www.letters.org Open in urlscan Pro
167.172.148.131 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.letters.org/payment-letter/return-of-overpayment-to-client-letter.html
Submission: On May 13 via manual (May 13th 2021, 12:41:54 pm UTC) from US

Summary HTTP 123 Redirects Links 2 Behaviour Indicators

Summary

This website contacted 33 IPs in 7 countries across 23 domains to perform 123 HTTP transactions. The main IP is 167.172.148.131, located in North Bergen, United States and belongs to DIGITALOCEAN-ASN, US. The main domain is www.letters.org.
TLS certificate: Issued by R3 on April 3rd 2021. Valid for: 3 months.

This is the only time www.letters.org was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
2	167.172.148.131 167.172.148.131	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
4	151.139.128.11 151.139.128.11	20446 (HIGHWINDS3) (HIGHWINDS3)
1	2a00:1450:400... 2a00:1450:4001:82f::200a	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6810:8616	13335 (CLOUDFLAR...) (CLOUDFLARENET)
9	2a00:1450:400... 2a00:1450:4001:802::2002	15169 (GOOGLE) (GOOGLE)
19	2.18.235.93 2.18.235.93	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2a00:1450:400... 2a00:1450:4001:830::2003	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:830::2002	15169 (GOOGLE) (GOOGLE)
1	172.217.23.98 172.217.23.98	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82f::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:813::2002	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:82a::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:812::2002	15169 (GOOGLE) (GOOGLE)
1 2	2a00:1450:400... 2a00:1450:4001:82a::2008	15169 (GOOGLE) (GOOGLE)
1 2	2a00:1450:400... 2a00:1450:400c:c04::9d	15169 (GOOGLE) (GOOGLE)
2 2	2a00:1450:400... 2a00:1450:4001:808::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:803::2003	15169 (GOOGLE) (GOOGLE)
8	2.16.186.43 2.16.186.43	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	162.222.224.35 162.222.224.35	40034 (CONFLUENC...) (CONFLUENCE-NETWORK-INC)
5	2606:4700:303... 2606:4700:3033::ac43:de92	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:808::2008	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:82a::200a	15169 (GOOGLE) (GOOGLE)
7	2a00:1450:400... 2a00:1450:4001:828::200e	15169 (GOOGLE) (GOOGLE)
1	2606:4700:303... 2606:4700:3033::6815:2384	13335 (CLOUDFLAR...) (CLOUDFLARENET)
6	54.39.16.115 54.39.16.115	16276 (OVH) (OVH)
4	51.77.119.11 51.77.119.11	16276 (OVH) (OVH)
14	144.217.76.121 144.217.76.121	16276 (OVH) (OVH)
1	2a00:1450:400... 2a00:1450:4001:80e::2006	15169 (GOOGLE) (GOOGLE)
2	34.102.149.62 34.102.149.62	15169 (GOOGLE) (GOOGLE)
7	2a00:1450:400... 2a00:1450:4001:803::2001	15169 (GOOGLE) (GOOGLE)
1 2	172.217.23.102 172.217.23.102	15169 (GOOGLE) (GOOGLE)
1	2620:116:800d... 2620:116:800d:21:36a9:ecb:e518:b308	16509 (AMAZON-02) (AMAZON-02)
1 1	52.29.48.214 52.29.48.214	16509 (AMAZON-02) (AMAZON-02)
6	142.250.186.98 142.250.186.98	15169 (GOOGLE) (GOOGLE)
2 2	35.244.174.68 35.244.174.68	15169 (GOOGLE) (GOOGLE)
2 2	35.186.253.211 35.186.253.211	15169 (GOOGLE) (GOOGLE)
2 2	185.64.189.115 185.64.189.115	62713 (AS-PUBMATIC) (AS-PUBMATIC)
1 1	69.173.144.165 69.173.144.165	26667 (RUBICONPR...) (RUBICONPROJECT)
123	33

2 167.172.148.131 (North Bergen, United States)

ASN14061 (DIGITALOCEAN-ASN, US)

www.letters.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 151.139.128.11 (United States)

ASN20446 (HIGHWINDS3, US)

w2n8f5d4.stackpathcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82f::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:8616 (United States)

ASN13335 (CLOUDFLARENET, US)

live.demand.supply	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a00:1450:4001:802::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

19 2.18.235.93 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-235-93.deploy.static.akamaitechnologies.com

contextual.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
lg3.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:830::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:830::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.217.23.98 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s45-in-f2.1e100.net

partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:813::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:82a::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:812::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82a::2008 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

ssl.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400c:c04::9d (Brussels, Belgium) 1 redirects

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:808::2004 (Frankfurt am Main, Germany) 2 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:803::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2.16.186.43 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a2-16-186-43.deploy.static.akamaitechnologies.com

res-a.akamaihd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 162.222.224.35 (Virgin Islands (British))

ASN40034 (CONFLUENCE-NETWORK-INC, VG)

pflc.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2606:4700:3033::ac43:de92 (United States)

ASN13335 (CLOUDFLARENET, US)

a.vdo.ai	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:808::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82a::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

imasdk.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:828::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3033::6815:2384 (United States)

ASN13335 (CLOUDFLARENET, US)

targeting.vdo.ai	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 54.39.16.115 (Beauharnois, Canada)

ASN16276 (OVH, FR)
PTR: ns555277.ip-54-39-16.net

analytics.vdo.ai	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 51.77.119.11 (France)

ASN16276 (OVH, FR)
PTR: ns31094366.ip-51-77-119.eu

track.vdo.ai	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 144.217.76.121 (Beauharnois, Canada)

ASN16276 (OVH, FR)
PTR: ns542653.ip-144-217-76.net

h.vdo.ai	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80e::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.102.149.62 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 62.149.102.34.bc.googleusercontent.com

navvy.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:803::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.217.23.102 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: mil04s23-in-f102.1e100.net

ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:116:800d:21:36a9:ecb:e518:b308 (United States)

ASN16509 (AMAZON-02, US)

cms.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.29.48.214 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-29-48-214.eu-central-1.compute.amazonaws.com

d.agkn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 142.250.186.98 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s06-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.244.174.68 (Kansas City, United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: 68.174.244.35.bc.googleusercontent.com

id.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.186.253.211 (Kansas City, United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: 211.253.186.35.bc.googleusercontent.com

rtb.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.64.189.115 (United Kingdom) 2 redirects

ASN62713 (AS-PUBMATIC, US)

image6.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.173.144.165 (Frankfurt am Main, Germany) 1 redirects

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
30	vdo.ai a.vdo.ai targeting.vdo.ai analytics.vdo.ai track.vdo.ai h.vdo.ai	2 MB
22	media.net contextual.media.net lg3.media.net pflc.media.net navvy.media.net	655 KB
16	doubleclick.net 2 redirects googleads.g.doubleclick.net stats.g.doubleclick.net ad.doubleclick.net cm.g.doubleclick.net	35 KB
16	googlesyndication.com pagead2.googlesyndication.com tpc.googlesyndication.com	229 KB
9	google-analytics.com 1 redirects ssl.google-analytics.com www.google-analytics.com	37 KB
8	akamaihd.net res-a.akamaihd.net	109 KB
4	stackpathcdn.com w2n8f5d4.stackpathcdn.com	109 KB
3	google.com 2 redirects adservice.google.com www.google.com	747 B
3	googleapis.com fonts.googleapis.com imasdk.googleapis.com	303 KB
2	pubmatic.com 2 redirects image6.pubmatic.com	1 KB
2	openx.net 2 redirects rtb.openx.net	760 B
2	rlcdn.com 2 redirects id.rlcdn.com	887 B
2	googletagservices.com www.googletagservices.com	63 KB
2	google.de adservice.google.de www.google.de	906 B
2	letters.org www.letters.org	30 KB
1	rubiconproject.com 1 redirects pixel.rubiconproject.com	457 B
1	agkn.com 1 redirects d.agkn.com	761 B
1	quantserve.com cms.quantserve.com	463 B
1	2mdn.net s0.2mdn.net	17 KB
1	googletagmanager.com www.googletagmanager.com	35 KB
1	googleadservices.com partner.googleadservices.com	640 B
1	gstatic.com fonts.gstatic.com	46 KB
1	demand.supply live.demand.supply	255 B
123	23

	Domain	Requested by
14	h.vdo.ai	a.vdo.ai
12	contextual.media.net	www.letters.org contextual.media.net w2n8f5d4.stackpathcdn.com
9	pagead2.googlesyndication.com	www.letters.org pagead2.googlesyndication.com srcdoc googleads.g.doubleclick.net tpc.googlesyndication.com www.googletagservices.com
8	res-a.akamaihd.net	www.letters.org
7	tpc.googlesyndication.com	googleads.g.doubleclick.net pagead2.googlesyndication.com tpc.googlesyndication.com
7	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com www.letters.org
7	lg3.media.net	www.letters.org contextual.media.net
6	cm.g.doubleclick.net	googleads.g.doubleclick.net
6	analytics.vdo.ai	a.vdo.ai
6	googleads.g.doubleclick.net	pagead2.googlesyndication.com w2n8f5d4.stackpathcdn.com googleads.g.doubleclick.net
5	a.vdo.ai	www.letters.org a.vdo.ai
4	track.vdo.ai	www.letters.org
4	w2n8f5d4.stackpathcdn.com	www.letters.org
2	image6.pubmatic.com	2 redirects
2	rtb.openx.net	2 redirects
2	id.rlcdn.com	2 redirects
2	ad.doubleclick.net	1 redirects googleads.g.doubleclick.net
2	navvy.media.net	contextual.media.net
2	imasdk.googleapis.com	a.vdo.ai imasdk.googleapis.com
2	www.google.com	2 redirects
2	stats.g.doubleclick.net	1 redirects www.google-analytics.com
2	ssl.google-analytics.com	1 redirects www.letters.org
2	www.googletagservices.com	pagead2.googlesyndication.com googleads.g.doubleclick.net
2	www.letters.org	w2n8f5d4.stackpathcdn.com
1	pixel.rubiconproject.com	1 redirects
1	d.agkn.com	1 redirects
1	cms.quantserve.com	googleads.g.doubleclick.net
1	s0.2mdn.net	imasdk.googleapis.com
1	targeting.vdo.ai	a.vdo.ai
1	www.googletagmanager.com	a.vdo.ai
1	pflc.media.net	www.letters.org
1	www.google.de	www.letters.org
1	adservice.google.com	pagead2.googlesyndication.com
1	adservice.google.de	pagead2.googlesyndication.com
1	partner.googleadservices.com	pagead2.googlesyndication.com
1	fonts.gstatic.com	fonts.googleapis.com
1	live.demand.supply	www.letters.org
1	fonts.googleapis.com	www.letters.org
123	38

This site contains links to these domains. Also see Links.

Domain
vdo.ai
www.reviews.in

Subject Issuer	Validity	Valid
letters.org R3	`2021-04-03` - `2021-07-02`	3 months	crt.sh
*.stackpathcdn.com Go Daddy Secure Certificate Authority - G2	`2019-06-27` - `2021-06-27`	2 years	crt.sh
upload.video.google.com GTS CA 1O1	`2021-04-13` - `2021-07-06`	3 months	crt.sh
demand.supply Cloudflare Inc ECC CA-3	`2021-04-21` - `2022-04-20`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-04-13` - `2021-07-06`	3 months	crt.sh
*.media.net DigiCert SHA2 Secure Server CA	`2021-04-12` - `2022-04-20`	a year	crt.sh
*.google.com GTS CA 1O1	`2021-04-13` - `2021-07-06`	3 months	crt.sh
*.googleadservices.com GTS CA 1C3	`2021-04-13` - `2021-07-06`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-04-13` - `2021-07-06`	3 months	crt.sh
www.google.de GTS CA 1C3	`2021-04-13` - `2021-07-06`	3 months	crt.sh
a248.e.akamai.net DigiCert Secure Site ECC CA-1	`2020-07-15` - `2021-09-13`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2020-08-18` - `2021-08-18`	a year	crt.sh
*.vdo.ai Go Daddy Secure Certificate Authority - G2	`2019-10-15` - `2021-10-15`	2 years	crt.sh
*.doubleclick.net GTS CA 1C3	`2021-04-13` - `2021-07-06`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2021-04-13` - `2021-07-06`	3 months	crt.sh
*.quantserve.com DigiCert SHA2 High Assurance Server CA	`2020-10-02` - `2021-10-07`	a year	crt.sh

This page contains 15 frames:

Primary Page: https://www.letters.org/payment-letter/return-of-overpayment-to-client-letter.html
Frame ID: 42F8FE71C7A34AC9AEA271D59F28141C
Requests: 70 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20210510/r20190131/zrt_lookup.html
Frame ID: EBB488A2FE0779D79C0027E89C81AD98
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9517795834930234&output=html&adk=1812271804&adf=3025194257&lmt=1620909673&plat=1%3A32776%2C2%3A32776%2C8%3A134217728%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fwww.letters.org%2Fpayment-letter%2Freturn-of-overpayment-to-client-letter.html&ea=0&flash=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1620909673712&bpp=5&bdt=213&idt=71&shv=r20210510&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&nras=1&correlator=7658884735661&frm=20&pv=2&ga_vid=2112529175.1620909674&ga_sid=1620909674&ga_hid=2136985631&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&oid=3&pvsid=3251302952839113&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=88
Frame ID: 4F9F8ED4031DAB496549177D52B9DC57
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9517795834930234&output=html&h=280&slotname=2234739304&adk=3189045681&adf=1594946721&pi=t.ma~as.2234739304&w=727&fwrn=4&fwrnh=100&lmt=1620909673&rafmt=1&psa=0&format=727x280&url=https%3A%2F%2Fwww.letters.org%2Fpayment-letter%2Freturn-of-overpayment-to-client-letter.html&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1620909673891&bpp=2&bdt=392&idt=2&shv=r20210510&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=7658884735661&frm=20&pv=1&ga_vid=2112529175.1620909674&ga_sid=1620909674&ga_hid=2136985631&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=261&ady=4205&biw=1600&bih=1200&scr_x=0&scr_y=0&oid=3&pvsid=3251302952839113&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=66D5Obc7nW&p=https%3A//www.letters.org&dtd=6
Frame ID: 8368E39F72B84FC75B6C6493C2596A60
Requests: 1 HTTP requests in this frame

Frame: https://contextual.media.net/4a/nrrV57728.js
Frame ID: BAB266C44C48ED95DDA6884A0D9ABD45
Requests: 8 HTTP requests in this frame

Frame: https://contextual.media.net/4a/nrrV57728.js
Frame ID: 127DF6D018F690C286476164765313C7
Requests: 5 HTTP requests in this frame

Frame: https://pflc.media.net/getlc.js
Frame ID: 4F3A1100C7487B9FD1B25C2E9F6066C9
Requests: 6 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9517795834930234&output=html&h=280&slotname=2234739304&adk=3189045681&adf=1594946721&pi=t.ma~as.2234739304&w=727&fwrn=4&fwrnh=100&lmt=1620909673&rafmt=1&psa=0&format=727x280&url=https%3A%2F%2Fwww.letters.org%2Fpayment-letter%2Freturn-of-overpayment-to-client-letter.html&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1620909673891&bpp=2&bdt=392&idt=2&shv=r20210510&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=7658884735661&frm=20&pv=1&ga_vid=2112529175.1620909674&ga_sid=1620909674&ga_hid=2136985631&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=261&ady=4205&biw=1600&bih=1200&scr_x=0&scr_y=0&oid=3&pvsid=3251302952839113&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=66D5Obc7nW&p=https%3A//www.letters.org&dtd=6
Frame ID: E8021B411CCB417E4D560DB681CCDDD6
Requests: 11 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.458.0_en.html
Frame ID: CFCA25041BBDB3A3B3D08BF78CB17502
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Frame ID: 491E906EA62E612169035E7A870A594B
Requests: 1 HTTP requests in this frame

Frame: https://contextual.media.net/4a/nrrV57728.js
Frame ID: 422C2C587F346FD9B5B08D5081D856AC
Requests: 8 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si
Frame ID: CAD382525C629EC121D57363A7E8A80C
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 778AC7CAB25BC1875942F4B0B31FC80F
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/nLZh5JKb4_vODtvfmJ49yJer_4HAQSIF0KjuUH5BuEE.js
Frame ID: C2A27D6D0B351F6789B8204F732FE976
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/222/runner.html
Frame ID: CF57115E437B2A05DCA6556F934F4CEB
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

headers link /rel="https:\/\/api\.w\.org\/"/i

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

headers link /rel="https:\/\/api\.w\.org\/"/i

MySQL (Databases) Expand

Overall confidence: 100%
Detected patterns

headers link /rel="https:\/\/api\.w\.org\/"/i

Page Statistics

123
Requests

96 %
HTTPS

55 %
IPv6

23
Domains

38
Subdomains

33
IPs

7
Countries

3704 kB
Transfer

7691 kB
Size

0
Cookies

2 Outgoing links

These are links going to different origins than the main page.

URL: https://vdo.ai/?utm_medium=video&utm_term=letters.org&utm_source=vdoai_logo

Search URL Search Domain Scan URL

URL: https://www.reviews.in/
Title: Reviews

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 22

https://ssl.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=1&utmn=106800286&utmhn=www.letters.org&utme=8(AdNgin%20Experiment)9(No%20AdNgin)11(1)&utmcs=UTF-8&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=Letter%20to%20Inform%20Return%20of%20Overpayment%20to%20Client%20-%20Sample&utmhid=2136985631&utmr=-&utmp=%2Fpayment-letter%2Freturn-of-overpayment-to-client-letter.html&utmht=1620909673963&utmac=UA-10805533-6&utmcc=__utma%3D156209318.2112529175.1620909674.1620909674.1620909674.1%3B%2B__utmz%3D156209318.1620909674.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=1861406221&utmredir=1&utmu=qQAAAAAAAAAAAAAAAAQAAAAE~ HTTP 302
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-10805533-6&cid=2112529175.1620909674&jid=1861406221&_v=5.7.2&z=106800286 HTTP 302
https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-10805533-6&cid=2112529175.1620909674&jid=1861406221&_v=5.7.2&z=106800286 HTTP 302
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-10805533-6&cid=2112529175.1620909674&jid=1861406221&_v=5.7.2&z=106800286&slf_rd=1&random=1431082839

Request Chain 94

https://ad.doubleclick.net/ddm/trackimp/N790339.3167285ADWORDSGDN/B23794176.267082539;dc_trk_aid=461743800;dc_trk_cid=105894660;ord=1687568341;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua= HTTP 302
https://ad.doubleclick.net/ddm/trackimp/N790339.3167285ADWORDSGDN/B23794176.267082539;dc_pre=CNPElIvXxvACFdeLdwodBxsEVA;dc_trk_aid=461743800;dc_trk_cid=105894660;ord=1687568341;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=

Request Chain 103

https://d.agkn.com/pixel/2175/?google_gid=CAESEPsEjT8Jz6DNbWnZuD9OmNs&google_cver=1&google_push=AQvitULxQbpJPO-raOuLPZrDFajCXxeQKCaMwPiwGWIOrm2rvyzHqIh9h4axHK_QScGqH5HBYIU-oF0UC9lXBu2E517-yQ19LxxU HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=ak_dmp&google_push=AQvitULxQbpJPO-raOuLPZrDFajCXxeQKCaMwPiwGWIOrm2rvyzHqIh9h4axHK_QScGqH5HBYIU-oF0UC9lXBu2E517-yQ19LxxU&google_hm=Q0FFU0VQc0VqVDhKejZETmJXblp1RDlPbU5z

Request Chain 104

https://id.rlcdn.com/466606.gif?cparams=google_push%3DAQvitUKJhaAnLtG4NWeJ_wDoz2xXadVBSUXCnFsK3LgDzufwtn0Lh2EEHyJSOnk-5TPJ9JGzRK3Z16qjRt_4oDPoOStaknSxcZY&google_gid=CAESECx3Q56FoFRw3e9kAoblq1Y&google_cver=1 HTTP 307
https://id.rlcdn.com/1000.gif?memo=CK69HBoNCOu89IQGEgUI6AcQAEIASm9nb29nbGVfcHVzaD1BUXZpdFVLSmhhQW5MdEc0TldlSl93RG96MnhYYWRWQlNVWENuRnNLM0xnRHp1Znd0bjBMaDJFRUh5SlNPbmstNVRQSjlKR3pSSzNaMTZxalJ0XzRvRFBvT1N0YWtuU3hjWlk HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=liveramp&google_hm=WGMzMDcwYkVVZlgzWmFNUmVLZjhDVTlxcWZiclZyZW5fckNFdlcyM2dCNkVzOGtCRQ==&google_push

Request Chain 105

https://rtb.openx.net/sync/dds?google_gid=CAESEG35hTzpZ3OONQ6uUnT0eLs&google_cver=1&google_push=AQvitULbNLj8oObt9d5fkflgv361VXnmtLBo_SALCpQh7HWaiFK4zw0FnbvE1uxTGbKZlTq-sF9wkgTFDWNoUweIYy7ys8fw90wg HTTP 302
https://rtb.openx.net/sync/dds?google_gid=CAESEG35hTzpZ3OONQ6uUnT0eLs&google_cver=1&google_push=AQvitULbNLj8oObt9d5fkflgv361VXnmtLBo_SALCpQh7HWaiFK4zw0FnbvE1uxTGbKZlTq-sF9wkgTFDWNoUweIYy7ys8fw90wg&ox_sc=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitULbNLj8oObt9d5fkflgv361VXnmtLBo_SALCpQh7HWaiFK4zw0FnbvE1uxTGbKZlTq-sF9wkgTFDWNoUweIYy7ys8fw90wg&google_hm=q4YTb287ziYrP3LOS7X1Xg==

Request Chain 106

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEAgit4SE6bOL7uhtz8jjw2w&google_cver=1&google_push=AQvitUKAa5Sa6ZgOQNbNl9_0Zbl72m0DihoJAaqfFWMLXWXDjhrO9AQyrv_JXEteKv-XcHGtBwTBlbxJw5gNEsEowUwdjgPumNl6 HTTP 302
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEAgit4SE6bOL7uhtz8jjw2w&google_cver=1&google_push=AQvitUKAa5Sa6ZgOQNbNl9_0Zbl72m0DihoJAaqfFWMLXWXDjhrO9AQyrv_JXEteKv-XcHGtBwTBlbxJw5gNEsEowUwdjgPumNl6&rdf=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=84U8hvWzTt6QJbD0MrPOMA%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AQvitUKAa5Sa6ZgOQNbNl9_0Zbl72m0DihoJAaqfFWMLXWXDjhrO9AQyrv_JXEteKv-XcHGtBwTBlbxJw5gNEsEowUwdjgPumNl6

Request Chain 107

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEL8OndyROfjpOWPFzmEm1yM&google_cver=1&google_push=AQvitULedSV8evuvx9JwLLhxbooMx9WRBOesRXA1zptK_CVhUdut-uXeGhZfQPcnwY6bXvGhKRNKTJkvcvVjZf0PozuARbl-HuJ2 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S09NVlJQVkYtTi01T1FG&google_push=AQvitULedSV8evuvx9JwLLhxbooMx9WRBOesRXA1zptK_CVhUdut-uXeGhZfQPcnwY6bXvGhKRNKTJkvcvVjZf0PozuARbl-HuJ2

