urlscan.io logo urlscan.io
SecurityTrails logo

travel.calif.aaa.com Open in urlscan Pro
107.20.248.181  Public Scan

Go To Rescan Add Verdict Report
URL: https://travel.calif.aaa.com/trip/Yjy5W0RdRdaVFhtNQvniTg/itinerary?tst_email=confirmation&utm_source=conf_email&utm_medium=em...
Submission: On October 15 via manual from RO — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 15 IPs in 5 countries across 13 domains to perform 33 HTTP transactions. The main IP is 107.20.248.181, located in Ashburn, United States and belongs to AMAZON-AES, US. The main domain is travel.calif.aaa.com. The Cisco Umbrella rank of the primary domain is 816537.
TLS certificate: Issued by Sectigo RSA Organization Validation S... on May 17th 2022. Valid for: a year.
This is the only time travel.calif.aaa.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

5    107.20.248.181 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-107-20-248-181.compute-1.amazonaws.com
travel.calif.aaa.com
admin.tstllc.net
5    23.35.236.209 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-35-236-209.deploy.static.akamaitechnologies.com
tags.tiqcdn.com
1    2606:4700:10::6816:3768 (United States)

ASN13335 (CLOUDFLARENET, US)
rum-static.pingdom.net
1    54.227.119.132 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-227-119-132.compute-1.amazonaws.com
assets.green.kube.tstllc.net
2    2a00:1450:4001:800::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
3    2a00:1450:4001:80e::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
2    2a00:1450:400c:c02::9d (Brussels, Belgium)

ASN15169 (GOOGLE, US)
stats.g.doubleclick.net
2    2a00:1450:4001:806::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.com
2    2a00:1450:4001:80e::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.de
3    52.19.27.104 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-19-27-104.eu-west-1.compute.amazonaws.com
dpm.demdex.net
3    2a03:2880:f01c:216:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
connect.facebook.net
2    2a03:2880:f11c:8083:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
www.facebook.com
1    3.248.40.167 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-248-40-167.eu-west-1.compute.amazonaws.com
rum-collector-2.pingdom.net
1    52.18.158.197 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-18-158-197.eu-west-1.compute.amazonaws.com
automobileclubofsoutherncalifornia.demdex.net
2    15.236.176.210 (Paris, France)

ASN16509 (AMAZON-02, US)
PTR: ec2-15-236-176-210.eu-west-3.compute.amazonaws.com
acemetrics.aaa.com
1    34.248.32.199 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-248-32-199.eu-west-1.compute.amazonaws.com
cm.everesttech.net
Apex Domain
Subdomains		 Transfer
5 tstllc.net
admin.tstllc.net
assets.green.kube.tstllc.net — Cisco Umbrella Rank: 314325
34 KB
5 tiqcdn.com
tags.tiqcdn.com — Cisco Umbrella Rank: 968
61 KB
4 demdex.net
dpm.demdex.net — Cisco Umbrella Rank: 214
automobileclubofsoutherncalifornia.demdex.net — Cisco Umbrella Rank: 201365
6 KB
3 facebook.net
connect.facebook.net — Cisco Umbrella Rank: 151
132 KB
3 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 32
20 KB
3 aaa.com
travel.calif.aaa.com — Cisco Umbrella Rank: 816537
acemetrics.aaa.com — Cisco Umbrella Rank: 172491
9 KB
2 facebook.com
www.facebook.com — Cisco Umbrella Rank: 107
222 B
2 google.de
www.google.de — Cisco Umbrella Rank: 6045
608 B
2 google.com
www.google.com — Cisco Umbrella Rank: 2
608 B
2 doubleclick.net
stats.g.doubleclick.net — Cisco Umbrella Rank: 84
515 B
2 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 61
202 KB
2 pingdom.net
rum-static.pingdom.net — Cisco Umbrella Rank: 5244
rum-collector-2.pingdom.net — Cisco Umbrella Rank: 4688
3 KB
1 everesttech.net
cm.everesttech.net — Cisco Umbrella Rank: 1073
517 B
33 13
Domain Requested by
5 tags.tiqcdn.com travel.calif.aaa.com
tags.tiqcdn.com
4 admin.tstllc.net 1 redirects travel.calif.aaa.com
3 connect.facebook.net tags.tiqcdn.com
connect.facebook.net
3 dpm.demdex.net 1 redirects
3 www.google-analytics.com www.googletagmanager.com
www.google-analytics.com
2 acemetrics.aaa.com tags.tiqcdn.com
2 www.facebook.com travel.calif.aaa.com
2 www.google.de travel.calif.aaa.com
2 www.google.com travel.calif.aaa.com
2 stats.g.doubleclick.net www.google-analytics.com
2 www.googletagmanager.com travel.calif.aaa.com
1 cm.everesttech.net 1 redirects
1 automobileclubofsoutherncalifornia.demdex.net tags.tiqcdn.com
1 rum-collector-2.pingdom.net rum-static.pingdom.net
1 assets.green.kube.tstllc.net travel.calif.aaa.com
1 rum-static.pingdom.net travel.calif.aaa.com
1 travel.calif.aaa.com
33 17

This site contains no links.

Subject Issuer Validity Valid
travel.calif.aaa.com
Sectigo RSA Organization Validation Secure Server CA		 2022-05-17 -
2023-06-17		 a year crt.sh
*.tiqcdn.com
DigiCert SHA2 Secure Server CA		 2022-02-27 -
2023-02-28		 a year crt.sh
pingdom.net
Cloudflare Inc ECC CA-3		 2021-12-14 -
2022-12-13		 a year crt.sh
*.tstllc.net
Go Daddy Secure Certificate Authority - G2		 2022-06-29 -
2023-07-31		 a year crt.sh
*.google-analytics.com
GTS CA 1C3		 2022-09-12 -
2022-12-05		 3 months crt.sh
*.g.doubleclick.net
GTS CA 1C3		 2022-09-12 -
2022-12-05		 3 months crt.sh
www.google.com
GTS CA 1C3		 2022-09-12 -
2022-12-05		 3 months crt.sh
www.google.de
GTS CA 1C3		 2022-09-12 -
2022-12-05		 3 months crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2022-07-25 -
2022-10-23		 3 months crt.sh
*.pingdom.net
Amazon		 2021-12-07 -
2023-01-05		 a year crt.sh
*.demdex.com
DigiCert TLS RSA SHA256 2020 CA1		 2022-09-26 -
2023-10-27		 a year crt.sh
acemetrics.aaa.com
DigiCert TLS RSA SHA256 2020 CA1		 2022-07-07 -
2023-08-07		 a year crt.sh

