7708296c3d455c.cloudfront.net (CloudFront)
last-modified
Thu, 12 May 2022 12:50:12 GMT
server
AmazonS3
x-amz-cf-pop
CDG53-C1
etag
"d478c4ba0db53ced219deec456456201"
vary
Accept-Encoding
x-cache
RefreshHit from cloudfront
content-type
image/jpeg
accept-ranges
bytes
content-length
99973
x-amz-cf-id
4LwgF1-uAI3nd4B1L6a4mALQZWlr7dbXtVEjXnKI5-XiIO6eEkOTEA==
255e24e4-d3e3-c637-44ce-e154022697d2.jpg
d16u4nxze4xw1c.cloudfront.net/image/ 		171 KB
171 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d16u4nxze4xw1c.cloudfront.net/image/255e24e4-d3e3-c637-44ce-e154022697d2.jpg
Requested by
Host: www.savingwellness.com
URL: https://www.savingwellness.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2171:d400:b:2003:1c00:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
b37c676b6abdabdc0107c9f9742eccd6f5a15c134ecd8eef084c9d0b13313b98

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.savingwellness.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date
Tue, 07 Feb 2023 03:37:35 GMT
via
1.1 ef76486b8b2194781e7708296c3d455c.cloudfront.net (CloudFront)
last-modified
Mon, 04 Jan 2021 22:33:18 GMT
server
AmazonS3
x-amz-cf-pop
CDG53-C1
etag
"29f444bde12a4e0ceb9bf5d1d40940a3"
x-cache
Miss from cloudfront
content-type
image/jpeg
accept-ranges
bytes
content-length
174949
x-amz-cf-id
kQZEBSNhhvRavffFI50LWPFfob1YBhPvWo3EIH5k7oPdJPkgxCLYmw==
678860a8-915c-9145-2197-facb34b5b2e9.jpg
d16u4nxze4xw1c.cloudfront.net/image/ 		26 KB
27 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d16u4nxze4xw1c.cloudfront.net/image/678860a8-915c-9145-2197-facb34b5b2e9.jpg
Requested by
Host: www.savingwellness.com
URL: https://www.savingwellness.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2171:d400:b:2003:1c00:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
25b1d85b73d7f72c366e84eee487e9145e2535a06d8401f7e76a68d9737f3b04

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.savingwellness.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date
Tue, 07 Feb 2023 03:37:35 GMT
via
1.1 ef76486b8b2194781e7708296c3d455c.cloudfront.net (CloudFront)
last-modified
Wed, 27 Jan 2021 18:42:53 GMT
server
AmazonS3
x-amz-cf-pop
CDG53-C1
etag
"75a862d3cc21cec4615d9666aa9a5f51"
vary
Accept-Encoding
x-cache
RefreshHit from cloudfront
content-type
image/jpeg
accept-ranges
bytes
content-length
26923
x-amz-cf-id
OeXsnVBjh-3t1g1UymIheJtz-LukLnJOCL6rqcnda5mPqMyaA78Y4A==
11f577b9-2eeb-2fca-9abd-53418c7e2478.jpg
d16u4nxze4xw1c.cloudfront.net/image/ 		416 KB
417 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d16u4nxze4xw1c.cloudfront.net/image/11f577b9-2eeb-2fca-9abd-53418c7e2478.jpg
Requested by
Host: www.savingwellness.com
URL: https://www.savingwellness.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2171:d400:b:2003:1c00:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
3d5d95b82bac398cea81a6a8247cf4b96351d95520c180a07385d5470fba089e

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.savingwellness.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date
Tue, 07 Feb 2023 03:37:35 GMT
via
1.1 ef76486b8b2194781e7708296c3d455c.cloudfront.net (CloudFront)
last-modified
Thu, 12 May 2022 12:37:50 GMT
server
AmazonS3
x-amz-cf-pop
CDG53-C1
etag
"aab11e5f5f23c9ab47e86fb0e7f77120"
vary
Accept-Encoding
x-cache
RefreshHit from cloudfront
content-type
image/jpeg
accept-ranges
bytes
content-length
425895
x-amz-cf-id
VBFUyMlSOISlLjFz89nNZomiKGuu-idEv7HoHNWDsa5m6Z1Wo7YtFw==
f4bb72fa-6970-ecc6-c671-07733486496b.jpg
d16u4nxze4xw1c.cloudfront.net/image/ 		73 KB
73 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d16u4nxze4xw1c.cloudfront.net/image/f4bb72fa-6970-ecc6-c671-07733486496b.jpg
Requested by
Host: www.savingwellness.com
URL: https://www.savingwellness.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2171:d400:b:2003:1c00:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
f4169c6178d6eaff39412d0d2e95efe8a4833abc93ebcafe86f8fb2c12aa9e57

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.savingwellness.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date
Tue, 07 Feb 2023 03:37:35 GMT
via
1.1 ef76486b8b2194781e7708296c3d455c.cloudfront.net (CloudFront)
last-modified
Wed, 27 Jan 2021 18:42:56 GMT
server
AmazonS3
x-amz-cf-pop
CDG53-C1
etag
"679194aa32630355046f3548c7c88232"
vary
Accept-Encoding
x-cache
RefreshHit from cloudfront
content-type
image/jpeg
accept-ranges
bytes
content-length
74345
x-amz-cf-id
uu48iGpaCBLB3MTb3HjBzx3h5nsiWRbarDV4TyHMkxDOSlW6HeN_-w==
b4bcb986-865a-19ae-aa67-716aedbb2b3e.jpg
d16u4nxze4xw1c.cloudfront.net/image/ 		146 KB
146 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d16u4nxze4xw1c.cloudfront.net/image/b4bcb986-865a-19ae-aa67-716aedbb2b3e.jpg
Requested by
Host: www.savingwellness.com
URL: https://www.savingwellness.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2171:d400:b:2003:1c00:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
b7efe7ec80bc3cef06e8216d55b368df21ff1d2f918fca7d6b725456c9f732bc

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.savingwellness.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date
Tue, 07 Feb 2023 03:37:35 GMT
via
1.1 ef76486b8b2194781e7708296c3d455c.cloudfront.net (CloudFront)
last-modified
Thu, 12 May 2022 12:31:37 GMT
server
AmazonS3
x-amz-cf-pop
CDG53-C1
etag
"b17704aad7338afcb4a5326c048413ba"
vary
Accept-Encoding
x-cache
RefreshHit from cloudfront
content-type
image/jpeg
accept-ranges
bytes
content-length
149095
x-amz-cf-id
_hmeYXE3jeFxmfPJSCCPgn2dupjnbZyBQcQg9Yw-qeWV46V2D6GfOA==
7ca24f7c-8ff8-2daa-140c-c1e7db986827.jpg
d16u4nxze4xw1c.cloudfront.net/image/ 		101 KB
102 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d16u4nxze4xw1c.cloudfront.net/image/7ca24f7c-8ff8-2daa-140c-c1e7db986827.jpg
Requested by
Host: www.savingwellness.com
URL: https://www.savingwellness.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2171:d400:b:2003:1c00:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
7c58c7f5269dcbf25ba566e42938584a43299c9a14fe53f6b5c21b503d54de3b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.savingwellness.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date
Tue, 07 Feb 2023 03:37:35 GMT
via
1.1 ef76486b8b2194781e7708296c3d455c.cloudfront.net (CloudFront)
last-modified
Wed, 27 Jan 2021 18:43:11 GMT
server
AmazonS3
x-amz-cf-pop
CDG53-C1
etag
"b7e84e4842a910d6493afb6c11b245c6"
vary
Accept-Encoding
x-cache
RefreshHit from cloudfront
content-type
image/jpeg
accept-ranges
bytes
content-length
103691
x-amz-cf-id
sLwb54GcPs_5RHean0QplMZ1e5Q5gC0ZdKsYRzC30Jdg1XW52TegGQ==
7e976cc5-217e-834e-398c-812a24a42c3c.jpg
d16u4nxze4xw1c.cloudfront.net/image/ 		44 KB
45 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d16u4nxze4xw1c.cloudfront.net/image/7e976cc5-217e-834e-398c-812a24a42c3c.jpg
Requested by
Host: www.savingwellness.com
URL: https://www.savingwellness.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2171:d400:b:2003:1c00:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
0418f9cc80c8b9a8ab763b18ccc2e9327bf6d177ec58dce36d39e2ab2f4064ce

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.savingwellness.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date
Tue, 07 Feb 2023 03:37:35 GMT
via
1.1 ef76486b8b2194781e7708296c3d455c.cloudfront.net (CloudFront)
last-modified
Wed, 27 Jan 2021 18:43:11 GMT
server
AmazonS3
x-amz-cf-pop
CDG53-C1
etag
"e77857db78a822b05810f4ba2c554c77"
vary
Accept-Encoding
x-cache
RefreshHit from cloudfront
content-type
image/jpeg
accept-ranges
bytes
content-length
45198
x-amz-cf-id
XtE6YN3Hfi9N4ZS1Cc61lxjP6IPeqNs3bOzHDNGpKFb8f9ZzVwOR2g==
38b4a8d2-a676-61fd-7647-5dbc585b2537.jpg
d16u4nxze4xw1c.cloudfront.net/image/ 		34 KB
34 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d16u4nxze4xw1c.cloudfront.net/image/38b4a8d2-a676-61fd-7647-5dbc585b2537.jpg
Requested by
Host: www.savingwellness.com
URL: https://www.savingwellness.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2171:d400:b:2003:1c00:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
62845b2a32e71920539d7c97cbde8a4cdeb7595ed7ce4330a892f4a695abf2a7

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.savingwellness.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date
Tue, 07 Feb 2023 03:37:35 GMT
via
1.1 ef76486b8b2194781e7708296c3d455c.cloudfront.net (CloudFront)
last-modified
Wed, 27 Jan 2021 18:43:13 GMT
server
AmazonS3
x-amz-cf-pop
CDG53-C1
etag
"fed560800f146da4634c17f01c922288"
vary
Accept-Encoding
x-cache
RefreshHit from cloudfront
content-type
image/jpeg
accept-ranges
bytes
content-length
34924
x-amz-cf-id
rgiJfQeKo1V5h_PRfZ5a_WwO_g7npvxB_8yzF5kZFbXilL_VeCYyhg==
ed2523f5-686d-3024-3de8-ac6503fbfdaf.jpg
d16u4nxze4xw1c.cloudfront.net/image/ 		47 KB
48 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d16u4nxze4xw1c.cloudfront.net/image/ed2523f5-686d-3024-3de8-ac6503fbfdaf.jpg
Requested by
Host: www.savingwellness.com
URL: https://www.savingwellness.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2171:d400:b:2003:1c00:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
f5699e75e576425fddf8685595d9fdc0495ad0c6a694919d418ba499e3c36a82

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.savingwellness.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date
Tue, 07 Feb 2023 03:37:35 GMT
via
1.1 ef76486b8b2194781e7708296c3d455c.cloudfront.net (CloudFront)
last-modified
Wed, 27 Jan 2021 18:43:09 GMT
server
AmazonS3
x-amz-cf-pop
CDG53-C1
etag
"4398abf3d51e9198cd067ccfad4cbade"
vary
Accept-Encoding
x-cache
RefreshHit from cloudfront
content-type
image/jpeg
accept-ranges
bytes
content-length
48434
x-amz-cf-id
zqllztHD9saDkJnB6wNH00Q6LbJ70TQErmMn9XLRjXLN_FuQRRrqMA==
3ba81f6c-3793-7701-82e4-225a62805400.jpg
d16u4nxze4xw1c.cloudfront.net/image/ 		954 KB
956 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d16u4nxze4xw1c.cloudfront.net/image/3ba81f6c-3793-7701-82e4-225a62805400.jpg
Requested by
Host: www.savingwellness.com
URL: https://www.savingwellness.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2171:d400:b:2003:1c00:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
c79f96087287ab318a430c9d87651b39ce44c183e4e1fc197ebb11dd0f5bb766