Request Chain 108

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESELvIlHcAvXXLuUUB0gdA-n0&google_cver=1&google_push=AQvitUKKvmga1fG8ZTA0e_z1DO67ieKauqIvX1w7jqvHqaVuStrTW05v4sRjC4yHl6p9IdumPUFKHuNY8XQ6_A3W1AdGZhz9XIhJ HTTP 302
https://ssum-sec.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_cver=1&google_gid=CAESELvIlHcAvXXLuUUB0gdA-n0&google_push=AQvitUKKvmga1fG8ZTA0e_z1DO67ieKauqIvX1w7jqvHqaVuStrTW05v4sRjC4yHl6p9IdumPUFKHuNY8XQ6_A3W1AdGZhz9XIhJ&s=184023&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YJ0ea5mXFdgSl3JC_5D_QAAABIIAAAAB&google_cver=1&google_push=AQvitUKKvmga1fG8ZTA0e_z1DO67ieKauqIvX1w7jqvHqaVuStrTW05v4sRjC4yHl6p9IdumPUFKHuNY8XQ6_A3W1AdGZhz9XIhJ&google_gid=CAESELvIlHcAvXXLuUUB0gdA-n0 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YJ0ea5mXFdgSl3JC_5D_QAAABIIAAAAB&google_cver=1&google_push=AQvitUKKvmga1fG8ZTA0e_z1DO67ieKauqIvX1w7jqvHqaVuStrTW05v4sRjC4yHl6p9IdumPUFKHuNY8XQ6_A3W1AdGZhz9XIhJ&google_gid=CAESELvIlHcAvXXLuUUB0gdA-n0 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YJ0ea5mXFdgSl3JC_5D_QAAABIIAAAAB&google_cver=1&google_push=AQvitUKKvmga1fG8ZTA0e_z1DO67ieKauqIvX1w7jqvHqaVuStrTW05v4sRjC4yHl6p9IdumPUFKHuNY8XQ6_A3W1AdGZhz9XIhJ&google_gid=CAESELvIlHcAvXXLuUUB0gdA-n0 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YJ0ea5mXFdgSl3JC_5D_QAAABIIAAAAB&google_cver=1&google_push=AQvitUKKvmga1fG8ZTA0e_z1DO67ieKauqIvX1w7jqvHqaVuStrTW05v4sRjC4yHl6p9IdumPUFKHuNY8XQ6_A3W1AdGZhz9XIhJ&google_gid=CAESELvIlHcAvXXLuUUB0gdA-n0 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YJ0ea5mXFdgSl3JC_5D_QAAABIIAAAAB&google_cver=1&google_push=AQvitUKKvmga1fG8ZTA0e_z1DO67ieKauqIvX1w7jqvHqaVuStrTW05v4sRjC4yHl6p9IdumPUFKHuNY8XQ6_A3W1AdGZhz9XIhJ&google_gid=CAESELvIlHcAvXXLuUUB0gdA-n0 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YJ0ea5mXFdgSl3JC_5D_QAAABIIAAAAB&google_cver=1&google_push=AQvitUKKvmga1fG8ZTA0e_z1DO67ieKauqIvX1w7jqvHqaVuStrTW05v4sRjC4yHl6p9IdumPUFKHuNY8XQ6_A3W1AdGZhz9XIhJ&google_gid=CAESELvIlHcAvXXLuUUB0gdA-n0 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YJ0ea5mXFdgSl3JC_5D_QAAABIIAAAAB&google_cver=1&google_push=AQvitUKKvmga1fG8ZTA0e_z1DO67ieKauqIvX1w7jqvHqaVuStrTW05v4sRjC4yHl6p9IdumPUFKHuNY8XQ6_A3W1AdGZhz9XIhJ&google_gid=CAESELvIlHcAvXXLuUUB0gdA-n0 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YJ0ea5mXFdgSl3JC_5D_QAAABIIAAAAB&google_cver=1&google_push=AQvitUKKvmga1fG8ZTA0e_z1DO67ieKauqIvX1w7jqvHqaVuStrTW05v4sRjC4yHl6p9IdumPUFKHuNY8XQ6_A3W1AdGZhz9XIhJ&google_gid=CAESELvIlHcAvXXLuUUB0gdA-n0 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YJ0ea5mXFdgSl3JC_5D_QAAABIIAAAAB&google_cver=1&google_push=AQvitUKKvmga1fG8ZTA0e_z1DO67ieKauqIvX1w7jqvHqaVuStrTW05v4sRjC4yHl6p9IdumPUFKHuNY8XQ6_A3W1AdGZhz9XIhJ&google_gid=CAESELvIlHcAvXXLuUUB0gdA-n0 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YJ0ea5mXFdgSl3JC_5D_QAAABIIAAAAB&google_cver=1&google_push=AQvitUKKvmga1fG8ZTA0e_z1DO67ieKauqIvX1w7jqvHqaVuStrTW05v4sRjC4yHl6p9IdumPUFKHuNY8XQ6_A3W1AdGZhz9XIhJ&google_gid=CAESELvIlHcAvXXLuUUB0gdA-n0 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YJ0ea5mXFdgSl3JC_5D_QAAABIIAAAAB&google_cver=1&google_push=AQvitUKKvmga1fG8ZTA0e_z1DO67ieKauqIvX1w7jqvHqaVuStrTW05v4sRjC4yHl6p9IdumPUFKHuNY8XQ6_A3W1AdGZhz9XIhJ&google_gid=CAESELvIlHcAvXXLuUUB0gdA-n0 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YJ0ea5mXFdgSl3JC_5D_QAAABIIAAAAB&google_cver=1&google_push=AQvitUKKvmga1fG8ZTA0e_z1DO67ieKauqIvX1w7jqvHqaVuStrTW05v4sRjC4yHl6p9IdumPUFKHuNY8XQ6_A3W1AdGZhz9XIhJ&google_gid=CAESELvIlHcAvXXLuUUB0gdA-n0 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YJ0ea5mXFdgSl3JC_5D_QAAABIIAAAAB&google_cver=1&google_push=AQvitUKKvmga1fG8ZTA0e_z1DO67ieKauqIvX1w7jqvHqaVuStrTW05v4sRjC4yHl6p9IdumPUFKHuNY8XQ6_A3W1AdGZhz9XIhJ&google_gid=CAESELvIlHcAvXXLuUUB0gdA-n0 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YJ0ea5mXFdgSl3JC_5D_QAAABIIAAAAB&google_cver=1&google_push=AQvitUKKvmga1fG8ZTA0e_z1DO67ieKauqIvX1w7jqvHqaVuStrTW05v4sRjC4yHl6p9IdumPUFKHuNY8XQ6_A3W1AdGZhz9XIhJ&google_gid=CAESELvIlHcAvXXLuUUB0gdA-n0 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YJ0ea5mXFdgSl3JC_5D_QAAABIIAAAAB&google_cver=1&google_push=AQvitUKKvmga1fG8ZTA0e_z1DO67ieKauqIvX1w7jqvHqaVuStrTW05v4sRjC4yHl6p9IdumPUFKHuNY8XQ6_A3W1AdGZhz9XIhJ&google_gid=CAESELvIlHcAvXXLuUUB0gdA-n0 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YJ0ea5mXFdgSl3JC_5D_QAAABIIAAAAB&google_cver=1&google_push=AQvitUKKvmga1fG8ZTA0e_z1DO67ieKauqIvX1w7jqvHqaVuStrTW05v4sRjC4yHl6p9IdumPUFKHuNY8XQ6_A3W1AdGZhz9XIhJ&google_gid=CAESELvIlHcAvXXLuUUB0gdA-n0 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YJ0ea5mXFdgSl3JC_5D_QAAABIIAAAAB&google_cver=1&google_push=AQvitUKKvmga1fG8ZTA0e_z1DO67ieKauqIvX1w7jqvHqaVuStrTW05v4sRjC4yHl6p9IdumPUFKHuNY8XQ6_A3W1AdGZhz9XIhJ&google_gid=CAESELvIlHcAvXXLuUUB0gdA-n0 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YJ0ea5mXFdgSl3JC_5D_QAAABIIAAAAB&google_cver=1&google_push=AQvitUKKvmga1fG8ZTA0e_z1DO67ieKauqIvX1w7jqvHqaVuStrTW05v4sRjC4yHl6p9IdumPUFKHuNY8XQ6_A3W1AdGZhz9XIhJ&google_gid=CAESELvIlHcAvXXLuUUB0gdA-n0 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YJ0ea5mXFdgSl3JC_5D_QAAABIIAAAAB&google_cver=1&google_push=AQvitUKKvmga1fG8ZTA0e_z1DO67ieKauqIvX1w7jqvHqaVuStrTW05v4sRjC4yHl6p9IdumPUFKHuNY8XQ6_A3W1AdGZhz9XIhJ&google_gid=CAESELvIlHcAvXXLuUUB0gdA-n0

Request Chain 111

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

123 HTTP transactions
11 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request return-of-overpayment-to-client-letter.html Show response
www.letters.org/payment-letter/ 129 KB
25 KB 373ms
106ms Document
text/html 167.172.148.131
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://www.letters.org/payment-letter/return-of-overpayment-to-client-letter.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

167.172.148.131 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

Software

/ WordOps

Resource Hash

888a58ec7a6806af4d3e3bd0132fa1dd007862c95e0c7cb161cdc0538bcd5644

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.letters.org
:scheme: https
:path: /payment-letter/return-of-overpayment-to-client-letter.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 13 May 2021 12:41:13 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
set-cookie: PHPSESSID=fi36mvh8eu8e60c8mvdhdauofc; path=/
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-powered-by: WordOps
server
strict-transport-security: max-age=31536000
link: <https://www.letters.org/wp-json/>; rel="https://api.w.org/" <https://www.letters.org/wp-json/wp/v2/posts/23980>; rel="alternate"; type="application/json" <https://www.letters.org/?p=23980>; rel=shortlink
x-download-options: noopen
x-fastcgi-cache: HIT
content-encoding: gzip

GET
H2 200 dashicons.min.css
w2n8f5d4.stackpathcdn.com/wp-includes/css/ 58 KB
35 KB 35ms
9ms Stylesheet
text/css 151.139.128.11
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL

https://w2n8f5d4.stackpathcdn.com/wp-includes/css/dashicons.min.css?ver=5.5.5

Requested by

Host: www.letters.org
URL: https://www.letters.org/payment-letter/return-of-overpayment-to-client-letter.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.139.128.11 , United States, ASN20446 (HIGHWINDS3, US),

Reverse DNS

Software

nginx / WordOps

Resource Hash

b7203ef7f18e8e70e9991515982b3bbd43524cf048e9591b7aab1e80db938774

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.letters.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 13 May 2021 12:41:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-powered-by: WordOps
content-length: 35745
x-xss-protection: 1; mode=block
referrer-policy: no-referrer, strict-origin-when-cross-origin
last-modified: Thu, 15 Apr 2021 20:54:34 GMT
server: nginx
etag: W/"6078a80a-e687"
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-hw: 1620909673.cds168.fr8.hn,1620909673.cds129.fr8.c
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=2592000
accept-ranges: bytes

GET
H2 200 css
fonts.googleapis.com/ 4 KB
717 B 15ms
14ms Stylesheet
text/css 2a00:1450:4001:82f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Raleway%3A400%2C700%7CPathway+Gothic+One&ver=3.0.2

Requested by

Host: www.letters.org
URL: https://www.letters.org/payment-letter/return-of-overpayment-to-client-letter.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

1c045889491c60a8c157ce2dad6ea059e032f3afe66c95d14493896c3af517e1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.letters.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 13 May 2021 11:20:19 GMT
server: ESF
date: Thu, 13 May 2021 12:41:13 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 13 May 2021 12:41:13 GMT

GET
H2 200 jquery.js Show response
w2n8f5d4.stackpathcdn.com/wp-includes/js/jquery/ 95 KB
33 KB 43ms
18ms Script
application/javascript 151.139.128.11
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL

https://w2n8f5d4.stackpathcdn.com/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp

Requested by

Host: www.letters.org
URL: https://www.letters.org/payment-letter/return-of-overpayment-to-client-letter.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.139.128.11 , United States, ASN20446 (HIGHWINDS3, US),

Reverse DNS

Software

nginx / WordOps

Resource Hash

1db21d816296e6939ba1f42962496e4134ae2b0081e26970864c40c6d02bb1df

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.letters.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 13 May 2021 12:41:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-powered-by: WordOps
content-length: 33804
x-xss-protection: 1; mode=block
referrer-policy: no-referrer, strict-origin-when-cross-origin
last-modified: Thu, 03 Sep 2020 20:05:34 GMT
server: nginx
etag: "5f514c8e-17a69"
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-hw: 1620909673.cds168.fr8.hn,1620909673.cds215.fr8.c
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=2592000
accept-ranges: bytes

GET
H2 200 up.js Show response
live.demand.supply/ 0
255 B 97ms
81ms Script
text/plain 2606:4700::6810:8616
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://live.demand.supply/up.js
Requested by: Host: www.letters.org
URL: https://www.letters.org/payment-letter/return-of-overpayment-to-client-letter.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:8616 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.letters.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 13 May 2021 12:41:13 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/plain;charset=UTF-8
cache-control: max-age=1200,must-revalidate,stale-while-revalidate=3600
cf-ray: 64ebf5b44f8f1786-FRA
content-length: 0
cf-request-id: 0a0757e4b000001786f42e5000000001

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 142 KB
49 KB 46ms
25ms Script
text/javascript 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: www.letters.org
URL: https://www.letters.org/payment-letter/return-of-overpayment-to-client-letter.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9885e11888dae4819023ae57028a2ee7158ff1addfb6795b4e8dfd971f36981f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.letters.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 13 May 2021 12:41:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 49903
x-xss-protection: 0
server: cafe
etag: 2731610590536240358
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Thu, 13 May 2021 12:41:13 GMT

GET
H2 200 lazysizes.min.js Show response
w2n8f5d4.stackpathcdn.com/wp-content/plugins/autoptimize/classes/external/js/ 9 KB
4 KB 12ms
11ms Script
application/javascript 151.139.128.11
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL

https://w2n8f5d4.stackpathcdn.com/wp-content/plugins/autoptimize/classes/external/js/lazysizes.min.js?ao_version=2.8.1

Requested by

Host: www.letters.org
URL: https://www.letters.org/payment-letter/return-of-overpayment-to-client-letter.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.139.128.11 , United States, ASN20446 (HIGHWINDS3, US),

Reverse DNS

Software

nginx / WordOps

Resource Hash

f49e5eccbf420949ddb76cfa2ca1430c8f733b06fb2a35d8fed1182b41613530

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.letters.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 13 May 2021 12:41:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-powered-by: WordOps
content-length: 4055
x-xss-protection: 1; mode=block
referrer-policy: no-referrer, strict-origin-when-cross-origin
last-modified: Sat, 13 Feb 2021 06:19:37 GMT
server: nginx
etag: "60276f79-2532"
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-hw: 1620909673.cds168.fr8.hn,1620909673.cds216.fr8.c
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=2592000
accept-ranges: bytes

GET
H2 200 autoptimize_c18d1379dbafd08f46e4597be8fad94e.js Show response
w2n8f5d4.stackpathcdn.com/wp-content/cache/autoptimize/js/ 125 KB
37 KB 699ms
698ms Script
application/javascript 151.139.128.11
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL

https://w2n8f5d4.stackpathcdn.com/wp-content/cache/autoptimize/js/autoptimize_c18d1379dbafd08f46e4597be8fad94e.js

Requested by

Host: www.letters.org
URL: https://www.letters.org/payment-letter/return-of-overpayment-to-client-letter.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.139.128.11 , United States, ASN20446 (HIGHWINDS3, US),

Reverse DNS

Software

nginx / WordOps

Resource Hash

b448a68371e049791a1ef3bccf83961062adf0e03ed43c18a5a23694f97d2ac2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.letters.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 13 May 2021 12:41:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-powered-by: WordOps
x-xss-protection: 1; mode=block
referrer-policy: no-referrer, strict-origin-when-cross-origin
last-modified: Thu, 13 May 2021 09:09:09 GMT
server: nginx
etag: "609cecb5-1f47d"
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-hw: 1620909673.cds168.fr8.hn,1620909673.cds235.fr8.sc,1620909674.cds235.fr8.sc,1620909674.cds235.fr8.p
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=2592000
accept-ranges: bytes

GET
H2 200 nmedianet.js Show response
contextual.media.net/ 468 KB
148 KB 135ms
94ms Script
text/javascript 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/nmedianet.js?cid=8CUMG3VZL&https=1

Requested by

Host: www.letters.org
URL: https://www.letters.org/payment-letter/return-of-overpayment-to-client-letter.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

baba6dc517e80962aa854a06e9d6e86ba5dfa67a369512b5b4634334c634c855

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Referer: https://www.letters.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

x-mnt-h: 10-4
content-encoding: gzip
server: Apache
p3p: CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
etag: "b25c595c93b2dcdbfafa6714f3624bb5"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
cache-control: max-age=300
date: Thu, 13 May 2021 12:41:13 GMT
strict-transport-security: max-age=604800
x-mnt-w: 8-31
expires: Thu, 13 May 2021 12:46:13 GMT

GET
H2 200 1Ptug8zYS_SKggPNyC0ITw.woff2
fonts.gstatic.com/s/raleway/v19/ 46 KB
46 KB 7ms
6ms Font
font/woff2 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/raleway/v19/1Ptug8zYS_SKggPNyC0ITw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Raleway%3A400%2C700%7CPathway+Gothic+One&ver=3.0.2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1824e38c8fe9b23fb54ed5deafd63f31fcceed673d89111bebc8f05d1aa7b126

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.letters.org
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 13 May 2021 10:38:22 GMT
x-content-type-options: nosniff
last-modified: Thu, 28 Jan 2021 22:37:32 GMT
server: sffe
age: 7371
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 47272
x-xss-protection: 0
expires: Fri, 13 May 2022 10:38:22 GMT

GET
H3-29 200 show_ads_impl_with_ama_fy2019.js Show response
pagead2.googlesyndication.com/pagead/js/r20210510/r20190131/ 223 KB
82 KB 46ms
32ms Script
text/javascript 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210510/r20190131/show_ads_impl_with_ama_fy2019.js?client=ca-pub-9517795834930234&plah=www.letters.org&amaexp=1

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6130fe8ded2255439c42cf9e805c28b1a72bfcad166d9dcd720243d33557628b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.letters.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 13 May 2021 12:41:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 84099
x-xss-protection: 0
server: cafe
etag: 12011922212658401594
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Thu, 13 May 2021 12:41:13 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20210510/r20190131/ Frame EBB4 10 KB
5 KB 6ms
5ms Document
text/html 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20210510/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a5cb642ef22434a24612329870579fbb272cb9fa7475360035596ea56fb0431a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/html/r20210510/r20190131/zrt_lookup.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.letters.org/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.letters.org/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Wed, 12 May 2021 18:07:36 GMT
expires: Wed, 26 May 2021 18:07:36 GMT
content-type: text/html; charset=UTF-8
etag: 10446291943670460780
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 4644
x-xss-protection: 0
age: 66817
cache-control: public, max-age=1209600
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 201 B
640 B 61ms
39ms Script
text/javascript 172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=www.letters.org&callback=_gfp_s_&client=ca-pub-9517795834930234

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20210510/r20190131/show_ads_impl_with_ama_fy2019.js?client=ca-pub-9517795834930234&plah=www.letters.org&amaexp=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.23.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s45-in-f2.1e100.net

Software

cafe /

Resource Hash

c31ad44b2a74a6499dd663e67bb7e50c3f6fa46749b05d0826261b347c6e8269

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.letters.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 13 May 2021 12:41:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 192
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
799 B 39ms
19ms Script
application/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.letters.org

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.letters.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 13 May 2021 12:41:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
553 B 36ms
16ms Script
application/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.letters.org

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.letters.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 13 May 2021 12:41:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 4F9F 0
19 B 90ms
75ms Document
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9517795834930234&output=html&adk=1812271804&adf=3025194257&lmt=1620909673&plat=1%3A32776%2C2%3A32776%2C8%3A134217728%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fwww.letters.org%2Fpayment-letter%2Freturn-of-overpayment-to-client-letter.html&ea=0&flash=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1620909673712&bpp=5&bdt=213&idt=71&shv=r20210510&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&nras=1&correlator=7658884735661&frm=20&pv=2&ga_vid=2112529175.1620909674&ga_sid=1620909674&ga_hid=2136985631&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&oid=3&pvsid=3251302952839113&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=88

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-9517795834930234&output=html&adk=1812271804&adf=3025194257&lmt=1620909673&plat=1%3A32776%2C2%3A32776%2C8%3A134217728%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fwww.letters.org%2Fpayment-letter%2Freturn-of-overpayment-to-client-letter.html&ea=0&flash=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1620909673712&bpp=5&bdt=213&idt=71&shv=r20210510&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&nras=1&correlator=7658884735661&frm=20&pv=2&ga_vid=2112529175.1620909674&ga_sid=1620909674&ga_hid=2136985631&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&oid=3&pvsid=3251302952839113&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=88
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.letters.org/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.letters.org/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Thu, 13 May 2021 12:41:13 GMT
server: cafe
content-length: 0
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Thu, 13-May-2021 12:56:13 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Thu, 13 May 2021 12:41:13 GMT
cache-control: private

GET
H2 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ 73 KB
28 KB 34ms
13ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4ef9a18aef9847638b3b4344a0b2ebed14e84fb0aeb8ce29292af06826a2580a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.letters.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 13 May 2021 12:41:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1620696588139699"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28014
x-xss-protection: 0
expires: Thu, 13 May 2021 12:41:13 GMT

GET
H2 200 fcmain.js Show response
contextual.media.net/1017354394/ 98 KB
26 KB 452ms
452ms Script
text/javascript 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/1017354394/fcmain.js?cb=window._mNDetails.initAd&&gdpr=1&cid=8CUMG3VZL&cpcd=kkQue80HaQBxyFy3eT-4Iw%3D%3D&crid=979987898&size=600x250&cc=DE&https=1&vif=1&requrl=https%3A%2F%2Fletters.org%2Fpayment-letter%2Freturn-of-overpayment-to-client-letter.html&nse=5&vi=1620909673978097021&lw=1&ugd=4&nb=1

Requested by

Host: contextual.media.net
URL: https://contextual.media.net/nmedianet.js?cid=8CUMG3VZL&https=1

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

a0462f5eec2406aac0d0a8da86ee80d91b32494e3a1694e50bec81d5fd27d902

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Referer: https://www.letters.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=604800
content-encoding: gzip
server: Apache
x-mnt-hl2: 8-9
vary: Accept-Encoding
content-type: text/javascript
cache-control: max-age=0, no-cache, no-store
date: Thu, 13 May 2021 12:41:14 GMT
x-mnt-w: 10-15
content-length: 25974
expires: Thu, 13 May 2021 12:41:14 GMT

GET
H2 200 fcmain.js Show response
contextual.media.net/1017354394/ 81 KB
24 KB 442ms
441ms Script
text/javascript 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: contextual.media.net
URL: https://contextual.media.net/nmedianet.js?cid=8CUMG3VZL&https=1