This page contains 2 frames:

Primary Page: https://travel.calif.aaa.com/trip/Yjy5W0RdRdaVFhtNQvniTg/itinerary?tst_email=confirmation&utm_source=conf_email&utm_medium=email&utm_campaign=insurance
Frame ID: B393224D748FA4D7F56DA2762412D1BE
Requests: 32 HTTP requests in this frame

Frame: https://automobileclubofsoutherncalifornia.demdex.net/dest5.html?d_nsid=0
Frame ID: F2E1B5C06D52B4E4A1A6227B35DA2075
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Your Itinerary

Detected technologies

Overall confidence: 100%
Detected patterns
  • //connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js
Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/ns\.html[^>]+></iframe>
  • <!-- (?:End )?Google Tag Manager -->
  • googletagmanager\.com/gtm\.js

Page Statistics

33
Requests

91 %
HTTPS

50 %
IPv6

13
Domains

17
Subdomains

15
IPs

5
Countries

469 kB
Transfer

1682 kB
Size

18
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 2
  • https://admin.tstllc.net/resources/acp/images/wss-4CAAA.png HTTP 303
  • https://assets.green.kube.tstllc.net/resources/acp/images/wss-4CAAA.png
Request Chain 18
  • https://dpm.demdex.net/id?d_visid_ver=5.2.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=97311CFE53295FB20A490D45%40AdobeOrg&d_nsid=0&ts=1665853078613 HTTP 302
  • https://dpm.demdex.net/id/rd?d_visid_ver=5.2.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=97311CFE53295FB20A490D45%40AdobeOrg&d_nsid=0&ts=1665853078613
Request Chain 29
  • https://cm.everesttech.net/cm/dd?d_uuid=13367083442710283330676526112504908849 HTTP 302
  • https://dpm.demdex.net/ibs:dpid=411&dpuuid=Y0rmlwAAALdrSQOV

33 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request itinerary
travel.calif.aaa.com/trip/Yjy5W0RdRdaVFhtNQvniTg/ 		8 KB
9 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://travel.calif.aaa.com/trip/Yjy5W0RdRdaVFhtNQvniTg/itinerary?tst_email=confirmation&utm_source=conf_email&utm_medium=email&utm_campaign=insurance
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
107.20.248.181 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-107-20-248-181.compute-1.amazonaws.com
Software
/
Resource Hash
042fc1a71b7f608822766e85fedae2799a42e8e760071feee9727f596aa7cb3c
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' *.tstllc.net *.aaa.com ama.ab.ca *.amatravel.ca *.atlantic.caa.ca *.caamanitoba.com *.caaneo.ca *.caask.ca *.caaniagara.ca *.caascotravel.com
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-cache, max-age=0, must-revalidate, no-store
content-length
8432
content-security-policy
frame-ancestors 'self' *.tstllc.net *.aaa.com ama.ab.ca *.amatravel.ca *.atlantic.caa.ca *.caamanitoba.com *.caaneo.ca *.caask.ca *.caaniagara.ca *.caascotravel.com
content-type
text/html; charset=UTF-8
date
Sat, 15 Oct 2022 16:57:57 GMT
strict-transport-security
max-age=31536000; includeSubDomains
trace-id
0c99ac5a1135549f
utag.sync.js
tags.tiqcdn.com/utag/aaa/tst/prod/ 		109 B
342 B 		Script
General
Check archive.org
Download Go to
Full URL
https://tags.tiqcdn.com/utag/aaa/tst/prod/utag.sync.js
Requested by
Host: travel.calif.aaa.com
URL: https://travel.calif.aaa.com/trip/Yjy5W0RdRdaVFhtNQvniTg/itinerary?tst_email=confirmation&utm_source=conf_email&utm_medium=email&utm_campaign=insurance
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.35.236.209 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-236-209.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
18fbeca95fe06873aa619689dfd05228e83edc53b18b390105a8ebd0afeaa76d

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://travel.calif.aaa.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Sat, 15 Oct 2022 16:57:58 GMT
content-encoding
gzip
last-modified
Fri, 22 Jul 2022 23:06:40 GMT
server
AkamaiNetStorage
etag
"9902f3e6d1d79867574e992d49e7ea3c:1658531200.618711"
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
max-age=300
accept-ranges
bytes
content-length
117
expires
Sat, 15 Oct 2022 17:02:58 GMT
pa-5f5fcac48e83fa0015000b12.js
rum-static.pingdom.net/ 		6 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://rum-static.pingdom.net/pa-5f5fcac48e83fa0015000b12.js
Requested by
Host: travel.calif.aaa.com
URL: https://travel.calif.aaa.com/trip/Yjy5W0RdRdaVFhtNQvniTg/itinerary?tst_email=confirmation&utm_source=conf_email&utm_medium=email&utm_campaign=insurance
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:3768 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6f9d771c9be1c51db0a541467e2f808fa46187f707812f7f6e9d7a0272de07b8