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.savingwellness.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date
Tue, 07 Feb 2023 03:37:35 GMT
via
1.1 ef76486b8b2194781e7708296c3d455c.cloudfront.net (CloudFront)
last-modified
Wed, 27 Jan 2021 18:43:20 GMT
server
AmazonS3
x-amz-cf-pop
CDG53-C1
etag
"b1b8e894556bcc48b242e5449d6692bd"
x-cache
Miss from cloudfront
content-type
image/jpeg
accept-ranges
bytes
content-length
977239
x-amz-cf-id
uIawBUWGVt0MiRsYIFFQ8hspE_SK0yfF3yC9M0MdN7bOyBuFFtuLoA==
79350159-39d5-c16b-647b-bd402ea4e418.jpg
d16u4nxze4xw1c.cloudfront.net/image/ 		10 KB
11 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d16u4nxze4xw1c.cloudfront.net/image/79350159-39d5-c16b-647b-bd402ea4e418.jpg
Requested by
Host: www.savingwellness.com
URL: https://www.savingwellness.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2171:d400:b:2003:1c00:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
3e84b1a5e5489f84a1a08b76bd0fde6e7b156f6fd9f8b5e814de1f169187053b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.savingwellness.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date
Tue, 07 Feb 2023 03:37:35 GMT
via
1.1 ef76486b8b2194781e7708296c3d455c.cloudfront.net (CloudFront)
last-modified
Wed, 27 Jan 2021 18:43:14 GMT
server
AmazonS3
x-amz-cf-pop
CDG53-C1
etag
"934cb3d5621aa3e4b7512d4d2ac61c19"
x-cache
Miss from cloudfront
content-type
image/jpeg
accept-ranges
bytes
content-length
10616
x-amz-cf-id
bmTD4tJny9GbHSRgw2GbXVPd1TprIl4WsvJgyGbftAIsrgslEDa8Yw==
9e21b240-1481-aaed-fe3a-b8a5801b1ced.jpg
d16u4nxze4xw1c.cloudfront.net/image/ 		127 KB
127 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d16u4nxze4xw1c.cloudfront.net/image/9e21b240-1481-aaed-fe3a-b8a5801b1ced.jpg
Requested by
Host: www.savingwellness.com
URL: https://www.savingwellness.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2171:d400:b:2003:1c00:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
b50c5bc32c11ec8062de4745f635ed415b2ca6fdc003ca60b0cdb80f22a92fbd

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.savingwellness.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date
Tue, 07 Feb 2023 03:37:35 GMT
via
1.1 ef76486b8b2194781e7708296c3d455c.cloudfront.net (CloudFront)
last-modified
Wed, 27 Jan 2021 18:43:04 GMT
server
AmazonS3
x-amz-cf-pop
CDG53-C1
etag
"1dee0d8684a6634078eadb1b9cfdc67e"
vary
Accept-Encoding
x-cache
RefreshHit from cloudfront
content-type
image/jpeg
accept-ranges
bytes
content-length
130046
x-amz-cf-id
S414AFtfX6U0MuDcGc5SshjYhq4inhzdvi8xAdDS-bz7Yb69VVjNVg==
587b8976-ffb1-15d4-9640-8dc68e420402.jpg
d16u4nxze4xw1c.cloudfront.net/image/ 		83 KB
84 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d16u4nxze4xw1c.cloudfront.net/image/587b8976-ffb1-15d4-9640-8dc68e420402.jpg
Requested by
Host: www.savingwellness.com
URL: https://www.savingwellness.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2171:d400:b:2003:1c00:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
877bd87e71feee4336a785c1d4179fe2d1a4e24f37a8e871673b237845830896

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.savingwellness.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date
Tue, 07 Feb 2023 03:37:35 GMT
via
1.1 ef76486b8b2194781e7708296c3d455c.cloudfront.net (CloudFront)
last-modified
Wed, 27 Jan 2021 18:43:09 GMT
server
AmazonS3
x-amz-cf-pop
CDG53-C1
etag
"8268bb660edc1e21caf394c53255cdb7"
vary
Accept-Encoding
x-cache
RefreshHit from cloudfront
content-type
image/jpeg
accept-ranges
bytes
content-length
85383
x-amz-cf-id
4sJyQColB8KEkkeZMWhknXHgvtl0HifxX3eCx9O5kyE8e70XC-YZ9w==
fontawesome-webfont.woff2
d16u4nxze4xw1c.cloudfront.net/frontend/production/ 		75 KB
76 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://d16u4nxze4xw1c.cloudfront.net/frontend/production/fontawesome-webfont.woff2?af7ae505a9eed503f8b8e6982036873e
Requested by
Host: d16u4nxze4xw1c.cloudfront.net
URL: https://d16u4nxze4xw1c.cloudfront.net/frontend/production/frontend.min.css?v=f3793c54-3dea-081b-c2d0-7e5f3bf4ad7a
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2171:d400:b:2003:1c00:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
42736c7de60dfab94b3cc902b8692f80cfeb0a5989d1d51db1d25fd7d18dc45b

Request headers

Referer
https://d16u4nxze4xw1c.cloudfront.net/frontend/production/frontend.min.css?v=f3793c54-3dea-081b-c2d0-7e5f3bf4ad7a
Origin
https://www.savingwellness.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date
Tue, 07 Feb 2023 03:37:35 GMT
via
1.1 90515c29ffc08c36814da3b1fe9d04e8.cloudfront.net (CloudFront)
last-modified
Tue, 24 Jan 2023 16:00:31 GMT
server
AmazonS3
x-amz-cf-pop
CDG53-C1
etag
"af7ae505a9eed503f8b8e6982036873e"
vary
Origin,Access-Control-Request-Headers,Access-Control-Request-Method
access-control-allow-methods
GET, HEAD, POST, PUT, DELETE
content-type
application/octet-stream; charset=binary
access-control-allow-origin
*
x-cache
Miss from cloudfront
accept-ranges
bytes
content-length
77160
x-amz-cf-id
Wm-kNqqXLcgarwC-v9egyvAg740EUmdiVHSrA6PpVe4aBuJG4Yo1eA==
info
api.mediabuyanalytics.com/auction/ 		183 B
282 B 		Script
General
Check archive.org
Download Go to
Full URL
https://api.mediabuyanalytics.com/auction/info?aid=5&search=&v=1.0&callback=window.__%24internalCallbacks.cb_1
Requested by
Host: dynamic.mediabuyanalytics.com
URL: https://dynamic.mediabuyanalytics.com/auction/472d3438-8644-09c6-abda-2cad64514ba9.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.186.222.216 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-186-222-216.us-west-2.compute.amazonaws.com
Software
nginx /
Resource Hash
a3898a9f61e4880dd4491af63277a03e4328611f26200a4e56d9ad2777a78b7e

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.savingwellness.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