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

f7812f5c504c20d1ae6ef1b2ffe5dc49f32ea0311919a0ec34c3694f779c946d

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Referer: https://www.letters.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=604800
content-encoding: gzip
server: Apache
x-mnt-hl2: 8-9
vary: Accept-Encoding
content-type: text/javascript
cache-control: max-age=0, no-cache, no-store
date: Thu, 13 May 2021 12:41:14 GMT
x-mnt-w: 10-4
content-length: 24521
expires: Thu, 13 May 2021 12:41:14 GMT

GET
H2 200 fcmain.js Show response
contextual.media.net/1017354394/ 84 KB
24 KB 348ms
348ms Script
text/javascript 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/1017354394/fcmain.js?cb=window._mNDetails.initAd&&gdpr=1&cid=8CUMG3VZL&cpcd=kkQue80HaQBxyFy3eT-4Iw%3D%3D&crid=680308666&size=600x600&cc=DE&https=1&vif=1&requrl=https%3A%2F%2Fletters.org%2Fpayment-letter%2Freturn-of-overpayment-to-client-letter.html&nse=5&vi=1620909673308213370&lw=1&ugd=4&nb=1

Requested by

Host: contextual.media.net
URL: https://contextual.media.net/nmedianet.js?cid=8CUMG3VZL&https=1

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

cb6e7390c479593a79e15a575fd00af8d850e3d23faaae3f1b59a6eafabcd084

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Referer: https://www.letters.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=604800
content-encoding: gzip
server: Apache
x-mnt-hl2: 8-9
vary: Accept-Encoding
content-type: text/javascript
cache-control: max-age=0, no-cache, no-store
date: Thu, 13 May 2021 12:41:14 GMT
x-mnt-w: 10-9
content-length: 24599
expires: Thu, 13 May 2021 12:41:14 GMT

GET
H2 200 bping.php
lg3.media.net/ 35 B
189 B 23ms
21ms Image
image/gif 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lg3.media.net/bping.php?&gdpr=1&prid=8PRHGG6T9&cid=8CUMG3VZL&crid=680308666&vi=1620909673308213370&ugd=4&lf=6&cc=DE&sc=HE&wsip=2886993991&r=1620909673889&requrl=https%3A%2F%2Fletters.org%2Fpayment-letter%2Freturn-of-overpayment-to-client-letter.html&vgd_l2type=setting&vgd_sbSup=1&vgd_is_amp=0&vgd_asn=9009&vgd_uspa=0&hvsid=00001620909673887015095070726851&gdpr=1&vgd_end=1

Requested by

Host: www.letters.org
URL: https://www.letters.org/payment-letter/return-of-overpayment-to-client-letter.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

0915fad60bc9b61b6dcd82d05da7ec4bc0232a647e75b8507c3cba6d4d6602f9

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600

Request headers

Referer: https://www.letters.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=21600
server: Apache
date: Thu, 13 May 2021 12:41:13 GMT
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
content-length: 35
expires: Thu, 13 May 2021 12:41:13 GMT

GET ads
googleads.g.doubleclick.net/pagead/ Frame 8368 0
0

GET
H2 200 ga.js Show response
ssl.google-analytics.com/ 45 KB
17 KB 27ms
6ms Script
text/javascript 2a00:1450:4001:82a::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ssl.google-analytics.com/ga.js

Requested by

Host: www.letters.org
URL: https://www.letters.org/payment-letter/return-of-overpayment-to-client-letter.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.letters.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 09 Apr 2021 23:59:54 GMT
server: Golfe2
age: 2170
date: Thu, 13 May 2021 12:05:03 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17168
expires: Thu, 13 May 2021 14:05:03 GMT

GET
H2

200

ga-audiences
www.google.de/ads/
Redirect Chain

https://ssl.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=1&utmn=106800286&utmhn=www.letters.org&utme=8(AdNgin%20Experiment)9(No%20AdNgin)11(1)&utmcs=UTF-8&utmsr=1600x1200&utmvp=1600x1200&utmsc...
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-10805533-6&cid=2112529175.1620909674&jid=1861406221&_v=5.7.2&z=106800286
https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-10805533-6&cid=2112529175.1620909674&jid=1861406221&_v=5.7.2&z=106800286
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-10805533-6&cid=2112529175.1620909674&jid=1861406221&_v=5.7.2&z=106800286&slf_rd=1&random=1431082839

42 B
107 B

31ms
31ms

Image
image/gif

2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-10805533-6&cid=2112529175.1620909674&jid=1861406221&_v=5.7.2&z=106800286&slf_rd=1&random=1431082839

Requested by

Host: www.letters.org
URL: https://www.letters.org/payment-letter/return-of-overpayment-to-client-letter.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.letters.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 13 May 2021 12:41:14 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 13 May 2021 12:41:14 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/html; charset=UTF-8
location: https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-10805533-6&cid=2112529175.1620909674&jid=1861406221&_v=5.7.2&z=106800286&slf_rd=1&random=1431082839
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 nrrV57728.js Show response
contextual.media.net/4a/ Frame BAB2 90 KB
29 KB 35ms
35ms Script
text/javascript 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/4a/nrrV57728.js

Requested by

Host: contextual.media.net
URL: https://contextual.media.net/nmedianet.js?cid=8CUMG3VZL&https=1

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

e407a1c4f45bba5bfca5d690481f93ab3ca30a2069f248212f39773355a5da3c

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Referer: https://www.letters.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: max-age=2592000
strict-transport-security: max-age=604800
content-encoding: gzip
server: Apache
etag: "727cefd03bd8c4affe67217780b368f1"
vary: Accept-Encoding
x-mnet-h: 8-20
content-type: text/javascript; charset=utf-8
cache-control: max-age=1209600
date: Thu, 13 May 2021 12:41:14 GMT
content-length: 29612
expires: Thu, 27 May 2021 12:41:14 GMT

GET
H/1.1 200
OK 1x1.gif
res-a.akamaihd.net/__media__/pics/800028474/ Frame BAB2 42 B
350 B 68ms
18ms Image
image/gif 2.16.186.43
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://res-a.akamaihd.net/__media__/pics/800028474/1x1.gif
Requested by: Host: www.letters.org
URL: https://www.letters.org/payment-letter/return-of-overpayment-to-client-letter.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2.16.186.43 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-16-186-43.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://www.letters.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 13 May 2021 12:41:14 GMT
Last-Modified: Mon, 04 Jun 2018 10:04:19 GMT
Server: nginx
ETag: "5b150ea3-2a"
Content-Type: image/gif
Cache-Control: public, max-age=416396
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 42
Expires: Tue, 18 May 2021 08:21:10 GMT

GET
DATA 200
OK truncated
/ Frame BAB2 4 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 326c32d7ffbd04762a10cf5bb37441d418397959381d3893c9e9a48217aa5347

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame BAB2 2 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b00af338864761a37a208806e2e8815b46327a5e7e47bf141f4fbdf6d1fd3bcc

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H/1.1 200
OK bullet1.woff
res-a.akamaihd.net/__media__/fonts/bullet1/ Frame BAB2 2 KB
2 KB 76ms
27ms Font
application/font-woff 2.16.186.43
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://res-a.akamaihd.net/__media__/fonts/bullet1/bullet1.woff
Requested by: Host: www.letters.org
URL: https://www.letters.org/payment-letter/return-of-overpayment-to-client-letter.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2.16.186.43 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-16-186-43.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: d9ac862518df3efb07d7cecda391ab683489cf26fa04d62e179ba60869dd69bb

Request headers

Origin: https://www.letters.org
Referer: https://www.letters.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 13 May 2021 12:41:14 GMT
Last-Modified: Mon, 16 May 2016 10:39:41 GMT
Server: nginx
ETag: "5739a36d-700"
Content-Type: application/font-woff
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1792

GET
H/1.1 200
OK Raleway_Medium.woff
res-a.akamaihd.net/__media__/fonts/Raleway_Medium/ Frame BAB2 31 KB
31 KB 538ms
510ms Font
application/font-woff 2.16.186.43
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://res-a.akamaihd.net/__media__/fonts/Raleway_Medium/Raleway_Medium.woff
Requested by: Host: www.letters.org
URL: https://www.letters.org/payment-letter/return-of-overpayment-to-client-letter.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2.16.186.43 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-16-186-43.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: d680681e19f24318b6f0dad900af6d08b927395f9e7a711428db8d8d1e362c2b

Request headers

Origin: https://www.letters.org
Referer: https://www.letters.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 13 May 2021 12:41:14 GMT
Last-Modified: Mon, 16 May 2016 10:39:41 GMT
Server: nginx
ETag: "5739a36d-7a94"
Content-Type: application/font-woff
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 31380

GET
H2 200 nrrV57728.js Show response
contextual.media.net/4a/ Frame 127D 90 KB
29 KB 129ms
129ms Script
text/javascript 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/4a/nrrV57728.js

Requested by

Host: contextual.media.net
URL: https://contextual.media.net/nmedianet.js?cid=8CUMG3VZL&https=1

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

e407a1c4f45bba5bfca5d690481f93ab3ca30a2069f248212f39773355a5da3c

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Referer: https://www.letters.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: max-age=2592000
strict-transport-security: max-age=604800
content-encoding: gzip
server: Apache
etag: "727cefd03bd8c4affe67217780b368f1"
vary: Accept-Encoding
x-mnet-h: 8-20
content-type: text/javascript; charset=utf-8
cache-control: max-age=1209600
date: Thu, 13 May 2021 12:41:14 GMT
content-length: 29612
expires: Thu, 27 May 2021 12:41:14 GMT

GET
DATA 200
OK truncated
/ Frame 127D 107 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: dfa1028a74436c56e0ee1367812c0ee599d6814ec4a3079ca9b9afffba949e26

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 127D 4 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 326c32d7ffbd04762a10cf5bb37441d418397959381d3893c9e9a48217aa5347

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 127D 2 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b00af338864761a37a208806e2e8815b46327a5e7e47bf141f4fbdf6d1fd3bcc

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H/1.1 200
OK OpenSans_Semibold.woff
res-a.akamaihd.net/__media__/fonts/OpenSans_Semibold/ Frame 127D 21 KB
21 KB 57ms
31ms Font
application/font-woff 2.16.186.43
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://res-a.akamaihd.net/__media__/fonts/OpenSans_Semibold/OpenSans_Semibold.woff
Requested by: Host: www.letters.org
URL: https://www.letters.org/payment-letter/return-of-overpayment-to-client-letter.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2.16.186.43 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-16-186-43.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 2a354649f57a81405daccfd6b5785da5f73ba638f2db591992cb7b739dac3135

Request headers

Origin: https://www.letters.org
Referer: https://www.letters.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 13 May 2021 12:41:14 GMT
Last-Modified: Mon, 16 May 2016 10:39:41 GMT
Server: nginx
ETag: "5739a36d-54c8"
Content-Type: application/font-woff
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 21704

GET
H/1.1 200
OK getlc.js Show response
pflc.media.net/ Frame 4F3A 122 B
338 B 462ms
98ms Script
text/javascript 162.222.224.35
CONFLUENCE-NETWOR...

General

Check archive.org

Show headers Download Go to

Full URL: https://pflc.media.net/getlc.js
Requested by: Host: www.letters.org
URL: https://www.letters.org/payment-letter/return-of-overpayment-to-client-letter.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 162.222.224.35 , Virgin Islands (British), ASN40034 (CONFLUENCE-NETWORK-INC, VG),
Reverse DNS
Software: /
Resource Hash: 5a60c5e5e50151c3782d91a88e9526c4a8308c326441bd492d31962b4ee2700c

Request headers

Referer: https://www.letters.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 13 May 2021 12:41:14 GMT
cache-control: private, max-age=900, must-revalidate
expires: Thu, 13 May 2021 12:56:14 GMT
content-length: 122
content-type: text/javascript;charset=utf-8

GET
H2 200 nrrV57728.js Show response
contextual.media.net/4a/ Frame 4F3A 90 KB
29 KB 78ms
78ms Script
text/javascript 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/4a/nrrV57728.js

Requested by

Host: contextual.media.net
URL: https://contextual.media.net/nmedianet.js?cid=8CUMG3VZL&https=1

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

e407a1c4f45bba5bfca5d690481f93ab3ca30a2069f248212f39773355a5da3c

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Referer: https://www.letters.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: max-age=2592000
strict-transport-security: max-age=604800
content-encoding: gzip
server: Apache
etag: "727cefd03bd8c4affe67217780b368f1"
vary: Accept-Encoding
x-mnet-h: 8-20
content-type: text/javascript; charset=utf-8
cache-control: max-age=1209600
date: Thu, 13 May 2021 12:41:14 GMT
content-length: 29612
expires: Thu, 27 May 2021 12:41:14 GMT

GET
H2 200 wp-emoji-release.min.js Show response
www.letters.org/wp-includes/js/ 14 KB
5 KB 101ms
100ms Script
application/javascript 167.172.148.131
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://www.letters.org/wp-includes/js/wp-emoji-release.min.js?ver=5.5.5

Requested by

Host: w2n8f5d4.stackpathcdn.com
URL: https://w2n8f5d4.stackpathcdn.com/wp-content/cache/autoptimize/js/autoptimize_c18d1379dbafd08f46e4597be8fad94e.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

167.172.148.131 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

Software

nginx / WordOps

Resource Hash

07e4203b9f313b587b1d53f896e63771ec85f9b0d4c2ac5fa64089457784d847

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:path: /wp-includes/js/wp-emoji-release.min.js?ver=5.5.5
pragma: no-cache
cookie: PHPSESSID=fi36mvh8eu8e60c8mvdhdauofc; session_depth=www.letters.org%3D1%7C979987898%3D2%7C680308666%3D1; __gads=ID=eb1e25560b42141e-22e698e311c80058:T=1620909673:RT=1620909673:S=ALNI_MZdvXI7vxLI0UCGUz_DZaAy8rCuEw; __utmc=156209318; __utmz=156209318.1620909674.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmv=156209318.|1=AdNgin%20Experiment=No%20AdNgin=1; __utmt=1; __utma=156209318.2112529175.1620909674.1620909674.1620909674.1; __utmb=156209318.1.10.1620909674
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.letters.org
referer: https://www.letters.org/payment-letter/return-of-overpayment-to-client-letter.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.letters.org/payment-letter/return-of-overpayment-to-client-letter.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 13 May 2021 12:41:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-powered-by: WordOps
x-xss-protection: 1; mode=block
referrer-policy: no-referrer, strict-origin-when-cross-origin
last-modified: Thu, 15 Apr 2021 20:54:34 GMT
server: nginx
x-frame-options: SAMEORIGIN
etag: W/"6078a80a-3795"
x-download-options: noopen
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=2592000
expires: Sat, 12 Jun 2021 12:41:14 GMT

GET
H2 200 einslmedianet.js Show response
contextual.media.net/ 450 KB
143 KB 175ms
174ms Script
text/javascript 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/einslmedianet.js?cid=8CUMG3VZL&crid=220298382&size=641x481

Requested by

Host: w2n8f5d4.stackpathcdn.com
URL: https://w2n8f5d4.stackpathcdn.com/wp-content/cache/autoptimize/js/autoptimize_c18d1379dbafd08f46e4597be8fad94e.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

3c95fffc568d4b96e488c12d2f88ea7128787c003dbedda956a16077f508a9c7

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Referer: https://www.letters.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-mnt-h: 12-9
content-encoding: gzip
server: Apache
etag: "d46f24216ab363631646b942ce0e52ab"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
cache-control: max-age=300
date: Thu, 13 May 2021 12:41:14 GMT
strict-transport-security: max-age=604800
x-mnt-w: 8-7
expires: Thu, 13 May 2021 12:46:14 GMT

GET
H2 200 inslmedianet.js Show response
contextual.media.net/ 450 KB
143 KB 106ms
106ms Script
text/javascript 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/inslmedianet.js?cid=8CUMG3VZL&crid=582910163&size=249x300

Requested by

Host: w2n8f5d4.stackpathcdn.com
URL: https://w2n8f5d4.stackpathcdn.com/wp-content/cache/autoptimize/js/autoptimize_c18d1379dbafd08f46e4597be8fad94e.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

c5367c445141f868d0ddd95c136b3fd1e816e906c16c1ba04dfd998414e383a7

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Referer: https://www.letters.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-mnt-h: 12-10
content-encoding: gzip
server: Apache
etag: "6a8bbcdadcf33dca299815baaa5f085e"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
cache-control: max-age=300
date: Thu, 13 May 2021 12:41:14 GMT
strict-transport-security: max-age=604800
x-mnt-w: 8-31
expires: Thu, 13 May 2021 12:46:14 GMT

GET
H3-29 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame E802 75 KB
28 KB 620ms
620ms Document
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9517795834930234&output=html&h=280&slotname=2234739304&adk=3189045681&adf=1594946721&pi=t.ma~as.2234739304&w=727&fwrn=4&fwrnh=100&lmt=1620909673&rafmt=1&psa=0&format=727x280&url=https%3A%2F%2Fwww.letters.org%2Fpayment-letter%2Freturn-of-overpayment-to-client-letter.html&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1620909673891&bpp=2&bdt=392&idt=2&shv=r20210510&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=7658884735661&frm=20&pv=1&ga_vid=2112529175.1620909674&ga_sid=1620909674&ga_hid=2136985631&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=261&ady=4205&biw=1600&bih=1200&scr_x=0&scr_y=0&oid=3&pvsid=3251302952839113&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=66D5Obc7nW&p=https%3A//www.letters.org&dtd=6

Requested by

Host: w2n8f5d4.stackpathcdn.com
URL: https://w2n8f5d4.stackpathcdn.com/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f602533ff6d6290b9dc23e47f915d0d93939dae1326ee7bb12f0a3c70be17b50

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-9517795834930234&output=html&h=280&slotname=2234739304&adk=3189045681&adf=1594946721&pi=t.ma~as.2234739304&w=727&fwrn=4&fwrnh=100&lmt=1620909673&rafmt=1&psa=0&format=727x280&url=https%3A%2F%2Fwww.letters.org%2Fpayment-letter%2Freturn-of-overpayment-to-client-letter.html&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1620909673891&bpp=2&bdt=392&idt=2&shv=r20210510&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=7658884735661&frm=20&pv=1&ga_vid=2112529175.1620909674&ga_sid=1620909674&ga_hid=2136985631&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=261&ady=4205&biw=1600&bih=1200&scr_x=0&scr_y=0&oid=3&pvsid=3251302952839113&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=66D5Obc7nW&p=https%3A//www.letters.org&dtd=6
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.letters.org/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.letters.org/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Thu, 13 May 2021 12:41:15 GMT
server: cafe
content-length: 28389
x-xss-protection: 0
set-cookie: IDE=AHWqTUl7UQqo7UDJW41bzy6VJXIBEr8N8AOPoEzTAjdUbV4D9ypsATmH5sNR88BzHW0; expires=Tue, 07-Jun-2022 12:41:14 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none test_cookie=; expires=Fri, 01-Aug-2008 22:45:55 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Thu, 13 May 2021 12:41:15 GMT
cache-control: private

GET
H2 200 fcmain.js Show response
contextual.media.net/1017354394/ 80 KB
24 KB 543ms
542ms Script
text/javascript 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/1017354394/fcmain.js?cb=window._mNDetails.initAd&&gdpr=1&cid=8CUMG3VZL&cpcd=kkQue80HaQBxyFy3eT-4Iw%3D%3D&crid=305444829&size=336x280&cc=DE&https=1&vif=1&requrl=https%3A%2F%2Fletters.org%2Fpayment-letter%2Freturn-of-overpayment-to-client-letter.html&nse=5&vi=1620909673102345491&lw=1&ugd=4&nb=1

Requested by

Host: contextual.media.net
URL: https://contextual.media.net/nmedianet.js?cid=8CUMG3VZL&https=1

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

1b3fae8647373f5d053f5668e42482c1aa982ce37d0d49ac9378ef055c4833b9

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Referer: https://www.letters.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=604800
content-encoding: gzip
server: Apache
x-mnt-hl2: 8-9
vary: Accept-Encoding
content-type: text/javascript
cache-control: max-age=0, no-cache, no-store
date: Thu, 13 May 2021 12:41:14 GMT
x-mnt-w: 10-8
content-length: 24371
expires: Thu, 13 May 2021 12:41:14 GMT

GET
H2 200 bping.php
lg3.media.net/ 35 B
189 B 45ms
44ms Image
image/gif 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lg3.media.net/bping.php?&gdpr=1&prid=8PRHGG6T9&cid=8CUMG3VZL&crid=305444829&vi=1620909673102345491&ugd=4&lf=6&cc=DE&sc=HE&wsip=2886993991&r=1620909674407&requrl=https%3A%2F%2Fletters.org%2Fpayment-letter%2Freturn-of-overpayment-to-client-letter.html&vgd_l2type=setting&vgd_sbSup=1&vgd_is_amp=0&vgd_asn=9009&vgd_uspa=0&hvsid=00001620909674405015095070723511&gdpr=1&vgd_end=1

Requested by

Host: www.letters.org
URL: https://www.letters.org/payment-letter/return-of-overpayment-to-client-letter.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

0915fad60bc9b61b6dcd82d05da7ec4bc0232a647e75b8507c3cba6d4d6602f9

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600

Request headers

Referer: https://www.letters.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=21600
server: Apache
date: Thu, 13 May 2021 12:41:14 GMT
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
content-length: 35
expires: Thu, 13 May 2021 12:41:14 GMT

GET
H2 200 vdo.ai.js Show response
a.vdo.ai/core/letters/ 14 KB
4 KB 44ms
20ms Script
text/javascript 2606:4700:3033::ac43:de92
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://a.vdo.ai/core/letters/vdo.ai.js
Requested by: Host: www.letters.org
URL: https://www.letters.org/payment-letter/return-of-overpayment-to-client-letter.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::ac43:de92 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 93c2316f4a3529097ad5af66abd2ab06f23b324696fbccd64df4a614527d14b4

Request headers

Referer: https://www.letters.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 13 May 2021 12:41:14 GMT
via: 1.1 varnish-v4
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 337
x-cache: HIT
vdo-server: Tag2
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 0a0757e7c100004e20da910000000001
content-type: text/javascript;charset=UTF-8
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=LirKHrgbHZkpos59EYDaK8QCevbCrzMAF1WSrGItbKknUAMxwZ4r51nOYyta9h4sdozFst9hpr3V2fiX%2FL0f2Q%2BLshniF7Gd6tBFF%2BwEW%2FASqbox%2Bw%3D%3D"}],"group":"cf-nel","max_age":604800}
x-varnish: 493161 196976
cache-control: public, max-age=1800
access-control-allow-credentials: true
cf-ray: 64ebf5b938534e20-FRA

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 87 KB
35 KB 15ms
15ms Script
application/javascript 2a00:1450:4001:808::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-113932176-32

Requested by

Host: a.vdo.ai
URL: https://a.vdo.ai/core/letters/vdo.ai.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

1b1a1ae058af8ec106c6ecabc473ccb2fc4ae7f3435461940609cbf6e71a23fa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.letters.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 13 May 2021 12:41:14 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35500
x-xss-protection: 0
last-modified: Thu, 13 May 2021 12:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 13 May 2021 12:41:14 GMT

GET
H3-29 200 vdo.min.js Show response
a.vdo.ai/core/dependencies_hbv4/ 343 KB
105 KB 65ms
54ms Script
application/javascript 2606:4700:3033::ac43:de92
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://a.vdo.ai/core/dependencies_hbv4/vdo.min.js
Requested by: Host: a.vdo.ai
URL: https://a.vdo.ai/core/letters/vdo.ai.js
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::ac43:de92 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 71dac00c979fbdc0ac2b1705e14df2a358d505191565a75ecf67a8f9ff9ef9cc