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://travel.calif.aaa.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Sat, 15 Oct 2022 16:57:57 GMT
content-encoding
gzip
cf-cache-status
MISS
last-modified
Tue, 11 May 2021 14:01:36 GMT
server
cloudflare
etag
W/"609a8e40-1852"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=86400
cf-ray
75aa18c83a8b996c-FRA
expires
Sat, 15 Oct 2022 17:02:57 GMT
wss-4CAAA.png
assets.green.kube.tstllc.net/resources/acp/images/
Redirect Chain
  • https://admin.tstllc.net/resources/acp/images/wss-4CAAA.png
  • https://assets.green.kube.tstllc.net/resources/acp/images/wss-4CAAA.png
7 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.green.kube.tstllc.net/resources/acp/images/wss-4CAAA.png
Requested by
Host: travel.calif.aaa.com
URL: https://travel.calif.aaa.com/trip/Yjy5W0RdRdaVFhtNQvniTg/itinerary?tst_email=confirmation&utm_source=conf_email&utm_medium=email&utm_campaign=insurance
Protocol
H2
Server
54.227.119.132 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-227-119-132.compute-1.amazonaws.com
Software
/
Resource Hash
96ec675a4fab3039503907507b779ba05af8716418a84dac63e308bfb9701d02
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' *.tstllc.net *.aaa.com ama.ab.ca *.amatravel.ca *.atlantic.caa.ca *.caamanitoba.com *.caaneo.ca *.caask.ca *.caaniagara.ca *.caascotravel.com
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://travel.calif.aaa.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Sat, 15 Oct 2022 16:57:58 GMT
content-encoding
gzip
content-security-policy
frame-ancestors 'self' *.tstllc.net *.aaa.com ama.ab.ca *.amatravel.ca *.atlantic.caa.ca *.caamanitoba.com *.caaneo.ca *.caask.ca *.caaniagara.ca *.caascotravel.com
last-modified
Tue, 12 May 2020 19:06:50 GMT
strict-transport-security
max-age=31536000; includeSubDomains
etag
W/"5ebaf3ca-1a79"
access-control-allow-methods
GET, POST, OPTIONS
content-type
image/png
access-control-allow-origin
*
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type

Redirect headers

location
https://assets.green.kube.tstllc.net/resources/acp/images/wss-4CAAA.png
date
Sat, 15 Oct 2022 16:57:58 GMT
content-security-policy
frame-ancestors 'self' *.tstllc.net *.aaa.com ama.ab.ca *.amatravel.ca *.atlantic.caa.ca *.caamanitoba.com *.caaneo.ca *.caask.ca *.caaniagara.ca *.caascotravel.com
strict-transport-security
max-age=31536000; includeSubDomains
content-length
166
content-type
text/html
product_insurance.png
admin.tstllc.net/web-services/assets/images/reminder/ 		20 KB
20 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://admin.tstllc.net/web-services/assets/images/reminder/product_insurance.png
Requested by
Host: travel.calif.aaa.com
URL: https://travel.calif.aaa.com/trip/Yjy5W0RdRdaVFhtNQvniTg/itinerary?tst_email=confirmation&utm_source=conf_email&utm_medium=email&utm_campaign=insurance
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
107.20.248.181 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-107-20-248-181.compute-1.amazonaws.com
Software
/ Express
Resource Hash
fc4abe52cc423ec2132bdee8ea9d9f3603e9cf44ded574f92f45c0d873b09cf0
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' *.tstllc.net *.aaa.com ama.ab.ca *.amatravel.ca *.atlantic.caa.ca *.caamanitoba.com *.caaneo.ca *.caask.ca *.caaniagara.ca *.caascotravel.com
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://travel.calif.aaa.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Sat, 15 Oct 2022 16:57:58 GMT
content-security-policy
frame-ancestors 'self' *.tstllc.net *.aaa.com ama.ab.ca *.amatravel.ca *.atlantic.caa.ca *.caamanitoba.com *.caaneo.ca *.caask.ca *.caaniagara.ca *.caascotravel.com
strict-transport-security
max-age=31536000; includeSubDomains
last-modified
Fri, 30 Sep 2022 20:25:50 GMT
x-powered-by
Express
etag
W/"4e37-1839013a572"
content-type
image/png
cache-control
public, max-age=0
accept-ranges
bytes
content-length
20023
phone.png
admin.tstllc.net/web-services/assets/images/reminder/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://admin.tstllc.net/web-services/assets/images/reminder/phone.png
Requested by
Host: travel.calif.aaa.com
URL: https://travel.calif.aaa.com/trip/Yjy5W0RdRdaVFhtNQvniTg/itinerary?tst_email=confirmation&utm_source=conf_email&utm_medium=email&utm_campaign=insurance
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
107.20.248.181 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-107-20-248-181.compute-1.amazonaws.com
Software
/ Express
Resource Hash
00c2e9953f2ce26ae1f9fe8bfbcbaefd52778854c20c77e231542bbc5afa6f94
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' *.tstllc.net *.aaa.com ama.ab.ca *.amatravel.ca *.atlantic.caa.ca *.caamanitoba.com *.caaneo.ca *.caask.ca *.caaniagara.ca *.caascotravel.com
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://travel.calif.aaa.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Sat, 15 Oct 2022 16:57:58 GMT
content-security-policy
frame-ancestors 'self' *.tstllc.net *.aaa.com ama.ab.ca *.amatravel.ca *.atlantic.caa.ca *.caamanitoba.com *.caaneo.ca *.caask.ca *.caaniagara.ca *.caascotravel.com
strict-transport-security
max-age=31536000; includeSubDomains
last-modified
Fri, 30 Sep 2022 20:25:50 GMT
x-powered-by
Express
etag
W/"c2c-1839013a572"
content-type
image/png
cache-control
public, max-age=0
accept-ranges
bytes
content-length
3116
email.png
admin.tstllc.net/web-services/assets/images/reminder/ 		2 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://admin.tstllc.net/web-services/assets/images/reminder/email.png
Requested by
Host: travel.calif.aaa.com
URL: https://travel.calif.aaa.com/trip/Yjy5W0RdRdaVFhtNQvniTg/itinerary?tst_email=confirmation&utm_source=conf_email&utm_medium=email&utm_campaign=insurance
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
107.20.248.181 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-107-20-248-181.compute-1.amazonaws.com
Software
/ Express
Resource Hash
ec8cd3afdf92c6b91bc5257ddbdf019432cdbf1c014a2027638041366be4d1b2
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' *.tstllc.net *.aaa.com ama.ab.ca *.amatravel.ca *.atlantic.caa.ca *.caamanitoba.com *.caaneo.ca *.caask.ca *.caaniagara.ca *.caascotravel.com
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://travel.calif.aaa.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Sat, 15 Oct 2022 16:57:58 GMT
content-security-policy
frame-ancestors 'self' *.tstllc.net *.aaa.com ama.ab.ca *.amatravel.ca *.atlantic.caa.ca *.caamanitoba.com *.caaneo.ca *.caask.ca *.caaniagara.ca *.caascotravel.com
strict-transport-security
max-age=31536000; includeSubDomains
last-modified
Fri, 30 Sep 2022 20:25:50 GMT
x-powered-by
Express
etag
W/"9d1-1839013a572"
content-type
image/png
cache-control
public, max-age=0
accept-ranges
bytes
content-length
2513
utag.js
tags.tiqcdn.com/utag/aaa/tst/prod/ 		115 KB
34 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tags.tiqcdn.com/utag/aaa/tst/prod/utag.js
Requested by
Host: travel.calif.aaa.com
URL: https://travel.calif.aaa.com/trip/Yjy5W0RdRdaVFhtNQvniTg/itinerary?tst_email=confirmation&utm_source=conf_email&utm_medium=email&utm_campaign=insurance
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.35.236.209 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-236-209.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
478f535c11f94097ad73992e1373bdee1a8a0e96edc81f134d8f5cfd2fab839e