access-control-allow-origin
*
date
Tue, 07 Feb 2023 03:37:35 GMT
content-encoding
gzip
server
nginx
content-type
application/javascript
pubads_impl_2023020201.js
securepubads.g.doubleclick.net/gpt/ 		383 KB
130 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023020201.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
d3dbe61c0d4bd6843709a0c3287613e78c6699b608001771c5d02fc4927a81ff
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.savingwellness.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date
Tue, 07 Feb 2023 00:23:01 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
11673
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
132430
x-xss-protection
0
last-modified
Thu, 02 Feb 2023 09:36:36 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type
text/javascript
cache-control
public, immutable, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
expires
Wed, 07 Feb 2024 00:23:01 GMT
ppub_config
securepubads.g.doubleclick.net/pagead/ 		44 B
71 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=www.savingwellness.com
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ec1e4265b83fa21bacd7baaa003211655fc93b02119320611bbdc3f9639cc50f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.savingwellness.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date
Tue, 07 Feb 2023 03:37:34 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
application/json; charset=UTF-8
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
47
x-xss-protection
0
expires
Tue, 07 Feb 2023 03:37:34 GMT
integrator.js
adservice.google.de/adsid/ 		107 B
531 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.de/adsid/integrator.js?domain=www.savingwellness.com
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023020201.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400d:807::2002 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.savingwellness.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date
Tue, 07 Feb 2023 03:37:35 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
content-type
application/javascript; charset=UTF-8
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
100
x-xss-protection
0
integrator.js
adservice.google.com/adsid/ 		107 B
456 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=www.savingwellness.com
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023020201.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.savingwellness.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date
Tue, 07 Feb 2023 03:37:35 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
content-type
application/javascript; charset=UTF-8
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
100
x-xss-protection
0
ads
securepubads.g.doubleclick.net/gampad/ 		25 KB
11 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?pvsid=2782573078706900&correlator=4156154705750936&eid=31071826%2C31072021%2C31072031%2C31072039%2C31070233&output=ldjh&gdfp_req=1&vrg=2023020201&ptt=17&impl=fifs&iu_parts=21871345109%2C22236180076%2C22235813624%2C22235844165&enc_prev_ius=%2F0%2F1%2F2%2C%2F0%2F1%2F3&prev_iu_szs=728x90%7C468x60%2C300x250%7C300x600&ifi=1&adks=1908078065%2C1221718304&sfv=1-0-40&prev_scp=mba_adx%3Don%7Cmba_adx%3Don&eri=1&cust_params=mba_track%3D35&sc=1&cookie_enabled=1&abxe=1&dt=1675741055306&lmt=1675741055&dlt=1675741053370&idt=1293&adxs=436%2C1019&adys=75%2C880&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0%7C0&ucis=1%7C2&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fwww.savingwellness.com%2F&frm=20&vis=1&psz=1088x0%7C349x0&msz=728x0%7C300x0&fws=128%2C640&ohw=0%2C0&ga_vid=259588810.1675741055&ga_sid=1675741055&ga_hid=273607500&ga_fc=false
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023020201.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
640144594eceee239a5d28fb46914e49de2b63f5ebdbebec541c84f49a813f0c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.savingwellness.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date
Tue, 07 Feb 2023 03:37:35 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
11400
x-xss-protection
0
google-lineitem-id
-2,-1
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
-2,-1
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://www.savingwellness.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
sodar
pagead2.googlesyndication.com/getconfig/ 		15 KB
11 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2023020201&st=env
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023020201.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
aaffef39ab88c507db3e5de94069b8a50d2f6fff1964e6e1bd9a0f5c65c2a69e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.savingwellness.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date
Tue, 07 Feb 2023 03:37:35 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
application/json; charset=UTF-8
access-control-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
11258
x-xss-protection
0
container.html
58bf08f8517eb2adaf7af131d0606954.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 51CB 		6 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://58bf08f8517eb2adaf7af131d0606954.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023020201.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.savingwellness.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, immutable, max-age=31536000
content-encoding
br
content-length
2653
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy
cross-origin
date
Tue, 07 Feb 2023 03:37:35 GMT
expires
Wed, 07 Feb 2024 03:37:35 GMT
last-modified
Thu, 03 Nov 2022 19:10:08 GMT
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
sodar2.js
tpc.googlesyndication.com/sodar/ 		17 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023020201.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400d:805::2001 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.savingwellness.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date
Tue, 07 Feb 2023 03:37:35 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
6386
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
etag
"1637097310169751"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Tue, 07 Feb 2023 03:37:35 GMT
container.html
58bf08f8517eb2adaf7af131d0606954.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 6378 		6 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://58bf08f8517eb2adaf7af131d0606954.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023020201.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.savingwellness.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, immutable, max-age=31536000
content-encoding
br
content-length
2653
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy
cross-origin
date
Tue, 07 Feb 2023 03:37:35 GMT
expires
Wed, 07 Feb 2024 03:37:35 GMT
last-modified
Thu, 03 Nov 2022 19:10:08 GMT
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
adview
securepubads.g.doubleclick.net/pagead/ Frame 6378 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pagead/adview?ai=CrPZGf8fhY4T5Fb299u8P6Z-c0APPh46bXMCG2YLGAsCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi04ODI4NDA2NTMzNzA2ODc5yAEJ4AIAqAMBqgT8AU_QcB_dM0Ds7t4YGLIRPXLzzE0H9RutbFaZz-N9I37MGnyVH99Ej4qCc-QYF-yJuk5Hv148sPyBCf0xEvfkqMGW6iCUuHMirZbDKNw5tXiRTLLd4-2BuySYMv1O2UoY7f1NyyDvZIU9gRCbuk0QwNbLryW4FAFVrccYIzE8c9K3aRxdmSm2TFflXVpXeG_cV1G09HU3ctXtvUl2ps7YSQkQ139TFo3Tv4QM1WlpKSSlgzc1npiSpamLEsbFo8yY7IKgbbbFzaKtDkW6T0zYFnr3Ti6kCVLTjkW5kdB1qmAEjyxt_0dLiLb_tF8IwTIVG2NFsIez54uclUmBMeAEAYAGnuG-1qiW7aFwoAYhqAemvhuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHANIIDwiA4YAQEAEyAqoCOgKAQIAKA_oLAggBgAwB0BUBgBcBshccChoSFHB1Yi04ODI4NDA2NTMzNzA2ODc5GK3_cw&sigh=mD90m0xt2DA&uach_m=[UACH]&cid=CAQSSwDUE5ymiYz1sm4UQ9yC0TuPB_Osyzr5-lnn0kYQfsFeYhSbhI6ryZptTG5scptpjQ2p0IqeAS9NYJwUipLtvIPigDboE2-cYA2ybRgB&tpd=AGWhJmtTghnbT302694hfXdJ1J93ercBwmAqcL1jBzVg9t4hcVahm3JdmA-OoRmTNrQRkw_NkTpmQB9H6agRl6sTHjONacu7QKMaCYxw0KrRb3m2jclQX5DyeRakvCKWzVghhalmfNdCR5_p5tc68HJN11qiopk0-x2VdvprMd2T2WQUsrDhpHk3gn-1OWElFot0WZZ-Vase2XAcvoj8RA5Ft8C95avNLnYeGPLJxleQ_seXm7KszwX2TJnGGJ_1ezKBY5ZTqBNZb7oooLnAaUPUn9UlWURvY6bsMF40Z2oaop25abUyD4XNQP3ZUPd2nVFV3Vmj2Aw3ewluiMgnZZqS9pBzbYViKwqo1G19P9AunYKgK90k4IvlIiQvBhpmr5AWggZFq5xxbyI2HUszr2tPr0SnD9rmZIZTqPJG5aflW5wQ52z4Th7KnOcNsLiHt0kwjsqCynrdbr_AFi-R86Azczd18tc2FKCMjnaVo30aAvMjfLTvGykBRbKoyeMCF6VSni_5RQ0uN8jGes0oc-UkA-3lHBG5Ca-QEDk8Dx-DAqKbuETdE9-s83vUWHi1Gz-m488q-_nO6Rcii_1t7h0nZflRWMqX1iocZjwf_i8sQ3SHXdxCY0uXBMoJN0rUqqiu-vZgdU35aETiBLDkb6IPbcQpwhn4O9LdqAO10diCfh5983z-_MTPUZ7SRcRRjzZZZNz-G1SDTorlOQ5cBpNCTXnVKE6dyRY4gzpH3Uf1PgYfU8amHjV23ATqGdxB3cOTQ15qv2x8mP8Swz4gEKNsx6dJP2l45cpNr_Az6_6blhR28oQSnLqDF8iCOs-k4sdA91vy-Pex4OsJdEcjsMj_-ipB2ugqYCXMixyIzJ9RRroZewuxSMi5hrpicEN8CRlmzijHKEVQ0dDaDqZXU3ckJN1rJbgKLqfom16IDuqwOH0J78z7qfDQ7637ZIFqYMvrJmwsNGZD3oUkXeQyEv7Yq6Mi9GxyaWZhJlGjsLJNr9K3aU3jevYCLd4V7V96Ie0Cu1Oj6C0Y4JJbJ5MtISnnoulz3qdJm2n2Ii_FBADR9PP0FnZmFWIWtYgxk30MsSyrgJDt-lUksS7GUy8844ZSuQ3hMUx7fatX2DlbzazkwtsfNmAgh8B_1AFU0nVheQ
Requested by
Host: www.savingwellness.com
URL: https://www.savingwellness.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://58bf08f8517eb2adaf7af131d0606954.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers
js
tags.mathtag.com/notify/ Frame 6378 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tags.mathtag.com/notify/js?exch=adx&s_exch=adx&id=5aW95q2jLzIzLyAvT0RNNU5tUXdPV1F0TURBd01DMHdNREF3TFRBd01EQXRNREF3TURBd01EQXdNREF3LzYzODczODQ2NDkxNzQ0MzAwODEvMTEyMDQ0MTUvMTI3ODAzMzYvNC8wY3B2YTA0VXctaDE5WVd1c2dhUVNTUm1hTEwtWlA3X1ZlLTg4bWxhMHZRLzEvNC8wLzAvMjAzOTIxNi8wLzIxNTU0My8xMjYyMTQyLzEvMC8wL01EQXdNREF3TURBdE1EQXdNQzB3TURBd0xUQXdNREF0TURBd01EQXdNREF3TURBdy8wLzAvMC8wLzAvNjM4NzM4NDY0OTE3NDQzMDA4MS96cmgvMC81Njk3LzYyLzk5OS8yNTgvMjAwMTphYzg6MjA6Oi8wLjAwMC8xNjc1NzQxMDU1LzE2NzU3NTM2NTUvNC9wdWItODgyODQwNjUzMzcwNjg3OS8/phk7k16jruRXzLeEBZSalTtI7rc&nodeid=3737&group=zrh&auctionid=6387384649174430081&pbs_auctionid=6387384649174430081&shardkey=6387384649174430081&sid=12780336&cid=11204415&bp=a_bjbbgg&nfy_act=LD5weg&type=adm&client=c2s&bfip=185.29.135.170&3pck=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCm85cf8fhY4T5Fb299u8P6Z-c0APPh46bXMCG2YLGAsCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi04ODI4NDA2NTMzNzA2ODc5yAEJ4AIAqAMBqgT_AU_QcB_dM0Ds7t4YGLIRPXLzzE0H9RutbFaZz-N9I37MGnyVH99Ej4qCc-QYF-yJuk5Hv148sPyBCf0xEvfkqMGW6iCUuHMirZbDKNw5tXiRTLLd4-2BuySYMv1O2UoY7f1NyyDvZIU9gRCbuk0QwNbLryW4FAFVrccYIzE8c9K3aRxdmSm2TFflXVpXeG_cV1G09HU3ctXtvUl2ps7YSQkQ139TFo3Tv4QM1WlpKSSlgzc1npiSpamLEsbFo8yY7IKgbbbFzaKtDkW6T0zYFnr3Ti6kCVKRjGQrPWzRre2gx4e1v-i7laL1CFUm2dOo2yPqSiaty5MyDPWGvJ7gluAEAYAGnuG-1qiW7aFwoAYhqAemvhuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHANIIDwiA4YAQEAEyAqoCOgKAQPoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_0NX7DqlYj6QycrtepAIutV8lc6aA%26client%3Dca-pub-8828406533706879%26adurl%3D
Requested by
Host: 58bf08f8517eb2adaf7af131d0606954.safeframe.googlesyndication.com
URL: https://58bf08f8517eb2adaf7af131d0606954.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
103.229.205.243 , Singapore, ASN30419 (MEDIAMATH-INC, US),
Reverse DNS
Software
MMBD/3.379.0 /
Resource Hash
e23c95712c214bca360f9d8dd3f20b75391af1aa52c8a7d2d872795d125d6446

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://58bf08f8517eb2adaf7af131d0606954.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date
Tue, 07 Feb 2023 03:37:36 GMT
x-mm-nodeid
3737
Content-Encoding
gzip
x-mm-bid-request-time
1675741055
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Connection
close
x-mm-handled-by-owner
true
Last-Modified
Tue, 07 Feb 2023 03:37:35 GMT
Server
MMBD/3.379.0
x-mm-latency
267 (1)
Content-Type
application/x-javascript; charset=UTF-8
x-mm-dbg
NotCount
Cache-Control
no-cache
x-mm-host
nrt-router-x10, zrh-bidder-x124
x-mm-lag
1
Expires
Tue, 07 Feb 2023 03:37:35 GMT
window_focus_fy2021.js
tpc.googlesyndication.com/pagead/js/r20230202/r20110914/client/ Frame 6378 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20230202/r20110914/client/window_focus_fy2021.js
Requested by
Host: 58bf08f8517eb2adaf7af131d0606954.safeframe.googlesyndication.com
URL: https://58bf08f8517eb2adaf7af131d0606954.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400d:805::2001 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://58bf08f8517eb2adaf7af131d0606954.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date
Tue, 07 Feb 2023 00:59:29 GMT
content-encoding
br
x-content-type-options
nosniff
age
9486
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1236
x-xss-protection
0
server
cafe
etag
15004572836499977866
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Tue, 21 Feb 2023 00:59:29 GMT
qs_click_protection_fy2021.js
tpc.googlesyndication.com/pagead/js/r20230202/r20110914/client/ Frame 6378 		18 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20230202/r20110914/client/qs_click_protection_fy2021.js
Requested by
Host: 58bf08f8517eb2adaf7af131d0606954.safeframe.googlesyndication.com
URL: https://58bf08f8517eb2adaf7af131d0606954.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400d:805::2001 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
2bf373aab01a96fddf0099658b27e2eefb64c4aac7061d97d629fd7ca9a42534
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://58bf08f8517eb2adaf7af131d0606954.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date
Tue, 07 Feb 2023 01:03:01 GMT
content-encoding
br
x-content-type-options
nosniff
age
9274
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
7647
x-xss-protection
0
server
cafe
etag
2161395064574532456
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Tue, 21 Feb 2023 01:03:01 GMT
ext.js
tpc.googlesyndication.com/safeframe/1-0-40/js/ Frame 6378 		24 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/safeframe/1-0-40/js/ext.js
Requested by
Host: 58bf08f8517eb2adaf7af131d0606954.safeframe.googlesyndication.com
URL: https://58bf08f8517eb2adaf7af131d0606954.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400d:805::2001 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://58bf08f8517eb2adaf7af131d0606954.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date
Fri, 03 Feb 2023 22:44:03 GMT
content-encoding
br
x-content-type-options
nosniff
age
276812
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
6402
x-xss-protection
0
last-modified
Thu, 03 Nov 2022 19:10:08 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type
text/javascript
cache-control
public, immutable, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
expires
Sat, 03 Feb 2024 22:44:03 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame 6378 		157 KB
49 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: 58bf08f8517eb2adaf7af131d0606954.safeframe.googlesyndication.com
URL: https://58bf08f8517eb2adaf7af131d0606954.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400d:80a::2002 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
c90fa7f2b86e88bc876a28a908c00565250cfbdce151c8f3e5800bf98fa394c0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://58bf08f8517eb2adaf7af131d0606954.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date
Tue, 07 Feb 2023 03:37:35 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
49146
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1675254965429469"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Tue, 07 Feb 2023 03:37:35 GMT
runner.html
tpc.googlesyndication.com/sodar/sodar2/225/ Frame B6C6 		13 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400d:805::2001 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.savingwellness.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
65875
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
5046
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Mon, 06 Feb 2023 09:19:40 GMT
expires
Tue, 06 Feb 2024 09:19:40 GMT
last-modified
Mon, 21 Jun 2021 20:47:05 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
aframe
www.google.com/recaptcha/api2/ Frame 0B16 		783 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/aframe
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400d:808::2004 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
bd4b9f8c2bf6c96d17c4e0cacfefa23a16249e4d580af3a54d8df892d3e14ee1
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-OYQAn-DzdKWBOC1w-kVWgQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.savingwellness.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=300
content-encoding
gzip
content-length
514
content-security-policy
script-src 'report-sample' 'nonce-OYQAn-DzdKWBOC1w-kVWgQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Tue, 07 Feb 2023 03:37:35 GMT
expires
Tue, 07 Feb 2023 03:37:35 GMT
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server
GSE
x-content-type-options
nosniff
x-xss-protection
1; mode=block
fr2tM3cMqKf7o-hgvg-GAlWS1ShJQQMk61KbxyC8hNw.js
pagead2.googlesyndication.com/bg/ Frame B6C6 		36 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/fr2tM3cMqKf7o-hgvg-GAlWS1ShJQQMk61KbxyC8hNw.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
7ebdad33770ca8a7fba3e860be0f86025592d52849410324eb529bc720bc84dc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date
Sat, 04 Feb 2023 03:40:29 GMT
content-encoding
br
x-content-type-options
nosniff
age
259026
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
14345
x-xss-protection
0
last-modified
Mon, 30 Jan 2023 11:38:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Sun, 04 Feb 2024 03:40:29 GMT
sodar
pagead2.googlesyndication.com/pagead/ Frame 0B16 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2023020201&jk=2782573078706900&rc=
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers
generate_204
tpc.googlesyndication.com/ Frame B6C6 		0
10 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/generate_204?ULWTBA
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:400d:805::2001 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date
Tue, 07 Feb 2023 03:37:35 GMT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
sodar
pagead2.googlesyndication.com/pagead/ 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_2023020201&jk=2782573078706900&bg=!NjWlNXHNAAaq5O5FiuQ7ACkAdvg8WvjMUHyfu6K95Kh07oGkm58NFrK9xXOgmZP-RKSoSvLIqKohOgIAAABSUgAAAAFoAQcKADPbLhFfDdVE1D9Nr-DwEFk2qGt3gttnehJyA85gqkujRel1ZmOKMk02Tzc16nl9-d3Mb2WZArsUn5lpp2RrK7OktOaeZEz9FPqalepLxkGP_W1vx6zvUU76CX4MPM5W5RCCSNebBN-nVGeKMpxvZgOmOMfABmJdHUNWXh891bxETzJb5YQJHRwrpIbEB2DSzll3WNdeDJD4QHzow-M2NczCvfKk9Atys1m0QsNd_5gIZFQLCwsLQ2f1tBCdJ0rnFkokoZIeyOz8SknMvw-FFVuVxmMseS8s7tnuyCyIznagh2avOSx3pu2ts3ICjXr8OEzbdjGAMCbIzGhmmfx4nbp3L-ILdIZZunfxWwAQ7cstRR5dDoDiQFDoGLakwYAZjfYFbIBBa9n02oJh-hx1EcId3mMv1bbNwdx2i4Rme4esZ-8fGRQO7yKR43LcGa6lJNb-15iU-b-fmnWzTr84w0x-R4Tb2IS1FDtx_8u-OlmIlimh2UjRlShblpwwBqGZE4ThlC1v6gxTLPCdIUzOGQ8O_WyGPCWa2j2aS9mI3-S0PQIwbx1Vk4CGRDHyhX_brEvZplleKS3vbaHwK8KW-ePXixcCw-PmfLK6vkgvUZfE4jdaT0aIwU1iwPSdg0gko4Vv3z-i1AohImNAfQeptBUv1l_m8Mlz9-EslfxSsC42Ipa2RQFje_aIGsGGLOEljnpBReLeV_rh_XC4ublr7u4S6rGE02EAu_3V_9TSRQ6S2ix_j4GQF2Qho_mqLs4R6d9JvaNWMrgSUbZsD2riCXPw9moec762tY0UfswYBHoTSa_1JpgLvPwJRI3L3uWGIWZ-mWhzPcbBGijKUdjP7TEKCBW-PejfPivsR2INVRkU2JCRHz5v1IhZyhIqLfh2TvH9nKNZEZEcW3l6QdI9TVQHScG5aEjvRyha02kMOIrFrwkDkZ-3KbUBSN2RTq0nGHUR-34kJwH89EYLUSGFvjV_jZARIDU3uoxqE-guAsfjIvk
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.savingwellness.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers
events
api.mediabuyanalytics.com/ingest/ 		0
69 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://api.mediabuyanalytics.com/ingest/events?_=504db89b-911d-4d35-ba2d-08c13a8ed7ce&v=1.0
Requested by
Host: dynamic.mediabuyanalytics.com
URL: https://dynamic.mediabuyanalytics.com/auction/472d3438-8644-09c6-abda-2cad64514ba9.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.186.222.216 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-186-222-216.us-west-2.compute.amazonaws.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.savingwellness.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