Request headers

Referer: https://www.letters.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 13 May 2021 12:41:14 GMT
via: 1.1 varnish-v4
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 360
cf-ray: 64ebf5b96c283244-FRA
x-cache: HIT
access-control-allow-methods: GET, POST, OPTIONS
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 0a0757e7e5000032444b0fc000000001
last-modified: Thu, 13 May 2021 11:31:09 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=qPdy9I3O%2FkdFQwiZ0TyuHPB%2FWnVLd8KDKdqwxdn7FLgGZt1dpcifJYfXOlpNbTUMLt%2FXx9oTg%2B4gsubKIFtpRMcxg864cED3UTUwlH6kcPkPeTlfVw%3D%3D"}],"group":"cf-nel","max_age":604800}
x-varnish: 133706 99614
access-control-allow-origin: *
access-control-expose-headers: Content-Length,Content-Range
cache-control: public, max-age=1800
access-control-allow-credentials: true
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range

GET
H2 200 ima3.js Show response
imasdk.googleapis.com/js/sdkloader/ 334 KB
115 KB 35ms
14ms Script
text/javascript 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/sdkloader/ima3.js

Requested by

Host: a.vdo.ai
URL: https://a.vdo.ai/core/letters/vdo.ai.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f74bdfeec83247edd199110ac967f48433637c2cd8dcac06c4de540abb3393e8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.letters.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 13 May 2021 12:41:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 117163
x-xss-protection: 0
expires: Thu, 13 May 2021 12:41:14 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 48 KB
19 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-113932176-32

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

2cb09c7b3e19bfc41743ca3624ef81c3258d56525647feac76aa757e0292627a

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.letters.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 09 Apr 2021 23:59:54 GMT
server: Golfe2
age: 862
date: Thu, 13 May 2021 12:26:52 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19569
expires: Thu, 13 May 2021 14:26:52 GMT

POST
H3-29 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 13ms
13ms XHR
text/plain 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j90&a=2136985631&t=event&_s=1&dl=https%3A%2F%2Fwww.letters.org%2Fpayment-letter%2Freturn-of-overpayment-to-client-letter.html&ul=en-us&de=UTF-8&dt=Letter%20to%20Inform%20Return%20of%20Overpayment%20to%20Client%20-%20Sample&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=vdoaijs&ea=loaded&el=letters&_utma=156209318.2112529175.1620909674.1620909674.1620909674.1&_utmz=156209318.1620909674.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)&_utmht=1620909674509&_u=YQBCAUABAAAAAC~&jid=1585708018&gjid=1240784254&cid=2112529175.1620909674&tid=UA-113932176-32&_gid=649798985.1620909675&_r=1&gtm=2ou550&z=1091709333

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.letters.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 13 May 2021 12:41:14 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.letters.org
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3-29 200 collect Show response
stats.g.doubleclick.net/j/ 1 B
22 B 28ms
14ms XHR
text/plain 2a00:1450:400c:c04::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j90&tid=UA-113932176-32&cid=2112529175.1620909674&jid=1585708018&gjid=1240784254&_gid=649798985.1620909675&_u=YQBCAUAAAAAAAC~&z=491413012

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400c:c04::9d Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.letters.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Thu, 13 May 2021 12:41:14 GMT
content-type: text/plain
access-control-allow-origin: https://www.letters.org
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 fcmain.js Show response
contextual.media.net/1017354394/ 3 KB
2 KB 188ms
187ms Script
text/javascript 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/1017354394/fcmain.js?cb=window._mNDetails.initAd&&gdpr=1&cid=8CUMG3VZL&cpcd=kkQue80HaQBxyFy3eT-4Iw%3D%3D&crid=582910163&size=249x300&cc=DE&https=1&vif=1&requrl=https%3A%2F%2Fletters.org%2Fpayment-letter%2Freturn-of-overpayment-to-client-letter.html&nse=5&vi=1620909674641099153&lw=1&ugd=4&insl=1&nb=1

Requested by

Host: contextual.media.net
URL: https://contextual.media.net/nmedianet.js?cid=8CUMG3VZL&https=1

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

dff6c21fc00e82e51a177852e76c8744ee715df812bfbf539e648a733ab3965c

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Referer: https://www.letters.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=604800
content-encoding: gzip
server: Apache
x-mnt-hl2: 8-9
vary: Accept-Encoding
content-type: text/javascript
cache-control: max-age=295
date: Thu, 13 May 2021 12:41:14 GMT
content-length: 1642
expires: Thu, 13 May 2021 12:46:09 GMT

GET
H2 200 bping.php
lg3.media.net/ 35 B
189 B 54ms
53ms Image
image/gif 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lg3.media.net/bping.php?&gdpr=1&prid=8PRHGG6T9&cid=8CUMG3VZL&crid=582910163&vi=1620909674641099153&ugd=4&lf=6&cc=DE&sc=HE&insl=1&lper=100&wsip=2886993991&r=1620909674566&requrl=https%3A%2F%2Fletters.org%2Fpayment-letter%2Freturn-of-overpayment-to-client-letter.html&vgd_l2type=setting&vgd_sbSup=1&vgd_is_amp=0&vgd_asn=9009&vgd_uspa=0&hvsid=00001620909674564015095070722980&gdpr=1&vgd_end=1

Requested by

Host: www.letters.org
URL: https://www.letters.org/payment-letter/return-of-overpayment-to-client-letter.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

0915fad60bc9b61b6dcd82d05da7ec4bc0232a647e75b8507c3cba6d4d6602f9

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600

Request headers

Referer: https://www.letters.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=21600
server: Apache
date: Thu, 13 May 2021 12:41:14 GMT
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
content-length: 35
expires: Thu, 13 May 2021 12:41:14 GMT

GET
H3-29 200 collect
www.google-analytics.com/ 35 B
55 B 6ms
6ms Image
image/gif 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j90&a=2136985631&t=pageview&_s=2&dl=https%3A%2F%2Fwww.letters.org%2Fpayment-letter%2Freturn-of-overpayment-to-client-letter.html&ul=en-us&de=UTF-8&dt=Letter%20to%20Inform%20Return%20of%20Overpayment%20to%20Client%20-%20Sample&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_utma=156209318.2112529175.1620909674.1620909674.1620909674.1&_utmz=156209318.1620909674.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)&_utmht=1620909674595&_u=aQBCAUABAAAAAC~&jid=&gjid=&cid=2112529175.1620909674&tid=UA-113932176-32&_gid=649798985.1620909675&gtm=2ou550&z=822619470

Requested by

Host: www.letters.org
URL: https://www.letters.org/payment-letter/return-of-overpayment-to-client-letter.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.letters.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 13 May 2021 03:14:42 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 33992
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 allowed_url.php Show response
targeting.vdo.ai/ 98 B
866 B 36ms
20ms XHR
application/json 2606:4700:3033::6815:2384
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://targeting.vdo.ai/allowed_url.php?type=json&url=letters.org%2Fpayment-letter%2Freturn-of-overpayment-to-client-letter.html&tag=letters&domain=letters.org
Requested by: Host: a.vdo.ai
URL: https://a.vdo.ai/core/dependencies_hbv4/vdo.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::6815:2384 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f2358c73a3cf6ec5b73f192a64b336e31d92221b04b959f0dd3857d95b82207e

Request headers

Referer: https://www.letters.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 13 May 2021 12:41:14 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/json
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=E2OWnUw9V4DXK0c63G5tQQkWcum%2F0RAyJNm%2FMLaL19hrNWwlJ5%2Br7XpN%2Bc7eJYdJZgHx6mRmB%2Bbf97ilPOUmqOmyFKISEiPei0E8goAubTExKcIzaWJD6TQ7n%2BGA"}],"group":"cf-nel","max_age":604800}
cf-ray: 64ebf5ba5f72c28b-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 0a0757e8760000c28b3f949000000001

POST
H/1.1 200
OK logger Show response
analytics.vdo.ai/ 0
321 B 281ms
95ms XHR
text/html 54.39.16.115
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.vdo.ai/logger
Requested by: Host: a.vdo.ai
URL: https://a.vdo.ai/core/dependencies_hbv4/vdo.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.39.16.115 Beauharnois, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns555277.ip-54-39-16.net
Software: openresty/1.19.3.1 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.letters.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Date: Thu, 13 May 2021 12:41:14 GMT
Content-Encoding: gzip
Server: openresty/1.19.3.1
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/html
Access-Control-Allow-Origin: *
Transfer-Encoding: chunked
Connection: keep-alive

GET
H3-29 200 vdo.player.js Show response
a.vdo.ai/core/assets/ 575 KB
144 KB 50ms
49ms Script
application/javascript 2606:4700:3033::ac43:de92
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://a.vdo.ai/core/assets/vdo.player.js
Requested by: Host: a.vdo.ai
URL: https://a.vdo.ai/core/dependencies_hbv4/vdo.min.js
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::ac43:de92 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0d3d3d99ec2d1da823e792b3024b24ae723c89a29d46d9cffe4b1d4ba935c0da

Request headers

Referer: https://www.letters.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 13 May 2021 12:41:14 GMT
via: 1.1 varnish-v4
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 360
cf-ray: 64ebf5bacece3244-FRA
x-cache: HIT
access-control-allow-methods: GET, POST, OPTIONS
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 0a0757e8b90000324475ae7000000001
last-modified: Mon, 14 Sep 2020 22:24:51 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=AmRUBeDS3%2Bgyl7qQHP1sXjCZ0ddCF4Hn9l9fsaIxh%2FsJVyZmrvez0uLpS2bhB0fL%2B9AG3mudT%2Bj6Gs6rH7yigKlNup76D30GRabHOywQ0gYwtH9C8Q%3D%3D"}],"group":"cf-nel","max_age":604800}
x-varnish: 329407 65601
access-control-allow-origin: *
access-control-expose-headers: Content-Length,Content-Range
cache-control: public, max-age=1800
access-control-allow-credentials: true
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range

GET
H3-29 200 rtb.js Show response
a.vdo.ai/core/assets/ 384 KB
106 KB 43ms
42ms Script
application/javascript 2606:4700:3033::ac43:de92
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://a.vdo.ai/core/assets/rtb.js
Requested by: Host: a.vdo.ai
URL: https://a.vdo.ai/core/dependencies_hbv4/vdo.min.js
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::ac43:de92 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: df946b91a9b2ae689c104e0f0a549e49b2eb452b17c1b8e8d82bbbfad71411e5

Request headers

Referer: https://www.letters.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 13 May 2021 12:41:14 GMT
via: 1.1 varnish-v4
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 360
cf-ray: 64ebf5baced03244-FRA
x-cache: HIT
access-control-allow-methods: GET, POST, OPTIONS
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 0a0757e8ba000032441d8de000000001
last-modified: Mon, 10 May 2021 08:16:30 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=SdXjzgN%2BhTrJkfWfcx3%2FQv7918%2FEJ7OzPRb%2BYNHkOV8tDRziWnkDkGhJABRl7J4hsHBMjp0%2BH%2BP7msy%2B2O6iv0vnVINk1ptF1yLHGC4nBdZXhWGYMA%3D%3D"}],"group":"cf-nel","max_age":604800}
x-varnish: 102700 131121
access-control-allow-origin: *
access-control-expose-headers: Content-Length,Content-Range
cache-control: public, max-age=1800
access-control-allow-credentials: true
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range

GET
H/1.1 200
OK pixel.gif
track.vdo.ai/ 43 B
236 B 58ms
18ms Image
image/gif 51.77.119.11
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track.vdo.ai/pixel.gif?domainName=www.letters.org&tagName=letters&event=initVdo&uid=7b3bd407-1370-4277-9959-a3aec03b302a&t=1620909674677
Requested by: Host: www.letters.org
URL: https://www.letters.org/payment-letter/return-of-overpayment-to-client-letter.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 51.77.119.11 , France, ASN16276 (OVH, FR),
Reverse DNS: ns31094366.ip-51-77-119.eu
Software: nginx/1.12.2 /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer: https://www.letters.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 13 May 2021 12:41:14 GMT
Last-Modified: Mon, 28 Sep 1970 06:00:00 GMT
Server: nginx/1.12.2
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif

GET
H3-29 200 collect
www.google-analytics.com/ 35 B
55 B 7ms
6ms Image
image/gif 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j90&a=2136985631&t=event&_s=3&dl=https%3A%2F%2Fwww.letters.org%2Fpayment-letter%2Freturn-of-overpayment-to-client-letter.html&ul=en-us&de=UTF-8&dt=Letter%20to%20Inform%20Return%20of%20Overpayment%20to%20Client%20-%20Sample&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=video&ea=initVdo&el=letters&_utma=156209318.2112529175.1620909674.1620909674.1620909674.1&_utmz=156209318.1620909674.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)&_utmht=1620909674678&_u=aQBCAUABAAAAAC~&jid=&gjid=&cid=2112529175.1620909674&tid=UA-113932176-32&_gid=649798985.1620909675&gtm=2ou550&z=481016781

Requested by

Host: www.letters.org
URL: https://www.letters.org/payment-letter/return-of-overpayment-to-client-letter.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.letters.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 13 May 2021 03:14:42 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 33992
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
BLOB 200
OK bf2317ba-7b5d-4d52-918d-ebc606854e87
https://www.letters.org/ 31 B
0 Other
application/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://www.letters.org/bf2317ba-7b5d-4d52-918d-ebc606854e87
Requested by: Host: www.letters.org
URL: https://www.letters.org/payment-letter/return-of-overpayment-to-client-letter.html
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7725538fe2f71147bffeba7452b434c826aef9009666cb4360c605d0b2a91d1d

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Length: 31
Content-Type: application/javascript

OPTIONS
H/1.1 204
No Content 1614345662766038f5bef0a2a.m3u8
h.vdo.ai/uploads/videos/ Frame 0
0 295ms
96ms Preflight
text/plain 144.217.76.121
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://h.vdo.ai/uploads/videos/1614345662766038f5bef0a2a.m3u8
Protocol: HTTP/1.1
Server: 144.217.76.121 Beauharnois, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns542653.ip-144-217-76.net
Software: nginx/1.16.1 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: vdoai
Origin: https://www.letters.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Server: nginx/1.16.1
Date: Thu, 13 May 2021 12:41:15 GMT
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,vdoai
Access-Control-Max-Age: 1728000
Content-Type: text/plain; charset=utf-8
Content-Length: 0

GET
H/1.1 200
OK 1614345662766038f5bef0a2a.m3u8 Show response
h.vdo.ai/uploads/videos/ 11 KB
12 KB 97ms
97ms XHR
application/vnd.apple.mpegurl 144.217.76.121
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://h.vdo.ai/uploads/videos/1614345662766038f5bef0a2a.m3u8
Requested by: Host: a.vdo.ai
URL: https://a.vdo.ai/core/assets/vdo.player.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 144.217.76.121 Beauharnois, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns542653.ip-144-217-76.net
Software: nginx/1.16.1 /
Resource Hash: 46573b14fd2bad757b60a89235cb9c8c9f41c0a84899d0ce51b40196d0450986

Request headers

Referer: https://www.letters.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
vdoai: true

Response headers

Date: Thu, 13 May 2021 12:41:15 GMT
Last-Modified: Fri, 26 Feb 2021 13:21:37 GMT
Server: nginx/1.16.1
ETag: "6038f5e1-2ddf"
Content-Type: application/vnd.apple.mpegurl
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 11743

GET
BLOB 200
OK 455122e7-ff56-4376-adb2-ef992fd40277
https://www.letters.org/ 5 KB
0 Other
application/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://www.letters.org/455122e7-ff56-4376-adb2-ef992fd40277
Requested by: Host: www.letters.org
URL: https://www.letters.org/payment-letter/return-of-overpayment-to-client-letter.html
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c0d2bb46c68e084f258f3728375c0351cb47075647142ba7df6f0059ae0b2581

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Length: 5409
Content-Type: application/javascript

GET
H2 200 flping.php
lg3.media.net/ 35 B
189 B 20ms
19ms Image
image/gif 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lg3.media.net/flping.php?reason=28&action=4&cme=axb57y4Bn6TdU5UuViEKwhJsC2BxWnIIH4uGIIw2nqHtLAMKWfBekMS0A3BPEAm6MPqHbev7Lq_vuzRD7azdHXDfmqU9zx7Pr6bQmQJUAlSnthfx1-Hk_K_YBH2WC3W2csrYYmAItVUF80HH7O9mmv9bVZriBPFw1ku7wvMeX-9jN3NPCuyngjZhE4M4H2WyVG77BAFaSpMXEQ3lJqn21ogLoLxbUfjxsRWzLemLIR_2aFSMl4MMTx3pYpt5yf5KwDbxNUwdFTxXj6L-gp4K-Jgav83OZon7J6dDYmvjVkY1sipzRXAZMhLvKv2vwMMg1-fu85Ww8rB7_iV-vQ23lU9MF5IXV--PQ3P_Rd4GPhXXkJ--LDGPNbY2pAy5yo8jLXduTC51g9nLLrZN2FLjqoCGgj956WfmwcQjL474sNSMwl4MiIGkm-xSQp197yCCvQgJRy9_Xx_vc6PltgqCxFT_oRfJ-CevJ2nyGe3T9Qy5MZOXGCoGdPWH3XO4B6tODOT-2t7J_4yQqyrCzlu0pCAvXed4gmIDaU_BEr2kYGmphYiihELIu5MpMjRhzca2i3-diCKrVPq5lErmY4DQc3uctPNygV9KfQc4EeLUguB11-LLcsNpDd0CJlnM5O415Xn8CNKWt48%3D%7C%7C&gdpr=1&vgd_xrw=

Requested by

Host: www.letters.org
URL: https://www.letters.org/payment-letter/return-of-overpayment-to-client-letter.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

0915fad60bc9b61b6dcd82d05da7ec4bc0232a647e75b8507c3cba6d4d6602f9

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600

Request headers

Referer: https://www.letters.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=21600
server: Apache
date: Thu, 13 May 2021 12:41:14 GMT
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
content-length: 35
expires: Thu, 13 May 2021 12:41:14 GMT

GET
H3-29 200 bridge3.458.0_en.html Show response
imasdk.googleapis.com/js/core/ Frame CFCA 573 KB
187 KB 30ms
16ms Document
text/html 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/core/bridge3.458.0_en.html

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

081fe081ca1a1c7857c829ef147d17156961a29cbe66e56b31bb6fbefee16310

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: imasdk.googleapis.com
:scheme: https
:path: /js/core/bridge3.458.0_en.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.letters.org/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.letters.org/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 191944
date: Wed, 12 May 2021 01:40:52 GMT
expires: Thu, 12 May 2022 01:40:52 GMT
last-modified: Wed, 12 May 2021 01:31:31 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 126022
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 client.js Show response
s0.2mdn.net/instream/video/ 44 KB
17 KB 45ms
14ms Script
text/javascript 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/instream/video/client.js

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d0bffc7261df1454c5e05475cda7d9e6647318dc6c3936767e1252bfe8849c54

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.letters.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 13 May 2021 12:41:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16746
x-xss-protection: 0
expires: Thu, 13 May 2021 12:41:14 GMT

POST
H/1.1 200
OK logger Show response
analytics.vdo.ai/ 0
321 B 228ms
94ms XHR
text/html 54.39.16.115
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.vdo.ai/logger
Requested by: Host: a.vdo.ai
URL: https://a.vdo.ai/core/dependencies_hbv4/vdo.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.39.16.115 Beauharnois, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns555277.ip-54-39-16.net
Software: openresty/1.19.3.1 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.letters.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Date: Thu, 13 May 2021 12:41:15 GMT
Content-Encoding: gzip
Server: openresty/1.19.3.1
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/html
Access-Control-Allow-Origin: *
Transfer-Encoding: chunked
Connection: keep-alive

GET
H3-29 200 logo.svg
a.vdo.ai/core/assets/img/ 1 KB
1 KB 14ms
13ms Image
image/svg+xml 2606:4700:3033::ac43:de92
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://a.vdo.ai/core/assets/img/logo.svg
Requested by: Host: www.letters.org
URL: https://www.letters.org/payment-letter/return-of-overpayment-to-client-letter.html
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::ac43:de92 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9adf28f17b88f7835611736a9461d0452433a4e12f3ebaafae1689394aeb8d7b

Request headers

Referer: https://www.letters.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 13 May 2021 12:41:14 GMT
via: 1.1 varnish-v4
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 362
cf-ray: 64ebf5bba8a33244-FRA
x-cache: HIT
access-control-allow-methods: GET, POST, OPTIONS
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 0a0757e94b000032442d262000000001
last-modified: Mon, 02 Mar 2020 08:12:49 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=e4XRhhqDVGbxx6j8oeIgabV4Ug3l4qAnc0i%2Fk2tjYPMIxfiG9Q9fb2THg6lU0vzN9Ov4KI3%2FxU32sDrOcuPmhZYO%2BSmoMJXZUpXN3k%2BlXdFtTJgXDA%3D%3D"}],"group":"cf-nel","max_age":604800}
x-varnish: 427281 65598
access-control-allow-origin: *
access-control-expose-headers: Content-Length,Content-Range
cache-control: public, max-age=1800
access-control-allow-credentials: true
content-type: image/svg+xml
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range

GET
H/1.1 200
OK pixel.gif
track.vdo.ai/ 43 B
236 B 25ms
24ms Image
image/gif 51.77.119.11
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track.vdo.ai/pixel.gif?domainName=www.letters.org&tagName=letters&event=forceplay&uid=7b3bd407-1370-4277-9959-a3aec03b302a&t=1620909674826
Requested by: Host: www.letters.org
URL: https://www.letters.org/payment-letter/return-of-overpayment-to-client-letter.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 51.77.119.11 , France, ASN16276 (OVH, FR),
Reverse DNS: ns31094366.ip-51-77-119.eu
Software: nginx/1.12.2 /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer: https://www.letters.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 13 May 2021 12:41:14 GMT
Last-Modified: Mon, 28 Sep 1970 06:00:00 GMT
Server: nginx/1.12.2
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif

GET
DATA 200
OK truncated
/ Frame 4F3A 107 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: dfa1028a74436c56e0ee1367812c0ee599d6814ec4a3079ca9b9afffba949e26

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 4F3A 4 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 326c32d7ffbd04762a10cf5bb37441d418397959381d3893c9e9a48217aa5347

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 4F3A 2 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b00af338864761a37a208806e2e8815b46327a5e7e47bf141f4fbdf6d1fd3bcc

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H/1.1 200
OK OpenSans_Semibold.woff
res-a.akamaihd.net/__media__/fonts/OpenSans_Semibold/ Frame 4F3A 21 KB
21 KB 25ms
25ms Font
application/font-woff 2.16.186.43
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://res-a.akamaihd.net/__media__/fonts/OpenSans_Semibold/OpenSans_Semibold.woff
Requested by: Host: www.letters.org
URL: https://www.letters.org/payment-letter/return-of-overpayment-to-client-letter.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2.16.186.43 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-16-186-43.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 2a354649f57a81405daccfd6b5785da5f73ba638f2db591992cb7b739dac3135