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://travel.calif.aaa.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Sat, 15 Oct 2022 16:57:58 GMT
content-encoding
gzip
last-modified
Fri, 22 Jul 2022 23:06:40 GMT
server
AkamaiNetStorage
etag
"d8f12d19d3d3affb673ac4801ffd6665:1658531200.750003"
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
max-age=300
accept-ranges
bytes
content-length
34833
expires
Sat, 15 Oct 2022 17:02:58 GMT
gtm.js
www.googletagmanager.com/ 		435 KB
95 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-W79ZLQ
Requested by
Host: travel.calif.aaa.com
URL: https://travel.calif.aaa.com/trip/Yjy5W0RdRdaVFhtNQvniTg/itinerary?tst_email=confirmation&utm_source=conf_email&utm_medium=email&utm_campaign=insurance
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
a6bc9b6f13b2069cbc2b38470115531f38d63342da0fb917bc05cc98398cf87b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://travel.calif.aaa.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Sat, 15 Oct 2022 16:57:58 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
96876
x-xss-protection
0
last-modified
Sat, 15 Oct 2022 15:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Sat, 15 Oct 2022 16:57:58 GMT
gtm.js
www.googletagmanager.com/ 		492 KB
107 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-T6BPC96
Requested by
Host: travel.calif.aaa.com
URL: https://travel.calif.aaa.com/trip/Yjy5W0RdRdaVFhtNQvniTg/itinerary?tst_email=confirmation&utm_source=conf_email&utm_medium=email&utm_campaign=insurance
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
dd458ea7ff41d65ef22bad32677015c8016d581192a9210aa7a65442330848e6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://travel.calif.aaa.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Sat, 15 Oct 2022 16:57:58 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
108889
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires
Sat, 15 Oct 2022 16:57:58 GMT
analytics.js
www.google-analytics.com/ 		49 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-T6BPC96
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
b42e4a056cb5b80c5a315040826866445ec9332f0749e184509ab2d9d3b86719
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://travel.calif.aaa.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
date
Sat, 15 Oct 2022 15:01:59 GMT
last-modified
Tue, 27 Sep 2022 22:01:05 GMT
server
Golfe2
age
6959
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
20039
expires
Sat, 15 Oct 2022 17:01:59 GMT
collect
www.google-analytics.com/j/ 		2 B
210 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j98&a=12881683&t=pageview&_s=1&dl=https%3A%2F%2Ftravel.calif.aaa.com%2Ftrip%2FYjy5W0RdRdaVFhtNQvniTg%2Fitinerary%3Ftst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dinsurance&ul=en-us&de=UTF-8&dt=Your%20Itinerary&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAEABAAAAACAAI~&jid=1110009827&gjid=974346994&cid=978180497.1665853078&tid=UA-96133587-4&_gid=870734120.1665853078&_r=1&gtm=2wgaa0T6BPC96&cd1=000&cd2=Travel&cd3=TST&cd108=travel.calif.aaa.com%2Ftrip%2FYjy5W0RdRdaVFhtNQvniTg%2Fitinerary&cd109=&cd111=&z=660491074
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://travel.calif.aaa.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Sat, 15 Oct 2022 16:57:58 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://travel.calif.aaa.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
www.google-analytics.com/j/ 		2 B
67 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j98&a=12881683&t=pageview&_s=1&dl=https%3A%2F%2Ftravel.calif.aaa.com%2Ftrip%2FYjy5W0RdRdaVFhtNQvniTg%2Fitinerary%3Ftst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dinsurance&dp=%2Ftrip%2FYjy5W0RdRdaVFhtNQvniTg%2Fitinerary&ul=en-us&de=UTF-8&dt=Your%20Itinerary&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEDAAEABAAAAACAEK~&jid=2094597688&gjid=325679756&cid=978180497.1665853078&tid=UA-55392727-1&_gid=870734120.1665853078&_r=1&gtm=2wgaa0W79ZLQ&cd11=2022-10-15T16%3A57%3A58%2B00%3A00&cd9=978180497.1665853078&z=582856806
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://travel.calif.aaa.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Sat, 15 Oct 2022 16:57:58 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://travel.calif.aaa.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
stats.g.doubleclick.net/j/ 		4 B
445 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-96133587-4&cid=978180497.1665853078&jid=1110009827&gjid=974346994&_gid=870734120.1665853078&_u=YEBAAEAAAAAAACAAI~&z=1240279139
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c02::9d Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://travel.calif.aaa.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
date
Sat, 15 Oct 2022 16:57:58 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://travel.calif.aaa.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
stats.g.doubleclick.net/j/ 		4 B
70 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-55392727-1&cid=978180497.1665853078&jid=2094597688&gjid=325679756&_gid=870734120.1665853078&_u=YEDAAEABAAAAACAEK~&z=2099041828
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c02::9d Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://travel.calif.aaa.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
date
Sat, 15 Oct 2022 16:57:58 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://travel.calif.aaa.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.com/ads/ 		42 B
107 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-96133587-4&cid=978180497.1665853078&jid=1110009827&_u=YEBAAEAAAAAAACAAI~&z=700386228
Requested by
Host: travel.calif.aaa.com
URL: https://travel.calif.aaa.com/trip/Yjy5W0RdRdaVFhtNQvniTg/itinerary?tst_email=confirmation&utm_source=conf_email&utm_medium=email&utm_campaign=insurance
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://travel.calif.aaa.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 15 Oct 2022 16:57:58 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.de/ads/ 		42 B
107 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-96133587-4&cid=978180497.1665853078&jid=1110009827&_u=YEBAAEAAAAAAACAAI~&z=700386228
Requested by
Host: travel.calif.aaa.com
URL: https://travel.calif.aaa.com/trip/Yjy5W0RdRdaVFhtNQvniTg/itinerary?tst_email=confirmation&utm_source=conf_email&utm_medium=email&utm_campaign=insurance
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://travel.calif.aaa.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 15 Oct 2022 16:57:58 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.com/ads/ 		42 B
501 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-55392727-1&cid=978180497.1665853078&jid=2094597688&_u=YEDAAEABAAAAACAEK~&z=594027162
Requested by
Host: travel.calif.aaa.com
URL: https://travel.calif.aaa.com/trip/Yjy5W0RdRdaVFhtNQvniTg/itinerary?tst_email=confirmation&utm_source=conf_email&utm_medium=email&utm_campaign=insurance
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://travel.calif.aaa.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 15 Oct 2022 16:57:58 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.de/ads/ 		42 B
501 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-55392727-1&cid=978180497.1665853078&jid=2094597688&_u=YEDAAEABAAAAACAEK~&z=594027162
Requested by
Host: travel.calif.aaa.com
URL: https://travel.calif.aaa.com/trip/Yjy5W0RdRdaVFhtNQvniTg/itinerary?tst_email=confirmation&utm_source=conf_email&utm_medium=email&utm_campaign=insurance
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://travel.calif.aaa.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 15 Oct 2022 16:57:58 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
rd
dpm.demdex.net/id/
Redirect Chain
  • https://dpm.demdex.net/id?d_visid_ver=5.2.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=97311CFE53295FB20A490D45%40AdobeOrg&d_nsid=0&ts=1665853078613
  • https://dpm.demdex.net/id/rd?d_visid_ver=5.2.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=97311CFE53295FB20A490D45%40AdobeOrg&d_nsid=0&ts=1665853078613
393 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://dpm.demdex.net/id/rd?d_visid_ver=5.2.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=97311CFE53295FB20A490D45%40AdobeOrg&d_nsid=0&ts=1665853078613
Protocol
HTTP/1.1
Server
52.19.27.104 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-19-27-104.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
d93cbc3423efbfb3549d7d02213d5406d7036d227119223180cca2c94e75ad2f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://travel.calif.aaa.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