access-control-allow-origin
*
date
Tue, 07 Feb 2023 03:37:36 GMT
server
nginx
qlmowie5ina2
hal9000.redintelligence.net/zone/ Frame 6378 		10 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://hal9000.redintelligence.net/zone/qlmowie5ina2?subid=&gdpr=1&gdpr_consent=li&rnd=6387384649174430081&extVar[]=DOUBLEBORDER:1&extVar[]=MMA_SSP:adx&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fexch_aid%3DDwnnc1KeLHg2B1BZ-ohLdQ%26exch_seat%3D20035004448%26mt_aid%3D6387384649174430081%26mt_id%3D11204415%26mt_adid%3D215543%26mt_sid%3D12780336%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3D51e763e1-c780-4801-a5f2-d2f188ebf5ea%26mt_cid%3D51e763e1-c780-4801-a5f2-d2f188ebf5ea%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DCm85cf8fhY4T5Fb299u8P6Z-c0APPh46bXMCG2YLGAsCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi04ODI4NDA2NTMzNzA2ODc5yAEJ4AIAqAMBqgT_AU_QcB_dM0Ds7t4YGLIRPXLzzE0H9RutbFaZz-N9I37MGnyVH99Ej4qCc-QYF-yJuk5Hv148sPyBCf0xEvfkqMGW6iCUuHMirZbDKNw5tXiRTLLd4-2BuySYMv1O2UoY7f1NyyDvZIU9gRCbuk0QwNbLryW4FAFVrccYIzE8c9K3aRxdmSm2TFflXVpXeG_cV1G09HU3ctXtvUl2ps7YSQkQ139TFo3Tv4QM1WlpKSSlgzc1npiSpamLEsbFo8yY7IKgbbbFzaKtDkW6T0zYFnr3Ti6kCVKRjGQrPWzRre2gx4e1v-i7laL1CFUm2dOo2yPqSiaty5MyDPWGvJ7gluAEAYAGnuG-1qiW7aFwoAYhqAemvhuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHANIIDwiA4YAQEAEyAqoCOgKAQPoLAggBgAwB0BUBgBcB%2526num%253D1%2526sig%253DAOD64_0NX7DqlYj6QycrtepAIutV8lc6aA%2526client%253Dca-pub-8828406533706879%2526adurl%253D%26redirect%3D
Requested by
Host: www.savingwellness.com
URL: https://www.savingwellness.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
138.201.220.30 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.30.220.201.138.clients.your-server.de
Software
Apache /
Resource Hash
ddb71c8048a21b9d84b1e85c7956b7c092f312204fdb3a77b30f0f0215adc978

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://58bf08f8517eb2adaf7af131d0606954.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date
Tue, 07 Feb 2023 03:37:36 GMT
Content-Encoding
gzip
Server
Apache
Connection
close
Content-Length
3406
Vary
Accept-Encoding
Content-Type
text/html; charset=UTF-8
ck-confirm
tags.mathtag.com/ Frame 6378 		49 B
330 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tags.mathtag.com/ck-confirm?bid_id=6387384649174430081&node_id=3737&exch_id=4
Requested by
Host: tags.mathtag.com
URL: https://tags.mathtag.com/notify/js?exch=adx&s_exch=adx&id=5aW95q2jLzIzLyAvT0RNNU5tUXdPV1F0TURBd01DMHdNREF3TFRBd01EQXRNREF3TURBd01EQXdNREF3LzYzODczODQ2NDkxNzQ0MzAwODEvMTEyMDQ0MTUvMTI3ODAzMzYvNC8wY3B2YTA0VXctaDE5WVd1c2dhUVNTUm1hTEwtWlA3X1ZlLTg4bWxhMHZRLzEvNC8wLzAvMjAzOTIxNi8wLzIxNTU0My8xMjYyMTQyLzEvMC8wL01EQXdNREF3TURBdE1EQXdNQzB3TURBd0xUQXdNREF0TURBd01EQXdNREF3TURBdy8wLzAvMC8wLzAvNjM4NzM4NDY0OTE3NDQzMDA4MS96cmgvMC81Njk3LzYyLzk5OS8yNTgvMjAwMTphYzg6MjA6Oi8wLjAwMC8xNjc1NzQxMDU1LzE2NzU3NTM2NTUvNC9wdWItODgyODQwNjUzMzcwNjg3OS8/phk7k16jruRXzLeEBZSalTtI7rc&nodeid=3737&group=zrh&auctionid=6387384649174430081&pbs_auctionid=6387384649174430081&shardkey=6387384649174430081&sid=12780336&cid=11204415&bp=a_bjbbgg&nfy_act=LD5weg&type=adm&client=c2s&bfip=185.29.135.170&3pck=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCm85cf8fhY4T5Fb299u8P6Z-c0APPh46bXMCG2YLGAsCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi04ODI4NDA2NTMzNzA2ODc5yAEJ4AIAqAMBqgT_AU_QcB_dM0Ds7t4YGLIRPXLzzE0H9RutbFaZz-N9I37MGnyVH99Ej4qCc-QYF-yJuk5Hv148sPyBCf0xEvfkqMGW6iCUuHMirZbDKNw5tXiRTLLd4-2BuySYMv1O2UoY7f1NyyDvZIU9gRCbuk0QwNbLryW4FAFVrccYIzE8c9K3aRxdmSm2TFflXVpXeG_cV1G09HU3ctXtvUl2ps7YSQkQ139TFo3Tv4QM1WlpKSSlgzc1npiSpamLEsbFo8yY7IKgbbbFzaKtDkW6T0zYFnr3Ti6kCVKRjGQrPWzRre2gx4e1v-i7laL1CFUm2dOo2yPqSiaty5MyDPWGvJ7gluAEAYAGnuG-1qiW7aFwoAYhqAemvhuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHANIIDwiA4YAQEAEyAqoCOgKAQPoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_0NX7DqlYj6QycrtepAIutV8lc6aA%26client%3Dca-pub-8828406533706879%26adurl%3D
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
103.229.205.243 , Singapore, ASN30419 (MEDIAMATH-INC, US),
Reverse DNS
Software
MMBD/3.379.0 /
Resource Hash
1cd58a827318c4a29b32a0db15c8c39d5651b42d8cad227519ad81bce4adb944