Request headers

Origin: https://www.letters.org
Referer: https://www.letters.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 13 May 2021 12:41:14 GMT
Last-Modified: Mon, 16 May 2016 10:39:41 GMT
Server: nginx
ETag: "5739a36d-54c8"
Content-Type: application/font-woff
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 21704

POST
H/1.1 200
OK logger Show response
analytics.vdo.ai/ 0
321 B 278ms
126ms XHR
text/html 54.39.16.115
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.vdo.ai/logger
Requested by: Host: a.vdo.ai
URL: https://a.vdo.ai/core/dependencies_hbv4/vdo.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.39.16.115 Beauharnois, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns555277.ip-54-39-16.net
Software: openresty/1.19.3.1 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.letters.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Date: Thu, 13 May 2021 12:41:15 GMT
Content-Encoding: gzip
Server: openresty/1.19.3.1
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/html
Access-Control-Allow-Origin: *
Transfer-Encoding: chunked
Connection: keep-alive

POST
H/1.1 200
OK logger Show response
analytics.vdo.ai/ 0
321 B 278ms
98ms XHR
text/html 54.39.16.115
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.vdo.ai/logger
Requested by: Host: a.vdo.ai
URL: https://a.vdo.ai/core/dependencies_hbv4/vdo.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.39.16.115 Beauharnois, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns555277.ip-54-39-16.net
Software: openresty/1.19.3.1 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.letters.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Date: Thu, 13 May 2021 12:41:15 GMT
Content-Encoding: gzip
Server: openresty/1.19.3.1
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/html
Access-Control-Allow-Origin: *
Transfer-Encoding: chunked
Connection: keep-alive

POST
H/1.1 200
OK logger Show response
analytics.vdo.ai/ 0
321 B 277ms
92ms XHR
text/html 54.39.16.115
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.vdo.ai/logger
Requested by: Host: a.vdo.ai
URL: https://a.vdo.ai/core/dependencies_hbv4/vdo.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.39.16.115 Beauharnois, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns555277.ip-54-39-16.net
Software: openresty/1.19.3.1 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.letters.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Date: Thu, 13 May 2021 12:41:15 GMT
Content-Encoding: gzip
Server: openresty/1.19.3.1
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/html
Access-Control-Allow-Origin: *
Transfer-Encoding: chunked
Connection: keep-alive

GET
H/1.1 200
OK pixel.gif
track.vdo.ai/ 43 B
236 B 18ms
17ms Image
image/gif 51.77.119.11
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track.vdo.ai/pixel.gif?domainName=www.letters.org&tagName=letters&event=pageview&uid=7b3bd407-1370-4277-9959-a3aec03b302a&t=1620909674875
Requested by: Host: www.letters.org
URL: https://www.letters.org/payment-letter/return-of-overpayment-to-client-letter.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 51.77.119.11 , France, ASN16276 (OVH, FR),
Reverse DNS: ns31094366.ip-51-77-119.eu
Software: nginx/1.12.2 /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer: https://www.letters.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 13 May 2021 12:41:14 GMT
Last-Modified: Mon, 28 Sep 1970 06:00:00 GMT
Server: nginx/1.12.2
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif

GET
H3-29 200 collect
www.google-analytics.com/ 35 B
55 B 7ms
6ms Image
image/gif 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j90&a=2136985631&t=event&_s=4&dl=https%3A%2F%2Fwww.letters.org%2Fpayment-letter%2Freturn-of-overpayment-to-client-letter.html&ul=en-us&de=UTF-8&dt=Letter%20to%20Inform%20Return%20of%20Overpayment%20to%20Client%20-%20Sample&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=video&ea=pageview&el=letters&_utma=156209318.2112529175.1620909674.1620909674.1620909674.1&_utmz=156209318.1620909674.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)&_utmht=1620909674876&_u=aQBCAUABAAAAAC~&jid=&gjid=&cid=2112529175.1620909674&tid=UA-113932176-32&_gid=649798985.1620909675&gtm=2ou550&z=2019775602

Requested by

Host: www.letters.org
URL: https://www.letters.org/payment-letter/return-of-overpayment-to-client-letter.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.letters.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 13 May 2021 03:14:42 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 33992
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK pixel.gif
track.vdo.ai/ 43 B
236 B 36ms
17ms Image
image/gif 51.77.119.11
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track.vdo.ai/pixel.gif?domainName=www.letters.org&tagName=letters&event=website_pageview&uid=7b3bd407-1370-4277-9959-a3aec03b302a&t=1620909674877
Requested by: Host: www.letters.org
URL: https://www.letters.org/payment-letter/return-of-overpayment-to-client-letter.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 51.77.119.11 , France, ASN16276 (OVH, FR),
Reverse DNS: ns31094366.ip-51-77-119.eu
Software: nginx/1.12.2 /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer: https://www.letters.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 13 May 2021 12:41:14 GMT
Last-Modified: Mon, 28 Sep 1970 06:00:00 GMT
Server: nginx/1.12.2
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif

GET
H3-29 200 collect
www.google-analytics.com/ 35 B
55 B 8ms
7ms Image
image/gif 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j90&a=2136985631&t=event&_s=5&dl=https%3A%2F%2Fwww.letters.org%2Fpayment-letter%2Freturn-of-overpayment-to-client-letter.html&ul=en-us&de=UTF-8&dt=Letter%20to%20Inform%20Return%20of%20Overpayment%20to%20Client%20-%20Sample&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=video&ea=website_pageview&el=letters&_utma=156209318.2112529175.1620909674.1620909674.1620909674.1&_utmz=156209318.1620909674.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)&_utmht=1620909674877&_u=aQBCAUABAAAAAC~&jid=&gjid=&cid=2112529175.1620909674&tid=UA-113932176-32&_gid=649798985.1620909675&gtm=2ou550&z=783469009

Requested by

Host: www.letters.org
URL: https://www.letters.org/payment-letter/return-of-overpayment-to-client-letter.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.letters.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 13 May 2021 03:14:42 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 33992
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 collect
www.google-analytics.com/ 35 B
55 B 8ms
7ms Image
image/gif 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j90&a=2136985631&t=event&_s=6&dl=https%3A%2F%2Fwww.letters.org%2Fpayment-letter%2Freturn-of-overpayment-to-client-letter.html&ul=en-us&de=UTF-8&dt=Letter%20to%20Inform%20Return%20of%20Overpayment%20to%20Client%20-%20Sample&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=video&ea=began_btf&el=letters&_utma=156209318.2112529175.1620909674.1620909674.1620909674.1&_utmz=156209318.1620909674.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)&_utmht=1620909674879&_u=aQBCAUABAAAAAC~&jid=&gjid=&cid=2112529175.1620909674&tid=UA-113932176-32&_gid=649798985.1620909675&gtm=2ou550&z=1464978073

Requested by

Host: www.letters.org
URL: https://www.letters.org/payment-letter/return-of-overpayment-to-client-letter.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.letters.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 13 May 2021 03:14:42 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 33992
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 omweb-v1.js Show response
pagead2.googlesyndication.com/omsdk/releases/live/ Frame 491E 36 KB
12 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js

Requested by

Host: srcdoc
URL: about:srcdoc

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a11f37584d425c821f06a42bb6a20546c9ceaf34bbf5d4d776afbaef40148e6e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.letters.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 13 May 2021 12:14:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 14 Dec 2020 16:45:56 GMT
server: sffe
age: 1608
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=3600
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12603
x-xss-protection: 0
expires: Thu, 13 May 2021 13:14:26 GMT

GET
H2 200 bql.php Show response
lg3.media.net/ Frame BAB2 15 B
216 B 21ms
20ms Script
text/javascript 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://lg3.media.net/bql.php?&vgd_l2type=setting&v=1&gdpr=1&hvsid=00001620909673887015095070726851&geo=50.12|8.68&dlper=25&lper=100&fp=LtjlLoaJDSnGrwcty2mKr91PL_6CgNkDz51Z6a9Cztu8LaN0hXgUaWbnITl91i2Vhhz_2yT-2gMLZUKm7UFL5XO0JnCnzgk0RnNcoN1CG5lHZ_uyU1-gkpKwXL4xMs_x&lpid=&tsid=329&q=&prv=&type=&ps=&cme=bVrPDVBFwJxVDj089ZbmAfATWpZCluFVi3eW7HR2z0Y9zA3QJGrXH52h9F2v-Nr-BoD667aWXKsWX4CNlH_fI3frNd0IHpWvVo7Hh01EuYMpkbLEz7Qekw0T590om0Ravw3F2FiE6-Ki3BRbEIm0Jq0FfBlm5XsuJETy8vpXoeTIWZxONlRAo-4CS7D2Nk7d__gHhDmZq4E2Ntkpd7Ip7w%3D%3D%7C%7CNDHRnZ9Gz3KXlI-i9OnZqQ%3D%3D%7C5gDUJdTGiJzedmq9hanWYg%3D%3D%7CsRBSg3CPSiQ%3D%7CYdjFvixrVaE57c-emHoCYyVJsEuNBKdVMnzOrzkk1-4Gxv8yx_pAczfc-p5i08psFWu8h7GSGFSE6hYV35R1JQ%3D%3D%7CN7fu2vKt8_s%3D%7CoADvbJ_PwOukqNJcBQrSx8_LXqScbN4_m6espzB-IkxfooVDQRLmFwbR-dq0GwVLYjCs8NUPYZYmkHusO5N-zybVZxrcGdqY-Bbo1y_qaOCLQgMPKjjDrQ8B_P-K24c_q1n_y6Y-vw_5_IWl0Hg8AGgezoPJqNd1PRzSLOZPdZhFShgZguPAJE_YKoRpUa85HlKbILfOXpT8LdoehY8oEpkTs8jiarsFewd87Y2Yf0A%3D%7C&hint=&td=&cc=DE&wsip=2887305235&bca=0&ugd=4&vgd_chost=contextual.media.net&vgd_fcic=0&vgde_kbbh=u9oNu9&vgde_setid=Nu9&&rc=0&ksu=207&fdkt=208&kwd[]=Letter%20of%20Demand%20for%20Payment&kwt[]=208&kbc[]=1203015305&kwp[]=1&kid[]=17386727&kbc2[]=o_r%3D0.13%7C%7Cp_r%3D0.13%7C%7Cl_r%3D152%7C%7Cc%3D43%7C%7Crpc%3D0.07%7C%7Clvl%3D1.00&ktd[]=1126174801527296&kwd[]=Sample%20Letter%20of%20Explanation&kwt[]=240&kbc[]=cd775958d866f6ab6e9339e4d5a41a7c.d2s&kwp[]=2&kid[]=153204375&kbc2[]=101%7C%7Co_r%3D0.22%7C%7Cp_r%3D0.00%7C%7Cl_r%3D56%7C%7Cc%3D193%7C%7Cps%3D0.310%7C%7Crpc%3D0.02%7C%7Clvl%3D1.00&ktd[]=1126174801789696&kwd[]=Business%20Proposal%20Letter&kwt[]=240&kbc[]=cd775958d866f6ab6e9339e4d5a41a7c.d2s&kwp[]=3&kid[]=4604009&kbc2[]=o_r%3DNaN%7C%7Cp_r%3D0.13%7C%7Cl_r%3D152%7C%7Cc%3D-372%7C%7Cps%3D0.310%7C%7Crpc%3D0.14%7C%7Clvl%3D2.41&ktd[]=1126174801658624&kwd[]=Sample%20Letters%20of%20Request&kwt[]=240&kbc[]=cd775958d866f6ab6e9339e4d5a41a7c.d2s&kwp[]=4&kid[]=25093034&kbc2[]=c%3D-372%7C%7Cps%3D0.310%7C%7Crpc%3D0.02%7C%7Clvl%3D1.17&ktd[]=274911593216&kwd[]=Sample%20Complaint%20Letter&kwt[]=240&kbc[]=cd775958d866f6ab6e9339e4d5a41a7c.d2s&kwp[]=5&kid[]=25091754&kbc2[]=c%3D-372%7C%7Cps%3D0.310%7C%7Crpc%3D0.10%7C%7Clvl%3D1.00&ktd[]=274911593216&kwd[]=New%20Business%20Marketing%20Letter&kwt[]=240&kbc[]=cd775958d866f6ab6e9339e4d5a41a7c.d2s&kwp[]=6&kid[]=277815330&kbc2[]=o_r%3DNaN%7C%7Cp_r%3D0.13%7C%7Cl_r%3D152%7C%7Cc%3D-372%7C%7Cps%3D0.310%7C%7Crpc%3D0.07%7C%7Clvl%3D1.00&ktd[]=274911593216&kwd[]=Business%20Partnership%20Proposal&kwt[]=240&kbc[]=cd775958d866f6ab6e9339e4d5a41a7c.d2s&kwp[]=7&kid[]=54309349&kbc2[]=o_r%3DNaN%7C%7Cp_r%3D0.28%7C%7Cl_r%3D58%7C%7Cc%3D-372%7C%7Cps%3D0.310%7C%7Crpc%3D0.19%7C%7Clvl%3D1.29&ktd[]=274894816000&kwd[]=Sample%20Letter%20of%20Inquiry&kwt[]=240&kbc[]=cd775958d866f6ab6e9339e4d5a41a7c.d2s&kwp[]=8&kid[]=153204396&kbc2[]=o_r%3DNaN%7C%7Cp_r%3D0.34%7C%7Cl_r%3D58%7C%7Cc%3D-372%7C%7Cps%3D0.310%7C%7Crpc%3D0.09%7C%7Clvl%3D1.29&ktd[]=274894816000&kwd[]=Complaint%20Letter%20Examples&kwt[]=240&kbc[]=cd775958d866f6ab6e9339e4d5a41a7c.d2s&kwp[]=9&kid[]=6619485&kbc2[]=101%7C%7Cc%3D-372%7C%7Cps%3D0.310%7C%7Crpc%3D0.04%7C%7Clvl%3D2.48&ktd[]=274895078144&kwd[]=Business%20Introduction%20Email&kwt[]=240&kbc[]=cd775958d866f6ab6e9339e4d5a41a7c.d2s&kwp[]=10&kid[]=54294293&kbc2[]=o_r%3DNaN%7C%7Cp_r%3D0.32%7C%7Cl_r%3D42%7C%7Cc%3D-372%7C%7Cps%3D0.310%7C%7Crpc%3D0.19%7C%7Clvl%3D1.29&ktd[]=274894816000&kwd[]=Non%20Profit%20Donation%20Letters&kwt[]=240&kbc[]=cd775958d866f6ab6e9339e4d5a41a7c.d2s&kwp[]=11&kid[]=130779354&kbc2[]=o_r%3DNaN%7C%7Cp_r%3D0.13%7C%7Cl_r%3D152%7C%7Cc%3D-372%7C%7Cps%3D0.310%7C%7Crpc%3D0.34%7C%7Clvl%3D1.00&ktd[]=274894816000&kwd[]=Employee%20Recognition%20Awards&kwt[]=240&kbc[]=cd775958d866f6ab6e9339e4d5a41a7c.d2s&kwp[]=12&kid[]=9728213&kbc2[]=o_r%3DNaN%7C%7Cp_r%3D0.13%7C%7Cl_r%3D152%7C%7Cc%3D-372%7C%7Cps%3D0.310%7C%7Crpc%3D0.16%7C%7Clvl%3D1.00&ktd[]=274911593216&kwd[]=Sample%20Letters%20of%20Recommendation&kwt[]=240&kbc[]=cd775958d866f6ab6e9339e4d5a41a7c.d2s&kwp[]=13&kid[]=25093025&kbc2[]=o_r%3DNaN%7C%7Cp_r%3D0.13%7C%7Cl_r%3D152%7C%7Cc%3D-372%7C%7Cps%3D0.310%7C%7Crpc%3D0.06%7C%7Clvl%3D1.17&ktd[]=1126174818435840&kwd[]=Formal%20Invitation%20Letter&kwt[]=240&kbc[]=cd775958d866f6ab6e9339e4d5a41a7c.d2s&kwp[]=14&kid[]=11321453&kbc2[]=101%7C%7Cps%3D0.310%7C%7Crpc%3D0.14%7C%7Clvl%3D1.17&ktd[]=274895077632&kwd[]=Salary%20Request%20Letter%20Sample&kwt[]=240&kbc[]=cd775958d866f6ab6e9339e4d5a41a7c.d2s&kwp[]=15&kid[]=329990173&kbc2[]=101%7C%7Cps%3D0.310%7C%7Crpc%3D0.02%7C%7Clvl%3D1.00&ktd[]=274895077632&kwd[]=College%20Transcript%20Request&kwt[]=240&kbc[]=cd775958d866f6ab6e9339e4d5a41a7c.d2s&kwp[]=16&kid[]=206894961&kbc2[]=101%7C%7Cps%3D0.310%7C%7Crpc%3D0.08%7C%7Clvl%3D1.00&ktd[]=274895077632&rand=1620909674300&cid=8CUMG3VZL&vwid=1620909673308213370&vi=1620909673308213370&l3ch=0&slnkp=no&tdAdd[]=rtbsd%3D6&tdAdd[]=ib=0&vgd_uspa=0&vgd_sc=HE&vgd_l1rakh=1620909673113389471&vgd_lhl=764&tdAdd[]=%7C%40%7Csde%3D1%7C%40%7Cadepth%3D1%7C%40%7Cddepth%3D1%7C%40%7Cfsap%3D0&vgd_ifrmode=00&sttm=1620909673887&upk=1620909674.27241&hvsid=00001620909673887015095070726851&verid=111299&kbbq=%26sde%3D1%26adepth%3D1%26ddepth%3D1%26asn%3D9009&vgd_hbReqId=T1620891928C8S31U653&vgd_isiolc=1&npgv=1&rtbsd=6&pid=8POSN2582&matm=1620909674311&vgd_ltime=1084&vgd_ltimesrc=2&abpl=2&tdAdd[]=nw%3DNone&tdAdd[]=nwType%3DNone&tdAdd[]=asnum%3D9009&tdAdd[]=proxy%3DNone&tdAdd[]=comp%3DNone&vgd_l3_sc=HE&vgd_l2ch=0&vgd_l1ch=1&vgd_altbql=sb&vgd_pdtid=1&vgd_implt=3&vgd_sbSup=1&vgd_l2wsip=2887305235&vgd_nrrsf=nrr&vgd_nrrv=57728&vgd_nrrs=57728&vgd_nrrmf=4a&vgd_cntrdt=S%7CDIV-lette-167697730&vgd_x_pos=261&vgd_y_pos=5041&vgd_ren_page_h=6449&vgd_cty=FRANKFURT&vgd_l1hcsd=N4%7C3133&vgd_sethcsd=A9%7C3093&vgd_cfud=200227&vgd_is_amp=0&vgd_optout=0&vgd_ect=4g&vgd_rensize=717_600&vgd_scr_h=1200&vgd_scr_w=1600&vgd_mbr=1&vgd_l1rpth=%2Fnmedianet.js&requrl=https%3A%2F%2Fletters.org%2Fpayment-letter%2Freturn-of-overpayment-to-client-letter.html&oRurl=http%3A%2F%2Fcdng%2Ffcmain.js%3F%26esi%3D1%26%26fvips%3D0%26vpf%3D000%26chost%3Dcontextual.media.net%26cb%3Dwindow._mNDetails.initAd%26%26gdpr%3D1%26cid%3D8CUMG3VZL%26cpcd%3DkkQue80HaQBxyFy3eT-4Iw%253D%253D%26crid%3D680308666%26size%3D600x600%26cc%3DDE%26https%3D1%26vif%3D1%26requrl%3Dhttps%253A%252F%252Fletters.org%252Fpayment-letter%252Freturn-of-overpayment-to-client-letter.html%26nse%3D5%26vi%3D1620909673308213370%26lw%3D1%26ugd%3D4%26nb%3D1%26blacpfl%3D1%26baeFlag%3D0%26blapd%3D0%26isOffice%3D0&tdAdd[]=uiparams%3D%3Brend_w%3A717%3Brend_h%3A600%3Bwin_w%3A1600%3Bwin_h%3A1200%3Bkwd_scnt%3A16&vgd_end=1

Requested by

Host: contextual.media.net
URL: https://contextual.media.net/4a/nrrV57728.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

c787e9dd6dc8ea3c935f5f0f30e3b9e4a3e066b4619bb244f569883f8e318a24

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600

Request headers

Referer: https://www.letters.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=21600
server: Apache
date: Thu, 13 May 2021 12:41:14 GMT
ntcoent-length: 15
vary: Accept-Encoding
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
content-length: 15
expires: Thu, 13 May 2021 12:41:14 GMT

POST
H2 200 log
navvy.media.net/ Frame BAB2 807 B
980 B 183ms
160ms Ping
image/gif 34.102.149.62
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://navvy.media.net/log
Requested by: Host: contextual.media.net
URL: https://contextual.media.net/4a/nrrV57728.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.102.149.62 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 62.149.102.34.bc.googleusercontent.com
Software: Jetty(9.4.7.v20170914) /
Resource Hash: 0a4c16b7f5c1b1ecefc9ffb4fcf1b457f9282d0863fa61d4dd32ad98dafa9a60

Request headers

Referer: https://www.letters.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Thu, 13 May 2021 12:41:15 GMT
via: 1.1 google
server: Jetty(9.4.7.v20170914)
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=0, no-cache,no-store
alt-svc: clear
content-length: 807
expires: Thu, 13 May 2021 12:41:15 GMT

GET
H2 200 nrrV57728.js Show response
contextual.media.net/4a/ Frame 422C 90 KB
29 KB 50ms
50ms Script
text/javascript 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/4a/nrrV57728.js

Requested by

Host: contextual.media.net
URL: https://contextual.media.net/nmedianet.js?cid=8CUMG3VZL&https=1

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

e407a1c4f45bba5bfca5d690481f93ab3ca30a2069f248212f39773355a5da3c

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Referer: https://www.letters.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: max-age=2592000
strict-transport-security: max-age=604800
content-encoding: gzip
server: Apache
etag: "727cefd03bd8c4affe67217780b368f1"
vary: Accept-Encoding
x-mnet-h: 8-20
content-type: text/javascript; charset=utf-8
cache-control: max-age=1209600
date: Thu, 13 May 2021 12:41:15 GMT
content-length: 29612
expires: Thu, 27 May 2021 12:41:15 GMT

GET
H/1.1 200
OK 1x1.gif
res-a.akamaihd.net/__media__/pics/800028474/ Frame 422C 42 B
350 B 18ms
18ms Image
image/gif 2.16.186.43
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://res-a.akamaihd.net/__media__/pics/800028474/1x1.gif
Requested by: Host: www.letters.org
URL: https://www.letters.org/payment-letter/return-of-overpayment-to-client-letter.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2.16.186.43 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-16-186-43.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://www.letters.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 13 May 2021 12:41:14 GMT
Last-Modified: Mon, 04 Jun 2018 10:04:19 GMT
Server: nginx
ETag: "5b150ea3-2a"
Content-Type: image/gif
Cache-Control: public, max-age=416396
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 42
Expires: Tue, 18 May 2021 08:21:10 GMT

GET
DATA 200
OK truncated
/ Frame 422C 4 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 326c32d7ffbd04762a10cf5bb37441d418397959381d3893c9e9a48217aa5347

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 422C 2 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b00af338864761a37a208806e2e8815b46327a5e7e47bf141f4fbdf6d1fd3bcc