DCS
dcs-prod-irl1-2-v044-02f73253e.edge-irl1.demdex.com 2 ms
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
content-encoding
gzip
X-TID
Kc6WQ6+ZQ6Q=
Vary
Origin
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin
https://travel.calif.aaa.com
Content-Type
application/json;charset=utf-8
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
328
Expires
Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

DCS
dcs-prod-irl1-2-v044-0925a81f5.edge-irl1.demdex.com 0 ms
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-TID
LnVzx1tITBI=
Vary
Origin
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin
https://travel.calif.aaa.com
Location
https://dpm.demdex.net/id/rd?d_visid_ver=5.2.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=97311CFE53295FB20A490D45%40AdobeOrg&d_nsid=0&ts=1665853078613
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
0
Expires
Thu, 01 Jan 1970 00:00:00 UTC
utag.1.js
tags.tiqcdn.com/utag/aaa/tst/prod/ 		57 KB
19 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tags.tiqcdn.com/utag/aaa/tst/prod/utag.1.js?utv=ut4.48.202108312213
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/aaa/tst/prod/utag.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.35.236.209 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-236-209.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
9f8f65fd9414dac20245a6c400e16943d1e24f70d13722f80ff79c7b1dc0e53f

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://travel.calif.aaa.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Sat, 15 Oct 2022 16:57:58 GMT
content-encoding
gzip
last-modified
Tue, 31 Aug 2021 22:13:59 GMT
server
AkamaiNetStorage
etag
"758dae84232f321906834a88e4cc0bf0:1630448039.779799"
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
max-age=1296000
accept-ranges
bytes
content-length
19519
expires
Sun, 30 Oct 2022 16:57:58 GMT
utag.38.js
tags.tiqcdn.com/utag/aaa/tst/prod/ 		21 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tags.tiqcdn.com/utag/aaa/tst/prod/utag.38.js?utv=ut4.48.202204070052
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/aaa/tst/prod/utag.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.35.236.209 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-236-209.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
52aab246633e592267b3bf30b6c1c6f9869004019afb992d295ff85ea487d137

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://travel.calif.aaa.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Sat, 15 Oct 2022 16:57:58 GMT
content-encoding
gzip
last-modified
Wed, 13 Oct 2021 17:54:22 GMT
server
AkamaiNetStorage
etag
"8ef4b944a56f30b11fa6651ff67c338f:1634147662.845202"
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
max-age=1296000
accept-ranges
bytes
content-length
7167
expires
Sun, 30 Oct 2022 16:57:58 GMT
fbevents.js
connect.facebook.net/en_US/ 		102 KB
27 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/aaa/tst/prod/utag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:216:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
df95c359e3559c219087fcb7d390b577cbd6577c0338d18644bd275149c62a86
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://travel.calif.aaa.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

content-security-policy
default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Sat, 15 Oct 2022 16:57:58 GMT
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length
27029
x-fb-rlafr
0
x-xss-protection
0
pragma
public
x-fb-debug
4nlHzxPpHE1ynifJUueYQaPv8yybX7iopbAQR/qCQ6AWu+veCE0ZZnoKXrKJMJxBAFDE6bkzN6I8votn2mqI3g==
x-fb-trip-id
686109401
cross-origin-opener-policy
same-origin-allow-popups
vary
Accept-Encoding
x-frame-options
DENY
content-type
application/x-javascript; charset=utf-8
cache-control
public, max-age=1200
priority
u=3,i
expires
Sat, 01 Jan 2000 00:00:00 GMT
utag.v.js
tags.tiqcdn.com/utag/tiqapp/ 		2 B
216 B 		Script
General
Check archive.org
Download Go to
Full URL
https://tags.tiqcdn.com/utag/tiqapp/utag.v.js?a=aaa/tst/202207222306&cb=1665853078705
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/aaa/tst/prod/utag.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.35.236.209 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-236-209.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
a2c2339691fc48fbd14fb307292dff3e21222712d9240810742d7df0c6d74dfb