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://58bf08f8517eb2adaf7af131d0606954.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date
Tue, 07 Feb 2023 03:37:37 GMT
Server
MMBD/3.379.0
Content-Type
image/gif
Cache-Control
no-cache
x-mm-host
nrt-router-x13, zrh-bidder-x124
Connection
keep-alive
Keep-Alive
timeout=360
Content-Length
49
Expires
Tue, 07 Feb 2023 03:37:36 GMT
img
pixel.mathtag.com/event/ Frame 6378 		43 B
404 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.mathtag.com/event/img?mt_id=1368875&mt_adid=216764&v1=4&v2=6387384649174430081&v3=1262142&v4=12780336&v5=11204415&mt_nsync=1&no_attr=1
Requested by
Host: tags.mathtag.com
URL: https://tags.mathtag.com/notify/js?exch=adx&s_exch=adx&id=5aW95q2jLzIzLyAvT0RNNU5tUXdPV1F0TURBd01DMHdNREF3TFRBd01EQXRNREF3TURBd01EQXdNREF3LzYzODczODQ2NDkxNzQ0MzAwODEvMTEyMDQ0MTUvMTI3ODAzMzYvNC8wY3B2YTA0VXctaDE5WVd1c2dhUVNTUm1hTEwtWlA3X1ZlLTg4bWxhMHZRLzEvNC8wLzAvMjAzOTIxNi8wLzIxNTU0My8xMjYyMTQyLzEvMC8wL01EQXdNREF3TURBdE1EQXdNQzB3TURBd0xUQXdNREF0TURBd01EQXdNREF3TURBdy8wLzAvMC8wLzAvNjM4NzM4NDY0OTE3NDQzMDA4MS96cmgvMC81Njk3LzYyLzk5OS8yNTgvMjAwMTphYzg6MjA6Oi8wLjAwMC8xNjc1NzQxMDU1LzE2NzU3NTM2NTUvNC9wdWItODgyODQwNjUzMzcwNjg3OS8/phk7k16jruRXzLeEBZSalTtI7rc&nodeid=3737&group=zrh&auctionid=6387384649174430081&pbs_auctionid=6387384649174430081&shardkey=6387384649174430081&sid=12780336&cid=11204415&bp=a_bjbbgg&nfy_act=LD5weg&type=adm&client=c2s&bfip=185.29.135.170&3pck=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCm85cf8fhY4T5Fb299u8P6Z-c0APPh46bXMCG2YLGAsCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi04ODI4NDA2NTMzNzA2ODc5yAEJ4AIAqAMBqgT_AU_QcB_dM0Ds7t4YGLIRPXLzzE0H9RutbFaZz-N9I37MGnyVH99Ej4qCc-QYF-yJuk5Hv148sPyBCf0xEvfkqMGW6iCUuHMirZbDKNw5tXiRTLLd4-2BuySYMv1O2UoY7f1NyyDvZIU9gRCbuk0QwNbLryW4FAFVrccYIzE8c9K3aRxdmSm2TFflXVpXeG_cV1G09HU3ctXtvUl2ps7YSQkQ139TFo3Tv4QM1WlpKSSlgzc1npiSpamLEsbFo8yY7IKgbbbFzaKtDkW6T0zYFnr3Ti6kCVKRjGQrPWzRre2gx4e1v-i7laL1CFUm2dOo2yPqSiaty5MyDPWGvJ7gluAEAYAGnuG-1qiW7aFwoAYhqAemvhuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHANIIDwiA4YAQEAEyAqoCOgKAQPoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_0NX7DqlYj6QycrtepAIutV8lc6aA%26client%3Dca-pub-8828406533706879%26adurl%3D
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.233.201 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-233-201.deploy.static.akamaitechnologies.com
Software
MT3 441 9053ffc master cdg-pixel-x29 config:1.0.0 /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://58bf08f8517eb2adaf7af131d0606954.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date
Tue, 07 Feb 2023 03:37:36 GMT
Server
MT3 441 9053ffc master cdg-pixel-x29 config:1.0.0
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin
*
Content-Type
image/gif
Cache-Control
no-cache
Connection
keep-alive
Content-Length
43
Expires
Tue, 07 Feb 2023 03:37:35 GMT
img
tags.mathtag.com/event/ Frame 6378 		49 B
330 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tags.mathtag.com/event/img?type=mmImpTrack&exch=adx&bid=6387384649174430081&st=12780336&time=1675741056&nodeid=3737
Requested by
Host: tags.mathtag.com
URL: https://tags.mathtag.com/notify/js?exch=adx&s_exch=adx&id=5aW95q2jLzIzLyAvT0RNNU5tUXdPV1F0TURBd01DMHdNREF3TFRBd01EQXRNREF3TURBd01EQXdNREF3LzYzODczODQ2NDkxNzQ0MzAwODEvMTEyMDQ0MTUvMTI3ODAzMzYvNC8wY3B2YTA0VXctaDE5WVd1c2dhUVNTUm1hTEwtWlA3X1ZlLTg4bWxhMHZRLzEvNC8wLzAvMjAzOTIxNi8wLzIxNTU0My8xMjYyMTQyLzEvMC8wL01EQXdNREF3TURBdE1EQXdNQzB3TURBd0xUQXdNREF0TURBd01EQXdNREF3TURBdy8wLzAvMC8wLzAvNjM4NzM4NDY0OTE3NDQzMDA4MS96cmgvMC81Njk3LzYyLzk5OS8yNTgvMjAwMTphYzg6MjA6Oi8wLjAwMC8xNjc1NzQxMDU1LzE2NzU3NTM2NTUvNC9wdWItODgyODQwNjUzMzcwNjg3OS8/phk7k16jruRXzLeEBZSalTtI7rc&nodeid=3737&group=zrh&auctionid=6387384649174430081&pbs_auctionid=6387384649174430081&shardkey=6387384649174430081&sid=12780336&cid=11204415&bp=a_bjbbgg&nfy_act=LD5weg&type=adm&client=c2s&bfip=185.29.135.170&3pck=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCm85cf8fhY4T5Fb299u8P6Z-c0APPh46bXMCG2YLGAsCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi04ODI4NDA2NTMzNzA2ODc5yAEJ4AIAqAMBqgT_AU_QcB_dM0Ds7t4YGLIRPXLzzE0H9RutbFaZz-N9I37MGnyVH99Ej4qCc-QYF-yJuk5Hv148sPyBCf0xEvfkqMGW6iCUuHMirZbDKNw5tXiRTLLd4-2BuySYMv1O2UoY7f1NyyDvZIU9gRCbuk0QwNbLryW4FAFVrccYIzE8c9K3aRxdmSm2TFflXVpXeG_cV1G09HU3ctXtvUl2ps7YSQkQ139TFo3Tv4QM1WlpKSSlgzc1npiSpamLEsbFo8yY7IKgbbbFzaKtDkW6T0zYFnr3Ti6kCVKRjGQrPWzRre2gx4e1v-i7laL1CFUm2dOo2yPqSiaty5MyDPWGvJ7gluAEAYAGnuG-1qiW7aFwoAYhqAemvhuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHANIIDwiA4YAQEAEyAqoCOgKAQPoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_0NX7DqlYj6QycrtepAIutV8lc6aA%26client%3Dca-pub-8828406533706879%26adurl%3D
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
103.229.205.243 , Singapore, ASN30419 (MEDIAMATH-INC, US),
Reverse DNS
Software
MMBD/3.379.0 /
Resource Hash
1cd58a827318c4a29b32a0db15c8c39d5651b42d8cad227519ad81bce4adb944

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://58bf08f8517eb2adaf7af131d0606954.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date
Tue, 07 Feb 2023 03:37:37 GMT
Server
MMBD/3.379.0
Content-Type
image/gif
Cache-Control
no-cache
x-mm-host
nrt-router-x11, zrh-bidder-x124
Connection
keep-alive
Keep-Alive
timeout=360
Content-Length
49
Expires
Tue, 07 Feb 2023 03:37:36 GMT
request.php
hal900025.redintelligence.net/ Frame 6378 		613 B
773 B 		Script
General
Check archive.org
Download Go to
Full URL
https://hal900025.redintelligence.net/request.php?zone=qlmowie5ina2&nw=20&renderingType=javascript&namespace=aa958eb66c&subid=&uid=2412243a2cce0158&screenSize=0x0&screenSizeAvail=0x0&clientSize=0x0&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&extVar[]=MMA_SSP%3Aadx&envData=&gdpr=1&gdpr_consent=li&ud=&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fexch_aid%3DDwnnc1KeLHg2B1BZ-ohLdQ%26exch_seat%3D20035004448%26mt_aid%3D6387384649174430081%26mt_id%3D11204415%26mt_adid%3D215543%26mt_sid%3D12780336%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3D51e763e1-c780-4801-a5f2-d2f188ebf5ea%26mt_cid%3D51e763e1-c780-4801-a5f2-d2f188ebf5ea%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DCm85cf8fhY4T5Fb299u8P6Z-c0APPh46bXMCG2YLGAsCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi04ODI4NDA2NTMzNzA2ODc5yAEJ4AIAqAMBqgT_AU_QcB_dM0Ds7t4YGLIRPXLzzE0H9RutbFaZz-N9I37MGnyVH99Ej4qCc-QYF-yJuk5Hv148sPyBCf0xEvfkqMGW6iCUuHMirZbDKNw5tXiRTLLd4-2BuySYMv1O2UoY7f1NyyDvZIU9gRCbuk0QwNbLryW4FAFVrccYIzE8c9K3aRxdmSm2TFflXVpXeG_cV1G09HU3ctXtvUl2ps7YSQkQ139TFo3Tv4QM1WlpKSSlgzc1npiSpamLEsbFo8yY7IKgbbbFzaKtDkW6T0zYFnr3Ti6kCVKRjGQrPWzRre2gx4e1v-i7laL1CFUm2dOo2yPqSiaty5MyDPWGvJ7gluAEAYAGnuG-1qiW7aFwoAYhqAemvhuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHANIIDwiA4YAQEAEyAqoCOgKAQPoLAggBgAwB0BUBgBcB%2526num%253D1%2526sig%253DAOD64_0NX7DqlYj6QycrtepAIutV8lc6aA%2526client%253Dca-pub-8828406533706879%2526adurl%253D%26redirect%3D&documentReferer=https%3A%2F%2F58bf08f8517eb2adaf7af131d0606954.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html&ancestorOrigins=null&random=3003198621470&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Requested by
Host: hal9000.redintelligence.net
URL: https://hal9000.redintelligence.net/zone/qlmowie5ina2?subid=&gdpr=1&gdpr_consent=li&rnd=6387384649174430081&extVar[]=DOUBLEBORDER:1&extVar[]=MMA_SSP:adx&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fexch_aid%3DDwnnc1KeLHg2B1BZ-ohLdQ%26exch_seat%3D20035004448%26mt_aid%3D6387384649174430081%26mt_id%3D11204415%26mt_adid%3D215543%26mt_sid%3D12780336%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3D51e763e1-c780-4801-a5f2-d2f188ebf5ea%26mt_cid%3D51e763e1-c780-4801-a5f2-d2f188ebf5ea%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DCm85cf8fhY4T5Fb299u8P6Z-c0APPh46bXMCG2YLGAsCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi04ODI4NDA2NTMzNzA2ODc5yAEJ4AIAqAMBqgT_AU_QcB_dM0Ds7t4YGLIRPXLzzE0H9RutbFaZz-N9I37MGnyVH99Ej4qCc-QYF-yJuk5Hv148sPyBCf0xEvfkqMGW6iCUuHMirZbDKNw5tXiRTLLd4-2BuySYMv1O2UoY7f1NyyDvZIU9gRCbuk0QwNbLryW4FAFVrccYIzE8c9K3aRxdmSm2TFflXVpXeG_cV1G09HU3ctXtvUl2ps7YSQkQ139TFo3Tv4QM1WlpKSSlgzc1npiSpamLEsbFo8yY7IKgbbbFzaKtDkW6T0zYFnr3Ti6kCVKRjGQrPWzRre2gx4e1v-i7laL1CFUm2dOo2yPqSiaty5MyDPWGvJ7gluAEAYAGnuG-1qiW7aFwoAYhqAemvhuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHANIIDwiA4YAQEAEyAqoCOgKAQPoLAggBgAwB0BUBgBcB%2526num%253D1%2526sig%253DAOD64_0NX7DqlYj6QycrtepAIutV8lc6aA%2526client%253Dca-pub-8828406533706879%2526adurl%253D%26redirect%3D
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
138.201.84.245 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.245.84.201.138.clients.your-server.de
Software
Apache /
Resource Hash
7a24681ca9c7eebd9f363283734cd29ade82cb5a07454c209a8afabc7544b597

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://58bf08f8517eb2adaf7af131d0606954.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 07 Feb 2023 03:37:36 GMT
Content-Encoding
gzip
Server
Apache
Vary
Accept-Encoding
P3P
CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type
application/x-javascript; charset=utf-8
Cache-Control
no-store, no-cache, must-revalidate, max-age=0
X-NEORY-SubId
52523600011418206783193012228025
Connection
close
Content-Length
330
Expires
Tue, 07 Feb 2023 03:37:36 +0100
request_content.php
hal900025.redintelligence.net/ Frame E7D4 		4 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://hal900025.redintelligence.net/request_content.php?s=52523600011418206783193012228025&a=f5ecf1ed
Requested by
Host: hal900025.redintelligence.net
URL: https://hal900025.redintelligence.net/request.php?zone=qlmowie5ina2&nw=20&renderingType=javascript&namespace=aa958eb66c&subid=&uid=2412243a2cce0158&screenSize=0x0&screenSizeAvail=0x0&clientSize=0x0&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&extVar[]=MMA_SSP%3Aadx&envData=&gdpr=1&gdpr_consent=li&ud=&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fexch_aid%3DDwnnc1KeLHg2B1BZ-ohLdQ%26exch_seat%3D20035004448%26mt_aid%3D6387384649174430081%26mt_id%3D11204415%26mt_adid%3D215543%26mt_sid%3D12780336%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3D51e763e1-c780-4801-a5f2-d2f188ebf5ea%26mt_cid%3D51e763e1-c780-4801-a5f2-d2f188ebf5ea%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DCm85cf8fhY4T5Fb299u8P6Z-c0APPh46bXMCG2YLGAsCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi04ODI4NDA2NTMzNzA2ODc5yAEJ4AIAqAMBqgT_AU_QcB_dM0Ds7t4YGLIRPXLzzE0H9RutbFaZz-N9I37MGnyVH99Ej4qCc-QYF-yJuk5Hv148sPyBCf0xEvfkqMGW6iCUuHMirZbDKNw5tXiRTLLd4-2BuySYMv1O2UoY7f1NyyDvZIU9gRCbuk0QwNbLryW4FAFVrccYIzE8c9K3aRxdmSm2TFflXVpXeG_cV1G09HU3ctXtvUl2ps7YSQkQ139TFo3Tv4QM1WlpKSSlgzc1npiSpamLEsbFo8yY7IKgbbbFzaKtDkW6T0zYFnr3Ti6kCVKRjGQrPWzRre2gx4e1v-i7laL1CFUm2dOo2yPqSiaty5MyDPWGvJ7gluAEAYAGnuG-1qiW7aFwoAYhqAemvhuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHANIIDwiA4YAQEAEyAqoCOgKAQPoLAggBgAwB0BUBgBcB%2526num%253D1%2526sig%253DAOD64_0NX7DqlYj6QycrtepAIutV8lc6aA%2526client%253Dca-pub-8828406533706879%2526adurl%253D%26redirect%3D&documentReferer=https%3A%2F%2F58bf08f8517eb2adaf7af131d0606954.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html&ancestorOrigins=null&random=3003198621470&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
138.201.84.245 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.245.84.201.138.clients.your-server.de
Software
Apache /
Resource Hash
e9f1c36655c2d9a68160d3ffad60f2ea5af302098a07e264e656cfeb4d353a4a