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H/1.1 200
OK bullet1.woff
res-a.akamaihd.net/__media__/fonts/bullet1/ Frame 422C 2 KB
2 KB 18ms
18ms Font
application/font-woff 2.16.186.43
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://res-a.akamaihd.net/__media__/fonts/bullet1/bullet1.woff
Requested by: Host: www.letters.org
URL: https://www.letters.org/payment-letter/return-of-overpayment-to-client-letter.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2.16.186.43 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-16-186-43.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: d9ac862518df3efb07d7cecda391ab683489cf26fa04d62e179ba60869dd69bb

Request headers

Origin: https://www.letters.org
Referer: https://www.letters.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 13 May 2021 12:41:14 GMT
Last-Modified: Mon, 16 May 2016 10:39:41 GMT
Server: nginx
ETag: "5739a36d-700"
Content-Type: application/font-woff
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1792

GET
H2 200 17269399664645144145
tpc.googlesyndication.com/daca_images/simgad/ Frame E802 30 KB
30 KB 37ms
16ms Image
image/png 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/daca_images/simgad/17269399664645144145

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9517795834930234&output=html&h=280&slotname=2234739304&adk=3189045681&adf=1594946721&pi=t.ma~as.2234739304&w=727&fwrn=4&fwrnh=100&lmt=1620909673&rafmt=1&psa=0&format=727x280&url=https%3A%2F%2Fwww.letters.org%2Fpayment-letter%2Freturn-of-overpayment-to-client-letter.html&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1620909673891&bpp=2&bdt=392&idt=2&shv=r20210510&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=7658884735661&frm=20&pv=1&ga_vid=2112529175.1620909674&ga_sid=1620909674&ga_hid=2136985631&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=261&ady=4205&biw=1600&bih=1200&scr_x=0&scr_y=0&oid=3&pvsid=3251302952839113&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=66D5Obc7nW&p=https%3A//www.letters.org&dtd=6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

baa716e3959a0c9070ea164fa9c182fe968a3e87da6b20fa5f811e6f7ffce330

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 06 May 2021 16:09:39 GMT
x-content-type-options: nosniff
age: 592296
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 30788
x-xss-protection: 0
last-modified: Sat, 13 Feb 2021 14:12:33 GMT
server: sffe
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 06 May 2022 16:09:39 GMT

GET
H2 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210510/r20110914/ Frame E802 17 KB
7 KB 31ms
10ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210510/r20110914/abg_lite_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6c0489619b42dc28c6d135cf946eaea95f6206229dedbad28a2636d3525fdb3e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 13 May 2021 12:40:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 73
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7042
x-xss-protection: 0
server: cafe
etag: 8099588968410230469
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 27 May 2021 12:40:02 GMT

GET
H2 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210510/r20110914/client/ Frame E802 2 KB
1 KB 33ms
15ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210510/r20110914/client/window_focus_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 13 May 2021 12:38:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 163
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1303
x-xss-protection: 0
server: cafe
etag: 14729628269804859526
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 27 May 2021 12:38:32 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame E802 116 KB
35 KB 30ms
16ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0e3de2e14d9c8708fe42cbb220f1c4d52b720493b1503aa266fac9361b64ac31

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 13 May 2021 12:41:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1620696594685118"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36097
x-xss-protection: 0
expires: Thu, 13 May 2021 12:41:15 GMT

GET
H2 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210510/r20110914/client/ Frame E802 13 KB
6 KB 29ms
11ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210510/r20110914/client/qs_click_protection_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4821fcf9c6131b5e09c316f6946b187f0b3751d723a19b2ff9f2df396d232cbf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 13 May 2021 12:37:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 241
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5621
x-xss-protection: 0
server: cafe
etag: 8169261014141303515
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 27 May 2021 12:37:14 GMT

GET
H2 200 one_click_handler_one_afma_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210510/r20110914/client/ Frame E802 25 KB
10 KB 38ms
20ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210510/r20110914/client/one_click_handler_one_afma_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

05e695a8f4bd26c3a3092afbd08d40b873b39599d47ce15c281b1b526e934258

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 13 May 2021 09:04:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 12985
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10380
x-xss-protection: 0
server: cafe
etag: 16922886349488815302
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 27 May 2021 09:04:50 GMT

GET
H3-29

200

B23794176.267082539;dc_pre=CNPElIvXxvACFdeLdwodBxsEVA;dc_trk_aid=461743800;dc_trk_cid=105894660;ord=1687568341;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua= Show response
ad.doubleclick.net/ddm/trackimp/N790339.3167285ADWORDSGDN/ Frame E802
Redirect Chain

https://ad.doubleclick.net/ddm/trackimp/N790339.3167285ADWORDSGDN/B23794176.267082539;dc_trk_aid=461743800;dc_trk_cid=105894660;ord=1687568341;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?
https://ad.doubleclick.net/ddm/trackimp/N790339.3167285ADWORDSGDN/B23794176.267082539;dc_pre=CNPElIvXxvACFdeLdwodBxsEVA;dc_trk_aid=461743800;dc_trk_cid=105894660;ord=1687568341;dc_lat=;dc_rdid=;tag...

42 B
63 B

56ms
42ms

Fetch
image/gif

172.217.23.102
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.doubleclick.net/ddm/trackimp/N790339.3167285ADWORDSGDN/B23794176.267082539;dc_pre=CNPElIvXxvACFdeLdwodBxsEVA;dc_trk_aid=461743800;dc_trk_cid=105894660;ord=1687568341;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.23.102 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

mil04s23-in-f102.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 13 May 2021 12:41:15 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 13 May 2021 12:41:15 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
location: https://ad.doubleclick.net/ddm/trackimp/N790339.3167285ADWORDSGDN/B23794176.267082539;dc_pre=CNPElIvXxvACFdeLdwodBxsEVA;dc_trk_aid=461743800;dc_trk_cid=105894660;ord=1687568341;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
follow-only-when-prerender-shown: 1
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 adview
googleads.g.doubleclick.net/pagead/ Frame E802 0
0 43ms
42ms Fetch
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=C26cpah6dYNnmGISamLAPibqJoAu7yL7SYp-4hbzHDbjb84-_FxABIJnCgQZglQKgAe_1jtsDyAECqAMByAPJBKoEkAJP0AUgyh1BZWxGrKPRH8k0VlafV9ePZP-m91zAL87UH95-U80jkowgTBpWQLCdQJ_B9cKl3KiFLfp5uvZoMyNRpARb4p07xYU1LYyIgOnVLNJanVdUAyJmqkmDo-jZtgRxKnsHLr7irUk7ot2o9pcQ1gdHfQdBCFxQEf1okyWeV6-8mgFKm8xxT0h26I8uoAefpuXmh1IGxD_Y4Xs2VA0FI_v8AkL0ztLfbHp05O5Sx-lTaYDn_eiSWpbMlm7gBWAJ-tmuw5tMa6HVxu6DJgoiW2dFXTYXvzeQEo_hkWA4gehbnNkIyMyXCJPOhudjdYzqxeDhsKZ0bL0OXX_iKNaCdVeEsjLVaB6MdDuXSB3CtcAE_Zq1gXqSBQQIBBgBkgUECAUYBJIFBAgFGBiSBQUIBRioAaAGAoAHnrabKagH1ckbqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAfulrECqAemvhuoB-zVG9gHAfIHBBDa-BTSCAkIgOGAEBABGB-ACgHICwHYEwzQFQGAFwGyFxoKGAgAEhRwdWItOTUxNzc5NTgzNDkzMDIzNA&sigh=AtKRB6TfmBY

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9517795834930234&output=html&h=280&slotname=2234739304&adk=3189045681&adf=1594946721&pi=t.ma~as.2234739304&w=727&fwrn=4&fwrnh=100&lmt=1620909673&rafmt=1&psa=0&format=727x280&url=https%3A%2F%2Fwww.letters.org%2Fpayment-letter%2Freturn-of-overpayment-to-client-letter.html&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1620909673891&bpp=2&bdt=392&idt=2&shv=r20210510&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=7658884735661&frm=20&pv=1&ga_vid=2112529175.1620909674&ga_sid=1620909674&ga_hid=2136985631&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=261&ady=4205&biw=1600&bih=1200&scr_x=0&scr_y=0&oid=3&pvsid=3251302952839113&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=66D5Obc7nW&p=https%3A//www.letters.org&dtd=6
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Thu, 13 May 2021 12:41:15 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H/1.1 200
OK Raleway_Medium.woff
res-a.akamaihd.net/__media__/fonts/Raleway_Medium/ Frame 422C 31 KB
31 KB 28ms
27ms Font
application/font-woff 2.16.186.43
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://res-a.akamaihd.net/__media__/fonts/Raleway_Medium/Raleway_Medium.woff
Requested by: Host: www.letters.org
URL: https://www.letters.org/payment-letter/return-of-overpayment-to-client-letter.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2.16.186.43 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-16-186-43.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: d680681e19f24318b6f0dad900af6d08b927395f9e7a711428db8d8d1e362c2b

Request headers

Origin: https://www.letters.org
Referer: https://www.letters.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 13 May 2021 12:41:15 GMT
Last-Modified: Mon, 16 May 2016 10:39:41 GMT
Server: nginx
ETag: "5739a36d-7a94"
Content-Type: application/font-woff
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 31380

GET
H3-29 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame CAD3 143 B
163 B 6ms
6ms Document
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/s?v=r20120211
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9517795834930234&output=html&h=280&slotname=2234739304&adk=3189045681&adf=1594946721&pi=t.ma~as.2234739304&w=727&fwrn=4&fwrnh=100&lmt=1620909673&rafmt=1&psa=0&format=727x280&url=https%3A%2F%2Fwww.letters.org%2Fpayment-letter%2Freturn-of-overpayment-to-client-letter.html&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1620909673891&bpp=2&bdt=392&idt=2&shv=r20210510&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=7658884735661&frm=20&pv=1&ga_vid=2112529175.1620909674&ga_sid=1620909674&ga_hid=2136985631&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=261&ady=4205&biw=1600&bih=1200&scr_x=0&scr_y=0&oid=3&pvsid=3251302952839113&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=66D5Obc7nW&p=https%3A//www.letters.org&dtd=6
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUl7UQqo7UDJW41bzy6VJXIBEr8N8AOPoEzTAjdUbV4D9ypsATmH5sNR88BzHW0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9517795834930234&output=html&h=280&slotname=2234739304&adk=3189045681&adf=1594946721&pi=t.ma~as.2234739304&w=727&fwrn=4&fwrnh=100&lmt=1620909673&rafmt=1&psa=0&format=727x280&url=https%3A%2F%2Fwww.letters.org%2Fpayment-letter%2Freturn-of-overpayment-to-client-letter.html&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1620909673891&bpp=2&bdt=392&idt=2&shv=r20210510&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=7658884735661&frm=20&pv=1&ga_vid=2112529175.1620909674&ga_sid=1620909674&ga_hid=2136985631&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=261&ady=4205&biw=1600&bih=1200&scr_x=0&scr_y=0&oid=3&pvsid=3251302952839113&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=66D5Obc7nW&p=https%3A//www.letters.org&dtd=6

Response headers

content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Thu, 13 May 2021 12:29:19 GMT
server: safe
content-length: 145
x-xss-protection: 0
cache-control: public, max-age=3600
age: 716
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 778A 1 KB
749 B 6ms
6ms Document
text/html 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: pagead2.googlesyndication.com
:scheme: https
:path: /pagead/s/cookie_push_onload.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Thu, 13 May 2021 06:38:34 GMT
expires: Fri, 14 May 2021 06:38:34 GMT
content-type: text/html; charset=UTF-8
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
cache-control: public, max-age=86400
age: 21761
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame E802 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6cc259b56ac01c8c792ef42b37ed8e2170d5378b19cb084cde0f92b16e6e3335

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 bql.php Show response
lg3.media.net/ Frame 422C 15 B
216 B 25ms
24ms Script
text/javascript 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://lg3.media.net/bql.php?&vgd_l2type=setting&v=1&gdpr=1&hvsid=00001620909674405015095070723511&geo=50.12|8.68&dlper=25&lper=100&fp=LtjlLoaJDSnGrwcty2mKr91PL_6CgNkDz51Z6a9Cztu8LaN0hXgUaTYQfBrOC6XGNf6KzAhDyJQgFyI9MAXu4vg4FUeWQftf4LonMG97rUERyzmcXTJHQl0tnHsO8Jok&lpid=&tsid=7&q=&prv=&type=&ps=&cme=uhbCKK4NZsp2K7RBn_6yRGb-_N6cdbw-B9vpHdI6aLEKUpVflMQ6l88lfQF4ulH142kiWSHU8dGREJ2DjCeIht7vFcZUVjMX0A_adPVZaeo9vwKkuRfLQhjetEM0nl4Hqc7acjENo6dVtCMp4pK7KJYPI-8Y7C7CXfuuntXqIssMwxVWQv_J4_V9B0JY9RQiATrcNvVGHsa02j4XcP8EBg%3D%3D%7C%7CNDHRnZ9Gz3KXlI-i9OnZqQ%3D%3D%7C5gDUJdTGiJzedmq9hanWYg%3D%3D%7CsRBSg3CPSiQ%3D%7CYdjFvixrVaE57c-emHoCYyVJsEuNBKdVMnzOrzkk1-4Gxv8yx_pAczfc-p5i08psFWu8h7GSGFSE6hYV35R1JQ%3D%3D%7CN7fu2vKt8_s%3D%7Cr3VhMlAoLWhLl8N8TTo1BW_IncZ-8vWag4m03CxjS-5seXzezKFj5b8ipdDNC57LMQEasEOp1qvCN32rG_Er_TORFJPOO3wZvndjImb-RgLfpDzYgEImfEiWfZniGYnP3845rMWKXFiX_Qf9c8UdR1CKOmLipZwMZuLwhghrsRCacOe5mNx1oGPd4ivQdBPMUQ7PqVzRvvhkSuaMt2tT20_H1ouRkEfLp7O9RoIYZSI%3D%7C&hint=&td=&cc=DE&wsip=2887305234&bca=0&ugd=4&vgd_chost=contextual.media.net&vgd_fcic=0&vgde_kbbh=u9oNu9&vgde_setid=Nu9&&rc=0&ksu=207&fdkt=240&kwd[]=Employee%20Recognition%20Awards&kwt[]=240&kbc[]=cd775958d866f6ab6e9339e4d5a41a7c.d2s&kwp[]=1&kid[]=9728213&kbc2[]=o_r%3DNaN%7C%7Cp_r%3D0.13%7C%7Cl_r%3D152%7C%7Cc%3D-400%7C%7Cps%3D0.310%7C%7Crpc%3D0.16%7C%7Clvl%3D1.00&ktd[]=274911593216&kwd[]=Sample%20Letters%20of%20Request&kwt[]=240&kbc[]=cd775958d866f6ab6e9339e4d5a41a7c.d2s&kwp[]=2&kid[]=25093034&kbc2[]=c%3D-400%7C%7Cps%3D0.310%7C%7Crpc%3D0.02%7C%7Clvl%3D1.17&ktd[]=274911593216&kwd[]=Sample%20Letter%20of%20Inquiry&kwt[]=240&kbc[]=cd775958d866f6ab6e9339e4d5a41a7c.d2s&kwp[]=3&kid[]=153204396&kbc2[]=o_r%3DNaN%7C%7Cp_r%3D0.34%7C%7Cl_r%3D58%7C%7Cc%3D-400%7C%7Cps%3D0.310%7C%7Crpc%3D0.09%7C%7Clvl%3D1.29&ktd[]=274894816000&kwd[]=Letter%20of%20Demand%20for%20Payment&kwt[]=208&kbc[]=1203015305&kwp[]=4&kid[]=17386727&kbc2[]=o_r%3D0.13%7C%7Cp_r%3D0.13%7C%7Cl_r%3D152%7C%7Cc%3D15%7C%7Crpc%3D0.07%7C%7Clvl%3D1.00&ktd[]=1126174801527296&kwd[]=Sample%20Complaint%20Letter&kwt[]=240&kbc[]=cd775958d866f6ab6e9339e4d5a41a7c.d2s&kwp[]=5&kid[]=25091754&kbc2[]=c%3D-400%7C%7Cps%3D0.310%7C%7Crpc%3D0.10%7C%7Clvl%3D1.00&ktd[]=274911593216&kwd[]=Sample%20Letters%20of%20Recommendation&kwt[]=240&kbc[]=cd775958d866f6ab6e9339e4d5a41a7c.d2s&kwp[]=6&kid[]=25093025&kbc2[]=o_r%3DNaN%7C%7Cp_r%3D0.13%7C%7Cl_r%3D152%7C%7Cc%3D-400%7C%7Cps%3D0.310%7C%7Crpc%3D0.06%7C%7Clvl%3D1.17&ktd[]=1126174818435840&kwd[]=Sample%20Letter%20of%20Explanation&kwt[]=240&kbc[]=cd775958d866f6ab6e9339e4d5a41a7c.d2s&kwp[]=7&kid[]=153204375&kbc2[]=101%7C%7Co_r%3D0.22%7C%7Cp_r%3D0.00%7C%7Cl_r%3D56%7C%7Cc%3D165%7C%7Cps%3D0.310%7C%7Crpc%3D0.02%7C%7Clvl%3D1.00&ktd[]=1126174801789696&kwd[]=Business%20Introduction%20Email&kwt[]=240&kbc[]=cd775958d866f6ab6e9339e4d5a41a7c.d2s&kwp[]=8&kid[]=54294293&kbc2[]=o_r%3DNaN%7C%7Cp_r%3D0.32%7C%7Cl_r%3D42%7C%7Cc%3D-400%7C%7Cps%3D0.310%7C%7Crpc%3D0.19%7C%7Clvl%3D1.29&ktd[]=274894816000&rand=1620909675039&cid=8CUMG3VZL&vwid=1620909673102345491&vi=1620909673102345491&l3ch=0&slnkp=no&tdAdd[]=rtbsd%3D6&tdAdd[]=ib=0&vgd_uspa=0&vgd_sc=HE&vgd_l1rakh=1620909673113389471&vgd_lhl=764&tdAdd[]=%7C%40%7Csde%3D1%7C%40%7Cadepth%3D1%7C%40%7Cddepth%3D1%7C%40%7Cfsap%3D0&vgd_ifrmode=00&sttm=1620909674405&upk=1620909674.27241&hvsid=00001620909674405015095070723511&verid=111299&kbbq=%26sde%3D1%26adepth%3D1%26ddepth%3D1%26asn%3D9009&vgd_hbReqId=T1620891928C8S31U653&vgd_isiolc=1&npgv=1&rtbsd=6&pid=8POSN2582&matm=1620909675044&vgd_ltime=692&vgd_ltimesrc=2&abpl=2&tdAdd[]=nw%3DNone&tdAdd[]=nwType%3DNone&tdAdd[]=asnum%3D9009&tdAdd[]=proxy%3DNone&tdAdd[]=comp%3DNone&vgd_l3_sc=HE&vgd_l2ch=0&vgd_l1ch=1&vgd_altbql=sb&vgd_pdtid=1&vgd_implt=3&vgd_sbSup=1&vgd_l2wsip=2887305234&vgd_nrrsf=nrr&vgd_nrrv=57728&vgd_nrrs=57728&vgd_nrrmf=4a&vgd_cntrdt=S%7CDIV-lette-250812353&vgd_x_pos=261&vgd_y_pos=4282&vgd_ren_page_h=6747&vgd_cty=FRANKFURT&vgd_l1hcsd=N4%7C3133&vgd_sethcsd=A9%7C3093&vgd_cfud=200227&vgd_is_amp=0&vgd_optout=0&vgd_ect=4g&vgd_rensize=717_280&vgd_scr_h=1200&vgd_scr_w=1600&vgd_mbr=1&vgd_l1rpth=%2Fnmedianet.js&requrl=https%3A%2F%2Fletters.org%2Fpayment-letter%2Freturn-of-overpayment-to-client-letter.html&oRurl=http%3A%2F%2Fcdng%2Ffcmain.js%3F%26esi%3D1%26%26fvips%3D0%26vpf%3D000%26chost%3Dcontextual.media.net%26cb%3Dwindow._mNDetails.initAd%26%26gdpr%3D1%26cid%3D8CUMG3VZL%26cpcd%3DkkQue80HaQBxyFy3eT-4Iw%253D%253D%26crid%3D305444829%26size%3D336x280%26cc%3DDE%26https%3D1%26vif%3D1%26requrl%3Dhttps%253A%252F%252Fletters.org%252Fpayment-letter%252Freturn-of-overpayment-to-client-letter.html%26nse%3D5%26vi%3D1620909673102345491%26lw%3D1%26ugd%3D4%26nb%3D1%26blacpfl%3D1%26baeFlag%3D0%26blapd%3D0%26isOffice%3D0&tdAdd[]=uiparams%3D%3Brend_w%3A717%3Brend_h%3A280%3Bwin_w%3A1600%3Bwin_h%3A1200%3Bkwd_scnt%3A8&vgd_end=1

Requested by

Host: contextual.media.net
URL: https://contextual.media.net/4a/nrrV57728.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

c787e9dd6dc8ea3c935f5f0f30e3b9e4a3e066b4619bb244f569883f8e318a24

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600

Request headers

Referer: https://www.letters.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=21600
server: Apache
date: Thu, 13 May 2021 12:41:15 GMT
ntcoent-length: 15
vary: Accept-Encoding
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
content-length: 15
expires: Thu, 13 May 2021 12:41:15 GMT

POST
H2 200 log
navvy.media.net/ Frame 422C 807 B
869 B 155ms
155ms Ping
image/gif 34.102.149.62
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://navvy.media.net/log
Requested by: Host: contextual.media.net
URL: https://contextual.media.net/4a/nrrV57728.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.102.149.62 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 62.149.102.34.bc.googleusercontent.com
Software: Jetty(9.4.7.v20170914) /
Resource Hash: 0a4c16b7f5c1b1ecefc9ffb4fcf1b457f9282d0863fa61d4dd32ad98dafa9a60

Request headers

Referer: https://www.letters.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Thu, 13 May 2021 12:41:15 GMT
via: 1.1 google
server: Jetty(9.4.7.v20170914)
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=0, no-cache,no-store
alt-svc: clear
content-length: 807
expires: Thu, 13 May 2021 12:41:15 GMT

GET
H2 200 dpixel
cms.quantserve.com/ Frame 778A 35 B
463 B 59ms
8ms Image
image/gif 2620:116:800d:21:36a9:ecb:e518:b308
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEOObJBASNuQBDvJKZ9UxAHw&google_cver=1&google_push=AQvitULKkkOF5Utkcqwg3ShL8vlx2LHUoolqOn4tVX5lzLfbHecbGs5MSYiyW2t8lV_QcwBob161wbLOvOoANuLKL7eqJ5UPkevG

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:36a9:ecb:e518:b308 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 13 May 2021 12:41:15 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
cache-control: private, no-cache, no-store, proxy-revalidate
content-type: image/gif
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 778A
Redirect Chain

https://d.agkn.com/pixel/2175/?google_gid=CAESEPsEjT8Jz6DNbWnZuD9OmNs&google_cver=1&google_push=AQvitULxQbpJPO-raOuLPZrDFajCXxeQKCaMwPiwGWIOrm2rvyzHqIh9h4axHK_QScGqH5HBYIU-oF0UC9lXBu2E517-yQ19LxxU
https://cm.g.doubleclick.net/pixel?google_nid=ak_dmp&google_push=AQvitULxQbpJPO-raOuLPZrDFajCXxeQKCaMwPiwGWIOrm2rvyzHqIh9h4axHK_QScGqH5HBYIU-oF0UC9lXBu2E517-yQ19LxxU&google_hm=Q0FFU0VQc0VqVDhKejZET...