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://travel.calif.aaa.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

unused62
8096267
date
Sat, 15 Oct 2022 16:57:58 GMT
last-modified
Thu, 14 Apr 2016 16:57:51 GMT
server
AkamaiNetStorage
etag
"7bc0ee636b3b83484fc3b9348863bd22:1460653071"
content-type
application/x-javascript
cache-control
max-age=600
accept-ranges
bytes
content-length
2
expires
Sat, 15 Oct 2022 17:07:58 GMT
identity.js
connect.facebook.net/signals/plugins/ 		64 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/signals/plugins/identity.js?v=2.9.85
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:216:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b9d52f002201be697fbc0ebf4bdcc61d6c01d0bb1359213e62c67e21850047
Security Headers
Name Value
Content-Security-Policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://travel.calif.aaa.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

content-security-policy
default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Sat, 15 Oct 2022 16:57:58 GMT
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length
20715
x-fb-rlafr
0
x-xss-protection
0
pragma
public
x-fb-debug
EFJJPB+GSjieUO9ES/YnJmZWdc9/zN+XDe63V+Nk+n9j5yQSyjSj0tQbT6YbmhxQrpDsRBEpRfwKtDveeqyVxw==
x-fb-trip-id
686109401
cross-origin-opener-policy
same-origin-allow-popups
vary
Accept-Encoding
x-frame-options
DENY
content-type
application/x-javascript; charset=utf-8
cache-control
public, max-age=1200
priority
u=3,i
expires
Sat, 01 Jan 2000 00:00:00 GMT
136696297006053
connect.facebook.net/signals/config/ 		293 KB
84 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/signals/config/136696297006053?v=2.9.85&r=stable
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:216:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
d01bcf9289597783e9aa9c4b6caa03cc57cd9c96f26374b1e2cc8910be51e083
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://travel.calif.aaa.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

content-security-policy
default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Sat, 15 Oct 2022 16:57:58 GMT
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400,h3-29=":443"; ma=86400
x-fb-rlafr
0
x-xss-protection
0
pragma
public
x-fb-debug
nT5C6DaddfciSze0J2+LGMrcqln/FH6y1SXo/BP6fA3QWIN1roPIyPlXQfAFaeD6XfLkiftuT68igyAiL0NMlw==
x-fb-trip-id
686109401
cross-origin-opener-policy
same-origin-allow-popups
vary
Accept-Encoding
x-frame-options
DENY
content-type
application/x-javascript; charset=utf-8
cache-control
public, max-age=1200
priority
u=3,i
expires
Sat, 01 Jan 2000 00:00:00 GMT
/
www.facebook.com/tr/ 		0
204 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=136696297006053&ev=PageView&dl=https%3A%2F%2Ftravel.calif.aaa.com%2Ftrip%2FYjy5W0RdRdaVFhtNQvniTg%2Fitinerary%3Ftst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dinsurance&rl=&if=false&ts=1665853078888&sw=1600&sh=1200&v=2.9.85&r=stable&a=tmtealium&ec=0&o=30&fbp=fb.1.1665853078887.712406356&it=1665853078778&coo=false&eid=169253ab4064152ff36736753385c4b9&tm=1&rqm=GET
Requested by
Host: travel.calif.aaa.com
URL: https://travel.calif.aaa.com/trip/Yjy5W0RdRdaVFhtNQvniTg/itinerary?tst_email=confirmation&utm_source=conf_email&utm_medium=email&utm_campaign=insurance
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://travel.calif.aaa.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
date
Sat, 15 Oct 2022 16:57:58 GMT
server
proxygen-bolt
content-type
text/plain
access-control-allow-origin
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
0
beacon.gif
rum-collector-2.pingdom.net/img/ 		0
213 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://rum-collector-2.pingdom.net/img/beacon.gif?id=5f5fcac48e83fa0015000b12&sAW=1600&sAH=1200&bIW=1600&bIH=1200&pD=24&dPR=1&or=landscape-primary&nT=0&rC=0&nS=0&cS=252&cE=466&dLE=252&dLS=252&fS=0&hS=357&rE=-1&rS=-1&reS=467&resS=803&resE=804&uEE=-1&uES=-1&dL=806&dI=1286&dCLES=1286&dCLEE=1286&dC=2031&lES=2031&lEE=2032&s=nt&title=Your%20Itinerary&path=https%3A%2F%2Ftravel.calif.aaa.com%2Ftrip%2FYjy5W0RdRdaVFhtNQvniTg%2Fitinerary&ref=&sId=vbqyo71g&sST=1665853078&sIS=1&rV=0&v=1.4.1
Requested by
Host: rum-static.pingdom.net
URL: https://rum-static.pingdom.net/pa-5f5fcac48e83fa0015000b12.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.248.40.167 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-248-40-167.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://travel.calif.aaa.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Access-Control-Allow-Origin
*
Pragma
no-cache
Date
Sat, 15 Oct 2022 16:57:59 GMT
Cache-Control
no-cache, no-store, must-revalidate
Connection
keep-alive
Content-Length
0
Expires
0
dest5.html
automobileclubofsoutherncalifornia.demdex.net/ Frame F2E1 		7 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://automobileclubofsoutherncalifornia.demdex.net/dest5.html?d_nsid=0
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/aaa/tst/prod/utag.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.18.158.197 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-18-158-197.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://travel.calif.aaa.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Accept-Ranges
bytes
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection
keep-alive
Content-Type
text/html;charset=UTF-8
DCS
dcs-prod-irl1-2-v044-055dce264.edge-irl1.demdex.com 0 ms
Expires
Thu, 01 Jan 1970 00:00:00 UTC
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-TID
zAeMwXuNTVk=
content-encoding
gzip
date
Sat, 15 Oct 2022 16:57:59 GMT
last-modified
Thu, 29 Sep 2022 16:47:45 GMT
transfer-encoding
chunked
vary
accept-encoding
id
acemetrics.aaa.com/ 		48 B
458 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://acemetrics.aaa.com/id?d_visid_ver=5.2.0&d_fieldgroup=A&mcorgid=97311CFE53295FB20A490D45%40AdobeOrg&mid=20725242640565366100516898096295539326&ts=1665853079297
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/aaa/tst/prod/utag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
15.236.176.210 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-15-236-176-210.eu-west-3.compute.amazonaws.com
Software
jag /
Resource Hash
49a38c7c4fe805679d00a240ee11ce05f25d7620b30cf2934fda8d82ef9c4f29
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://travel.calif.aaa.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