Request headers

Referer
https://58bf08f8517eb2adaf7af131d0606954.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
no-store, no-cache, must-revalidate, max-age=0
Connection
close
Content-Encoding
gzip
Content-Length
1400
Content-Type
text/html; charset=utf-8
Date
Tue, 07 Feb 2023 03:37:37 GMT
Expires
Tue, 07 Feb 2023 03:37:37 +0100
P3P
CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Pragma
no-cache
Server
Apache
Vary
Accept-Encoding
truncated
/ Frame 6378 		213 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
b5e7643064c92b1b13e2128a5d8e76f9707be24ba5af6740d35d03585f1eaf3a

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Content-Type
image/png
/
track.adform.net/adfscript/ Frame E7D4 		732 B
925 B 		Script
General
Check archive.org
Download Go to
Full URL
https://track.adform.net/adfscript/?bn=61227785;click=https://hal900025.redintelligence.net/c/p5lar112gnokquw?tprd=
Requested by
Host: hal900025.redintelligence.net
URL: https://hal900025.redintelligence.net/request_content.php?s=52523600011418206783193012228025&a=f5ecf1ed
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.4.41 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
e3edd50350fb269ff0c29872bbdfc72020da1b0d724e7e710969f87451bc9d3a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://hal900025.redintelligence.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 07 Feb 2023 03:37:37 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
server
nginx
vary
Accept-Encoding
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
cache-control
no-cache, no-store, must-revalidate, no-transform
content-length
532
expires
-1
viewability
hal900025.redintelligence.net/ Frame E7D4 		0
150 B 		Script
General
Check archive.org
Download Go to
Full URL
https://hal900025.redintelligence.net/viewability?s=52523600011418206783193012228025&a=000e3c55&vb=m
Requested by
Host: hal900025.redintelligence.net
URL: https://hal900025.redintelligence.net/request_content.php?s=52523600011418206783193012228025&a=f5ecf1ed
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
138.201.84.245 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.245.84.201.138.clients.your-server.de
Software
Apache /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://hal900025.redintelligence.net/request_content.php?s=52523600011418206783193012228025&a=f5ecf1ed
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date
Tue, 07 Feb 2023 03:37:37 GMT
Server
Apache
Connection
close
Content-Length
0
Content-Type
text/html; charset=UTF-8
bootstrap.js
s1.adform.net/stoat/626/s1.adform.net/ Frame E7D4 		34 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js
Requested by
Host: track.adform.net
URL: https://track.adform.net/adfscript/?bn=61227785;click=https://hal900025.redintelligence.net/c/p5lar112gnokquw?tprd=
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.6.234 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
06d0965f0851d3936c68da6d6de73163a6bb32e3f134822ccfec6d28f185ff29

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://hal900025.redintelligence.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date
Tue, 07 Feb 2023 03:37:37 GMT
content-encoding
gzip
last-modified
Wed, 21 Dec 2022 11:59:41 GMT
server
nginx
x-cache-status
STALE
vary
Accept-Encoding
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=100000
expires
Fri, 03 Feb 2023 15:46:59 GMT
/
track.adform.net/adfserve/ Frame E7D4 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://track.adform.net/adfserve/?CC=1&bn=61227785;click=https://hal900025.redintelligence.net/c/p5lar112gnokquw?tprd=;js=1;adfxid=1x;8130;set=en-US|en-US|1600X1200|0|300|600|24|8|3|7|1|;cmpgdpr=;cmpgdprconsent=;fd=0|0&CREFURL=https%3A%2F%2Fwww.savingwellness.com
Requested by
Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.4.41 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
7fcebe6b3509f59ed9133aa9deda85bef37fc52a74646f183fdbee609a4db539
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://hal900025.redintelligence.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 07 Feb 2023 03:37:37 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
server
nginx
vary
Accept-Encoding
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
cache-control
no-cache, no-store, must-revalidate, no-transform
content-length
2045
expires
-1
/
track.adform.net/jsmetrics/ Frame E7D4 		43 B
208 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://track.adform.net/jsmetrics/?sid=276&rid=10478&cid=1712&adfserve=29&asset=132&deviceType=Desktop
Requested by
Host: hal900025.redintelligence.net
URL: https://hal900025.redintelligence.net/request_content.php?s=52523600011418206783193012228025&a=f5ecf1ed
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.4.41 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://hal900025.redintelligence.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date
Tue, 07 Feb 2023 03:37:37 GMT
strict-transport-security
max-age=31536000; includeSubDomains
last-modified
Wed, 20 Jul 2016 08:04:05 GMT
server
nginx
etag
"578f3075-2b"
content-type
image/gif
accept-ranges
bytes
content-length
43
truncated
/ Frame E7D4 		43 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Content-Type
image/gif
Standard
s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.226/e/igSBggDQ/i/vCAv.IAAAAAUAA/r:AdConstructor:contents/HTML:types/ Frame E7D4 		90 KB
39 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.226/e/igSBggDQ/i/vCAv.IAAAAAUAA/r:AdConstructor:contents/HTML:types/Standard
Requested by
Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.6.234 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
8e16ad2005bc4c19f8560189ef6e7b7475f2b3def2c60a57f9041fac5b4f94cf

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://hal900025.redintelligence.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date
Tue, 07 Feb 2023 03:37:37 GMT
content-encoding
gzip
last-modified
Wed, 21 Dec 2022 11:59:41 GMT
server
nginx
x-cache-status
STALE
vary
Accept-Encoding
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=100000
expires
Fri, 03 Feb 2023 15:42:05 GMT
/
track.adform.net/csimpr/ Frame E7D4 		35 B
478 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://track.adform.net/csimpr/?bn=61227785&csi=0p7ZCZWFzDUpBBHdhEAdsmDFrv3DUwC5m-bBKnWUJwLrygPkIxxfkz2OntY8rEbawCSgpF4_OfDsu9Ubojj5Vd6vWmW1dlSa0
Requested by
Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.4.41 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://hal900025.redintelligence.net/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Tue, 07 Feb 2023 03:37:37 GMT
strict-transport-security
max-age=31536000; includeSubDomains
server
nginx
access-control-max-age
86400
access-control-allow-methods
GET, POST
content-type
image/gif
access-control-allow-origin
https://hal900025.redintelligence.net
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
cache-control
no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials
true
access-control-allow-headers
Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
expires
-1
12320355.js
s1.adform.net/Banners/Elements/Files/160090/12320355/ Frame 4437 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s1.adform.net/Banners/Elements/Files/160090/12320355/12320355.js?ADFassetID=12320355&bv=258
Requested by
Host: www.savingwellness.com
URL: https://www.savingwellness.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.6.234 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
6d0e2a588f4cc73d364bb8e00ee7093c213608f840c61d544b75c9ec1c53777d

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://hal900025.redintelligence.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date
Tue, 07 Feb 2023 03:37:37 GMT
content-encoding
gzip
last-modified
Mon, 30 Jan 2023 13:29:11 GMT
server
nginx
x-amz-request-id
tx0000048e8139a551ec9e4-0063e1bf31-3295c42b-default
etag
W/"8ddcc4da1b8ed092065a319818956a5a"
x-cache-status
HIT
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
access-control-expose-headers
Content-Range,Content-Length
x-rgw-object-type
Normal
cache-control
public, max-age=604800
screen.css
s1.adform.net/Banners/Elements/Files/160090/12320355/bvpath_258/ Frame 4437 		1 KB
925 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://s1.adform.net/Banners/Elements/Files/160090/12320355/bvpath_258/screen.css
Requested by
Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.226/e/igSBggDQ/i/vCAv.IAAAAAUAA/r:AdConstructor:contents/HTML:types/Standard
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.6.234 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
29317ecdd988cd36b8a82945e774d6a2b6745ca262ce76a7c14450cc6b562c35

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://hal900025.redintelligence.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date
Tue, 07 Feb 2023 03:37:37 GMT
content-encoding
gzip
last-modified
Mon, 30 Jan 2023 13:29:11 GMT
server
nginx
x-amz-request-id
tx00000328a84157da1e5da-0063e1bf31-3295c471-default
etag
W/"194a05f81d28799633fb0d91702824fc"
x-cache-status
HIT
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
access-control-expose-headers
Content-Range,Content-Length
x-rgw-object-type
Normal
cache-control
public, max-age=604800
Adform.DHTML.js
s1.adform.net/banners/scripts/rmb/ Frame 4437 		30 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s1.adform.net/banners/scripts/rmb/Adform.DHTML.js?bv=626
Requested by
Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.226/e/igSBggDQ/i/vCAv.IAAAAAUAA/r:AdConstructor:contents/HTML:types/Standard
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.6.234 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
bea63616949c80ff0dfdbb1e8547f1585882fc691483317b06441688e3e5f14a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://hal900025.redintelligence.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date
Tue, 07 Feb 2023 03:37:37 GMT
content-encoding
gzip
last-modified
Wed, 08 Jun 2022 12:02:22 GMT
server
nginx
x-amz-request-id
tx00000954a8d644de9b13a-0063766111-32940f80-default
etag
W/"4731aef0a5114a59b4311776d270e848"
x-cache-status
HIT
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-rgw-object-type
Normal
cache-control
public, max-age=604800
introfill.png
s1.adform.net/Banners/Elements/Files/160090/12320355/bvpath_258/ Frame 4437 		117 B
444 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s1.adform.net/Banners/Elements/Files/160090/12320355/bvpath_258/introfill.png
Requested by
Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.226/e/igSBggDQ/i/vCAv.IAAAAAUAA/r:AdConstructor:contents/HTML:types/Standard
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.6.234 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
9e9b34f0817548b428e128d5a7551fbc499d01fee0a12d016c323f65b9d4e2fd

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://hal900025.redintelligence.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date
Tue, 07 Feb 2023 03:37:37 GMT
last-modified
Mon, 30 Jan 2023 13:29:11 GMT
server
nginx
x-amz-request-id
tx00000317eca03b006e593-0063e1bf31-32952663-default
etag
"244ce310653a21d622b5bb8ea389929f"
x-cache-status
HIT
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Range,Content-Length
x-rgw-object-type
Normal
cache-control
public, max-age=604800
accept-ranges
bytes
content-length
117
stoerer.png
s1.adform.net/Banners/Elements/Files/160090/12320355/bvpath_258/ Frame 4437 		6 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s1.adform.net/Banners/Elements/Files/160090/12320355/bvpath_258/stoerer.png
Requested by
Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.226/e/igSBggDQ/i/vCAv.IAAAAAUAA/r:AdConstructor:contents/HTML:types/Standard
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.6.234 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
bdaf385e5165764f185ce155341091353606c2c63eb9228fdc812be8c226b78c

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://hal900025.redintelligence.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date
Tue, 07 Feb 2023 03:37:37 GMT
last-modified
Mon, 30 Jan 2023 13:29:11 GMT
server
nginx
x-amz-request-id
tx000006f1e41481a287108-0063e1bfc4-3295c471-default
etag
"a7ab920e0d9d9bcfda2b54369910a259"
x-cache-status
HIT
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Range,Content-Length
x-rgw-object-type
Normal
cache-control
public, max-age=604800
accept-ranges
bytes
content-length
5846
text0.png
s1.adform.net/Banners/Elements/Files/160090/12320355/bvpath_258/ Frame 4437 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s1.adform.net/Banners/Elements/Files/160090/12320355/bvpath_258/text0.png
Requested by
Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.226/e/igSBggDQ/i/vCAv.IAAAAAUAA/r:AdConstructor:contents/HTML:types/Standard
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.6.234 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
61bb21a200f5e290a6cf7cd102a30bf77f1179bdbd9b844ee8b9cedfaa3204e4

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://hal900025.redintelligence.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date
Tue, 07 Feb 2023 03:37:37 GMT
last-modified
Mon, 30 Jan 2023 13:29:11 GMT
server
nginx
x-amz-request-id
tx0000046c8b337a9ba83be-0063e1bf31-32952663-default
etag
"7ff52759238a13e4d6d820de6da10ad6"
x-cache-status
HIT
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Range,Content-Length
x-rgw-object-type
Normal
cache-control
public, max-age=604800
accept-ranges
bytes
content-length
4722
text1.png
s1.adform.net/Banners/Elements/Files/160090/12320355/bvpath_258/ Frame 4437 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s1.adform.net/Banners/Elements/Files/160090/12320355/bvpath_258/text1.png
Requested by
Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.226/e/igSBggDQ/i/vCAv.IAAAAAUAA/r:AdConstructor:contents/HTML:types/Standard
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.6.234 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
6b791222dc2af3fd5e21fe3c49795367bef71a9d39a491c63a1e5c6b711b59d6