170 B
188 B

45ms
31ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=ak_dmp&google_push=AQvitULxQbpJPO-raOuLPZrDFajCXxeQKCaMwPiwGWIOrm2rvyzHqIh9h4axHK_QScGqH5HBYIU-oF0UC9lXBu2E517-yQ19LxxU&google_hm=Q0FFU0VQc0VqVDhKejZETmJXblp1RDlPbU5z

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 13 May 2021 12:41:15 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Thu, 13 May 2021 12:41:15 GMT
Server: Apache-Coyote/1.1
P3P: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=ak_dmp&google_push=AQvitULxQbpJPO-raOuLPZrDFajCXxeQKCaMwPiwGWIOrm2rvyzHqIh9h4axHK_QScGqH5HBYIU-oF0UC9lXBu2E517-yQ19LxxU&google_hm=Q0FFU0VQc0VqVDhKejZETmJXblp1RDlPbU5z
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 778A
Redirect Chain

https://id.rlcdn.com/466606.gif?cparams=google_push%3DAQvitUKJhaAnLtG4NWeJ_wDoz2xXadVBSUXCnFsK3LgDzufwtn0Lh2EEHyJSOnk-5TPJ9JGzRK3Z16qjRt_4oDPoOStaknSxcZY&google_gid=CAESECx3Q56FoFRw3e9kAoblq1Y&goog...
https://id.rlcdn.com/1000.gif?memo=CK69HBoNCOu89IQGEgUI6AcQAEIASm9nb29nbGVfcHVzaD1BUXZpdFVLSmhhQW5MdEc0TldlSl93RG96MnhYYWRWQlNVWENuRnNLM0xnRHp1Znd0bjBMaDJFRUh5SlNPbmstNVRQSjlKR3pSSzNaMTZxalJ0XzRvRF...
https://cm.g.doubleclick.net/pixel?google_nid=liveramp&google_hm=WGMzMDcwYkVVZlgzWmFNUmVLZjhDVTlxcWZiclZyZW5fckNFdlcyM2dCNkVzOGtCRQ==&google_push

170 B
188 B

19ms
18ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=liveramp&google_hm=WGMzMDcwYkVVZlgzWmFNUmVLZjhDVTlxcWZiclZyZW5fckNFdlcyM2dCNkVzOGtCRQ==&google_push

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 13 May 2021 12:41:15 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Thu, 13 May 2021 12:41:15 GMT
via: 1.1 google
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://cm.g.doubleclick.net/pixel?google_nid=liveramp&google_hm=WGMzMDcwYkVVZlgzWmFNUmVLZjhDVTlxcWZiclZyZW5fckNFdlcyM2dCNkVzOGtCRQ==&google_push
cache-control: no-cache, no-store
timing-allow-origin: *
alt-svc: clear
content-length: 0

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 778A
Redirect Chain

https://rtb.openx.net/sync/dds?google_gid=CAESEG35hTzpZ3OONQ6uUnT0eLs&google_cver=1&google_push=AQvitULbNLj8oObt9d5fkflgv361VXnmtLBo_SALCpQh7HWaiFK4zw0FnbvE1uxTGbKZlTq-sF9wkgTFDWNoUweIYy7ys8fw90wg
https://rtb.openx.net/sync/dds?google_gid=CAESEG35hTzpZ3OONQ6uUnT0eLs&google_cver=1&google_push=AQvitULbNLj8oObt9d5fkflgv361VXnmtLBo_SALCpQh7HWaiFK4zw0FnbvE1uxTGbKZlTq-sF9wkgTFDWNoUweIYy7ys8fw90wg&...
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitULbNLj8oObt9d5fkflgv361VXnmtLBo_SALCpQh7HWaiFK4zw0FnbvE1uxTGbKZlTq-sF9wkgTFDWNoUweIYy7ys8fw90wg&google_hm=q4YTb287ziYrP3LOS7X1Xg==

170 B
188 B

17ms
17ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitULbNLj8oObt9d5fkflgv361VXnmtLBo_SALCpQh7HWaiFK4zw0FnbvE1uxTGbKZlTq-sF9wkgTFDWNoUweIYy7ys8fw90wg&google_hm=q4YTb287ziYrP3LOS7X1Xg==

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 13 May 2021 12:41:15 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 13 May 2021 12:41:15 GMT
via: 1.1 google
server: Cowboy
access-control-allow-origin: null
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
location: https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitULbNLj8oObt9d5fkflgv361VXnmtLBo_SALCpQh7HWaiFK4zw0FnbvE1uxTGbKZlTq-sF9wkgTFDWNoUweIYy7ys8fw90wg&google_hm=q4YTb287ziYrP3LOS7X1Xg==
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
alt-svc: clear
content-length: 0
x-request-id: cju7m42cu1nintp6rd2k63k5da658grp

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 778A
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=84U8hvWzTt6QJbD0MrPOMA%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

18ms
18ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=84U8hvWzTt6QJbD0MrPOMA%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AQvitUKAa5Sa6ZgOQNbNl9_0Zbl72m0DihoJAaqfFWMLXWXDjhrO9AQyrv_JXEteKv-XcHGtBwTBlbxJw5gNEsEowUwdjgPumNl6

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 13 May 2021 12:41:15 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=84U8hvWzTt6QJbD0MrPOMA%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AQvitUKAa5Sa6ZgOQNbNl9_0Zbl72m0DihoJAaqfFWMLXWXDjhrO9AQyrv_JXEteKv-XcHGtBwTBlbxJw5gNEsEowUwdjgPumNl6
date: Thu, 13 May 2021 12:41:13 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 778A
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEL8OndyROfjpOWPFzmEm1yM&google_cver=1&google_push=AQvitULedSV8evuvx9JwLLhxbooMx9WRBOesRXA1zptK_CVhUdut-uXeGhZfQPcnwY6bXvGhKRN...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S09NVlJQVkYtTi01T1FG&google_push=AQvitULedSV8evuvx9JwLLhxbooMx9WRBOesRXA1zptK_CVhUdut-uXeGhZfQPcnwY6bXvGhKRNKTJkvcvVjZf0PozuARbl-HuJ2

170 B
188 B

34ms
31ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S09NVlJQVkYtTi01T1FG&google_push=AQvitULedSV8evuvx9JwLLhxbooMx9WRBOesRXA1zptK_CVhUdut-uXeGhZfQPcnwY6bXvGhKRNKTJkvcvVjZf0PozuARbl-HuJ2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 13 May 2021 12:41:15 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S09NVlJQVkYtTi01T1FG&google_push=AQvitULedSV8evuvx9JwLLhxbooMx9WRBOesRXA1zptK_CVhUdut-uXeGhZfQPcnwY6bXvGhKRNKTJkvcvVjZf0PozuARbl-HuJ2
Cache-Control: no-cache,no-store,must-revalidate
Content-Type: text/html
content-length: 0
X-RPHost: 8f052d4f888ae4e0626c5f819879cacd
Expires: 0

GET

pixel
cm.g.doubleclick.net/ Frame 778A
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESELvIlHcAvXXLuUUB0gdA-n0&google_cver=1&googl...
https://ssum-sec.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_cver=1&google_gid=CAESELvIlHcAvXXLuUUB0gdA-n0&google_push=AQ...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YJ0ea5mXFdgSl3JC_5D_QAAABIIAAAAB&google_cver=1&google_push=AQvitUKKvmga1fG8ZTA0e_z1DO67ieKauqIvX1w7jqvHqaVuStrTW05v4sRjC4yHl6p9IdumPUFK...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YJ0ea5mXFdgSl3JC_5D_QAAABIIAAAAB&google_cver=1&google_push=AQvitUKKvmga1fG8ZTA0e_z1DO67ieKauqIvX1w7jqvHqaVuStrTW05v4sRjC4yHl6p9IdumPUFK...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YJ0ea5mXFdgSl3JC_5D_QAAABIIAAAAB&google_cver=1&google_push=AQvitUKKvmga1fG8ZTA0e_z1DO67ieKauqIvX1w7jqvHqaVuStrTW05v4sRjC4yHl6p9IdumPUFK...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YJ0ea5mXFdgSl3JC_5D_QAAABIIAAAAB&google_cver=1&google_push=AQvitUKKvmga1fG8ZTA0e_z1DO67ieKauqIvX1w7jqvHqaVuStrTW05v4sRjC4yHl6p9IdumPUFK...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YJ0ea5mXFdgSl3JC_5D_QAAABIIAAAAB&google_cver=1&google_push=AQvitUKKvmga1fG8ZTA0e_z1DO67ieKauqIvX1w7jqvHqaVuStrTW05v4sRjC4yHl6p9IdumPUFK...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YJ0ea5mXFdgSl3JC_5D_QAAABIIAAAAB&google_cver=1&google_push=AQvitUKKvmga1fG8ZTA0e_z1DO67ieKauqIvX1w7jqvHqaVuStrTW05v4sRjC4yHl6p9IdumPUFK...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YJ0ea5mXFdgSl3JC_5D_QAAABIIAAAAB&google_cver=1&google_push=AQvitUKKvmga1fG8ZTA0e_z1DO67ieKauqIvX1w7jqvHqaVuStrTW05v4sRjC4yHl6p9IdumPUFK...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YJ0ea5mXFdgSl3JC_5D_QAAABIIAAAAB&google_cver=1&google_push=AQvitUKKvmga1fG8ZTA0e_z1DO67ieKauqIvX1w7jqvHqaVuStrTW05v4sRjC4yHl6p9IdumPUFK...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YJ0ea5mXFdgSl3JC_5D_QAAABIIAAAAB&google_cver=1&google_push=AQvitUKKvmga1fG8ZTA0e_z1DO67ieKauqIvX1w7jqvHqaVuStrTW05v4sRjC4yHl6p9IdumPUFK...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YJ0ea5mXFdgSl3JC_5D_QAAABIIAAAAB&google_cver=1&google_push=AQvitUKKvmga1fG8ZTA0e_z1DO67ieKauqIvX1w7jqvHqaVuStrTW05v4sRjC4yHl6p9IdumPUFK...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YJ0ea5mXFdgSl3JC_5D_QAAABIIAAAAB&google_cver=1&google_push=AQvitUKKvmga1fG8ZTA0e_z1DO67ieKauqIvX1w7jqvHqaVuStrTW05v4sRjC4yHl6p9IdumPUFK...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YJ0ea5mXFdgSl3JC_5D_QAAABIIAAAAB&google_cver=1&google_push=AQvitUKKvmga1fG8ZTA0e_z1DO67ieKauqIvX1w7jqvHqaVuStrTW05v4sRjC4yHl6p9IdumPUFK...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YJ0ea5mXFdgSl3JC_5D_QAAABIIAAAAB&google_cver=1&google_push=AQvitUKKvmga1fG8ZTA0e_z1DO67ieKauqIvX1w7jqvHqaVuStrTW05v4sRjC4yHl6p9IdumPUFK...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YJ0ea5mXFdgSl3JC_5D_QAAABIIAAAAB&google_cver=1&google_push=AQvitUKKvmga1fG8ZTA0e_z1DO67ieKauqIvX1w7jqvHqaVuStrTW05v4sRjC4yHl6p9IdumPUFK...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YJ0ea5mXFdgSl3JC_5D_QAAABIIAAAAB&google_cver=1&google_push=AQvitUKKvmga1fG8ZTA0e_z1DO67ieKauqIvX1w7jqvHqaVuStrTW05v4sRjC4yHl6p9IdumPUFK...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YJ0ea5mXFdgSl3JC_5D_QAAABIIAAAAB&google_cver=1&google_push=AQvitUKKvmga1fG8ZTA0e_z1DO67ieKauqIvX1w7jqvHqaVuStrTW05v4sRjC4yHl6p9IdumPUFK...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YJ0ea5mXFdgSl3JC_5D_QAAABIIAAAAB&google_cver=1&google_push=AQvitUKKvmga1fG8ZTA0e_z1DO67ieKauqIvX1w7jqvHqaVuStrTW05v4sRjC4yHl6p9IdumPUFK...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YJ0ea5mXFdgSl3JC_5D_QAAABIIAAAAB&google_cver=1&google_push=AQvitUKKvmga1fG8ZTA0e_z1DO67ieKauqIvX1w7jqvHqaVuStrTW05v4sRjC4yHl6p9IdumPUFK...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YJ0ea5mXFdgSl3JC_5D_QAAABIIAAAAB&google_cver=1&google_push=AQvitUKKvmga1fG8ZTA0e_z1DO67ieKauqIvX1w7jqvHqaVuStrTW05v4sRjC4yHl6p9IdumPUFK...

0
0

GET
H2 204 attr
cm.g.doubleclick.net/pixel/ Frame 778A 0
236 B 70ms
14ms Image
text/html 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13IvFOVc_3Ff5VHEc5ZRtyYUSfLQQfZkpe_1ufSPtws6PH_szaUf65TgxjIhUMY8GHutk1El

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 13 May 2021 12:41:15 GMT
server: HTTP server (unknown)
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3-29 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 10 KB
8 KB 57ms
20ms XHR
application/json 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20210510&st=env

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9aa51d8eb2493b3cd96c6e690b677ebe2d1c79f71520c746b2d4f99444517b31

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.letters.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 13 May 2021 12:41:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7709
x-xss-protection: 0

GET
H3-29

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame CAD3
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
16 B

14ms
14ms

Document
text/html

2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/si
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUl7UQqo7UDJW41bzy6VJXIBEr8N8AOPoEzTAjdUbV4D9ypsATmH5sNR88BzHW0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Thu, 13 May 2021 12:41:15 GMT
server: safe
content-length: 0
x-xss-protection: 0
set-cookie: DSID=NO_DATA; expires=Thu, 13-May-2021 13:41:15 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Thu, 13 May 2021 12:41:15 GMT
cache-control: private

Redirect headers

location: https://googleads.g.doubleclick.net/pagead/drt/si
cache-control: private
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Thu, 13 May 2021 12:41:15 GMT
server: safe
content-length: 246
x-xss-protection: 0
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 nLZh5JKb4_vODtvfmJ49yJer_4HAQSIF0KjuUH5BuEE.js Show response
pagead2.googlesyndication.com/bg/ Frame C2A2 14 KB
6 KB 8ms
6ms Script
text/javascript 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/nLZh5JKb4_vODtvfmJ49yJer_4HAQSIF0KjuUH5BuEE.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9cb661e4929be3fbce0edbdf989e3dc897abff81c0412205d0a8ee507e41b841

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 13 May 2021 09:56:46 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Thu, 06 May 2021 09:28:00 GMT
server: sffe
age: 9869
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5628
x-xss-protection: 0
expires: Fri, 13 May 2022 09:56:46 GMT

GET
H3-29 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 62ms
14ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c61a719b48533a1fa932729f4927ba1377a96c441b0d6a427096b867742b4645

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.letters.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 13 May 2021 12:41:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1616005470650935"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6437
x-xss-protection: 0
expires: Thu, 13 May 2021 12:41:15 GMT

GET
BLOB 200
OK c602d303-8e28-449b-8021-b31008718987
https://www.letters.org/ 52 KB
0 Other
application/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://www.letters.org/c602d303-8e28-449b-8021-b31008718987
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 27b6996a0f7ea420886fcb7b079d023a65391f41b283c92c38b60e8a157d6559

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Length: 52893
Content-Type: application/javascript

GET
H/1.1 206
Partial Content 1614345662766038f5bef0a2a.ts Show response
h.vdo.ai/uploads/videos/ 308 KB
309 KB 99ms
99ms XHR
video/mp2t 144.217.76.121
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://h.vdo.ai/uploads/videos/1614345662766038f5bef0a2a.ts
Requested by: Host: a.vdo.ai
URL: https://a.vdo.ai/core/assets/vdo.player.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 144.217.76.121 Beauharnois, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns542653.ip-144-217-76.net
Software: nginx/1.16.1 /
Resource Hash: fe467b9e160c0da73d64116a66502ebc8164d4d1b03921457f220bb78faf8b85

Request headers

Referer: https://www.letters.org/
vdoai: true
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Range: bytes=0-315651

Response headers

Date: Thu, 13 May 2021 12:41:15 GMT
Last-Modified: Fri, 26 Feb 2021 13:21:37 GMT
Server: nginx/1.16.1
Access-Control-Allow-Origin: *
ETag: "6038f5e1-216c9dc"
Content-Type: video/mp2t
Content-Range: bytes 0-315651/35047900
Connection: keep-alive
Content-Length: 315652

OPTIONS
H/1.1 204
No Content 1614345662766038f5bef0a2a.ts
h.vdo.ai/uploads/videos/ Frame 0
0 97ms
96ms Preflight
text/plain 144.217.76.121
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://h.vdo.ai/uploads/videos/1614345662766038f5bef0a2a.ts
Protocol: HTTP/1.1
Server: 144.217.76.121 Beauharnois, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns542653.ip-144-217-76.net
Software: nginx/1.16.1 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: range,vdoai
Origin: https://www.letters.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Server: nginx/1.16.1
Date: Thu, 13 May 2021 12:41:15 GMT
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,vdoai
Access-Control-Max-Age: 1728000
Content-Type: text/plain; charset=utf-8
Content-Length: 0

GET
H3-29 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/222/ Frame CF57 12 KB
5 KB 7ms
6ms Document
text/html 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/222/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6836719899bda27cd22c1551cb7fbfc33fb0bbbedaa89e4baa8715fef8202cbc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/222/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.letters.org/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.letters.org/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 5022
date: Thu, 13 May 2021 12:29:14 GMT
expires: Fri, 13 May 2022 12:29:14 GMT
last-modified: Wed, 20 Jan 2021 19:23:06 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 721
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 nLZh5JKb4_vODtvfmJ49yJer_4HAQSIF0KjuUH5BuEE.js Show response
pagead2.googlesyndication.com/bg/ Frame CF57 14 KB
6 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/nLZh5JKb4_vODtvfmJ49yJer_4HAQSIF0KjuUH5BuEE.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/222/runner.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9cb661e4929be3fbce0edbdf989e3dc897abff81c0412205d0a8ee507e41b841

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 13 May 2021 09:56:46 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Thu, 06 May 2021 09:28:00 GMT
server: sffe
age: 9869
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5628
x-xss-protection: 0
expires: Fri, 13 May 2022 09:56:46 GMT

GET
H2 200 bqi.php
lg3.media.net/ 15 B
15 B 19ms
19ms Image
text/javascript 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lg3.media.net/bqi.php?lf=3&&vgd_l2type=setting&pid=8POSN2582&cme=LA35lp_in__GcMcJlkVNddmHc8SrM0vgN7z4kZV9CROpZ2VKivxGC24eaoxJfGJEbxULXcwrCaYa3azazFPN336R2ACP777cA1pMwIi3_aY41cioiP1vvvasgfJ8cvKGG3l3PFmv0QoCYcYyUvryMLbb4AqH_N62FNDMOZ56j7iWSgdKfMoQQ1Tj6Qiscn67ETy4DJlQwsVDcaL9VpXv1Q==||NDHRnZ9Gz3KXlI-i9OnZqQ==|5gDUJdTGiJzedmq9hanWYg==|sRBSg3CPSiQ=|YdjFvixrVaE57c-emHoCYyVJsEuNBKdVMnzOrzkk1-4Gxv8yx_pAczfc-p5i08psFWu8h7GSGFSE6hYV35R1JQ==|N7fu2vKt8_s=|Sw32yPFpZNwP8BLM9zQdgkEUe4jf-bDhUCaSqyY-LNF_GAFz7vSF36x7Rrd9REsSulkUd4I9P7NFf93ZxN3Xq64H1RJNhmHKMGyui4a9r1DhK0U3e7hVHkUMyGK59gaf7oMz6hDHT1XPKiBbjVDMCIxSG0RR7_hvZG2j-OFH-ZDV-ECfOcRHiq6UOxngFQm7kPva4uzgwBCVtofwoTQOp2NDHGI0bFFLwofXAMyjPtI=|&gdpr=1&prid=8PRHGG6T9&cid=8CUMG3VZL&crid=979987898&requrl=https%3A%2F%2Fletters.org%2Fpayment-letter%2Freturn-of-overpayment-to-client-letter.html&vi=1620909673978097021&ugd=4&cc=DE&sc=HE&startTime=1620909673854&l2type=setting&vgd_l1rakh=1620909673113389471&l1ch=1&sttm=1620909673861&upk=1620909674.27241&hvsid=00001620909673861015095070724009&verid=111299&vgd_sc=HE&tdAdd[]=%7C%40%7Csde%3D1%7C%40%7Cadepth%3D1%7C%40%7Cddepth%3D1%7C%40%7Cfsap%3D0&kbbq=%26sde%3D1%26adepth%3D1%26ddepth%3D1&vgd_hbReqId=T1620891928C8S31U653&l1hcsd=l1!N4|3133&vgd_uspa=0&vgd_isiolc=1&clp=%7B%7D&cl=%7B%7D&rtbsd=6&l2ch=0&l2wsip=2887305297&sethcsd=set!A9%7C3093

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600

Request headers

Referer: https://www.letters.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=21600
server: Apache
date: Thu, 13 May 2021 12:41:15 GMT
ntcoent-length: 15
vary: Accept-Encoding
content-type: text/javascript;charset=UTF-8
cache-control: max-age=0, no-cache, no-store
content-length: 15
expires: Thu, 13 May 2021 12:41:15 GMT

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 41ms
40ms Image
image/gif 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=222&t=2&li=gda_r20210510&jk=3251302952839113&bg=!KimlKW3NAAY59bwoOfU7ACkAdvg8WlVENAq7qOCgcLNSLAYC0Uc4NI02BRdSdVJahRsgarP-NBSTWAIAAABTUgAAAAhoAQcKAOEYBd2rFjbnmuk7lqEYW_f9R6HLe29-0opyWMPaiVYXhFqp6CkaISlqePkOP2AARJGEGIo0Nue2x7_9dm-Va8FBqdd-FMF6iAGzuiajMeJLrp_-3pd0N6RvRMc7du02RaS9U1uJmpQeKmYLRV6eICQNnR-HYgaikgjQ9Kv1gWd5Wp-j_m3uA7uHDafNuXBJJyaUeonS-UD5pDpS2alm8nPK86Q6Srj1lcAkkmyOAvShdzh86Q2lA1WgT_iHBWwslyEFyhNBFw6olf1RJwqSNjdTd6GNU32HZD3qbTdt7Rrjq7WZAkY1cO2hqT_BD-V81hSK04thAl3nbB-ot3bss2ph1R7d84JwXwxNEPal78XjDSnj1Poy1zU0WZIAHGmGl7bbHkyYG8-kw4ebgUv9ckhM_iFsxp2ZQdn9CWaFdAD6QsES4xnllCGdigVQF03Fo6LKBD88x1fYS-m6c72SC-utYUzlfy0BMGu-FIU0kvP4xYvQ6oAQtudXxwsb2cQQhmfx3ACuKNVV-UndDgUcCrlGP9mITj0-zsc-UAE5Vi85-EyfmtB1UbAOQlvFnUqjgom8F4sFRZPBAwNxOVk6KLc7woI0pmRLSioLnatVktoFJMNxMn6HPw7v18fLtdcevgdBptPPOgzujflyedB4fNUhK-YlCmPRJSqFC0C7lrBDGWKA6EzQ8ncSK0ehfbRflyF5D3xQtefbC1-10unX-oDxeTEG9_GHVxXto7EKtTVyqxjh-YQTx1fGNYo7PlBkFZClayB7cFg6iHA-_A9tThaYfJY1ccXhi7Os1OfsC1apDAUX-MD3fAXagZ7CTLZQGOU89tvCf48sIvKbaTIY5Xq2-7RumNZ_5bebpXNeaP8NbxuEdyDBsqPQpQhTeStSJxKON4p2j35G3szLHuOJtvFaquxbc-Vo2N1b_fforOwLfQfJDjqg0D0-NBbxx_NketiUW4xiNpxzrBLPq7_WaQz7iDJS4pQZ_PyW8_dwocFXdUTkc0gK4XtVWVfYSnO5xDxIbZScpOS_Uktxv9tLlj35vgy-oSDgNPW6NUozz_OUy707XyKFor-PBHg