date
Sat, 15 Oct 2022 16:58:00 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
server
jag
vary
Origin
content-type
application/x-javascript;charset=utf-8
access-control-allow-origin
https://travel.calif.aaa.com
p3p
CP="This is not a P3P policy"
cache-control
no-cache, no-store, max-age=0, no-transform, private
access-control-allow-credentials
true
content-length
48
x-xss-protection
1; mode=block
ibs:dpid=411&dpuuid=Y0rmlwAAALdrSQOV
dpm.demdex.net/
Redirect Chain
  • https://cm.everesttech.net/cm/dd?d_uuid=13367083442710283330676526112504908849
  • https://dpm.demdex.net/ibs:dpid=411&dpuuid=Y0rmlwAAALdrSQOV
42 B
942 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dpm.demdex.net/ibs:dpid=411&dpuuid=Y0rmlwAAALdrSQOV
Protocol
HTTP/1.1
Server
52.19.27.104 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-19-27-104.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://travel.calif.aaa.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

DCS
dcs-prod-irl1-1-v044-0ea413a51.edge-irl1.demdex.com 2 ms
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
content-encoding
gzip
X-Content-Type-Options
nosniff
X-TID
dhsHo2VYQaQ=
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Content-Type
image/gif
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection
keep-alive
Content-Length
59
Expires
Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

Location
https://dpm.demdex.net/ibs:dpid=411&dpuuid=Y0rmlwAAALdrSQOV
Date
Sat, 15 Oct 2022 16:57:59 GMT
Cache-Control
no-cache
Server
AMO-cookiemap/1.1
Connection
keep-alive
Content-Length
0
P3P
CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"
/
www.facebook.com/tr/ 		0
18 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=136696297006053&ev=Microdata&dl=https%3A%2F%2Ftravel.calif.aaa.com%2Ftrip%2FYjy5W0RdRdaVFhtNQvniTg%2Fitinerary%3Ftst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dinsurance&rl=&if=false&ts=1665853080391&cd[DataLayer]=%5B%5D&cd[Meta]=%7B%22title%22%3A%22Your%20Itinerary%22%7D&cd[OpenGraph]=%7B%7D&cd[Schema.org]=%5B%5D&cd[JSON-LD]=%5B%5D&sw=1600&sh=1200&v=2.9.85&r=stable&a=tmtealium&ec=1&o=30&fbp=fb.1.1665853078887.712406356&it=1665853078778&coo=false&es=automatic&tm=3&rqm=GET
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://travel.calif.aaa.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
date
Sat, 15 Oct 2022 16:58:00 GMT
server
proxygen-bolt
content-type
text/plain
access-control-allow-origin
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
0
priority
u=3,i
s54312744025876
acemetrics.aaa.com/b/ss/aaascace/1/JS-2.21.0/ 		43 B
305 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://acemetrics.aaa.com/b/ss/aaascace/1/JS-2.21.0/s54312744025876?AQB=1&ndh=1&pf=1&t=15%2F9%2F2022%2016%3A58%3A0%206%200&sdid=12AC9AA7E56DC4A4-06F263ACE6EAED7D&mid=20725242640565366100516898096295539326&aamlh=6&ce=UTF-8&cdp=2&pageName=travel%3Atst%3Aitinerary&g=https%3A%2F%2Ftravel.calif.aaa.com%2Ftrip%2FYjy5W0RdRdaVFhtNQvniTg%2Fitinerary%3Ftst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dinsurance&cc=USD&ch=travel&v0=email_tst_confirmation_conf_email_insurance&events=event79&aamb=RKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y&c1=tst&v1=tst&c3=tst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dinsurance&v3=tst_email%3Dconfirmation%26utm_source%3Dconf_email%26utm_medium%3Demail%26utm_campaign%3Dinsurance&c7=ca&v7=ca&c10=0183dc94bc43000ab8d865f8164403074009706c00b08&v10=0183dc94bc43000ab8d865f8164403074009706c00b08&v16=email_tst_confirmation_conf_email_insurance&c43=1665853078596&v43=1665853078596&c70=https%3A%2F%2Ftravel.calif.aaa.com%2Ftrip%2FYjy5W0RdRdaVFhtNQvniTg%2Fitinerary&v70=https%3A%2F%2Ftravel.calif.aaa.com%2Ftrip%2FYjy5W0RdRdaVFhtNQvniTg%2Fitinerary&c72=travel%3Atst%3Aitinerary&v72=travel%3Atst%3Aitinerary&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&mcorgid=97311CFE53295FB20A490D45%40AdobeOrg&AQE=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
15.236.176.210 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-15-236-176-210.eu-west-3.compute.amazonaws.com
Software
jag /
Resource Hash
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://travel.calif.aaa.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 15 Oct 2022 16:58:00 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
last-modified
Sun, 16 Oct 2022 16:58:00 GMT
server
jag
etag
3577392250224934912-4619363978987066969
vary
*
p3p
CP="This is not a P3P policy"
access-control-allow-origin
*
content-type
image/gif;charset=utf-8
cache-control
no-cache, no-store, max-age=0, no-transform, private
content-length
43
x-xss-protection
1; mode=block
expires
Fri, 14 Oct 2022 16:58:00 GMT