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://hal900025.redintelligence.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date
Tue, 07 Feb 2023 03:37:37 GMT
last-modified
Mon, 30 Jan 2023 13:29:11 GMT
server
nginx
x-amz-request-id
tx000001fb504434b82282f-0063e1bf25-32952663-default
etag
"0b71725786ff3d215ad8a9214aebf4a8"
x-cache-status
HIT
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Range,Content-Length
x-rgw-object-type
Normal
cache-control
public, max-age=604800
accept-ranges
bytes
content-length
4931
disclaimer.png
s1.adform.net/Banners/Elements/Files/160090/12320355/bvpath_258/ Frame 4437 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s1.adform.net/Banners/Elements/Files/160090/12320355/bvpath_258/disclaimer.png
Requested by
Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.226/e/igSBggDQ/i/vCAv.IAAAAAUAA/r:AdConstructor:contents/HTML:types/Standard
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.6.234 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
d35d9f0279b471c6aff1a7df5bbb769c8d77c840b2fbb9ee6144a023826afbed

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://hal900025.redintelligence.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date
Tue, 07 Feb 2023 03:37:37 GMT
last-modified
Mon, 30 Jan 2023 13:29:11 GMT
server
nginx
x-amz-request-id
tx00000864ab01589b43c01-0063e1bf31-3294fed7-default
etag
"00ed571b00ceefad7d926a285f8e82c4"
x-cache-status
HIT
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Range,Content-Length
x-rgw-object-type
Normal
cache-control
public, max-age=604800
accept-ranges
bytes
content-length
4946
date.png
s1.adform.net/Banners/Elements/Files/160090/12320355/bvpath_258/ Frame 4437 		2 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s1.adform.net/Banners/Elements/Files/160090/12320355/bvpath_258/date.png
Requested by
Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.226/e/igSBggDQ/i/vCAv.IAAAAAUAA/r:AdConstructor:contents/HTML:types/Standard
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.6.234 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
0195a96fb239818e499c6c1ae564aeb3ece41ff3ce5e2a5c75134a40c90109d4

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://hal900025.redintelligence.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date
Tue, 07 Feb 2023 03:37:37 GMT
last-modified
Mon, 30 Jan 2023 13:29:11 GMT
server
nginx
x-amz-request-id
tx00000d420598edf317a69-0063e1bfc4-3295c471-default
etag
"f7f2fe1e82f90c5b4548d6bba639b46d"
x-cache-status
HIT
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Range,Content-Length
x-rgw-object-type
Normal
cache-control
public, max-age=604800
accept-ranges
bytes
content-length
2508
cta.png
s1.adform.net/Banners/Elements/Files/160090/12320355/bvpath_258/ Frame 4437 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s1.adform.net/Banners/Elements/Files/160090/12320355/bvpath_258/cta.png
Requested by
Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.226/e/igSBggDQ/i/vCAv.IAAAAAUAA/r:AdConstructor:contents/HTML:types/Standard
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.6.234 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
3071b3275b6c1eca22b9cba268668c6a10b0895f82c6a7d03aed4d021570a76f

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://hal900025.redintelligence.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date
Tue, 07 Feb 2023 03:37:37 GMT
last-modified
Mon, 30 Jan 2023 13:29:11 GMT
server
nginx
x-amz-request-id
tx0000028148041938f43d7-0063e1bf31-3294fed7-default
etag
"8a33d91eaa901fc405c9725ee90138e6"
x-cache-status
HIT
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Range,Content-Length
x-rgw-object-type
Normal
cache-control
public, max-age=604800
accept-ranges
bytes
content-length
1856
logostart.png
s1.adform.net/Banners/Elements/Files/160090/12320355/bvpath_258/ Frame 4437 		6 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s1.adform.net/Banners/Elements/Files/160090/12320355/bvpath_258/logostart.png
Requested by
Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.226/e/igSBggDQ/i/vCAv.IAAAAAUAA/r:AdConstructor:contents/HTML:types/Standard
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.6.234 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
be7d147a1ebabfa3c3e9e191c5bca1a8b3254c2cfa5b4f5a1611850449092e2e

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://hal900025.redintelligence.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date
Tue, 07 Feb 2023 03:37:37 GMT
last-modified
Mon, 30 Jan 2023 13:29:11 GMT
server
nginx
x-amz-request-id
tx00000674726234316a14b-0063e1bf31-3294fed7-default
etag
"8d5825425f9fc8e1497978a382e0b52f"
x-cache-status
HIT
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Range,Content-Length
x-rgw-object-type
Normal
cache-control
public, max-age=604800
accept-ranges
bytes
content-length
5872
logo.png
s1.adform.net/Banners/Elements/Files/160090/12320355/bvpath_258/ Frame 4437 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s1.adform.net/Banners/Elements/Files/160090/12320355/bvpath_258/logo.png
Requested by
Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.226/e/igSBggDQ/i/vCAv.IAAAAAUAA/r:AdConstructor:contents/HTML:types/Standard
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.6.234 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
5304c51f765a7701100c69b037ce9af3dcdcbd2f0e1c79b01fa25abea1d5e5a7

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://hal900025.redintelligence.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date
Tue, 07 Feb 2023 03:37:37 GMT
last-modified
Mon, 30 Jan 2023 13:29:11 GMT
server
nginx
x-amz-request-id
tx000003679b61f87617ec7-0063e1bfc4-3294fed7-default
etag
"47975d42aebcd52287f26c897c2dbd2f"
x-cache-status
HIT
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Range,Content-Length
x-rgw-object-type
Normal
cache-control
public, max-age=604800
accept-ranges
bytes
content-length
4768
model.jpg
s1.adform.net/Banners/Elements/Files/160090/12320355/bvpath_258/ Frame 4437 		41 KB
41 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s1.adform.net/Banners/Elements/Files/160090/12320355/bvpath_258/model.jpg
Requested by
Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.226/e/igSBggDQ/i/vCAv.IAAAAAUAA/r:AdConstructor:contents/HTML:types/Standard
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.6.234 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
2691d37f7469d124847b073641c8c3cc7bd753703fcf7957325f60f2d305a1fe

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://hal900025.redintelligence.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date
Tue, 07 Feb 2023 03:37:37 GMT
last-modified
Mon, 30 Jan 2023 13:29:11 GMT
server
nginx
x-amz-request-id
tx00000cd5bfc58eebbdfdc-0063e1bfc4-3295c471-default
etag
"010638f9a8fcf986b9c26c34be392151"
x-cache-status
HIT
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
Content-Range,Content-Length
x-rgw-object-type
Normal
cache-control
public, max-age=604800
accept-ranges
bytes
content-length
41657
background.jpg
s1.adform.net/Banners/Elements/Files/160090/12320355/bvpath_258/ Frame 4437 		31 KB
32 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s1.adform.net/Banners/Elements/Files/160090/12320355/bvpath_258/background.jpg
Requested by
Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.226/e/igSBggDQ/i/vCAv.IAAAAAUAA/r:AdConstructor:contents/HTML:types/Standard
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.6.234 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
9bba38554e945750c649d876b4cfe56c13d21f67666664c7ef72f4a0d7601eb9

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://hal900025.redintelligence.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date
Tue, 07 Feb 2023 03:37:37 GMT
last-modified
Mon, 30 Jan 2023 13:29:11 GMT
server
nginx
x-amz-request-id
tx00000df920c0fdc672270-0063e1bfc4-3294fed7-default
etag
"0d71c747d035e7d728b899aa5856e4f9"
x-cache-status
HIT
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
Content-Range,Content-Length
x-rgw-object-type
Normal
cache-control
public, max-age=604800
accept-ranges
bytes
content-length
32244
CSSPlugin.min.js
cdnjs.cloudflare.com/ajax/libs/gsap/1.18.0/plugins/ Frame 4437 		38 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/gsap/1.18.0/plugins/CSSPlugin.min.js
Requested by
Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.226/e/igSBggDQ/i/vCAv.IAAAAAUAA/r:AdConstructor:contents/HTML:types/Standard
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cbf2228ab439f89b83feb79ea549213521a81212fde9ff67f9c73d002d586198
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://hal900025.redintelligence.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date
Tue, 07 Feb 2023 03:37:37 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
268063
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
13669
last-modified
Mon, 04 May 2020 16:10:25 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb03e71-9833"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CZv8P4WNjzSPB89w7YSLiSqbYUg1TKRSsSeHRRi6t2KcN5pszvZ6ufBVzRR%2FWWqyH0OM0xZxJIdlGdWU%2F9OZQH2NjxWiaeL5M8Nnr19c7yIBqYWkPF4gZbyzOKvQYe2xfk1BVEe1660kbxn6ilizceA2"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
795916898c519024-FRA
expires
Sun, 28 Jan 2024 03:37:37 GMT
EasePack.min.js
cdnjs.cloudflare.com/ajax/libs/gsap/1.18.0/easing/ Frame 4437 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/gsap/1.18.0/easing/EasePack.min.js
Requested by
Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.226/e/igSBggDQ/i/vCAv.IAAAAAUAA/r:AdConstructor:contents/HTML:types/Standard
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
37bc930c63149650677d732eea9526432bd8494c55737f45c98e7f8ad7c1e7ff
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://hal900025.redintelligence.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date
Tue, 07 Feb 2023 03:37:37 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
268258
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
1730
last-modified
Mon, 04 May 2020 16:10:25 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb03e71-146f"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hOpJ%2FxLAmO6PbxZJ%2BV%2BLgyRLweoeKRJM1P7reZ0tNuf4RbRR7qhxnAeGETpfp6Ip5Anx4py2ueTG4M23PKSkLhSGpFpJeVsomUR%2F60GKE8lKxSOWs8fFbv0zNoQYAhlYBO1BL5RPAfzaWtJ%2BedXfJCM6"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
795916898c529024-FRA
expires
Sun, 28 Jan 2024 03:37:37 GMT
TweenLite.min.js
cdnjs.cloudflare.com/ajax/libs/gsap/1.18.0/ Frame 4437 		26 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/gsap/1.18.0/TweenLite.min.js
Requested by
Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.226/e/igSBggDQ/i/vCAv.IAAAAAUAA/r:AdConstructor:contents/HTML:types/Standard
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7e5b4dd28e58e76dbe83eb2b357fdad7e54b85a9def9bf953063d5970a91ee6a
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://hal900025.redintelligence.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date
Tue, 07 Feb 2023 03:37:37 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
268266
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
8578
last-modified
Mon, 04 May 2020 16:10:25 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb03e71-697f"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lWZu14pER3MTi3XCpngIOhwJhHH2Qx%2F2mk3y2pjwgNGkhawqepGAgExG0XIdipTRnzZTSd1bBj0Subv08lXVAI98PcdwH0W3y%2FNkE209lecje%2B5IeidqRAr%2BSipnqLobpK3eMTlz%2FLzS5hWXQkNeJ1l%2B"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
795916898c539024-FRA
expires
Sun, 28 Jan 2024 03:37:37 GMT
script.js
s1.adform.net/Banners/Elements/Files/160090/12320355/bvpath_258/ Frame 4437 		9 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s1.adform.net/Banners/Elements/Files/160090/12320355/bvpath_258/script.js
Requested by
Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.226/e/igSBggDQ/i/vCAv.IAAAAAUAA/r:AdConstructor:contents/HTML:types/Standard
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.6.234 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
c65f038fc5c6f7cd305ce982fbf17010b95c218ba794700df4c1f18fa47e822b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://hal900025.redintelligence.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date
Tue, 07 Feb 2023 03:37:37 GMT
content-encoding
gzip
last-modified
Mon, 30 Jan 2023 13:29:11 GMT
server
nginx
x-amz-request-id
tx00000cda75f66183628eb-0063e1bfc4-329527e9-default
etag
W/"8797d7a91f266c03782b0daf2913c2a3"
x-cache-status
HIT
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
access-control-expose-headers
Content-Range,Content-Length
x-rgw-object-type
Normal
cache-control
public, max-age=604800
activeview
pagead2.googlesyndication.com/pcs/ Frame 6378 		42 B
174 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssJRFDESNm-lLPMZyv98VK_CiudDn7RIqanCYe9tTh8gYLotptfIWz7tQE4bn6FoiEH2T2obLmYn8PhR27NSjBYDg_W&sig=Cg0ArKJSzFzW8bot1wUXEAE&id=lidar2&mcvt=1000&p=896,1019,1496,1319&mtos=0,0,1000,1000,1000&tos=0,0,1000,0,0&v=20230201&bin=7&avms=nio&bs=0,0&mc=0.51&if=1&vu=1&app=0&itpl=20&adk=1221718304&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1675741055551&rpt=1499&isd=0&lsd=0&met=mue&wmsd=0&pbe=0&vae=0&spb=0
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://58bf08f8517eb2adaf7af131d0606954.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 07 Feb 2023 03:37:38 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
viewability
hal900025.redintelligence.net/ Frame E7D4 		0
150 B 		Script
General
Check archive.org
Download Go to
Full URL
https://hal900025.redintelligence.net/viewability?s=52523600011418206783193012228025&a=000e3c55&vb=v
Requested by
Host: hal900025.redintelligence.net
URL: https://hal900025.redintelligence.net/request_content.php?s=52523600011418206783193012228025&a=f5ecf1ed
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
138.201.84.245 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.245.84.201.138.clients.your-server.de
Software
Apache /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://hal900025.redintelligence.net/request_content.php?s=52523600011418206783193012228025&a=f5ecf1ed
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date
Tue, 07 Feb 2023 03:37:38 GMT
Server
Apache
Connection
close
Content-Length
0
Content-Type
text/html; charset=UTF-8
events
api.mediabuyanalytics.com/ingest/ 		0
69 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://api.mediabuyanalytics.com/ingest/events?_=4b615048-219b-48c4-94be-bd4692f076b5&v=1.0
Requested by
Host: dynamic.mediabuyanalytics.com
URL: https://dynamic.mediabuyanalytics.com/auction/472d3438-8644-09c6-abda-2cad64514ba9.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.186.222.216 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-186-222-216.us-west-2.compute.amazonaws.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.savingwellness.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