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.letters.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 13 May 2021 12:41:15 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H/1.1 200
OK logger Show response
analytics.vdo.ai/ 0
321 B 92ms
92ms XHR
text/html 54.39.16.115
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.vdo.ai/logger
Requested by: Host: a.vdo.ai
URL: https://a.vdo.ai/core/dependencies_hbv4/vdo.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.39.16.115 Beauharnois, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns555277.ip-54-39-16.net
Software: openresty/1.19.3.1 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.letters.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Date: Thu, 13 May 2021 12:41:15 GMT
Content-Encoding: gzip
Server: openresty/1.19.3.1
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/html
Access-Control-Allow-Origin: *
Transfer-Encoding: chunked
Connection: keep-alive

OPTIONS
H/1.1 204
No Content 1614345662766038f5bef0a2a.ts
h.vdo.ai/uploads/videos/ Frame 0
0 97ms
97ms Preflight
text/plain 144.217.76.121
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://h.vdo.ai/uploads/videos/1614345662766038f5bef0a2a.ts
Protocol: HTTP/1.1
Server: 144.217.76.121 Beauharnois, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns542653.ip-144-217-76.net
Software: nginx/1.16.1 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: range,vdoai
Origin: https://www.letters.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Server: nginx/1.16.1
Date: Thu, 13 May 2021 12:41:15 GMT
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,vdoai
Access-Control-Max-Age: 1728000
Content-Type: text/plain; charset=utf-8
Content-Length: 0

GET
H/1.1 206
Partial Content 1614345662766038f5bef0a2a.ts Show response
h.vdo.ai/uploads/videos/ 229 KB
230 KB 97ms
97ms XHR
video/mp2t 144.217.76.121
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://h.vdo.ai/uploads/videos/1614345662766038f5bef0a2a.ts
Requested by: Host: a.vdo.ai
URL: https://a.vdo.ai/core/assets/vdo.player.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 144.217.76.121 Beauharnois, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns542653.ip-144-217-76.net
Software: nginx/1.16.1 /
Resource Hash: 831f717dd765335749a04e37f88134c027474cc595710837137e1f8bcc28b9fc

Request headers

Referer: https://www.letters.org/
vdoai: true
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Range: bytes=315652-550463

Response headers

Date: Thu, 13 May 2021 12:41:16 GMT
Last-Modified: Fri, 26 Feb 2021 13:21:37 GMT
Server: nginx/1.16.1
Access-Control-Allow-Origin: *
ETag: "6038f5e1-216c9dc"
Content-Type: video/mp2t
Content-Range: bytes 315652-550463/35047900
Connection: keep-alive
Content-Length: 234812

GET
H/1.1 206
Partial Content 1614345662766038f5bef0a2a.ts Show response
h.vdo.ai/uploads/videos/ 292 KB
292 KB 97ms
97ms XHR
video/mp2t 144.217.76.121
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://h.vdo.ai/uploads/videos/1614345662766038f5bef0a2a.ts
Requested by: Host: a.vdo.ai
URL: https://a.vdo.ai/core/assets/vdo.player.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 144.217.76.121 Beauharnois, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns542653.ip-144-217-76.net
Software: nginx/1.16.1 /
Resource Hash: 6f2ee14ebcc948acfc4f7e478c3334ced251a0cf1193055229db926d2d573a84

Request headers

Referer: https://www.letters.org/
vdoai: true
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Range: bytes=550464-849383

Response headers

Date: Thu, 13 May 2021 12:41:16 GMT
Last-Modified: Fri, 26 Feb 2021 13:21:37 GMT
Server: nginx/1.16.1
Access-Control-Allow-Origin: *
ETag: "6038f5e1-216c9dc"
Content-Type: video/mp2t
Content-Range: bytes 550464-849383/35047900
Connection: keep-alive
Content-Length: 298920

OPTIONS
H/1.1 204
No Content 1614345662766038f5bef0a2a.ts
h.vdo.ai/uploads/videos/ Frame 0
0 97ms
96ms Preflight
text/plain 144.217.76.121
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://h.vdo.ai/uploads/videos/1614345662766038f5bef0a2a.ts
Protocol: HTTP/1.1
Server: 144.217.76.121 Beauharnois, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns542653.ip-144-217-76.net
Software: nginx/1.16.1 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: range,vdoai
Origin: https://www.letters.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Server: nginx/1.16.1
Date: Thu, 13 May 2021 12:41:16 GMT
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,vdoai
Access-Control-Max-Age: 1728000
Content-Type: text/plain; charset=utf-8
Content-Length: 0

GET
H3-29 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame E802 42 B
64 B 45ms
44ms Fetch
image/gif 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsskEMTibb-LKWbbq8_kIeeC4uZGGMrLN51iPKgqQzSfkvwoc1kKdPiCQrWzHoABwqfsPlgJcmvTa4VgNPZZpzx7NM6b3Emq82sSdeFBzB5-iydtAIqrHqKTnGRNuA&sai=AMfl-YQ7plEcT5fI9IbL68EERw9BW2unPdLkYHwKNAkoOV2SLsUH7vG9SpUrE1ruxPRM_z4Z1JTLwWCoZ-JclZALKrB93SQnoxw-IIQ&sig=Cg0ArKJSzJyMlFCdMsLaEAE&cid=CAASF-RohrcyvgFrgTyqRZ_nM32TxRK_jmyB&id=lidar2&mcvt=1000&p=249,261,436,988&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20210510&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=4&adk=3189045681&rs=2&met=mue&la=0&cr=0&osd=1&vs=4&rst=1620909673899&dlt=1118&rpt=25&isd=0&msd=0&r=v&fum=1

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 13 May 2021 12:41:16 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 206
Partial Content 1614345662766038f5bef0a2a.ts Show response
h.vdo.ai/uploads/videos/ 250 KB
250 KB 98ms
98ms XHR
video/mp2t 144.217.76.121
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://h.vdo.ai/uploads/videos/1614345662766038f5bef0a2a.ts
Requested by: Host: a.vdo.ai
URL: https://a.vdo.ai/core/assets/vdo.player.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 144.217.76.121 Beauharnois, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns542653.ip-144-217-76.net
Software: nginx/1.16.1 /
Resource Hash: 8d118cdf6b617c8da3a8c096c26159f806029ee94e1852287e3b013c53b917f6

Request headers

Referer: https://www.letters.org/
vdoai: true
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Range: bytes=849384-1104875

Response headers

Date: Thu, 13 May 2021 12:41:16 GMT
Last-Modified: Fri, 26 Feb 2021 13:21:37 GMT
Server: nginx/1.16.1
Access-Control-Allow-Origin: *
ETag: "6038f5e1-216c9dc"
Content-Type: video/mp2t
Content-Range: bytes 849384-1104875/35047900
Connection: keep-alive
Content-Length: 255492

OPTIONS
H/1.1 204
No Content 1614345662766038f5bef0a2a.ts
h.vdo.ai/uploads/videos/ Frame 0
0 97ms
97ms Preflight
text/plain 144.217.76.121
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://h.vdo.ai/uploads/videos/1614345662766038f5bef0a2a.ts
Protocol: HTTP/1.1
Server: 144.217.76.121 Beauharnois, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns542653.ip-144-217-76.net
Software: nginx/1.16.1 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: range,vdoai
Origin: https://www.letters.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Server: nginx/1.16.1
Date: Thu, 13 May 2021 12:41:16 GMT
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,vdoai
Access-Control-Max-Age: 1728000
Content-Type: text/plain; charset=utf-8
Content-Length: 0

GET
H/1.1 206
Partial Content 1614345662766038f5bef0a2a.ts Show response
h.vdo.ai/uploads/videos/ 259 KB
260 KB 97ms
97ms XHR
video/mp2t 144.217.76.121
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://h.vdo.ai/uploads/videos/1614345662766038f5bef0a2a.ts
Requested by: Host: a.vdo.ai
URL: https://a.vdo.ai/core/assets/vdo.player.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 144.217.76.121 Beauharnois, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns542653.ip-144-217-76.net
Software: nginx/1.16.1 /
Resource Hash: 727e58023a2fe19c25a6fbc5a51d67a4e5f80e274a3a59c56b71287c2b102ea6

Request headers

Referer: https://www.letters.org/
vdoai: true
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Range: bytes=1104876-1370331

Response headers

Date: Thu, 13 May 2021 12:41:16 GMT
Last-Modified: Fri, 26 Feb 2021 13:21:37 GMT
Server: nginx/1.16.1
Access-Control-Allow-Origin: *
ETag: "6038f5e1-216c9dc"
Content-Type: video/mp2t
Content-Range: bytes 1104876-1370331/35047900
Connection: keep-alive
Content-Length: 265456

OPTIONS
H/1.1 204
No Content 1614345662766038f5bef0a2a.ts
h.vdo.ai/uploads/videos/ Frame 0
0 97ms
96ms Preflight
text/plain 144.217.76.121
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://h.vdo.ai/uploads/videos/1614345662766038f5bef0a2a.ts
Protocol: HTTP/1.1
Server: 144.217.76.121 Beauharnois, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns542653.ip-144-217-76.net
Software: nginx/1.16.1 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: range,vdoai
Origin: https://www.letters.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Server: nginx/1.16.1
Date: Thu, 13 May 2021 12:41:16 GMT
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,vdoai
Access-Control-Max-Age: 1728000
Content-Type: text/plain; charset=utf-8
Content-Length: 0

GET
H/1.1 206
Partial Content 1614345662766038f5bef0a2a.ts Show response
h.vdo.ai/uploads/videos/ 318 KB
318 KB 97ms
97ms XHR
video/mp2t 144.217.76.121
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://h.vdo.ai/uploads/videos/1614345662766038f5bef0a2a.ts
Requested by: Host: a.vdo.ai
URL: https://a.vdo.ai/core/assets/vdo.player.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 144.217.76.121 Beauharnois, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns542653.ip-144-217-76.net
Software: nginx/1.16.1 /
Resource Hash: ceee9c63964b917cedc940ce9da9d3e09e3a7397aeb7d17d6e820da926d5a045

Request headers

Referer: https://www.letters.org/
vdoai: true
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Range: bytes=1370332-1695759

Response headers

Date: Thu, 13 May 2021 12:41:16 GMT
Last-Modified: Fri, 26 Feb 2021 13:21:37 GMT
Server: nginx/1.16.1
Access-Control-Allow-Origin: *
ETag: "6038f5e1-216c9dc"
Content-Type: video/mp2t
Content-Range: bytes 1370332-1695759/35047900
Connection: keep-alive
Content-Length: 325428

OPTIONS
H/1.1 204
No Content 1614345662766038f5bef0a2a.ts
h.vdo.ai/uploads/videos/ Frame 0
0 97ms
96ms Preflight
text/plain 144.217.76.121
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://h.vdo.ai/uploads/videos/1614345662766038f5bef0a2a.ts
Protocol: HTTP/1.1
Server: 144.217.76.121 Beauharnois, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns542653.ip-144-217-76.net
Software: nginx/1.16.1 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: range,vdoai
Origin: https://www.letters.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Server: nginx/1.16.1
Date: Thu, 13 May 2021 12:41:16 GMT
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,vdoai
Access-Control-Max-Age: 1728000
Content-Type: text/plain; charset=utf-8
Content-Length: 0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9517795834930234&output=html&h=280&slotname=2234739304&adk=3189045681&adf=1594946721&pi=t.ma~as.2234739304&w=727&fwrn=4&fwrnh=100&lmt=1620909673&rafmt=1&psa=0&format=727x280&url=https%3A%2F%2Fwww.letters.org%2Fpayment-letter%2Freturn-of-overpayment-to-client-letter.html&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1620909673891&bpp=2&bdt=392&idt=2&shv=r20210510&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=7658884735661&frm=20&pv=1&ga_vid=2112529175.1620909674&ga_sid=1620909674&ga_hid=2136985631&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=261&ady=4205&biw=1600&bih=1200&scr_x=0&scr_y=0&oid=3&pvsid=3251302952839113&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=66D5Obc7nW&p=https%3A//www.letters.org&dtd=6

Domain: cm.g.doubleclick.net
URL: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YJ0ea5mXFdgSl3JC_5D_QAAABIIAAAAB&google_cver=1&google_push=AQvitUKKvmga1fG8ZTA0e_z1DO67ieKauqIvX1w7jqvHqaVuStrTW05v4sRjC4yHl6p9IdumPUFKHuNY8XQ6_A3W1AdGZhz9XIhJ&google_gid=CAESELvIlHcAvXXLuUUB0gdA-n0

Verdicts & Comments Add Verdict or Comment

160 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	warning	URL: https://a.vdo.ai/core/assets/rtb.js(Line 3) Message: fun-hooks: referenced 'registerAdserver' but it was never created

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a.vdo.ai
ad.doubleclick.net
adservice.google.com
adservice.google.de
analytics.vdo.ai
cm.g.doubleclick.net
cms.quantserve.com
contextual.media.net
d.agkn.com
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
h.vdo.ai
id.rlcdn.com
image6.pubmatic.com
imasdk.googleapis.com
lg3.media.net
live.demand.supply
navvy.media.net
pagead2.googlesyndication.com
partner.googleadservices.com
pflc.media.net
pixel.rubiconproject.com
res-a.akamaihd.net
rtb.openx.net
s0.2mdn.net
ssl.google-analytics.com
stats.g.doubleclick.net
targeting.vdo.ai
tpc.googlesyndication.com
track.vdo.ai
w2n8f5d4.stackpathcdn.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.googletagservices.com
www.letters.org
cm.g.doubleclick.net
googleads.g.doubleclick.net
142.250.186.98
144.217.76.121
151.139.128.11
162.222.224.35
167.172.148.131
172.217.23.102
172.217.23.98
185.64.189.115
2.16.186.43
2.18.235.93
2606:4700:3033::6815:2384
2606:4700:3033::ac43:de92
2606:4700::6810:8616
2620:116:800d:21:36a9:ecb:e518:b308
2a00:1450:4001:802::2002
2a00:1450:4001:803::2001
2a00:1450:4001:803::2003
2a00:1450:4001:808::2004
2a00:1450:4001:808::2008
2a00:1450:4001:80e::2006
2a00:1450:4001:812::2002
2a00:1450:4001:813::2002
2a00:1450:4001:828::200e
2a00:1450:4001:82a::2002
2a00:1450:4001:82a::2008
2a00:1450:4001:82a::200a
2a00:1450:4001:82f::2002
2a00:1450:4001:82f::200a
2a00:1450:4001:830::2002
2a00:1450:4001:830::2003
2a00:1450:400c:c04::9d
34.102.149.62
35.186.253.211
35.244.174.68
51.77.119.11
52.29.48.214
54.39.16.115
69.173.144.165
05e695a8f4bd26c3a3092afbd08d40b873b39599d47ce15c281b1b526e934258
07e4203b9f313b587b1d53f896e63771ec85f9b0d4c2ac5fa64089457784d847
081fe081ca1a1c7857c829ef147d17156961a29cbe66e56b31bb6fbefee16310
0915fad60bc9b61b6dcd82d05da7ec4bc0232a647e75b8507c3cba6d4d6602f9
0a4c16b7f5c1b1ecefc9ffb4fcf1b457f9282d0863fa61d4dd32ad98dafa9a60
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0d3d3d99ec2d1da823e792b3024b24ae723c89a29d46d9cffe4b1d4ba935c0da
0e3de2e14d9c8708fe42cbb220f1c4d52b720493b1503aa266fac9361b64ac31
1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
1824e38c8fe9b23fb54ed5deafd63f31fcceed673d89111bebc8f05d1aa7b126
1b1a1ae058af8ec106c6ecabc473ccb2fc4ae7f3435461940609cbf6e71a23fa
1b3fae8647373f5d053f5668e42482c1aa982ce37d0d49ac9378ef055c4833b9
1c045889491c60a8c157ce2dad6ea059e032f3afe66c95d14493896c3af517e1
1db21d816296e6939ba1f42962496e4134ae2b0081e26970864c40c6d02bb1df
27b6996a0f7ea420886fcb7b079d023a65391f41b283c92c38b60e8a157d6559
2a354649f57a81405daccfd6b5785da5f73ba638f2db591992cb7b739dac3135
2cb09c7b3e19bfc41743ca3624ef81c3258d56525647feac76aa757e0292627a
326c32d7ffbd04762a10cf5bb37441d418397959381d3893c9e9a48217aa5347
3c95fffc568d4b96e488c12d2f88ea7128787c003dbedda956a16077f508a9c7
46573b14fd2bad757b60a89235cb9c8c9f41c0a84899d0ce51b40196d0450986
4821fcf9c6131b5e09c316f6946b187f0b3751d723a19b2ff9f2df396d232cbf
4ef9a18aef9847638b3b4344a0b2ebed14e84fb0aeb8ce29292af06826a2580a
5a60c5e5e50151c3782d91a88e9526c4a8308c326441bd492d31962b4ee2700c
6130fe8ded2255439c42cf9e805c28b1a72bfcad166d9dcd720243d33557628b
6836719899bda27cd22c1551cb7fbfc33fb0bbbedaa89e4baa8715fef8202cbc
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6c0489619b42dc28c6d135cf946eaea95f6206229dedbad28a2636d3525fdb3e
6cc259b56ac01c8c792ef42b37ed8e2170d5378b19cb084cde0f92b16e6e3335
6f2ee14ebcc948acfc4f7e478c3334ced251a0cf1193055229db926d2d573a84
71dac00c979fbdc0ac2b1705e14df2a358d505191565a75ecf67a8f9ff9ef9cc
727e58023a2fe19c25a6fbc5a51d67a4e5f80e274a3a59c56b71287c2b102ea6
731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233
7725538fe2f71147bffeba7452b434c826aef9009666cb4360c605d0b2a91d1d
831f717dd765335749a04e37f88134c027474cc595710837137e1f8bcc28b9fc
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
888a58ec7a6806af4d3e3bd0132fa1dd007862c95e0c7cb161cdc0538bcd5644
8d118cdf6b617c8da3a8c096c26159f806029ee94e1852287e3b013c53b917f6
93c2316f4a3529097ad5af66abd2ab06f23b324696fbccd64df4a614527d14b4
9885e11888dae4819023ae57028a2ee7158ff1addfb6795b4e8dfd971f36981f
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9aa51d8eb2493b3cd96c6e690b677ebe2d1c79f71520c746b2d4f99444517b31
9adf28f17b88f7835611736a9461d0452433a4e12f3ebaafae1689394aeb8d7b
9cb661e4929be3fbce0edbdf989e3dc897abff81c0412205d0a8ee507e41b841
a0462f5eec2406aac0d0a8da86ee80d91b32494e3a1694e50bec81d5fd27d902
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a11f37584d425c821f06a42bb6a20546c9ceaf34bbf5d4d776afbaef40148e6e
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a5cb642ef22434a24612329870579fbb272cb9fa7475360035596ea56fb0431a
b00af338864761a37a208806e2e8815b46327a5e7e47bf141f4fbdf6d1fd3bcc
b448a68371e049791a1ef3bccf83961062adf0e03ed43c18a5a23694f97d2ac2
b7203ef7f18e8e70e9991515982b3bbd43524cf048e9591b7aab1e80db938774
baa716e3959a0c9070ea164fa9c182fe968a3e87da6b20fa5f811e6f7ffce330
baba6dc517e80962aa854a06e9d6e86ba5dfa67a369512b5b4634334c634c855
c0d2bb46c68e084f258f3728375c0351cb47075647142ba7df6f0059ae0b2581
c31ad44b2a74a6499dd663e67bb7e50c3f6fa46749b05d0826261b347c6e8269
c5367c445141f868d0ddd95c136b3fd1e816e906c16c1ba04dfd998414e383a7
c61a719b48533a1fa932729f4927ba1377a96c441b0d6a427096b867742b4645
c787e9dd6dc8ea3c935f5f0f30e3b9e4a3e066b4619bb244f569883f8e318a24
cb6e7390c479593a79e15a575fd00af8d850e3d23faaae3f1b59a6eafabcd084
ceee9c63964b917cedc940ce9da9d3e09e3a7397aeb7d17d6e820da926d5a045
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d0bffc7261df1454c5e05475cda7d9e6647318dc6c3936767e1252bfe8849c54
d680681e19f24318b6f0dad900af6d08b927395f9e7a711428db8d8d1e362c2b
d9ac862518df3efb07d7cecda391ab683489cf26fa04d62e179ba60869dd69bb
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
df946b91a9b2ae689c104e0f0a549e49b2eb452b17c1b8e8d82bbbfad71411e5
dfa1028a74436c56e0ee1367812c0ee599d6814ec4a3079ca9b9afffba949e26
dff6c21fc00e82e51a177852e76c8744ee715df812bfbf539e648a733ab3965c
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e407a1c4f45bba5bfca5d690481f93ab3ca30a2069f248212f39773355a5da3c
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f2358c73a3cf6ec5b73f192a64b336e31d92221b04b959f0dd3857d95b82207e
f49e5eccbf420949ddb76cfa2ca1430c8f733b06fb2a35d8fed1182b41613530
f602533ff6d6290b9dc23e47f915d0d93939dae1326ee7bb12f0a3c70be17b50
f74bdfeec83247edd199110ac967f48433637c2cd8dcac06c4de540abb3393e8
f7812f5c504c20d1ae6ef1b2ffe5dc49f32ea0311919a0ec34c3694f779c946d
fe467b9e160c0da73d64116a66502ebc8164d4d1b03921457f220bb78faf8b85

www.letters.org Open in urlscan Pro 167.172.148.131 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

123 Requests

96 %HTTPS

55 %IPv6

23 Domains

38 Subdomains

33 IPs

7 Countries

3704 kBTransfer

7691 kBSize

0 Cookies

2 Outgoing links

Redirected requests

123 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 11 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.letters.org Open in urlscan Pro
167.172.148.131 Public Scan

Screenshot
Live screenshot

Full Image

123
Requests

96 %
HTTPS

55 %
IPv6

23
Domains

38
Subdomains

33
IPs

7
Countries

3704 kB
Transfer

7691 kB
Size

0
Cookies

123 HTTP transactions
11 data transactions