Verdicts & Comments Add Verdict or Comment

43 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| onbeforeinput object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation object| aceMediaTagValues object| dataLayer object| google_tag_manager function| postscribe object| google_tag_manager_external object| google_tag_data string| GoogleAnalyticsObject function| ga function| onYouTubeIframeAPIReady object| gaplugins object| gaGlobal object| gaData boolean| utag_condload string| C_path object| utag function| e boolean| __tealium_twc_switch object| adobe function| Visitor object| s_c_il number| s_c_in function| fbq function| _fbq object| s function| AppMeasurement function| s_gi function| s_pgicq function| AppMeasurement_Module_Integrate function| AppMeasurement_Module_ActivityMap number| s_objectID number| s_giq object| sc_events object| s_i_aaascace

18 Cookies

Domain/Path Name / Value
travel.calif.aaa.com/ Name: PLAY_SESSION
Value: 1b8d50491da0fb2ff7bf6f363cd834b62f7ae332-mdc-id=%5B7ac33471-f148-496a-9ed5-77278c3f84df%5D
.aaa.com/ Name: _gcl_au
Value: 1.1.1822130638.1665853078
.aaa.com/ Name: _ga
Value: GA1.2.978180497.1665853078
.aaa.com/ Name: _gid
Value: GA1.2.870734120.1665853078
.aaa.com/ Name: _gat_UA-96133587-4
Value: 1
.travel.calif.aaa.com/ Name: _ga
Value: GA1.4.978180497.1665853078
.travel.calif.aaa.com/ Name: _gid
Value: GA1.4.870734120.1665853078
.travel.calif.aaa.com/ Name: _gat_UA-55392727-1
Value: 1
.aaa.com/ Name: campaignpersist
Value: email_tst_confirmation_conf_email_insurance
.aaa.com/ Name: utag_main
Value: v_id:0183dc94bc43000ab8d865f8164403074009706c00b08$_sn:1$_se:1$_ss:1$_st:1665854878596$ses_id:1665853078596%3Bexp-session$_pn:1%3Bexp-session$_prevpage:travel%3Atst%3Aitinerary%3Bexp-1665856678605$vapi_domain:aaa.com
.aaa.com/ Name: _fbp
Value: fb.1.1665853078887.712406356
.demdex.net/ Name: demdex
Value: 13367083442710283330676526112504908849
.aaa.com/ Name: AMCVS_97311CFE53295FB20A490D45%40AdobeOrg
Value: 1
.everesttech.net/ Name: everest_g_v2
Value: g_surferid~Y0rmlwAAALdrSQOV
.dpm.demdex.net/ Name: dpm
Value: 13367083442710283330676526112504908849
.aaa.com/ Name: s_ecid
Value: MCMID%7C20725242640565366100516898096295539326
.aaa.com/ Name: s_cc
Value: true
.aaa.com/ Name: AMCV_97311CFE53295FB20A490D45%40AdobeOrg
Value: -1124106680%7CMCIDTS%7C19281%7CMCMID%7C20725242640565366100516898096295539326%7CMCAAMLH-1666457879%7C6%7CMCAAMB-1666457879%7CRKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y%7CMCOPTOUT-1665860280s%7CNONE%7CMCSYNCSOP%7C411-19288%7CMCAID%7CNONE%7CvVersion%7C5.2.0

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy frame-ancestors 'self' *.tstllc.net *.aaa.com ama.ab.ca *.amatravel.ca *.atlantic.caa.ca *.caamanitoba.com *.caaneo.ca *.caask.ca *.caaniagara.ca *.caascotravel.com
Strict-Transport-Security max-age=31536000; includeSubDomains

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

acemetrics.aaa.com
admin.tstllc.net
assets.green.kube.tstllc.net
automobileclubofsoutherncalifornia.demdex.net
cm.everesttech.net
connect.facebook.net
dpm.demdex.net
rum-collector-2.pingdom.net
rum-static.pingdom.net
stats.g.doubleclick.net
tags.tiqcdn.com
travel.calif.aaa.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
107.20.248.181
15.236.176.210
23.35.236.209
2606:4700:10::6816:3768
2a00:1450:4001:800::2008
2a00:1450:4001:806::2004
2a00:1450:4001:80e::2003
2a00:1450:4001:80e::200e
2a00:1450:400c:c02::9d
2a03:2880:f01c:216:face:b00c:0:3
2a03:2880:f11c:8083:face:b00c:0:25de
3.248.40.167
34.248.32.199
52.18.158.197
52.19.27.104
54.227.119.132
00c2e9953f2ce26ae1f9fe8bfbcbaefd52778854c20c77e231542bbc5afa6f94
042fc1a71b7f608822766e85fedae2799a42e8e760071feee9727f596aa7cb3c
18fbeca95fe06873aa619689dfd05228e83edc53b18b390105a8ebd0afeaa76d
478f535c11f94097ad73992e1373bdee1a8a0e96edc81f134d8f5cfd2fab839e
49a38c7c4fe805679d00a240ee11ce05f25d7620b30cf2934fda8d82ef9c4f29
52aab246633e592267b3bf30b6c1c6f9869004019afb992d295ff85ea487d137
6f9d771c9be1c51db0a541467e2f808fa46187f707812f7f6e9d7a0272de07b8
7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
96ec675a4fab3039503907507b779ba05af8716418a84dac63e308bfb9701d02
9f8f65fd9414dac20245a6c400e16943d1e24f70d13722f80ff79c7b1dc0e53f
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
a2c2339691fc48fbd14fb307292dff3e21222712d9240810742d7df0c6d74dfb
a6bc9b6f13b2069cbc2b38470115531f38d63342da0fb917bc05cc98398cf87b
b42e4a056cb5b80c5a315040826866445ec9332f0749e184509ab2d9d3b86719
d01bcf9289597783e9aa9c4b6caa03cc57cd9c96f26374b1e2cc8910be51e083
d93cbc3423efbfb3549d7d02213d5406d7036d227119223180cca2c94e75ad2f
dd458ea7ff41d65ef22bad32677015c8016d581192a9210aa7a65442330848e6
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
df95c359e3559c219087fcb7d390b577cbd6577c0338d18644bd275149c62a86
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3b9d52f002201be697fbc0ebf4bdcc61d6c01d0bb1359213e62c67e21850047
ec8cd3afdf92c6b91bc5257ddbdf019432cdbf1c014a2027638041366be4d1b2
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
fc4abe52cc423ec2132bdee8ea9d9f3603e9cf44ded574f92f45c0d873b09cf0