access-control-allow-origin
*
date
Tue, 07 Feb 2023 03:37:38 GMT
server
nginx
/
track.adform.net/serving/unload/ Frame E7D4 		35 B
478 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://track.adform.net/serving/unload/?version=15&unload=6774769680421159330@@61227785,624123398525658184,51|1200|0|0|0|0|0|0|0||57|1|||||1|0|0|nRyL6SYh9V5cPlakbYq96dw8GJo2LfmNF2L62GO1_wKbrhmCCr7ZBPL_QlhaeLlf0|||11||0
Requested by
Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.4.41 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://hal900025.redintelligence.net/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Tue, 07 Feb 2023 03:37:38 GMT
strict-transport-security
max-age=31536000; includeSubDomains
server
nginx
access-control-max-age
86400
access-control-allow-methods
GET, POST
content-type
image/gif
access-control-allow-origin
https://hal900025.redintelligence.net
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
cache-control
no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials
true
access-control-allow-headers
Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
expires
-1

Verdicts & Comments Add Verdict or Comment

26 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| oncontentvisibilityautostatechange object| $readys function| $ object| $mba object| $mbaInternal object| $mbaJsonpFunction object| googletag object| $mbaPrebidJs object| _pbjsGlobals function| setImmediate function| clearImmediate object| __$internalCallbacks object| ggeac object| google_tag_data object| google_js_reporting_queue undefined| google_measure_js_timing object| googleToken object| googleIMState function| processGoogleToken number| google_unique_id object| gaGlobal object| GoogleGcLKhOms object| google_image_requests

7 Cookies

Domain/Path Name / Value
.savingwellness.com/ Name: __gads
Value: ID=30332b1e1010c6bf:T=1675741055:S=ALNI_MbSlBpzAvXuRMDQ_8RHThX94B4fcw
.savingwellness.com/ Name: __gpi
Value: UID=00000bb132d0d9e5:T=1675741055:RT=1675741055:S=ALNI_MZp7q1wDdrO_53xEKkEbvO0p28PeQ
.doubleclick.net/ Name: IDE
Value: AHWqTUnvPubQHLpGAE8z2snn8QUjimMMGxmIBcdd8mG8jjTYFwHXYfKJMdyXsSZuopY
.mathtag.com/ Name: uuid
Value: 51e763e1-c780-4801-a5f2-d2f188ebf5ea
.adform.net/ Name: C
Value: 1
.adform.net/ Name: uid
Value: 6774769680421159330
.adform.net/ Name: TPC
Value: 1675741057298

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Frame-Options DENY

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

58bf08f8517eb2adaf7af131d0606954.safeframe.googlesyndication.com
adservice.google.com
adservice.google.de
api.mediabuyanalytics.com
cdnjs.cloudflare.com
d16u4nxze4xw1c.cloudfront.net
dynamic.mediabuyanalytics.com
hal9000.redintelligence.net
hal900025.redintelligence.net
pagead2.googlesyndication.com
pixel.mathtag.com
s1.adform.net
savingwellness.com
securepubads.g.doubleclick.net
tags.mathtag.com
tpc.googlesyndication.com
track.adform.net
www.google.com
www.googletagservices.com
www.savingwellness.com
103.229.205.243
138.201.220.30
138.201.84.245
2.18.233.201
2600:9000:211e:2400:6:151d:f540:93a1
2600:9000:2171:d400:b:2003:1c00:21
2606:4700::6811:190e
2a00:1450:4001:80b::2002
2a00:1450:4001:80e::2002
2a00:1450:4001:812::2001
2a00:1450:400d:805::2001
2a00:1450:400d:807::2002
2a00:1450:400d:808::2004
2a00:1450:400d:80a::2002
2a00:1450:400d:80c::2002
37.157.4.41
37.157.6.234
54.186.222.216
54.71.235.212
0195a96fb239818e499c6c1ae564aeb3ece41ff3ce5e2a5c75134a40c90109d4
0418f9cc80c8b9a8ab763b18ccc2e9327bf6d177ec58dce36d39e2ab2f4064ce
0470b794b7d1e85778a269e8514a405f91f8e57502a138c6cbfb43bf3d4ace3f
06d0965f0851d3936c68da6d6de73163a6bb32e3f134822ccfec6d28f185ff29
08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0
1cd58a827318c4a29b32a0db15c8c39d5651b42d8cad227519ad81bce4adb944
25b1d85b73d7f72c366e84eee487e9145e2535a06d8401f7e76a68d9737f3b04
2691d37f7469d124847b073641c8c3cc7bd753703fcf7957325f60f2d305a1fe
29317ecdd988cd36b8a82945e774d6a2b6745ca262ce76a7c14450cc6b562c35
2bf373aab01a96fddf0099658b27e2eefb64c4aac7061d97d629fd7ca9a42534
3071b3275b6c1eca22b9cba268668c6a10b0895f82c6a7d03aed4d021570a76f
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
37bc930c63149650677d732eea9526432bd8494c55737f45c98e7f8ad7c1e7ff
3d5d95b82bac398cea81a6a8247cf4b96351d95520c180a07385d5470fba089e
3e84b1a5e5489f84a1a08b76bd0fde6e7b156f6fd9f8b5e814de1f169187053b
42736c7de60dfab94b3cc902b8692f80cfeb0a5989d1d51db1d25fd7d18dc45b
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
5304c51f765a7701100c69b037ce9af3dcdcbd2f0e1c79b01fa25abea1d5e5a7
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
61bb21a200f5e290a6cf7cd102a30bf77f1179bdbd9b844ee8b9cedfaa3204e4
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
62388e7f083cafef3c250acf59b6a00e9b21fe7392389714d7464ff4c1dcc35a
62845b2a32e71920539d7c97cbde8a4cdeb7595ed7ce4330a892f4a695abf2a7
640144594eceee239a5d28fb46914e49de2b63f5ebdbebec541c84f49a813f0c
6b791222dc2af3fd5e21fe3c49795367bef71a9d39a491c63a1e5c6b711b59d6
6d0e2a588f4cc73d364bb8e00ee7093c213608f840c61d544b75c9ec1c53777d
734c9230c763d4277ba60da6ad2795b01b9e170f76c94a477f714080dbb3e7a5
73c018b90c0e70a6434d20ab04162ddd956a280988f9cfd4d8d285735e2faa70
7a24681ca9c7eebd9f363283734cd29ade82cb5a07454c209a8afabc7544b597
7c58c7f5269dcbf25ba566e42938584a43299c9a14fe53f6b5c21b503d54de3b
7e5b4dd28e58e76dbe83eb2b357fdad7e54b85a9def9bf953063d5970a91ee6a
7ebdad33770ca8a7fba3e860be0f86025592d52849410324eb529bc720bc84dc
7fcebe6b3509f59ed9133aa9deda85bef37fc52a74646f183fdbee609a4db539
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
8720f78a171a381c61f373c5b7f3431bf5e89f931532bf2d0a6d284ccf2f864f
877bd87e71feee4336a785c1d4179fe2d1a4e24f37a8e871673b237845830896
899bb79fb90f7fca237cd294cff599ccc90a2388fedc115198d9b35cfed82f53
8e16ad2005bc4c19f8560189ef6e7b7475f2b3def2c60a57f9041fac5b4f94cf
9bba38554e945750c649d876b4cfe56c13d21f67666664c7ef72f4a0d7601eb9
9e9b34f0817548b428e128d5a7551fbc499d01fee0a12d016c323f65b9d4e2fd
a3898a9f61e4880dd4491af63277a03e4328611f26200a4e56d9ad2777a78b7e
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
aaffef39ab88c507db3e5de94069b8a50d2f6fff1964e6e1bd9a0f5c65c2a69e
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b37c676b6abdabdc0107c9f9742eccd6f5a15c134ecd8eef084c9d0b13313b98
b50c5bc32c11ec8062de4745f635ed415b2ca6fdc003ca60b0cdb80f22a92fbd
b5e7643064c92b1b13e2128a5d8e76f9707be24ba5af6740d35d03585f1eaf3a
b7efe7ec80bc3cef06e8216d55b368df21ff1d2f918fca7d6b725456c9f732bc
bd4b9f8c2bf6c96d17c4e0cacfefa23a16249e4d580af3a54d8df892d3e14ee1
bdaf385e5165764f185ce155341091353606c2c63eb9228fdc812be8c226b78c
be7d147a1ebabfa3c3e9e191c5bca1a8b3254c2cfa5b4f5a1611850449092e2e
bea63616949c80ff0dfdbb1e8547f1585882fc691483317b06441688e3e5f14a
c65f038fc5c6f7cd305ce982fbf17010b95c218ba794700df4c1f18fa47e822b
c79f96087287ab318a430c9d87651b39ce44c183e4e1fc197ebb11dd0f5bb766
c90fa7f2b86e88bc876a28a908c00565250cfbdce151c8f3e5800bf98fa394c0
cbf2228ab439f89b83feb79ea549213521a81212fde9ff67f9c73d002d586198
d35d9f0279b471c6aff1a7df5bbb769c8d77c840b2fbb9ee6144a023826afbed
d3dbe61c0d4bd6843709a0c3287613e78c6699b608001771c5d02fc4927a81ff
d685f5ec2f690fa991cecbb9bd74cc220624bb3919f547d901726e3003a229fd
ddb71c8048a21b9d84b1e85c7956b7c092f312204fdb3a77b30f0f0215adc978
e23c95712c214bca360f9d8dd3f20b75391af1aa52c8a7d2d872795d125d6446
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3edd50350fb269ff0c29872bbdfc72020da1b0d724e7e710969f87451bc9d3a
e9f1c36655c2d9a68160d3ffad60f2ea5af302098a07e264e656cfeb4d353a4a
ec1e4265b83fa21bacd7baaa003211655fc93b02119320611bbdc3f9639cc50f
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef69db0fe9fea6f98fbc069da25726d05ccdc8389190ce4daeef8d5229bd3924
f4169c6178d6eaff39412d0d2e95efe8a4833abc93ebcafe86f8fb2c12aa9e57
f54b1c4b1607e005935a6bb211a68a7c853fc43e8d702e1793e718a500b5c4af
f5699e75e576425fddf8685595d9fdc0495ad0c6a694919d418ba499e3c36a82
f601bdf6a0e38acffe39761cff97e0f4a8334536d27bc96ef3dbd6a1f4e38e2d
f94771bb01feaa3620782028715818e29cbed59eac3497059e4ef1886c88e887